From 06cc34dc1cf09de7f79a9cc592199c1d2b0f5ce0 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 27 Oct 2023 15:02:04 +0000 Subject: [PATCH 001/362] WIP: Bazel template WIP: use new MODULE.bazel system. WIP: use `.bazel` extension on BUILD files. --- templates/c++-bazel/.bazelignore | 3 + templates/c++-bazel/.bazelrc | 6 + templates/c++-bazel/.clang-format | 23 +++ templates/c++-bazel/.envrc | 5 + templates/c++-bazel/.gitignore | 6 + templates/c++-bazel/.woodpecker/check.yml | 31 ++++ templates/c++-bazel/BUILD | 0 templates/c++-bazel/WORKSPACE | 48 +++++++ templates/c++-bazel/flake.lock | 143 +++++++++++++++++++ templates/c++-bazel/flake.nix | 126 ++++++++++++++++ templates/c++-bazel/src/BUILD | 6 + templates/c++-bazel/src/main.cc | 5 + templates/c++-bazel/tests/unit/BUILD | 10 ++ templates/c++-bazel/tests/unit/dummy_test.cc | 5 + 14 files changed, 417 insertions(+) create mode 100644 templates/c++-bazel/.bazelignore create mode 100644 templates/c++-bazel/.bazelrc create mode 100644 templates/c++-bazel/.clang-format create mode 100644 templates/c++-bazel/.envrc create mode 100644 templates/c++-bazel/.gitignore create mode 100644 templates/c++-bazel/.woodpecker/check.yml create mode 100644 templates/c++-bazel/BUILD create mode 100644 templates/c++-bazel/WORKSPACE create mode 100644 templates/c++-bazel/flake.lock create mode 100644 templates/c++-bazel/flake.nix create mode 100644 templates/c++-bazel/src/BUILD create mode 100644 templates/c++-bazel/src/main.cc create mode 100644 templates/c++-bazel/tests/unit/BUILD create mode 100644 templates/c++-bazel/tests/unit/dummy_test.cc diff --git a/templates/c++-bazel/.bazelignore b/templates/c++-bazel/.bazelignore new file mode 100644 index 00000000..6622ec1c --- /dev/null +++ b/templates/c++-bazel/.bazelignore @@ -0,0 +1,3 @@ +.pre-commit-config.yaml +result +.direnv diff --git a/templates/c++-bazel/.bazelrc b/templates/c++-bazel/.bazelrc new file mode 100644 index 00000000..0ef96ae9 --- /dev/null +++ b/templates/c++-bazel/.bazelrc @@ -0,0 +1,6 @@ +# rule_nixpkgs' specific configuration +build --host_platform=@io_tweag_rules_nixpkgs//nixpkgs/platforms:host +build --crosstool_top=@nixpkgs_config_cc//:toolchain + +# Use C++20 +build:linux --cxxopt=-std=c++20 diff --git a/templates/c++-bazel/.clang-format b/templates/c++-bazel/.clang-format new file mode 100644 index 00000000..19c58aac --- /dev/null +++ b/templates/c++-bazel/.clang-format @@ -0,0 +1,23 @@ +# vim: ft=yaml +--- +BasedOnStyle: LLVM +IndentWidth: 4 +--- +Language: Cpp +# Force pointers to the type for C++. +DerivePointerAlignment: false +PointerAlignment: Left + +# Short functions should not be on a single line, unless empty +AllowShortFunctionsOnASingleLine: Empty + +# Make them level +AccessModifierOffset: -4 + +# It makes more sense this way +BreakBeforeBinaryOperators: All +BreakBeforeTernaryOperators: true + +# Aesthetic +AlignOperands: AlignAfterOperator +--- diff --git a/templates/c++-bazel/.envrc b/templates/c++-bazel/.envrc new file mode 100644 index 00000000..de77fcb0 --- /dev/null +++ b/templates/c++-bazel/.envrc @@ -0,0 +1,5 @@ +if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" +fi + +use flake diff --git a/templates/c++-bazel/.gitignore b/templates/c++-bazel/.gitignore new file mode 100644 index 00000000..84bd7c0d --- /dev/null +++ b/templates/c++-bazel/.gitignore @@ -0,0 +1,6 @@ +# Bazel build directories +/bazel-*/ + +# Nix generated files +/.pre-commit-config.yaml +/result diff --git a/templates/c++-bazel/.woodpecker/check.yml b/templates/c++-bazel/.woodpecker/check.yml new file mode 100644 index 00000000..4ff7dba0 --- /dev/null +++ b/templates/c++-bazel/.woodpecker/check.yml @@ -0,0 +1,31 @@ +labels: + backend: local + +steps: +- name: pre-commit check + image: bash + commands: + - nix develop --command pre-commit run --all + +- name: nix flake check + image: bash + commands: + - nix flake check + +- name: notifiy + image: bash + environment: + ADDRESS: + from_secret: matrix_homeserver + ROOM: + from_secret: matrix_roomid + USER: + from_secret: matrix_username + PASS: + from_secret: matrix_password + commands: + - nix run github:ambroisie/matrix-notifier + when: + status: + - failure + - success diff --git a/templates/c++-bazel/BUILD b/templates/c++-bazel/BUILD new file mode 100644 index 00000000..e69de29b diff --git a/templates/c++-bazel/WORKSPACE b/templates/c++-bazel/WORKSPACE new file mode 100644 index 00000000..72d35b60 --- /dev/null +++ b/templates/c++-bazel/WORKSPACE @@ -0,0 +1,48 @@ +load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") + +http_archive( + name = "io_tweag_rules_nixpkgs", + sha256 = "980edfceef2e59e1122d9be6c52413bc298435f0a3d452532b8a48d7562ffd67", + strip_prefix = "rules_nixpkgs-0.10.0", + urls = ["https://github.com/tweag/rules_nixpkgs/releases/download/v0.10.0/rules_nixpkgs-0.10.0.tar.gz"], +) + +load("@io_tweag_rules_nixpkgs//nixpkgs:repositories.bzl", "rules_nixpkgs_dependencies") + +# load everything that rules_nixpkgs rules need to work +rules_nixpkgs_dependencies() + +load("@io_tweag_rules_nixpkgs//nixpkgs:nixpkgs.bzl", "nixpkgs_cc_configure", "nixpkgs_local_repository") + +# Define nixpkgs version using the flakes lock file. +nixpkgs_local_repository( + name = "nixpkgs", + nix_file_deps = ["//:flake.lock"], + nix_flake_lock_file = "//:flake.lock", +) + +nixpkgs_cc_configure( + name = "nixpkgs_config_cc", + repository = "@nixpkgs", +) + +# load rules_cc +http_archive( + name = "rules_cc", + sha256 = "4dccbfd22c0def164c8f47458bd50e0c7148f3d92002cdb459c2a96a68498241", + urls = ["https://github.com/bazelbuild/rules_cc/releases/download/0.0.1/rules_cc-0.0.1.tar.gz"], +) + +load("@rules_cc//cc:repositories.bzl", "rules_cc_dependencies", "rules_cc_toolchains") + +rules_cc_dependencies() + +rules_cc_toolchains() + +# Load dependencies +http_archive( + name = "com_google_googletest", + sha256 = "8ad598c73ad796e0d8280b082cebd82a630d73e73cd3c70057938a6501bba5d7", + strip_prefix = "googletest-1.14.0", + urls = ["https://github.com/google/googletest/archive/refs/tags/v1.14.0.tar.gz"], +) diff --git a/templates/c++-bazel/flake.lock b/templates/c++-bazel/flake.lock new file mode 100644 index 00000000..7440f4d6 --- /dev/null +++ b/templates/c++-bazel/flake.lock @@ -0,0 +1,143 @@ +{ + "nodes": { + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "futils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "ref": "main", + "repo": "flake-utils", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1660459072, + "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1698134075, + "narHash": "sha256-foCD+nuKzfh49bIoiCBur4+Fx1nozo+4C/6k8BYk4sg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8efd5d1e283604f75a808a20e6cde0ef313d07d4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1685801374, + "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c37ca420157f4abc31e26f436c1145f8951ff373", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": [ + "futils" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1698227354, + "narHash": "sha256-Fi5H9jbaQLmLw9qBi/mkR33CoFjNbobo5xWdX4tKz1Q=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "bd38df3d508dfcdff52cd243d297f218ed2257bf", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "master", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "futils": "futils", + "nixpkgs": "nixpkgs", + "pre-commit-hooks": "pre-commit-hooks" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/templates/c++-bazel/flake.nix b/templates/c++-bazel/flake.nix new file mode 100644 index 00000000..63c64d69 --- /dev/null +++ b/templates/c++-bazel/flake.nix @@ -0,0 +1,126 @@ +{ + description = "A C++ project"; + + inputs = { + futils = { + type = "github"; + owner = "numtide"; + repo = "flake-utils"; + ref = "main"; + }; + + nixpkgs = { + type = "github"; + owner = "NixOS"; + repo = "nixpkgs"; + ref = "nixos-unstable"; + }; + + pre-commit-hooks = { + type = "github"; + owner = "cachix"; + repo = "pre-commit-hooks.nix"; + ref = "master"; + inputs = { + flake-utils.follows = "futils"; + nixpkgs.follows = "nixpkgs"; + }; + }; + }; + + outputs = { self, futils, nixpkgs, pre-commit-hooks }: + { + overlays = { + default = final: _prev: { + project = with final; buildBazelPackage { + pname = "project"; + version = "0.0.0"; + + src = self; + + inherit (pkgs) bazel; + + fetchAttrs = { + # Fixed output derivation hash after bazel fetch. + # This varies per platform, probably from the JDK pulled in being part + # of the output derivation ? Is there a more robust way to do this ? + # (Hashes extracted from the ofborg build logs) + sha256 = let inherit (stdenv.hostPlatform) system; in { + x86_64-linux = "${lib.fakeHash}"; + }.${system} or (throw "No hash for system: ${system}"); + + + # Use WORKSPACE file to fetch `rule_cc` + removeRulesCC = false; + }; + + buildAttrs = { + installPhase = '' + mkdir -p "$out/bin" + + install bazel-bin/src/project "$out/bin" + ''; + }; + + doCheck = true; + + meta = with lib; { + description = "A C++ project"; + homepage = "https://gitea.belanyi.fr/ambroisie/project"; + license = licenses.mit; + maintainers = with maintainers; [ ambroisie ]; + platforms = platforms.unix; + }; + }; + }; + }; + } // futils.lib.eachDefaultSystem (system: + let + pkgs = import nixpkgs { + inherit system; + overlays = [ + self.overlays.default + ]; + }; + + pre-commit = pre-commit-hooks.lib.${system}.run { + src = self; + + hooks = { + nixpkgs-fmt = { + enable = true; + }; + + clang-format = { + enable = true; + }; + }; + }; + in + { + checks = { + inherit (self.packages.${system}) project; + + inherit pre-commit; + }; + + devShells = { + default = pkgs.mkShellNoCC { + inputsFrom = with self.packages.${system}; [ + project + ]; + + packages = with pkgs; [ + clang-tools + ]; + + inherit (pre-commit) shellHook; + }; + }; + + packages = futils.lib.flattenTree { + default = pkgs.project; + inherit (pkgs) project; + }; + }); +} diff --git a/templates/c++-bazel/src/BUILD b/templates/c++-bazel/src/BUILD new file mode 100644 index 00000000..a1b3dc99 --- /dev/null +++ b/templates/c++-bazel/src/BUILD @@ -0,0 +1,6 @@ +cc_binary( + name = "project", + srcs = [ + "main.cc", + ], +) diff --git a/templates/c++-bazel/src/main.cc b/templates/c++-bazel/src/main.cc new file mode 100644 index 00000000..5eb9e4a8 --- /dev/null +++ b/templates/c++-bazel/src/main.cc @@ -0,0 +1,5 @@ +#include + +int main() { + std::cout << "Hello World!\n"; +} diff --git a/templates/c++-bazel/tests/unit/BUILD b/templates/c++-bazel/tests/unit/BUILD new file mode 100644 index 00000000..63ed0e5e --- /dev/null +++ b/templates/c++-bazel/tests/unit/BUILD @@ -0,0 +1,10 @@ +cc_test( + name = "dummy_test", + size = "small", + srcs = [ + "dummy_test.cc", + ], + deps = [ + "@com_google_googletest//:gtest_main", + ], +) diff --git a/templates/c++-bazel/tests/unit/dummy_test.cc b/templates/c++-bazel/tests/unit/dummy_test.cc new file mode 100644 index 00000000..4573678e --- /dev/null +++ b/templates/c++-bazel/tests/unit/dummy_test.cc @@ -0,0 +1,5 @@ +#include + +TEST(misc, passing) { + ASSERT_EQ(1, 1); +} From 1cba7b609daacf7ef6c5c3ff0f8b3f3c865c92dc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 13 May 2024 14:28:45 +0000 Subject: [PATCH 002/362] home: vim: null-ls: remove 'clang-format' I should be relying on `clangd` instead, which should always be available whenever `clang-format` was. --- modules/home/vim/plugin/settings/null-ls.lua | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/modules/home/vim/plugin/settings/null-ls.lua b/modules/home/vim/plugin/settings/null-ls.lua index e7265c7e..eadf16a1 100644 --- a/modules/home/vim/plugin/settings/null-ls.lua +++ b/modules/home/vim/plugin/settings/null-ls.lua @@ -18,16 +18,6 @@ null_ls.register({ }), }) --- C, C++ -null_ls.register({ - null_ls.builtins.formatting.clang_format.with({ - -- Only used if available, but prefer clangd formatting if available - condition = function() - return utils.is_executable("clang-format") and not utils.is_executable("clangd") - end, - }), -}) - -- Nix null_ls.register({ null_ls.builtins.formatting.nixpkgs_fmt.with({ From 9e89b4dd36b3b98430a8460e7c53f1e6185f116d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 19 May 2024 22:32:54 +0200 Subject: [PATCH 003/362] flake: bump inputs --- flake.lock | 39 ++++++++++++++++++--------------------- flake.nix | 1 - 2 files changed, 18 insertions(+), 22 deletions(-) diff --git a/flake.lock b/flake.lock index c1084e9b..5fa49109 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1714136352, - "narHash": "sha256-BtWQ2Th/jamO1SlD+2ASSW5Jaf7JhA/JLpQHk0Goqpg=", + "lastModified": 1715290355, + "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=", "owner": "ryantm", "repo": "agenix", - "rev": "24a7ea390564ccd5b39b7884f597cfc8d7f6f44e", + "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1714641030, - "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=", + "lastModified": 1715865404, + "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e", + "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1714679908, - "narHash": "sha256-KzcXzDvDJjX34en8f3Zimm396x6idbt+cu4tWDVS2FI=", + "lastModified": 1715930644, + "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=", "owner": "nix-community", "repo": "home-manager", - "rev": "9036fe9ef8e15a819fa76f47a8b1f287903fb848", + "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1714635257, - "narHash": "sha256-4cPymbty65RvF1DWQfc+Bc8B233A1BWxJnNULJKQ1EY=", + "lastModified": 1715961556, + "narHash": "sha256-+NpbZRCRisUHKQJZF3CT+xn14ZZQO+KjxIIanH3Pvn4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "63c3a29ca82437c87573e4c6919b09a24ea61b0f", + "rev": "4a6b83b05df1a8bd7d99095ec4b4d271f2956b64", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1714825428, - "narHash": "sha256-6U4cppyR0u6sqSSVr3GMrnIXhP2YGR0knfgrUGtr/1Y=", + "lastModified": 1716149933, + "narHash": "sha256-0Ui2HmmKvSqxXfT5kCzTu2EO+kqYxavPZHROxQLsI14=", "owner": "nix-community", "repo": "NUR", - "rev": "5847f3365c16afafc10c56994beadd4cdc8552ee", + "rev": "0d0e224fe23a49977d871ae2fe2f14c84b03322a", "type": "github" }, "original": { @@ -185,9 +185,6 @@ "pre-commit-hooks": { "inputs": { "flake-compat": "flake-compat", - "flake-utils": [ - "futils" - ], "gitignore": "gitignore", "nixpkgs": [ "nixpkgs" @@ -197,11 +194,11 @@ ] }, "locked": { - "lastModified": 1714478972, - "narHash": "sha256-q//cgb52vv81uOuwz1LaXElp3XAe1TqrABXODAEF6Sk=", + "lastModified": 1715870890, + "narHash": "sha256-nacSOeXtUEM77Gn0G4bTdEOeFIrkCBXiyyFZtdGwuH0=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "2849da033884f54822af194400f8dff435ada242", + "rev": "fa606cccd7b0ccebe2880051208e4a0f61bfc8c1", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 9c29183b..a07ee154 100644 --- a/flake.nix +++ b/flake.nix @@ -63,7 +63,6 @@ repo = "pre-commit-hooks.nix"; ref = "master"; inputs = { - flake-utils.follows = "futils"; nixpkgs.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs"; }; From ccab4d09528edc84a5759a4106b18c3d3fef556d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 May 2024 15:12:45 +0000 Subject: [PATCH 004/362] overlays: add 'gruvbox-nvim-delimiters' To fix [1] and [2] until the plug-in gets bumped. [1]: https://github.com/ellisonleao/gruvbox.nvim/issues/335 [2]: https://github.com/ellisonleao/gruvbox.nvim/issues/340 --- overlays/gruvbox-nvim-delimiters/default.nix | 4 ++++ overlays/gruvbox-nvim-delimiters/generated.nix | 14 ++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 overlays/gruvbox-nvim-delimiters/default.nix create mode 100644 overlays/gruvbox-nvim-delimiters/generated.nix diff --git a/overlays/gruvbox-nvim-delimiters/default.nix b/overlays/gruvbox-nvim-delimiters/default.nix new file mode 100644 index 00000000..832e71de --- /dev/null +++ b/overlays/gruvbox-nvim-delimiters/default.nix @@ -0,0 +1,4 @@ +self: prev: +{ + vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { }); +} diff --git a/overlays/gruvbox-nvim-delimiters/generated.nix b/overlays/gruvbox-nvim-delimiters/generated.nix new file mode 100644 index 00000000..7a27a3dc --- /dev/null +++ b/overlays/gruvbox-nvim-delimiters/generated.nix @@ -0,0 +1,14 @@ +{ fetchpatch, ... }: + +_final: prev: { + gruvbox-nvim = prev.gruvbox-nvim.overrideAttrs (oa: { + patches = (oa.patches or [ ]) ++ [ + # https://github.com/ellisonleao/gruvbox.nvim/pull/319 + (fetchpatch { + name = "add-Delimiter-highlight-group.patch"; + url = "https://github.com/ellisonleao/gruvbox.nvim/commit/20f90039564b293330bf97acc36dda8dd9e721a0.patch"; + hash = "sha256-it4SbgK/2iDVyvtXBfVW2YN9DqELfKsMkuCaunERGcE="; + }) + ]; + }); +} From 89056e3d5d7b5be3ee630430e36c919d4ef3cb0f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 23 May 2024 11:27:48 +0000 Subject: [PATCH 005/362] home: vim: lspconfig: migrate to 'ruff' This replaces and enhances the experience from the old `ruff-lsp` wrapper. --- modules/home/vim/plugin/settings/lspconfig.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 628eab97..b3f89543 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -53,8 +53,8 @@ if utils.is_executable("pyright") then }) end -if utils.is_executable("ruff-lsp") then - lspconfig.ruff_lsp.setup({ +if utils.is_executable("ruff") then + lspconfig.ruff.setup({ capabilities = capabilities, on_attach = lsp.on_attach, }) From 201fabbc147e59ba49f8743ceef3fe0ce84e5056 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 May 2024 20:18:05 +0100 Subject: [PATCH 006/362] home: vim: remove redundant ftdetect files These have been added upstream and made redundant as part of the update to v0.10. --- modules/home/vim/ftdetect/blueprint.lua | 6 ------ modules/home/vim/ftdetect/gn.lua | 7 ------- modules/home/vim/ftdetect/kbuild.lua | 6 ------ modules/home/vim/ftdetect/tikz.lua | 6 ------ 4 files changed, 25 deletions(-) delete mode 100644 modules/home/vim/ftdetect/blueprint.lua delete mode 100644 modules/home/vim/ftdetect/gn.lua delete mode 100644 modules/home/vim/ftdetect/kbuild.lua delete mode 100644 modules/home/vim/ftdetect/tikz.lua diff --git a/modules/home/vim/ftdetect/blueprint.lua b/modules/home/vim/ftdetect/blueprint.lua deleted file mode 100644 index d3fb395d..00000000 --- a/modules/home/vim/ftdetect/blueprint.lua +++ /dev/null @@ -1,6 +0,0 @@ --- Use `bp` filetype for Blueprint files -vim.filetype.add({ - extension = { - bp = "bp", - }, -}) diff --git a/modules/home/vim/ftdetect/gn.lua b/modules/home/vim/ftdetect/gn.lua deleted file mode 100644 index 37d772ed..00000000 --- a/modules/home/vim/ftdetect/gn.lua +++ /dev/null @@ -1,7 +0,0 @@ --- Use GN filetype for Chromium Generate Ninja files -vim.filetype.add({ - extension = { - gn = "gn", - gni = "gn", - }, -}) diff --git a/modules/home/vim/ftdetect/kbuild.lua b/modules/home/vim/ftdetect/kbuild.lua deleted file mode 100644 index 799570e1..00000000 --- a/modules/home/vim/ftdetect/kbuild.lua +++ /dev/null @@ -1,6 +0,0 @@ --- Kbuild is just a Makefile under a different name -vim.filetype.add({ - filename = { - ["Kbuild"] = "make", - }, -}) diff --git a/modules/home/vim/ftdetect/tikz.lua b/modules/home/vim/ftdetect/tikz.lua deleted file mode 100644 index 93b7db01..00000000 --- a/modules/home/vim/ftdetect/tikz.lua +++ /dev/null @@ -1,6 +0,0 @@ --- Use LaTeX filetype for TikZ files -vim.filetype.add({ - extension = { - tikz = "tex", - }, -}) From a60287f8cf85e1f0bc0ddf40b110b4744244dee0 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 May 2024 20:26:12 +0100 Subject: [PATCH 007/362] home: vim: remove 'nvim-osc52' OSC52 supports has been added upstream, and is set up automatically when `SSH_TTY` is set (and a few other conditions) in v0.10. --- modules/home/vim/default.nix | 1 - modules/home/vim/plugin/settings/ssh.lua | 17 ----------------- 2 files changed, 18 deletions(-) delete mode 100644 modules/home/vim/plugin/settings/ssh.lua diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 07711cc5..2e85ba36 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -58,7 +58,6 @@ in # General enhancements vim-qf # Better quick-fix list - nvim-osc52 # Send clipboard data through terminal escape for SSH # Other wrappers git-messenger-vim # A simple blame window diff --git a/modules/home/vim/plugin/settings/ssh.lua b/modules/home/vim/plugin/settings/ssh.lua deleted file mode 100644 index 992a707e..00000000 --- a/modules/home/vim/plugin/settings/ssh.lua +++ /dev/null @@ -1,17 +0,0 @@ -if not require("ambroisie.utils").is_ssh() then - return -end - -local function copy(lines, _) - require("osc52").copy(table.concat(lines, "\n")) -end - -local function paste() - return { vim.fn.split(vim.fn.getreg(""), "\n"), vim.fn.getregtype("") } -end - -vim.g.clipboard = { - name = "osc52", - copy = { ["+"] = copy, ["*"] = copy }, - paste = { ["+"] = paste, ["*"] = paste }, -} From cc82d7575f370f44d4ab0f12b339bee8869fc894 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 May 2024 20:27:39 +0100 Subject: [PATCH 008/362] home: vim: do not set 'termguicolors' explicitly Rely on the new behaviour from v0.10 which detects it more intelligently. --- modules/home/vim/init.vim | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index c94fc531..3a74c4f4 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -86,8 +86,6 @@ set mouse= " Set dark mode by default set background=dark -" 24 bit colors -set termguicolors " Setup some overrides for gruvbox lua << EOF local gruvbox = require("gruvbox") From 212f280d921e035b5f9c015be50564240eddb074 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 May 2024 20:33:02 +0100 Subject: [PATCH 009/362] home: vim: remove commenting plug-ins Rely on the new built-in support which was added upstream as part of v0.10. Crucially, upstream supports using tree-sitter aware comment strings by default. --- modules/home/vim/after/plugin/mappings/commentary.lua | 10 ---------- modules/home/vim/default.nix | 2 -- 2 files changed, 12 deletions(-) delete mode 100644 modules/home/vim/after/plugin/mappings/commentary.lua diff --git a/modules/home/vim/after/plugin/mappings/commentary.lua b/modules/home/vim/after/plugin/mappings/commentary.lua deleted file mode 100644 index 6ed3b89b..00000000 --- a/modules/home/vim/after/plugin/mappings/commentary.lua +++ /dev/null @@ -1,10 +0,0 @@ -local wk = require("which-key") - -local keys = { - name = "Comment/uncomment", - c = "Current line", - u = "Uncomment the current and adjacent commented lines", - ["gc"] = "Uncomment the current and adjacent commented lines", -} - -wk.register(keys, { prefix = "gc" }) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 2e85ba36..509ae58d 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -40,7 +40,6 @@ in lualine-lsp-progress # Show progress for LSP servers # tpope essentials - vim-commentary # Easy comments vim-eunuch # UNIX integrations vim-fugitive # A 'git' wrapper vim-git # Sane git syntax files @@ -69,7 +68,6 @@ in none-ls-nvim # LSP integration for linters and formatters nvim-treesitter.withAllGrammars # Better highlighting nvim-treesitter-textobjects # More textobjects - nvim-ts-context-commentstring # Comment string in nested language blocks plenary-nvim # 'null-ls', 'telescope' dependency # Completion From e0b66e89f9cd85abccad9307b4d3863955cd4818 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 May 2024 20:39:08 +0100 Subject: [PATCH 010/362] home: vim: ftplugin: remove bp It's now part of the upstream runtime as of v0.10, so this file is redundant and can be removed. --- modules/home/vim/after/ftplugin/bp.vim | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 modules/home/vim/after/ftplugin/bp.vim diff --git a/modules/home/vim/after/ftplugin/bp.vim b/modules/home/vim/after/ftplugin/bp.vim deleted file mode 100644 index 1224e7a8..00000000 --- a/modules/home/vim/after/ftplugin/bp.vim +++ /dev/null @@ -1,7 +0,0 @@ -" Create the `b:undo_ftplugin` variable if it doesn't exist -call ftplugined#check_undo_ft() - -" Add comment format -setlocal comments=b://,s1:/*,mb:*,ex:*/ -setlocal commentstring=//\ %s -let b:undo_ftplugin.='|setlocal comments< commentstring<' From b90da603b1a67ebaa01b9b8ebcffc0f64ab452fe Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 24 May 2024 14:08:10 +0000 Subject: [PATCH 011/362] home: nix: fix typo --- modules/home/nix/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/nix/default.nix b/modules/home/nix/default.nix index 0934189a..f8d65ce8 100644 --- a/modules/home/nix/default.nix +++ b/modules/home/nix/default.nix @@ -27,7 +27,7 @@ in }; inputs = { - link = my.mkDisableOption "link inputs to `/etc/nix/inputs/`"; + link = my.mkDisableOption "link inputs to `$XDG_CONFIG_HOME/nix/inputs/`"; addToRegistry = my.mkDisableOption "add inputs and self to registry"; From 442d267ca244dc92b6177fa795e308c361eb73f5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 28 May 2024 13:48:54 +0000 Subject: [PATCH 012/362] home: vim: lsp: add missing type hint --- modules/home/vim/lua/ambroisie/lsp.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index 31a5bd18..dc473665 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -5,7 +5,7 @@ local lsp_format = require("lsp-format") --- Move to the next/previous diagnostic, automatically showing the diagnostics --- float if necessary. ---- @param forward whether to go forward or backwards +--- @param forward bool whether to go forward or backwards local function goto_diagnostic(forward) vim.validate({ forward = { forward, "boolean" }, From 5af0230c5883000d5c1570dc958e42320e8bc517 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 29 May 2024 11:13:30 +0000 Subject: [PATCH 013/362] flake: bump inputs And undo the overlay for `gruvbox-nvim`. This reverts commit ccab4d09528edc84a5759a4106b18c3d3fef556d. --- flake.lock | 30 +++++++++---------- overlays/gruvbox-nvim-delimiters/default.nix | 4 --- .../gruvbox-nvim-delimiters/generated.nix | 14 --------- 3 files changed, 15 insertions(+), 33 deletions(-) delete mode 100644 overlays/gruvbox-nvim-delimiters/default.nix delete mode 100644 overlays/gruvbox-nvim-delimiters/generated.nix diff --git a/flake.lock b/flake.lock index 5fa49109..5191e9fb 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1715290355, - "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=", + "lastModified": 1716561646, + "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=", "owner": "ryantm", "repo": "agenix", - "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0", + "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1715930644, - "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=", + "lastModified": 1716930911, + "narHash": "sha256-t4HT5j3Jy7skRB5PINnxcEBCkgE89rGBpwTI7YS4Ffo=", "owner": "nix-community", "repo": "home-manager", - "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d", + "rev": "a9b36cbe9292a649222b89fdb9ae9907e9c74086", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1715961556, - "narHash": "sha256-+NpbZRCRisUHKQJZF3CT+xn14ZZQO+KjxIIanH3Pvn4=", + "lastModified": 1716769173, + "narHash": "sha256-7EXDb5WBw+d004Agt+JHC/Oyh/KTUglOaQ4MNjBbo5w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4a6b83b05df1a8bd7d99095ec4b4d271f2956b64", + "rev": "9ca3f649614213b2aaf5f1e16ec06952fe4c2632", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1716149933, - "narHash": "sha256-0Ui2HmmKvSqxXfT5kCzTu2EO+kqYxavPZHROxQLsI14=", + "lastModified": 1716972321, + "narHash": "sha256-iB8kNkc+p/9NwmrXgnChB6JFcUtSBSdGESRVliiTCMI=", "owner": "nix-community", "repo": "NUR", - "rev": "0d0e224fe23a49977d871ae2fe2f14c84b03322a", + "rev": "3ced449a2fdd845ffde002790691bedf6958f00c", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1715870890, - "narHash": "sha256-nacSOeXtUEM77Gn0G4bTdEOeFIrkCBXiyyFZtdGwuH0=", + "lastModified": 1716213921, + "narHash": "sha256-xrsYFST8ij4QWaV6HEokCUNIZLjjLP1bYC60K8XiBVA=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "fa606cccd7b0ccebe2880051208e4a0f61bfc8c1", + "rev": "0e8fcc54b842ad8428c9e705cb5994eaf05c26a0", "type": "github" }, "original": { diff --git a/overlays/gruvbox-nvim-delimiters/default.nix b/overlays/gruvbox-nvim-delimiters/default.nix deleted file mode 100644 index 832e71de..00000000 --- a/overlays/gruvbox-nvim-delimiters/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -self: prev: -{ - vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { }); -} diff --git a/overlays/gruvbox-nvim-delimiters/generated.nix b/overlays/gruvbox-nvim-delimiters/generated.nix deleted file mode 100644 index 7a27a3dc..00000000 --- a/overlays/gruvbox-nvim-delimiters/generated.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ fetchpatch, ... }: - -_final: prev: { - gruvbox-nvim = prev.gruvbox-nvim.overrideAttrs (oa: { - patches = (oa.patches or [ ]) ++ [ - # https://github.com/ellisonleao/gruvbox.nvim/pull/319 - (fetchpatch { - name = "add-Delimiter-highlight-group.patch"; - url = "https://github.com/ellisonleao/gruvbox.nvim/commit/20f90039564b293330bf97acc36dda8dd9e721a0.patch"; - hash = "sha256-it4SbgK/2iDVyvtXBfVW2YN9DqELfKsMkuCaunERGcE="; - }) - ]; - }); -} From 82a0c65901f3209c47359db9bcdd1bc32e68e3a2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 4 Jun 2024 22:49:10 +0100 Subject: [PATCH 014/362] home: firefox: tridactyl: add LWN comment toggle Ideally, I would instead be targeting the `::before` pseudo-element, which is the _actual_ button, but it doesn't work... --- modules/home/firefox/tridactyl/tridactylrc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/firefox/tridactyl/tridactylrc b/modules/home/firefox/tridactyl/tridactylrc index 4dc53cf3..5a8ef06c 100644 --- a/modules/home/firefox/tridactyl/tridactylrc +++ b/modules/home/firefox/tridactyl/tridactylrc @@ -15,8 +15,8 @@ bind --mode=input editor_rm " Binds {{{ " Reddit et al. {{{ -" Toggle comments on Reddit, Hacker News, Lobste.rs -bind ;c hint -Jc [class*="expand"],[class*="togg"],[class="comment_folder"] +" Toggle comments on Reddit, Hacker News, Lobste.rs, LWN +bind ;c hint -Jc [class*="expand"],[class*="togg"],[class="comment_folder"],[class="CommentTitle"] " Make `gu` take me back to subreddit from comments bindurl reddit.com gu urlparent 3 From c08c8c79d38b36270140b43a2885abe11318bf04 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 10 Jun 2024 12:53:13 +0000 Subject: [PATCH 015/362] home: firefox: tridactyl: fix DDG mapping --- modules/home/firefox/tridactyl/tridactylrc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/firefox/tridactyl/tridactylrc b/modules/home/firefox/tridactyl/tridactylrc index 5a8ef06c..36bd59d7 100644 --- a/modules/home/firefox/tridactyl/tridactylrc +++ b/modules/home/firefox/tridactyl/tridactylrc @@ -26,8 +26,8 @@ bindurl www.google.com f hint -Jc #search a bindurl www.google.com F hint -Jbc #search a " Only hint search results on DuckDuckGo -bindurl ^https://duckduckgo.com f hint -Jc [data-testid="result-title-a"] -bindurl ^https://duckduckgo.com F hint -Jbc [data-testid="result-title-a"] +bindurl ^https://duckduckgo.com f hint -Jc [data-testid="result"] +bindurl ^https://duckduckgo.com F hint -Jbc [data-testid="result"] " Only hint item pages on Hacker News bindurl news.ycombinator.com ;f hint -Jc .age > a From 7ea10f7823c3e8d5a66fb7bec6df4c2fd2c8055c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 12 Jun 2024 10:06:31 +0000 Subject: [PATCH 016/362] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 5191e9fb..8ad503c4 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1715865404, - "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", + "lastModified": 1717285511, + "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", + "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1716930911, - "narHash": "sha256-t4HT5j3Jy7skRB5PINnxcEBCkgE89rGBpwTI7YS4Ffo=", + "lastModified": 1718141734, + "narHash": "sha256-cA+6l8ZCZ7MXGijVuY/1f55+wF/RT4PlTR9+g4bx86w=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9b36cbe9292a649222b89fdb9ae9907e9c74086", + "rev": "892f76bd0aa09a0f7f73eb41834b8a904b6d0fad", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1716769173, - "narHash": "sha256-7EXDb5WBw+d004Agt+JHC/Oyh/KTUglOaQ4MNjBbo5w=", + "lastModified": 1717974879, + "narHash": "sha256-GTO3C88+5DX171F/gVS3Qga/hOs/eRMxPFpiHq2t+D8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9ca3f649614213b2aaf5f1e16ec06952fe4c2632", + "rev": "c7b821ba2e1e635ba5a76d299af62821cbcb09f3", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1716972321, - "narHash": "sha256-iB8kNkc+p/9NwmrXgnChB6JFcUtSBSdGESRVliiTCMI=", + "lastModified": 1718184302, + "narHash": "sha256-opRL7+wsIxy+r0zP4BkrKUEiljIXhXdboIylH04ggOg=", "owner": "nix-community", "repo": "NUR", - "rev": "3ced449a2fdd845ffde002790691bedf6958f00c", + "rev": "4b71c3c633d0a1784960a2350012dbb809bb4dac", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1716213921, - "narHash": "sha256-xrsYFST8ij4QWaV6HEokCUNIZLjjLP1bYC60K8XiBVA=", + "lastModified": 1717664902, + "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "0e8fcc54b842ad8428c9e705cb5994eaf05c26a0", + "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1", "type": "github" }, "original": { From 10a7111f1c8a0857f9ce06869e1b9f8923025da7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 12 Jun 2024 21:26:57 +0200 Subject: [PATCH 017/362] nixos: services: mealie: fix DB auth Turns out the package update [1] was because someone couldn't make it work on the previous version, and added a new setting to configure it more easily :-). [1]: https://github.com/NixOS/nixpkgs/pull/314294 --- modules/nixos/services/mealie/default.nix | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 55ac3764..96b9e144 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -35,12 +35,8 @@ in # Use PostgreSQL DB_ENGINE = "postgres"; - POSTGRES_USER = "mealie"; - POSTGRES_PASSWORD = ""; - POSTGRES_SERVER = "/run/postgresql"; - # Pydantic and/or mealie doesn't handle the URI correctly, hijack it - # with query parameters... - POSTGRES_DB = "mealie?host=/run/postgresql&dbname=mealie"; + # Make it work with socket auth + POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql"; }; }; From d37c767a2f0999fbe10e7c2b6a969c1bf39137f3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 12 Jun 2024 21:29:19 +0200 Subject: [PATCH 018/362] nixos: services: forgejo: fix deprecated config --- modules/nixos/services/forgejo/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix index 0f3dfc59..18538bea 100644 --- a/modules/nixos/services/forgejo/default.nix +++ b/modules/nixos/services/forgejo/default.nix @@ -83,7 +83,11 @@ in # I configure my backup system manually below. dump.enable = false; - mailerPasswordFile = lib.mkIf cfg.mail.enable cfg.mail.passwordFile; + secrets = { + mailer = lib.mkIf cfg.mail.enable { + PASSWD = cfg.mail.passwordFile; + }; + }; settings = { DEFAULT = { From 6a9ac77b0c366819a9f10110850c56a311a03cab Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 14 Jun 2024 21:17:21 +0100 Subject: [PATCH 019/362] nixos: hardware: bluetooth: remove pipewire conf Turns out the wireplumber configuration I was setting up is redundant with the upstream default (which work better, becomes they use a quirks database...). It was also out-of-date due to the update to v0.5, which changed the configuration format... --- modules/nixos/hardware/bluetooth/default.nix | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/modules/nixos/hardware/bluetooth/default.nix b/modules/nixos/hardware/bluetooth/default.nix index c019b31e..e9b1991f 100644 --- a/modules/nixos/hardware/bluetooth/default.nix +++ b/modules/nixos/hardware/bluetooth/default.nix @@ -24,24 +24,6 @@ in extraModules = [ pkgs.pulseaudio-modules-bt ]; package = pkgs.pulseaudioFull; }; - - services.pipewire.wireplumber.configPackages = [ - (pkgs.writeTextDir "share/wireplumber/bluetooth.lua.d/51-bluez-config.lua" '' - bluez_monitor.properties = { - -- SBC XQ provides better audio - ["bluez5.enable-sbc-xq"] = true, - - -- mSBC provides better audio + microphone - ["bluez5.enable-msbc"] = true, - - -- Synchronize volume with bluetooth device - ["bluez5.enable-hw-volume"] = true, - - -- FIXME: Some devices may now support both hsp_ag and hfp_ag - ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]" - } - '') - ]; }) # Support for A2DP audio profile From 64331981d0015e04c45267fcff5087092f1db9fa Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Jun 2024 10:11:50 +0000 Subject: [PATCH 020/362] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 8ad503c4..084af23a 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1716561646, - "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=", + "lastModified": 1718371084, + "narHash": "sha256-abpBi61mg0g+lFFU0zY4C6oP6fBwPzbHPKBGw676xsA=", "owner": "ryantm", "repo": "agenix", - "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", + "rev": "3a56735779db467538fb2e577eda28a9daacaca6", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1718141734, - "narHash": "sha256-cA+6l8ZCZ7MXGijVuY/1f55+wF/RT4PlTR9+g4bx86w=", + "lastModified": 1718526747, + "narHash": "sha256-sKrD/utGvmtQALvuDj4j0CT3AJXP1idOAq2p+27TpeE=", "owner": "nix-community", "repo": "home-manager", - "rev": "892f76bd0aa09a0f7f73eb41834b8a904b6d0fad", + "rev": "0a7ffb28e5df5844d0e8039c9833d7075cdee792", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1717974879, - "narHash": "sha256-GTO3C88+5DX171F/gVS3Qga/hOs/eRMxPFpiHq2t+D8=", + "lastModified": 1718318537, + "narHash": "sha256-4Zu0RYRcAY/VWuu6awwq4opuiD//ahpc2aFHg2CWqFY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c7b821ba2e1e635ba5a76d299af62821cbcb09f3", + "rev": "e9ee548d90ff586a6471b4ae80ae9cfcbceb3420", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1718184302, - "narHash": "sha256-opRL7+wsIxy+r0zP4BkrKUEiljIXhXdboIylH04ggOg=", + "lastModified": 1718606072, + "narHash": "sha256-+BKOI7p2YoNwNQgfdIldS0hmihEjBBLWPOek624sgeg=", "owner": "nix-community", "repo": "NUR", - "rev": "4b71c3c633d0a1784960a2350012dbb809bb4dac", + "rev": "6af362f6660ce325faacb9e180e3c2e8d2af3fdd", "type": "github" }, "original": { From 7c61d6dffc119069db44361dedc075ffc036f87d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 13 Jun 2024 11:17:22 +0000 Subject: [PATCH 021/362] nixos: hardware: graphics: use AMDVLK options --- modules/nixos/hardware/graphics/default.nix | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/modules/nixos/hardware/graphics/default.nix b/modules/nixos/hardware/graphics/default.nix index 3baac02b..51ac4455 100644 --- a/modules/nixos/hardware/graphics/default.nix +++ b/modules/nixos/hardware/graphics/default.nix @@ -35,19 +35,22 @@ in (lib.mkIf (cfg.gpuFlavor == "amd") { boot.initrd.kernelModules = lib.mkIf cfg.amd.enableKernelModule [ "amdgpu" ]; + hardware.amdgpu = { + # Vulkan + amdvlk = lib.mkIf cfg.amd.amdvlk { + enable = true; + support32Bit = { + enable = true; + }; + }; + }; + hardware.opengl = { extraPackages = with pkgs; [ # OpenCL rocmPackages.clr rocmPackages.clr.icd - ] - ++ lib.optional cfg.amd.amdvlk amdvlk - ; - - extraPackages32 = with pkgs; [ - ] - ++ lib.optional cfg.amd.amdvlk driversi686Linux.amdvlk - ; + ]; }; }) From 9ab49e06f9abf377b34c86a3e52ea1ba0225f189 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 13 Jun 2024 12:15:41 +0000 Subject: [PATCH 022/362] nixos: hardware: graphics: add 32bit Intel drivers --- modules/nixos/hardware/graphics/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/nixos/hardware/graphics/default.nix b/modules/nixos/hardware/graphics/default.nix index 51ac4455..65f10560 100644 --- a/modules/nixos/hardware/graphics/default.nix +++ b/modules/nixos/hardware/graphics/default.nix @@ -72,6 +72,13 @@ in intel-vaapi-driver libvdpau-va-gl ]; + + extraPackages32 = with pkgs.driversi686Linux; [ + # VA API + intel-media-driver + intel-vaapi-driver + libvdpau-va-gl + ]; }; }) ]); From eb94fca939189fb8f761ffda549d6fc6c4ff3943 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 18 Jun 2024 09:21:42 +0000 Subject: [PATCH 023/362] home: nix: use 'nix.nixPath' Freshly merged upstream, I've only been waiting ~1 year for it. --- modules/home/nix/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/nix/default.nix b/modules/home/nix/default.nix index f8d65ce8..c0bbcc84 100644 --- a/modules/home/nix/default.nix +++ b/modules/home/nix/default.nix @@ -96,7 +96,7 @@ in }) (lib.mkIf cfg.inputs.addToNixPath { - home.sessionVariables.NIX_PATH = "${config.xdg.configHome}/nix/inputs\${NIX_PATH:+:$NIX_PATH}"; + nix.nixPath = [ "${config.xdg.configHome}/nix/inputs" ]; }) ]); } From 468eaa9ed47f3c5077a1e176d3a53e7dc3087fcc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 18 Jun 2024 13:13:42 +0000 Subject: [PATCH 024/362] home: nixpkgs: use 'escapeShellArg' --- modules/home/nixpkgs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/nixpkgs/default.nix b/modules/home/nixpkgs/default.nix index 720fc9b8..a4946db5 100644 --- a/modules/home/nixpkgs/default.nix +++ b/modules/home/nixpkgs/default.nix @@ -13,8 +13,8 @@ in ]; home.sessionVariables = { - GITHUB_TOKEN = ''$(cat "${config.age.secrets."github/token".path}")''; - GITHUB_API_TOKEN = ''$(cat "${config.age.secrets."github/token".path}")''; + GITHUB_TOKEN = ''$(cat ${lib.escapeShellArg config.age.secrets."github/token".path})''; + GITHUB_API_TOKEN = ''$(cat ${lib.escapeShellArg config.age.secrets."github/token".path})''; }; }; } From c2362795d80946805f613a9351ab934a4b33d38d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 21 Jun 2024 15:38:12 +0000 Subject: [PATCH 025/362] flake: bump inputs Fixup `bash-language-server` which has been migrated out of `nodePackages`. --- flake.lock | 24 ++++++++++++------------ modules/home/vim/default.nix | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index 084af23a..9a9275f6 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1718526747, - "narHash": "sha256-sKrD/utGvmtQALvuDj4j0CT3AJXP1idOAq2p+27TpeE=", + "lastModified": 1718788307, + "narHash": "sha256-SqiOz0sljM0GjyQEVinPXQxaGcbOXw5OgpCWGPgh/vo=", "owner": "nix-community", "repo": "home-manager", - "rev": "0a7ffb28e5df5844d0e8039c9833d7075cdee792", + "rev": "d7830d05421d0ced83a0f007900898bdcaf2a2ca", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1718318537, - "narHash": "sha256-4Zu0RYRcAY/VWuu6awwq4opuiD//ahpc2aFHg2CWqFY=", + "lastModified": 1718895438, + "narHash": "sha256-k3JqJrkdoYwE3fHE6xGDY676AYmyh4U2Zw+0Bwe5DLU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e9ee548d90ff586a6471b4ae80ae9cfcbceb3420", + "rev": "d603719ec6e294f034936c0d0dc06f689d91b6c3", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1718606072, - "narHash": "sha256-+BKOI7p2YoNwNQgfdIldS0hmihEjBBLWPOek624sgeg=", + "lastModified": 1718980488, + "narHash": "sha256-cULCoFNaBcyB9TUMmL6oDKu2FygaZbfn6I5mYwRC4G8=", "owner": "nix-community", "repo": "NUR", - "rev": "6af362f6660ce325faacb9e180e3c2e8d2af3fdd", + "rev": "ef74ae1e19df0d2118a4f27d6127f1153469a25e", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1717664902, - "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=", + "lastModified": 1718879355, + "narHash": "sha256-RTyqP4fBX2MdhNuMP+fnR3lIwbdtXhyj7w7fwtvgspc=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1", + "rev": "8cd35b9496d21a6c55164d8547d9d5280162b07a", "type": "github" }, "original": { diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 509ae58d..d7280fbf 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -102,7 +102,7 @@ in nixpkgs-fmt # Shell - nodePackages.bash-language-server + bash-language-server shfmt ]; }; From b73f6af5e018a337aceb72295aa0d3c7b74bbea7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 21 Jun 2024 15:38:32 +0000 Subject: [PATCH 026/362] nixos: services: flood: use upstream module --- modules/nixos/services/flood/default.nix | 26 ++++-------------------- 1 file changed, 4 insertions(+), 22 deletions(-) diff --git a/modules/nixos/services/flood/default.nix b/modules/nixos/services/flood/default.nix index 155e73db..b95bac5a 100644 --- a/modules/nixos/services/flood/default.nix +++ b/modules/nixos/services/flood/default.nix @@ -1,5 +1,5 @@ # A nice UI for various torrent clients -{ config, lib, pkgs, ... }: +{ config, lib, ... }: let cfg = config.my.services.flood; in @@ -13,31 +13,13 @@ in example = 3000; description = "Internal port for Flood UI"; }; - - stateDir = mkOption { - type = types.str; - default = "flood"; - example = "floodUI"; - description = "Directory under `/var/run` for storing Flood's files"; - }; }; config = lib.mkIf cfg.enable { - systemd.services.flood = { - description = "Flood torrent UI"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; + services.flood = { + enable = true; - serviceConfig = { - ExecStart = lib.concatStringsSep " " [ - (lib.getExe pkgs.flood) - "--port ${builtins.toString cfg.port}" - "--rundir /var/lib/${cfg.stateDir}" - ]; - DynamicUser = true; - StateDirectory = cfg.stateDir; - ReadWritePaths = ""; - }; + inherit (cfg) port; }; my.services.nginx.virtualHosts = { From 105e0fbfd0c5d6177490486468098c5634508b5b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 19 Jun 2024 19:51:53 +0100 Subject: [PATCH 027/362] ci: fix typo --- .woodpecker/check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.woodpecker/check.yml b/.woodpecker/check.yml index e04cd464..9e885aa0 100644 --- a/.woodpecker/check.yml +++ b/.woodpecker/check.yml @@ -7,7 +7,7 @@ steps: commands: - nix flake check -- name: notifiy +- name: notify image: bash environment: ADDRESS: From a15f7ec270ed7b2da17f1d7fc8ccf148f5a0cfe4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 19 Jun 2024 19:52:10 +0100 Subject: [PATCH 028/362] templates: fix typo --- templates/c++-cmake/.woodpecker/check.yml | 2 +- templates/c++-meson/.woodpecker/check.yml | 2 +- templates/rust-cargo/.woodpecker/check.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/c++-cmake/.woodpecker/check.yml b/templates/c++-cmake/.woodpecker/check.yml index 4ff7dba0..272c0e43 100644 --- a/templates/c++-cmake/.woodpecker/check.yml +++ b/templates/c++-cmake/.woodpecker/check.yml @@ -12,7 +12,7 @@ steps: commands: - nix flake check -- name: notifiy +- name: notify image: bash environment: ADDRESS: diff --git a/templates/c++-meson/.woodpecker/check.yml b/templates/c++-meson/.woodpecker/check.yml index 4ff7dba0..272c0e43 100644 --- a/templates/c++-meson/.woodpecker/check.yml +++ b/templates/c++-meson/.woodpecker/check.yml @@ -12,7 +12,7 @@ steps: commands: - nix flake check -- name: notifiy +- name: notify image: bash environment: ADDRESS: diff --git a/templates/rust-cargo/.woodpecker/check.yml b/templates/rust-cargo/.woodpecker/check.yml index 4ff7dba0..272c0e43 100644 --- a/templates/rust-cargo/.woodpecker/check.yml +++ b/templates/rust-cargo/.woodpecker/check.yml @@ -12,7 +12,7 @@ steps: commands: - nix flake check -- name: notifiy +- name: notify image: bash environment: ADDRESS: From fc5cb1a47d2a7046dd0d9eef5b5b8cf21c5736bf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 28 Jun 2024 09:54:50 +0000 Subject: [PATCH 029/362] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 9a9275f6..83ccfd7a 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1718788307, - "narHash": "sha256-SqiOz0sljM0GjyQEVinPXQxaGcbOXw5OgpCWGPgh/vo=", + "lastModified": 1719438532, + "narHash": "sha256-/Vmso2ZMoFE3M7d1MRsQ2K5sR8CVKnrM6t1ys9Xjpz4=", "owner": "nix-community", "repo": "home-manager", - "rev": "d7830d05421d0ced83a0f007900898bdcaf2a2ca", + "rev": "1a4f12ae0bda877ec4099b429cf439aad897d7e9", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1718895438, - "narHash": "sha256-k3JqJrkdoYwE3fHE6xGDY676AYmyh4U2Zw+0Bwe5DLU=", + "lastModified": 1719254875, + "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d603719ec6e294f034936c0d0dc06f689d91b6c3", + "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1718980488, - "narHash": "sha256-cULCoFNaBcyB9TUMmL6oDKu2FygaZbfn6I5mYwRC4G8=", + "lastModified": 1719564461, + "narHash": "sha256-wCFs1sf1tPoV3nCG5N5KaakAKm88FyzN6pRdOsOqNZg=", "owner": "nix-community", "repo": "NUR", - "rev": "ef74ae1e19df0d2118a4f27d6127f1153469a25e", + "rev": "7369862c4a8f293f6fde79044369dad7dfc04798", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1718879355, - "narHash": "sha256-RTyqP4fBX2MdhNuMP+fnR3lIwbdtXhyj7w7fwtvgspc=", + "lastModified": 1719259945, + "narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "8cd35b9496d21a6c55164d8547d9d5280162b07a", + "rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07", "type": "github" }, "original": { From b8952655378f033a484b98f6c748c7beef8740ae Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 28 Jun 2024 18:10:26 +0100 Subject: [PATCH 030/362] nixos: hardware: graphics: fix renamed option --- modules/nixos/hardware/graphics/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/nixos/hardware/graphics/default.nix b/modules/nixos/hardware/graphics/default.nix index 65f10560..89bb1cd2 100644 --- a/modules/nixos/hardware/graphics/default.nix +++ b/modules/nixos/hardware/graphics/default.nix @@ -26,7 +26,7 @@ in config = lib.mkIf cfg.enable (lib.mkMerge [ { - hardware.opengl = { + hardware.graphics = { enable = true; }; } @@ -45,7 +45,7 @@ in }; }; - hardware.opengl = { + hardware.graphics = { extraPackages = with pkgs; [ # OpenCL rocmPackages.clr @@ -62,7 +62,7 @@ in VDPAU_DRIVER = "va_gl"; }; - hardware.opengl = { + hardware.graphics = { extraPackages = with pkgs; [ # Open CL intel-compute-runtime From dc90e14e60f755cbe5d0b2ccdceed92221b53ffa Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 1 Jul 2024 09:59:14 +0000 Subject: [PATCH 031/362] home: vim: lspconfig: add 'starpls' --- modules/home/vim/plugin/settings/lspconfig.lua | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index b3f89543..2f355f4d 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -76,3 +76,11 @@ if utils.is_executable("bash-language-server") then on_attach = lsp.on_attach, }) end + +-- Starlark +if utils.is_executable("starpls") then + lspconfig.starpls.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end From f11cdb367514db86063f9c2342a7e29d21dac473 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 8 Jul 2024 13:10:07 +0000 Subject: [PATCH 032/362] home: gdb: use 'mkPackageOption' --- modules/home/gdb/default.nix | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/modules/home/gdb/default.nix b/modules/home/gdb/default.nix index fe8eb699..9e7d81f1 100644 --- a/modules/home/gdb/default.nix +++ b/modules/home/gdb/default.nix @@ -9,14 +9,7 @@ in rr = { enable = my.mkDisableOption "rr configuration"; - package = mkOption { - type = types.package; - default = pkgs.rr; - defaultText = literalExample "pkgs.rr"; - description = '' - Package providing rr - ''; - }; + package = mkPackageOption pkgs "rr" { }; }; }; From 4943df69ef8015ee0f36ef3997fb60a52d6e7903 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 8 Jul 2024 13:12:21 +0000 Subject: [PATCH 033/362] home: gdb: add 'package' option --- modules/home/gdb/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/home/gdb/default.nix b/modules/home/gdb/default.nix index 9e7d81f1..efb49e20 100644 --- a/modules/home/gdb/default.nix +++ b/modules/home/gdb/default.nix @@ -6,6 +6,8 @@ in options.my.home.gdb = with lib; { enable = my.mkDisableOption "gdb configuration"; + package = mkPackageOption pkgs "gdb" { }; + rr = { enable = my.mkDisableOption "rr configuration"; @@ -16,7 +18,7 @@ in config = lib.mkIf cfg.enable (lib.mkMerge [ { home.packages = with pkgs; [ - gdb + cfg.package ]; xdg = { From abb78d63e24dadbe6c76af753a9433b44d62d323 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 8 Jul 2024 13:10:28 +0000 Subject: [PATCH 034/362] home: calibre: add 'package' option --- modules/home/calibre/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/home/calibre/default.nix b/modules/home/calibre/default.nix index 6edf6545..de7c1263 100644 --- a/modules/home/calibre/default.nix +++ b/modules/home/calibre/default.nix @@ -5,11 +5,13 @@ in { options.my.home.calibre = with lib; { enable = mkEnableOption "calibre configuration"; + + package = mkPackageOption pkgs "calibre" { }; }; config = lib.mkIf cfg.enable { home.packages = with pkgs; [ - calibre + cfg.package ]; }; } From 1644e952435590c2f263624c7e649e91248eae63 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 8 Jul 2024 13:11:30 +0000 Subject: [PATCH 035/362] home: discord: add 'package' option --- modules/home/discord/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/home/discord/default.nix b/modules/home/discord/default.nix index 7348bb4f..bfa5d40e 100644 --- a/modules/home/discord/default.nix +++ b/modules/home/discord/default.nix @@ -7,11 +7,13 @@ in { options.my.home.discord = with lib; { enable = mkEnableOption "discord configuration"; + + package = mkPackageOption pkgs "discord" { }; }; config = lib.mkIf cfg.enable { home.packages = with pkgs; [ - discord + cfg.package ]; xdg.configFile."discord/settings.json".source = From 04de570926161cf47201322fae92168a7f07aa34 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 8 Jul 2024 13:27:30 +0000 Subject: [PATCH 036/362] home: atuin: add 'package' option --- modules/home/atuin/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/home/atuin/default.nix b/modules/home/atuin/default.nix index b8973ccc..3f062638 100644 --- a/modules/home/atuin/default.nix +++ b/modules/home/atuin/default.nix @@ -1,15 +1,19 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let cfg = config.my.home.atuin; in { options.my.home.atuin = with lib; { enable = my.mkDisableOption "atuin configuration"; + + # I want the full experience by default + package = mkPackageOption pkgs "atuin" { }; }; config = lib.mkIf cfg.enable { programs.atuin = { enable = true; + inherit (cfg) package; flags = [ # I *despise* this hijacking of the up key, even though I use Ctrl-p From 6a6f3aed63cb2cf04f42a17d5329bfeed3c4f62f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 10 Jul 2024 21:40:36 +0100 Subject: [PATCH 037/362] home: vim: migrate to 'oil.nvim' --- modules/home/vim/after/ftplugin/netrw.vim | 6 ------ modules/home/vim/default.nix | 2 +- modules/home/vim/plugin/settings/oil.lua | 19 +++++++++++++++++++ 3 files changed, 20 insertions(+), 7 deletions(-) delete mode 100644 modules/home/vim/after/ftplugin/netrw.vim create mode 100644 modules/home/vim/plugin/settings/oil.lua diff --git a/modules/home/vim/after/ftplugin/netrw.vim b/modules/home/vim/after/ftplugin/netrw.vim deleted file mode 100644 index e3689f82..00000000 --- a/modules/home/vim/after/ftplugin/netrw.vim +++ /dev/null @@ -1,6 +0,0 @@ -" Create the `b:undo_ftplugin` variable if it doesn't exist -call ftplugined#check_undo_ft() - -" Don't show Netrw in buffer list -setlocal bufhidden=delete -let b:undo_ftplugin='|setlocal bufhidden<' diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index d7280fbf..e2c3504f 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -46,7 +46,6 @@ in vim-repeat # Enanche '.' for plugins vim-rsi # Readline mappings vim-unimpaired # Some ex command mappings - vim-vinegar # Better netrw # Languages rust-vim @@ -85,6 +84,7 @@ in dressing-nvim # Integrate native UI hooks with Telescope etc... gitsigns-nvim # Fast git UI integration nvim-surround # Deal with pairs, now in Lua + oil-nvim # Better alternative to NetrW telescope-fzf-native-nvim # Use 'fzf' fuzzy matching algorithm telescope-lsp-handlers-nvim # Use 'telescope' for various LSP actions telescope-nvim # Fuzzy finder interface diff --git a/modules/home/vim/plugin/settings/oil.lua b/modules/home/vim/plugin/settings/oil.lua new file mode 100644 index 00000000..451345dd --- /dev/null +++ b/modules/home/vim/plugin/settings/oil.lua @@ -0,0 +1,19 @@ +local oil = require("oil") +local wk = require("which-key") + +oil.setup({ + view_options = { + -- Show files and directories that start with "." by default + show_hidden = true, + -- But never '..' + is_always_hidden = function(name, bufnr) + return name == ".." + end, + }, +}) + +local keys = { + ["-"] = { oil.open, "Open parent directory" }, +} + +wk.register(keys) From 452399ee4c036663e2aef0a802120445591931a6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 10 Jul 2024 22:16:51 +0100 Subject: [PATCH 038/362] home: vim: oil: add detail view toggle mapping --- modules/home/vim/plugin/settings/oil.lua | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/modules/home/vim/plugin/settings/oil.lua b/modules/home/vim/plugin/settings/oil.lua index 451345dd..e4a67164 100644 --- a/modules/home/vim/plugin/settings/oil.lua +++ b/modules/home/vim/plugin/settings/oil.lua @@ -1,6 +1,8 @@ local oil = require("oil") local wk = require("which-key") +local detail = false + oil.setup({ view_options = { -- Show files and directories that start with "." by default @@ -10,6 +12,19 @@ oil.setup({ return name == ".." end, }, + keymaps = { + ["gd"] = { + desc = "Toggle file detail view", + callback = function() + detail = not detail + if detail then + oil.set_columns({ "icon", "permissions", "size", "mtime" }) + else + oil.set_columns({ "icon" }) + end + end, + }, + }, }) local keys = { From 0de9966127b4177ad0c0760c72e9849c383a0a5f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 10 Jul 2024 22:45:48 +0100 Subject: [PATCH 039/362] home: vim: remove redundant 'nobackup' It's already the default. --- modules/home/vim/init.vim | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index 3a74c4f4..eba0c255 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -38,8 +38,6 @@ set tabstop=8 " File parameters {{{ """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -" Disable backups, we have source control for that -set nobackup " Disable swapfiles too set noswapfile " }}} From 16d68022ebfaf8108ab73a99c54a84bbc811511d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 10 Jul 2024 22:47:14 +0100 Subject: [PATCH 040/362] home: vim: enable swap and undo files Trying it on for size, since NeoVim does use XDG directories for those. --- modules/home/vim/init.vim | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index eba0c255..a5a06f47 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -38,8 +38,10 @@ set tabstop=8 " File parameters {{{ """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -" Disable swapfiles too -set noswapfile +" Enable swap files +set swapfile +" And undo files +set undofile " }}} " UI and UX parameters {{{ From 88e4d72366955f31f6dcae0caeffb78cdb7b810a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 12 Jul 2024 19:52:03 +0100 Subject: [PATCH 041/362] home: vim: git: use lua in visual mappings I thought the partial staging feature had broken, but it looks to be unrelated [1]. [1]: https://github.com/lewis6991/gitsigns.nvim/issues/1088 --- modules/home/vim/plugin/settings/git.lua | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua index 4dbebcad..5ae03e1d 100644 --- a/modules/home/vim/plugin/settings/git.lua +++ b/modules/home/vim/plugin/settings/git.lua @@ -1,6 +1,15 @@ local gitsigns = require("gitsigns") local wk = require("which-key") +--- Transform `f` into a function which acts on the current visual selection +local function make_visual(f) + return function() + local first = vim.fn.line("v") + local last = vim.fn.line(".") + f({ first, last }) + end +end + gitsigns.setup({ current_line_blame_opts = { -- Show the blame quickly @@ -43,13 +52,12 @@ local objects = { local visual = { ["ih"] = { gitsigns.select_hunk, "Git hunk" }, - -- Only the actual command can make use of the visual selection... ["g"] = { name = "Git", - p = { ":Gitsigns preview_hunk", "Preview selection" }, - r = { ":Gitsigns reset_hunk", "Restore selection" }, - s = { ":Gitsigns stage_hunk", "Stage selection" }, - u = { ":Gitsigns undo_stage_hunk", "Undo stage selection" }, + p = { gitsigns.preview_hunk, "Preview selection" }, + r = { make_visual(gitsigns.reset_hunk), "Restore selection" }, + s = { make_visual(gitsigns.stage_hunk), "Stage selection" }, + u = { gitsigns.undo_stage_hunk, "Undo stage selection" }, }, } From 966934a8bc1475b20fe03b2749916fb769d36051 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 12 Jul 2024 20:11:51 +0100 Subject: [PATCH 042/362] home: vim: git: use lua in hunk mappings --- modules/home/vim/plugin/settings/git.lua | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua index 5ae03e1d..0ef647eb 100644 --- a/modules/home/vim/plugin/settings/git.lua +++ b/modules/home/vim/plugin/settings/git.lua @@ -10,6 +10,20 @@ local function make_visual(f) end end +local function nav_hunk(dir) + return function() + if vim.wo.diff then + local map = { + prev = "[c", + next = "]c", + } + vim.cmd.normal({ map[dir], bang = true }) + else + gitsigns.nav_hunk(dir) + end + end +end + gitsigns.setup({ current_line_blame_opts = { -- Show the blame quickly @@ -19,8 +33,8 @@ gitsigns.setup({ local keys = { -- Navigation - ["[c"] = { "&diff ? '[c' : 'Gitsigns prev_hunk'", "Previous hunk/diff", expr = true }, - ["]c"] = { "&diff ? ']c' : 'Gitsigns next_hunk'", "Next hunk/diff", expr = true }, + ["[c"] = { nav_hunk("prev"), "Previous hunk/diff" }, + ["]c"] = { nav_hunk("next"), "Next hunk/diff" }, -- Commands ["g"] = { From bcd9a31bb8f61d6355f4c9ee4a6e777087889b09 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 12 Jul 2024 20:34:51 +0100 Subject: [PATCH 043/362] home: vim: lua: utils: add 'partial' Love me some functional goodness. This was taken from [1]. [1]: https://reddit.com/r/lua/comments/fh2go5 --- modules/home/vim/lua/ambroisie/utils.lua | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/modules/home/vim/lua/ambroisie/utils.lua b/modules/home/vim/lua/ambroisie/utils.lua index 3d2dd3ba..c9e92921 100644 --- a/modules/home/vim/lua/ambroisie/utils.lua +++ b/modules/home/vim/lua/ambroisie/utils.lua @@ -48,4 +48,22 @@ M.list_lsp_clients = function(bufnr) return names end +--- partially apply a function with given arguments +M.partial = function(f, ...) + local a = { ... } + local a_len = select("#", ...) + + return function(...) + local tmp = { ... } + local tmp_len = select("#", ...) + + -- Merge arg lists + for i = 1, tmp_len do + a[a_len + i] = tmp[i] + end + + return f(unpack(a, 1, a_len + tmp_len)) + end +end + return M From 5592a120a4f0c9c40d7f3228d2b989f8d3d8c149 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 12 Jul 2024 20:38:40 +0100 Subject: [PATCH 044/362] home: vim: git: use 'partial' --- modules/home/vim/plugin/settings/git.lua | 26 +++++++++++------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua index 0ef647eb..de5bb69c 100644 --- a/modules/home/vim/plugin/settings/git.lua +++ b/modules/home/vim/plugin/settings/git.lua @@ -1,4 +1,5 @@ local gitsigns = require("gitsigns") +local utils = require("ambroisie.utils") local wk = require("which-key") --- Transform `f` into a function which acts on the current visual selection @@ -11,16 +12,14 @@ local function make_visual(f) end local function nav_hunk(dir) - return function() - if vim.wo.diff then - local map = { - prev = "[c", - next = "]c", - } - vim.cmd.normal({ map[dir], bang = true }) - else - gitsigns.nav_hunk(dir) - end + if vim.wo.diff then + local map = { + prev = "[c", + next = "]c", + } + vim.cmd.normal({ map[dir], bang = true }) + else + gitsigns.nav_hunk(dir) end end @@ -33,8 +32,8 @@ gitsigns.setup({ local keys = { -- Navigation - ["[c"] = { nav_hunk("prev"), "Previous hunk/diff" }, - ["]c"] = { nav_hunk("next"), "Next hunk/diff" }, + ["[c"] = { utils.partial(nav_hunk, "prev"), "Previous hunk/diff" }, + ["]c"] = { utils.partial(nav_hunk, "next"), "Next hunk/diff" }, -- Commands ["g"] = { @@ -42,8 +41,7 @@ local keys = { -- Actions b = { gitsigns.toggle_current_line_blame, "Toggle blame virtual text" }, d = { gitsigns.diffthis, "Diff buffer" }, - -- stylua: ignore - D = { function() gitsigns.diffthis("~") end, "Diff buffer against last commit" }, + D = { utils.partial(gitsigns.diffthis, "~"), "Diff buffer against last commit" }, g = { "Git", "Git status" }, h = { gitsigns.toggle_deleted, "Show deleted hunks" }, L = { ":spT:Gllog --follow -- %:p", "Current buffer log" }, From 5ffe2653c0499afda8b2c9b933b2ef9554c23510 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 12 Jul 2024 20:59:58 +0100 Subject: [PATCH 045/362] home: vim: git: work around partial staging issue See [1]. [1]: https://github.com/lewis6991/gitsigns.nvim/issues/929 --- modules/home/vim/plugin/settings/git.lua | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua index de5bb69c..404abfca 100644 --- a/modules/home/vim/plugin/settings/git.lua +++ b/modules/home/vim/plugin/settings/git.lua @@ -28,6 +28,8 @@ gitsigns.setup({ -- Show the blame quickly delay = 100, }, + -- Work-around for https://github.com/lewis6991/gitsigns.nvim/issues/929 + signs_staged_enable = false, }) local keys = { From 280829b54f55760119c37b15c2d68e6e6535001d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 15 Jul 2024 20:34:09 +0100 Subject: [PATCH 046/362] home: vim: signtoggle: fix toggling Don't know how I missed this for so long... --- modules/home/vim/plugin/signtoggle.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/vim/plugin/signtoggle.lua b/modules/home/vim/plugin/signtoggle.lua index d6a26e21..60f6a653 100644 --- a/modules/home/vim/plugin/signtoggle.lua +++ b/modules/home/vim/plugin/signtoggle.lua @@ -9,7 +9,7 @@ vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "WinEnter" }, { vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "WinLeave" }, { pattern = "*", group = signtoggle, - command = "setlocal signcolumn=yes", + command = "setlocal signcolumn=no", }) -- Never show the sign column in a terminal buffer From a7c542784c2ceb2ad4bbe605b8362794a69f0193 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 15 Jul 2024 20:40:37 +0100 Subject: [PATCH 047/362] home: vim: numbertoggle: use lua callbacks Use `vim.opt` because those are local options (i.e: similar to `set` it defaults to setting it locally, `vim.opt_local` is not necessary). --- modules/home/vim/plugin/numbertoggle.lua | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/modules/home/vim/plugin/numbertoggle.lua b/modules/home/vim/plugin/numbertoggle.lua index 1f97fc89..80427101 100644 --- a/modules/home/vim/plugin/numbertoggle.lua +++ b/modules/home/vim/plugin/numbertoggle.lua @@ -7,17 +7,28 @@ local numbertoggle = vim.api.nvim_create_augroup("numbertoggle", { clear = true vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "InsertLeave", "WinEnter" }, { pattern = "*", group = numbertoggle, - command = "if &nu | setlocal rnu | endif", + callback = function() + if vim.opt.number:get() then + vim.opt.relativenumber = true + end + end, }) vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "InsertEnter", "WinLeave" }, { pattern = "*", group = numbertoggle, - command = "if &nu | setlocal nornu | endif", + callback = function() + if vim.opt.number:get() then + vim.opt.relativenumber = false + end + end, }) -- Never show the sign column in a terminal buffer vim.api.nvim_create_autocmd({ "TermOpen" }, { pattern = "*", group = numbertoggle, - command = "setlocal nonu nornu", + callback = function() + vim.opt.number = false + vim.opt.relativenumber = false + end, }) From 5918a0b9e6b246f69607c78d2dd68192849d724c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 15 Jul 2024 20:40:59 +0100 Subject: [PATCH 048/362] home: vim: signtoggle: use lua callbacks Use `vim.opt` because this is a local option (i.e: similar to `set` it defaults to setting it locally, `vim.opt_local` is not necessary). --- modules/home/vim/plugin/signtoggle.lua | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/modules/home/vim/plugin/signtoggle.lua b/modules/home/vim/plugin/signtoggle.lua index 60f6a653..9765a818 100644 --- a/modules/home/vim/plugin/signtoggle.lua +++ b/modules/home/vim/plugin/signtoggle.lua @@ -4,17 +4,23 @@ local signtoggle = vim.api.nvim_create_augroup("signtoggle", { clear = true }) vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "WinEnter" }, { pattern = "*", group = signtoggle, - command = "setlocal signcolumn=yes", + callback = function() + vim.opt.signcolumn = "yes" + end, }) vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "WinLeave" }, { pattern = "*", group = signtoggle, - command = "setlocal signcolumn=no", + callback = function() + vim.opt.signcolumn = "no" + end, }) -- Never show the sign column in a terminal buffer vim.api.nvim_create_autocmd({ "TermOpen" }, { pattern = "*", group = signtoggle, - command = "setlocal signcolumn=no", + callback = function() + vim.opt.signcolumn = "no" + end, }) From 82f49f1389591f04440471422e542608edb6a326 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 19 Jul 2024 11:10:49 +0000 Subject: [PATCH 049/362] home: vim: telescope: move mappings from 'after' --- .../home/vim/after/plugin/mappings/telescope.lua | 15 --------------- modules/home/vim/plugin/settings/telescope.lua | 15 +++++++++++++++ 2 files changed, 15 insertions(+), 15 deletions(-) delete mode 100644 modules/home/vim/after/plugin/mappings/telescope.lua diff --git a/modules/home/vim/after/plugin/mappings/telescope.lua b/modules/home/vim/after/plugin/mappings/telescope.lua deleted file mode 100644 index 0867b361..00000000 --- a/modules/home/vim/after/plugin/mappings/telescope.lua +++ /dev/null @@ -1,15 +0,0 @@ -local wk = require("which-key") -local telescope_builtin = require("telescope.builtin") - -local keys = { - f = { - name = "Fuzzy finder", - b = { telescope_builtin.buffers, "Open buffers" }, - f = { telescope_builtin.git_files, "Git tracked files" }, - F = { telescope_builtin.find_files, "Files" }, - g = { telescope_builtin.live_grep, "Grep string" }, - G = { telescope_builtin.grep_string, "Grep string under cursor" }, - }, -} - -wk.register(keys, { prefix = "" }) diff --git a/modules/home/vim/plugin/settings/telescope.lua b/modules/home/vim/plugin/settings/telescope.lua index 4548ec5d..64cc2982 100644 --- a/modules/home/vim/plugin/settings/telescope.lua +++ b/modules/home/vim/plugin/settings/telescope.lua @@ -1,4 +1,6 @@ local telescope = require("telescope") +local telescope_builtin = require("telescope.builtin") +local wk = require("which-key") telescope.setup({ defaults = { @@ -22,3 +24,16 @@ telescope.setup({ telescope.load_extension("fzf") telescope.load_extension("lsp_handlers") + +local keys = { + f = { + name = "Fuzzy finder", + b = { telescope_builtin.buffers, "Open buffers" }, + f = { telescope_builtin.git_files, "Git tracked files" }, + F = { telescope_builtin.find_files, "Files" }, + g = { telescope_builtin.live_grep, "Grep string" }, + G = { telescope_builtin.grep_string, "Grep string under cursor" }, + }, +} + +wk.register(keys, { prefix = "" }) From 3438290e32adb1dfcc3e69b86f83effa279a7c27 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 19 Jul 2024 11:13:11 +0000 Subject: [PATCH 050/362] home: vim: tree-sitter: move mappings from 'after' --- .../mappings/tree-sitter-textobjects.lua | 30 ------------------ .../home/vim/plugin/settings/tree-sitter.lua | 31 +++++++++++++++++++ 2 files changed, 31 insertions(+), 30 deletions(-) delete mode 100644 modules/home/vim/after/plugin/mappings/tree-sitter-textobjects.lua diff --git a/modules/home/vim/after/plugin/mappings/tree-sitter-textobjects.lua b/modules/home/vim/after/plugin/mappings/tree-sitter-textobjects.lua deleted file mode 100644 index 631731cc..00000000 --- a/modules/home/vim/after/plugin/mappings/tree-sitter-textobjects.lua +++ /dev/null @@ -1,30 +0,0 @@ -local wk = require("which-key") - -local motions = { - ["]m"] = "Next method start", - ["]M"] = "Next method end", - ["]S"] = "Next statement start", - ["]]"] = "Next class start", - ["]["] = "Next class end", - ["[m"] = "Previous method start", - ["[M"] = "Previous method end", - ["[S"] = "Previous statement start", - ["[["] = "Previous class start", - ["[]"] = "Previous class end", -} - -local objects = { - ["aa"] = "a parameter", - ["ia"] = "inner parameter", - ["ab"] = "a block", - ["ib"] = "inner block", - ["ac"] = "a class", - ["ic"] = "inner class", - ["af"] = "a function", - ["if"] = "inner function", - ["ak"] = "a comment", - ["aS"] = "a statement", -} - -wk.register(motions, { mode = "n" }) -wk.register(objects, { mode = "o" }) diff --git a/modules/home/vim/plugin/settings/tree-sitter.lua b/modules/home/vim/plugin/settings/tree-sitter.lua index 5503857f..4584c85b 100644 --- a/modules/home/vim/plugin/settings/tree-sitter.lua +++ b/modules/home/vim/plugin/settings/tree-sitter.lua @@ -1,4 +1,6 @@ local ts_config = require("nvim-treesitter.configs") +local wk = require("which-key") + ts_config.setup({ highlight = { enable = true, @@ -51,3 +53,32 @@ ts_config.setup({ }, }, }) + +local motions = { + ["]m"] = "Next method start", + ["]M"] = "Next method end", + ["]S"] = "Next statement start", + ["]]"] = "Next class start", + ["]["] = "Next class end", + ["[m"] = "Previous method start", + ["[M"] = "Previous method end", + ["[S"] = "Previous statement start", + ["[["] = "Previous class start", + ["[]"] = "Previous class end", +} + +local objects = { + ["aa"] = "a parameter", + ["ia"] = "inner parameter", + ["ab"] = "a block", + ["ib"] = "inner block", + ["ac"] = "a class", + ["ic"] = "inner class", + ["af"] = "a function", + ["if"] = "inner function", + ["ak"] = "a comment", + ["aS"] = "a statement", +} + +wk.register(motions, { mode = "n" }) +wk.register(objects, { mode = "o" }) From c6735f3912041595610b64f4b2231ca836b39ebe Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 19 Jul 2024 11:32:10 +0000 Subject: [PATCH 051/362] home: vime: tree-sitter: remove 'which-key' The plug-in now has support for setting mapping descriptions by itself. --- .../home/vim/plugin/settings/tree-sitter.lua | 70 ++++++------------- 1 file changed, 20 insertions(+), 50 deletions(-) diff --git a/modules/home/vim/plugin/settings/tree-sitter.lua b/modules/home/vim/plugin/settings/tree-sitter.lua index 4584c85b..d5fff465 100644 --- a/modules/home/vim/plugin/settings/tree-sitter.lua +++ b/modules/home/vim/plugin/settings/tree-sitter.lua @@ -1,5 +1,4 @@ local ts_config = require("nvim-treesitter.configs") -local wk = require("which-key") ts_config.setup({ highlight = { @@ -16,16 +15,16 @@ ts_config.setup({ -- Jump to matching text objects lookahead = true, keymaps = { - ["aa"] = "@parameter.outer", - ["ia"] = "@parameter.inner", - ["ab"] = "@block.outer", - ["ib"] = "@block.inner", - ["ac"] = "@class.outer", - ["ic"] = "@class.inner", - ["af"] = "@function.outer", - ["if"] = "@function.inner", - ["ak"] = "@comment.outer", - ["aS"] = "@statement.outer", + ["aa"] = { query = "@parameter.outer", desc = "a parameter" }, + ["ia"] = { query = "@parameter.inner", desc = "inner parameter" }, + ["ab"] = { query = "@block.outer", desc = "a block" }, + ["ib"] = { query = "@block.inner", desc = "inner block" }, + ["ac"] = { query = "@class.outer", desc = "a class" }, + ["ic"] = { query = "@class.inner", desc = "inner class" }, + ["af"] = { query = "@function.outer", desc = "a function" }, + ["if"] = { query = "@function.inner", desc = "inner function" }, + ["ak"] = { query = "@comment.outer", desc = "a comment" }, + ["aS"] = { query = "@statement.outer", desc = "a statement" }, }, }, move = { @@ -33,52 +32,23 @@ ts_config.setup({ -- Add to jump list set_jumps = true, goto_next_start = { - ["]m"] = "@function.outer", - ["]S"] = "@statement.outer", - ["]]"] = "@class.outer", + ["]m"] = { query = "@function.outer", desc = "Next method start" }, + ["]S"] = { query = "@statement.outer", desc = "Next statement start" }, + ["]]"] = { query = "@class.outer", desc = "Next class start" }, }, goto_next_end = { - ["]M"] = "@function.outer", - ["]["] = "@class.outer", + ["]M"] = { query = "@function.outer", desc = "Next method end" }, + ["]["] = { query = "@class.outer", desc = "Next class end" }, }, goto_previous_start = { - ["[m"] = "@function.outer", - ["[S"] = "@statement.outer", - ["[["] = "@class.outer", + ["[m"] = { query = "@function.outer", desc = "Previous method start" }, + ["[S"] = { query = "@statement.outer", desc = "Previous statement start" }, + ["[["] = { query = "@class.outer", desc = "Previous class start" }, }, goto_previous_end = { - ["[M"] = "@function.outer", - ["[]"] = "@class.outer", + ["[M"] = { query = "@function.outer", desc = "Previous method end" }, + ["[]"] = { query = "@class.outer", desc = "Previous class end" }, }, }, }, }) - -local motions = { - ["]m"] = "Next method start", - ["]M"] = "Next method end", - ["]S"] = "Next statement start", - ["]]"] = "Next class start", - ["]["] = "Next class end", - ["[m"] = "Previous method start", - ["[M"] = "Previous method end", - ["[S"] = "Previous statement start", - ["[["] = "Previous class start", - ["[]"] = "Previous class end", -} - -local objects = { - ["aa"] = "a parameter", - ["ia"] = "inner parameter", - ["ab"] = "a block", - ["ib"] = "inner block", - ["ac"] = "a class", - ["ic"] = "inner class", - ["af"] = "a function", - ["if"] = "inner function", - ["ak"] = "a comment", - ["aS"] = "a statement", -} - -wk.register(motions, { mode = "n" }) -wk.register(objects, { mode = "o" }) From abaa7119e7ba773045e66be0884796b323919346 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 20 Jul 2024 11:34:42 +0100 Subject: [PATCH 052/362] home: vim: consistent 'unimpaired' mapping names --- modules/home/vim/after/plugin/mappings/unimpaired.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/vim/after/plugin/mappings/unimpaired.lua b/modules/home/vim/after/plugin/mappings/unimpaired.lua index f5020564..e171d8fd 100644 --- a/modules/home/vim/after/plugin/mappings/unimpaired.lua +++ b/modules/home/vim/after/plugin/mappings/unimpaired.lua @@ -86,7 +86,7 @@ local keys = { z = "Spell checking", }, ["]o"] = { - name = "Option off", + name = "Disable option", b = "Light background", c = "Cursor line", d = "Diff", @@ -105,7 +105,7 @@ local keys = { z = "Spell checking", }, ["yo"] = { - name = "Option toggle", + name = "Toggle option", b = "Light background", c = "Cursor line", d = "Diff", From 326f9d039a2811531e48dacb6b30590fe6172e6a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 22 Jul 2024 16:05:54 +0000 Subject: [PATCH 053/362] home: vim: disable 'swapfile' As before, I still dislike this option and find its downsides worse than its upsides. --- modules/home/vim/init.vim | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index a5a06f47..01866146 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -38,9 +38,9 @@ set tabstop=8 " File parameters {{{ """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -" Enable swap files -set swapfile -" And undo files +" Disable swap files +set noswapfile +" Enable undo files set undofile " }}} From 997f208d305cbedfbfbd9f6e93d3caf95225775a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 24 Jul 2024 16:33:09 +0000 Subject: [PATCH 054/362] home: vim: remove irrelevant filetype plugins I don't make use of their non-upstreamed functionality. --- modules/home/vim/default.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index e2c3504f..a0634836 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -48,11 +48,7 @@ in vim-unimpaired # Some ex command mappings # Languages - rust-vim vim-beancount - vim-jsonnet - vim-nix - vim-toml # General enhancements vim-qf # Better quick-fix list From 442eef04826277d1eb562665b49b3215e59b445e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 25 Jul 2024 09:39:38 +0000 Subject: [PATCH 055/362] home: vim: git: fix deprecated functions --- modules/home/vim/plugin/settings/git.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua index 404abfca..0e3bc5ef 100644 --- a/modules/home/vim/plugin/settings/git.lua +++ b/modules/home/vim/plugin/settings/git.lua @@ -54,8 +54,8 @@ local keys = { s = { gitsigns.stage_hunk, "Stage hunk" }, S = { gitsigns.stage_buffer, "Stage buffer" }, u = { gitsigns.undo_stage_hunk, "Undo stage hunk" }, - ["["] = { gitsigns.prev_hunk, "Previous hunk" }, - ["]"] = { gitsigns.next_hunk, "Next hunk" }, + ["["] = { utils.partial(gitsigns.nav_hunk, "prev"), "Previous hunk" }, + ["]"] = { utils.partial(gitsigns.nav_hunk, "next"), "Next hunk" }, }, } From b5216a6a50de84bed2de995e623e82f91bce35a9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 25 Jul 2024 20:28:04 +0200 Subject: [PATCH 056/362] pkgs: unbound-zones-adblock: fix version --- pkgs/unbound-zones-adblock/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/unbound-zones-adblock/default.nix b/pkgs/unbound-zones-adblock/default.nix index 642ac418..2a6d4b7f 100644 --- a/pkgs/unbound-zones-adblock/default.nix +++ b/pkgs/unbound-zones-adblock/default.nix @@ -1,7 +1,7 @@ { lib, gawk, stdenvNoCC, stevenblack-blocklist }: stdenvNoCC.mkDerivation { name = "unbound-zones-adblock"; - version = stevenblack-blocklist.rev; + inherit (stevenblack-blocklist) version; src = stevenblack-blocklist; From d04de7d21307a24e2bdefd98bca02194e1931f96 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 20 Jul 2024 22:41:42 +0100 Subject: [PATCH 057/362] flake: bump inputs And fix renamed packages. --- flake.lock | 36 ++++++++++++++++++------------------ modules/home/gtk/default.nix | 4 ++-- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/flake.lock b/flake.lock index 83ccfd7a..6b848466 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1718371084, - "narHash": "sha256-abpBi61mg0g+lFFU0zY4C6oP6fBwPzbHPKBGw676xsA=", + "lastModified": 1720546205, + "narHash": "sha256-boCXsjYVxDviyzoEyAk624600f3ZBo/DKtUdvMTpbGY=", "owner": "ryantm", "repo": "agenix", - "rev": "3a56735779db467538fb2e577eda28a9daacaca6", + "rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1717285511, - "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1719438532, - "narHash": "sha256-/Vmso2ZMoFE3M7d1MRsQ2K5sR8CVKnrM6t1ys9Xjpz4=", + "lastModified": 1721852138, + "narHash": "sha256-JH8N5uoqoVA6erV4O40VtKKHsnfmhvMGbxMNDLtim5o=", "owner": "nix-community", "repo": "home-manager", - "rev": "1a4f12ae0bda877ec4099b429cf439aad897d7e9", + "rev": "304a011325b7ac7b8c9950333cd215a7aa146b0e", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1719254875, - "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=", + "lastModified": 1721743106, + "narHash": "sha256-adRZhFpBTnHiK3XIELA3IBaApz70HwCYfv7xNrHjebA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60", + "rev": "dc14ed91132ee3a26255d01d8fd0c1f5bff27b2f", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1719564461, - "narHash": "sha256-wCFs1sf1tPoV3nCG5N5KaakAKm88FyzN6pRdOsOqNZg=", + "lastModified": 1721930286, + "narHash": "sha256-IUr/laHRe52MkPlOSflG1GThgQo+ECmAP7O51RxLduI=", "owner": "nix-community", "repo": "NUR", - "rev": "7369862c4a8f293f6fde79044369dad7dfc04798", + "rev": "3ea857d2abb7f3825976cefc50894d35ca55f8c4", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1719259945, - "narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=", + "lastModified": 1721042469, + "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07", + "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd", "type": "github" }, "original": { diff --git a/modules/home/gtk/default.nix b/modules/home/gtk/default.nix index 62d3f811..f10087dc 100644 --- a/modules/home/gtk/default.nix +++ b/modules/home/gtk/default.nix @@ -21,12 +21,12 @@ in }; iconTheme = { - package = pkgs.gnome.gnome-themes-extra; + package = pkgs.gnome-themes-extra; name = "Adwaita"; }; theme = { - package = pkgs.gnome.gnome-themes-extra; + package = pkgs.gnome-themes-extra; name = "Adwaita"; }; }; From 4de788695034d7b5f4847fb23dad1a9431e51593 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 20 Jul 2024 22:57:28 +0100 Subject: [PATCH 058/362] nixos: system: packages: fix deprecated config --- modules/nixos/system/packages/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/nixos/system/packages/default.nix b/modules/nixos/system/packages/default.nix index 5c29aa0f..ebea06f8 100644 --- a/modules/nixos/system/packages/default.nix +++ b/modules/nixos/system/packages/default.nix @@ -14,12 +14,14 @@ in config = lib.mkIf cfg.enable { environment.systemPackages = with pkgs; [ - vim wget ]; programs = { - vim.defaultEditor = true; # Modal editing is life + vim = { + enable = true; + defaultEditor = true; # Modal editing is life + }; zsh = { enable = true; # Use integrations From 58760280be64aa68500573111564ee7cf37dae6c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 20 Jul 2024 22:43:19 +0100 Subject: [PATCH 059/362] home: vim: update for 'which-key' v3 It complains quite loudly about the legacy mapping syntax. --- .../home/vim/after/plugin/mappings/misc.lua | 4 +- .../vim/after/plugin/mappings/unimpaired.lua | 238 +++++++++--------- modules/home/vim/lua/ambroisie/lsp.lua | 45 ++-- modules/home/vim/plugin/settings/git.lua | 67 +++-- modules/home/vim/plugin/settings/oil.lua | 4 +- .../home/vim/plugin/settings/telescope.lua | 16 +- .../home/vim/plugin/settings/which-key.lua | 27 +- 7 files changed, 208 insertions(+), 193 deletions(-) diff --git a/modules/home/vim/after/plugin/mappings/misc.lua b/modules/home/vim/after/plugin/mappings/misc.lua index 6aa25a20..12dbffca 100644 --- a/modules/home/vim/after/plugin/mappings/misc.lua +++ b/modules/home/vim/after/plugin/mappings/misc.lua @@ -1,7 +1,7 @@ local wk = require("which-key") local keys = { - [""] = { "nohls", "Clear search highlight" }, + { "", "nohls", desc = "Clear search highlight" }, } -wk.register(keys, { prefix = "" }) +wk.add(keys) diff --git a/modules/home/vim/after/plugin/mappings/unimpaired.lua b/modules/home/vim/after/plugin/mappings/unimpaired.lua index e171d8fd..a0336d1d 100644 --- a/modules/home/vim/after/plugin/mappings/unimpaired.lua +++ b/modules/home/vim/after/plugin/mappings/unimpaired.lua @@ -3,126 +3,124 @@ local wk = require("which-key") local lsp = require("ambroisie.lsp") local keys = { - -- Edition and navigation mappins - ["["] = { - name = "Previous", - [""] = "Insert blank line above", - [""] = "Previous location list file", - [""] = "Previous quickfix list file", - [""] = "Previous tag in preview window", - a = "Previous argument", - A = "First argument", - b = "Previous buffer", - B = "First buffer", - e = "Exchange previous line", - f = "Previous file in directory", - l = "Previous location list entry", - L = "First Location list entry", - n = "Previous conflict marker/diff hunk", - p = "Paste line above", - P = "Paste line above", - q = "Previous quickfix list entry", - Q = "First quickfix list entry", - t = "Previous matching tag", - T = "First matching tag", - z = "Previous fold", - -- Encoding - C = "C string encode", - u = "URL encode", - x = "XML encode", - y = "C string encode", - -- Custom - d = { lsp.goto_prev_diagnostic, "Previous diagnostic" }, - }, - ["]"] = { - name = "Next", - [""] = "Insert blank line below", - [""] = "Next location list file", - [""] = "Next quickfix list file", - [""] = "Next tag in preview window", - a = "Next argument", - A = "Last argument", - b = "Next buffer", - B = "Last buffer", - e = "Exchange next line", - f = "Next file in directory", - l = "Next location list entry", - L = "Last Location list entry", - n = "Next conflict marker/diff hunk", - p = "Paste line below", - P = "Paste line below", - q = "Next quickfix list entry", - Q = "Last quickfix list entry", - t = "Next matching tag", - T = "Last matching tag", - z = "Next fold", - -- Decoding - C = "C string decode", - u = "URL decode", - x = "XML decode", - y = "C string decode", - -- Custom - d = { lsp.goto_next_diagnostic, "Next diagnostic" }, - }, + -- Previous + { "[", group = "Previous" }, + -- Edition and navigation mappings + { "[", desc = "Insert blank line above" }, + { "[", desc = "Previous location list file" }, + { "[", desc = "Previous quickfix list file" }, + { "[", desc = "Previous tag in preview window" }, + { "[a", desc = "Previous argument" }, + { "[A", desc = "First argument" }, + { "[b", desc = "Previous buffer" }, + { "[B", desc = "First buffer" }, + { "[e", desc = "Exchange previous line" }, + { "[f", desc = "Previous file in directory" }, + { "[l", desc = "Previous location list entry" }, + { "[L", desc = "First Location list entry" }, + { "[n", desc = "Previous conflict marker/diff hunk" }, + { "[p", desc = "Paste line above" }, + { "[P", desc = "Paste line above" }, + { "[q", desc = "Previous quickfix list entry" }, + { "[Q", desc = "First quickfix list entry" }, + { "[t", desc = "Previous matching tag" }, + { "[T", desc = "First matching tag" }, + { "[z", desc = "Previous fold" }, + -- Encoding + { "[C", desc = "C string encode" }, + { "[u", desc = "URL encode" }, + { "[x", desc = "XML encode" }, + { "[y", desc = "C string encode" }, + -- Custom + { "[d", lsp.goto_prev_diagnostic, desc = "Previous diagnostic" }, - -- Option mappings - ["[o"] = { - name = "Enable option", - b = "Light background", - c = "Cursor line", - d = "Diff", - f = { "FormatEnable", "LSP Formatting" }, - h = "Search high-lighting", - i = "Case insensitive search", - l = "List mode", - n = "Line numbers", - r = "Relative line numbers", - p = { "lwindow", "Location list" }, - q = { "cwindow", "Quickfix list" }, - u = "Cursor column", - v = "Virtual editing", - w = "Text wrapping", - x = "Cursor line and column", - z = "Spell checking", - }, - ["]o"] = { - name = "Disable option", - b = "Light background", - c = "Cursor line", - d = "Diff", - f = { "FormatDisable", "LSP Formatting" }, - h = "Search high-lighting", - i = "Case insensitive search", - l = "List mode", - n = "Line numbers", - p = { "lclose", "Location list" }, - q = { "cclose", "Quickfix list" }, - r = "Relative line numbers", - u = "Cursor column", - v = "Virtual editing", - w = "Text wrapping", - x = "Cursor line and column", - z = "Spell checking", - }, - ["yo"] = { - name = "Toggle option", - b = "Light background", - c = "Cursor line", - d = "Diff", - f = { "FormatToggle", "LSP Formatting" }, - h = "Search high-lighting", - i = "Case insensitive search", - l = "List mode", - n = "Line numbers", - p = { "(qf_loc_toggle)", "Location list" }, - q = { "(qf_qf_toggle)", "Quickfix list" }, - r = "Relative line numbers", - u = "Cursor column", - v = "Virtual editing", - w = "Text wrapping", - x = "Cursor line and column", - z = "Spell checking", - }, + -- Next + { "]", group = "Next" }, + -- Edition and navigation mappings + { "]", desc = "Insert blank line below" }, + { "]", desc = "Next location list file" }, + { "]", desc = "Next quickfix list file" }, + { "]", desc = "Next tag in preview window" }, + { "]a", desc = "Next argument" }, + { "]A", desc = "Last argument" }, + { "]b", desc = "Next buffer" }, + { "]B", desc = "Last buffer" }, + { "]e", desc = "Exchange next line" }, + { "]f", desc = "Next file in directory" }, + { "]l", desc = "Next location list entry" }, + { "]L", desc = "Last Location list entry" }, + { "]n", desc = "Next conflict marker/diff hunk" }, + { "]p", desc = "Paste line below" }, + { "]P", desc = "Paste line below" }, + { "]q", desc = "Next quickfix list entry" }, + { "]Q", desc = "Last quickfix list entry" }, + { "]t", desc = "Next matching tag" }, + { "]T", desc = "Last matching tag" }, + { "]z", desc = "Next fold" }, + -- Decoding + { "]C", desc = "C string decode" }, + { "]u", desc = "URL decode" }, + { "]x", desc = "XML decode" }, + { "]y", desc = "C string decode" }, + -- Custom + { "]d", lsp.goto_next_diagnostic, desc = "Next diagnostic" }, + + -- Enable option + { "[o", desc = "Enable option" }, + { "[ob", desc = "Light background" }, + { "[oc", desc = "Cursor line" }, + { "[od", desc = "Diff" }, + { "[of", "FormatEnable", desc = "LSP Formatting" }, + { "[oh", desc = "Search high-lighting" }, + { "[oi", desc = "Case insensitive search" }, + { "[ol", desc = "List mode" }, + { "[on", desc = "Line numbers" }, + { "[or", desc = "Relative line numbers" }, + { "[op", "lwindow", desc = "Location list" }, + { "[oq", "cwindow", desc = "Quickfix list" }, + { "[ou", desc = "Cursor column" }, + { "[ov", desc = "Virtual editing" }, + { "[ow", desc = "Text wrapping" }, + { "[ox", desc = "Cursor line and column" }, + { "[oz", desc = "Spell checking" }, + + -- Disable option + { "]o", desc = "Disable option" }, + { "]ob", desc = "Light background" }, + { "]oc", desc = "Cursor line" }, + { "]od", desc = "Diff" }, + { "]of", "FormatDisable", desc = "LSP Formatting" }, + { "]oh", desc = "Search high-lighting" }, + { "]oi", desc = "Case insensitive search" }, + { "]ol", desc = "List mode" }, + { "]on", desc = "Line numbers" }, + { "]op", "lclose", desc = "Location list" }, + { "]oq", "cclose", desc = "Quickfix list" }, + { "]or", desc = "Relative line numbers" }, + { "]ou", desc = "Cursor column" }, + { "]ov", desc = "Virtual editing" }, + { "]ow", desc = "Text wrapping" }, + { "]ox", desc = "Cursor line and column" }, + { "]oz", desc = "Spell checking" }, + + -- Toggle option + { "yo", group = "Toggle option" }, + { "yob", desc = "Light background" }, + { "yoc", desc = "Cursor line" }, + { "yod", desc = "Diff" }, + { "yof", "FormatToggle", desc = "LSP Formatting" }, + { "yoh", desc = "Search high-lighting" }, + { "yoi", desc = "Case insensitive search" }, + { "yol", desc = "List mode" }, + { "yon", desc = "Line numbers" }, + { "yop", "(qf_loc_toggle)", desc = "Location list" }, + { "yoq", "(qf_qf_toggle)", desc = "Quickfix list" }, + { "yor", desc = "Relative line numbers" }, + { "you", desc = "Cursor column" }, + { "yov", desc = "Virtual editing" }, + { "yow", desc = "Text wrapping" }, + { "yox", desc = "Cursor line and column" }, + { "yoz", desc = "Spell checking" }, } -wk.register(keys) +wk.add(keys) diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index dc473665..19126236 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -87,31 +87,30 @@ M.on_attach = function(client, bufnr) end local keys = { - K = { vim.lsp.buf.hover, "Show symbol information" }, - [""] = { vim.lsp.buf.signature_help, "Show signature information" }, - ["gd"] = { vim.lsp.buf.definition, "Go to definition" }, - ["gD"] = { vim.lsp.buf.declaration, "Go to declaration" }, - ["gi"] = { vim.lsp.buf.implementation, "Go to implementation" }, - ["gr"] = { vim.lsp.buf.references, "List all references" }, - - ["c"] = { - name = "Code", - a = { vim.lsp.buf.code_action, "Code actions" }, - d = { cycle_diagnostics_display, "Cycle diagnostics display" }, - D = { show_buffer_diagnostics, "Show buffer diagnostics" }, - r = { vim.lsp.buf.rename, "Rename symbol" }, - s = { vim.lsp.buf.signature_help, "Show signature" }, - t = { vim.lsp.buf.type_definition, "Go to type definition" }, - w = { - name = "Workspace", - a = { vim.lsp.buf.add_workspace_folder, "Add folder to workspace" }, - l = { list_workspace_folders, "List folders in workspace" }, - r = { vim.lsp.buf.remove_workspace_folder, "Remove folder from workspace" }, - }, - }, + buffer = bufnr, + -- LSP navigation + { "K", vim.lsp.buf.hover, desc = "Show symbol information" }, + { "", vim.lsp.buf.signature_help, desc = "Show signature information" }, + { "gd", vim.lsp.buf.definition, desc = "Go to definition" }, + { "gD", vim.lsp.buf.declaration, desc = "Go to declaration" }, + { "gi", vim.lsp.buf.implementation, desc = "Go to implementation" }, + { "gr", vim.lsp.buf.references, desc = "List all references" }, + -- Code + { "c", group = "Code" }, + { "ca", vim.lsp.buf.code_action, desc = "Code actions" }, + { "cd", cycle_diagnostics_display, desc = "Cycle diagnostics display" }, + { "cD", show_buffer_diagnostics, desc = "Show buffer diagnostics" }, + { "cr", vim.lsp.buf.rename, desc = "Rename symbol" }, + { "cs", vim.lsp.buf.signature_help, desc = "Show signature" }, + { "ct", vim.lsp.buf.type_definition, desc = "Go to type definition" }, + -- Workspace + { "cw", group = "Workspace" }, + { "cwa", vim.lsp.buf.add_workspace_folder, desc = "Add folder to workspace" }, + { "cwl", list_workspace_folders, desc = "List folders in workspace" }, + { "cwr", vim.lsp.buf.remove_workspace_folder, desc = "Remove folder from workspace" }, } - wk.register(keys, { buffer = bufnr }) + wk.add(keys) end return M diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua index 0e3bc5ef..b9b92a69 100644 --- a/modules/home/vim/plugin/settings/git.lua +++ b/modules/home/vim/plugin/settings/git.lua @@ -34,47 +34,42 @@ gitsigns.setup({ local keys = { -- Navigation - ["[c"] = { utils.partial(nav_hunk, "prev"), "Previous hunk/diff" }, - ["]c"] = { utils.partial(nav_hunk, "next"), "Next hunk/diff" }, - + { "[c", utils.partial(nav_hunk, "prev"), desc = "Previous hunk/diff" }, + { "]c", utils.partial(nav_hunk, "next"), desc = "Next hunk/diff" }, -- Commands - ["g"] = { - name = "Git", - -- Actions - b = { gitsigns.toggle_current_line_blame, "Toggle blame virtual text" }, - d = { gitsigns.diffthis, "Diff buffer" }, - D = { utils.partial(gitsigns.diffthis, "~"), "Diff buffer against last commit" }, - g = { "Git", "Git status" }, - h = { gitsigns.toggle_deleted, "Show deleted hunks" }, - L = { ":spT:Gllog --follow -- %:p", "Current buffer log" }, - m = { "(git-messenger)", "Current line blame" }, - p = { gitsigns.preview_hunk, "Preview hunk" }, - r = { gitsigns.reset_hunk, "Restore hunk" }, - R = { gitsigns.reset_buffer, "Restore buffer" }, - s = { gitsigns.stage_hunk, "Stage hunk" }, - S = { gitsigns.stage_buffer, "Stage buffer" }, - u = { gitsigns.undo_stage_hunk, "Undo stage hunk" }, - ["["] = { utils.partial(gitsigns.nav_hunk, "prev"), "Previous hunk" }, - ["]"] = { utils.partial(gitsigns.nav_hunk, "next"), "Next hunk" }, - }, + { "g", group = "Git" }, + { "gb", gitsigns.toggle_current_line_blame, desc = "Toggle blame virtual text" }, + { "gd", gitsigns.diffthis, desc = "Diff buffer" }, + { "gD", utils.partial(gitsigns.diffthis, "~"), desc = "Diff buffer against last commit" }, + { "gg", "Git", desc = "Git status" }, + { "gh", gitsigns.toggle_deleted, desc = "Show deleted hunks" }, + { "gL", ":spT:Gllog --follow -- %:p", desc = "Current buffer log" }, + { "gm", "(git-messenger)", desc = "Current line blame" }, + { "gp", gitsigns.preview_hunk, desc = "Preview hunk" }, + { "gr", gitsigns.reset_hunk, desc = "Restore hunk" }, + { "gR", gitsigns.reset_buffer, desc = "Restore buffer" }, + { "gs", gitsigns.stage_hunk, desc = "Stage hunk" }, + { "gS", gitsigns.stage_buffer, desc = "Stage buffer" }, + { "gu", gitsigns.undo_stage_hunk, desc = "Undo stage hunk" }, + { "g[", utils.partial(gitsigns.nav_hunk, "prev"), desc = "Previous hunk" }, + { "g]", utils.partial(gitsigns.nav_hunk, "next"), desc = "Next hunk" }, } local objects = { - ["ih"] = { gitsigns.select_hunk, "Git hunk" }, + mode = "o", + { "ih", gitsigns.select_hunk, desc = "Git hunk" }, } - +-- Visual local visual = { - ["ih"] = { gitsigns.select_hunk, "Git hunk" }, - - ["g"] = { - name = "Git", - p = { gitsigns.preview_hunk, "Preview selection" }, - r = { make_visual(gitsigns.reset_hunk), "Restore selection" }, - s = { make_visual(gitsigns.stage_hunk), "Stage selection" }, - u = { gitsigns.undo_stage_hunk, "Undo stage selection" }, - }, + mode = { "x" }, + { "ih", gitsigns.select_hunk, desc = "Git hunk" }, + { "g", group = "Git" }, + { "gp", gitsigns.preview_hunk, desc = "Preview selection" }, + { "gr", make_visual(gitsigns.reset_hunk), desc = "Restore selection" }, + { "gs", make_visual(gitsigns.stage_hunk), desc = "Stage selection" }, + { "gu", gitsigns.undo_stage_hunk, desc = "Undo stage selection" }, } -wk.register(keys, { buffer = bufnr }) -wk.register(objects, { buffer = bufnr, mode = "o" }) -wk.register(visual, { buffer = bufnr, mode = "x" }) +wk.add(keys) +wk.add(objects) +wk.add(visual) diff --git a/modules/home/vim/plugin/settings/oil.lua b/modules/home/vim/plugin/settings/oil.lua index e4a67164..a160725b 100644 --- a/modules/home/vim/plugin/settings/oil.lua +++ b/modules/home/vim/plugin/settings/oil.lua @@ -28,7 +28,7 @@ oil.setup({ }) local keys = { - ["-"] = { oil.open, "Open parent directory" }, + { "-", oil.open, desc = "Open parent directory" }, } -wk.register(keys) +wk.add(keys) diff --git a/modules/home/vim/plugin/settings/telescope.lua b/modules/home/vim/plugin/settings/telescope.lua index 64cc2982..1a239282 100644 --- a/modules/home/vim/plugin/settings/telescope.lua +++ b/modules/home/vim/plugin/settings/telescope.lua @@ -26,14 +26,12 @@ telescope.load_extension("fzf") telescope.load_extension("lsp_handlers") local keys = { - f = { - name = "Fuzzy finder", - b = { telescope_builtin.buffers, "Open buffers" }, - f = { telescope_builtin.git_files, "Git tracked files" }, - F = { telescope_builtin.find_files, "Files" }, - g = { telescope_builtin.live_grep, "Grep string" }, - G = { telescope_builtin.grep_string, "Grep string under cursor" }, - }, + { "f", group = "Fuzzy finder" }, + { "fb", telescope_builtin.buffers, desc = "Open buffers" }, + { "ff", telescope_builtin.git_files, desc = "Git tracked files" }, + { "fF", telescope_builtin.find_files, desc = "Files" }, + { "fg", telescope_builtin.live_grep, desc = "Grep string" }, + { "fG", telescope_builtin.grep_string, desc = "Grep string under cursor" }, } -wk.register(keys, { prefix = "" }) +wk.add(keys) diff --git a/modules/home/vim/plugin/settings/which-key.lua b/modules/home/vim/plugin/settings/which-key.lua index 2edfd709..81f398f0 100644 --- a/modules/home/vim/plugin/settings/which-key.lua +++ b/modules/home/vim/plugin/settings/which-key.lua @@ -1,2 +1,27 @@ local wk = require("which-key") -wk.setup() +wk.setup({ + icons = { + -- I don't like icons + mappings = false, + breadcrumb = "»", + separator = "âžœ", + group = "+", + ellipsis = "…", + keys = { + Up = "ï¢ ", + Down = "ï£ ", + Left = "ï  ", + Right = "ï¡ ", + C = "", + M = "", + D = "", + S = "", + CR = "", + Esc = " ", + NL = "", + BS = "", + Space = "", + Tab = " ", + }, + }, +}) From 6b7510cfd943763ca09b91ea83bc2510bf0f6c86 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 25 Jul 2024 20:17:50 +0100 Subject: [PATCH 060/362] home: vim: show directories in blue Blue is much more readable when the night filter kicks in. --- modules/home/vim/init.vim | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index 01866146..93eb1339 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -100,6 +100,8 @@ gruvbox.setup({ DiffChange = { fg = colors.aqua, bg = "NONE" }, DiffDelete = { fg = colors.red, bg = "NONE" }, DiffText = { fg = colors.yellow, bg = colors.bg0 }, + -- Directories "pop" better in blue + Directory = { link = "GruvboxBlueBold" }, } }) EOF From ace266b02c3a45ce717ca457d9f79b49513e71cf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 26 Jul 2024 10:06:02 +0000 Subject: [PATCH 061/362] overlays: add 'none-ls-root-bug' Will be removed when the plug-in gets its next bump. --- overlays/none-ls-root-bug/default.nix | 4 ++++ overlays/none-ls-root-bug/generated.nix | 14 ++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 overlays/none-ls-root-bug/default.nix create mode 100644 overlays/none-ls-root-bug/generated.nix diff --git a/overlays/none-ls-root-bug/default.nix b/overlays/none-ls-root-bug/default.nix new file mode 100644 index 00000000..832e71de --- /dev/null +++ b/overlays/none-ls-root-bug/default.nix @@ -0,0 +1,4 @@ +self: prev: +{ + vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { }); +} diff --git a/overlays/none-ls-root-bug/generated.nix b/overlays/none-ls-root-bug/generated.nix new file mode 100644 index 00000000..16d3b25e --- /dev/null +++ b/overlays/none-ls-root-bug/generated.nix @@ -0,0 +1,14 @@ +{ fetchpatch, ... }: + +_final: prev: { + none-ls-nvim = prev.none-ls-nvim.overrideAttrs (oa: { + patches = (oa.patches or [ ]) ++ [ + # https://github.com/nvimtools/none-ls.nvim/pull/163 + (fetchpatch { + name = "fix-get-root-directory.patch"; + url = "https://github.com/nvimtools/none-ls.nvim/commit/2cde745aadc2c36f6860a77a556494870675771a.patch"; + hash = "sha256-BtIjrT6ME2mR/5Ez9h+6r+fy0jYkBkw6/A9NConKRVs="; + }) + ]; + }); +} From 0d820cc2f41074564984ea0a2ba72c63bc08ef70 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 26 Jul 2024 11:52:17 +0000 Subject: [PATCH 062/362] home: vim: move 'nohls' to 'which-key' --- modules/home/vim/after/plugin/mappings/misc.lua | 7 ------- modules/home/vim/plugin/settings/which-key.lua | 6 ++++++ 2 files changed, 6 insertions(+), 7 deletions(-) delete mode 100644 modules/home/vim/after/plugin/mappings/misc.lua diff --git a/modules/home/vim/after/plugin/mappings/misc.lua b/modules/home/vim/after/plugin/mappings/misc.lua deleted file mode 100644 index 12dbffca..00000000 --- a/modules/home/vim/after/plugin/mappings/misc.lua +++ /dev/null @@ -1,7 +0,0 @@ -local wk = require("which-key") - -local keys = { - { "", "nohls", desc = "Clear search highlight" }, -} - -wk.add(keys) diff --git a/modules/home/vim/plugin/settings/which-key.lua b/modules/home/vim/plugin/settings/which-key.lua index 81f398f0..76a21178 100644 --- a/modules/home/vim/plugin/settings/which-key.lua +++ b/modules/home/vim/plugin/settings/which-key.lua @@ -25,3 +25,9 @@ wk.setup({ }, }, }) + +local keys = { + { "", "nohls", desc = "Clear search highlight" }, +} + +wk.add(keys) From 9ed2dcefdeef07a3359985c2859b5ec1c02a8386 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 26 Jul 2024 11:54:11 +0000 Subject: [PATCH 063/362] home: vim: which-key: use lua callbacks --- modules/home/vim/plugin/settings/which-key.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/vim/plugin/settings/which-key.lua b/modules/home/vim/plugin/settings/which-key.lua index 76a21178..3dc260ae 100644 --- a/modules/home/vim/plugin/settings/which-key.lua +++ b/modules/home/vim/plugin/settings/which-key.lua @@ -27,7 +27,7 @@ wk.setup({ }) local keys = { - { "", "nohls", desc = "Clear search highlight" }, + { "", vim.cmd.nohlsearch, desc = "Clear search highlight" }, } wk.add(keys) From 1e2872c5c7ce6c07abdd4850bd100706606993f2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 27 Jul 2024 15:09:52 +0100 Subject: [PATCH 064/362] home: vim: fix '+'/'-' highlighting in diffs I'm not a big fan of the new highlighting [1]. [1]: https://github.com/nvim-treesitter/nvim-treesitter/pull/6619 --- modules/home/vim/after/queries/diff/highlights.scm | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 modules/home/vim/after/queries/diff/highlights.scm diff --git a/modules/home/vim/after/queries/diff/highlights.scm b/modules/home/vim/after/queries/diff/highlights.scm new file mode 100644 index 00000000..c998725a --- /dev/null +++ b/modules/home/vim/after/queries/diff/highlights.scm @@ -0,0 +1,5 @@ +; extends + +; I want to the line added/removed markers to be the correct color +"+" @diff.plus +"-" @diff.minus From 93dfe0411493683dab491f632f3f27286bf59a19 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 4 Aug 2024 11:37:33 +0100 Subject: [PATCH 065/362] hosts: nixos: aramis: home: use 'pinentry-rofi' --- hosts/nixos/aramis/home.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix index 64b63ce4..abf472a5 100644 --- a/hosts/nixos/aramis/home.nix +++ b/hosts/nixos/aramis/home.nix @@ -2,7 +2,7 @@ { my.home = { # Use graphical pinentry - bitwarden.pinentry = pkgs.pinentry-gtk2; + bitwarden.pinentry = pkgs.pinentry-rofi; # Ebook library calibre.enable = true; # Some amount of social life @@ -14,7 +14,7 @@ # Blue light filter gammastep.enable = true; # Use a small popup to enter passwords - gpg.pinentry = pkgs.pinentry-gtk2; + gpg.pinentry = pkgs.pinentry-rofi; # Machine specific packages packages.additionalPackages = with pkgs; [ element-desktop # Matrix client From f240730c4f6fd32738b944b5ef836768da10adf2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 7 Aug 2024 14:15:12 +0000 Subject: [PATCH 066/362] flake: bump inputs And remove the overlay for `none-ls`, which has been fixed. This reverts commit ace266b02c3a45ce717ca457d9f79b49513e71cf. --- flake.lock | 36 ++++++++++++------------- overlays/none-ls-root-bug/default.nix | 4 --- overlays/none-ls-root-bug/generated.nix | 14 ---------- 3 files changed, 18 insertions(+), 36 deletions(-) delete mode 100644 overlays/none-ls-root-bug/default.nix delete mode 100644 overlays/none-ls-root-bug/generated.nix diff --git a/flake.lock b/flake.lock index 6b848466..751e70c6 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1720546205, - "narHash": "sha256-boCXsjYVxDviyzoEyAk624600f3ZBo/DKtUdvMTpbGY=", + "lastModified": 1722339003, + "narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=", "owner": "ryantm", "repo": "agenix", - "rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6", + "rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1719994518, - "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "lastModified": 1722555600, + "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1721852138, - "narHash": "sha256-JH8N5uoqoVA6erV4O40VtKKHsnfmhvMGbxMNDLtim5o=", + "lastModified": 1723015306, + "narHash": "sha256-jQnFEtH20/OsDPpx71ntZzGdRlpXhUENSQCGTjn//NA=", "owner": "nix-community", "repo": "home-manager", - "rev": "304a011325b7ac7b8c9950333cd215a7aa146b0e", + "rev": "b3d5ea65d88d67d4ec578ed11d4d2d51e3de525e", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1721743106, - "narHash": "sha256-adRZhFpBTnHiK3XIELA3IBaApz70HwCYfv7xNrHjebA=", + "lastModified": 1722813957, + "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dc14ed91132ee3a26255d01d8fd0c1f5bff27b2f", + "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1721930286, - "narHash": "sha256-IUr/laHRe52MkPlOSflG1GThgQo+ECmAP7O51RxLduI=", + "lastModified": 1723036652, + "narHash": "sha256-YIKo7vD/wkItzqIzg7u9bxYPhPwKhJbRbFcENuT0p68=", "owner": "nix-community", "repo": "NUR", - "rev": "3ea857d2abb7f3825976cefc50894d35ca55f8c4", + "rev": "2ee33d83d919b2375ebeeee175fab2af02dff92f", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1721042469, - "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=", + "lastModified": 1722857853, + "narHash": "sha256-3Zx53oz/MSIyevuWO/SumxABkrIvojnB7g9cimxkhiE=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd", + "rev": "06939f6b7ec4d4f465bf3132a05367cccbbf64da", "type": "github" }, "original": { diff --git a/overlays/none-ls-root-bug/default.nix b/overlays/none-ls-root-bug/default.nix deleted file mode 100644 index 832e71de..00000000 --- a/overlays/none-ls-root-bug/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -self: prev: -{ - vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { }); -} diff --git a/overlays/none-ls-root-bug/generated.nix b/overlays/none-ls-root-bug/generated.nix deleted file mode 100644 index 16d3b25e..00000000 --- a/overlays/none-ls-root-bug/generated.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ fetchpatch, ... }: - -_final: prev: { - none-ls-nvim = prev.none-ls-nvim.overrideAttrs (oa: { - patches = (oa.patches or [ ]) ++ [ - # https://github.com/nvimtools/none-ls.nvim/pull/163 - (fetchpatch { - name = "fix-get-root-directory.patch"; - url = "https://github.com/nvimtools/none-ls.nvim/commit/2cde745aadc2c36f6860a77a556494870675771a.patch"; - hash = "sha256-BtIjrT6ME2mR/5Ez9h+6r+fy0jYkBkw6/A9NConKRVs="; - }) - ]; - }); -} From 8ed69de4be87e5f558216df84d6563a5d3727778 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 10 Aug 2024 12:09:02 +0100 Subject: [PATCH 067/362] hosts: nixos: aramis: home: remove 'pinentry-rofi' I'm not sure why, but it's messing with my `gpg-agent`... But I didn't get any issues with `rbw`. I'll try and figure out why. This reverts commit 93dfe0411493683dab491f632f3f27286bf59a19. --- hosts/nixos/aramis/home.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix index abf472a5..64b63ce4 100644 --- a/hosts/nixos/aramis/home.nix +++ b/hosts/nixos/aramis/home.nix @@ -2,7 +2,7 @@ { my.home = { # Use graphical pinentry - bitwarden.pinentry = pkgs.pinentry-rofi; + bitwarden.pinentry = pkgs.pinentry-gtk2; # Ebook library calibre.enable = true; # Some amount of social life @@ -14,7 +14,7 @@ # Blue light filter gammastep.enable = true; # Use a small popup to enter passwords - gpg.pinentry = pkgs.pinentry-rofi; + gpg.pinentry = pkgs.pinentry-gtk2; # Machine specific packages packages.additionalPackages = with pkgs; [ element-desktop # Matrix client From 483c5d23e0b6fe8b9379c4245a79876d1a1fc585 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 14 Aug 2024 12:50:20 +0000 Subject: [PATCH 068/362] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 751e70c6..9c8bb14b 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1722339003, - "narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=", + "lastModified": 1723293904, + "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", "owner": "ryantm", "repo": "agenix", - "rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7", + "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1723015306, - "narHash": "sha256-jQnFEtH20/OsDPpx71ntZzGdRlpXhUENSQCGTjn//NA=", + "lastModified": 1723399884, + "narHash": "sha256-97wn0ihhGqfMb8WcUgzzkM/TuAxce2Gd20A8oiruju4=", "owner": "nix-community", "repo": "home-manager", - "rev": "b3d5ea65d88d67d4ec578ed11d4d2d51e3de525e", + "rev": "086f619dd991a4d355c07837448244029fc2d9ab", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722813957, - "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=", + "lastModified": 1723362943, + "narHash": "sha256-dFZRVSgmJkyM0bkPpaYRtG/kRMRTorUIDj8BxoOt1T4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa", + "rev": "a58bc8ad779655e790115244571758e8de055e3d", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1723036652, - "narHash": "sha256-YIKo7vD/wkItzqIzg7u9bxYPhPwKhJbRbFcENuT0p68=", + "lastModified": 1723632306, + "narHash": "sha256-WzILwMkbQ4S1ks1g5AzeHNTIWj5AcJ6PwQDUnHNWmM8=", "owner": "nix-community", "repo": "NUR", - "rev": "2ee33d83d919b2375ebeeee175fab2af02dff92f", + "rev": "dc6d7986f1d0a0d03f1a270e22352181f074e70a", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1722857853, - "narHash": "sha256-3Zx53oz/MSIyevuWO/SumxABkrIvojnB7g9cimxkhiE=", + "lastModified": 1723202784, + "narHash": "sha256-qbhjc/NEGaDbyy0ucycubq4N3//gDFFH3DOmp1D3u1Q=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "06939f6b7ec4d4f465bf3132a05367cccbbf64da", + "rev": "c7012d0c18567c889b948781bc74a501e92275d1", "type": "github" }, "original": { From e94bdef69050914da09e280d97b8022254adc600 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 28 Jul 2024 11:53:10 +0200 Subject: [PATCH 069/362] hosts: nixos: porthos: secrets: fix SSO owner --- hosts/nixos/porthos/secrets/secrets.nix | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index c43376b1..a9b9c516 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -81,9 +81,18 @@ in "pyload/credentials.age".publicKeys = all; - "sso/auth-key.age".publicKeys = all; - "sso/ambroisie/password-hash.age".publicKeys = all; - "sso/ambroisie/totp-secret.age".publicKeys = all; + "sso/auth-key.age" = { + owner = "nginx-sso"; + publicKeys = all; + }; + "sso/ambroisie/password-hash.age" = { + owner = "nginx-sso"; + publicKeys = all; + }; + "sso/ambroisie/totp-secret.age" = { + owner = "nginx-sso"; + publicKeys = all; + }; "tandoor-recipes/secret-key.age".publicKeys = all; From 44c11fc431b4b349dfa350f6cf9b3a1f83fd3a0d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 4 Sep 2024 12:07:33 +0200 Subject: [PATCH 070/362] pkgs: lohr: 0.4.5 -> 0.4.6 --- pkgs/lohr/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/lohr/default.nix b/pkgs/lohr/default.nix index ddeac7a0..b89ccff9 100644 --- a/pkgs/lohr/default.nix +++ b/pkgs/lohr/default.nix @@ -1,16 +1,16 @@ { lib, fetchFromGitHub, rustPlatform }: rustPlatform.buildRustPackage rec { pname = "lohr"; - version = "0.4.5"; + version = "0.4.6"; src = fetchFromGitHub { owner = "alarsyo"; repo = "lohr"; rev = "v${version}"; - hash = "sha256-p6E/r+OxFTpxDpOKSlacOxvRLfHSKg1mHNAfTytfqDY="; + hash = "sha256-dunQgtap+XCK5LoSyOqIY/6p6HizBeiyPWNuCffwjDU="; }; - cargoHash = "sha256-hext0S0o9D9pN9epzXtD5dwAYMPCLpBBOBT4FX0mTMk="; + cargoHash = "sha256-EUhyrhPe+mUgMmm4o+bxRIiSNReJRfw+/O1fPr8r7lo="; meta = with lib; { description = "Git mirroring daemon"; From 10727f9eea517935c8b968540d7a9ff0cf6c4b4f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 26 Aug 2024 22:40:46 +0200 Subject: [PATCH 071/362] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 9c8bb14b..ee428c04 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1723399884, - "narHash": "sha256-97wn0ihhGqfMb8WcUgzzkM/TuAxce2Gd20A8oiruju4=", + "lastModified": 1724435763, + "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", "owner": "nix-community", "repo": "home-manager", - "rev": "086f619dd991a4d355c07837448244029fc2d9ab", + "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1723362943, - "narHash": "sha256-dFZRVSgmJkyM0bkPpaYRtG/kRMRTorUIDj8BxoOt1T4=", + "lastModified": 1724479785, + "narHash": "sha256-pP3Azj5d6M5nmG68Fu4JqZmdGt4S4vqI5f8te+E/FTw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a58bc8ad779655e790115244571758e8de055e3d", + "rev": "d0e1602ddde669d5beb01aec49d71a51937ed7be", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1723632306, - "narHash": "sha256-WzILwMkbQ4S1ks1g5AzeHNTIWj5AcJ6PwQDUnHNWmM8=", + "lastModified": 1724704503, + "narHash": "sha256-QcZKCI9d5UNuQt6UFQSNhQwzXnXDF8jgCy7julsbnvg=", "owner": "nix-community", "repo": "NUR", - "rev": "dc6d7986f1d0a0d03f1a270e22352181f074e70a", + "rev": "6b1fa8a8dec17eb73962a0eac8e04f2df1439448", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1723202784, - "narHash": "sha256-qbhjc/NEGaDbyy0ucycubq4N3//gDFFH3DOmp1D3u1Q=", + "lastModified": 1724440431, + "narHash": "sha256-9etXEOUtzeMgqg1u0wp+EdwG7RpmrAZ2yX516bMj2aE=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "c7012d0c18567c889b948781bc74a501e92275d1", + "rev": "c8a54057aae480c56e28ef3e14e4960628ac495b", "type": "github" }, "original": { From 445cb43cb42270065d312ded3d69160e2603833c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 4 Sep 2024 10:34:37 +0000 Subject: [PATCH 072/362] nixos: services: nix-cache: fix deprecated config --- modules/nixos/services/nix-cache/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/nix-cache/default.nix b/modules/nixos/services/nix-cache/default.nix index 1ce3161b..f3a29aa8 100644 --- a/modules/nixos/services/nix-cache/default.nix +++ b/modules/nixos/services/nix-cache/default.nix @@ -40,7 +40,7 @@ in inherit (cfg) priority; }; - signKeyPath = cfg.secretKeyFile; + signKeyPaths = [ cfg.secretKeyFile ]; }; my.services.nginx.virtualHosts = { From fb4047b2b303f2dbdf91a862ee4ab543594c21dd Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 4 Sep 2024 12:07:33 +0200 Subject: [PATCH 073/362] nixos: services: nginx: sso: align with upstream This aligns with the PR I opened on nixpkgs [1]. [1]: https://github.com/NixOS/nixpkgs/pull/325838 --- modules/nixos/services/nginx/sso/default.nix | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/modules/nixos/services/nginx/sso/default.nix b/modules/nixos/services/nginx/sso/default.nix index 4a78282a..d60e31b4 100644 --- a/modules/nixos/services/nginx/sso/default.nix +++ b/modules/nixos/services/nginx/sso/default.nix @@ -59,15 +59,10 @@ in StateDirectory = "nginx-sso"; WorkingDirectory = "/var/lib/nginx-sso"; # The files to be merged might not have the correct permissions - ExecStartPre = ''+${pkgs.writeShellScript "merge-nginx-sso-config" '' + ExecStartPre = pkgs.writeShellScript "merge-nginx-sso-config" '' rm -f '${confPath}' ${utils.genJqSecretsReplacementSnippet cfg.configuration confPath} - - # Fix permissions - chown nginx-sso:nginx-sso ${confPath} - chmod 0600 ${confPath} - '' - }''; + ''; ExecStart = lib.mkForce '' ${lib.getExe pkg} \ --config ${confPath} \ From 52197a4f965dab7fe16bfc2fe6f301da8bc184a4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 4 Sep 2024 12:07:33 +0200 Subject: [PATCH 074/362] nixos: services: pirate: add readarr --- modules/nixos/services/pirate/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/nixos/services/pirate/default.nix b/modules/nixos/services/pirate/default.nix index e500b544..822a8aa2 100644 --- a/modules/nixos/services/pirate/default.nix +++ b/modules/nixos/services/pirate/default.nix @@ -10,6 +10,7 @@ let bazarr = 6767; lidarr = 8686; radarr = 7878; + readarr = 8787; sonarr = 8989; }; @@ -67,6 +68,10 @@ in enable = lib.my.mkDisableOption "Radarr"; }; + readarr = { + enable = lib.my.mkDisableOption "Readarr"; + }; + sonarr = { enable = lib.my.mkDisableOption "Sonarr"; }; @@ -85,6 +90,9 @@ in # Radarr for movies (mkFullConfig "radarr") (mkFail2Ban "radarr") + # Readarr for books + (mkFullConfig "readarr") + (mkFail2Ban "readarr") # Sonarr for shows (mkFullConfig "sonarr") (mkFail2Ban "sonarr") From 6f00036b7963ac6674a40c5d2bc8fe8a25fe79cf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 4 Sep 2024 12:07:33 +0200 Subject: [PATCH 075/362] overlays: add 'downgrade-transmission' The 4.0.6 release is buggy and widely blacklisted. --- overlays/downgrade-transmission/default.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 overlays/downgrade-transmission/default.nix diff --git a/overlays/downgrade-transmission/default.nix b/overlays/downgrade-transmission/default.nix new file mode 100644 index 00000000..9d3fc8ae --- /dev/null +++ b/overlays/downgrade-transmission/default.nix @@ -0,0 +1,14 @@ +self: prev: +{ + transmission_4 = prev.transmission_4.overrideAttrs (_: { + version = "4.0.5"; + + src = self.fetchFromGitHub { + owner = "transmission"; + repo = "transmission"; + rev = "4.0.5"; + hash = "sha256-gd1LGAhMuSyC/19wxkoE2mqVozjGPfupIPGojKY0Hn4="; + fetchSubmodules = true; + }; + }); +} From 0d2b9c969940e403a48af210dd856c2d086d360a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 5 Sep 2024 10:39:01 +0000 Subject: [PATCH 076/362] nixos: services: rename 'servarr' --- hosts/nixos/porthos/services.nix | 16 ++++++++-------- modules/nixos/services/default.nix | 2 +- .../services/{pirate => servarr}/default.nix | 4 ++-- 3 files changed, 11 insertions(+), 11 deletions(-) rename modules/nixos/services/{pirate => servarr}/default.nix (96%) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 23901f79..38e827b4 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -127,14 +127,6 @@ in passwordFile = secrets."paperless/password".path; secretKeyFile = secrets."paperless/secret-key".path; }; - # The whole *arr software suite - pirate = { - enable = true; - # ... But not Lidarr because I don't care for music that much - lidarr = { - enable = false; - }; - }; # Podcast automatic downloader podgrab = { enable = true; @@ -152,6 +144,14 @@ in rss-bridge.enable = true; # Usenet client sabnzbd.enable = true; + # The whole *arr software suite + servarr = { + enable = true; + # ... But not Lidarr because I don't care for music that much + lidarr = { + enable = false; + }; + }; # Because I stilll need to play sysadmin ssh-server.enable = true; # Recipe manager diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 60b24786..e877c8f0 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -26,7 +26,6 @@ ./nginx ./nix-cache ./paperless - ./pirate ./podgrab ./postgresql ./postgresql-backup @@ -34,6 +33,7 @@ ./quassel ./rss-bridge ./sabnzbd + ./servarr ./ssh-server ./tandoor-recipes ./tlp diff --git a/modules/nixos/services/pirate/default.nix b/modules/nixos/services/servarr/default.nix similarity index 96% rename from modules/nixos/services/pirate/default.nix rename to modules/nixos/services/servarr/default.nix index 822a8aa2..e25d9cfd 100644 --- a/modules/nixos/services/pirate/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -4,7 +4,7 @@ # [1]: https://youtu.be/I26Ql-uX6AM { config, lib, ... }: let - cfg = config.my.services.pirate; + cfg = config.my.services.servarr; ports = { bazarr = 6767; @@ -53,7 +53,7 @@ let ]); in { - options.my.services.pirate = { + options.my.services.servarr = { enable = lib.mkEnableOption "Media automation"; bazarr = { From 9b7bab8e8306e8138b5559929f28f46ac4333768 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 5 Sep 2024 18:09:50 +0200 Subject: [PATCH 077/362] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index ee428c04..0c1b9658 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "lastModified": 1725234343, + "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1724435763, - "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", + "lastModified": 1725180166, + "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", "owner": "nix-community", "repo": "home-manager", - "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", + "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724479785, - "narHash": "sha256-pP3Azj5d6M5nmG68Fu4JqZmdGt4S4vqI5f8te+E/FTw=", + "lastModified": 1725432240, + "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d0e1602ddde669d5beb01aec49d71a51937ed7be", + "rev": "ad416d066ca1222956472ab7d0555a6946746a80", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1724704503, - "narHash": "sha256-QcZKCI9d5UNuQt6UFQSNhQwzXnXDF8jgCy7julsbnvg=", + "lastModified": 1725551138, + "narHash": "sha256-4tSFz+wu2NvB41MLF68PDLM3gu8lg1hjgtgikbRq6Zo=", "owner": "nix-community", "repo": "NUR", - "rev": "6b1fa8a8dec17eb73962a0eac8e04f2df1439448", + "rev": "06bc57134f691188397ebeffa9b88552cc8090d3", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1724440431, - "narHash": "sha256-9etXEOUtzeMgqg1u0wp+EdwG7RpmrAZ2yX516bMj2aE=", + "lastModified": 1725513492, + "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "c8a54057aae480c56e28ef3e14e4960628ac495b", + "rev": "7570de7b9b504cfe92025dd1be797bf546f66528", "type": "github" }, "original": { From a713913eefd3a201f971c456c648099d5ca1e3e1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 22 Aug 2024 23:44:40 +0200 Subject: [PATCH 078/362] nixos: services: add pdf-edit --- modules/nixos/services/default.nix | 1 + modules/nixos/services/pdf-edit/default.nix | 73 +++++++++++++++++++++ 2 files changed, 74 insertions(+) create mode 100644 modules/nixos/services/pdf-edit/default.nix diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index e877c8f0..1211ee68 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -26,6 +26,7 @@ ./nginx ./nix-cache ./paperless + ./pdf-edit ./podgrab ./postgresql ./postgresql-backup diff --git a/modules/nixos/services/pdf-edit/default.nix b/modules/nixos/services/pdf-edit/default.nix new file mode 100644 index 00000000..d59507b0 --- /dev/null +++ b/modules/nixos/services/pdf-edit/default.nix @@ -0,0 +1,73 @@ +{ config, lib, ... }: +let + cfg = config.my.services.pdf-edit; +in +{ + options.my.services.pdf-edit = with lib; { + enable = mkEnableOption "PDF edition service"; + + port = mkOption { + type = types.port; + default = 8089; + example = 8080; + description = "Internal port for webui"; + }; + + loginFile = mkOption { + type = types.str; + example = "/run/secrets/pdf-edit/login.env"; + description = '' + `SECURITY_INITIALLOGIN_USERNAME` and `SECURITY_INITIALLOGIN_PASSWORD` + defined in the format of 'EnvironmentFile' (see `systemd.exec(5)`). + ''; + }; + }; + + config = lib.mkIf cfg.enable { + services.stirling-pdf = lib.mkIf cfg.enable { + enable = true; + + environment = { + SERVER_PORT = cfg.port; + SECURITY_CSRFDISABLED = "false"; + + SYSTEM_SHOWUPDATE = "false"; # We don't care about update notifications + INSTALL_BOOK_AND_ADVANCED_HTML_OPS = "true"; # Installed by the module + + SECURITY_ENABLELOGIN = "true"; + SECURITY_LOGINATTEMPTCOUNT = "-1"; # Rely on fail2ban instead + }; + + environmentFiles = [ cfg.loginFile ]; + }; + + my.services.nginx.virtualHosts = { + pdf-edit = { + inherit (cfg) port; + + extraConfig = { + # Allow upload of PDF files up to 1G + locations."/".extraConfig = '' + client_max_body_size 1G; + ''; + }; + }; + }; + + services.fail2ban.jails = { + stirling-pdf = '' + enabled = true + filter = stirling-pdf + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/stirling-pdf.conf".text = '' + [Definition] + failregex = ^.*Failed login attempt from IP: $ + journalmatch = _SYSTEMD_UNIT=stirling-pdf.service + ''; + }; + }; +} From 90dcf3a1641aa93a4ce14cc8a9c49ba3efec8108 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 22 Aug 2024 23:45:16 +0200 Subject: [PATCH 079/362] hosts: nixos: porthos: secrets: add pdf-edit --- hosts/nixos/porthos/secrets/pdf-edit/login.age | 8 ++++++++ hosts/nixos/porthos/secrets/secrets.nix | 2 ++ 2 files changed, 10 insertions(+) create mode 100644 hosts/nixos/porthos/secrets/pdf-edit/login.age diff --git a/hosts/nixos/porthos/secrets/pdf-edit/login.age b/hosts/nixos/porthos/secrets/pdf-edit/login.age new file mode 100644 index 00000000..7f13f883 --- /dev/null +++ b/hosts/nixos/porthos/secrets/pdf-edit/login.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 cKojmg VYlHgHSLpfKb5bn1XA3aCpfX7M23DgbraLxxOfo9PDk +Rj+mDvAsWX3WwpuhTrOubmo17j/aud5+P87df5bosBA +-> ssh-ed25519 jPowng o9ZFaYrITZ6DjWw07Vk/+TkuU187/ytlEK4sw7G32G4 +zmxlpDvDDEgQFqBVARXeX1ABhvfJ4uAHfa6mIxXzjAY +--- k/d9FWW8/OSo8EllwOBV74pZyX918u54jEljGk3ATUc +ü4+ø2{‘hE7!Ò­GA`×_@Íß—´¡R_ý§6J„ñL4v,‚6%ô‡øó#^® Ù¹ åB­§OøF‚|’7ܽÉL]œÙjR¨ +BþóÛ¾éaòs]xSÎ pbÞo#¬J1QŸ=t}5Õ>Oï‘{+¼. M"7e»yý÷— \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index a9b9c516..a8a9819d 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -77,6 +77,8 @@ in "paperless/password.age".publicKeys = all; "paperless/secret-key.age".publicKeys = all; + "pdf-edit/login.age".publicKeys = all; + "podgrab/password.age".publicKeys = all; "pyload/credentials.age".publicKeys = all; From f91286d13b9e111355f11d0e54da897444207471 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 6 Sep 2024 20:52:26 +0100 Subject: [PATCH 080/362] flake: bump inputs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 0c1b9658..88fda1ac 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1725180166, - "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", + "lastModified": 1725628988, + "narHash": "sha256-Y6TBMTGu4bddUwszGjlcOuN0soVc1Gv43hp+1sT/GNI=", "owner": "nix-community", "repo": "home-manager", - "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", + "rev": "127ccc3eb7e36fa75e8c3fbd8a343154f66cc1c6", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1725551138, - "narHash": "sha256-4tSFz+wu2NvB41MLF68PDLM3gu8lg1hjgtgikbRq6Zo=", + "lastModified": 1725647621, + "narHash": "sha256-GzILohiffZJQYq0dTg6PW36S0N0jV4rhcUmNbKxP+p8=", "owner": "nix-community", "repo": "NUR", - "rev": "06bc57134f691188397ebeffa9b88552cc8090d3", + "rev": "fa9112b06f678299e8c85dade3654cf8c5d7e1b4", "type": "github" }, "original": { From fbd3b70d61bd733af033545d4cfe4809fbb068a3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 29 Aug 2024 10:10:26 +0000 Subject: [PATCH 081/362] home: use 'XDG_STATE_HOME' for history files It's specified as the place to put them, so let's make use of it I guess. --- modules/home/gdb/default.nix | 4 ++-- modules/home/pager/default.nix | 2 +- modules/home/wget/default.nix | 2 +- modules/home/xdg/default.nix | 9 ++++++--- modules/home/zsh/default.nix | 2 +- 5 files changed, 11 insertions(+), 8 deletions(-) diff --git a/modules/home/gdb/default.nix b/modules/home/gdb/default.nix index efb49e20..1ffc6bd9 100644 --- a/modules/home/gdb/default.nix +++ b/modules/home/gdb/default.nix @@ -23,11 +23,11 @@ in xdg = { configFile."gdb/gdbinit".source = ./gdbinit; - dataFile. "gdb/.keep".text = ""; + stateFile."gdb/.keep".text = ""; }; home.sessionVariables = { - GDBHISTFILE = "${config.xdg.dataHome}/gdb/gdb_history"; + GDBHISTFILE = "${config.xdg.stateHome}/gdb/gdb_history"; }; } diff --git a/modules/home/pager/default.nix b/modules/home/pager/default.nix index e304097f..1119440f 100644 --- a/modules/home/pager/default.nix +++ b/modules/home/pager/default.nix @@ -15,7 +15,7 @@ in # Clear the screen on start and exit LESS = "-R -+X -c"; # Better XDG compliance - LESSHISTFILE = "${config.xdg.dataHome}/less/history"; + LESSHISTFILE = "${config.xdg.stateHome}/less/history"; LESSKEY = "${config.xdg.configHome}/less/lesskey"; }; }; diff --git a/modules/home/wget/default.nix b/modules/home/wget/default.nix index 32c13c0d..1be53972 100644 --- a/modules/home/wget/default.nix +++ b/modules/home/wget/default.nix @@ -20,7 +20,7 @@ in }; xdg.configFile."wgetrc".text = '' - hsts-file = ${config.xdg.dataHome}/wget-hsts + hsts-file = ${config.xdg.stateHome}/wget-hsts ''; }; } diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index fb2668c6..e180f279 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -34,6 +34,9 @@ in "gdb/.keep".text = ""; "tig/.keep".text = ""; }; + stateFile = { + "python/.keep".text = ""; + }; }; # I want a tidier home @@ -43,13 +46,13 @@ in CARGO_HOME = "${dataHome}/cargo"; DOCKER_CONFIG = "${configHome}/docker"; GRADLE_USER_HOME = "${dataHome}/gradle"; - HISTFILE = "${dataHome}/bash/history"; + HISTFILE = "${stateHome}/bash/history"; INPUTRC = "${configHome}/readline/inputrc"; - PSQL_HISTORY = "${dataHome}/psql_history"; + PSQL_HISTORY = "${stateHome}/psql_history"; PYTHONPYCACHEPREFIX = "${cacheHome}/python/"; PYTHONUSERBASE = "${dataHome}/python/"; PYTHON_HISTORY = "${stateHome}/python/history"; - REDISCLI_HISTFILE = "${dataHome}/redis/rediscli_history"; + REDISCLI_HISTFILE = "${stateHome}/redis/rediscli_history"; REPO_CONFIG_DIR = "${configHome}/repo"; XCOMPOSECACHE = "${dataHome}/X11/xcompose"; _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java"; diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index a2773669..11b6cb24 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -68,7 +68,7 @@ in ignoreSpace = true; ignoreDups = true; share = false; - path = "${config.xdg.dataHome}/zsh/zsh_history"; + path = "${config.xdg.stateHome}/zsh/zsh_history"; }; plugins = [ From e67b055a7bde91d1ee9d601a2ce71e0965459490 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 9 Sep 2024 15:27:51 +0000 Subject: [PATCH 082/362] home: vim: fix unimpaired mapping groups --- modules/home/vim/after/plugin/mappings/unimpaired.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/vim/after/plugin/mappings/unimpaired.lua b/modules/home/vim/after/plugin/mappings/unimpaired.lua index a0336d1d..82aab059 100644 --- a/modules/home/vim/after/plugin/mappings/unimpaired.lua +++ b/modules/home/vim/after/plugin/mappings/unimpaired.lua @@ -66,7 +66,7 @@ local keys = { { "]d", lsp.goto_next_diagnostic, desc = "Next diagnostic" }, -- Enable option - { "[o", desc = "Enable option" }, + { "[o", group = "Enable option" }, { "[ob", desc = "Light background" }, { "[oc", desc = "Cursor line" }, { "[od", desc = "Diff" }, @@ -85,7 +85,7 @@ local keys = { { "[oz", desc = "Spell checking" }, -- Disable option - { "]o", desc = "Disable option" }, + { "]o", group = "Disable option" }, { "]ob", desc = "Light background" }, { "]oc", desc = "Cursor line" }, { "]od", desc = "Diff" }, From 6529bea6bb1af7cc082cad514321bb694a297ed8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 11 Sep 2024 10:28:32 +0000 Subject: [PATCH 083/362] home: nixpkgs: don't use 'escapeShellArg' I don't know what I was thinking exactly when I wrote this, but I clearly hadn't tested it. We can't use `escapeShellArg` as we need to expand the `$XDG_RUNTIME_DIR` variable used in those paths... This reverts commit 468eaa9ed47f3c5077a1e176d3a53e7dc3087fcc. --- modules/home/nixpkgs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/nixpkgs/default.nix b/modules/home/nixpkgs/default.nix index a4946db5..720fc9b8 100644 --- a/modules/home/nixpkgs/default.nix +++ b/modules/home/nixpkgs/default.nix @@ -13,8 +13,8 @@ in ]; home.sessionVariables = { - GITHUB_TOKEN = ''$(cat ${lib.escapeShellArg config.age.secrets."github/token".path})''; - GITHUB_API_TOKEN = ''$(cat ${lib.escapeShellArg config.age.secrets."github/token".path})''; + GITHUB_TOKEN = ''$(cat "${config.age.secrets."github/token".path}")''; + GITHUB_API_TOKEN = ''$(cat "${config.age.secrets."github/token".path}")''; }; }; } From 4f73945e283a15a4cd03178d27bd957fd30a066e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 12 Sep 2024 12:07:22 +0000 Subject: [PATCH 084/362] home: direnv: silence 'layout_poetry' --- modules/home/direnv/lib/python.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh index 15a273fc..650115d4 100644 --- a/modules/home/direnv/lib/python.sh +++ b/modules/home/direnv/lib/python.sh @@ -14,7 +14,7 @@ layout_poetry() { fi # create venv if it doesn't exist - poetry run true + poetry run -q -- true # shellcheck disable=2155 export VIRTUAL_ENV=$(poetry env info --path) From 8a6af0e5b73c4e1a87e8da95aa339526a909495f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 12 Sep 2024 12:08:50 +0000 Subject: [PATCH 085/362] home: direnv: only mention 'poetry init' `poetry new` creates a new directory, which isn't really what we're interested in here. --- modules/home/direnv/lib/python.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh index 650115d4..eae6d26f 100644 --- a/modules/home/direnv/lib/python.sh +++ b/modules/home/direnv/lib/python.sh @@ -9,7 +9,7 @@ layout_poetry() { if [[ ! -f pyproject.toml ]]; then # shellcheck disable=2016 - log_error 'layout_poetry: no pyproject.toml found. Use `poetry new` or `poetry init` to create one first' + log_error 'layout_poetry: no pyproject.toml found. Use `poetry init` to create one first' return 1 fi From 8d344b5d5104aa550cf1e2388f5b9bf2573dec41 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 12 Sep 2024 13:23:19 +0000 Subject: [PATCH 086/362] home: direnv: add 'layout_uv' I haven't really played with it yet, but from my small experiments this should be good enough for my (future) purposes. --- modules/home/direnv/lib/python.sh | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh index eae6d26f..d1e67a20 100644 --- a/modules/home/direnv/lib/python.sh +++ b/modules/home/direnv/lib/python.sh @@ -23,3 +23,34 @@ layout_poetry() { watch_file pyproject.toml watch_file poetry.lock } + +layout_uv() { + if ! has uv; then + # shellcheck disable=2016 + log_error 'layout_uv: `uv` is not in PATH' + return 1 + fi + + if [[ ! -f pyproject.toml ]]; then + # shellcheck disable=2016 + log_error 'layout_uv: no pyproject.toml found. Use `uv init` to create one first' + return 1 + fi + + local default_venv="$PWD/.venv" + : "${VIRTUAL_ENV:=$default_venv}" + + # Use non-default venv path if required + if [ "$VIRTUAL_ENV" != "$default_venv" ]; then + export UV_PROJECT_ENVIRONMENT="$VIRTUAL_ENV" + fi + + # create venv if it doesn't exist + uv venv -q + + export VIRTUAL_ENV + export UV_ACTIVE=1 + PATH_add "$VIRTUAL_ENV/bin" + watch_file pyproject.toml + watch_file uv.lock +} From 4a38757db92d2b621812558c219479cc2872ce33 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 19 Sep 2024 11:58:55 +0000 Subject: [PATCH 087/362] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 88fda1ac..393a824f 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1725234343, - "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=", + "lastModified": 1726153070, + "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6", + "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", "type": "github" }, "original": { @@ -94,11 +94,11 @@ ] }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1725628988, - "narHash": "sha256-Y6TBMTGu4bddUwszGjlcOuN0soVc1Gv43hp+1sT/GNI=", + "lastModified": 1726611255, + "narHash": "sha256-/bxaYvIK6/d3zqpW26QFS0rqfd0cO4qreSNWvYLTl/w=", "owner": "nix-community", "repo": "home-manager", - "rev": "127ccc3eb7e36fa75e8c3fbd8a343154f66cc1c6", + "rev": "d2493de5cd1da06b6a4c3e97f4e7d5dd791df457", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725432240, - "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=", + "lastModified": 1726463316, + "narHash": "sha256-gI9kkaH0ZjakJOKrdjaI/VbaMEo9qBbSUl93DnU7f4c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ad416d066ca1222956472ab7d0555a6946746a80", + "rev": "99dc8785f6a0adac95f5e2ab05cc2e1bf666d172", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1725647621, - "narHash": "sha256-GzILohiffZJQYq0dTg6PW36S0N0jV4rhcUmNbKxP+p8=", + "lastModified": 1726739127, + "narHash": "sha256-eI3C3B30nSiobx/Ld3n7ZL38Omn2zEIAwCgtgwCQaQc=", "owner": "nix-community", "repo": "NUR", - "rev": "fa9112b06f678299e8c85dade3654cf8c5d7e1b4", + "rev": "cb39c55630fd1660784dc5f60eb48adaeb9e950e", "type": "github" }, "original": { From c1eab0edeef61911777341fb8f4f4e7f19c51a21 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 20 Sep 2024 14:39:53 +0000 Subject: [PATCH 088/362] nixos: services: jellyfin: add fail2ban jail The upstream documentation adds quotes around the IP, but I don't see them in my logs. Let's split the difference by making them optional. --- modules/nixos/services/jellyfin/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix index f5aaa995..e8910a59 100644 --- a/modules/nixos/services/jellyfin/default.nix +++ b/modules/nixos/services/jellyfin/default.nix @@ -41,5 +41,21 @@ in }; }; }; + + services.fail2ban.jails = { + jellyfin = '' + enabled = true + filter = jellyfin + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/jellyfin.conf".text = '' + [Definition] + failregex = ^.*Authentication request for .* has been denied \(IP: "?"?\)\. + journalmatch = _SYSTEMD_UNIT=jellyfin.service + ''; + }; }; } From 129d4b3a5a6e5ad1dbd80b3a04f3ff5bc32cf6e4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 22 Aug 2024 23:46:25 +0200 Subject: [PATCH 089/362] hosts: nixos: porthos: services: enable pdf-edit --- hosts/nixos/porthos/services.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 38e827b4..5792be37 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -127,6 +127,11 @@ in passwordFile = secrets."paperless/password".path; secretKeyFile = secrets."paperless/secret-key".path; }; + # Sometimes, editing PDFs is useful + pdf-edit = { + enable = true; + loginFile = secrets."pdf-edit/login".path; + }; # Podcast automatic downloader podgrab = { enable = true; From cedac6bbf46605fffd52859dc7d5ffdb55e78cec Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 22 Sep 2024 00:43:17 +0200 Subject: [PATCH 090/362] nixos: services: mealie: add fail2ban jail --- modules/nixos/services/mealie/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 96b9e144..664d5ba8 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -71,5 +71,21 @@ in }; }; }; + + services.fail2ban.jails = { + mealie = '' + enabled = true + filter = mealie + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/mealie.conf".text = '' + [Definition] + failregex = ^.*ERROR.*Incorrect username or password from + journalmatch = _SYSTEMD_UNIT=mealie.service + ''; + }; }; } From f24cf2e16d7d25c387851a888e6615768d24b47d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 22 Sep 2024 01:10:52 +0200 Subject: [PATCH 091/362] nixos: services: audiobookshelf: add fail2ban jail --- .../nixos/services/audiobookshelf/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/modules/nixos/services/audiobookshelf/default.nix b/modules/nixos/services/audiobookshelf/default.nix index 8c9719d0..da9ec555 100644 --- a/modules/nixos/services/audiobookshelf/default.nix +++ b/modules/nixos/services/audiobookshelf/default.nix @@ -35,5 +35,21 @@ in }; }; }; + + services.fail2ban.jails = { + audiobookshelf = '' + enabled = true + filter = audiobookshelf + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/audiobookshelf.conf".text = '' + [Definition] + failregex = ^.*ERROR: \[Auth\] Failed login attempt for username ".*" from ip + journalmatch = _SYSTEMD_UNIT=audiobookshelf.service + ''; + }; }; } From 96e1a54638c98d64a3a38fd193844d6d5c3e66da Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 22 Sep 2024 01:26:06 +0200 Subject: [PATCH 092/362] nixos: services: nextcloud: add fail2ban jail --- modules/nixos/services/nextcloud/default.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index bb3169ac..d173fc06 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -87,5 +87,25 @@ in "${config.services.nextcloud.home}/data/appdata_*/preview" ]; }; + + services.fail2ban.jails = { + nextcloud = '' + enabled = true + filter = nextcloud + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/nextcloud.conf".text = '' + [Definition] + _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*) + datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?" + failregex = ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Login failed: + ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Trusted domain error. + ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Two-factor challenge failed: + journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service + ''; + }; }; } From a059828a587eb271d42656d8e315c083ff47b921 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 22 Sep 2024 01:58:56 +0200 Subject: [PATCH 093/362] nixos: services: miniflux: add fail2ban jail --- modules/nixos/services/miniflux/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/modules/nixos/services/miniflux/default.nix b/modules/nixos/services/miniflux/default.nix index 5104c8b1..400ae000 100644 --- a/modules/nixos/services/miniflux/default.nix +++ b/modules/nixos/services/miniflux/default.nix @@ -48,5 +48,21 @@ in inherit (cfg) port; }; }; + + services.fail2ban.jails = { + miniflux = '' + enabled = true + filter = miniflux + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/miniflux.conf".text = '' + [Definition] + failregex = ^.*msg="[^"]*(Incorrect|Invalid) username or password[^"]*".*client_ip= + journalmatch = _SYSTEMD_UNIT=miniflux.service + ''; + }; }; } From 1aa3385e137f81cb05975829dedb90e89f1c0e6d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 22 Sep 2024 02:12:48 +0200 Subject: [PATCH 094/362] nixos: services: navidrome: add fail2ban jail --- modules/nixos/services/navidrome/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/modules/nixos/services/navidrome/default.nix b/modules/nixos/services/navidrome/default.nix index 944a97ae..c513b910 100644 --- a/modules/nixos/services/navidrome/default.nix +++ b/modules/nixos/services/navidrome/default.nix @@ -52,5 +52,21 @@ in inherit (cfg) port; }; }; + + services.fail2ban.jails = { + navidrome = '' + enabled = true + filter = navidrome + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/navidrome.conf".text = '' + [Definition] + failregex = ^.*msg="Unsuccessful login".*X-Real-Ip:\[\] + journalmatch = _SYSTEMD_UNIT=navidrome.service + ''; + }; }; } From 2b64a00dc98535f71859f66986b416d941aa0291 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 22 Sep 2024 02:13:30 +0200 Subject: [PATCH 095/362] nixos: services: flood: add fail2ban note --- modules/nixos/services/flood/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/flood/default.nix b/modules/nixos/services/flood/default.nix index b95bac5a..f3fe90b8 100644 --- a/modules/nixos/services/flood/default.nix +++ b/modules/nixos/services/flood/default.nix @@ -27,5 +27,7 @@ in inherit (cfg) port; }; }; + + # NOTE: unfortunately flood does not log connection failures for fail2ban }; } From 1f40ac4a9f09743a13e234e493eb7e9345c6d03d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 22 Sep 2024 02:21:01 +0200 Subject: [PATCH 096/362] nixos: services: grocy: add fail2ban note --- modules/nixos/services/grocy/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/grocy/default.nix b/modules/nixos/services/grocy/default.nix index 87927d6c..9045b03c 100644 --- a/modules/nixos/services/grocy/default.nix +++ b/modules/nixos/services/grocy/default.nix @@ -36,5 +36,7 @@ in forceSSL = true; useACMEHost = config.networking.domain; }; + + # NOTE: unfortunately grocy does not log connection failures for fail2ban }; } From 0f3c5d1d63b2fbe8a08382af1e28c571a2620b64 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 24 Sep 2024 10:43:50 +0000 Subject: [PATCH 097/362] nixos: services: transmission: add fail2ban note --- modules/nixos/services/transmission/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index aeb88b7e..ac8b24dd 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -90,5 +90,7 @@ in allowedTCPPorts = [ cfg.peerPort ]; allowedUDPPorts = [ cfg.peerPort ]; }; + + # NOTE: unfortunately transmission does not log connection failures for fail2ban }; } From b6279108e090c620d5d9a7fdbb4ccb556212cfb0 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 24 Sep 2024 10:44:09 +0000 Subject: [PATCH 098/362] nixos: services: vikunja: add fail2ban note --- modules/nixos/services/vikunja/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/vikunja/default.nix b/modules/nixos/services/vikunja/default.nix index 6e7700f8..7838a79c 100644 --- a/modules/nixos/services/vikunja/default.nix +++ b/modules/nixos/services/vikunja/default.nix @@ -99,5 +99,7 @@ in config.services.vikunja.settings.files.basepath ]; }; + + # NOTE: unfortunately vikunja does not log connection failures for fail2ban }; } From 3aab65d9eac7d06a987f8f92de792da400845210 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 24 Sep 2024 13:13:15 +0000 Subject: [PATCH 099/362] nixos: services: tandoor-recipes: add fail2ban note --- modules/nixos/services/tandoor-recipes/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix index 48ad7a84..3447beee 100644 --- a/modules/nixos/services/tandoor-recipes/default.nix +++ b/modules/nixos/services/tandoor-recipes/default.nix @@ -82,5 +82,7 @@ in }; }; }; + + # NOTE: unfortunately tandoor-recipes does not log connection failures for fail2ban }; } From b0029448c6d5ddbfa46f2b7c4785ca82787e4fcb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 25 Sep 2024 14:10:34 +0000 Subject: [PATCH 100/362] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 393a824f..71123623 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1726611255, - "narHash": "sha256-/bxaYvIK6/d3zqpW26QFS0rqfd0cO4qreSNWvYLTl/w=", + "lastModified": 1727246346, + "narHash": "sha256-TcUaKtya339Asu+g6KTJ8h7KiKcKXKp2V+At+7tksyY=", "owner": "nix-community", "repo": "home-manager", - "rev": "d2493de5cd1da06b6a4c3e97f4e7d5dd791df457", + "rev": "1e22ef1518fb175d762006f9cae7f6312b8caedb", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726463316, - "narHash": "sha256-gI9kkaH0ZjakJOKrdjaI/VbaMEo9qBbSUl93DnU7f4c=", + "lastModified": 1726937504, + "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "99dc8785f6a0adac95f5e2ab05cc2e1bf666d172", + "rev": "9357f4f23713673f310988025d9dc261c20e70c6", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1726739127, - "narHash": "sha256-eI3C3B30nSiobx/Ld3n7ZL38Omn2zEIAwCgtgwCQaQc=", + "lastModified": 1727272134, + "narHash": "sha256-q8xoi2eO23zhOmgBtJTj0QlcABoMeVB0CAWufTR3wyw=", "owner": "nix-community", "repo": "NUR", - "rev": "cb39c55630fd1660784dc5f60eb48adaeb9e950e", + "rev": "8dbbe7f3575d0ff0998f92f811fb8bf4e3f0d3b1", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1725513492, - "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=", + "lastModified": 1726745158, + "narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "7570de7b9b504cfe92025dd1be797bf546f66528", + "rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74", "type": "github" }, "original": { From 20db71996c678e75c999d733a713805691fa9991 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 25 Sep 2024 16:25:40 +0000 Subject: [PATCH 101/362] pkgs: add 'cgt-calc' --- pkgs/cgt-calc/default.nix | 47 +++++++++++++++++++++++++++++++++++++++ pkgs/default.nix | 2 ++ 2 files changed, 49 insertions(+) create mode 100644 pkgs/cgt-calc/default.nix diff --git a/pkgs/cgt-calc/default.nix b/pkgs/cgt-calc/default.nix new file mode 100644 index 00000000..9966944a --- /dev/null +++ b/pkgs/cgt-calc/default.nix @@ -0,0 +1,47 @@ +{ lib +, fetchFromGitHub +, python3Packages +, withTeXLive ? true +, texliveSmall +}: +python3Packages.buildPythonApplication rec { + pname = "cgt-calc"; + version = "1.13.0"; + pyproject = true; + + src = fetchFromGitHub { + owner = "KapJI"; + repo = "capital-gains-calculator"; + rev = "v${version}"; + hash = "sha256-y/Y05wG89nccXyxfjqazyPJhd8dOkfwRJre+Rzx97Hw="; + }; + + build-system = with python3Packages; [ + poetry-core + ]; + + dependencies = with python3Packages; [ + defusedxml + jinja2 + pandas + requests + types-requests + yfinance + ]; + + makeWrapperArgs = lib.optionals withTeXLive [ + "--prefix" + "PATH" + ":" + "${lib.getBin texliveSmall}/bin" + ]; + + meta = with lib; { + description = "UK capital gains tax calculator"; + homepage = "https://github.com/KapJI/capital-gains-calculator"; + license = with licenses; [ mit ]; + mainProgram = "cgt-calc"; + maintainers = with maintainers; [ ambroisie ]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/default.nix b/pkgs/default.nix index 6b7fce11..949bcf78 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -2,6 +2,8 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: { bw-pass = pkgs.callPackage ./bw-pass { }; + cgt-calc = pkgs.callPackage ./cgt-calc { }; + change-audio = pkgs.callPackage ./change-audio { }; change-backlight = pkgs.callPackage ./change-backlight { }; From cbba752b54825e09245088d42b0e1d0e0910f33f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 27 Sep 2024 13:44:23 +0000 Subject: [PATCH 102/362] nixos: services: nginx: remove 'literalExample' Those examples do not use functions or any other "difficult to render" expression. --- modules/nixos/services/nginx/default.nix | 72 +++++++++++------------- 1 file changed, 32 insertions(+), 40 deletions(-) diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index 7980ad95..e305b295 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -59,14 +59,12 @@ let extraConfig = mkOption { type = types.attrs; # FIXME: forward type of virtualHosts - example = litteralExample '' - { - locations."/socket" = { - proxyPass = "http://127.0.0.1:8096/"; - proxyWebsockets = true; - }; - } - ''; + example = { + locations."/socket" = { + proxyPass = "http://127.0.0.1:8096/"; + proxyWebsockets = true; + }; + }; default = { }; description = '' Any extra configuration that should be applied to this virtual host. @@ -100,26 +98,24 @@ in virtualHosts = mkOption { type = types.attrsOf virtualHostOption; default = { }; - example = litteralExample '' - { - gitea = { - subdomain = "git"; - port = 8080; - }; - dev = { - root = "/var/www/dev"; - }; - jellyfin = { - port = 8096; - extraConfig = { - locations."/socket" = { - proxyPass = "http://127.0.0.1:8096/"; - proxyWebsockets = true; - }; + example = { + gitea = { + subdomain = "git"; + port = 8080; + }; + dev = { + root = "/var/www/dev"; + }; + jellyfin = { + port = 8096; + extraConfig = { + locations."/socket" = { + proxyPass = "http://127.0.0.1:8096/"; + proxyWebsockets = true; }; }; - } - ''; + }; + }; description = '' List of virtual hosts to set-up using default settings. ''; @@ -163,25 +159,21 @@ in }; }; }); - example = litteralExample '' - { - alice = { - passwordHashFile = "/var/lib/nginx-sso/alice/password-hash.txt"; - totpSecretFile = "/var/lib/nginx-sso/alice/totp-secret.txt"; - }; - } - ''; + example = { + alice = { + passwordHashFile = "/var/lib/nginx-sso/alice/password-hash.txt"; + totpSecretFile = "/var/lib/nginx-sso/alice/totp-secret.txt"; + }; + }; description = "Definition of users"; }; groups = mkOption { type = with types; attrsOf (listOf str); - example = litteralExample '' - { - root = [ "alice" ]; - users = [ "alice" "bob" ]; - } - ''; + example = { + root = [ "alice" ]; + users = [ "alice" "bob" ]; + }; description = "Groups of users"; }; }; From 898523d079c724e16ad4f1f4b6e8f110e6d96e8f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 27 Sep 2024 13:48:26 +0000 Subject: [PATCH 103/362] treewide: fix typos --- hosts/nixos/porthos/services.nix | 2 +- modules/home/firefox/tridactyl/tridactylrc | 2 +- modules/home/mail/accounts/default.nix | 4 ++-- modules/home/tmux/default.nix | 2 +- modules/home/vim/init.vim | 2 +- modules/home/vim/lua/ambroisie/lsp.lua | 2 +- modules/home/wm/default.nix | 2 +- modules/home/wm/screen-lock/default.nix | 4 ++-- modules/home/xdg/default.nix | 2 +- modules/home/zsh/options.zsh | 2 +- modules/nixos/hardware/trackball/default.nix | 2 +- modules/nixos/profiles/default.nix | 2 +- modules/nixos/services/forgejo/default.nix | 2 +- modules/nixos/services/gitea/default.nix | 2 +- modules/nixos/services/podgrab/default.nix | 2 +- modules/nixos/services/vikunja/default.nix | 2 +- modules/nixos/services/wireguard/default.nix | 2 +- pkgs/unbound-zones-adblock/default.nix | 2 +- 18 files changed, 20 insertions(+), 20 deletions(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 5792be37..7a38cea4 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -157,7 +157,7 @@ in enable = false; }; }; - # Because I stilll need to play sysadmin + # Because I still need to play sysadmin ssh-server.enable = true; # Recipe manager tandoor-recipes = { diff --git a/modules/home/firefox/tridactyl/tridactylrc b/modules/home/firefox/tridactyl/tridactylrc index 36bd59d7..775719c5 100644 --- a/modules/home/firefox/tridactyl/tridactylrc +++ b/modules/home/firefox/tridactyl/tridactylrc @@ -4,7 +4,7 @@ " Use dark color scheme colorscheme dark -" Make tridactyl open Vim in my prefered terminal +" Make tridactyl open Vim in my preferred terminal set editorcmd @editorcmd@ " Remove editor file after use diff --git a/modules/home/mail/accounts/default.nix b/modules/home/mail/accounts/default.nix index 8886139e..202b9bc5 100644 --- a/modules/home/mail/accounts/default.nix +++ b/modules/home/mail/accounts/default.nix @@ -58,7 +58,7 @@ in { config.accounts.email.accounts = { personal = lib.mkMerge [ - # Common configuraton + # Common configuration (mkConfig { domain = "belanyi.fr"; address = "bruno"; @@ -70,7 +70,7 @@ in ]; gmail = lib.mkMerge [ - # Common configuraton + # Common configuration (mkConfig { domain = "gmail.com"; address = "brunobelanyi"; diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 501b9540..71ce4caa 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -30,7 +30,7 @@ in }); default = { ${config.my.home.terminal.program} = { }; }; - defaultText = litteralExpression '' + defaultText = literalExpression '' { ''${config.my.home.terminal.program} = { }; }; ''; example = { xterm-256color = { }; }; diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index 93eb1339..8202cad7 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -1,4 +1,4 @@ -" Basic configuraion {{{ +" Basic configuration {{{ """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" " Use UTF-8 set encoding=utf-8 diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index 19126236..eb53da68 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -42,7 +42,7 @@ end --- shared LSP configuration callback --- @param client native client configuration ---- @param bufnr int? buffer number of the attched client +--- @param bufnr int? buffer number of the attached client M.on_attach = function(client, bufnr) -- Format on save lsp_format.on_attach(client, bufnr) diff --git a/modules/home/wm/default.nix b/modules/home/wm/default.nix index 449918ad..ae1e1367 100644 --- a/modules/home/wm/default.nix +++ b/modules/home/wm/default.nix @@ -58,7 +58,7 @@ in service = "some-service-name"; } ]; - description = "list of block configurations, merged with the defauls"; + description = "list of block configurations, merged with the defaults"; }; }; }; diff --git a/modules/home/wm/screen-lock/default.nix b/modules/home/wm/screen-lock/default.nix index 3b2ead6c..5e6874ed 100644 --- a/modules/home/wm/screen-lock/default.nix +++ b/modules/home/wm/screen-lock/default.nix @@ -2,7 +2,7 @@ let cfg = config.my.home.wm.screen-lock; - notficationCmd = + notificationCmd = let duration = toString (cfg.notify.delay * 1000); notifyCmd = "${lib.getExe pkgs.libnotify} -u critical -t ${duration}"; @@ -48,7 +48,7 @@ in "-notify" "${toString cfg.notify.delay}" "-notifier" - notficationCmd + notificationCmd ]; }; }; diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index e180f279..270200e7 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -11,7 +11,7 @@ in enable = true; # File types mime.enable = true; - # File associatons + # File associations mimeApps = { enable = true; }; diff --git a/modules/home/zsh/options.zsh b/modules/home/zsh/options.zsh index 32da8d85..7bcad034 100644 --- a/modules/home/zsh/options.zsh +++ b/modules/home/zsh/options.zsh @@ -12,7 +12,7 @@ setopt rc_quotes setopt auto_resume # Show history expansion before running a command setopt hist_verify -# Append commands to history as they are exectuted +# Append commands to history as they are executed setopt inc_append_history_time # Remove useless whitespace from commands setopt hist_reduce_blanks diff --git a/modules/nixos/hardware/trackball/default.nix b/modules/nixos/hardware/trackball/default.nix index 7a99247d..a9b24e32 100644 --- a/modules/nixos/hardware/trackball/default.nix +++ b/modules/nixos/hardware/trackball/default.nix @@ -11,7 +11,7 @@ in config = lib.mkIf cfg.enable { services.xserver = { # This section must be *after* the one configured by `libinput` - # for the `ScrollMethod` configuration to not be overriden + # for the `ScrollMethod` configuration to not be overridden inputClassSections = lib.mkAfter [ # MX Ergo '' diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix index 43d5a84c..dbd4be3a 100644 --- a/modules/nixos/profiles/default.nix +++ b/modules/nixos/profiles/default.nix @@ -1,4 +1,4 @@ -# Configuration that spans accross system and home, or are almagations of modules +# Configuration that spans across system and home, or are almagations of modules { ... }: { imports = [ diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix index 18538bea..511724b8 100644 --- a/modules/nixos/services/forgejo/default.nix +++ b/modules/nixos/services/forgejo/default.nix @@ -1,4 +1,4 @@ -# A low-ressource, full-featured git forge. +# A low-resource, full-featured git forge. { config, lib, ... }: let cfg = config.my.services.forgejo; diff --git a/modules/nixos/services/gitea/default.nix b/modules/nixos/services/gitea/default.nix index 212f59c9..95bdf42c 100644 --- a/modules/nixos/services/gitea/default.nix +++ b/modules/nixos/services/gitea/default.nix @@ -1,4 +1,4 @@ -# A low-ressource, full-featured git forge. +# A low-resource, full-featured git forge. { config, lib, ... }: let cfg = config.my.services.gitea; diff --git a/modules/nixos/services/podgrab/default.nix b/modules/nixos/services/podgrab/default.nix index ea89e4e5..3ced8d31 100644 --- a/modules/nixos/services/podgrab/default.nix +++ b/modules/nixos/services/podgrab/default.nix @@ -13,7 +13,7 @@ in example = "/run/secrets/password.env"; description = '' The path to a file containing the PASSWORD environment variable - definition for Podgrab's authentification. + definition for Podgrab's authentication. ''; }; diff --git a/modules/nixos/services/vikunja/default.nix b/modules/nixos/services/vikunja/default.nix index 7838a79c..2753da3a 100644 --- a/modules/nixos/services/vikunja/default.nix +++ b/modules/nixos/services/vikunja/default.nix @@ -41,7 +41,7 @@ in service = { # Only allow registration of users through the CLI enableregistration = false; - # Ues the host's timezone + # Use the host's timezone timezone = config.time.timeZone; # Use UNIX socket for serving the API unixsocket = socketPath; diff --git a/modules/nixos/services/wireguard/default.nix b/modules/nixos/services/wireguard/default.nix index a76e424f..840ac33a 100644 --- a/modules/nixos/services/wireguard/default.nix +++ b/modules/nixos/services/wireguard/default.nix @@ -206,7 +206,7 @@ in ]; } - # Additional inteface is only used to get access to "LAN" from wireguard + # Additional interface is only used to get access to "LAN" from wireguard (lib.mkIf cfg.internal.enable { networking.wg-quick.interfaces."${cfg.internal.name}" = mkInterface [ "${cfg.net.v4.subnet}.0/${toString cfg.net.v4.mask}" diff --git a/pkgs/unbound-zones-adblock/default.nix b/pkgs/unbound-zones-adblock/default.nix index 2a6d4b7f..11a6c90d 100644 --- a/pkgs/unbound-zones-adblock/default.nix +++ b/pkgs/unbound-zones-adblock/default.nix @@ -30,7 +30,7 @@ stdenvNoCC.mkDerivation { description = "Unified host lists, ready to be used by unbound"; longDescription = '' This is a simple derivation based on StevenBlack's unified hosts list. - The files have been modified for easy use wih unbound. + The files have been modified for easy use with unbound. ''; homepage = "https://github.com/StevenBlack/hosts"; license = licenses.mit; From 38f3ac0ce5883f6aee526b91240bca153019584b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 27 Sep 2024 14:11:03 +0000 Subject: [PATCH 104/362] home: vim: lspconfig: add 'typos-lsp' --- modules/home/vim/default.nix | 3 +++ modules/home/vim/plugin/settings/lspconfig.lua | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index a0634836..8e6bd5c6 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -100,6 +100,9 @@ in # Shell bash-language-server shfmt + + # Generic + typos-lsp ]; }; diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 2f355f4d..9e9425c5 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -84,3 +84,11 @@ if utils.is_executable("starpls") then on_attach = lsp.on_attach, }) end + +-- Generic +if utils.is_executable("typos-lsp") then + lspconfig.typos_lsp.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end From 79f08ea5a1a8060db0074d3eb9576283f27ca29f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 30 Sep 2024 13:47:26 +0000 Subject: [PATCH 105/362] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 71123623..5c355bfc 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1727246346, - "narHash": "sha256-TcUaKtya339Asu+g6KTJ8h7KiKcKXKp2V+At+7tksyY=", + "lastModified": 1727383923, + "narHash": "sha256-4/vacp3CwdGoPf8U4e/N8OsGYtO09WTcQK5FqYfJbKs=", "owner": "nix-community", "repo": "home-manager", - "rev": "1e22ef1518fb175d762006f9cae7f6312b8caedb", + "rev": "ffe2d07e771580a005e675108212597e5b367d2d", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726937504, - "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=", + "lastModified": 1727348695, + "narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9357f4f23713673f310988025d9dc261c20e70c6", + "rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1727272134, - "narHash": "sha256-q8xoi2eO23zhOmgBtJTj0QlcABoMeVB0CAWufTR3wyw=", + "lastModified": 1727701468, + "narHash": "sha256-C7Trw/LSFXDpN6RcDqoH8oaXDIQsCbI7aVwOT68ElUs=", "owner": "nix-community", "repo": "NUR", - "rev": "8dbbe7f3575d0ff0998f92f811fb8bf4e3f0d3b1", + "rev": "a885f104ba4ef8431d0fbe7ecbabac024779afb1", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1726745158, - "narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=", + "lastModified": 1727514110, + "narHash": "sha256-0YRcOxJG12VGDFH8iS8pJ0aYQQUAgo/r3ZAL+cSh9nk=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74", + "rev": "85f7a7177c678de68224af3402ab8ee1bcee25c8", "type": "github" }, "original": { From 09f763bc164946c6e548b933fad626b0a7bf689e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 30 Sep 2024 22:10:38 +0200 Subject: [PATCH 106/362] nixos: services: add komga --- modules/nixos/services/default.nix | 1 + modules/nixos/services/komga/default.nix | 55 ++++++++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 modules/nixos/services/komga/default.nix diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 1211ee68..651f3f82 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -16,6 +16,7 @@ ./grocy ./indexers ./jellyfin + ./komga ./lohr ./matrix ./mealie diff --git a/modules/nixos/services/komga/default.nix b/modules/nixos/services/komga/default.nix new file mode 100644 index 00000000..e1dc7807 --- /dev/null +++ b/modules/nixos/services/komga/default.nix @@ -0,0 +1,55 @@ +# A Comics/Manga media server +{ config, lib, ... }: +let + cfg = config.my.services.komga; +in +{ + options.my.services.komga = with lib; { + enable = mkEnableOption "Komga comics server"; + + port = mkOption { + type = types.port; + default = 4584; + example = 8080; + description = "Internal port for webui"; + }; + }; + + config = lib.mkIf cfg.enable { + services.komga = { + enable = true; + inherit (cfg) port; + + group = "media"; + }; + + systemd.services.komga.environment = { + LOGGING_LEVEL_ORG_GOTSON_KOMGA = "DEBUG"; # Needed for fail2ban + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + komga = { + inherit (cfg) port; + }; + }; + + services.fail2ban.jails = { + komga = '' + enabled = true + filter = komga + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/komga.conf".text = '' + [Definition] + failregex = ^.* ip=,.*Bad credentials.*$ + journalmatch = _SYSTEMD_UNIT=komga.service + ''; + }; + }; +} From eec65dc6b31b02fec85b5c65e30079fad1f9227a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 1 Oct 2024 16:54:44 +0200 Subject: [PATCH 107/362] hosts: nixos: porthos: services: remove podgrab Podgrab is unmaintained... I'll rely on Audiobookshelf to both download and play podcasts. --- hosts/nixos/porthos/services.nix | 7 ------- 1 file changed, 7 deletions(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 7a38cea4..ec3db670 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -132,13 +132,6 @@ in enable = true; loginFile = secrets."pdf-edit/login".path; }; - # Podcast automatic downloader - podgrab = { - enable = true; - passwordFile = secrets."podgrab/password".path; - dataDir = "/data/media/podcasts"; - port = 9598; - }; # Regular backups postgresql-backup.enable = true; pyload = { From b10d936c0a98aef3b4c078b7f7886e2db39758da Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 8 Oct 2024 11:35:11 +0000 Subject: [PATCH 108/362] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 5c355bfc..752a2149 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1726153070, - "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", + "lastModified": 1727826117, + "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", + "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1727383923, - "narHash": "sha256-4/vacp3CwdGoPf8U4e/N8OsGYtO09WTcQK5FqYfJbKs=", + "lastModified": 1728337164, + "narHash": "sha256-VdRTjJFyq4Q9U7Z/UoC2Q5jK8vSo6E86lHc2OanXtvc=", "owner": "nix-community", "repo": "home-manager", - "rev": "ffe2d07e771580a005e675108212597e5b367d2d", + "rev": "038630363e7de57c36c417fd2f5d7c14773403e4", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1727348695, - "narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=", + "lastModified": 1728241625, + "narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784", + "rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1727701468, - "narHash": "sha256-C7Trw/LSFXDpN6RcDqoH8oaXDIQsCbI7aVwOT68ElUs=", + "lastModified": 1728385750, + "narHash": "sha256-M2Qgz4Opif8uN9/I/dWRtyZRcuHRv+02B1+FgJk6LyY=", "owner": "nix-community", "repo": "NUR", - "rev": "a885f104ba4ef8431d0fbe7ecbabac024779afb1", + "rev": "7fc13fc5ea634482f96525f06132646d5aa01f7f", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1727514110, - "narHash": "sha256-0YRcOxJG12VGDFH8iS8pJ0aYQQUAgo/r3ZAL+cSh9nk=", + "lastModified": 1728092656, + "narHash": "sha256-eMeCTJZ5xBeQ0f9Os7K8DThNVSo9gy4umZLDfF5q6OM=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "85f7a7177c678de68224af3402ab8ee1bcee25c8", + "rev": "1211305a5b237771e13fcca0c51e60ad47326a9a", "type": "github" }, "original": { From 8e81d148bdda429cad565fc1cf6b327ba7eec29a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 10 Oct 2024 13:53:19 +0000 Subject: [PATCH 109/362] home: direnv: warn on non-existent version --- modules/home/direnv/lib/android.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/home/direnv/lib/android.sh b/modules/home/direnv/lib/android.sh index fa2f856b..64321e16 100644 --- a/modules/home/direnv/lib/android.sh +++ b/modules/home/direnv/lib/android.sh @@ -32,10 +32,16 @@ use_android() { -b|--build-tools) build_tools_version="$2" shift 2 + if ! [ -e "$ANDROID_HOME/build-tools/$build_tools_version" ]; then + log_error "use_android: build-tools version '$build_tools_version' does not exist" + fi ;; -n|--ndk) ndk_version="$2" shift 2 + if ! [ -e "$ANDROID_HOME/ndk/$ndk_version" ]; then + log_error "use_android: NDK version '$ndk_version' does not exist" + fi ;; --) shift From 0547ebc33c8d8891bbbeea44d31d50bc6b5dd01f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 16 Oct 2024 10:43:52 +0000 Subject: [PATCH 110/362] home: wm: i3: remove 'FIXME' Add a clearer message about why I don't use the `startup` section. --- modules/home/wm/i3/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix index 69246f03..c4328647 100644 --- a/modules/home/wm/i3/default.nix +++ b/modules/home/wm/i3/default.nix @@ -371,8 +371,7 @@ in }; startup = [ - # FIXME - # { commdand; always; notification; } + # NOTE: rely on systemd user services instead... ]; window = { From a09cef76c5b13c052eeed4b52531516204bd8839 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 17 Oct 2024 15:26:17 +0200 Subject: [PATCH 111/362] nixos: services: nextcloud: bump to 30 --- modules/nixos/services/nextcloud/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index d173fc06..e2c47463 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -31,7 +31,7 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud29; + package = pkgs.nextcloud30; hostName = "nextcloud.${config.networking.domain}"; home = "/var/lib/nextcloud"; maxUploadSize = cfg.maxSize; From cf1aeaf0884d2420ed7c55d94a859ffe527f3cbf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 23 Oct 2024 13:49:19 +0000 Subject: [PATCH 112/362] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 752a2149..fb392a42 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1728337164, - "narHash": "sha256-VdRTjJFyq4Q9U7Z/UoC2Q5jK8vSo6E86lHc2OanXtvc=", + "lastModified": 1729551526, + "narHash": "sha256-7LAGY32Xl14OVQp3y6M43/0AtHYYvV6pdyBcp3eoz0s=", "owner": "nix-community", "repo": "home-manager", - "rev": "038630363e7de57c36c417fd2f5d7c14773403e4", + "rev": "5ec753a1fc4454df9285d8b3ec0809234defb975", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1728241625, - "narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=", + "lastModified": 1729413321, + "narHash": "sha256-I4tuhRpZFa6Fu6dcH9Dlo5LlH17peT79vx1y1SpeKt0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1", + "rev": "1997e4aa514312c1af7e2bda7fad1644e778ff26", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1728385750, - "narHash": "sha256-M2Qgz4Opif8uN9/I/dWRtyZRcuHRv+02B1+FgJk6LyY=", + "lastModified": 1729688743, + "narHash": "sha256-Oe1PRxUAXSwRUcRIH+saPgMsIEEm7PfL81+M5IDCqvg=", "owner": "nix-community", "repo": "NUR", - "rev": "7fc13fc5ea634482f96525f06132646d5aa01f7f", + "rev": "2680c1d6af171ee32198c8f2f5dc07ce1d5bd2ea", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1728092656, - "narHash": "sha256-eMeCTJZ5xBeQ0f9Os7K8DThNVSo9gy4umZLDfF5q6OM=", + "lastModified": 1729104314, + "narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "1211305a5b237771e13fcca0c51e60ad47326a9a", + "rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6", "type": "github" }, "original": { From 46df8b5b5b38be165849382e4c3ecc7c9e4b4201 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 21 Oct 2024 14:24:42 +0000 Subject: [PATCH 113/362] home: direnv: lib: fix shellcheck directive I like it better with a space in it. --- modules/home/direnv/lib/android.sh | 2 +- modules/home/direnv/lib/nix.sh | 2 +- modules/home/direnv/lib/postgres.sh | 2 +- modules/home/direnv/lib/python.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/home/direnv/lib/android.sh b/modules/home/direnv/lib/android.sh index 64321e16..9344aea1 100644 --- a/modules/home/direnv/lib/android.sh +++ b/modules/home/direnv/lib/android.sh @@ -1,4 +1,4 @@ -#shellcheck shell=bash +# shellcheck shell=bash # shellcheck disable=2155 use_android() { diff --git a/modules/home/direnv/lib/nix.sh b/modules/home/direnv/lib/nix.sh index a65eb310..4b6c547d 100644 --- a/modules/home/direnv/lib/nix.sh +++ b/modules/home/direnv/lib/nix.sh @@ -1,4 +1,4 @@ -#shellcheck shell=bash +# shellcheck shell=bash use_pkgs() { if ! has nix; then diff --git a/modules/home/direnv/lib/postgres.sh b/modules/home/direnv/lib/postgres.sh index c2e6a8f6..46e171dc 100644 --- a/modules/home/direnv/lib/postgres.sh +++ b/modules/home/direnv/lib/postgres.sh @@ -1,4 +1,4 @@ -#shellcheck shell=bash +# shellcheck shell=bash layout_postgres() { if ! has postgres || ! has initdb; then diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh index d1e67a20..780fbe64 100644 --- a/modules/home/direnv/lib/python.sh +++ b/modules/home/direnv/lib/python.sh @@ -1,4 +1,4 @@ -#shellcheck shell=bash +# shellcheck shell=bash layout_poetry() { if ! has poetry; then From 6d2ac0c473561aa75156788c26b0b7e6b442d241 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 28 Oct 2024 10:38:40 +0000 Subject: [PATCH 114/362] modules: services: matrix: remove sliding sync The functionality has been folded into `synapse` itself, and the module has been removed from the unstable branch. This reverts commit b4c2cc581b6b79db1961e0aa840fad6d17ee6652. --- hosts/nixos/porthos/services.nix | 3 -- modules/nixos/services/matrix/default.nix | 39 ----------------------- 2 files changed, 42 deletions(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index ec3db670..a2339f4e 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -69,9 +69,6 @@ in mailConfigFile = secrets."matrix/mail".path; # Only necessary when doing the initial registration secretFile = secrets."matrix/secret".path; - slidingSync = { - secretFile = secrets."matrix/sliding-sync-secret".path; - }; }; mealie = { enable = true; diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index b958f767..f4238342 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -26,21 +26,6 @@ in description = "Shared secret to register users"; }; - slidingSync = { - port = mkOption { - type = types.port; - default = 8009; - example = 8084; - description = "Port used by sliding sync server"; - }; - - secretFile = mkOption { - type = types.str; - example = "/var/lib/matrix/sliding-sync-secret-file.env"; - description = "Secret file which contains SYNCV3_SECRET definition"; - }; - }; - mailConfigFile = mkOption { type = types.str; example = "/var/lib/matrix/email-config.yaml"; @@ -106,17 +91,6 @@ in ] ++ lib.optional (cfg.secretFile != null) cfg.secretFile; }; - services.matrix-sliding-sync = { - enable = true; - - settings = { - SYNCV3_SERVER = "https://${matrixDomain}"; - SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.slidingSync.port}"; - }; - - environmentFile = cfg.slidingSync.secretFile; - }; - my.services.nginx.virtualHosts = { # Element Web app deployment chat = { @@ -130,9 +104,6 @@ in "m.identity_server" = { "base_url" = "https://vector.im"; }; - "org.matrix.msc3575.proxy" = { - "url" = "https://matrix-sync.${domain}"; - }; }; showLabsSettings = true; defaultCountryCode = "FR"; # cocorico @@ -152,10 +123,6 @@ in matrix-client = { port = clientPort.private; }; - # Sliding sync - matrix-sync = { - inherit (cfg.slidingSync) port; - }; }; # Those are too complicated to use my wrapper... @@ -178,11 +145,6 @@ in "/_matrix" = proxyToClientPort; "/_synapse/client" = proxyToClientPort; - - # Sliding sync - "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = { - proxyPass = "http://${config.services.matrix-sliding-sync.settings.SYNCV3_BINDADDR}"; - }; }; listen = [ @@ -228,7 +190,6 @@ in client = { "m.homeserver" = { "base_url" = "https://${matrixDomain}"; }; "m.identity_server" = { "base_url" = "https://vector.im"; }; - "org.matrix.msc3575.proxy" = { "url" = "https://matrix-sync.${domain}"; }; }; # ACAO required to allow element-web on any URL to request this json file in From 67eb7bdd4bfe4b78c476a3e2ef3ef09727fb992b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 28 Oct 2024 10:43:54 +0000 Subject: [PATCH 115/362] hosts: nixos: porthos: secrets: remove matrix sync Remove the secret, as it not used anymore. This reverts commit 52413dcaf7d937a69002be661b8a6c26443e162c. --- .../nixos/porthos/secrets/matrix/sliding-sync-secret.age | 8 -------- hosts/nixos/porthos/secrets/secrets.nix | 3 --- 2 files changed, 11 deletions(-) delete mode 100644 hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age diff --git a/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age b/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age deleted file mode 100644 index e938cfa0..00000000 --- a/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 cKojmg xRtF3XVc7yPicAV/E4U7mn0itvD0h1BWBTjwunuoe2E -OkB9sjGB3ulH4Feuyj3Ed0DBG4+mghW/Qpum9oXL/8c --> ssh-ed25519 jPowng 1r8drqhz1yZdTq0Kvqya+ArU1C2fkN7Gg9LiWWfeUFg -cjbxntVwHvqLaJpiKs/Y8ojeb6e3/cLFcsoeuoobfFg ---- B1qA2PylJBrdZxZtCzlU2kRPvxLM+IrXTvR+ERxVtTY -"W9Äbg¸©~Ì/áÕb4ãÕ†ú³ÜÔIÊ -Û}ð §ËÅË-³²ªNó±”ÑC7vWœbºØ?¦8=œÉwÆB ÃUpJClï²OÈ™³œnOÁ\ \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index a8a9819d..68e90f2e 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -48,9 +48,6 @@ in owner = "matrix-synapse"; publicKeys = all; }; - "matrix/sliding-sync-secret.age" = { - publicKeys = all; - }; "mealie/mail.age" = { publicKeys = all; From 5b66145be378013d673db5b31514437c76991c02 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 28 Oct 2024 10:32:19 +0000 Subject: [PATCH 116/362] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index fb392a42..249cddd2 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1729551526, - "narHash": "sha256-7LAGY32Xl14OVQp3y6M43/0AtHYYvV6pdyBcp3eoz0s=", + "lastModified": 1729864948, + "narHash": "sha256-CeGSqbN6S8JmzYJX/HqZjr7dMGlvHLLnJJarwB45lPs=", "owner": "nix-community", "repo": "home-manager", - "rev": "5ec753a1fc4454df9285d8b3ec0809234defb975", + "rev": "0c0268a3c80d30b989d0aadbd65f38d4fa27a9a0", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1729413321, - "narHash": "sha256-I4tuhRpZFa6Fu6dcH9Dlo5LlH17peT79vx1y1SpeKt0=", + "lastModified": 1729665710, + "narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1997e4aa514312c1af7e2bda7fad1644e778ff26", + "rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1729688743, - "narHash": "sha256-Oe1PRxUAXSwRUcRIH+saPgMsIEEm7PfL81+M5IDCqvg=", + "lastModified": 1729868220, + "narHash": "sha256-OxHE1U+FIIaQ50nZpt/VxLH0bokiqsEqAshehlHhOFs=", "owner": "nix-community", "repo": "NUR", - "rev": "2680c1d6af171ee32198c8f2f5dc07ce1d5bd2ea", + "rev": "70b30d23d33ca2acfb267430b08ddf82ff7116b2", "type": "github" }, "original": { From 07552f30705ac3b268cf4f2301d9b28a9ba7089d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 21 Oct 2024 10:06:48 +0000 Subject: [PATCH 117/362] nixos: system: nix: configure GC --- modules/nixos/system/nix/default.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/modules/nixos/system/nix/default.nix b/modules/nixos/system/nix/default.nix index ad135390..12a395e0 100644 --- a/modules/nixos/system/nix/default.nix +++ b/modules/nixos/system/nix/default.nix @@ -22,6 +22,10 @@ in options.my.system.nix = with lib; { enable = my.mkDisableOption "nix configuration"; + gc = { + enable = my.mkDisableOption "nix GC configuration"; + }; + cache = { selfHosted = my.mkDisableOption "self-hosted cache"; }; @@ -62,6 +66,22 @@ in }; } + (lib.mkIf cfg.gc.enable { + nix.gc = { + automatic = true; + + # Every week, with some wiggle room + dates = "weekly"; + randomizedDelaySec = "10min"; + + # Use a persistent timer for e.g: laptops + persistent = true; + + # Delete old profiles automatically after 15 days + options = "--delete-older-than 15d"; + }; + }) + (lib.mkIf cfg.cache.selfHosted { nix = { settings = { From 8475d92314d9e6e522910e1d96263cfa396881e4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 21 Oct 2024 10:07:21 +0000 Subject: [PATCH 118/362] home: nix: configure GC --- modules/home/nix/default.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/modules/home/nix/default.nix b/modules/home/nix/default.nix index c0bbcc84..c67cc6a1 100644 --- a/modules/home/nix/default.nix +++ b/modules/home/nix/default.nix @@ -22,6 +22,10 @@ in options.my.home.nix = with lib; { enable = my.mkDisableOption "nix configuration"; + gc = { + enable = my.mkDisableOption "nix GC configuration"; + }; + cache = { selfHosted = my.mkDisableOption "self-hosted cache"; }; @@ -60,6 +64,22 @@ in }; } + (lib.mkIf cfg.gc.enable { + nix.gc = { + automatic = true; + + # Every week, with some wiggle room + frequency = "weekly"; + randomizedDelaySec = "10min"; + + # Use a persistent timer for e.g: laptops + persistent = true; + + # Delete old profiles automatically after 15 days + options = "--delete-older-than 15d"; + }; + }) + (lib.mkIf cfg.cache.selfHosted { nix = { settings = { From 62de2772a40744cd5045a54c3191c373ad849332 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 4 Nov 2024 11:02:35 +0000 Subject: [PATCH 119/362] home: vim: do not italicize comments --- modules/home/vim/init.vim | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index 8202cad7..0b546765 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -102,7 +102,11 @@ gruvbox.setup({ DiffText = { fg = colors.yellow, bg = colors.bg0 }, -- Directories "pop" better in blue Directory = { link = "GruvboxBlueBold" }, - } + }, + italic = { + -- Comments should not be italic, for e.g: box drawing + comments = false, + }, }) EOF " Use my preferred colorscheme From 46bd23ff077063827304b9d1555a1a4f267f0c1f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 6 Nov 2024 10:53:58 +0000 Subject: [PATCH 120/362] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 249cddd2..af4cbfad 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1727826117, - "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1729864948, - "narHash": "sha256-CeGSqbN6S8JmzYJX/HqZjr7dMGlvHLLnJJarwB45lPs=", + "lastModified": 1730837930, + "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=", "owner": "nix-community", "repo": "home-manager", - "rev": "0c0268a3c80d30b989d0aadbd65f38d4fa27a9a0", + "rev": "2f607e07f3ac7e53541120536708e824acccfaa8", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1729665710, - "narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=", + "lastModified": 1730785428, + "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d", + "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1729868220, - "narHash": "sha256-OxHE1U+FIIaQ50nZpt/VxLH0bokiqsEqAshehlHhOFs=", + "lastModified": 1730885145, + "narHash": "sha256-UPrBEY0No1O3ULb67xYjRh2r3u7MnZovfo1oYSPCIxI=", "owner": "nix-community", "repo": "NUR", - "rev": "70b30d23d33ca2acfb267430b08ddf82ff7116b2", + "rev": "c0d8828600ef47d475e6ec33513bf9af6eb6b991", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1729104314, - "narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=", + "lastModified": 1730814269, + "narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6", + "rev": "d70155fdc00df4628446352fc58adc640cd705c2", "type": "github" }, "original": { From 7b42368e2f144cab111d8856928cfc1d21bf0489 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 11 Nov 2024 11:45:11 +0000 Subject: [PATCH 121/362] hosts: nixos: porthos: services: remove tandoor I fully transitioned to using Mealie instead. This reverts commit 493636decb178a23e85c593bd38cbcb1982df8cc. --- hosts/nixos/porthos/services.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index a2339f4e..109b4e5b 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -149,11 +149,6 @@ in }; # Because I still need to play sysadmin ssh-server.enable = true; - # Recipe manager - tandoor-recipes = { - enable = true; - secretKeyFile = secrets."tandoor-recipes/secret-key".path; - }; # Torrent client and webui transmission = { enable = true; From ab8a5daefe9773dbb69fce4667910819f748cb94 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 14 Nov 2024 20:05:06 +0000 Subject: [PATCH 122/362] hosts: porthos: secrets: acme: use OVH API I switched registrar, as OVH was ~4x cheaper. This needs a small change to the module to both refer to OVH instead of Gandi in the documentation, and make use of the correct API. I also needed to disable the propagation check, as it looks like OVH is slower than Gandi, and leads to spurious errors... --- hosts/nixos/porthos/secrets/acme/dns-key.age | 15 ++++++++------- modules/nixos/services/nginx/default.nix | 6 ++++-- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/hosts/nixos/porthos/secrets/acme/dns-key.age b/hosts/nixos/porthos/secrets/acme/dns-key.age index fce2a84c..d7f159eb 100644 --- a/hosts/nixos/porthos/secrets/acme/dns-key.age +++ b/hosts/nixos/porthos/secrets/acme/dns-key.age @@ -1,8 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg bQFr9oAnbo1rI/MpUV8wQz/Xj7iZY4ZU+Swf0nSIQFw -zama2XJ0gdvUlD2GHMhmZqHSxHe+dKSfXnHoWDcSw7Y --> ssh-ed25519 jPowng gitUwSKTNKWLSxnwa185O7x/u0ul93g8wPESdZaKRk8 -uvBIfAUkZp5sg6rfeEGvL5ZDV8m2uSEotW02kjPN3Hw ---- SZxe5f/CUZBvPQa2Sz/UBY3L68rMkIGGRuZPk7YE+Vg -¾r ú&…¥‹{~v?¨}=Ä -}+ ¿SQ’M[²]Œ±k MÒAàtŒÃmMë/£µLsü|Þ…m©CÀñiYC}ƒŽ‡çxŽ€ \ No newline at end of file +-> ssh-ed25519 cKojmg Ec0xt1uJTva8MxUdoTVX5m3uWaIiRlodf345FEM7Uzs +aJIneWFJPB5HVeoUGp57agXih9YeZ6xMEbyQ+zJtWQY +-> ssh-ed25519 jPowng B5XotRgv7s/FUegGhceBj7EoukewNUOIFl4TFRQf1EQ +PgGCBd/Pqwp7ayqi7okHBGF1SfFpwT4KlHJ/np6p2uQ +--- AeLgwGz6k3OABb53cXNaCU/sgI4FlU1s6p8PhAaFOlg +1ÌÉCÔ¹ð¤ŽULfI1¸Hm»Ûòb}m”” ÁÅ¡ìg•ß0¦¢–¤`XG>\>¹8rŽz+Š›Y ™¼`—Ê¢.JBUÏ!z¸Z50ú*õ¡ÙŸ¤×ÖÇ®IôÔ]¹‹Ïå I +ĵ¿–oÒÛ°…g„®„ÒêÁ³Â¿Ÿt’©nƒºãcz[»{ +jçå&ÁõõNæ°Nÿo{õš½‚ -eP¾=L‰™ 6¦.SP:»e¶– \ No newline at end of file diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index e305b295..e5a87ded 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -86,7 +86,7 @@ in type = types.str; example = "/var/lib/acme/creds.env"; description = '' - Gandi API key file as an 'EnvironmentFile' (see `systemd.exec(5)`) + OVH API key file as an 'EnvironmentFile' (see `systemd.exec(5)`) ''; }; }; @@ -281,6 +281,7 @@ in locations."/" = { extraConfig = + # FIXME: check that X-User is dropped otherwise (args.extraConfig.locations."/".extraConfig or "") + '' # Use SSO auth_request /sso-auth; @@ -414,7 +415,8 @@ in { "${domain}" = { extraDomainNames = [ "*.${domain}" ]; - dnsProvider = "gandiv5"; + dnsProvider = "ovh"; + dnsPropagationCheck = false; # OVH is slow inherit (cfg.acme) credentialsFile; }; }; From 138d4d2bd9d7460dbe2bb48c1473c5bf9a07522e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 15 Nov 2024 21:36:11 +0100 Subject: [PATCH 123/362] nixos: services: nextcloud: add collabora This needs to be configured through the "Nextcloud Office" app, specifically the WOPI setting is important for security (I put both the external IP, as well as `::1` and `127.0.0.1`). --- .../nixos/services/nextcloud/collabora.nix | 58 +++++++++++++++++++ modules/nixos/services/nextcloud/default.nix | 4 ++ 2 files changed, 62 insertions(+) create mode 100644 modules/nixos/services/nextcloud/collabora.nix diff --git a/modules/nixos/services/nextcloud/collabora.nix b/modules/nixos/services/nextcloud/collabora.nix new file mode 100644 index 00000000..d62181fb --- /dev/null +++ b/modules/nixos/services/nextcloud/collabora.nix @@ -0,0 +1,58 @@ +# Document editor with Nextcloud +{ config, lib, ... }: +let + cfg = config.my.services.nextcloud.collabora; +in +{ + options.my.services.nextcloud.collabora = with lib; { + enable = mkEnableOption "Collabora integration"; + + port = mkOption { + type = types.port; + default = 9980; + example = 8080; + description = "Internal port for API"; + }; + }; + + config = lib.mkIf cfg.enable { + services.collabora-online = { + enable = true; + inherit (cfg) port; + + aliasGroups = [ + { + host = "https://collabora.${config.networking.domain}"; + # Allow using from nextcloud + aliases = [ "https://${config.services.nextcloud.hostName}" ]; + } + ]; + + settings = { + # Rely on reverse proxy for SSL + ssl = { + enable = false; + termination = true; + }; + }; + }; + + my.services.nginx.virtualHosts = { + collabora = { + inherit (cfg) port; + + extraConfig = { + # Too bad for the repetition... + locations."~ ^/cool/(.*)/ws$" = { + proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}"; + proxyWebsockets = true; + }; + locations."^~ /cool/adminws" = { + proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}"; + proxyWebsockets = true; + }; + }; + }; + }; + }; +} diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index e2c47463..fe941778 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -4,6 +4,10 @@ let cfg = config.my.services.nextcloud; in { + imports = [ + ./collabora.nix + ]; + options.my.services.nextcloud = with lib; { enable = mkEnableOption "Nextcloud"; maxSize = mkOption { From ae230b5df7b17e222e5cebe8fc055c01d0361f24 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 15 Nov 2024 21:38:16 +0100 Subject: [PATCH 124/362] hosts: porthos: services: enable collabora --- hosts/nixos/porthos/services.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 109b4e5b..ffd150a0 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -95,6 +95,9 @@ in nextcloud = { enable = true; passwordFile = secrets."nextcloud/password".path; + collabora = { + enable = true; + }; }; nix-cache = { enable = true; From e9d96138d5b5c6c678e2298618a3faa444bd37a9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 19 Nov 2024 15:46:31 +0000 Subject: [PATCH 125/362] nixos: services: nginx: add 'websocketsLocations' This accounts for the overwhelming majority of my usage of `extraConfig`. --- modules/nixos/services/nginx/default.nix | 44 ++++++++++++++++++------ 1 file changed, 34 insertions(+), 10 deletions(-) diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index e5a87ded..5a372ed7 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -17,6 +17,16 @@ let ''; }; + websocketsLocations = mkOption { + type = with types; listOf str; + default = [ ]; + example = [ "/socket" ]; + description = '' + Which locations on this virtual host should be configured for + websockets. + ''; + }; + port = mkOption { type = with types; nullOr port; default = null; @@ -108,12 +118,7 @@ in }; jellyfin = { port = 8096; - extraConfig = { - locations."/socket" = { - proxyPass = "http://127.0.0.1:8096/"; - proxyWebsockets = true; - }; - }; + websocketsLocations = [ "/socket" ]; }; }; description = '' @@ -195,6 +200,19 @@ in } configured. ''; })) + ++ (lib.flip lib.mapAttrsToList cfg.virtualHosts (_: { subdomain, ... } @ args: + let + proxyPass = [ "port" "socket" ]; + proxyPassUsed = lib.any (v: args.${v} != null) proxyPass; + in + { + assertion = args.websocketsLocations != [ ] -> proxyPassUsed; + message = '' + Subdomain '${subdomain}' can only use 'websocketsLocations' with one of ${ + lib.concatStringsSep ", " (builtins.map (v: "'${v}'") proxyPass) + }. + ''; + })) ++ ( let ports = lib.my.mapFilter @@ -241,6 +259,14 @@ in virtualHosts = let domain = config.networking.domain; + mkProxyPass = { websocketsLocations, ... }: proxyPass: + let + websockets = lib.genAttrs websocketsLocations (_: { + inherit proxyPass; + proxyWebsockets = true; + }); + in + { "/" = { inherit proxyPass; }; } // websockets; mkVHost = ({ subdomain, ... } @ args: lib.nameValuePair "${subdomain}.${domain}" (lib.my.recursiveMerge [ @@ -251,8 +277,7 @@ in } # Proxy to port (lib.optionalAttrs (args.port != null) { - locations."/".proxyPass = - "http://127.0.0.1:${toString args.port}"; + locations = mkProxyPass args "http://127.0.0.1:${toString args.port}"; }) # Serve filesystem content (lib.optionalAttrs (args.root != null) { @@ -260,8 +285,7 @@ in }) # Serve to UNIX socket (lib.optionalAttrs (args.socket != null) { - locations."/".proxyPass = - "http://unix:${args.socket}"; + locations = mkProxyPass args "http://unix:${args.socket}"; }) # Redirect to a different domain (lib.optionalAttrs (args.redirect != null) { From 6a1a35a3840bc40cc095a6e98702b705e67aa43f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 19 Nov 2024 15:49:31 +0000 Subject: [PATCH 126/362] nixos: services: migrate to 'websocketsLocations' --- modules/nixos/services/aria/default.nix | 4 +--- .../nixos/services/audiobookshelf/default.nix | 4 +--- modules/nixos/services/jellyfin/default.nix | 6 +----- modules/nixos/services/nextcloud/collabora.nix | 16 ++++------------ modules/nixos/services/paperless/default.nix | 6 +----- 5 files changed, 8 insertions(+), 28 deletions(-) diff --git a/modules/nixos/services/aria/default.nix b/modules/nixos/services/aria/default.nix index 2d1b3e2e..acbf0b73 100644 --- a/modules/nixos/services/aria/default.nix +++ b/modules/nixos/services/aria/default.nix @@ -65,9 +65,7 @@ in aria-rpc = { port = cfg.rpcPort; # Proxy websockets for RPC - extraConfig = { - locations."/".proxyWebsockets = true; - }; + websocketsLocations = [ "/" ]; }; }; diff --git a/modules/nixos/services/audiobookshelf/default.nix b/modules/nixos/services/audiobookshelf/default.nix index da9ec555..04ec8b91 100644 --- a/modules/nixos/services/audiobookshelf/default.nix +++ b/modules/nixos/services/audiobookshelf/default.nix @@ -30,9 +30,7 @@ in audiobookshelf = { inherit (cfg) port; # Proxy websockets for RPC - extraConfig = { - locations."/".proxyWebsockets = true; - }; + websocketsLocations = [ "/" ]; }; }; diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix index e8910a59..6edeb671 100644 --- a/modules/nixos/services/jellyfin/default.nix +++ b/modules/nixos/services/jellyfin/default.nix @@ -27,17 +27,13 @@ in my.services.nginx.virtualHosts = { jellyfin = { port = 8096; + websocketsLocations = [ "/socket" ]; extraConfig = { locations."/" = { extraConfig = '' proxy_buffering off; ''; }; - # Too bad for the repetition... - locations."/socket" = { - proxyPass = "http://127.0.0.1:8096/"; - proxyWebsockets = true; - }; }; }; }; diff --git a/modules/nixos/services/nextcloud/collabora.nix b/modules/nixos/services/nextcloud/collabora.nix index d62181fb..f8f42a77 100644 --- a/modules/nixos/services/nextcloud/collabora.nix +++ b/modules/nixos/services/nextcloud/collabora.nix @@ -40,18 +40,10 @@ in my.services.nginx.virtualHosts = { collabora = { inherit (cfg) port; - - extraConfig = { - # Too bad for the repetition... - locations."~ ^/cool/(.*)/ws$" = { - proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}"; - proxyWebsockets = true; - }; - locations."^~ /cool/adminws" = { - proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}"; - proxyWebsockets = true; - }; - }; + websocketsLocations = [ + "~ ^/cool/(.*)/ws$" + "^~ /cool/adminws" + ]; }; }; }; diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index f62879ab..eceae1cf 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -152,11 +152,7 @@ in sso = { enable = true; }; - - # Enable websockets on root - extraConfig = { - locations."/".proxyWebsockets = true; - }; + websocketsLocations = [ "/" ]; }; }; From 60050113bc6a167449a56f0a17f2820e776f97bf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 19 Nov 2024 15:53:19 +0000 Subject: [PATCH 127/362] nixos: services: nginx: modify example Now that `websocketLocations` exists, it makes little sense to use `proxyWebsockets` in an example, so use a different one. --- modules/nixos/services/nginx/default.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index 5a372ed7..3bba9f4e 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -70,10 +70,13 @@ let extraConfig = mkOption { type = types.attrs; # FIXME: forward type of virtualHosts example = { - locations."/socket" = { - proxyPass = "http://127.0.0.1:8096/"; - proxyWebsockets = true; - }; + extraConfig = '' + add_header X-Clacks-Overhead "GNU Terry Pratchett"; + ''; + + locations."/".extraConfig = '' + client_max_body_size 1G; + ''; }; default = { }; description = '' From 2ffbc13513088245c5bdfa680a34eeb40468fbf1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 20 Nov 2024 21:05:16 +0100 Subject: [PATCH 128/362] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index af4cbfad..fd8354fb 100644 --- a/flake.lock +++ b/flake.lock @@ -94,11 +94,11 @@ ] }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1730837930, - "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=", + "lastModified": 1732025103, + "narHash": "sha256-qjEI64RKvDxRyEarY0jTzrZMa8ebezh2DEZmJJrpVdo=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f607e07f3ac7e53541120536708e824acccfaa8", + "rev": "a46e702093a5c46e192243edbd977d5749e7f294", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1730785428, - "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", + "lastModified": 1732014248, + "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", + "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1730885145, - "narHash": "sha256-UPrBEY0No1O3ULb67xYjRh2r3u7MnZovfo1oYSPCIxI=", + "lastModified": 1732131502, + "narHash": "sha256-kWc3mjgEUh+2xzaluNxLMvEHRkfJ37pRBtXcwekKefM=", "owner": "nix-community", "repo": "NUR", - "rev": "c0d8828600ef47d475e6ec33513bf9af6eb6b991", + "rev": "13b44543c4e5d20bb2976ddde846c7341e4c41dd", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1730814269, - "narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=", + "lastModified": 1732021966, + "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "d70155fdc00df4628446352fc58adc640cd705c2", + "rev": "3308484d1a443fc5bc92012435d79e80458fe43c", "type": "github" }, "original": { From 7f0cd6612eccf07046df860650f2f95ad85fea95 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 14 Nov 2024 21:29:24 +0100 Subject: [PATCH 129/362] nixos: services: paperless: remove MKL work-around Instead, rely on the upstream service's work-around [1]. This will reduce the amount of package builds I need to do when updating my server... [1]: https://github.com/NixOS/nixpkgs/pull/299008 This reverts commit e2ec4d3032ee3d3dc3be935b0e2af9ad7ff0c511. --- modules/nixos/services/paperless/default.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index eceae1cf..321dfa3a 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: let cfg = config.my.services.paperless; in @@ -80,9 +80,6 @@ in # Misc PAPERLESS_TIME_ZONE = config.time.timeZone; PAPERLESS_ADMIN_USER = cfg.username; - - # Fix classifier hangs - LD_LIBRARY_PATH = "${lib.getLib pkgs.mkl}/lib"; }; # Admin password From 6a5c4a627aa9b26a7aeb7e324ae9b3b533f9a04f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 18 Nov 2024 13:31:08 +0100 Subject: [PATCH 130/362] nixos: services: pyload: add fail2ban jail --- modules/nixos/services/pyload/default.nix | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/pyload/default.nix b/modules/nixos/services/pyload/default.nix index 88889bf8..7257d0f5 100644 --- a/modules/nixos/services/pyload/default.nix +++ b/modules/nixos/services/pyload/default.nix @@ -53,6 +53,20 @@ in }; }; - # FIXME: fail2ban + services.fail2ban.jails = { + pyload = '' + enabled = true + filter = pyload + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/pyload.conf".text = '' + [Definition] + failregex = ^.*Login failed for user '.*' \[CLIENT: \]$ + journalmatch = _SYSTEMD_UNIT=pyload.service + ''; + }; }; } From fe49e470269f9f8a2445e7ce6f219a4fd6d18561 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 27 Nov 2024 12:02:29 +0000 Subject: [PATCH 131/362] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index fd8354fb..cd3f50ca 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1732025103, - "narHash": "sha256-qjEI64RKvDxRyEarY0jTzrZMa8ebezh2DEZmJJrpVdo=", + "lastModified": 1732482255, + "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", "owner": "nix-community", "repo": "home-manager", - "rev": "a46e702093a5c46e192243edbd977d5749e7f294", + "rev": "a9953635d7f34e7358d5189751110f87e3ac17da", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732014248, - "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", + "lastModified": 1732521221, + "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", + "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1732131502, - "narHash": "sha256-kWc3mjgEUh+2xzaluNxLMvEHRkfJ37pRBtXcwekKefM=", + "lastModified": 1732704680, + "narHash": "sha256-x3NlO2qzuobU9BrynzydX7X9oskJpysv7BI7DJ5cVSE=", "owner": "nix-community", "repo": "NUR", - "rev": "13b44543c4e5d20bb2976ddde846c7341e4c41dd", + "rev": "31a30f0862fd8b5f88a6597382bb09197356b19e", "type": "github" }, "original": { From e39fef275c2eee50708080e932ae48bb1845c997 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 27 Nov 2024 12:05:41 +0000 Subject: [PATCH 132/362] nixos: services: paperless: use 'environmentFile' That way I don't have to configure all services to make use of it. Someday I'll find the will to add the `postgresql.service` dependency upstream, truly removing the need to configure any service at all. --- modules/nixos/services/paperless/default.nix | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index 321dfa3a..c8967e11 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -84,43 +84,30 @@ in # Admin password passwordFile = cfg.passwordFile; + + # Secret key + environmentFile = cfg.secretKeyFile; }; systemd.services = { paperless-scheduler = { requires = [ "postgresql.service" ]; after = [ "postgresql.service" ]; - - serviceConfig = { - EnvironmentFile = cfg.secretKeyFile; - }; }; paperless-consumer = { requires = [ "postgresql.service" ]; after = [ "postgresql.service" ]; - - serviceConfig = { - EnvironmentFile = cfg.secretKeyFile; - }; }; paperless-web = { requires = [ "postgresql.service" ]; after = [ "postgresql.service" ]; - - serviceConfig = { - EnvironmentFile = cfg.secretKeyFile; - }; }; paperless-task-queue = { requires = [ "postgresql.service" ]; after = [ "postgresql.service" ]; - - serviceConfig = { - EnvironmentFile = cfg.secretKeyFile; - }; }; }; From f2168378fc1b658eeb24ec364953c4160de041f7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 27 Nov 2024 15:12:10 +0000 Subject: [PATCH 133/362] home: direnv: lib: also watch '.python-version' It's used by `uv` as a kind of configuration file, so watch it as well. --- modules/home/direnv/lib/python.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh index 780fbe64..b4b2bcef 100644 --- a/modules/home/direnv/lib/python.sh +++ b/modules/home/direnv/lib/python.sh @@ -53,4 +53,5 @@ layout_uv() { PATH_add "$VIRTUAL_ENV/bin" watch_file pyproject.toml watch_file uv.lock + watch_file .python-version } From 83da7ba9c8c8d54b8fd7585ee009505e9a36dafa Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 11:24:30 +0000 Subject: [PATCH 134/362] home: tmux: explicitly disable mouse support It's disabled by default, but make it explicit :-). --- modules/home/tmux/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 71ce4caa..dc7fed1c 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -47,6 +47,7 @@ in clock24 = true; # I'm one of those heathens escapeTime = 0; # Let vim do its thing instead historyLimit = 100000; # Bigger buffer + mouse = false; # I dislike mouse support terminal = "tmux-256color"; # I want accurate termcap info plugins = with pkgs.tmuxPlugins; [ From e8a41187e75b84cee2aae14663bb4fd5229e256d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 12:05:45 +0000 Subject: [PATCH 135/362] home: xdg: create 'HISTFILE' parent directory In fbd3b70d61bd733af033545d4cfe4809fbb068a3, I forgot to modify the `.keep` file to be created in `$XDG_STATE_HOME/bash/`. --- modules/home/xdg/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index 270200e7..e4c1887d 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -30,11 +30,11 @@ in }; # A tidy home is a tidy mind dataFile = { - "bash/.keep".text = ""; "gdb/.keep".text = ""; "tig/.keep".text = ""; }; stateFile = { + "bash/.keep".text = ""; "python/.keep".text = ""; }; }; From 8b61af1ac3cff8450234534b29420a51aa4b9de5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 12:07:07 +0000 Subject: [PATCH 136/362] home: xdg: remove 'gdb' directory I have an actual module to configure `gdb`, and it uses `$XDG_STATE_HOME` anyway... --- modules/home/xdg/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index e4c1887d..479ba1ef 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -30,7 +30,6 @@ in }; # A tidy home is a tidy mind dataFile = { - "gdb/.keep".text = ""; "tig/.keep".text = ""; }; stateFile = { From da3c29bbafe60b2e30172a6c5da452b2efeb8a34 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 12:07:50 +0000 Subject: [PATCH 137/362] home: xdg: add comment about 'tig' To explain why I didn't modify it as part of my `$XDG_STATE_HOME` migration in fbd3b70d61bd733af033545d4cfe4809fbb068a3. --- modules/home/xdg/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index 479ba1ef..803167fa 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -30,7 +30,7 @@ in }; # A tidy home is a tidy mind dataFile = { - "tig/.keep".text = ""; + "tig/.keep".text = ""; # `tig` uses `XDG_DATA_HOME` specifically... }; stateFile = { "bash/.keep".text = ""; From b38658405ad50a54876c5c7537e6f1815542c83c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 12:17:31 +0000 Subject: [PATCH 138/362] home: tmux: add binding to refresh configuration Don't rely on `tmux-sensible` to set it up. --- modules/home/tmux/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index dc7fed1c..23dff051 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -81,6 +81,9 @@ in ]; extraConfig = '' + # Refresh configuration + bind-key -N "Source tmux.conf" R source-file ${config.xdg.configHome}/tmux/tmux.conf \; display-message "Sourced tmux.conf!" + # Better vim mode bind-key -T copy-mode-vi 'v' send -X begin-selection ${ From 98c90d77c51b74dc5888c7e0647fdd9f35511964 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 12:50:29 +0000 Subject: [PATCH 139/362] home: tmux: add sloppy window switching bindings Another set of bindings which were setup by `tmux-sensible`, that I want to enable explicitly to avoid issues when it is disabled by default. --- modules/home/tmux/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 23dff051..bb23b441 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -84,6 +84,10 @@ in # Refresh configuration bind-key -N "Source tmux.conf" R source-file ${config.xdg.configHome}/tmux/tmux.conf \; display-message "Sourced tmux.conf!" + # Accept sloppy Ctrl key when switching windows, on top of default mapping + bind-key -N "Select the previous window" C-p previous-window + bind-key -N "Select the next window" C-n next-window + # Better vim mode bind-key -T copy-mode-vi 'v' send -X begin-selection ${ From c74acda957fb2fb86560e7507390b482b2705ebf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 19:58:50 +0000 Subject: [PATCH 140/362] nixos: system: packages: remove 'wget' --- modules/nixos/system/packages/default.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/modules/nixos/system/packages/default.nix b/modules/nixos/system/packages/default.nix index ebea06f8..6a78ff66 100644 --- a/modules/nixos/system/packages/default.nix +++ b/modules/nixos/system/packages/default.nix @@ -1,5 +1,5 @@ # Common packages -{ config, lib, pkgs, ... }: +{ config, lib, ... }: let cfg = config.my.system.packages; in @@ -13,10 +13,6 @@ in }; config = lib.mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - wget - ]; - programs = { vim = { enable = true; From 3ac85b87623fb4d64c93c996d21ffac7fd832979 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 29 Nov 2024 14:29:32 +0000 Subject: [PATCH 141/362] home: packages: add 'tree' --- modules/home/packages/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/packages/default.nix b/modules/home/packages/default.nix index 1362a060..b0f8d674 100644 --- a/modules/home/packages/default.nix +++ b/modules/home/packages/default.nix @@ -26,6 +26,7 @@ in fd file ripgrep + tree ] ++ cfg.additionalPackages); nixpkgs.config = { From baa853477d78bfd63cbed78c1d9e703a4d8c3d9d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 2 Dec 2024 20:36:37 +0000 Subject: [PATCH 142/362] nixos: hardware: sound: remove ALSA `sound.enable` was removed from the latest release, and is unnecessary with PulseAudio. --- modules/nixos/hardware/sound/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/nixos/hardware/sound/default.nix b/modules/nixos/hardware/sound/default.nix index e8ba7f71..1cf12cb4 100644 --- a/modules/nixos/hardware/sound/default.nix +++ b/modules/nixos/hardware/sound/default.nix @@ -54,9 +54,6 @@ in # Pulseaudio setup (lib.mkIf cfg.pulse.enable { - # ALSA - sound.enable = true; - hardware.pulseaudio.enable = true; }) ]); From ad1cfbd6f03e0b38f690d8563af02c1c04d8b731 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 3 Dec 2024 10:43:09 +0000 Subject: [PATCH 143/362] flake: bump inputs Allow-list the build inputs for `sonarr` until the package is fixed upstream [1]. [1]: https://github.com/NixOS/nixpkgs/issues/360592 --- flake.lock | 18 +++++++++--------- modules/nixos/services/servarr/default.nix | 10 ++++++++++ 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index cd3f50ca..0aeab376 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1732482255, - "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", + "lastModified": 1733175814, + "narHash": "sha256-zFOtOaqjzZfPMsm1mwu98syv3y+jziAq5DfWygaMtLg=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9953635d7f34e7358d5189751110f87e3ac17da", + "rev": "bf23fe41082aa0289c209169302afd3397092f22", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732521221, - "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", + "lastModified": 1733015953, + "narHash": "sha256-t4BBVpwG9B4hLgc6GUBuj3cjU7lP/PJfpTHuSqE+crk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", + "rev": "ac35b104800bff9028425fec3b6e8a41de2bbfff", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1732704680, - "narHash": "sha256-x3NlO2qzuobU9BrynzydX7X9oskJpysv7BI7DJ5cVSE=", + "lastModified": 1733215745, + "narHash": "sha256-RIlhnKlObJ1sEdzBP6Nuy4jLUiQnmWWXVsRHRbv6SzY=", "owner": "nix-community", "repo": "NUR", - "rev": "31a30f0862fd8b5f88a6597382bb09197356b19e", + "rev": "251d756a74e67bda25d89327b01a3da19dddabae", "type": "github" }, "original": { diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index e25d9cfd..4aa0de71 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -96,5 +96,15 @@ in # Sonarr for shows (mkFullConfig "sonarr") (mkFail2Ban "sonarr") + + # HACK: until https://github.com/NixOS/nixpkgs/issues/360592 is resolved + (lib.mkIf cfg.sonarr.enable { + nixpkgs.config.permittedInsecurePackages = [ + "aspnetcore-runtime-6.0.36" + "aspnetcore-runtime-wrapped-6.0.36" + "dotnet-sdk-6.0.428" + "dotnet-sdk-wrapped-6.0.428" + ]; + }) ]); } From 35c547a090afdf77a1fb42125170649ef1247ab8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 3 Dec 2024 10:43:33 +0000 Subject: [PATCH 144/362] home: tmux: enable focus events Since `tmux-sensible` was disabled by default, we should enable this explicitly now. --- modules/home/tmux/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index bb23b441..ae8b8f06 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -48,6 +48,7 @@ in escapeTime = 0; # Let vim do its thing instead historyLimit = 100000; # Bigger buffer mouse = false; # I dislike mouse support + focusEvents = true; # Report focus events terminal = "tmux-256color"; # I want accurate termcap info plugins = with pkgs.tmuxPlugins; [ From 19120bca2943d5a03d9116bc547f89197059694b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 8 Dec 2024 16:08:48 -0500 Subject: [PATCH 145/362] nixos: hardware: graphics: use 'initrd' option --- modules/nixos/hardware/graphics/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/nixos/hardware/graphics/default.nix b/modules/nixos/hardware/graphics/default.nix index 89bb1cd2..7d8b359c 100644 --- a/modules/nixos/hardware/graphics/default.nix +++ b/modules/nixos/hardware/graphics/default.nix @@ -33,9 +33,8 @@ in # AMD GPU (lib.mkIf (cfg.gpuFlavor == "amd") { - boot.initrd.kernelModules = lib.mkIf cfg.amd.enableKernelModule [ "amdgpu" ]; - hardware.amdgpu = { + initrd.enable = cfg.amd.enableKernelModule; # Vulkan amdvlk = lib.mkIf cfg.amd.amdvlk { enable = true; From cb5eb68d35ce1a70c8d7b8560b23586f065c79e1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 11 Dec 2024 00:46:47 +0100 Subject: [PATCH 146/362] flake: bump inputs And fix deprecated NUR overlay attribute. --- flake.lock | 60 +++++++++++++++++++++++++++++++----------- flake.nix | 4 +++ flake/home-manager.nix | 2 +- flake/nixos.nix | 2 +- 4 files changed, 51 insertions(+), 17 deletions(-) diff --git a/flake.lock b/flake.lock index 0aeab376..0db428a8 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1733175814, - "narHash": "sha256-zFOtOaqjzZfPMsm1mwu98syv3y+jziAq5DfWygaMtLg=", + "lastModified": 1733873195, + "narHash": "sha256-dTosiZ3sZ/NKoLKQ++v8nZdEHya0eTNEsaizNp+MUPM=", "owner": "nix-community", "repo": "home-manager", - "rev": "bf23fe41082aa0289c209169302afd3397092f22", + "rev": "f26aa4b76fb7606127032d33ac73d7d507d82758", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1733015953, - "narHash": "sha256-t4BBVpwG9B4hLgc6GUBuj3cjU7lP/PJfpTHuSqE+crk=", + "lastModified": 1733759999, + "narHash": "sha256-463SNPWmz46iLzJKRzO3Q2b0Aurff3U1n0nYItxq7jU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ac35b104800bff9028425fec3b6e8a41de2bbfff", + "rev": "a73246e2eef4c6ed172979932bc80e1404ba2d56", "type": "github" }, "original": { @@ -167,12 +167,21 @@ } }, "nur": { + "inputs": { + "flake-parts": [ + "flake-parts" + ], + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, "locked": { - "lastModified": 1733215745, - "narHash": "sha256-RIlhnKlObJ1sEdzBP6Nuy4jLUiQnmWWXVsRHRbv6SzY=", + "lastModified": 1733873876, + "narHash": "sha256-6YHWh0+E74hBiH0N+LeZPSWRvbmudF6mtEtFpRo3LWc=", "owner": "nix-community", "repo": "NUR", - "rev": "251d756a74e67bda25d89327b01a3da19dddabae", + "rev": "77c8486c65517272727884ca62b9322092f4f643", "type": "github" }, "original": { @@ -194,11 +203,11 @@ ] }, "locked": { - "lastModified": 1732021966, - "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=", + "lastModified": 1733665616, + "narHash": "sha256-+XTFXYlFJBxohhMGLDpYdEnhUNdxN8dyTA8WAd+lh2A=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "3308484d1a443fc5bc92012435d79e80458fe43c", + "rev": "d8c02f0ffef0ef39f6063731fc539d8c71eb463a", "type": "github" }, "original": { @@ -235,6 +244,27 @@ "repo": "default", "type": "github" } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733222881, + "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "49717b5af6f80172275d47a418c9719a31a78b53", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index a07ee154..f0bb79c7 100644 --- a/flake.nix +++ b/flake.nix @@ -55,6 +55,10 @@ owner = "nix-community"; repo = "NUR"; ref = "master"; + inputs = { + flake-parts.follows = "flake-parts"; + nixpkgs.follows = "nixpkgs"; + }; }; pre-commit-hooks = { diff --git a/flake/home-manager.nix b/flake/home-manager.nix index 34af3753..add889eb 100644 --- a/flake/home-manager.nix +++ b/flake/home-manager.nix @@ -25,7 +25,7 @@ let inherit system; overlays = (lib.attrValues self.overlays) ++ [ - inputs.nur.overlay + inputs.nur.overlays.default ]; }; diff --git a/flake/nixos.nix b/flake/nixos.nix index b48b551d..fa656dc0 100644 --- a/flake/nixos.nix +++ b/flake/nixos.nix @@ -7,7 +7,7 @@ let } { nixpkgs.overlays = (lib.attrValues self.overlays) ++ [ - inputs.nur.overlay + inputs.nur.overlays.default ]; } # Include generic settings From c5a375d1657cac9ed2b2aa449c9380298a390ad7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 11 Dec 2024 00:48:54 +0100 Subject: [PATCH 147/362] nixos: services: paperless: use automatic DB setup That way I don't have to worry about the `postgresql.service` dependency anymore :-). --- modules/nixos/services/paperless/default.nix | 40 ++------------------ 1 file changed, 3 insertions(+), 37 deletions(-) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index c8967e11..63f456b2 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -61,11 +61,6 @@ in PAPERLESS_ENABLE_HTTP_REMOTE_USER = true; PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER"; - # Use PostgreSQL - PAPERLESS_DBHOST = "/run/postgresql"; - PAPERLESS_DBUSER = "paperless"; - PAPERLESS_DBNAME = "paperless"; - # Security settings PAPERLESS_ALLOWED_HOSTS = paperlessDomain; PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}"; @@ -87,40 +82,11 @@ in # Secret key environmentFile = cfg.secretKeyFile; - }; - systemd.services = { - paperless-scheduler = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; + # Automatic PostgreSQL provisioning + database = { + createLocally = true; }; - - paperless-consumer = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - }; - - paperless-web = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - }; - - paperless-task-queue = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - }; - }; - - # Set-up database - services.postgresql = { - enable = true; - ensureDatabases = [ "paperless" ]; - ensureUsers = [ - { - name = "paperless"; - ensureDBOwnership = true; - } - ]; }; # Set-up media group From b2d2ff179840437f5659102c03356a112c2c24df Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 16 Dec 2024 00:19:31 +0100 Subject: [PATCH 148/362] nixos: services: postgres: fix renamed option --- modules/nixos/services/postgresql/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos/services/postgresql/default.nix b/modules/nixos/services/postgresql/default.nix index bbe46d42..3dcf6d13 100644 --- a/modules/nixos/services/postgresql/default.nix +++ b/modules/nixos/services/postgresql/default.nix @@ -27,11 +27,11 @@ in oldPackage = if pgCfg.enableJIT then pgCfg.package.withJIT else pgCfg.package; oldData = pgCfg.dataDir; - oldBin = "${if pgCfg.extraPlugins == [] then oldPackage else oldPackage.withPackages pgCfg.extraPlugins}/bin"; + oldBin = "${if pgCfg.extensions == [] then oldPackage else oldPackage.withPackages pgCfg.extensions}/bin"; newPackage = if pgCfg.enableJIT then newPackage'.withJIT else newPackage'; newData = "/var/lib/postgresql/${newPackage.psqlSchema}"; - newBin = "${if pgCfg.extraPlugins == [] then newPackage else newPackage.withPackages pgCfg.extraPlugins}/bin"; + newBin = "${if pgCfg.extensions == [] then newPackage else newPackage.withPackages pgCfg.extensions}/bin"; in [ (pkgs.writeScriptBin "upgrade-pg-cluster" '' From dec5dabf02ed6a901f9f9feb97ffcd8973e54237 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 16 Dec 2024 00:20:18 +0100 Subject: [PATCH 149/362] modules: services: postgres: upgrade version --- modules/nixos/services/postgresql/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos/services/postgresql/default.nix b/modules/nixos/services/postgresql/default.nix index 3dcf6d13..1dca1644 100644 --- a/modules/nixos/services/postgresql/default.nix +++ b/modules/nixos/services/postgresql/default.nix @@ -14,7 +14,7 @@ in # Let other services enable postgres when they need it (lib.mkIf cfg.enable { services.postgresql = { - package = pkgs.postgresql_13; + package = pkgs.postgresql_17; }; }) @@ -23,7 +23,7 @@ in environment.systemPackages = let pgCfg = config.services.postgresql; - newPackage' = pkgs.postgresql_13; + newPackage' = pkgs.postgresql_17; oldPackage = if pgCfg.enableJIT then pgCfg.package.withJIT else pgCfg.package; oldData = pgCfg.dataDir; From 747b344b766e22ac7bb3ba4152db60de49cd12be Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 15 Dec 2024 17:50:43 -0500 Subject: [PATCH 150/362] pkgs: remove 'cgt-calc' It's been merged upstream. --- pkgs/cgt-calc/default.nix | 47 --------------------------------------- pkgs/default.nix | 2 -- 2 files changed, 49 deletions(-) delete mode 100644 pkgs/cgt-calc/default.nix diff --git a/pkgs/cgt-calc/default.nix b/pkgs/cgt-calc/default.nix deleted file mode 100644 index 9966944a..00000000 --- a/pkgs/cgt-calc/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ lib -, fetchFromGitHub -, python3Packages -, withTeXLive ? true -, texliveSmall -}: -python3Packages.buildPythonApplication rec { - pname = "cgt-calc"; - version = "1.13.0"; - pyproject = true; - - src = fetchFromGitHub { - owner = "KapJI"; - repo = "capital-gains-calculator"; - rev = "v${version}"; - hash = "sha256-y/Y05wG89nccXyxfjqazyPJhd8dOkfwRJre+Rzx97Hw="; - }; - - build-system = with python3Packages; [ - poetry-core - ]; - - dependencies = with python3Packages; [ - defusedxml - jinja2 - pandas - requests - types-requests - yfinance - ]; - - makeWrapperArgs = lib.optionals withTeXLive [ - "--prefix" - "PATH" - ":" - "${lib.getBin texliveSmall}/bin" - ]; - - meta = with lib; { - description = "UK capital gains tax calculator"; - homepage = "https://github.com/KapJI/capital-gains-calculator"; - license = with licenses; [ mit ]; - mainProgram = "cgt-calc"; - maintainers = with maintainers; [ ambroisie ]; - platforms = platforms.unix; - }; -} diff --git a/pkgs/default.nix b/pkgs/default.nix index 949bcf78..6b7fce11 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -2,8 +2,6 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: { bw-pass = pkgs.callPackage ./bw-pass { }; - cgt-calc = pkgs.callPackage ./cgt-calc { }; - change-audio = pkgs.callPackage ./change-audio { }; change-backlight = pkgs.callPackage ./change-backlight { }; From 92e5fbe7df0c74a33baccfdb9fc82859217e0b3a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 18 Dec 2024 20:12:46 -0500 Subject: [PATCH 151/362] overlays: add 'lsp-format-nvim-indentation' To fix the issue I reported upstream [1]. [1]: https://github.com/lukas-reineke/lsp-format.nvim/issues/94 --- overlays/lsp-format-nvim-indentation/default.nix | 4 ++++ overlays/lsp-format-nvim-indentation/generated.nix | 14 ++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 overlays/lsp-format-nvim-indentation/default.nix create mode 100644 overlays/lsp-format-nvim-indentation/generated.nix diff --git a/overlays/lsp-format-nvim-indentation/default.nix b/overlays/lsp-format-nvim-indentation/default.nix new file mode 100644 index 00000000..832e71de --- /dev/null +++ b/overlays/lsp-format-nvim-indentation/default.nix @@ -0,0 +1,4 @@ +self: prev: +{ + vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { }); +} diff --git a/overlays/lsp-format-nvim-indentation/generated.nix b/overlays/lsp-format-nvim-indentation/generated.nix new file mode 100644 index 00000000..19022078 --- /dev/null +++ b/overlays/lsp-format-nvim-indentation/generated.nix @@ -0,0 +1,14 @@ +{ fetchpatch, ... }: + +_final: prev: { + lsp-format-nvim = prev.lsp-format-nvim.overrideAttrs (oa: { + patches = (oa.patches or [ ]) ++ [ + # https://github.com/lukas-reineke/lsp-format.nvim/issues/94 + (fetchpatch { + name = "use-effective-indentation"; + url = "https://github.com/liskin/lsp-format.nvim/commit/3757ac443bdf5bd166673833794553229ee8d939.patch"; + hash = "sha256-Dv+TvXrU/IrrPxz2MSPbLmRxch+qkHbI3AyFMj/ssDk="; + }) + ]; + }); +} From 322fbc970b12c187eb32a3c6ea57fe81cb4625db Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 18 Dec 2024 20:14:16 -0500 Subject: [PATCH 152/362] home: vim: lsp: rely on 'bashls' formatting I finally figured out why I was getting the wrong indentation, turns out it was an issue in `lsp-format.nvim`. With that fixed/worked around, I can now rely completely on `bash-language-server` for formatting. I'll also rely on `shfmt` automatically detecting the type of file, as (Neo)Vim cannot be made to reliably set `ft=bash` for Bash scripts and `ft=sh` for POSIX shell. Finally, I removed spaces after redirections, I've now come around to liking the default (no spaces) better. --- .../home/vim/plugin/settings/lspconfig.lua | 10 +++++++ modules/home/vim/plugin/settings/null-ls.lua | 26 ------------------- 2 files changed, 10 insertions(+), 26 deletions(-) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 9e9425c5..1f9abfd9 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -74,6 +74,16 @@ if utils.is_executable("bash-language-server") then filetypes = { "bash", "sh", "zsh" }, capabilities = capabilities, on_attach = lsp.on_attach, + settings = { + bashIde = { + shfmt = { + -- Simplify the code + simplifyCode = true, + -- Indent switch cases + caseIndent = true, + }, + }, + }, }) end diff --git a/modules/home/vim/plugin/settings/null-ls.lua b/modules/home/vim/plugin/settings/null-ls.lua index eadf16a1..258a2094 100644 --- a/modules/home/vim/plugin/settings/null-ls.lua +++ b/modules/home/vim/plugin/settings/null-ls.lua @@ -46,29 +46,3 @@ null_ls.register({ condition = utils.is_executable_condition("isort"), }), }) - --- Shell (non-POSIX) -null_ls.register({ - null_ls.builtins.formatting.shfmt.with({ - -- Indent with 4 spaces, simplify the code, indent switch cases, - -- add space after redirection, use bash dialect - extra_args = { "-i", "4", "-s", "-ci", "-sr", "-ln", "bash" }, - -- Restrict to bash and zsh - filetypes = { "bash", "zsh" }, - -- Only used if available - condition = utils.is_executable_condition("shfmt"), - }), -}) - --- Shell (POSIX) -null_ls.register({ - null_ls.builtins.formatting.shfmt.with({ - -- Indent with 4 spaces, simplify the code, indent switch cases, - -- add space after redirection, use POSIX - extra_args = { "-i", "4", "-s", "-ci", "-sr", "-ln", "posix" }, - -- Restrict to POSIX sh - filetypes = { "sh" }, - -- Only used if available - condition = utils.is_executable_condition("shfmt"), - }), -}) From f4f1aad1c08bc232908cb8ce3e3ee2a0b6c38645 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 18 Dec 2024 20:33:22 -0500 Subject: [PATCH 153/362] pkgs: fix shell formatting Ran `shfmt --write --indent 4 --simplify --case-indent`, in accordance with my editor settings. --- pkgs/bw-pass/bw-pass | 2 +- pkgs/change-audio/change-audio | 2 +- pkgs/diff-flake/diff-flake | 14 +++++++------- pkgs/osc52/osc52 | 2 +- pkgs/osc777/osc777 | 2 +- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/pkgs/bw-pass/bw-pass b/pkgs/bw-pass/bw-pass index 124714ad..0e974b70 100755 --- a/pkgs/bw-pass/bw-pass +++ b/pkgs/bw-pass/bw-pass @@ -66,7 +66,7 @@ query_password() { printf '%s\n' "$PASSWORD" } -if [ $# -lt 1 ] || [ $# -gt 2 ]; then +if [ $# -lt 1 ] || [ $# -gt 2 ]; then usage exit 1 fi diff --git a/pkgs/change-audio/change-audio b/pkgs/change-audio/change-audio index 612fecf6..5a1fb9cd 100755 --- a/pkgs/change-audio/change-audio +++ b/pkgs/change-audio/change-audio @@ -62,7 +62,7 @@ do_toggle() { } case "$1" in - up|down) + up | down) do_change_volume "$@" ;; toggle) diff --git a/pkgs/diff-flake/diff-flake b/pkgs/diff-flake/diff-flake index 0572b4ef..a2a35131 100755 --- a/pkgs/diff-flake/diff-flake +++ b/pkgs/diff-flake/diff-flake @@ -81,23 +81,23 @@ parse_args() { shift case "$opt" in - -h|--help) + -h | --help) usage exit ;; - -f|--flake-output) + -f | --flake-output) FLAKE_OUTPUTS+=("$1") shift ;; - -o|--output) + -o | --output) OUTPUT_FILE="$1" shift ;; - -n|--new-rev) + -n | --new-rev) NEW_REV="$(git rev-parse "$1")" shift ;; - -p|--previous-rev) + -p | --previous-rev) PREVIOUS_REV="$(git rev-parse "$1")" shift ;; @@ -157,7 +157,7 @@ list_dev_shells() { } diff_output() { - local PREV NEW; + local PREV NEW PREV="$(mktemp --dry-run)" NEW="$(mktemp --dry-run)" @@ -169,7 +169,7 @@ diff_output() { printf 'Closure diff for `%s`:\n```\n' "$1" nix store diff-closures "$PREV" "$NEW" | sanitize_output printf '```\n\n' - } >> "$OUTPUT_FILE" + } >>"$OUTPUT_FILE" } parse_args "$@" diff --git a/pkgs/osc52/osc52 b/pkgs/osc52/osc52 index f64ccb67..de3a982e 100755 --- a/pkgs/osc52/osc52 +++ b/pkgs/osc52/osc52 @@ -15,7 +15,7 @@ usage() { exec 1>&2 fi - cat << EOF + cat <&2 fi - cat << EOF + cat < Send a notification (title and message) to the host system using the OSC 777 escape sequence: From c75a307c58f3280fa326f764a1517a04e37898ec Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 18 Dec 2024 20:39:15 -0500 Subject: [PATCH 154/362] home: wm: i3: fix 'pavucontrol' float --- modules/home/wm/i3/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix index c4328647..ec4f87fc 100644 --- a/modules/home/wm/i3/default.nix +++ b/modules/home/wm/i3/default.nix @@ -127,7 +127,7 @@ in { class = "^Blueman-.*$"; } { title = "^htop$"; } { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; } - { class = "^Pavucontrol.*$"; } + { class = "^pavucontrol.*$"; } { class = "^Arandr$"; } { class = ".?blueman-manager.*$"; } ]; From ead8101b8d94e88dd648a694d117bc8f4f10fcd7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 18 Dec 2024 20:45:52 -0500 Subject: [PATCH 155/362] home: wm: i3: match 'blueman' float explicitly This is more of a work-around due to the wrapper in nixpkgs' packaging of that application, so might as well make that explicit and narrow. --- modules/home/wm/i3/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix index ec4f87fc..92d13817 100644 --- a/modules/home/wm/i3/default.nix +++ b/modules/home/wm/i3/default.nix @@ -129,7 +129,7 @@ in { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; } { class = "^pavucontrol.*$"; } { class = "^Arandr$"; } - { class = ".?blueman-manager.*$"; } + { class = "^\\.blueman-manager-wrapped$"; } ]; }; From b7b6705391fccf00ca277f57bb8b730fc0e78bf1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 18 Dec 2024 20:47:24 -0500 Subject: [PATCH 156/362] home: wm: i3: make 'arandr' float Another work-around due to a wrapper in nixpkgs. --- modules/home/wm/i3/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix index 92d13817..029a14ba 100644 --- a/modules/home/wm/i3/default.nix +++ b/modules/home/wm/i3/default.nix @@ -130,6 +130,7 @@ in { class = "^pavucontrol.*$"; } { class = "^Arandr$"; } { class = "^\\.blueman-manager-wrapped$"; } + { class = "^\\.arandr-wrapped$"; } ]; }; From 5cae5632d31be145211fb927eed6af24216db3b8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 21 Dec 2024 17:06:37 -0500 Subject: [PATCH 157/362] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 0db428a8..bc1d34b0 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1733873195, - "narHash": "sha256-dTosiZ3sZ/NKoLKQ++v8nZdEHya0eTNEsaizNp+MUPM=", + "lastModified": 1734808199, + "narHash": "sha256-MxlUcLjE8xLbrI1SJ2B2jftlg4wdutEILa3fgqwA98I=", "owner": "nix-community", "repo": "home-manager", - "rev": "f26aa4b76fb7606127032d33ac73d7d507d82758", + "rev": "f342df3ad938f205a913973b832f52c12546aac6", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1733759999, - "narHash": "sha256-463SNPWmz46iLzJKRzO3Q2b0Aurff3U1n0nYItxq7jU=", + "lastModified": 1734424634, + "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a73246e2eef4c6ed172979932bc80e1404ba2d56", + "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1733873876, - "narHash": "sha256-6YHWh0+E74hBiH0N+LeZPSWRvbmudF6mtEtFpRo3LWc=", + "lastModified": 1734810357, + "narHash": "sha256-Oa6d+y1/PVaPrZ/GYwvmTK9kSrc5Qx/8D3DFN2TzpVA=", "owner": "nix-community", "repo": "NUR", - "rev": "77c8486c65517272727884ca62b9322092f4f643", + "rev": "e7b7b92a7c97a91f1465ab433bbdf6d00df1db8e", "type": "github" }, "original": { @@ -203,11 +203,11 @@ ] }, "locked": { - "lastModified": 1733665616, - "narHash": "sha256-+XTFXYlFJBxohhMGLDpYdEnhUNdxN8dyTA8WAd+lh2A=", + "lastModified": 1734797603, + "narHash": "sha256-ulZN7ps8nBV31SE+dwkDvKIzvN6hroRY8sYOT0w+E28=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "d8c02f0ffef0ef39f6063731fc539d8c71eb463a", + "rev": "f0f0dc4920a903c3e08f5bdb9246bb572fcae498", "type": "github" }, "original": { From e65b3ed1fc7977b9214c5bdbe1369c3decc96454 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 23 Dec 2024 22:42:42 -0500 Subject: [PATCH 158/362] home: vim: ftplugin: add query --- modules/home/vim/after/ftplugin/query.vim | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 modules/home/vim/after/ftplugin/query.vim diff --git a/modules/home/vim/after/ftplugin/query.vim b/modules/home/vim/after/ftplugin/query.vim new file mode 100644 index 00000000..fd2ac73a --- /dev/null +++ b/modules/home/vim/after/ftplugin/query.vim @@ -0,0 +1,6 @@ +" Create the `b:undo_ftplugin` variable if it doesn't exist +call ftplugined#check_undo_ft() + +" Use a small indentation value on query files +setlocal shiftwidth=2 +let b:undo_ftplugin.='|setlocal shiftwidth<' From 2996481327151763beece5cc24acb7913c2a5399 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 28 Dec 2024 13:24:21 -0500 Subject: [PATCH 159/362] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index bc1d34b0..a1385ba8 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1734808199, - "narHash": "sha256-MxlUcLjE8xLbrI1SJ2B2jftlg4wdutEILa3fgqwA98I=", + "lastModified": 1735381016, + "narHash": "sha256-CyCZFhMUkuYbSD6bxB/r43EdmDE7hYeZZPTCv0GudO4=", "owner": "nix-community", "repo": "home-manager", - "rev": "f342df3ad938f205a913973b832f52c12546aac6", + "rev": "10e99c43cdf4a0713b4e81d90691d22c6a58bdf2", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734424634, - "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=", + "lastModified": 1735291276, + "narHash": "sha256-NYVcA06+blsLG6wpAbSPTCyLvxD/92Hy4vlY9WxFI1M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33", + "rev": "634fd46801442d760e09493a794c4f15db2d0cbb", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1734810357, - "narHash": "sha256-Oa6d+y1/PVaPrZ/GYwvmTK9kSrc5Qx/8D3DFN2TzpVA=", + "lastModified": 1735408823, + "narHash": "sha256-1VjQeMQer5nXNYtw+BG+s78ucaEoxO5oqj+yRmM8MMs=", "owner": "nix-community", "repo": "NUR", - "rev": "e7b7b92a7c97a91f1465ab433bbdf6d00df1db8e", + "rev": "8283ea92deac8cdb6fd63ff04049ac9e879bf5eb", "type": "github" }, "original": { From 9c50691ede84ad83e1d7fa4dc3334f38cee08630 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 28 Dec 2024 13:28:03 -0500 Subject: [PATCH 160/362] nixos: services: nginx: sso: use upstream module It's finally been merged, so let's get rid of this module. --- modules/nixos/services/nginx/default.nix | 4 - modules/nixos/services/nginx/sso/default.nix | 84 -------------------- 2 files changed, 88 deletions(-) delete mode 100644 modules/nixos/services/nginx/sso/default.nix diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index 3bba9f4e..cb276041 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -87,10 +87,6 @@ let }); in { - imports = [ - ./sso - ]; - options.my.services.nginx = with lib; { enable = mkEnableOption "Nginx"; diff --git a/modules/nixos/services/nginx/sso/default.nix b/modules/nixos/services/nginx/sso/default.nix deleted file mode 100644 index d60e31b4..00000000 --- a/modules/nixos/services/nginx/sso/default.nix +++ /dev/null @@ -1,84 +0,0 @@ -# I must override the module to allow having runtime secrets -{ config, lib, pkgs, utils, ... }: -let - cfg = config.services.nginx.sso; - pkg = lib.getBin cfg.package; - confPath = "/var/lib/nginx-sso/config.json"; -in -{ - disabledModules = [ "services/security/nginx-sso.nix" ]; - - - options.services.nginx.sso = with lib; { - enable = mkEnableOption "nginx-sso service"; - - package = mkOption { - type = types.package; - default = pkgs.nginx-sso; - defaultText = "pkgs.nginx-sso"; - description = '' - The nginx-sso package that should be used. - ''; - }; - - configuration = mkOption { - type = types.attrsOf types.unspecified; - default = { }; - example = literalExample '' - { - listen = { addr = "127.0.0.1"; port = 8080; }; - - providers.token.tokens = { - myuser = "MyToken"; - }; - - acl = { - rule_sets = [ - { - rules = [ { field = "x-application"; equals = "MyApp"; } ]; - allow = [ "myuser" ]; - } - ]; - }; - } - ''; - description = '' - nginx-sso configuration - (documentation) - as a Nix attribute set. - ''; - }; - }; - - config = lib.mkIf cfg.enable { - systemd.services.nginx-sso = { - description = "Nginx SSO Backend"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - StateDirectory = "nginx-sso"; - WorkingDirectory = "/var/lib/nginx-sso"; - # The files to be merged might not have the correct permissions - ExecStartPre = pkgs.writeShellScript "merge-nginx-sso-config" '' - rm -f '${confPath}' - ${utils.genJqSecretsReplacementSnippet cfg.configuration confPath} - ''; - ExecStart = lib.mkForce '' - ${lib.getExe pkg} \ - --config ${confPath} \ - --frontend-dir ${pkg}/share/frontend - ''; - Restart = "always"; - User = "nginx-sso"; - Group = "nginx-sso"; - }; - }; - - users.users.nginx-sso = { - isSystemUser = true; - group = "nginx-sso"; - }; - - users.groups.nginx-sso = { }; - }; -} From debf061dd2f03d166b543da5a182b2645d90a6b5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 13 Jan 2025 17:35:20 +0000 Subject: [PATCH 161/362] treewide: add 'shell=bash' for '.envrc' files Looks like the `shellcheck` pre-commit hook starting running on those files as well. --- .envrc | 1 + templates/c++-cmake/.envrc | 1 + templates/c++-meson/.envrc | 1 + templates/rust-cargo/.envrc | 1 + 4 files changed, 4 insertions(+) mode change 100644 => 100755 templates/c++-cmake/.envrc diff --git a/.envrc b/.envrc index f5141c20..a6b1f81e 100644 --- a/.envrc +++ b/.envrc @@ -1,3 +1,4 @@ +# shellcheck shell=bash if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" fi diff --git a/templates/c++-cmake/.envrc b/templates/c++-cmake/.envrc old mode 100644 new mode 100755 index de77fcb0..390d06d4 --- a/templates/c++-cmake/.envrc +++ b/templates/c++-cmake/.envrc @@ -1,3 +1,4 @@ +# shellcheck shell=bash if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" fi diff --git a/templates/c++-meson/.envrc b/templates/c++-meson/.envrc index de77fcb0..390d06d4 100644 --- a/templates/c++-meson/.envrc +++ b/templates/c++-meson/.envrc @@ -1,3 +1,4 @@ +# shellcheck shell=bash if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" fi diff --git a/templates/rust-cargo/.envrc b/templates/rust-cargo/.envrc index de77fcb0..390d06d4 100644 --- a/templates/rust-cargo/.envrc +++ b/templates/rust-cargo/.envrc @@ -1,3 +1,4 @@ +# shellcheck shell=bash if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" fi From 2cf14c92d33bf47db9856932e9cb4a6ce92ad4fc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 13 Jan 2025 17:37:07 +0000 Subject: [PATCH 162/362] flake: bump inputs --- flake.lock | 33 +++++++++++++++------------------ flake.nix | 1 - 2 files changed, 15 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index a1385ba8..a95fb34a 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1735381016, - "narHash": "sha256-CyCZFhMUkuYbSD6bxB/r43EdmDE7hYeZZPTCv0GudO4=", + "lastModified": 1736785676, + "narHash": "sha256-TY0jUwR3EW0fnS0X5wXMAVy6h4Z7Y6a3m+Yq++C9AyE=", "owner": "nix-community", "repo": "home-manager", - "rev": "10e99c43cdf4a0713b4e81d90691d22c6a58bdf2", + "rev": "fc52a210b60f2f52c74eac41a8647c1573d2071d", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1735291276, - "narHash": "sha256-NYVcA06+blsLG6wpAbSPTCyLvxD/92Hy4vlY9WxFI1M=", + "lastModified": 1736701207, + "narHash": "sha256-jG/+MvjVY7SlTakzZ2fJ5dC3V1PrKKrUEOEE30jrOKA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "634fd46801442d760e09493a794c4f15db2d0cbb", + "rev": "ed4a395ea001367c1f13d34b1e01aa10290f67d6", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1735408823, - "narHash": "sha256-1VjQeMQer5nXNYtw+BG+s78ucaEoxO5oqj+yRmM8MMs=", + "lastModified": 1736786866, + "narHash": "sha256-JaWZU7wFWsI4rGAemVciyhTxadaZyubJpLqupKLZUtI=", "owner": "nix-community", "repo": "NUR", - "rev": "8283ea92deac8cdb6fd63ff04049ac9e879bf5eb", + "rev": "16ff3063cb4a4cf6fb5f48ca7dc55c27f2ea4891", "type": "github" }, "original": { @@ -197,17 +197,14 @@ "gitignore": "gitignore", "nixpkgs": [ "nixpkgs" - ], - "nixpkgs-stable": [ - "nixpkgs" ] }, "locked": { - "lastModified": 1734797603, - "narHash": "sha256-ulZN7ps8nBV31SE+dwkDvKIzvN6hroRY8sYOT0w+E28=", + "lastModified": 1735882644, + "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "f0f0dc4920a903c3e08f5bdb9246bb572fcae498", + "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f0bb79c7..afd3c805 100644 --- a/flake.nix +++ b/flake.nix @@ -68,7 +68,6 @@ ref = "master"; inputs = { nixpkgs.follows = "nixpkgs"; - nixpkgs-stable.follows = "nixpkgs"; }; }; From 9f2ed2ae5a5348cd2c97acc95be795a24d0bbe14 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 13 Jan 2025 17:37:41 +0000 Subject: [PATCH 163/362] nixos: hardware: fix renamed 'pulseaudio' config --- modules/nixos/hardware/bluetooth/default.nix | 2 +- modules/nixos/hardware/sound/default.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos/hardware/bluetooth/default.nix b/modules/nixos/hardware/bluetooth/default.nix index e9b1991f..b14ac21a 100644 --- a/modules/nixos/hardware/bluetooth/default.nix +++ b/modules/nixos/hardware/bluetooth/default.nix @@ -20,7 +20,7 @@ in # Support for additional bluetooth codecs (lib.mkIf cfg.loadExtraCodecs { - hardware.pulseaudio = { + services.pulseaudio = { extraModules = [ pkgs.pulseaudio-modules-bt ]; package = pkgs.pulseaudioFull; }; diff --git a/modules/nixos/hardware/sound/default.nix b/modules/nixos/hardware/sound/default.nix index 1cf12cb4..cd453dee 100644 --- a/modules/nixos/hardware/sound/default.nix +++ b/modules/nixos/hardware/sound/default.nix @@ -54,7 +54,7 @@ in # Pulseaudio setup (lib.mkIf cfg.pulse.enable { - hardware.pulseaudio.enable = true; + services.pulseaudio.enable = true; }) ]); } From c99b5b2532cc1654a38bca9cd2ad7460f35aa278 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 13 Jan 2025 17:38:05 +0000 Subject: [PATCH 164/362] nixos: services: komga: use 'settings' --- modules/nixos/services/komga/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/nixos/services/komga/default.nix b/modules/nixos/services/komga/default.nix index e1dc7807..160d6ce1 100644 --- a/modules/nixos/services/komga/default.nix +++ b/modules/nixos/services/komga/default.nix @@ -21,10 +21,10 @@ in inherit (cfg) port; group = "media"; - }; - systemd.services.komga.environment = { - LOGGING_LEVEL_ORG_GOTSON_KOMGA = "DEBUG"; # Needed for fail2ban + settings = { + logging.level.org.gotson.komga = "DEBUG"; # Needed for fail2ban + }; }; # Set-up media group From f08787625b73ce88487303814e13e7355721dddd Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 28 Jan 2025 12:34:20 +0000 Subject: [PATCH 165/362] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index a95fb34a..8884f797 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1723293904, - "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", + "lastModified": 1736955230, + "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", "owner": "ryantm", "repo": "agenix", - "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1736785676, - "narHash": "sha256-TY0jUwR3EW0fnS0X5wXMAVy6h4Z7Y6a3m+Yq++C9AyE=", + "lastModified": 1737968762, + "narHash": "sha256-xiPARGKwocaMtv+U/rgi+h2g56CZZEmrcl7ldRaslq8=", "owner": "nix-community", "repo": "home-manager", - "rev": "fc52a210b60f2f52c74eac41a8647c1573d2071d", + "rev": "e1ae908bcc30af792b0bb0a52e53b03d2577255e", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736701207, - "narHash": "sha256-jG/+MvjVY7SlTakzZ2fJ5dC3V1PrKKrUEOEE30jrOKA=", + "lastModified": 1737885589, + "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ed4a395ea001367c1f13d34b1e01aa10290f67d6", + "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1736786866, - "narHash": "sha256-JaWZU7wFWsI4rGAemVciyhTxadaZyubJpLqupKLZUtI=", + "lastModified": 1738059992, + "narHash": "sha256-VeNLLucQTlED2cqD3uofh968tm7u7UgwCdY5+jo/BSc=", "owner": "nix-community", "repo": "NUR", - "rev": "16ff3063cb4a4cf6fb5f48ca7dc55c27f2ea4891", + "rev": "c46c836963685acbd2430439f859b60f230b3643", "type": "github" }, "original": { @@ -200,11 +200,11 @@ ] }, "locked": { - "lastModified": 1735882644, - "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", + "lastModified": 1737465171, + "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", + "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17", "type": "github" }, "original": { From 1540483955f38bb57af7706c7e458378028e36f4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 30 Jan 2025 13:06:49 +0100 Subject: [PATCH 166/362] nixos: services: komga: fix deprecated option --- modules/nixos/services/komga/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/komga/default.nix b/modules/nixos/services/komga/default.nix index 160d6ce1..9af3cd16 100644 --- a/modules/nixos/services/komga/default.nix +++ b/modules/nixos/services/komga/default.nix @@ -18,11 +18,11 @@ in config = lib.mkIf cfg.enable { services.komga = { enable = true; - inherit (cfg) port; group = "media"; settings = { + server.port = cfg.port; logging.level.org.gotson.komga = "DEBUG"; # Needed for fail2ban }; }; From 533e3b9a9f198d1a8168060db694f3a6ae6464b0 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 29 Jan 2025 19:14:54 +0100 Subject: [PATCH 167/362] nixos: services: add homebox --- modules/nixos/services/default.nix | 1 + modules/nixos/services/homebox/default.nix | 42 ++++++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 modules/nixos/services/homebox/default.nix diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 651f3f82..3992385f 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -14,6 +14,7 @@ ./forgejo ./gitea ./grocy + ./homebox ./indexers ./jellyfin ./komga diff --git a/modules/nixos/services/homebox/default.nix b/modules/nixos/services/homebox/default.nix new file mode 100644 index 00000000..d79e3314 --- /dev/null +++ b/modules/nixos/services/homebox/default.nix @@ -0,0 +1,42 @@ +# Home inventory made easy +{ config, lib, ... }: +let + cfg = config.my.services.homebox; +in +{ + options.my.services.homebox = with lib; { + enable = mkEnableOption "Homebox home inventory"; + + port = mkOption { + type = types.port; + default = 7745; + example = 8080; + description = "Internal port for webui"; + }; + }; + + config = lib.mkIf cfg.enable { + services.homebox = { + enable = true; + + settings = { + # FIXME: mailer? + HBOX_WEB_PORT = toString cfg.port; + }; + }; + + my.services.nginx.virtualHosts = { + homebox = { + inherit (cfg) port; + }; + }; + + my.services.backup = { + paths = [ + config.services.homebox.settings.HBOX_STORAGE_DATA + ]; + }; + + # NOTE: unfortunately homebox does not log connection failures for fail2ban + }; +} From 2cbcbb7b3a6819a66c7e2fb84a623e6bea087d35 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 4 Feb 2025 15:15:28 +0000 Subject: [PATCH 168/362] home: secrets: fix path to 'keys' --- modules/home/secrets/secrets.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/secrets/secrets.nix b/modules/home/secrets/secrets.nix index f4743429..27cdb4ee 100644 --- a/modules/home/secrets/secrets.nix +++ b/modules/home/secrets/secrets.nix @@ -1,6 +1,6 @@ # Common secrets let - keys = import ../../keys; + keys = import ../../../keys; all = builtins.attrValues keys.users; in From 9c4d853037aaca039709c7bd013738b5528e31fe Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Feb 2025 11:28:27 +0000 Subject: [PATCH 169/362] home: secrets: github: update token --- modules/home/secrets/github/token.age | Bin 369 -> 253 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/modules/home/secrets/github/token.age b/modules/home/secrets/github/token.age index 1d36ccdc3cc89a5b9c5bd9df4e8b62445fe4b3b0..3e8bb5a8329daf21e005a46c76ade14a887d5952 100644 GIT binary patch delta 217 zcmey!^p|mhPJO9wfw_@)QdN0wwn1o$iD_`MPquGrqD5eZwnt=ogkNHcrDcY;t7THQ zFPCqzYm`%&fs3WThev@yg-ft$REC*}p?+?0MMZ`|NL5LoS5$JTS4Mt*B$uwPu7YEx zn{i%RYEYhwWnN@KRgR^PTUbV9eoC5aZlYO=SypmIL{Mdjxk-U@peGk^#jIn8)9!jl zD=c=X^7Ym#tkv=mzIfc}u-Q)8ry`Fp%Cxecmb~(l>&(K)4JmrZW=LuO*_m_GTgBny T^33`v>=u2U1}$?cyY#C8DZ^1= delta 334 zcmey%_>pOXPJKpUxwlJVUanhtPOxD_rb)S{n?Y5MNuIlpb6#+2q@jyRm`hSpfk|>j zHdkbDP*spmzGYHXj+s|Usb`6&V`;9Zk%g0aqCr(^rJJdfn`KtEr&FO(AeXM4LSaf- zS!Ax6ZhBE_VsWa1l7Y2?k)=YQf`7gaSGGyITe5p{czu#dXhEP~Mq*BgV{u|?QfgkF zxrd{3RAgkKv42^KQCMlYSxI3*uz{0fq?fOYiFU3*sE12RMm|?YcxsMch*_$8VS#^C zYCup?KslGLuC9W4R$57(b9hQrj-gR;L~==XRc=LYv9?c%r+c Date: Wed, 12 Feb 2025 14:26:07 +0000 Subject: [PATCH 170/362] pkgs: lohr: use 'useFetchCargoVendor' The previous fetcher is in the process of being deprecated. --- pkgs/lohr/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/lohr/default.nix b/pkgs/lohr/default.nix index b89ccff9..aeb13b1a 100644 --- a/pkgs/lohr/default.nix +++ b/pkgs/lohr/default.nix @@ -10,7 +10,8 @@ rustPlatform.buildRustPackage rec { hash = "sha256-dunQgtap+XCK5LoSyOqIY/6p6HizBeiyPWNuCffwjDU="; }; - cargoHash = "sha256-EUhyrhPe+mUgMmm4o+bxRIiSNReJRfw+/O1fPr8r7lo="; + useFetchCargoVendor = true; + cargoHash = "sha256-R3/N/43+bGx6acE/rhBcrk6kS5zQu8NJ1sVvKJJkK9w="; meta = with lib; { description = "Git mirroring daemon"; From 40a841031fe465b7225927d1d493627e547cab59 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 12 Feb 2025 14:27:15 +0000 Subject: [PATCH 171/362] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 8884f797..b7ca7083 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1736143030, - "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "lastModified": 1738453229, + "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1737968762, - "narHash": "sha256-xiPARGKwocaMtv+U/rgi+h2g56CZZEmrcl7ldRaslq8=", + "lastModified": 1739314552, + "narHash": "sha256-ggVf2BclyIW3jexc/uvgsgJH4e2cuG6Nyg54NeXgbFI=", "owner": "nix-community", "repo": "home-manager", - "rev": "e1ae908bcc30af792b0bb0a52e53b03d2577255e", + "rev": "83bd3a26ac0526ae04fa74df46738bb44b89dcdd", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1737885589, - "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=", + "lastModified": 1739214665, + "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8", + "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1738059992, - "narHash": "sha256-VeNLLucQTlED2cqD3uofh968tm7u7UgwCdY5+jo/BSc=", + "lastModified": 1739229047, + "narHash": "sha256-sSTgA86wdk8d544c2+gzrfvVPHQF4mbsomvLOW2thn0=", "owner": "nix-community", "repo": "NUR", - "rev": "c46c836963685acbd2430439f859b60f230b3643", + "rev": "8348d89f30598a73fee7efb4b5d34c3de201e71b", "type": "github" }, "original": { From 374886a63f01f2f736ce4502e61ba017403a77fc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 12 Feb 2025 14:30:00 +0000 Subject: [PATCH 172/362] nixos: services: servarr: remove build work-around It's been fixed upstream. This partially reverts commit ad1cfbd6f03e0b38f690d8563af02c1c04d8b731. --- modules/nixos/services/servarr/default.nix | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 4aa0de71..e25d9cfd 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -96,15 +96,5 @@ in # Sonarr for shows (mkFullConfig "sonarr") (mkFail2Ban "sonarr") - - # HACK: until https://github.com/NixOS/nixpkgs/issues/360592 is resolved - (lib.mkIf cfg.sonarr.enable { - nixpkgs.config.permittedInsecurePackages = [ - "aspnetcore-runtime-6.0.36" - "aspnetcore-runtime-wrapped-6.0.36" - "dotnet-sdk-6.0.428" - "dotnet-sdk-wrapped-6.0.428" - ]; - }) ]); } From 80b4c9ffcd8e610e39e473a6425001e9e939386f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 12 Feb 2025 14:31:20 +0000 Subject: [PATCH 173/362] home: mail: accounts: use 'migadu' flavor --- modules/home/mail/accounts/default.nix | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/modules/home/mail/accounts/default.nix b/modules/home/mail/accounts/default.nix index 202b9bc5..5216ad5e 100644 --- a/modules/home/mail/accounts/default.nix +++ b/modules/home/mail/accounts/default.nix @@ -26,20 +26,7 @@ let }; migaduConfig = { - imap = { - host = "imap.migadu.com"; - port = 993; - tls = { - enable = true; - }; - }; - smtp = { - host = "smtp.migadu.com"; - port = 465; - tls = { - enable = true; - }; - }; + flavor = "migadu.com"; }; gmailConfig = { From f474c033d5d89d9cf84bbc18f878eb1bb9fed4d3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 13 Feb 2025 14:40:39 +0000 Subject: [PATCH 174/362] nixos: services: nginx: remove zstd compression The zstd module is unmaintained and buggy, remove it preventively. The option itself will probably be removed soon [1]. [1]: https://github.com/NixOS/nixpkgs/pull/381678 --- modules/nixos/services/nginx/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index cb276041..1e9e38a8 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -253,7 +253,6 @@ in recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - recommendedZstdSettings = true; virtualHosts = let From 8f5be69a4e297c8289399ae09b805090042ebfcc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Feb 2025 15:33:40 +0100 Subject: [PATCH 175/362] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index b7ca7083..c4ae7ba5 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1739314552, - "narHash": "sha256-ggVf2BclyIW3jexc/uvgsgJH4e2cuG6Nyg54NeXgbFI=", + "lastModified": 1739790043, + "narHash": "sha256-4gK4zdNDQ4PyGFs7B6zp9iPIBy9E+bVJiZ0XAmncvgQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "83bd3a26ac0526ae04fa74df46738bb44b89dcdd", + "rev": "c1ea92cdfb85bd7b0995b550581d9fd1c3370bf9", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1739214665, - "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=", + "lastModified": 1739580444, + "narHash": "sha256-+/bSz4EAVbqz8/HsIGLroF8aNaO8bLRL7WfACN+24g4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a", + "rev": "8bb37161a0488b89830168b81c48aed11569cb93", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1739229047, - "narHash": "sha256-sSTgA86wdk8d544c2+gzrfvVPHQF4mbsomvLOW2thn0=", + "lastModified": 1739796551, + "narHash": "sha256-XcTK29rOc0WxcSJDHUK8JQege9CzSVVAcjHdswOVFPA=", "owner": "nix-community", "repo": "NUR", - "rev": "8348d89f30598a73fee7efb4b5d34c3de201e71b", + "rev": "827aa6eeaf92cc085f84947f6c32002792b67497", "type": "github" }, "original": { From 1237ef41742323d88d639877d38cd6ec05d9cf91 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 21 Feb 2025 16:22:00 +0000 Subject: [PATCH 176/362] home: git: include local configuration properly Using `includes` ensures that the local configuration is included at the end of the configuration file. --- modules/home/git/default.nix | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index 1bb22159..8791cb27 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -123,11 +123,6 @@ in defaultBranch = "main"; }; - # Local configuration, not-versioned - include = { - path = "config.local"; - }; - merge = { conflictStyle = "zdiff3"; }; @@ -167,8 +162,8 @@ in }; }; - # Multiple identities includes = [ + # Multiple identities { condition = "gitdir:~/git/EPITA/"; contents = { @@ -187,6 +182,10 @@ in }; }; } + # Local configuration, not-versioned + { + path = "config.local"; + } ]; ignores = From 337d7309c61e39bd77db6537acde9a301dade42f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 21 Feb 2025 16:41:54 +0000 Subject: [PATCH 177/362] home: git: use 'mkAfter' for config includes This should ensure that they will be included at the very end of the configuration, even if other modules add more includes. Notably, this ensures that the local configuration can override any other setting. --- modules/home/git/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index 8791cb27..c88008fa 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -162,7 +162,7 @@ in }; }; - includes = [ + includes = lib.mkAfter [ # Multiple identities { condition = "gitdir:~/git/EPITA/"; From d3a953247c270ca2e771bac5343123c4239c0da3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 24 Feb 2025 14:15:01 +0000 Subject: [PATCH 178/362] home: packages: disable on 'useGlobalPkgs' It doesn't do anything when `useGlobalPkgs` is set, and has started warning about its upcoming deprecation. --- modules/home/packages/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/home/packages/default.nix b/modules/home/packages/default.nix index b0f8d674..43f7111e 100644 --- a/modules/home/packages/default.nix +++ b/modules/home/packages/default.nix @@ -1,6 +1,7 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, osConfig, ... }: let cfg = config.my.home.packages; + useGlobalPkgs = osConfig.home-manager.useGlobalPkgs or false; in { options.my.home.packages = with lib; { @@ -29,7 +30,7 @@ in tree ] ++ cfg.additionalPackages); - nixpkgs.config = { + nixpkgs.config = lib.mkIf (!useGlobalPkgs) { inherit (cfg) allowAliases allowUnfree; }; }; From 852696409a4319a9767814c4483072d4bb9cbd61 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 24 Feb 2025 17:07:43 +0000 Subject: [PATCH 179/362] home: pager: remove 'LESSKEY' It should do the lookup in `$XDG_CONFIG_HOME/lesskey` automatically now. --- modules/home/pager/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/home/pager/default.nix b/modules/home/pager/default.nix index 1119440f..a35da2c2 100644 --- a/modules/home/pager/default.nix +++ b/modules/home/pager/default.nix @@ -16,7 +16,6 @@ in LESS = "-R -+X -c"; # Better XDG compliance LESSHISTFILE = "${config.xdg.stateHome}/less/history"; - LESSKEY = "${config.xdg.configHome}/less/lesskey"; }; }; } From e43570fe5bfa8a6258d11c3eb8f7738cb045a5ce Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 24 Feb 2025 17:04:21 +0000 Subject: [PATCH 180/362] home: pager: allow quitting without screen clear --- modules/home/pager/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/home/pager/default.nix b/modules/home/pager/default.nix index a35da2c2..e84dcb73 100644 --- a/modules/home/pager/default.nix +++ b/modules/home/pager/default.nix @@ -17,5 +17,10 @@ in # Better XDG compliance LESSHISTFILE = "${config.xdg.stateHome}/less/history"; }; + + xdg.configFile."lesskey".text = '' + # Quit without clearing the screen on `Q` + Q toggle-option -!^Predraw-on-quit\nq + ''; }; } From 84f1186b6c6888ed3ebc1fb6072a259e509b3271 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 25 Feb 2025 13:38:07 +0000 Subject: [PATCH 181/362] home: tmux: add 'enableResurrect' To be used on the cloudtop with its frequent reboots. --- modules/home/tmux/default.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index ae8b8f06..53716435 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -20,6 +20,8 @@ in enablePassthrough = mkEnableOption "tmux DCS passthrough sequence"; + enableResurrect = mkEnableOption "tmux-resurrect plugin"; + terminalFeatures = mkOption { type = with types; attrsOf (submodule { options = { @@ -51,7 +53,7 @@ in focusEvents = true; # Report focus events terminal = "tmux-256color"; # I want accurate termcap info - plugins = with pkgs.tmuxPlugins; [ + plugins = with pkgs.tmuxPlugins; builtins.filter (attr: attr != { }) [ # Open high-lighted files in copy mode open # Better pane management @@ -79,6 +81,13 @@ in set -g status-right '#{prefix_highlight} %a %Y-%m-%d %H:%M' ''; } + # Resurrect sessions + (lib.optionalAttrs cfg.enableResurrect { + plugin = resurrect; + extraConfig = '' + set -g @resurrect-dir '${config.xdg.stateHome}/tmux/resurrect' + ''; + }) ]; extraConfig = '' From 105bcbd53a30d349bb68276249a77793ec5f2d19 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 25 Feb 2025 13:39:46 +0000 Subject: [PATCH 182/362] hosts: home: mousqueton: enable 'tmux-resurrect' --- hosts/homes/ambroisie@mousqueton/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/homes/ambroisie@mousqueton/default.nix b/hosts/homes/ambroisie@mousqueton/default.nix index 44e62e68..37884d79 100644 --- a/hosts/homes/ambroisie@mousqueton/default.nix +++ b/hosts/homes/ambroisie@mousqueton/default.nix @@ -15,6 +15,9 @@ # I use scripts that use the passthrough sequence often on this host enablePassthrough = true; + # Frequent reboots mean that session persistence can be handy + enableResurrect = true; + terminalFeatures = { # HTerm uses `xterm-256color` as its `$TERM`, so use that here xterm-256color = { }; From edeb67238bc24dc982075bb5f6787d8035b578b3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 25 Feb 2025 13:58:02 +0000 Subject: [PATCH 183/362] home: tmux: enable aggressive resize Generally useful, rarely gets in the way, I'd rather have it enabled by default. --- modules/home/tmux/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 53716435..08b9202c 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -52,6 +52,7 @@ in mouse = false; # I dislike mouse support focusEvents = true; # Report focus events terminal = "tmux-256color"; # I want accurate termcap info + aggressiveResize = true; # Automatic resize when switching client size plugins = with pkgs.tmuxPlugins; builtins.filter (attr: attr != { }) [ # Open high-lighted files in copy mode From 0dc8ac443313724285d54447330311f3b2e0856b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 27 Feb 2025 12:36:10 +0000 Subject: [PATCH 184/362] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index c4ae7ba5..bd5cf0aa 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1739790043, - "narHash": "sha256-4gK4zdNDQ4PyGFs7B6zp9iPIBy9E+bVJiZ0XAmncvgQ=", + "lastModified": 1740624780, + "narHash": "sha256-8TP61AI3QBQsjzVUQFIV8NoB5nbYfJB3iHczhBikDkU=", "owner": "nix-community", "repo": "home-manager", - "rev": "c1ea92cdfb85bd7b0995b550581d9fd1c3370bf9", + "rev": "b8869e4ead721bbd4f0d6b927e8395705d4f16e6", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1739580444, - "narHash": "sha256-+/bSz4EAVbqz8/HsIGLroF8aNaO8bLRL7WfACN+24g4=", + "lastModified": 1740560979, + "narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8bb37161a0488b89830168b81c48aed11569cb93", + "rev": "5135c59491985879812717f4c9fea69604e7f26f", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1739796551, - "narHash": "sha256-XcTK29rOc0WxcSJDHUK8JQege9CzSVVAcjHdswOVFPA=", + "lastModified": 1740655932, + "narHash": "sha256-BSTcgL2C74x0TgVdVEWfIz2SHkwIFMN0Dvv1lCoOhCA=", "owner": "nix-community", "repo": "NUR", - "rev": "827aa6eeaf92cc085f84947f6c32002792b67497", + "rev": "1ca8ff37f33a560c4a292ed83774434854f0b39a", "type": "github" }, "original": { From 88c00bb83d7d83d9af480f9de8027175bdd32ec7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 27 Feb 2025 12:44:10 +0000 Subject: [PATCH 185/362] home: firefox: fix deprecated option --- modules/home/firefox/default.nix | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/modules/home/firefox/default.nix b/modules/home/firefox/default.nix index 02c74f2d..6346dc9b 100644 --- a/modules/home/firefox/default.nix +++ b/modules/home/firefox/default.nix @@ -61,19 +61,21 @@ in "ui.systemUsesDarkTheme" = true; # Dark mode }; - extensions = with pkgs.nur.repos.rycee.firefox-addons; ([ - bitwarden - consent-o-matic - form-history-control - reddit-comment-collapser - reddit-enhancement-suite - refined-github - sponsorblock - ublock-origin - ] - ++ lib.optional (cfg.tridactyl.enable) tridactyl - ++ lib.optional (cfg.ff2mpv.enable) ff2mpv - ); + extensions = { + packages = with pkgs.nur.repos.rycee.firefox-addons; ([ + bitwarden + consent-o-matic + form-history-control + reddit-comment-collapser + reddit-enhancement-suite + refined-github + sponsorblock + ublock-origin + ] + ++ lib.optional (cfg.tridactyl.enable) tridactyl + ++ lib.optional (cfg.ff2mpv.enable) ff2mpv + ); + }; }; }; }; From ca618b53ccef400567eef305c634854ca16529fb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 27 Feb 2025 16:59:15 +0000 Subject: [PATCH 186/362] home: vim: oil: explicitly remove icons They started appearing on the latest bump, it looks like my configuration started including `nvim-web-devicons` (see [1]). I'll probably remove this configuration on the next nixpkgs bump (it's a good canary to check that I *never* include icons in the future). [1]: https://github.com/NixOS/nixpkgs/pull/382668 --- modules/home/vim/plugin/settings/oil.lua | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home/vim/plugin/settings/oil.lua b/modules/home/vim/plugin/settings/oil.lua index a160725b..74d5007a 100644 --- a/modules/home/vim/plugin/settings/oil.lua +++ b/modules/home/vim/plugin/settings/oil.lua @@ -4,6 +4,8 @@ local wk = require("which-key") local detail = false oil.setup({ + -- Don't show icons + columns = {}, view_options = { -- Show files and directories that start with "." by default show_hidden = true, From dc4221fc17fc3d36e75f4d47b6e1a552969ab29f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Mar 2025 13:02:02 +0000 Subject: [PATCH 187/362] flake: bump inputs And remove the overlay for `lsp-format.nvim`, which has been fixed. This reverts commit 92e5fbe7df0c74a33baccfdb9fc82859217e0b3a. --- flake.lock | 30 +++++++++---------- .../lsp-format-nvim-indentation/default.nix | 4 --- .../lsp-format-nvim-indentation/generated.nix | 14 --------- 3 files changed, 15 insertions(+), 33 deletions(-) delete mode 100644 overlays/lsp-format-nvim-indentation/default.nix delete mode 100644 overlays/lsp-format-nvim-indentation/generated.nix diff --git a/flake.lock b/flake.lock index bd5cf0aa..6db188a6 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1738453229, - "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", + "lastModified": 1741352980, + "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", + "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1740624780, - "narHash": "sha256-8TP61AI3QBQsjzVUQFIV8NoB5nbYfJB3iHczhBikDkU=", + "lastModified": 1741955947, + "narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=", "owner": "nix-community", "repo": "home-manager", - "rev": "b8869e4ead721bbd4f0d6b927e8395705d4f16e6", + "rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1740560979, - "narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=", + "lastModified": 1742069588, + "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5135c59491985879812717f4c9fea69604e7f26f", + "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1740655932, - "narHash": "sha256-BSTcgL2C74x0TgVdVEWfIz2SHkwIFMN0Dvv1lCoOhCA=", + "lastModified": 1741294988, + "narHash": "sha256-3408u6q615kVTb23WtDriHRmCBBpwX7iau6rvfipcu4=", "owner": "nix-community", "repo": "NUR", - "rev": "1ca8ff37f33a560c4a292ed83774434854f0b39a", + "rev": "b30c245e2c44c7352a27485bfd5bc483df660f0e", "type": "github" }, "original": { @@ -200,11 +200,11 @@ ] }, "locked": { - "lastModified": 1737465171, - "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=", + "lastModified": 1742058297, + "narHash": "sha256-b4SZc6TkKw8WQQssbN5O2DaCEzmFfvSTPYHlx/SFW9Y=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17", + "rev": "59f17850021620cd348ad2e9c0c64f4e6325ce2a", "type": "github" }, "original": { diff --git a/overlays/lsp-format-nvim-indentation/default.nix b/overlays/lsp-format-nvim-indentation/default.nix deleted file mode 100644 index 832e71de..00000000 --- a/overlays/lsp-format-nvim-indentation/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -self: prev: -{ - vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { }); -} diff --git a/overlays/lsp-format-nvim-indentation/generated.nix b/overlays/lsp-format-nvim-indentation/generated.nix deleted file mode 100644 index 19022078..00000000 --- a/overlays/lsp-format-nvim-indentation/generated.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ fetchpatch, ... }: - -_final: prev: { - lsp-format-nvim = prev.lsp-format-nvim.overrideAttrs (oa: { - patches = (oa.patches or [ ]) ++ [ - # https://github.com/lukas-reineke/lsp-format.nvim/issues/94 - (fetchpatch { - name = "use-effective-indentation"; - url = "https://github.com/liskin/lsp-format.nvim/commit/3757ac443bdf5bd166673833794553229ee8d939.patch"; - hash = "sha256-Dv+TvXrU/IrrPxz2MSPbLmRxch+qkHbI3AyFMj/ssDk="; - }) - ]; - }); -} From 5ae2eacd49042d3c00e3d2e666c355bcb89e10d1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 19 Mar 2025 11:45:07 +0000 Subject: [PATCH 188/362] home: git: add 'ignoreRevsFile' I'm surprised I hadn't configured it already. `.git-blame-ignore-revs` is the usual name, as most forges automatically detect and use it. --- modules/home/git/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index c88008fa..bd085b8a 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -75,6 +75,7 @@ in # Makes it a bit more readable blame = { coloring = "repeatedLines"; + ignoreRevsFile = ".git-blame-ignore-revs"; markIgnoredLines = true; markUnblamables = true; }; From 9156a8211d6388e274698e834d010710d727d425 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 24 Mar 2025 11:47:59 +0000 Subject: [PATCH 189/362] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 6db188a6..2eff24a5 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1741955947, - "narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=", + "lastModified": 1742771635, + "narHash": "sha256-HQHzQPrg+g22tb3/K/4tgJjPzM+/5jbaujCZd8s2Mls=", "owner": "nix-community", "repo": "home-manager", - "rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4", + "rev": "ad0614a1ec9cce3b13169e20ceb7e55dfaf2a818", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742069588, - "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=", + "lastModified": 1742669843, + "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5", + "rev": "1e5b653dff12029333a6546c11e108ede13052eb", "type": "github" }, "original": { @@ -200,11 +200,11 @@ ] }, "locked": { - "lastModified": 1742058297, - "narHash": "sha256-b4SZc6TkKw8WQQssbN5O2DaCEzmFfvSTPYHlx/SFW9Y=", + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "59f17850021620cd348ad2e9c0c64f4e6325ce2a", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", "type": "github" }, "original": { From 6fc81e45e98bcb4190641c53aad62a28cb782367 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 24 Mar 2025 11:58:56 +0000 Subject: [PATCH 190/362] home: zsh: migrate to 'initContent' This also fixes a small ordering issue: my alias definitions used to be defined at the very end of the file, they're now slotted _before_ the `zshrc.local` import. --- modules/home/zsh/default.nix | 40 +++++++++++++++++------------------- 1 file changed, 19 insertions(+), 21 deletions(-) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 11b6cb24..f4092d88 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -87,28 +87,26 @@ in # Modal editing is life, but CLI benefits from emacs gymnastics defaultKeymap = "emacs"; - # Make those happen early to avoid doing double the work - initExtraFirst = lib.mkBefore '' - ${ - lib.optionalString cfg.launchTmux '' - # Launch tmux unless already inside one - if [ -z "$TMUX" ]; then - exec tmux new-session - fi - '' - } - ''; + initContent = lib.mkMerge [ + # Make those happen early to avoid doing double the work + (lib.mkBefore (lib.optionalString cfg.launchTmux '' + # Launch tmux unless already inside one + if [ -z "$TMUX" ]; then + exec tmux new-session + fi + '')) - initExtra = lib.mkAfter '' - source ${./completion-styles.zsh} - source ${./extra-mappings.zsh} - source ${./options.zsh} + (lib.mkAfter '' + source ${./completion-styles.zsh} + source ${./extra-mappings.zsh} + source ${./options.zsh} - # Source local configuration - if [ -f "$ZDOTDIR/zshrc.local" ]; then - source "$ZDOTDIR/zshrc.local" - fi - ''; + # Source local configuration + if [ -f "$ZDOTDIR/zshrc.local" ]; then + source "$ZDOTDIR/zshrc.local" + fi + '') + ]; localVariables = { # I like having the full path @@ -151,7 +149,7 @@ in }; # Use OSC-777 to send the notification through SSH - initExtra = lib.mkIf cfg.notify.ssh.useOsc777 '' + initContent = lib.mkIf cfg.notify.ssh.useOsc777 '' done_send_notification() { local exit_status="$1" local title="$2" From b2758839e8a0fe5cb613542172d6bfd36ba088ee Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 24 Mar 2025 16:51:45 +0000 Subject: [PATCH 191/362] home: vim: lspconfig: add 'harper' Support for more languages is upcoming, I also need to check how to handle custom words/dictionaries. --- modules/home/vim/plugin/settings/lspconfig.lua | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 1f9abfd9..f8e65d87 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -96,6 +96,13 @@ if utils.is_executable("starpls") then end -- Generic +if utils.is_executable("harper-ls") then + lspconfig.harper_ls.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end + if utils.is_executable("typos-lsp") then lspconfig.typos_lsp.setup({ capabilities = capabilities, From abec0dd226d765a54976be0a07442c4ce45b3cdb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 25 Mar 2025 14:30:07 +0000 Subject: [PATCH 192/362] home: git: remove 'ignoreRevsFile' I remember why I didn't set it globally now, it's because `git blame` complains and errors out, rather than silently ignoring the setting, when the file doesn't exist in a repo... This reverts commit 5ae2eacd49042d3c00e3d2e666c355bcb89e10d1. --- modules/home/git/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index bd085b8a..c88008fa 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -75,7 +75,6 @@ in # Makes it a bit more readable blame = { coloring = "repeatedLines"; - ignoreRevsFile = ".git-blame-ignore-revs"; markIgnoredLines = true; markUnblamables = true; }; From 458ea144c447cb15ed07351992f9cbe8f74489db Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 25 Mar 2025 16:52:58 +0000 Subject: [PATCH 193/362] home: vim: remove 'fastfold' configuration I missed it in the original commit that removed the plug-in from my configuration... --- modules/home/vim/plugin/settings/fastfold.lua | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 modules/home/vim/plugin/settings/fastfold.lua diff --git a/modules/home/vim/plugin/settings/fastfold.lua b/modules/home/vim/plugin/settings/fastfold.lua deleted file mode 100644 index 78ee9378..00000000 --- a/modules/home/vim/plugin/settings/fastfold.lua +++ /dev/null @@ -1,5 +0,0 @@ --- Intercept all fold commands --- stylua: ignore -vim.g.fastfold_fold_command_suffixes = { - "x", "X", "a", "A", "o", "O", "c", "C", "r", "R", "m", "M", "i", "n", "N", -} From 1841ff391d13eb31b3ff670b9c9f4563ecc7140b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 28 Mar 2025 15:27:21 +0000 Subject: [PATCH 194/362] flake: dev-shells: remove redundant 'pre-commit' It's already being installed by the shell hook. --- flake/dev-shells.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/flake/dev-shells.nix b/flake/dev-shells.nix index d5f5989b..87464a48 100644 --- a/flake/dev-shells.nix +++ b/flake/dev-shells.nix @@ -6,7 +6,6 @@ name = "NixOS-config"; nativeBuildInputs = with pkgs; [ - gitAndTools.pre-commit nixpkgs-fmt ]; From 37e88c2707072bc4cc244669c084dccb74b52ab3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 29 Mar 2025 14:41:21 +0000 Subject: [PATCH 195/362] flake: bump inputs And fix the small `jq` breakage. --- flake.lock | 18 +++++++++--------- modules/home/jq/default.nix | 1 + 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 2eff24a5..a2d931a0 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1741352980, - "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1742771635, - "narHash": "sha256-HQHzQPrg+g22tb3/K/4tgJjPzM+/5jbaujCZd8s2Mls=", + "lastModified": 1743607567, + "narHash": "sha256-kTzKPDFmNzwO1cK4fiJgPB/iSw7HgBAmknRTeAPJAeI=", "owner": "nix-community", "repo": "home-manager", - "rev": "ad0614a1ec9cce3b13169e20ceb7e55dfaf2a818", + "rev": "49748c74cdbae03d70381f150b810f92617f23aa", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742669843, - "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", + "lastModified": 1743448293, + "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1e5b653dff12029333a6546c11e108ede13052eb", + "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3", "type": "github" }, "original": { diff --git a/modules/home/jq/default.nix b/modules/home/jq/default.nix index 57e266fa..53e59865 100644 --- a/modules/home/jq/default.nix +++ b/modules/home/jq/default.nix @@ -17,6 +17,7 @@ in strings = "0;32"; arrays = "1;39"; objects = "1;39"; + objectKeys = "1;34"; }; }; } From dfb3c353ecc6e2152dfc2440544db2ffbd99a20b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 29 Mar 2025 16:15:04 +0000 Subject: [PATCH 196/362] home: vim: remove 'lsp_lines' It's been upstreamed! --- modules/home/vim/default.nix | 1 - modules/home/vim/plugin/settings/lsp-lines.lua | 3 --- 2 files changed, 4 deletions(-) delete mode 100644 modules/home/vim/plugin/settings/lsp-lines.lua diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 8e6bd5c6..b65e935f 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -59,7 +59,6 @@ in # LSP and linting nvim-lspconfig # Easy LSP configuration lsp-format-nvim # Simplified formatting configuration - lsp_lines-nvim # Show diagnostics *over* regions none-ls-nvim # LSP integration for linters and formatters nvim-treesitter.withAllGrammars # Better highlighting nvim-treesitter-textobjects # More textobjects diff --git a/modules/home/vim/plugin/settings/lsp-lines.lua b/modules/home/vim/plugin/settings/lsp-lines.lua deleted file mode 100644 index 9c79818c..00000000 --- a/modules/home/vim/plugin/settings/lsp-lines.lua +++ /dev/null @@ -1,3 +0,0 @@ -local lsp_lines = require("lsp_lines") - -lsp_lines.setup() From 274d143031cbc350673c8bed520fa0f2522319c0 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 29 Mar 2025 16:17:59 +0000 Subject: [PATCH 197/362] home: vim: fix deprecated calls --- modules/home/vim/lua/ambroisie/lsp.lua | 17 +++++++---------- modules/home/vim/lua/ambroisie/utils.lua | 2 +- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index eb53da68..39892028 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -5,14 +5,15 @@ local lsp_format = require("lsp-format") --- Move to the next/previous diagnostic, automatically showing the diagnostics --- float if necessary. ---- @param forward bool whether to go forward or backwards -local function goto_diagnostic(forward) +--- @param count number whether to go count or backwards +local function goto_diagnostic(count) vim.validate({ - forward = { forward, "boolean" }, + count = { count, "number" }, }) local opts = { float = false, + count = count, } -- Only show floating diagnostics if they are otherwise not displayed @@ -21,23 +22,19 @@ local function goto_diagnostic(forward) opts.float = true end - if forward then - vim.diagnostic.goto_next(opts) - else - vim.diagnostic.goto_prev(opts) - end + vim.diagnostic.jump(opts) end --- Move to the next diagnostic, automatically showing the diagnostics float if --- necessary. M.goto_next_diagnostic = function() - goto_diagnostic(true) + goto_diagnostic(1) end --- Move to the previous diagnostic, automatically showing the diagnostics float --- if necessary. M.goto_prev_diagnostic = function() - goto_diagnostic(false) + goto_diagnostic(-1) end --- shared LSP configuration callback diff --git a/modules/home/vim/lua/ambroisie/utils.lua b/modules/home/vim/lua/ambroisie/utils.lua index c9e92921..0ee7c83b 100644 --- a/modules/home/vim/lua/ambroisie/utils.lua +++ b/modules/home/vim/lua/ambroisie/utils.lua @@ -38,7 +38,7 @@ end --- @param bufnr int? buffer number --- @return table all active LSP client names M.list_lsp_clients = function(bufnr) - local clients = vim.lsp.get_active_clients({ bufnr = bufnr }) + local clients = vim.lsp.get_clients({ bufnr = bufnr }) local names = {} for _, client in ipairs(clients) do From 4ef1b08f4ee444ab9dcb1513421cf78a79449242 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 29 Mar 2025 16:55:00 +0000 Subject: [PATCH 198/362] home: vim: lualine: use built-in 'branch' It now supports worktrees correctly (or at least I can't figure out which issue I used to have with it...). As a bonus, it also supports showing the correct branch for an `oil` buffer. This reverts commit 481d5f6f53e1e6ff1d8f29d3ac996af723be2381. --- modules/home/vim/plugin/settings/lualine.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/vim/plugin/settings/lualine.lua b/modules/home/vim/plugin/settings/lualine.lua index 5219a956..31ad3c48 100644 --- a/modules/home/vim/plugin/settings/lualine.lua +++ b/modules/home/vim/plugin/settings/lualine.lua @@ -30,7 +30,7 @@ lualine.setup({ { "mode" }, }, lualine_b = { - { "FugitiveHead" }, + { "branch" }, { "filename", symbols = { readonly = "🔒" } }, }, lualine_c = { From c1efc4316d7fe2bedd222d02e148e9ec8f7f6707 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 29 Mar 2025 16:44:00 +0000 Subject: [PATCH 199/362] home: vim: lualine: add custom 'oil' extension I don't like the built-in one. --- modules/home/vim/plugin/settings/lualine.lua | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/modules/home/vim/plugin/settings/lualine.lua b/modules/home/vim/plugin/settings/lualine.lua index 31ad3c48..bbe46475 100644 --- a/modules/home/vim/plugin/settings/lualine.lua +++ b/modules/home/vim/plugin/settings/lualine.lua @@ -1,4 +1,5 @@ local lualine = require("lualine") +local oil = require("oil") local utils = require("ambroisie.utils") local function list_spell_languages() @@ -57,5 +58,21 @@ lualine.setup({ extensions = { "fugitive", "quickfix", + { + sections = { + lualine_a = { + { "mode" }, + }, + lualine_b = { + { "branch" }, + }, + lualine_c = { + function() + return vim.fn.fnamemodify(oil.get_current_dir(), ":~") + end, + }, + }, + filetypes = { "oil" }, + }, }, }) From 262dc48425c2b62305b5202abad20f71cf92aaed Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 2 Apr 2025 20:02:33 +0100 Subject: [PATCH 200/362] home: vim: use default 'diffopt:linematch' It's now been defaulted to `linematch:40` on v0.11. --- modules/home/vim/init.vim | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index 0b546765..39ef32e3 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -68,8 +68,6 @@ set listchars=tab:>─,trail:·,nbsp:¤ " Use patience diff set diffopt+=algorithm:patience -" Align similar lines in each hunk -set diffopt+=linematch:50 " Don't redraw when executing macros set lazyredraw From 2583cc6c12817a9f1012ba24bfe32aeb4b7794a3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 3 Apr 2025 21:16:58 +0100 Subject: [PATCH 201/362] home: vim: lua: lsp: add count to diagnostic maps --- modules/home/vim/lua/ambroisie/lsp.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index 39892028..e57bdafd 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -28,13 +28,13 @@ end --- Move to the next diagnostic, automatically showing the diagnostics float if --- necessary. M.goto_next_diagnostic = function() - goto_diagnostic(1) + goto_diagnostic(vim.v.count1) end --- Move to the previous diagnostic, automatically showing the diagnostics float --- if necessary. M.goto_prev_diagnostic = function() - goto_diagnostic(-1) + goto_diagnostic(-vim.v.count1) end --- shared LSP configuration callback From 36aa641ec0d861b7abffc8204b6538b7dc0367a2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 3 Apr 2025 21:23:30 +0100 Subject: [PATCH 202/362] home: vim: rely on built-in diagnostic jump config This reduces the surface area of my configuration. --- .../vim/after/plugin/mappings/unimpaired.lua | 4 -- modules/home/vim/lua/ambroisie/lsp.lua | 38 ++----------------- .../home/vim/plugin/settings/lspconfig.lua | 4 ++ 3 files changed, 8 insertions(+), 38 deletions(-) diff --git a/modules/home/vim/after/plugin/mappings/unimpaired.lua b/modules/home/vim/after/plugin/mappings/unimpaired.lua index 82aab059..765b6b11 100644 --- a/modules/home/vim/after/plugin/mappings/unimpaired.lua +++ b/modules/home/vim/after/plugin/mappings/unimpaired.lua @@ -31,8 +31,6 @@ local keys = { { "[u", desc = "URL encode" }, { "[x", desc = "XML encode" }, { "[y", desc = "C string encode" }, - -- Custom - { "[d", lsp.goto_prev_diagnostic, desc = "Previous diagnostic" }, -- Next { "]", group = "Next" }, @@ -62,8 +60,6 @@ local keys = { { "]u", desc = "URL decode" }, { "]x", desc = "XML decode" }, { "]y", desc = "C string decode" }, - -- Custom - { "]d", lsp.goto_next_diagnostic, desc = "Next diagnostic" }, -- Enable option { "[o", group = "Enable option" }, diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index e57bdafd..e48de128 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -3,40 +3,6 @@ local M = {} -- Simplified LSP formatting configuration local lsp_format = require("lsp-format") ---- Move to the next/previous diagnostic, automatically showing the diagnostics ---- float if necessary. ---- @param count number whether to go count or backwards -local function goto_diagnostic(count) - vim.validate({ - count = { count, "number" }, - }) - - local opts = { - float = false, - count = count, - } - - -- Only show floating diagnostics if they are otherwise not displayed - local config = vim.diagnostic.config() - if not (config.virtual_text or config.virtual_lines) then - opts.float = true - end - - vim.diagnostic.jump(opts) -end - ---- Move to the next diagnostic, automatically showing the diagnostics float if ---- necessary. -M.goto_next_diagnostic = function() - goto_diagnostic(vim.v.count1) -end - ---- Move to the previous diagnostic, automatically showing the diagnostics float ---- if necessary. -M.goto_prev_diagnostic = function() - goto_diagnostic(-vim.v.count1) -end - --- shared LSP configuration callback --- @param client native client configuration --- @param bufnr int? buffer number of the attached client @@ -76,6 +42,10 @@ M.on_attach = function(client, bufnr) vim.diagnostic.config({ virtual_text = text, virtual_lines = lines, + jump = { + -- Show float on jump if no diagnostic text is otherwise shown + float = not (text or lines), + }, }) end diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index f8e65d87..7817d4c1 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -16,6 +16,10 @@ vim.diagnostic.config({ update_in_insert = false, -- Show highest severity first severity_sort = true, + jump = { + -- Show float on diagnostic jumps + float = true, + }, }) -- Inform servers we are able to do completion, snippets, etc... From d48d5c45e04b67e7642ac5f36c5fd1c81f7cd19d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 4 Apr 2025 15:24:43 +0000 Subject: [PATCH 203/362] home: vim: remove 'friendly-snippets' I never use them... --- modules/home/vim/default.nix | 1 - modules/home/vim/plugin/settings/luasnip.lua | 1 - 2 files changed, 2 deletions(-) delete mode 100644 modules/home/vim/plugin/settings/luasnip.lua diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index b65e935f..20a74fff 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -66,7 +66,6 @@ in # Completion luasnip # Snippet manager compatible with LSP - friendly-snippets # LSP snippets collection nvim-cmp # Completion engine cmp-async-path # More responsive path completion cmp-buffer # Words from open buffers diff --git a/modules/home/vim/plugin/settings/luasnip.lua b/modules/home/vim/plugin/settings/luasnip.lua deleted file mode 100644 index 80309d7e..00000000 --- a/modules/home/vim/plugin/settings/luasnip.lua +++ /dev/null @@ -1 +0,0 @@ -require("luasnip.loaders.from_vscode").lazy_load() From 53569f17a6850d00856ad4788516ff947f8907ad Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 5 Apr 2025 18:27:04 +0100 Subject: [PATCH 204/362] treewide: pre-commit-hooks.nix renaming --- flake.lock | 50 +++++++++++++++++----------------- flake.nix | 4 +-- flake/checks.nix | 2 +- templates/c++-cmake/flake.nix | 8 +++--- templates/c++-meson/flake.nix | 8 +++--- templates/rust-cargo/flake.nix | 8 +++--- 6 files changed, 40 insertions(+), 40 deletions(-) diff --git a/flake.lock b/flake.lock index a2d931a0..353a3923 100644 --- a/flake.lock +++ b/flake.lock @@ -108,10 +108,33 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "master", + "repo": "git-hooks.nix", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ - "pre-commit-hooks", + "git-hooks", "nixpkgs" ] }, @@ -191,38 +214,15 @@ "type": "github" } }, - "pre-commit-hooks": { - "inputs": { - "flake-compat": "flake-compat", - "gitignore": "gitignore", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1742649964, - "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", - "type": "github" - }, - "original": { - "owner": "cachix", - "ref": "master", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", "flake-parts": "flake-parts", "futils": "futils", + "git-hooks": "git-hooks", "home-manager": "home-manager", "nixpkgs": "nixpkgs", "nur": "nur", - "pre-commit-hooks": "pre-commit-hooks", "systems": "systems" } }, diff --git a/flake.nix b/flake.nix index afd3c805..50767290 100644 --- a/flake.nix +++ b/flake.nix @@ -61,10 +61,10 @@ }; }; - pre-commit-hooks = { + git-hooks = { type = "github"; owner = "cachix"; - repo = "pre-commit-hooks.nix"; + repo = "git-hooks.nix"; ref = "master"; inputs = { nixpkgs.follows = "nixpkgs"; diff --git a/flake/checks.nix b/flake/checks.nix index 98e49bd5..73e64d52 100644 --- a/flake/checks.nix +++ b/flake/checks.nix @@ -1,7 +1,7 @@ { inputs, ... }: { imports = [ - inputs.pre-commit-hooks.flakeModule + inputs.git-hooks.flakeModule ]; perSystem = { ... }: { diff --git a/templates/c++-cmake/flake.nix b/templates/c++-cmake/flake.nix index db3b35c1..36fd5ad6 100644 --- a/templates/c++-cmake/flake.nix +++ b/templates/c++-cmake/flake.nix @@ -16,10 +16,10 @@ ref = "nixos-unstable"; }; - pre-commit-hooks = { + git-hooks = { type = "github"; owner = "cachix"; - repo = "pre-commit-hooks.nix"; + repo = "git-hooks.nix"; ref = "master"; inputs = { flake-utils.follows = "futils"; @@ -28,7 +28,7 @@ }; }; - outputs = { self, futils, nixpkgs, pre-commit-hooks }: + outputs = { self, futils, nixpkgs, git-hooks }: { overlays = { default = final: _prev: { @@ -69,7 +69,7 @@ ]; }; - pre-commit = pre-commit-hooks.lib.${system}.run { + pre-commit = git-hooks.lib.${system}.run { src = self; hooks = { diff --git a/templates/c++-meson/flake.nix b/templates/c++-meson/flake.nix index 5957c621..961ba1fb 100644 --- a/templates/c++-meson/flake.nix +++ b/templates/c++-meson/flake.nix @@ -16,10 +16,10 @@ ref = "nixos-unstable"; }; - pre-commit-hooks = { + git-hooks = { type = "github"; owner = "cachix"; - repo = "pre-commit-hooks.nix"; + repo = "git-hooks.nix"; ref = "master"; inputs = { flake-utils.follows = "futils"; @@ -28,7 +28,7 @@ }; }; - outputs = { self, futils, nixpkgs, pre-commit-hooks }: + outputs = { self, futils, nixpkgs, git-hooks }: { overlays = { default = final: _prev: { @@ -69,7 +69,7 @@ ]; }; - pre-commit = pre-commit-hooks.lib.${system}.run { + pre-commit = git-hooks.lib.${system}.run { src = self; hooks = { diff --git a/templates/rust-cargo/flake.nix b/templates/rust-cargo/flake.nix index 6d50369d..b9031d91 100644 --- a/templates/rust-cargo/flake.nix +++ b/templates/rust-cargo/flake.nix @@ -16,10 +16,10 @@ ref = "nixos-unstable"; }; - pre-commit-hooks = { + git-hooks = { type = "github"; owner = "cachix"; - repo = "pre-commit-hooks.nix"; + repo = "git-hooks.nix"; ref = "master"; inputs = { flake-utils.follows = "futils"; @@ -28,7 +28,7 @@ }; }; - outputs = { self, futils, nixpkgs, pre-commit-hooks }: + outputs = { self, futils, nixpkgs, git-hooks }: { overlays = { default = final: _prev: { @@ -60,7 +60,7 @@ ]; }; - pre-commit = pre-commit-hooks.lib.${system}.run { + pre-commit = git-hooks.lib.${system}.run { src = self; hooks = { From 418494004b3479f0e523d3f72eb995aab8dddf41 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 5 Apr 2025 18:29:51 +0100 Subject: [PATCH 205/362] templates: use 'pre-commit.enabledPackages' --- templates/c++-cmake/flake.nix | 6 +++--- templates/c++-meson/flake.nix | 6 +++--- templates/rust-cargo/flake.nix | 7 +++---- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/templates/c++-cmake/flake.nix b/templates/c++-cmake/flake.nix index 36fd5ad6..eecb0070 100644 --- a/templates/c++-cmake/flake.nix +++ b/templates/c++-cmake/flake.nix @@ -92,12 +92,12 @@ devShells = { default = pkgs.mkShell { - inputsFrom = with self.packages.${system}; [ - project + inputsFrom = [ + self.packages.${system}.project ]; packages = with pkgs; [ - clang-tools + self.checks.${system}.pre-commit.enabledPackages ]; inherit (pre-commit) shellHook; diff --git a/templates/c++-meson/flake.nix b/templates/c++-meson/flake.nix index 961ba1fb..a4357772 100644 --- a/templates/c++-meson/flake.nix +++ b/templates/c++-meson/flake.nix @@ -92,12 +92,12 @@ devShells = { default = pkgs.mkShell { - inputsFrom = with self.packages.${system}; [ - project + inputsFrom = [ + self.packages.${system}.project ]; packages = with pkgs; [ - clang-tools + self.checks.${system}.pre-commit.enabledPackages ]; inherit (pre-commit) shellHook; diff --git a/templates/rust-cargo/flake.nix b/templates/rust-cargo/flake.nix index b9031d91..502d902e 100644 --- a/templates/rust-cargo/flake.nix +++ b/templates/rust-cargo/flake.nix @@ -88,14 +88,13 @@ devShells = { default = pkgs.mkShell { - inputsFrom = with self.packages.${system}; [ - project + inputsFrom = [ + self.packages.${system}.project ]; packages = with pkgs; [ - clippy rust-analyzer - rustfmt + self.checks.${system}.pre-commit.enabledPackages ]; RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}"; From 62ddec5c2346959e395b42775fbd82284bc8886f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 5 Apr 2025 18:46:14 +0100 Subject: [PATCH 206/362] templates: remove unused 'follows' --- templates/c++-cmake/flake.nix | 1 - templates/c++-meson/flake.nix | 1 - templates/rust-cargo/flake.nix | 1 - 3 files changed, 3 deletions(-) diff --git a/templates/c++-cmake/flake.nix b/templates/c++-cmake/flake.nix index eecb0070..7796f5e5 100644 --- a/templates/c++-cmake/flake.nix +++ b/templates/c++-cmake/flake.nix @@ -22,7 +22,6 @@ repo = "git-hooks.nix"; ref = "master"; inputs = { - flake-utils.follows = "futils"; nixpkgs.follows = "nixpkgs"; }; }; diff --git a/templates/c++-meson/flake.nix b/templates/c++-meson/flake.nix index a4357772..cb14eb56 100644 --- a/templates/c++-meson/flake.nix +++ b/templates/c++-meson/flake.nix @@ -22,7 +22,6 @@ repo = "git-hooks.nix"; ref = "master"; inputs = { - flake-utils.follows = "futils"; nixpkgs.follows = "nixpkgs"; }; }; diff --git a/templates/rust-cargo/flake.nix b/templates/rust-cargo/flake.nix index 502d902e..efd8358d 100644 --- a/templates/rust-cargo/flake.nix +++ b/templates/rust-cargo/flake.nix @@ -22,7 +22,6 @@ repo = "git-hooks.nix"; ref = "master"; inputs = { - flake-utils.follows = "futils"; nixpkgs.follows = "nixpkgs"; }; }; From ca98b8367c2ae384acd56271696f9a57de7f82f8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 5 Apr 2025 18:18:06 +0100 Subject: [PATCH 207/362] templates: add python-uv --- templates/default.nix | 4 + templates/python-uv/.envrc | 6 ++ templates/python-uv/.gitignore | 6 ++ templates/python-uv/.woodpecker/check.yml | 31 ++++++ templates/python-uv/flake.nix | 112 ++++++++++++++++++++ templates/python-uv/pyproject.toml | 17 +++ templates/python-uv/src/project/__init__.py | 2 + 7 files changed, 178 insertions(+) create mode 100644 templates/python-uv/.envrc create mode 100644 templates/python-uv/.gitignore create mode 100644 templates/python-uv/.woodpecker/check.yml create mode 100644 templates/python-uv/flake.nix create mode 100644 templates/python-uv/pyproject.toml create mode 100644 templates/python-uv/src/project/__init__.py diff --git a/templates/default.nix b/templates/default.nix index 44db753a..51864cda 100644 --- a/templates/default.nix +++ b/templates/default.nix @@ -7,6 +7,10 @@ path = ./c++-meson; description = "A C++ project using Meson"; }; + "python-uv" = { + path = ./python-uv; + description = "A Python project using uv"; + }; "rust-cargo" = { path = ./rust-cargo; description = "A Rust project using Cargo"; diff --git a/templates/python-uv/.envrc b/templates/python-uv/.envrc new file mode 100644 index 00000000..390d06d4 --- /dev/null +++ b/templates/python-uv/.envrc @@ -0,0 +1,6 @@ +# shellcheck shell=bash +if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" +fi + +use flake diff --git a/templates/python-uv/.gitignore b/templates/python-uv/.gitignore new file mode 100644 index 00000000..c79d1e89 --- /dev/null +++ b/templates/python-uv/.gitignore @@ -0,0 +1,6 @@ +# Virtual environments +.venv + +# Nix generated files +/.pre-commit-config.yaml +/result diff --git a/templates/python-uv/.woodpecker/check.yml b/templates/python-uv/.woodpecker/check.yml new file mode 100644 index 00000000..272c0e43 --- /dev/null +++ b/templates/python-uv/.woodpecker/check.yml @@ -0,0 +1,31 @@ +labels: + backend: local + +steps: +- name: pre-commit check + image: bash + commands: + - nix develop --command pre-commit run --all + +- name: nix flake check + image: bash + commands: + - nix flake check + +- name: notify + image: bash + environment: + ADDRESS: + from_secret: matrix_homeserver + ROOM: + from_secret: matrix_roomid + USER: + from_secret: matrix_username + PASS: + from_secret: matrix_password + commands: + - nix run github:ambroisie/matrix-notifier + when: + status: + - failure + - success diff --git a/templates/python-uv/flake.nix b/templates/python-uv/flake.nix new file mode 100644 index 00000000..5059e646 --- /dev/null +++ b/templates/python-uv/flake.nix @@ -0,0 +1,112 @@ +{ + description = "A Python project"; + + inputs = { + futils = { + type = "github"; + owner = "numtide"; + repo = "flake-utils"; + ref = "main"; + }; + + nixpkgs = { + type = "github"; + owner = "NixOS"; + repo = "nixpkgs"; + ref = "nixos-unstable"; + }; + + git-hooks = { + type = "github"; + owner = "cachix"; + repo = "git-hooks.nix"; + ref = "master"; + inputs = { + nixpkgs.follows = "nixpkgs"; + }; + }; + }; + + outputs = { self, futils, nixpkgs, git-hooks }: + { + overlays = { + default = final: _prev: { + project = with final; python3.pkgs.buildPythonApplication { + pname = "project"; + version = (final.lib.importTOML ./pyproject.toml).project.version; + pyproject = true; + + src = self; + + build-system = with python3.pkgs; [ setuptools ]; + + pythonImportsCheck = [ "project" ]; + + meta = with lib; { + description = "A Python project"; + homepage = "https://git.belanyi.fr/ambroisie/project"; + license = licenses.mit; + maintainers = with maintainers; [ ambroisie ]; + }; + }; + }; + }; + } // futils.lib.eachDefaultSystem (system: + let + pkgs = import nixpkgs { + inherit system; + overlays = [ + self.overlays.default + ]; + }; + + pre-commit = git-hooks.lib.${system}.run { + src = self; + + hooks = { + mypy = { + enable = true; + }; + + nixpkgs-fmt = { + enable = true; + }; + + ruff = { + enable = true; + }; + + ruff-format = { + enable = true; + }; + }; + }; + in + { + checks = { + inherit (self.packages.${system}) project; + + inherit pre-commit; + }; + + devShells = { + default = pkgs.mkShell { + inputsFrom = [ + self.packages.${system}.project + ]; + + packages = with pkgs; [ + uv + self.checks.${system}.pre-commit.enabledPackages + ]; + + inherit (pre-commit) shellHook; + }; + }; + + packages = futils.lib.flattenTree { + default = pkgs.project; + inherit (pkgs) project; + }; + }); +} diff --git a/templates/python-uv/pyproject.toml b/templates/python-uv/pyproject.toml new file mode 100644 index 00000000..7b2d896d --- /dev/null +++ b/templates/python-uv/pyproject.toml @@ -0,0 +1,17 @@ +[build-system] +requires = ["setuptools"] +build-backend = "setuptools.build_meta" + + +[project] +name = "project" +version = "0.0.0" +description = "project description" +requires-python = ">=3.12" +dependencies = [] + +[project.scripts] +project = "project:main" + +[dependency-groups] +dev = [] diff --git a/templates/python-uv/src/project/__init__.py b/templates/python-uv/src/project/__init__.py new file mode 100644 index 00000000..b06117df --- /dev/null +++ b/templates/python-uv/src/project/__init__.py @@ -0,0 +1,2 @@ +def main() -> None: + print("Hello, world!") From 7791ad09073529a8b01e534928fc0c61da139d53 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:00:10 +0000 Subject: [PATCH 208/362] nixos: services: servarr: fix 'enableAll' logic I renamed the option and refactored how it worked to make it more explicit that it enables the entire suite by default, with explicit opt-out of individual components (or fine-grained opt-in as an alternative). --- hosts/nixos/porthos/services.nix | 2 +- modules/nixos/services/servarr/default.nix | 20 +++++++++----------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index ffd150a0..021a6ae8 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -144,7 +144,7 @@ in sabnzbd.enable = true; # The whole *arr software suite servarr = { - enable = true; + enableAll = true; # ... But not Lidarr because I don't care for music that much lidarr = { enable = false; diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index e25d9cfd..65c409a3 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -19,6 +19,8 @@ let enable = true; group = "media"; }; + # Set-up media group + users.groups.media = { }; }; mkRedirection = service: { @@ -54,34 +56,30 @@ let in { options.my.services.servarr = { - enable = lib.mkEnableOption "Media automation"; + enableAll = lib.mkEnableOption "media automation suite"; bazarr = { - enable = lib.my.mkDisableOption "Bazarr"; + enable = lib.mkEnableOption "Bazarr" // { default = cfg.enableAll; };; }; lidarr = { - enable = lib.my.mkDisableOption "Lidarr"; + enable = lib.mkEnableOption "Lidarr" // { default = cfg.enableAll; }; }; radarr = { - enable = lib.my.mkDisableOption "Radarr"; + enable = lib.mkEnableOption "Radarr" // { default = cfg.enableAll; }; }; readarr = { - enable = lib.my.mkDisableOption "Readarr"; + enable = lib.mkEnableOption "Readarr" // { default = cfg.enableAll; }; }; sonarr = { - enable = lib.my.mkDisableOption "Sonarr"; + enable = lib.mkEnableOption "Sonarr" // { default = cfg.enableAll; }; }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - { - # Set-up media group - users.groups.media = { }; - } + config = (lib.mkMerge [ # Bazarr does not log authentication failures... (mkFullConfig "bazarr") # Lidarr for music From 860c13ab1f456bc37ef092453c75c09ee08fc950 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 10:51:21 +0000 Subject: [PATCH 209/362] nixos: services: servarr: extract bazarr It's not an actual *arr package, but closely related to them. Extract its configuration to a sub-module. --- modules/nixos/services/servarr/bazarr.nix | 29 ++++++++++++++++++++++ modules/nixos/services/servarr/default.nix | 11 +++----- 2 files changed, 33 insertions(+), 7 deletions(-) create mode 100644 modules/nixos/services/servarr/bazarr.nix diff --git a/modules/nixos/services/servarr/bazarr.nix b/modules/nixos/services/servarr/bazarr.nix new file mode 100644 index 00000000..2d27c958 --- /dev/null +++ b/modules/nixos/services/servarr/bazarr.nix @@ -0,0 +1,29 @@ +{ config, lib, ... }: +let + cfg = config.my.services.servarr.bazarr; +in +{ + options.my.services.servarr.bazarr = with lib; { + enable = lib.mkEnableOption "Bazarr" // { + default = config.my.services.servarr.enableAll; + }; + }; + + config = lib.mkIf cfg.enable { + services.bazarr = { + enable = true; + group = "media"; + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + bazarr = { + port = 6767; + }; + }; + + # Bazarr does not log authentication failures... + }; +} diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 65c409a3..53fd14b9 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -7,7 +7,6 @@ let cfg = config.my.services.servarr; ports = { - bazarr = 6767; lidarr = 8686; radarr = 7878; readarr = 8787; @@ -55,13 +54,13 @@ let ]); in { + imports = [ + ./bazarr.nix + ]; + options.my.services.servarr = { enableAll = lib.mkEnableOption "media automation suite"; - bazarr = { - enable = lib.mkEnableOption "Bazarr" // { default = cfg.enableAll; };; - }; - lidarr = { enable = lib.mkEnableOption "Lidarr" // { default = cfg.enableAll; }; }; @@ -80,8 +79,6 @@ in }; config = (lib.mkMerge [ - # Bazarr does not log authentication failures... - (mkFullConfig "bazarr") # Lidarr for music (mkFullConfig "lidarr") (mkFail2Ban "lidarr") From 1f876d3e214081aa3bd006a9b78fe5772473c382 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 10:53:32 +0000 Subject: [PATCH 210/362] nixos: services: servarr: bazarr: add 'port' --- modules/nixos/services/servarr/bazarr.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/servarr/bazarr.nix b/modules/nixos/services/servarr/bazarr.nix index 2d27c958..637da0c7 100644 --- a/modules/nixos/services/servarr/bazarr.nix +++ b/modules/nixos/services/servarr/bazarr.nix @@ -7,12 +7,20 @@ in enable = lib.mkEnableOption "Bazarr" // { default = config.my.services.servarr.enableAll; }; + + port = mkOption { + type = types.port; + default = 6767; + example = 8080; + description = "Internal port for webui"; + }; }; config = lib.mkIf cfg.enable { services.bazarr = { enable = true; group = "media"; + listenPort = cfg.port; }; # Set-up media group @@ -20,7 +28,7 @@ in my.services.nginx.virtualHosts = { bazarr = { - port = 6767; + inherit (cfg) port; }; }; From 8e6be43817d1337df7a5169bf62ae7d05e5689fb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:07:21 +0000 Subject: [PATCH 211/362] nixox: services: servarr: refactor starr config Makes it slightly DRY-er and more readable. --- modules/nixos/services/servarr/default.nix | 87 ++-------------------- modules/nixos/services/servarr/starr.nix | 51 +++++++++++++ 2 files changed, 56 insertions(+), 82 deletions(-) create mode 100644 modules/nixos/services/servarr/starr.nix diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 53fd14b9..398461bd 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -2,94 +2,17 @@ # Relevant link [1]. # # [1]: https://youtu.be/I26Ql-uX6AM -{ config, lib, ... }: -let - cfg = config.my.services.servarr; - - ports = { - lidarr = 8686; - radarr = 7878; - readarr = 8787; - sonarr = 8989; - }; - - mkService = service: { - services.${service} = { - enable = true; - group = "media"; - }; - # Set-up media group - users.groups.media = { }; - }; - - mkRedirection = service: { - my.services.nginx.virtualHosts = { - ${service} = { - port = ports.${service}; - }; - }; - }; - - mkFail2Ban = service: lib.mkIf cfg.${service}.enable { - services.fail2ban.jails = { - ${service} = '' - enabled = true - filter = ${service} - action = iptables-allports - ''; - }; - - environment.etc = { - "fail2ban/filter.d/${service}.conf".text = '' - [Definition] - failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ - journalmatch = _SYSTEMD_UNIT=${service}.service - ''; - }; - }; - - mkFullConfig = service: lib.mkIf cfg.${service}.enable (lib.mkMerge [ - (mkService service) - (mkRedirection service) - ]); -in +{ lib, ... }: { imports = [ ./bazarr.nix + (import ./starr.nix "lidarr") + (import ./starr.nix "radarr") + (import ./starr.nix "readarr") + (import ./starr.nix "sonarr") ]; options.my.services.servarr = { enableAll = lib.mkEnableOption "media automation suite"; - - lidarr = { - enable = lib.mkEnableOption "Lidarr" // { default = cfg.enableAll; }; - }; - - radarr = { - enable = lib.mkEnableOption "Radarr" // { default = cfg.enableAll; }; - }; - - readarr = { - enable = lib.mkEnableOption "Readarr" // { default = cfg.enableAll; }; - }; - - sonarr = { - enable = lib.mkEnableOption "Sonarr" // { default = cfg.enableAll; }; - }; }; - - config = (lib.mkMerge [ - # Lidarr for music - (mkFullConfig "lidarr") - (mkFail2Ban "lidarr") - # Radarr for movies - (mkFullConfig "radarr") - (mkFail2Ban "radarr") - # Readarr for books - (mkFullConfig "readarr") - (mkFail2Ban "readarr") - # Sonarr for shows - (mkFullConfig "sonarr") - (mkFail2Ban "sonarr") - ]); } diff --git a/modules/nixos/services/servarr/starr.nix b/modules/nixos/services/servarr/starr.nix new file mode 100644 index 00000000..e9c84f90 --- /dev/null +++ b/modules/nixos/services/servarr/starr.nix @@ -0,0 +1,51 @@ +# Templated *arr configuration +starr: +{ config, lib, ... }: +let + cfg = config.my.services.servarr.${starr}; + ports = { + lidarr = 8686; + radarr = 7878; + readarr = 8787; + sonarr = 8989; + }; +in +{ + options.my.services.servarr.${starr} = with lib; { + enable = lib.mkEnableOption (lib.toSentenceCase starr) // { + default = config.my.services.servarr.enableAll; + }; + }; + + config = lib.mkIf cfg.enable { + services.${starr} = { + enable = true; + group = "media"; + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + ${starr} = { + port = ports.${starr}; + }; + }; + + services.fail2ban.jails = { + ${starr} = '' + enabled = true + filter = ${starr} + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/${starr}.conf".text = '' + [Definition] + failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ + journalmatch = _SYSTEMD_UNIT=${starr}.service + ''; + }; + }; +} From d783b5f5ee598ddd82e585c12d8e397c55a1e3b1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:12:16 +0000 Subject: [PATCH 212/362] nixos: services: servarr: starr: add 'port' Now that declarative configurations are supported for those applications. --- modules/nixos/services/servarr/starr.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/servarr/starr.nix b/modules/nixos/services/servarr/starr.nix index e9c84f90..2bf7c114 100644 --- a/modules/nixos/services/servarr/starr.nix +++ b/modules/nixos/services/servarr/starr.nix @@ -15,12 +15,25 @@ in enable = lib.mkEnableOption (lib.toSentenceCase starr) // { default = config.my.services.servarr.enableAll; }; + + port = mkOption { + type = types.port; + default = ports.${starr}; + example = 8080; + description = "Internal port for webui"; + }; }; config = lib.mkIf cfg.enable { services.${starr} = { enable = true; group = "media"; + + settings = { + server = { + port = cfg.port; + }; + }; }; # Set-up media group @@ -28,7 +41,7 @@ in my.services.nginx.virtualHosts = { ${starr} = { - port = ports.${starr}; + port = cfg.port; }; }; From f825d047b5f17cdff8cd096660abf48ed79e7f72 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:21:24 +0000 Subject: [PATCH 213/362] nixos: services: servarr: migrate prowlarr The configuration doesn't have `group`, so it's a slightly different configuration to the rest of the *arr services. I also want to move the other two indexer modules under `servarr`, as they are all closely related. --- hosts/nixos/porthos/services.nix | 4 -- modules/nixos/services/indexers/default.nix | 30 ------------ modules/nixos/services/servarr/default.nix | 1 + modules/nixos/services/servarr/prowlarr.nix | 53 +++++++++++++++++++++ 4 files changed, 54 insertions(+), 34 deletions(-) create mode 100644 modules/nixos/services/servarr/prowlarr.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 021a6ae8..90178944 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -51,10 +51,6 @@ in passwordFile = secrets."forgejo/mail-password".path; }; }; - # Meta-indexers - indexers = { - prowlarr.enable = true; - }; # Jellyfin media server jellyfin.enable = true; # Gitea mirrorig service diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix index 8a42345a..00bf3163 100644 --- a/modules/nixos/services/indexers/default.nix +++ b/modules/nixos/services/indexers/default.nix @@ -5,13 +5,11 @@ let jackettPort = 9117; nzbhydraPort = 5076; - prowlarrPort = 9696; in { options.my.services.indexers = with lib; { jackett.enable = mkEnableOption "Jackett torrent meta-indexer"; nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer"; - prowlarr.enable = mkEnableOption "Prowlarr torrent & usenet meta-indexer"; }; config = lib.mkMerge [ @@ -46,33 +44,5 @@ in }; }; }) - - (lib.mkIf cfg.prowlarr.enable { - services.prowlarr = { - enable = true; - }; - - my.services.nginx.virtualHosts = { - prowlarr = { - port = prowlarrPort; - }; - }; - - services.fail2ban.jails = { - prowlarr = '' - enabled = true - filter = prowlarr - action = iptables-allports - ''; - }; - - environment.etc = { - "fail2ban/filter.d/prowlarr.conf".text = '' - [Definition] - failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ - journalmatch = _SYSTEMD_UNIT=prowlarr.service - ''; - }; - }) ]; } diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 398461bd..1bca773e 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -6,6 +6,7 @@ { imports = [ ./bazarr.nix + ./prowlarr.nix (import ./starr.nix "lidarr") (import ./starr.nix "radarr") (import ./starr.nix "readarr") diff --git a/modules/nixos/services/servarr/prowlarr.nix b/modules/nixos/services/servarr/prowlarr.nix new file mode 100644 index 00000000..ce044c63 --- /dev/null +++ b/modules/nixos/services/servarr/prowlarr.nix @@ -0,0 +1,53 @@ +# Torrent and NZB indexer +{ config, lib, ... }: +let + cfg = config.my.services.servarr.prowlarr; +in +{ + options.my.services.servarr.prowlarr = with lib; { + enable = lib.mkEnableOption "Prowlarr" // { + default = config.my.services.servarr.enableAll; + }; + + port = mkOption { + type = types.port; + default = 9696; + example = 8080; + description = "Internal port for webui"; + }; + }; + + config = lib.mkIf cfg.enable { + services.prowlarr = { + enable = true; + + settings = { + server = { + port = cfg.port; + }; + }; + }; + + my.services.nginx.virtualHosts = { + prowlarr = { + inherit (cfg) port; + }; + }; + + services.fail2ban.jails = { + prowlarr = '' + enabled = true + filter = prowlarr + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/prowlarr.conf".text = '' + [Definition] + failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ + journalmatch = _SYSTEMD_UNIT=prowlarr.service + ''; + }; + }; +} From 950cf4dd059e74d87084747b25e70138753b82d5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:27:18 +0000 Subject: [PATCH 214/362] nixos: services: servarr: migrate jackett --- hosts/nixos/porthos/services.nix | 4 +++ modules/nixos/services/indexers/default.nix | 22 -------------- modules/nixos/services/servarr/default.nix | 1 + modules/nixos/services/servarr/jackett.nix | 33 +++++++++++++++++++++ 4 files changed, 38 insertions(+), 22 deletions(-) create mode 100644 modules/nixos/services/servarr/jackett.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 90178944..d45846ae 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -145,6 +145,10 @@ in lidarr = { enable = false; }; + # I only use Prowlarr nowadays + jackett = { + enable = false; + }; }; # Because I still need to play sysadmin ssh-server.enable = true; diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix index 00bf3163..5d810796 100644 --- a/modules/nixos/services/indexers/default.nix +++ b/modules/nixos/services/indexers/default.nix @@ -3,36 +3,14 @@ let cfg = config.my.services.indexers; - jackettPort = 9117; nzbhydraPort = 5076; in { options.my.services.indexers = with lib; { - jackett.enable = mkEnableOption "Jackett torrent meta-indexer"; nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer"; }; config = lib.mkMerge [ - (lib.mkIf cfg.jackett.enable { - services.jackett = { - enable = true; - }; - - # Jackett wants to eat *all* my RAM if left to its own devices - systemd.services.jackett = { - serviceConfig = { - MemoryHigh = "15%"; - MemoryMax = "25%"; - }; - }; - - my.services.nginx.virtualHosts = { - jackett = { - port = jackettPort; - }; - }; - }) - (lib.mkIf cfg.nzbhydra.enable { services.nzbhydra2 = { enable = true; diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 1bca773e..06a1cef1 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -6,6 +6,7 @@ { imports = [ ./bazarr.nix + ./jackett.nix ./prowlarr.nix (import ./starr.nix "lidarr") (import ./starr.nix "radarr") diff --git a/modules/nixos/services/servarr/jackett.nix b/modules/nixos/services/servarr/jackett.nix new file mode 100644 index 00000000..756df9bf --- /dev/null +++ b/modules/nixos/services/servarr/jackett.nix @@ -0,0 +1,33 @@ +{ config, lib, ... }: +let + cfg = config.my.services.servarr.jackett; +in +{ + options.my.services.servarr.jackett = with lib; { + enable = lib.mkEnableOption "Jackett" // { + default = config.my.services.servarr.enableAll; + }; + }; + + config = lib.mkIf cfg.enable { + services.jackett = { + enable = true; + }; + + # Jackett wants to eat *all* my RAM if left to its own devices + systemd.services.jackett = { + serviceConfig = { + MemoryHigh = "15%"; + MemoryMax = "25%"; + }; + }; + + my.services.nginx.virtualHosts = { + jackett = { + port = 9117; + }; + }; + + # Jackett does not log authentication failures... + }; +} From c823edf58415c1f07eebd03a21617c09447cafbb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:28:04 +0000 Subject: [PATCH 215/362] nixos: services: servarr: jackett: add 'port' --- modules/nixos/services/servarr/jackett.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/servarr/jackett.nix b/modules/nixos/services/servarr/jackett.nix index 756df9bf..481cd3de 100644 --- a/modules/nixos/services/servarr/jackett.nix +++ b/modules/nixos/services/servarr/jackett.nix @@ -7,11 +7,19 @@ in enable = lib.mkEnableOption "Jackett" // { default = config.my.services.servarr.enableAll; }; + + port = mkOption { + type = types.port; + default = 9117; + example = 8080; + description = "Internal port for webui"; + }; }; config = lib.mkIf cfg.enable { services.jackett = { enable = true; + inherit (cfg) port; }; # Jackett wants to eat *all* my RAM if left to its own devices @@ -24,7 +32,7 @@ in my.services.nginx.virtualHosts = { jackett = { - port = 9117; + inherit (cfg) port; }; }; From b1ade723837cbffcfc8a1ac24fa96566392e5e3d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:32:39 +0000 Subject: [PATCH 216/362] nixos: services: servarr: migrate nzbhydra --- hosts/nixos/porthos/services.nix | 3 +++ modules/nixos/services/default.nix | 1 - modules/nixos/services/indexers/default.nix | 26 --------------------- modules/nixos/services/servarr/default.nix | 1 + modules/nixos/services/servarr/nzbhydra.nix | 25 ++++++++++++++++++++ 5 files changed, 29 insertions(+), 27 deletions(-) delete mode 100644 modules/nixos/services/indexers/default.nix create mode 100644 modules/nixos/services/servarr/nzbhydra.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index d45846ae..7efddfa1 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -149,6 +149,9 @@ in jackett = { enable = false; }; + nzbhydra = { + enable = false; + }; }; # Because I still need to play sysadmin ssh-server.enable = true; diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 3992385f..27f8765a 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -15,7 +15,6 @@ ./gitea ./grocy ./homebox - ./indexers ./jellyfin ./komga ./lohr diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix deleted file mode 100644 index 5d810796..00000000 --- a/modules/nixos/services/indexers/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -# Torrent and usenet meta-indexers -{ config, lib, ... }: -let - cfg = config.my.services.indexers; - - nzbhydraPort = 5076; -in -{ - options.my.services.indexers = with lib; { - nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer"; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.nzbhydra.enable { - services.nzbhydra2 = { - enable = true; - }; - - my.services.nginx.virtualHosts = { - nzbhydra = { - port = nzbhydraPort; - }; - }; - }) - ]; -} diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 06a1cef1..23838fde 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -7,6 +7,7 @@ imports = [ ./bazarr.nix ./jackett.nix + ./nzbhydra.nix ./prowlarr.nix (import ./starr.nix "lidarr") (import ./starr.nix "radarr") diff --git a/modules/nixos/services/servarr/nzbhydra.nix b/modules/nixos/services/servarr/nzbhydra.nix new file mode 100644 index 00000000..4112c30d --- /dev/null +++ b/modules/nixos/services/servarr/nzbhydra.nix @@ -0,0 +1,25 @@ +{ config, lib, ... }: +let + cfg = config.my.services.servarr.nzbhydra; +in +{ + options.my.services.servarr.nzbhydra = with lib; { + enable = lib.mkEnableOption "NZBHydra2" // { + default = config.my.services.servarr.enableAll; + }; + }; + + config = lib.mkIf cfg.enable { + services.nzbhydra2 = { + enable = true; + }; + + my.services.nginx.virtualHosts = { + nzbhydra = { + port = 5076; + }; + }; + + # NZBHydra2 does not log authentication failures... + }; +} From ec965800e4a1cd0d8a26f7e2ba50d31e85aaf9b9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:34:25 +0000 Subject: [PATCH 217/362] nixos: services: servarr: nzbhydra: fix websockets From what I could read, NZBHydra2 *might* require proxying websockets in new versions (better safe than sorry). --- modules/nixos/services/servarr/nzbhydra.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/services/servarr/nzbhydra.nix b/modules/nixos/services/servarr/nzbhydra.nix index 4112c30d..7b639869 100644 --- a/modules/nixos/services/servarr/nzbhydra.nix +++ b/modules/nixos/services/servarr/nzbhydra.nix @@ -17,6 +17,7 @@ in my.services.nginx.virtualHosts = { nzbhydra = { port = 5076; + websocketsLocations = [ "/" ]; }; }; From 351026418678281890d469c7d183516f34bba445 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 22:49:11 +0200 Subject: [PATCH 218/362] flake: bump inputs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 353a3923..d86d6b5a 100644 --- a/flake.lock +++ b/flake.lock @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1743607567, - "narHash": "sha256-kTzKPDFmNzwO1cK4fiJgPB/iSw7HgBAmknRTeAPJAeI=", + "lastModified": 1743869639, + "narHash": "sha256-Xhe3whfRW/Ay05z9m1EZ1/AkbV1yo0tm1CbgjtCi4rQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "49748c74cdbae03d70381f150b810f92617f23aa", + "rev": "d094c6763c6ddb860580e7d3b4201f8f496a6836", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743448293, - "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=", + "lastModified": 1743689281, + "narHash": "sha256-y7Hg5lwWhEOgflEHRfzSH96BOt26LaYfrYWzZ+VoVdg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3", + "rev": "2bfc080955153be0be56724be6fa5477b4eefabb", "type": "github" }, "original": { From 215eb4c91ac722b8da4bb38c6791695021c3b516 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 13 Feb 2025 22:59:51 +0100 Subject: [PATCH 219/362] nixos: services: servarr: add autobrr --- hosts/nixos/porthos/services.nix | 3 ++ modules/nixos/services/servarr/autobrr.nix | 62 ++++++++++++++++++++++ modules/nixos/services/servarr/default.nix | 1 + 3 files changed, 66 insertions(+) create mode 100644 modules/nixos/services/servarr/autobrr.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 7efddfa1..cb77fbe1 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -141,6 +141,9 @@ in # The whole *arr software suite servarr = { enableAll = true; + autobrr = { + enable = false; + }; # ... But not Lidarr because I don't care for music that much lidarr = { enable = false; diff --git a/modules/nixos/services/servarr/autobrr.nix b/modules/nixos/services/servarr/autobrr.nix new file mode 100644 index 00000000..afb07f4c --- /dev/null +++ b/modules/nixos/services/servarr/autobrr.nix @@ -0,0 +1,62 @@ +# IRC-based +{ config, lib, ... }: +let + cfg = config.my.services.servarr.autobrr; +in +{ + options.my.services.servarr.autobrr = with lib; { + enable = mkEnableOption "autobrr IRC announce tracker" // { + default = config.my.services.servarr.enableAll; + }; + + port = mkOption { + type = types.port; + default = 7474; + example = 8080; + description = "Internal port for webui"; + }; + + sessionSecretFile = mkOption { + type = types.str; + example = "/run/secrets/autobrr-secret.txt"; + description = '' + File containing the session secret. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + services.autobrr = { + enable = true; + + settings = { + inherit (cfg) port; + checkForUpdates = false; + }; + + secretFile = cfg.sessionSecretFile; + }; + + my.services.nginx.virtualHosts = { + autobrr = { + inherit (cfg) port; + }; + }; + + services.fail2ban.jails = { + autobrr = '' + enabled = true + filter = autobrr + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/autobrr.conf".text = '' + [Definition] + failregex = ^.*Auth: invalid login \[.*\] from: $ + journalmatch = _SYSTEMD_UNIT=autobrr.service + ''; + }; + }; +} diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 23838fde..409fcdc6 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -5,6 +5,7 @@ { lib, ... }: { imports = [ + ./autobrr.nix ./bazarr.nix ./jackett.nix ./nzbhydra.nix From 979814e9dea51880a2ed2c3f37033b994160441d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 13 Feb 2025 21:58:19 +0000 Subject: [PATCH 220/362] hosts: nixos: porthos: secrets: add autobrr --- hosts/nixos/porthos/secrets/secrets.nix | 2 ++ .../porthos/secrets/servarr/autobrr/session-secret.age | 7 +++++++ 2 files changed, 9 insertions(+) create mode 100644 hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index 68e90f2e..425756c5 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -80,6 +80,8 @@ in "pyload/credentials.age".publicKeys = all; + "servarr/autobrr/session-secret.age".publicKeys = all; + "sso/auth-key.age" = { owner = "nginx-sso"; publicKeys = all; diff --git a/hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age b/hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age new file mode 100644 index 00000000..e98b94ad --- /dev/null +++ b/hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 cKojmg bu09lB+fjaPP31cUQZP6EqSPuseucgNK7k9vAS08iS0 ++NGL+b2QD/qGo6hqHvosAXzHZtDvfodmPdcgnrKlD1o +-> ssh-ed25519 jPowng QDCdRBGWhtdvvMCiDH52cZHz1/W7aomhTatZ4+9IKwI +Ou3jjV/O55G1CPgGS33l3eWhhYWrVdwVNPSiE14d5rE +--- q0ssmpG50OX1WaNSInc2hbtH3DbTwQGDU74VGEoMh94 + ¯mCùºÆ‘'hK.Ðì/™Xu(€«Õ×g$½'¼šM{fK˜” !ÛMZ²oR÷®ˆüÎÕÍŸö;yb \ No newline at end of file From b8c649d5bff68813cb8589c776cf39a17cef91ea Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 30 Mar 2025 20:22:01 +0200 Subject: [PATCH 221/362] hosts: nixos: porthos: services: enable autobrr --- hosts/nixos/porthos/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index cb77fbe1..784eb313 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -142,7 +142,7 @@ in servarr = { enableAll = true; autobrr = { - enable = false; + sessionSecretFile = secrets."servarr/autobrr/session-secret".path; }; # ... But not Lidarr because I don't care for music that much lidarr = { From 08f7c2bd7912696047e815adbb92adf89f4e47c7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 5 Apr 2025 20:24:21 +0200 Subject: [PATCH 222/362] nixos: services: nextcloud: bump to 31 --- modules/nixos/services/nextcloud/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index fe941778..cf1b876f 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -35,7 +35,7 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud30; + package = pkgs.nextcloud31; hostName = "nextcloud.${config.networking.domain}"; home = "/var/lib/nextcloud"; maxUploadSize = cfg.maxSize; From 01529075369d01274302efaaa8df55aac77b1a21 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 7 Apr 2025 10:19:30 +0000 Subject: [PATCH 223/362] flake: nixos: use 'self.dirtyRev' if available --- flake/nixos.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake/nixos.nix b/flake/nixos.nix index fa656dc0..bf9eac8c 100644 --- a/flake/nixos.nix +++ b/flake/nixos.nix @@ -3,7 +3,7 @@ let defaultModules = [ { # Let 'nixos-version --json' know about the Git revision - system.configurationRevision = self.rev or "dirty"; + system.configurationRevision = self.rev or self.dirtyRev or "dirty"; } { nixpkgs.overlays = (lib.attrValues self.overlays) ++ [ From a1cab7f60649123658bb8df098c5eff934d0364b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 7 Apr 2025 15:50:22 +0000 Subject: [PATCH 224/362] flake: home-manager: set overlays in module I need to inherit `lib` to make sure it picks up my version, not the one from `pkgs`. I can't use `extraSpecialArgs` like NixOS, due to it missing from upstream [1]. [1]: https://github.com/nix-community/home-manager/pull/3969 --- flake/home-manager.nix | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/flake/home-manager.nix b/flake/home-manager.nix index add889eb..093ae8cf 100644 --- a/flake/home-manager.nix +++ b/flake/home-manager.nix @@ -3,6 +3,11 @@ let defaultModules = [ # Include generic settings "${self}/modules/home" + { + nixpkgs.overlays = (lib.attrValues self.overlays) ++ [ + inputs.nur.overlays.default + ]; + } { # Basic user information defaults home.username = lib.mkDefault "ambroisie"; @@ -21,18 +26,15 @@ let # * not letting me set `lib` as an extraSpecialArgs # * not respecting `nixpkgs.overlays` [1] # [1]: https://github.com/nix-community/home-manager/issues/2954 - pkgs = import inputs.nixpkgs { - inherit system; - - overlays = (lib.attrValues self.overlays) ++ [ - inputs.nur.overlays.default - ]; - }; + pkgs = inputs.nixpkgs.legacyPackages.${system}; modules = defaultModules ++ [ "${self}/hosts/homes/${name}" ]; + # Use my extended lib in NixOS configuration + inherit (self) lib; + extraSpecialArgs = { # Inject inputs to use them in global registry inherit inputs; From e5bf5a3ba1ce7c6d2aa09658303dcabf72bb09b9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 9 Apr 2025 11:41:07 +0200 Subject: [PATCH 225/362] flake: bump inputs --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index d86d6b5a..9e61219b 100644 --- a/flake.lock +++ b/flake.lock @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743689281, - "narHash": "sha256-y7Hg5lwWhEOgflEHRfzSH96BOt26LaYfrYWzZ+VoVdg=", + "lastModified": 1744174375, + "narHash": "sha256-oxI9TLgnQbQ/WL0tIwVSIooLbXq4PW1QUhf5aQmXFgk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2bfc080955153be0be56724be6fa5477b4eefabb", + "rev": "ef3a956f697525883b77192cbe208233ea0f8f79", "type": "github" }, "original": { From 439a6bc930ea7eabb372824c71d4a9174d4588b5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 9 Apr 2025 12:26:04 +0200 Subject: [PATCH 226/362] nixos: services: homebox: use postgres --- modules/nixos/services/homebox/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos/services/homebox/default.nix b/modules/nixos/services/homebox/default.nix index d79e3314..bde59e67 100644 --- a/modules/nixos/services/homebox/default.nix +++ b/modules/nixos/services/homebox/default.nix @@ -19,6 +19,11 @@ in services.homebox = { enable = true; + # Automatic PostgreSQL provisioning + database = { + createLocally = true; + }; + settings = { # FIXME: mailer? HBOX_WEB_PORT = toString cfg.port; From 1dd1dbb917b17da7864a4ac20a977869ff752ac2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 9 Apr 2025 12:26:42 +0200 Subject: [PATCH 227/362] nixos: services: homebox: proxy websockets Should avoid a bunch of error logs, and ensure that e.g: adding a label does not require a refresh to show it in a list. --- modules/nixos/services/homebox/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/services/homebox/default.nix b/modules/nixos/services/homebox/default.nix index bde59e67..8ed5d776 100644 --- a/modules/nixos/services/homebox/default.nix +++ b/modules/nixos/services/homebox/default.nix @@ -33,6 +33,7 @@ in my.services.nginx.virtualHosts = { homebox = { inherit (cfg) port; + websocketsLocations = [ "/api" ]; }; }; From bd55ecc016eb49eca60b98ab0d2a22eca49a95ce Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 9 Apr 2025 12:27:51 +0200 Subject: [PATCH 228/362] hosts: nixos: porthos: services: enable homebox --- hosts/nixos/porthos/services.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 784eb313..561da278 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -51,6 +51,10 @@ in passwordFile = secrets."forgejo/mail-password".path; }; }; + # Home inventory + homebox = { + enable = true; + }; # Jellyfin media server jellyfin.enable = true; # Gitea mirrorig service From a28295da27b96301bba49cd68cb6ae017be4be76 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 11 Apr 2025 19:01:08 +0200 Subject: [PATCH 229/362] nixos: services: servarr: autobrr: fix comment --- modules/nixos/services/servarr/autobrr.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/servarr/autobrr.nix b/modules/nixos/services/servarr/autobrr.nix index afb07f4c..4465a78c 100644 --- a/modules/nixos/services/servarr/autobrr.nix +++ b/modules/nixos/services/servarr/autobrr.nix @@ -1,4 +1,4 @@ -# IRC-based +# IRC-based indexer { config, lib, ... }: let cfg = config.my.services.servarr.autobrr; From a0473a5c6cd191ea649c250dc7e8f6094e74adba Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 12 Apr 2025 11:27:47 +0200 Subject: [PATCH 230/362] nixos: services: servarr: autobrr: fix fail2ban The log line for authentication failures has been updated since the original PR. It also happens to be logged in JSON, and I'm a bit too lazy to match it more properly than this. --- modules/nixos/services/servarr/autobrr.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/servarr/autobrr.nix b/modules/nixos/services/servarr/autobrr.nix index 4465a78c..398e8786 100644 --- a/modules/nixos/services/servarr/autobrr.nix +++ b/modules/nixos/services/servarr/autobrr.nix @@ -54,7 +54,7 @@ in environment.etc = { "fail2ban/filter.d/autobrr.conf".text = '' [Definition] - failregex = ^.*Auth: invalid login \[.*\] from: $ + failregex = "message":"Auth: Failed login attempt username: \[.*\] ip: " journalmatch = _SYSTEMD_UNIT=autobrr.service ''; }; From e82ae4a2192191e2894969fe3107fdbcd36c8c92 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 14 Apr 2025 10:19:57 +0000 Subject: [PATCH 231/362] home: vim: numbertoggle: remove 'TermOpen' event It's now part of upstream's default setup. --- modules/home/vim/plugin/numbertoggle.lua | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/modules/home/vim/plugin/numbertoggle.lua b/modules/home/vim/plugin/numbertoggle.lua index 80427101..b1e3df21 100644 --- a/modules/home/vim/plugin/numbertoggle.lua +++ b/modules/home/vim/plugin/numbertoggle.lua @@ -22,13 +22,3 @@ vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "InsertEnter", "WinLeave" end end, }) - --- Never show the sign column in a terminal buffer -vim.api.nvim_create_autocmd({ "TermOpen" }, { - pattern = "*", - group = numbertoggle, - callback = function() - vim.opt.number = false - vim.opt.relativenumber = false - end, -}) From 67936af4c73f8664448efc80b072f40c568517c6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 14 Apr 2025 10:19:57 +0000 Subject: [PATCH 232/362] home: vim: signtoggle: remove 'TermOpen' event It's now part of upstream's default setup. --- modules/home/vim/plugin/signtoggle.lua | 9 --------- 1 file changed, 9 deletions(-) diff --git a/modules/home/vim/plugin/signtoggle.lua b/modules/home/vim/plugin/signtoggle.lua index 9765a818..6a7640c1 100644 --- a/modules/home/vim/plugin/signtoggle.lua +++ b/modules/home/vim/plugin/signtoggle.lua @@ -15,12 +15,3 @@ vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "WinLeave" }, { vim.opt.signcolumn = "no" end, }) - --- Never show the sign column in a terminal buffer -vim.api.nvim_create_autocmd({ "TermOpen" }, { - pattern = "*", - group = signtoggle, - callback = function() - vim.opt.signcolumn = "no" - end, -}) From 6f5ac4e55f644a5e5a473e9fda752fbebdec7455 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 14 Apr 2025 10:24:30 +0000 Subject: [PATCH 233/362] home: vim: signtoggle: only show signs if 'number' If a buffer doesn't show a number column, I probably also don't want a sign column to be toggled on/off in there. --- modules/home/vim/plugin/signtoggle.lua | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/modules/home/vim/plugin/signtoggle.lua b/modules/home/vim/plugin/signtoggle.lua index 6a7640c1..3deca340 100644 --- a/modules/home/vim/plugin/signtoggle.lua +++ b/modules/home/vim/plugin/signtoggle.lua @@ -1,17 +1,21 @@ local signtoggle = vim.api.nvim_create_augroup("signtoggle", { clear = true }) --- Only show sign column for the currently focused buffer +-- Only show sign column for the currently focused buffer, if it has a number column vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "WinEnter" }, { pattern = "*", group = signtoggle, callback = function() - vim.opt.signcolumn = "yes" + if vim.opt.number:get() then + vim.opt.signcolumn = "yes" + end end, }) vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "WinLeave" }, { pattern = "*", group = signtoggle, callback = function() - vim.opt.signcolumn = "no" + if vim.opt.number:get() then + vim.opt.signcolumn = "no" + end end, }) From 26ee59ef6e4f28ccbdbcf87eb28bb4074a87c840 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 14 Apr 2025 13:54:52 +0000 Subject: [PATCH 234/362] home: atuin: use 'uk' dialect for dates This should be for date *parsing*, from my looking at the code. Unlikely to be relevant, but might as well set it to the saner of the two options. --- modules/home/atuin/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home/atuin/default.nix b/modules/home/atuin/default.nix index 3f062638..8c02e692 100644 --- a/modules/home/atuin/default.nix +++ b/modules/home/atuin/default.nix @@ -21,6 +21,8 @@ in ]; settings = { + # Reasonable date format + dialect = "uk"; # The package is managed by Nix update_check = false; # I don't care for the fancy display From c69aaa7adb604593d20d38d0037caaf24cb41f3e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 16 Apr 2025 15:25:18 +0200 Subject: [PATCH 235/362] nixos: services: servarr: autobrr: fix websockets I found some logs complaining about websockets before enabling this. --- modules/nixos/services/servarr/autobrr.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/services/servarr/autobrr.nix b/modules/nixos/services/servarr/autobrr.nix index 398e8786..c3370cb8 100644 --- a/modules/nixos/services/servarr/autobrr.nix +++ b/modules/nixos/services/servarr/autobrr.nix @@ -40,6 +40,7 @@ in my.services.nginx.virtualHosts = { autobrr = { inherit (cfg) port; + websocketsLocations = [ "/api" ]; }; }; From e4bc0444bfe7fdc7a43afcbda1ec7379f8286301 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 16 Apr 2025 15:29:10 +0200 Subject: [PATCH 236/362] nixos: services: transmission: fix umask I want downloads to be readable by the `media` group. The permissions weren't correctly applied without `umask`. --- modules/nixos/services/transmission/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index ac8b24dd..16d51e3f 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -65,6 +65,8 @@ in # Proxied behind Nginx. rpc-whitelist-enabled = true; rpc-whitelist = "127.0.0.1"; + + umask = "002"; # To go with `downloadDirPermissions` }; }; From 1b6a48d6c27a88c98c6c99cbe642ee681c362cbd Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 16 Apr 2025 17:07:23 +0200 Subject: [PATCH 237/362] flake: bump inputs --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 9e61219b..65b8f048 100644 --- a/flake.lock +++ b/flake.lock @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744174375, - "narHash": "sha256-oxI9TLgnQbQ/WL0tIwVSIooLbXq4PW1QUhf5aQmXFgk=", + "lastModified": 1744777043, + "narHash": "sha256-O6jgTxz9BKUiaJl03JsVHvSjtCOC8gHfDvC2UCfcLMc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ef3a956f697525883b77192cbe208233ea0f8f79", + "rev": "7a6f7f4c1c69eee05641beaa40e7f85da8e69fb0", "type": "github" }, "original": { From c40090d17607efbec1d58cefa95f0745ab0806b7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 12 Apr 2025 14:51:46 +0200 Subject: [PATCH 238/362] nixos: services: servarr: add cross-seed --- hosts/nixos/porthos/services.nix | 3 + modules/nixos/services/servarr/cross-seed.nix | 96 +++++++++++++++++++ modules/nixos/services/servarr/default.nix | 1 + 3 files changed, 100 insertions(+) create mode 100644 modules/nixos/services/servarr/cross-seed.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 561da278..a95840a9 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -148,6 +148,9 @@ in autobrr = { sessionSecretFile = secrets."servarr/autobrr/session-secret".path; }; + cross-seed = { + enable = false; + }; # ... But not Lidarr because I don't care for music that much lidarr = { enable = false; diff --git a/modules/nixos/services/servarr/cross-seed.nix b/modules/nixos/services/servarr/cross-seed.nix new file mode 100644 index 00000000..74f216ae --- /dev/null +++ b/modules/nixos/services/servarr/cross-seed.nix @@ -0,0 +1,96 @@ +# Automatic cross-seeding for video media +{ config, lib, ... }: +let + cfg = config.my.services.servarr.cross-seed; +in +{ + options.my.services.servarr.cross-seed = with lib; { + enable = mkEnableOption "cross-seed daemon" // { + default = config.my.services.servarr.enableAll; + }; + + port = mkOption { + type = types.port; + default = 2468; + example = 8080; + description = "Internal port for daemon"; + }; + + linkDirectory = mkOption { + type = types.str; + default = "/data/downloads/complete/links"; + example = "/var/lib/cross-seed/links"; + description = "Link directory"; + }; + + secretSettingsFile = mkOption { + type = types.str; + example = "/run/secrets/cross-seed-secrets.json"; + description = '' + File containing secret settings. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + services.cross-seed = { + enable = true; + group = "media"; + + # Rely on recommended defaults for tracker snatches etc... + useGenConfigDefaults = true; + + settings = { + inherit (cfg) port; + host = "127.0.0.1"; + + # Inject torrents to client directly + action = "inject"; + # Query the client for torrents to match + useClientTorrents = true; + # Use hardlinks + linkType = "hardlink"; + # Use configured link directory + linkDirs = [ cfg.linkDirectory ]; + # Match as many torrents as possible + matchMode = "partial"; + # Cross-seed full season if at least 50% of episodes are already downloaded + seasonFromEpisodes = 0.5; + }; + + settingsFile = cfg.secretSettingsFile; + }; + + systemd.services.cross-seed = { + serviceConfig = { + # Loose umask to make cross-seed links readable by `media` + UMask = "0002"; + }; + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + cross-seed = { + inherit (cfg) port; + }; + }; + + services.fail2ban.jails = { + cross-seed = '' + enabled = true + filter = cross-seed + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/cross-seed.conf".text = '' + [Definition] + failregex = ^.*Unauthorized API access attempt to .* from $ + journalmatch = _SYSTEMD_UNIT=cross-seed.service + ''; + }; + }; +} diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 409fcdc6..dca57cf6 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -7,6 +7,7 @@ imports = [ ./autobrr.nix ./bazarr.nix + ./cross-seed.nix ./jackett.nix ./nzbhydra.nix ./prowlarr.nix From 058096079eadcf5fb488f00156dcd6d3a5489256 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 12 Apr 2025 14:52:10 +0200 Subject: [PATCH 239/362] hosts: nixos: porthos: secrets: add cross-seed --- hosts/nixos/porthos/secrets/secrets.nix | 1 + .../servarr/cross-seed/configuration.json.age | Bin 0 -> 1282 bytes 2 files changed, 1 insertion(+) create mode 100644 hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index 425756c5..b3812b43 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -81,6 +81,7 @@ in "pyload/credentials.age".publicKeys = all; "servarr/autobrr/session-secret.age".publicKeys = all; + "servarr/cross-seed/configuration.json.age".publicKeys = all; "sso/auth-key.age" = { owner = "nginx-sso"; diff --git a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age new file mode 100644 index 0000000000000000000000000000000000000000..e9af03f472da8411b7106cf733ba1d389201263a GIT binary patch literal 1282 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSn_Ri1BO;^Y%D)lpW z_Vox$^UBlD_YJRfEOs*TaI7%TamjG@@%MBN_6+q4%rlBG4CFEk(T)lZswgWlj0|@T zOfI%GGIq@J$u08_b}~sxN^>zZ3kh=Z)~^WiGeNg4DR)FdraKP>Q?&_key4;IpeNQjT-={NB3)O=pQ;MLzxPQS!oIb3v^1Sri)Zs9eVB=lXAmyUEuZlJ%3cK^Gi!u7w2uv-`dOQZ$FXe z3*(03pW)Xgwfh=0Gjk-(y5bwTz)`wS;CJZJWp^yK``2&nXpHTb_IM9_Qkgn(YnF5BSA*H`bfRnLD#;ukQR_DQvniFx=(b?Qj2! zjwJcLmRIPtk}o>ACGkbuS&frT;XOMSX2r>6bGA<`5MKBvH)cmpdxG$^g=^xroJ_lW zj8(z<=7Gg4?T`5IWK_04n)k`A_^6Ro?}Rfup7}iebiiEhj^WR)BYmZDuN1^h=f3NB z6c#wu{Eyn*Tra+3;%3F&h3x;{ z^$9+GF!jix1q_uog>SvI7|Yxv)Rh!9ZmoJe^Hct_oFjD>yg&T+$mUMnlCH0>@~5aB{o`yCkb0pdG)BVZ)G22c?)L5Mi!54$;;YvkVqAOw@6QYkJHc+T zNuQ?QSKG(kYxG~eg5$-Dk9TiY9FCcs7awN$Li4RTlb1v|*GGSr=bP_ytXh#jaoPRb zwqIJFxK>UPFfTilIA`aV#ZKF@6J~T=_+H2N?wKE_+oI|3g2V15M&`b+lZ*TGd$II~ zp4Y!@)U{7*rY!nfB+ayF=43{`-Tk2xT8jLvukPx;c-d-lXH&IZ+b@X|F$b9DSJ}w? zn|)=Ec)*@~w|7Ctwy8c>9*bKP8$9m~Z2lAQOWRa0DSvOJ^E$QZQ65=0Za0753*7ZutHTFF1He;Ff2n;b$@S zO@^oRdHR_y1$Hbr^txewUfIF>X6zzqJWZZTPgB_3-hUQrYkHDkaX$G8Gn2mmfp2fO a3$3o2qvJ8ZJ$CJ3_b3jI6I)+s@Bjd%=|BMh literal 0 HcmV?d00001 From ee1139713c908ab43cd86b86fc984f1824395ca2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 12 Apr 2025 14:52:38 +0200 Subject: [PATCH 240/362] hosts: nixos: porthos: services: enable cross-seed --- hosts/nixos/porthos/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index a95840a9..96f15d38 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -149,7 +149,7 @@ in sessionSecretFile = secrets."servarr/autobrr/session-secret".path; }; cross-seed = { - enable = false; + secretSettingsFile = secrets."servarr/cross-seed/configuration.json".path; }; # ... But not Lidarr because I don't care for music that much lidarr = { From 135cef25365c25a1efaa912489c960a5fe839663 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 16 Apr 2025 16:04:52 +0000 Subject: [PATCH 241/362] home: atuin: add daemon Enabled by default, I probably won't have a reason *not* to use it. --- modules/home/atuin/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/home/atuin/default.nix b/modules/home/atuin/default.nix index 8c02e692..dbd9690a 100644 --- a/modules/home/atuin/default.nix +++ b/modules/home/atuin/default.nix @@ -8,6 +8,10 @@ in # I want the full experience by default package = mkPackageOption pkgs "atuin" { }; + + daemon = { + enable = my.mkDisableOption "atuin daemon"; + }; }; config = lib.mkIf cfg.enable { @@ -15,6 +19,10 @@ in enable = true; inherit (cfg) package; + daemon = lib.mkIf cfg.daemon.enable { + enable = true; + }; + flags = [ # I *despise* this hijacking of the up key, even though I use Ctrl-p "--disable-up-arrow" From 29b47d7f84c67428d44ccc1f385161f187702661 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 22 Apr 2025 13:04:36 +0000 Subject: [PATCH 242/362] home: tmux: rename 'mkTerminalFeature' This is a more accurate name to describe what the function is doing. --- modules/home/tmux/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 08b9202c..82ceb3a3 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -6,7 +6,7 @@ let (config.my.home.wm.windowManager != null) ]; - mkTerminalFlags = opt: flag: + mkTerminalFeature = opt: flag: let mkFlag = term: ''set -as terminal-features ",${term}:${flag}"''; enabledTerminals = lib.filterAttrs (_: v: v.${opt}) cfg.terminalFeatures; @@ -123,9 +123,9 @@ in } # Force OSC8 hyperlinks for each relevant $TERM - ${mkTerminalFlags "hyperlinks" "hyperlinks"} + ${mkTerminalFeature "hyperlinks" "hyperlinks"} # Force 24-bit color for each relevant $TERM - ${mkTerminalFlags "trueColor" "RGB"} + ${mkTerminalFeature "trueColor" "RGB"} ''; }; } From ec1c94676a727ee7b6e20c377ad0f7d05af9d69e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 22 Apr 2025 13:15:04 +0000 Subject: [PATCH 243/362] home: vim: highlight over-extended commit subjects --- modules/home/vim/after/queries/gitcommit/highlights.scm | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 modules/home/vim/after/queries/gitcommit/highlights.scm diff --git a/modules/home/vim/after/queries/gitcommit/highlights.scm b/modules/home/vim/after/queries/gitcommit/highlights.scm new file mode 100644 index 00000000..05162c9d --- /dev/null +++ b/modules/home/vim/after/queries/gitcommit/highlights.scm @@ -0,0 +1,6 @@ +; extends + +; Highlight over-extended subject lines (rely on wrapping for message body) +((subject) @comment.error + (#vim-match? @comment.error ".\{50,}") + (#offset! @comment.error 0 50 0 0)) From 946eab9ec00bfba393d1ed292a28f0f692048096 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 21 Feb 2025 16:26:39 +0000 Subject: [PATCH 244/362] home: git: extract 'delta' configuration I want to be able to re-use it between different source control systems (e.g: `jj`). As a first step, extract it to a proper module so that I can have it live in a single space. --- modules/home/default.nix | 1 + modules/home/delta/default.nix | 61 ++++++++++++++++++++++++++++++++++ modules/home/git/default.nix | 28 ---------------- 3 files changed, 62 insertions(+), 28 deletions(-) create mode 100644 modules/home/delta/default.nix diff --git a/modules/home/default.nix b/modules/home/default.nix index c8183cfd..e642e878 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -8,6 +8,7 @@ ./bluetooth ./calibre ./comma + ./delta ./dircolors ./direnv ./discord diff --git a/modules/home/delta/default.nix b/modules/home/delta/default.nix new file mode 100644 index 00000000..e9350bb4 --- /dev/null +++ b/modules/home/delta/default.nix @@ -0,0 +1,61 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.my.home.delta; +in +{ + options.my.home.delta = with lib; { + enable = my.mkDisableOption "delta configuration"; + + package = mkPackageOption pkgs "delta" { }; + + git = { + enable = my.mkDisableOption "git integration"; + }; + }; + + config = lib.mkIf cfg.enable { + assertions = [ + { + # For its configuration + assertion = cfg.enable -> cfg.git.enable; + message = '' + `config.my.home.delta` must enable `config.my.home.delta.git` to be + properly configured. + ''; + } + ]; + + home.packages = [ cfg.package ]; + + programs.git = lib.mkIf cfg.git.enable { + delta = { + enable = true; + inherit (cfg) package; + + options = { + features = "diff-highlight decorations"; + + # Less jarring style for `diff-highlight` emulation + diff-highlight = { + minus-style = "red"; + minus-non-emph-style = "red"; + minus-emph-style = "bold red 52"; + + plus-style = "green"; + plus-non-emph-style = "green"; + plus-emph-style = "bold green 22"; + + whitespace-error-style = "reverse red"; + }; + + # Personal preference for easier reading + decorations = { + commit-style = "raw"; # Do not recolor meta information + keep-plus-minus-markers = true; + paging = "always"; + }; + }; + }; + }; + }; +} diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index c88008fa..ca59a5fb 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -42,34 +42,6 @@ in lfs.enable = true; - delta = { - enable = true; - - options = { - features = "diff-highlight decorations"; - - # Less jarring style for `diff-highlight` emulation - diff-highlight = { - minus-style = "red"; - minus-non-emph-style = "red"; - minus-emph-style = "bold red 52"; - - plus-style = "green"; - plus-non-emph-style = "green"; - plus-emph-style = "bold green 22"; - - whitespace-error-style = "reverse red"; - }; - - # Personal preference for easier reading - decorations = { - commit-style = "raw"; # Do not recolor meta information - keep-plus-minus-markers = true; - paging = "always"; - }; - }; - }; - # There's more extraConfig = { # Makes it a bit more readable From 2eb2a83dca68ffd2ff5380300fbaec23e8038e6a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 24 Apr 2025 09:29:37 +0000 Subject: [PATCH 245/362] flake: bump inputs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 65b8f048..6bd45a88 100644 --- a/flake.lock +++ b/flake.lock @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1743869639, - "narHash": "sha256-Xhe3whfRW/Ay05z9m1EZ1/AkbV1yo0tm1CbgjtCi4rQ=", + "lastModified": 1745439012, + "narHash": "sha256-TwbdiH28QK7Da2JQTqFHdb+UCJq6QbF2mtf+RxHVzEA=", "owner": "nix-community", "repo": "home-manager", - "rev": "d094c6763c6ddb860580e7d3b4201f8f496a6836", + "rev": "d31710fb2cd536b1966fee2af74e99a0816a61a8", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744777043, - "narHash": "sha256-O6jgTxz9BKUiaJl03JsVHvSjtCOC8gHfDvC2UCfcLMc=", + "lastModified": 1745469902, + "narHash": "sha256-+kHgeD+3+WZZcOaIsS6XwQWb+qbYYWYXzoEjdmdW6OY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7a6f7f4c1c69eee05641beaa40e7f85da8e69fb0", + "rev": "4975ac49a527b505803958595fcb191c9e889f60", "type": "github" }, "original": { From 89bc60609f07b4f3cff4cb4e0610f1b8243a9ad3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 24 Apr 2025 12:46:24 +0200 Subject: [PATCH 246/362] home: firefox: tridactyl: use 'replaceVars' --- modules/home/firefox/tridactyl/default.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/modules/home/firefox/tridactyl/default.nix b/modules/home/firefox/tridactyl/default.nix index 35b58c2d..26ddfad5 100644 --- a/modules/home/firefox/tridactyl/default.nix +++ b/modules/home/firefox/tridactyl/default.nix @@ -12,9 +12,7 @@ let in { config = lib.mkIf cfg.enable { - xdg.configFile."tridactyl/tridactylrc".source = pkgs.substituteAll { - src = ./tridactylrc; - + xdg.configFile."tridactyl/tridactylrc".source = pkgs.replaceVars ./tridactylrc { editorcmd = lib.concatStringsSep " " [ # Use my configured terminal term From bfda64288ead8796e1f3c8a5980fabb228f2e844 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 30 Apr 2025 21:05:22 +0100 Subject: [PATCH 247/362] nix: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 6bd45a88..584d9423 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1736955230, - "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", + "lastModified": 1745630506, + "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", "owner": "ryantm", "repo": "agenix", - "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "rev": "96e078c646b711aee04b82ba01aefbff87004ded", "type": "github" }, "original": { @@ -36,11 +36,11 @@ ] }, "locked": { - "lastModified": 1700795494, - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1745439012, - "narHash": "sha256-TwbdiH28QK7Da2JQTqFHdb+UCJq6QbF2mtf+RxHVzEA=", + "lastModified": 1746040799, + "narHash": "sha256-osgPX/SzIpkR50vev/rqoTEAVkEcOWXoQXmbzsaI4KU=", "owner": "nix-community", "repo": "home-manager", - "rev": "d31710fb2cd536b1966fee2af74e99a0816a61a8", + "rev": "5f217e5a319f6c186283b530f8c975e66c028433", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1745469902, - "narHash": "sha256-+kHgeD+3+WZZcOaIsS6XwQWb+qbYYWYXzoEjdmdW6OY=", + "lastModified": 1745930157, + "narHash": "sha256-y3h3NLnzRSiUkYpnfvnS669zWZLoqqI6NprtLQ+5dck=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4975ac49a527b505803958595fcb191c9e889f60", + "rev": "46e634be05ce9dc6d4db8e664515ba10b78151ae", "type": "github" }, "original": { From c5be292dfca50b740acf130bb0c3138fb4261a26 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 30 Apr 2025 21:34:11 +0100 Subject: [PATCH 248/362] nixos: profiles: wm: fix i3lock PAM service This was announced as a breaking change, and would lock me out if not set. I wish the transition went a bit slower, by first introducing the option for each PAM service, and *then* toggling it. Oh well. --- modules/nixos/profiles/wm/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/profiles/wm/default.nix b/modules/nixos/profiles/wm/default.nix index c2273281..bca4d700 100644 --- a/modules/nixos/profiles/wm/default.nix +++ b/modules/nixos/profiles/wm/default.nix @@ -24,6 +24,8 @@ in my.home.udiskie.enable = true; # udiskie fails if it can't find this dbus service services.udisks2.enable = true; + # Ensure i3lock can actually unlock the session + security.pam.services.i3lock.enable = true; }) ]; } From 4b6f62b25ab9bccf84aa994ac8e8b79a42632e00 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 30 Apr 2025 21:36:50 +0100 Subject: [PATCH 249/362] home: gpg: fix deprecated config --- modules/home/gpg/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/gpg/default.nix b/modules/home/gpg/default.nix index 51c865a2..2a00baf4 100644 --- a/modules/home/gpg/default.nix +++ b/modules/home/gpg/default.nix @@ -17,7 +17,7 @@ in services.gpg-agent = { enable = true; enableSshSupport = true; # One agent to rule them all - pinentryPackage = cfg.pinentry; + pinentry.package = cfg.pinentry; extraConfig = '' allow-loopback-pinentry ''; From e3243ebe80d7c3e55337227d1e4177022d78ca05 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 2 May 2025 17:59:03 +0100 Subject: [PATCH 250/362] nixos: services: nextcloud: simplify DB handling I *think* the option didn't exist when I originally used this module. --- modules/nixos/services/nextcloud/default.nix | 22 +++++--------------- 1 file changed, 5 insertions(+), 17 deletions(-) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index cf1b876f..d8d4fce0 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -44,11 +44,15 @@ in adminuser = cfg.admin; adminpassFile = cfg.passwordFile; dbtype = "pgsql"; - dbhost = "/run/postgresql"; }; https = true; + # Automatic PostgreSQL provisioning + database = { + createLocally = true; + }; + settings = { overwriteprotocol = "https"; # Nginx only allows SSL }; @@ -60,22 +64,6 @@ in }; }; - services.postgresql = { - enable = true; - ensureDatabases = [ "nextcloud" ]; - ensureUsers = [ - { - name = "nextcloud"; - ensureDBOwnership = true; - } - ]; - }; - - systemd.services."nextcloud-setup" = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - }; - # The service above configures the domain, no need for my wrapper services.nginx.virtualHosts."nextcloud.${config.networking.domain}" = { forceSSL = true; From 921d604ebea0d265815c76c60a85efa0929bc1ce Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 2 May 2025 22:35:33 +0100 Subject: [PATCH 251/362] hosts: nixos: porthos: secrets: update cross-seed --- .../servarr/cross-seed/configuration.json.age | Bin 1282 -> 1364 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age index e9af03f472da8411b7106cf733ba1d389201263a..1499a56c21c9911f5a7111177b3458e418cb4b1c 100644 GIT binary patch delta 1337 zcmZqTy23R~+#=N{Kdj6( zkju?CG(W`1q_`?PSKrs8&^6REIMFhosHDiCI6uQN-`^~&Dk-2MG@~>spG((Hp}06h zH#Nn`)YQ;YAuAxiJTF}#B-zj1%rDG1C(EQFDzM7fuRbiR%*Qjgytq`~%%sfKHQ2B) zIV&p6FxSX}%Pci3(7?>gG(SDeGd#u5&&15d(>chkDl^|Zr8Lzd-Q6ravLGxV#oR5D zOIKG{A*d>)D4@V8C#1Y6B-7Nm(juua&p*OE*Uccf#3SF)#LqI&&)hxRB`~p^Yxyd> zj1~K?AFEe4*c%Y58#y;-`z!&8)Tv=jGo`~r_eAP+vgUnQnY4O$&c(W!cUcYk)~Byu z7Vzw@$d$U!zGgcb()tRwY`S*Zy*t7{bAo+2mn5_5`<;szWvw3^-gZ;4wr6wbV}m{m zd#2gfbYzy8RB#p=DDJkBTcaa%;L*aG_3u~ATWG{_FFEEz{e{%6|2DLE)+t6^YG6z` z{A5PL1Fns#@q)XPE=n6m+~kVqJ@igxBk!iS4|MwPt~j;Y#z|+*+yi>9=iQDHGtMxmlmx_$beugPX zC;Bt}=|BBkD}!4icUS!ciOom#Ivr*InYoqZI92{v^Vwc!8_chE_cKSY;`RSeWPFul z&X?ET`*duvY47@lcRoKh`e8Y7LgQ1NNpr*|*IP3%T(3NrlaO?fgQuS3;l0yGIg|F? z{!}L(zr@krBgDYT>E`5BUmn_sn!7X~3~^2tpJcLOcJqtK2^lfZ3r}Bjtbg}%_5#Dc zqDk?V!FnzapA{-pnoWw@EXX9*aZ2FU?%n@uHofl(KhksITjrT*E{~sAZ&>ZykP>k@ zhBG{FR`T)SXCGh595Gz;>=&N`r=!=ejvIe@x_`g<75JTLv5v#rE1e3rcP=`!Rz?4m zgj1iKWZ`x@qp2_DpQWy0WNDJ-Z8<-u{`0#QS+Dv2GkAPmM8Ix=voUBj3W$k#l{*-0QbL{ZE-J+QnJC>Fo*gsol04UVk^a``q54u_trU9f8|D zo0jM{s5;GNSTlFCVb7OefzKNq*{bHwf6q{&cXOiI)9pXkwKE>R=Mp=o=s-YT;TDy5 z^KNdbFDf}(SvHYtZ5jXevMiA!!7o^w**8>XUjFyP_wgz2<%gCmICJvImNvx*|6_Sc ztKTo5bYT83`FY!TEDjyWR=HIko%HP2pJ^whY?PS)`5ONVx_xf*(=~mX3m+^yw_&OO zPnYN248r+y*$z+f+OWn`%%DuxQ`vk+S&!fq$Jt+Zm?w4Bx4zE1EjJ_2EP26Uj$>}E zf99q5{9E+3{kYq<)s=;t{-jy0yYsvL)+|#|)k_`I)&<@vSC=ThFPfPa+kXGa|C?3& zyXVAA<7!)|wXdxFcrr(Oit`Rm|2HR}Z#wv8p3Vh4tLYSxJDgG{VwPHIo zeaf^J!vop2KROTB)y=Hm{d)H6ef$D;Onn{)&aNpaKY#K9d)G5+8AQE#OR7#0Z4=(_&r^bDJ`Uv34fERD`MG{=0+ zDWQe(h2f6cGk8CDwcdR7)oJG4PdmRPvwmBt)u|BJa&&H(RXdxa_pF@k=V?Y+|39{5 zpRZXh*QprkDgDa!?(xIv(!ZNuYX=;`p A&j0`b delta 1254 zcmcb@)xp}06h zH#Nn`)YQ;YAuAxiJTG0r(aAKzuhb+hQ$H-o$yK*g3Dnza+ze zOIKG{!7{3>pft!-JJH)R#3wSq%``0_(J55BI78dqG|@vlu{b0*Ezcy$E7;M3OU$$T zOi$zTjC!Hcr%_pq^|q{YqMUTMUJzZUVt;dS=>JF7+R}RBrb5r1v-C{wp8EOYkag9@ z)IA4kjVJC|Y3IoQ*ClIrh09m5{4=J%+`Vg-neY9xKl=8hz%@_gr=Qy~_0FeN`!ZZ# zIsSQEYn31=Hib3r>Y}T<+>2#>PcO^gn!vE4G25=@|NZ>vdZp7Hf%(t>={NB3)O=pQ z;MLzxPQS!oIb3v^1Sri)Zs z9eVB=lXAmyUEuZlJ%3cK^Gi!u7w2uv-`dOQZ$FXe3*(03pW)Xgwfh=0Gjk-(y5bwT zz)`wS;CJZJWp^yK``6cR?P!ecm-u`$!`J)Iie_WYNnV^!zD|qcP^n5{2%328Ms|6- z@AQiavYQKyn=~HGV3O+PXL~ByUSaPOTg$Jo;j~M@fBArHo@+0o5ql@v8@t$IB3Q~tA@BXt(MKm7N|=1$#|?pB@p;PPcl`yxH*%`*$~r>GtM<7^X< zdZE50G)BVZ)G22c?)L5Mi!54$;;YvkVqAOw@6QYkJHc+TNuQ?QSKG(kYxG~eg5$-D zk9TiY9FCcs7awN$Li4RTlb1v|*GGSr=bP_ytXh#jaoPRbwqIJFxK>UPFfTilIA`aV z#ZKF@6J~T=_+H2N?wKE_+oI|3g2V15M&`b+lZ*TGyMD3sho0BJY}B<+Yo;vvTO`f2 zXy#-_zTN$y6IzP=tgr6szIfSca%WSuUE42-6EO#v=2zLs{F{Ack9feIe7AQ&# Date: Sat, 3 May 2025 13:56:12 +0100 Subject: [PATCH 252/362] home: vim: lua: lsp: configure inlay hints --- modules/home/vim/lua/ambroisie/lsp.lua | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index e48de128..fef04873 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -53,6 +53,10 @@ M.on_attach = function(client, bufnr) vim.diagnostic.open_float(nil, { scope = "buffer" }) end + local function toggle_inlay_hints() + vim.lsp.inlay_hint.enable(not vim.lsp.inlay_hint.is_enabled()) + end + local keys = { buffer = bufnr, -- LSP navigation @@ -67,6 +71,7 @@ M.on_attach = function(client, bufnr) { "ca", vim.lsp.buf.code_action, desc = "Code actions" }, { "cd", cycle_diagnostics_display, desc = "Cycle diagnostics display" }, { "cD", show_buffer_diagnostics, desc = "Show buffer diagnostics" }, + { "ch", toggle_inlay_hints, desc = "Toggle inlay hints" }, { "cr", vim.lsp.buf.rename, desc = "Rename symbol" }, { "cs", vim.lsp.buf.signature_help, desc = "Show signature" }, { "ct", vim.lsp.buf.type_definition, desc = "Go to type definition" }, From d2a8894eb298a2fbdee409b20995c51d6dcbaf4e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 5 May 2025 18:06:41 +0100 Subject: [PATCH 253/362] home: wm: i3: make 'firefox' history float --- modules/home/wm/i3/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix index 029a14ba..5f22bbe2 100644 --- a/modules/home/wm/i3/default.nix +++ b/modules/home/wm/i3/default.nix @@ -127,6 +127,7 @@ in { class = "^Blueman-.*$"; } { title = "^htop$"; } { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; } + { class = "^firefox$"; instance = "Places"; window_role = "Organizer"; } { class = "^pavucontrol.*$"; } { class = "^Arandr$"; } { class = "^\\.blueman-manager-wrapped$"; } From a9ba93f834db067e9d791c4299ceab483c8ef6f8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 7 May 2025 11:27:12 +0000 Subject: [PATCH 254/362] home: delta: assert git is enabled --- modules/home/delta/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/home/delta/default.nix b/modules/home/delta/default.nix index e9350bb4..58ee0311 100644 --- a/modules/home/delta/default.nix +++ b/modules/home/delta/default.nix @@ -23,6 +23,13 @@ in properly configured. ''; } + { + assertion = cfg.enable -> config.programs.git.enable; + message = '' + `config.my.home.delta` relies on `config.programs.git` to be + enabled. + ''; + } ]; home.packages = [ cfg.package ]; From 07d8f5a03fbc5a1e36e6425953ad30f2c7037287 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 7 May 2025 17:25:28 +0200 Subject: [PATCH 255/362] flake: nixos: use 'nixpkgs.hostPlatform' This is the proper way to set `system` nowadays. --- flake/nixos.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/flake/nixos.nix b/flake/nixos.nix index bf9eac8c..0fbd3a6a 100644 --- a/flake/nixos.nix +++ b/flake/nixos.nix @@ -15,8 +15,10 @@ let ]; buildHost = name: system: lib.nixosSystem { - inherit system; modules = defaultModules ++ [ + { + nixpkgs.hostPlatform = system; + } "${self}/hosts/nixos/${name}" ]; specialArgs = { From 8a8e4f93a513ad3aaafdbeced14a61d5f961ff1d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 7 May 2025 17:16:44 +0000 Subject: [PATCH 256/362] flake: home-manager: remove obsolete comment --- flake/home-manager.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/flake/home-manager.nix b/flake/home-manager.nix index 093ae8cf..88a74e8f 100644 --- a/flake/home-manager.nix +++ b/flake/home-manager.nix @@ -22,10 +22,6 @@ let ]; mkHome = name: system: inputs.home-manager.lib.homeManagerConfiguration { - # Work-around for home-manager - # * not letting me set `lib` as an extraSpecialArgs - # * not respecting `nixpkgs.overlays` [1] - # [1]: https://github.com/nix-community/home-manager/issues/2954 pkgs = inputs.nixpkgs.legacyPackages.${system}; modules = defaultModules ++ [ From 77839ab2ef3003c38324cade0810b41d1c84cc8c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 8 May 2025 13:29:35 +0000 Subject: [PATCH 257/362] flake: bump inputs --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 584d9423..ef7aba8e 100644 --- a/flake.lock +++ b/flake.lock @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1745930157, - "narHash": "sha256-y3h3NLnzRSiUkYpnfvnS669zWZLoqqI6NprtLQ+5dck=", + "lastModified": 1746683680, + "narHash": "sha256-+5zk+UbG0+GQlKt+gIKm+OhlYvHmkAHFXvf7hl1HDeM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "46e634be05ce9dc6d4db8e664515ba10b78151ae", + "rev": "16762245d811fdd74b417cc922223dc8eb741e8b", "type": "github" }, "original": { From 0c5836bc56e9048e27db4081595ff7cb566f9c31 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 8 May 2025 23:22:11 +0200 Subject: [PATCH 258/362] nixos: services: paperless: use 'PAPERLESS_URL' --- modules/nixos/services/paperless/default.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index 63f456b2..9cdac38a 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -53,17 +53,13 @@ in mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath; settings = - let - paperlessDomain = "paperless.${config.networking.domain}"; - in { # Use SSO PAPERLESS_ENABLE_HTTP_REMOTE_USER = true; PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER"; # Security settings - PAPERLESS_ALLOWED_HOSTS = paperlessDomain; - PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}"; + PAPERLESS_URL = "https://paperless.${config.networking.domain}"; # OCR settings PAPERLESS_OCR_LANGUAGE = "fra+eng"; From a997d36964830a96b13c99175c51165614686edf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 8 May 2025 23:22:35 +0200 Subject: [PATCH 259/362] nixos: services: paperless: fix formatting --- modules/nixos/services/paperless/default.nix | 32 ++++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index 9cdac38a..f345e8a8 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -52,26 +52,26 @@ in mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath; - settings = - { - # Use SSO - PAPERLESS_ENABLE_HTTP_REMOTE_USER = true; - PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER"; + settings = { + # Use SSO + PAPERLESS_ENABLE_HTTP_REMOTE_USER = true; + PAPERLESS_ENABLE_HTTP_REMOTE_USER_API = true; + PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER"; - # Security settings - PAPERLESS_URL = "https://paperless.${config.networking.domain}"; + # Security settings + PAPERLESS_URL = "https://paperless.${config.networking.domain}"; - # OCR settings - PAPERLESS_OCR_LANGUAGE = "fra+eng"; + # OCR settings + PAPERLESS_OCR_LANGUAGE = "fra+eng"; - # Workers - PAPERLESS_TASK_WORKERS = 3; - PAPERLESS_THREADS_PER_WORKER = 4; + # Workers + PAPERLESS_TASK_WORKERS = 3; + PAPERLESS_THREADS_PER_WORKER = 4; - # Misc - PAPERLESS_TIME_ZONE = config.time.timeZone; - PAPERLESS_ADMIN_USER = cfg.username; - }; + # Misc + PAPERLESS_TIME_ZONE = config.time.timeZone; + PAPERLESS_ADMIN_USER = cfg.username; + }; # Admin password passwordFile = cfg.passwordFile; From 1dc65a37e7dc8041ee639dac882c5e2503708170 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 8 May 2025 23:29:30 +0200 Subject: [PATCH 260/362] nixos: services: paperless: set proxy settings --- modules/nixos/services/paperless/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index f345e8a8..b6965cae 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -60,6 +60,8 @@ in # Security settings PAPERLESS_URL = "https://paperless.${config.networking.domain}"; + PAPERLESS_USE_X_FORWARD_HOST = true; + PAPERLESS_PROXY_SSL_HEADER = ''["HTTP_X_FORWARDED_PROTO", "https"]''; # OCR settings PAPERLESS_OCR_LANGUAGE = "fra+eng"; From 5b545a28f10c90d07f0442fb8c5823b1cb53f2f3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 9 May 2025 00:02:07 +0200 Subject: [PATCH 261/362] nixos: services: mealie: use automatic DB setup --- modules/nixos/services/mealie/default.nix | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 664d5ba8..3b4d4f73 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -38,27 +38,13 @@ in # Make it work with socket auth POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql"; }; - }; - systemd.services = { - mealie = { - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; + # Automatic PostgreSQL provisioning + database = { + createLocally = true; }; }; - # Set-up database - services.postgresql = { - enable = true; - ensureDatabases = [ "mealie" ]; - ensureUsers = [ - { - name = "mealie"; - ensureDBOwnership = true; - } - ]; - }; - my.services.nginx.virtualHosts = { mealie = { inherit (cfg) port; From f14f5c7f8aa3e87cb025e04b3f8cac2b1315d596 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 14 May 2025 18:51:12 +0000 Subject: [PATCH 262/362] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index ef7aba8e..b90b54a0 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1742649964, - "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "lastModified": 1746537231, + "narHash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "rev": "fa466640195d38ec97cf0493d6d6882bc4d14969", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1746040799, - "narHash": "sha256-osgPX/SzIpkR50vev/rqoTEAVkEcOWXoQXmbzsaI4KU=", + "lastModified": 1747225851, + "narHash": "sha256-4IbmZrNOdXP143kZEUzxBS5SqyxUlaSHLgdpeJfP2ZU=", "owner": "nix-community", "repo": "home-manager", - "rev": "5f217e5a319f6c186283b530f8c975e66c028433", + "rev": "6bf057fc8326e83bda05a669fc08d106547679fb", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746683680, - "narHash": "sha256-+5zk+UbG0+GQlKt+gIKm+OhlYvHmkAHFXvf7hl1HDeM=", + "lastModified": 1746904237, + "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "16762245d811fdd74b417cc922223dc8eb741e8b", + "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956", "type": "github" }, "original": { From 97bcc5f34ed0b7154829f4bd0a43b485f16205b7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 18 May 2025 02:14:36 +0200 Subject: [PATCH 263/362] hosts: nixos: porthos: secrets: update cross-seed --- .../servarr/cross-seed/configuration.json.age | Bin 1364 -> 1528 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age index 1499a56c21c9911f5a7111177b3458e418cb4b1c..e319f3a823c4eb4c84b15f6630ea5fbf42f9092b 100644 GIT binary patch delta 1502 zcmcb@^@DqYPJM)-VR?CgkBPZawo9aGMoCdYRk>4OQGumFMo6W5x^rP=Mt)AETV`3V z1(#E4QAJ@+N^qv5r>~)BvQubgdVynQWKwEazOiRuRf$n@d4RJ~l2Kr;1(&X!LUD11 zZfc5=si~o*LRLV2d0x7LTcA^FQMP_+ScYYkbCiF2Kz*uLx|y4Yvy+>npMhItskXmS zqIsZaWtO7}muXf=R=J;Zl8HxhR8p98WpSjBN1#htPF{*xP+m@HvU6p4X<2GTMrw)$ zm#(g^f>}hNuTxTJMdzPPBsB^Mmo>ycf*D2@n z37;fCdeuv+?>w+R<0Yeo{}QfuMmN)!+&k=0a;^TSYwE4IY0U~Q?{9Yfw0X#~C0&SF zX}+aS((K$VJ-bblR?1ZG`JdIke`#ik!jg~Af1G*t+V950$FnqoQUr|mohx^EF@65T z!^>7rb@N!fc}v>LkM#>r%T@8aynXUz(Vrc1N_9sTE>E4Nw7mX$h0l{u+OqtM1bTj@ z{(q8F`{LD`c_O|u&izgQ`QeY>?OCTZ*t+M1PUGCN>2JW}-2Va(cQ3Qqb*%S#`^L*J zG+q`LyViT9Zd*R-NA%IVo*yc{RKzX66}P)FtGzy)v4%Z9f!XkKo!$0ChYdC^i?TxQ zn;!e4|M;`7(CJ-Ed03yy+^*NF)SaH%BJzKE^2OXKtanWAHZ%#J&b~Tv%d`CgUAeXM zmqgG0v{sNa#44C8s9yZV?WjFxZhl>tDqUQvv?~1K4ePy1>-d}J>u|1KJ8x&IqfYo+ zv*Wuy^8DMJ_IAY~9#8ikC1JDBo^u^VY~lYmh;NKyxvQY*wpb@t-T7Qi$XnlQ^#W44 zZ`SP8{vYOUcPhZZFKDgXN`tTQ-^=Rxdu|@>URiWR^t<<$J0G5AKAz@imKnqS{_7*H z#FFImH@qBwus*nwkZR2-_kL^j^KWZC&P&xjDY@4u!1R1$kMd!|Dd)3Oj?a-1@bQuJ zGhz?e+$&-I#Jc~q!JT&{OXn-=ZTu><_0+@qFGA5bx1N1jc_%AC@a99t6+hbVFjPD* zlbM&YU~#mT=C-yyD6{*CAU zbAcA213k_z6ZG$z|4sdxvnDiormsueVi3I=hEAwk9|GFUKP*( zmVCWq#*6=IN3OVUo_;VjW9z5BgI6P(MYo&%yc#j-Pdb0amK!C$A9UOt4%p@|(ERo= zklTIkm2$WJ$%@ynyzZJ(QCwgDr_KO<~sq1K!1b7eBA@YG1o_ZS9v8 z<^gMpl?pxQNNIoN50~D4D9GRL(1pc$?pxUA*sb!4%qx!Ga!2Fh)W#z7ZdRxIg}XfB zp55k34$-WbeoQ+va{*q&I@m&wc zd^er?vXJvLKbtK3YbrlQ;`sKm-4o}XlD+TIschDg_~GD{&rUZ^itg#_SzfzD;_Y=d zZS&;ktru!-w(1*&1`97TayHfcbHvdhOU!CRc)|p!BKv182~T_$y*_L?x37jXhvyNK9{bYLUD11 zZfc5=si~o*LRLV2d0x6gNV1>1nO~T3PL@eURA7~{Uwv3snU7~~d2y+}nMs+eYp`Kq za#mEBVXlz{msx67pn;i}X?}W`XLyRApNW}^r*n{7Rc5|-N@=P^y1Q9;WI7txsRS zEa2H)kt=ndea&_>r1ceU*>vr+dv}C^<^=n4E=gw9_d6Fc%341-yzQo7ZO`V=#|C{C z_Dr*{>BuZGso*R$P~2@Lw?;?kz@vpV>))@Kx6p{=UUJNb`U|OB|7~dTtW%7-)WDc> z_{off2V5If;{|soU6eMCxXBgId+43YM&3;;B> zMU&z!gY{e&vq3U-{a~ z*FQGab)CFyN4|xhBj@^rxz}%h`kyjcw2QNN)7ul~Q@d?9y#8)-_qn}8V^8LyI|8?R zHZ9R@P<5Kkux9RN!=5j{0-rZJvQ^EU|DK^l@8(3ar`vz7YiB%s&n0$F(Sd-x!YwNA z=H1*So? zR=;09>A?J7^7FRwSR6W#t#Ye8I_cT3KhsW1*(fpp^ELh#bo<=qr)&B&7d}{aZo^Xl zpDxe48HDravK^k{wPB5?m_eDWr?UBuvL3-Jj$MtD9NB`}OSC`}hUynEE^poLy5;e*WZzB>QVlyR#GCM9pjMT)w+% z|MIqz9@5-VzPpQ7zOP%b@b($oWBkAKquxptFf0(7(RKaL=@~X>zuXE|SsI;jXpZ@s zQ$h>n3&S0?XYhXRYQ6dDtJBQ8pLTvpX8pEOt5YGc<>=fnt9CX;?^!w7&(n;u{(o%A zK3}t1u2V76Q~H(d-Q$PTrGGcS)($vyhjINiudWlzW8FbX?;=Q2YG0CoF! AMgRZ+ From c1e2114c57e9e0027b3e17b7fbf48253b22fb651 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 23 May 2025 22:56:19 +0100 Subject: [PATCH 264/362] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index b90b54a0..e0456b8e 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1745630506, - "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", + "lastModified": 1747575206, + "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", "owner": "ryantm", "repo": "agenix", - "rev": "96e078c646b711aee04b82ba01aefbff87004ded", + "rev": "4835b1dc898959d8547a871ef484930675cb47f1", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1746537231, - "narHash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=", + "lastModified": 1747372754, + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "fa466640195d38ec97cf0493d6d6882bc4d14969", + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1747225851, - "narHash": "sha256-4IbmZrNOdXP143kZEUzxBS5SqyxUlaSHLgdpeJfP2ZU=", + "lastModified": 1747978958, + "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "6bf057fc8326e83bda05a669fc08d106547679fb", + "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746904237, - "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=", + "lastModified": 1747744144, + "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956", + "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", "type": "github" }, "original": { From 24407448d498d637b94d04d9b06816f432c9197b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 27 May 2025 11:16:46 +0000 Subject: [PATCH 265/362] hosts: homes: mousqueton: disable 'atuin' package The system-provided package is built without its sync functionality. To ensure the module works as written, I can't use `pkgs.emptyDirectory` for this unfortunately... --- hosts/homes/ambroisie@mousqueton/default.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/hosts/homes/ambroisie@mousqueton/default.nix b/hosts/homes/ambroisie@mousqueton/default.nix index 37884d79..13836189 100644 --- a/hosts/homes/ambroisie@mousqueton/default.nix +++ b/hosts/homes/ambroisie@mousqueton/default.nix @@ -7,6 +7,20 @@ services.gpg-agent.enable = lib.mkForce false; my.home = { + atuin = { + package = pkgs.stdenv.mkDerivation { + pname = "atuin"; + version = "18.4.0"; + + buildCommand = '' + mkdir -p $out/bin + ln -s /usr/bin/atuin $out/bin/atuin + ''; + + meta.mainProgram = "atuin"; + }; + }; + git = { package = pkgs.emptyDirectory; }; From 9751fdb888d0d72801bff0c0381b057e0431f2a8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 27 May 2025 11:39:15 +0000 Subject: [PATCH 266/362] hosts: homes: bazin: disable 'atuin' package Same as on `mousqueton`. --- hosts/homes/ambroisie@bazin/default.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/hosts/homes/ambroisie@bazin/default.nix b/hosts/homes/ambroisie@bazin/default.nix index f52fbce5..365b70df 100644 --- a/hosts/homes/ambroisie@bazin/default.nix +++ b/hosts/homes/ambroisie@bazin/default.nix @@ -4,6 +4,20 @@ services.gpg-agent.enable = lib.mkForce false; my.home = { + atuin = { + package = pkgs.stdenv.mkDerivation { + pname = "atuin"; + version = "18.4.0"; + + buildCommand = '' + mkdir -p $out/bin + ln -s /usr/bin/atuin $out/bin/atuin + ''; + + meta.mainProgram = "atuin"; + }; + }; + git = { package = pkgs.emptyDirectory; }; From a67a54bda27092c9f89e60bf3ce75839e914f9b4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 24 May 2025 22:33:21 +0200 Subject: [PATCH 267/362] nixos: services: paperless: use structured setting The module should stringify it to JSON automatically, so might as well use the more readable option. --- modules/nixos/services/paperless/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index b6965cae..11959772 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -61,7 +61,7 @@ in # Security settings PAPERLESS_URL = "https://paperless.${config.networking.domain}"; PAPERLESS_USE_X_FORWARD_HOST = true; - PAPERLESS_PROXY_SSL_HEADER = ''["HTTP_X_FORWARDED_PROTO", "https"]''; + PAPERLESS_PROXY_SSL_HEADER = [ "HTTP_X_FORWARDED_PROTO" "https" ]; # OCR settings PAPERLESS_OCR_LANGUAGE = "fra+eng"; From 98d39717e2aa0306865982191afa200b5914426b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 31 May 2025 22:37:21 +0100 Subject: [PATCH 268/362] home: direnv: lib: don't erase pre-existing venv Turns out `uv venv` isn't idempotent, it removes the existing virtual environment by default. Thankfully, there's a flag to fix it. --- modules/home/direnv/lib/python.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh index b4b2bcef..b1be8a91 100644 --- a/modules/home/direnv/lib/python.sh +++ b/modules/home/direnv/lib/python.sh @@ -46,7 +46,7 @@ layout_uv() { fi # create venv if it doesn't exist - uv venv -q + uv venv -q --allow-existing export VIRTUAL_ENV export UV_ACTIVE=1 From 151570cccaf8511688769ee0665868340054ba30 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 9 Jun 2025 10:36:33 +0000 Subject: [PATCH 269/362] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index e0456b8e..219d87d6 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1747978958, - "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", + "lastModified": 1749400020, + "narHash": "sha256-0nTmHO8AYgRYk5v6zw5oZ3x9nh+feb+Isn7WNe318M0=", "owner": "nix-community", "repo": "home-manager", - "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", + "rev": "2835e8ba0ad99ba86d4a5e497a962ec9fa35e48f", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1747744144, - "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", + "lastModified": 1749285348, + "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", + "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", "type": "github" }, "original": { From 971f90581397286a3ffb424970cb5c1e9471a203 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 9 Jun 2025 13:52:29 +0200 Subject: [PATCH 270/362] nixos: services: mealie: remove DB settings Looks like I missed them in the original commit to migrate to `database.createLocally`. --- modules/nixos/services/mealie/default.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 3b4d4f73..8c02398c 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -32,11 +32,6 @@ in BASE_URL = "https://mealie.${config.networking.domain}"; TZ = config.time.timeZone; ALLOw_SIGNUP = "false"; - - # Use PostgreSQL - DB_ENGINE = "postgres"; - # Make it work with socket auth - POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql"; }; # Automatic PostgreSQL provisioning From 1b275e1a8a8291b3ed9789d25c2592ba52b8d9ec Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 17 Jun 2025 09:29:24 +0000 Subject: [PATCH 271/362] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 219d87d6..94ab916d 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1747372754, - "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", + "lastModified": 1749636823, + "narHash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", + "rev": "623c56286de5a3193aa38891a6991b28f9bab056", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1749400020, - "narHash": "sha256-0nTmHO8AYgRYk5v6zw5oZ3x9nh+feb+Isn7WNe318M0=", + "lastModified": 1750127463, + "narHash": "sha256-K2xFtlD3PcKAZriOE3LaBLYmVfGQu+rIF4Jr1RFYR0Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "2835e8ba0ad99ba86d4a5e497a962ec9fa35e48f", + "rev": "28eef8722d1af18ca13e687dbf485e1c653a0402", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1749285348, - "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", + "lastModified": 1749794982, + "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", + "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", "type": "github" }, "original": { From 112e3403615f65807dfcc28929b2b8a19656859e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 17 Jun 2025 09:26:09 +0000 Subject: [PATCH 272/362] home: do not hard-code username The flake module already sets it with `mkDefault`, making it easier to override it for a specific host. --- modules/home/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/home/default.nix b/modules/home/default.nix index e642e878..1c403778 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -51,9 +51,6 @@ # First sane reproducible version home.stateVersion = "20.09"; - # Who am I? - home.username = "ambroisie"; - # Start services automatically systemd.user.startServices = "sd-switch"; } From 03bb62777079b4a8ecc755570cc04a45095ca013 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 2 Jul 2025 13:23:34 +0200 Subject: [PATCH 273/362] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 94ab916d..a4da84dc 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1747575206, - "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", + "lastModified": 1750173260, + "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", "owner": "ryantm", "repo": "agenix", - "rev": "4835b1dc898959d8547a871ef484930675cb47f1", + "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1749398372, - "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1749636823, - "narHash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4=", + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "623c56286de5a3193aa38891a6991b28f9bab056", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1750127463, - "narHash": "sha256-K2xFtlD3PcKAZriOE3LaBLYmVfGQu+rIF4Jr1RFYR0Q=", + "lastModified": 1751429452, + "narHash": "sha256-4s5vRtaqdNhVBnbOWOzBNKrRa0ShQTLoEPjJp3joeNI=", "owner": "nix-community", "repo": "home-manager", - "rev": "28eef8722d1af18ca13e687dbf485e1c653a0402", + "rev": "df12269039dcf752600b1bcc176bacf2786ec384", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1749794982, - "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", + "lastModified": 1751271578, + "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", + "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", "type": "github" }, "original": { From d61840651698e3ad05325039e9aa2a6cf9ad6aa2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 2 Jul 2025 13:24:16 +0200 Subject: [PATCH 274/362] nixos: services: use 'postgresql.target' This is now the more correct dependency to use in service definitions, to guarantee read-write access with users and permissions. --- modules/nixos/services/drone/server/default.nix | 4 ++-- modules/nixos/services/tandoor-recipes/default.nix | 4 ++-- modules/nixos/services/woodpecker/server/default.nix | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/nixos/services/drone/server/default.nix b/modules/nixos/services/drone/server/default.nix index a3a1e496..d6148f42 100644 --- a/modules/nixos/services/drone/server/default.nix +++ b/modules/nixos/services/drone/server/default.nix @@ -6,8 +6,8 @@ in config = lib.mkIf cfg.enable { systemd.services.drone-server = { wantedBy = [ "multi-user.target" ]; - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; + after = [ "postgresql.target" ]; + requires = [ "postgresql.target" ]; serviceConfig = { EnvironmentFile = [ cfg.secretFile diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix index 3447beee..169eec82 100644 --- a/modules/nixos/services/tandoor-recipes/default.nix +++ b/modules/nixos/services/tandoor-recipes/default.nix @@ -49,8 +49,8 @@ in systemd.services = { tandoor-recipes = { - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; + after = [ "postgresql.target" ]; + requires = [ "postgresql.target" ]; serviceConfig = { EnvironmentFile = cfg.secretKeyFile; diff --git a/modules/nixos/services/woodpecker/server/default.nix b/modules/nixos/services/woodpecker/server/default.nix index adf533e8..caf0179c 100644 --- a/modules/nixos/services/woodpecker/server/default.nix +++ b/modules/nixos/services/woodpecker/server/default.nix @@ -24,8 +24,8 @@ in }; systemd.services.woodpecker-server = { - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; + after = [ "postgresql.target" ]; + requires = [ "postgresql.target" ]; serviceConfig = { # Set username for DB access From 5d8722397010e1c1ddbc4d59abe53b7a6bd55584 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 2 Jul 2025 13:26:22 +0200 Subject: [PATCH 275/362] nixos: services: transmission: use 'trgui-ng' I like it much better than the built-in UI. --- modules/nixos/services/transmission/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index 16d51e3f..ddd77d4b 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -47,6 +47,7 @@ in enable = true; package = pkgs.transmission_4; group = "media"; + webHome = pkgs.trgui-ng-web; downloadDirPermissions = "775"; From 66ec807dc6729a8aabd7cb5f42797e246f36befa Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 2 Jul 2025 14:01:15 +0200 Subject: [PATCH 276/362] hosts: nixos: aramis: home: use 'trgui-ng' It looks and works much better than the old one. Unfortunately, it's a Tauri app. --- hosts/nixos/aramis/home.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix index 64b63ce4..221b1eae 100644 --- a/hosts/nixos/aramis/home.nix +++ b/hosts/nixos/aramis/home.nix @@ -20,7 +20,7 @@ element-desktop # Matrix client jellyfin-media-player # Wraps the webui and mpv together pavucontrol # Audio mixer GUI - transgui # Transmission remote + trgui-ng # Transmission remote ]; # Minimal video player mpv.enable = true; From 8d809e3ac3c05eb9ca6de3279fee2a8c72cdd293 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 8 Jul 2025 10:40:08 +0000 Subject: [PATCH 277/362] flake: bump inputs --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index a4da84dc..dc32e95f 100644 --- a/flake.lock +++ b/flake.lock @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751271578, - "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", + "lastModified": 1751952840, + "narHash": "sha256-SIkjQb9PPGvR/EcZAU8UZEnO9dwY2Z/BrDWgtyZd7OA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", + "rev": "27278798fe68d7f81131dd7ab62b8ea2b795cd56", "type": "github" }, "original": { From b093faf00d8066e19d144c34533a32602a4fb8f7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 8 Jul 2025 10:42:13 +0000 Subject: [PATCH 278/362] nixos: services: tandoor-recipes: use automatic DB --- .../services/tandoor-recipes/default.nix | 25 +++---------------- 1 file changed, 4 insertions(+), 21 deletions(-) diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix index 169eec82..4b4ed1a0 100644 --- a/modules/nixos/services/tandoor-recipes/default.nix +++ b/modules/nixos/services/tandoor-recipes/default.nix @@ -26,18 +26,16 @@ in services.tandoor-recipes = { enable = true; + database = { + createLocally = true; + }; + port = cfg.port; extraConfig = let tandoorRecipesDomain = "recipes.${config.networking.domain}"; in { - # Use PostgreSQL - DB_ENGINE = "django.db.backends.postgresql"; - POSTGRES_HOST = "/run/postgresql"; - POSTGRES_USER = "tandoor_recipes"; - POSTGRES_DB = "tandoor_recipes"; - # Security settings ALLOWED_HOSTS = tandoorRecipesDomain; CSRF_TRUSTED_ORIGINS = "https://${tandoorRecipesDomain}"; @@ -49,27 +47,12 @@ in systemd.services = { tandoor-recipes = { - after = [ "postgresql.target" ]; - requires = [ "postgresql.target" ]; - serviceConfig = { EnvironmentFile = cfg.secretKeyFile; }; }; }; - # Set-up database - services.postgresql = { - enable = true; - ensureDatabases = [ "tandoor_recipes" ]; - ensureUsers = [ - { - name = "tandoor_recipes"; - ensureDBOwnership = true; - } - ]; - }; - my.services.nginx.virtualHosts = { recipes = { inherit (cfg) port; From 2473bca1671ddaab0ce6de70d5471bf304133af6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 11 Jul 2025 14:24:23 +0000 Subject: [PATCH 279/362] home: vim: telescope: remove LSP handlers The plug-in was broken with the update to 0.11, and I would like to try using the built-in quickfixlist-based handlers for a while. This reverts commit 8d4a1e61b4f26f7443f7c8b0b65643f0bd312e9f. --- modules/home/vim/default.nix | 1 - modules/home/vim/plugin/settings/telescope.lua | 1 - 2 files changed, 2 deletions(-) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 20a74fff..930a853a 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -80,7 +80,6 @@ in nvim-surround # Deal with pairs, now in Lua oil-nvim # Better alternative to NetrW telescope-fzf-native-nvim # Use 'fzf' fuzzy matching algorithm - telescope-lsp-handlers-nvim # Use 'telescope' for various LSP actions telescope-nvim # Fuzzy finder interface which-key-nvim # Show available mappings ]; diff --git a/modules/home/vim/plugin/settings/telescope.lua b/modules/home/vim/plugin/settings/telescope.lua index 1a239282..810d51cb 100644 --- a/modules/home/vim/plugin/settings/telescope.lua +++ b/modules/home/vim/plugin/settings/telescope.lua @@ -23,7 +23,6 @@ telescope.setup({ }) telescope.load_extension("fzf") -telescope.load_extension("lsp_handlers") local keys = { { "f", group = "Fuzzy finder" }, From 979ae901c4057308ce1da3bbf2388e2addd99d7f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 15 Jul 2025 09:52:21 +0000 Subject: [PATCH 280/362] flake: bump inputs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index dc32e95f..0f205ab2 100644 --- a/flake.lock +++ b/flake.lock @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1751429452, - "narHash": "sha256-4s5vRtaqdNhVBnbOWOzBNKrRa0ShQTLoEPjJp3joeNI=", + "lastModified": 1752467539, + "narHash": "sha256-4kaR+xmng9YPASckfvIgl5flF/1nAZOplM+Wp9I5SMI=", "owner": "nix-community", "repo": "home-manager", - "rev": "df12269039dcf752600b1bcc176bacf2786ec384", + "rev": "1e54837569e0b80797c47be4720fab19e0db1616", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751952840, - "narHash": "sha256-SIkjQb9PPGvR/EcZAU8UZEnO9dwY2Z/BrDWgtyZd7OA=", + "lastModified": 1752644555, + "narHash": "sha256-oeRcp4VEyZ/3ZgfRRoq60/08l2zy0K53l8MdfSIYd24=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "27278798fe68d7f81131dd7ab62b8ea2b795cd56", + "rev": "9100a4f6bf446603b9575927c8585162f9ec9aa6", "type": "github" }, "original": { From 13b61346f5cca39d1ba2c66717e14a6d01b99acc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 15 Jul 2025 09:54:23 +0000 Subject: [PATCH 281/362] home: tmux: increase history scrollback Even *longer*. --- modules/home/tmux/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 82ceb3a3..3ea047a2 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -48,7 +48,7 @@ in keyMode = "vi"; # Home-row keys and other niceties clock24 = true; # I'm one of those heathens escapeTime = 0; # Let vim do its thing instead - historyLimit = 100000; # Bigger buffer + historyLimit = 1000000; # Bigger buffer mouse = false; # I dislike mouse support focusEvents = true; # Report focus events terminal = "tmux-256color"; # I want accurate termcap info From add796768567599e9d6b2a54c80baac84d7681b5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 27 Jul 2025 20:49:24 +0100 Subject: [PATCH 282/362] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 0f205ab2..e96a7a08 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "lastModified": 1753121425, + "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1752467539, - "narHash": "sha256-4kaR+xmng9YPASckfvIgl5flF/1nAZOplM+Wp9I5SMI=", + "lastModified": 1753617834, + "narHash": "sha256-WEVfKrdIdu5CpppJ0Va3vzP0DKlS+ZTLbBjugMO2Drg=", "owner": "nix-community", "repo": "home-manager", - "rev": "1e54837569e0b80797c47be4720fab19e0db1616", + "rev": "72cc1e3134a35005006f06640724319caa424737", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1752644555, - "narHash": "sha256-oeRcp4VEyZ/3ZgfRRoq60/08l2zy0K53l8MdfSIYd24=", + "lastModified": 1753429684, + "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9100a4f6bf446603b9575927c8585162f9ec9aa6", + "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", "type": "github" }, "original": { From 2a515754a2c8bb87fe756d9862d3bb04c6be2bbb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 27 Jul 2025 20:48:06 +0100 Subject: [PATCH 283/362] home: zsh: use absolute path to 'XDG_CONFIG_HOME' The path handling has been fixed upstream, which makes this module more readable. --- modules/home/zsh/default.nix | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index f4092d88..08b41018 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -1,14 +1,6 @@ { config, pkgs, lib, ... }: let cfg = config.my.home.zsh; - - # Have a nice relative path for XDG_CONFIG_HOME, without leading `/` - relativeXdgConfig = - let - noHome = lib.removePrefix config.home.homeDirectory; - noSlash = lib.removePrefix "/"; - in - noSlash (noHome config.xdg.configHome); in { options.my.home.zsh = with lib; { @@ -57,7 +49,7 @@ in programs.zsh = { enable = true; - dotDir = "${relativeXdgConfig}/zsh"; # Don't clutter $HOME + dotDir = "${config.xdg.configHome}/zsh"; # Don't clutter $HOME enableCompletion = true; history = { From 4b7c6c1f5eb7cbd7254a8f69050b17c9d4723837 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 29 Jul 2025 16:13:58 +0000 Subject: [PATCH 284/362] pkgs: comma: fix 'nix-locate' invocation --- pkgs/comma/comma | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/comma/comma b/pkgs/comma/comma index 4367a267..857b9c9d 100755 --- a/pkgs/comma/comma +++ b/pkgs/comma/comma @@ -12,7 +12,7 @@ usage() { find_program() { local CANDIDATE - CANDIDATE="$(nix-locate --top-level --minimal --at-root --whole-name "/bin/$1")" + CANDIDATE="$(nix-locate --minimal --at-root --whole-name "/bin/$1")" if [ "$(printf '%s\n' "$CANDIDATE" | wc -l)" -gt 1 ]; then CANDIDATE="$(printf '%s' "$CANDIDATE" | fzf-tmux)" fi From 7786c591b5f1e5745eb73b3a60ebe5e0704669a9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 4 Aug 2025 11:13:52 +0000 Subject: [PATCH 285/362] pkgs: comma: add 'COMMA_PICKER' --- pkgs/comma/comma | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/comma/comma b/pkgs/comma/comma index 857b9c9d..b03a7f24 100755 --- a/pkgs/comma/comma +++ b/pkgs/comma/comma @@ -14,7 +14,7 @@ find_program() { local CANDIDATE CANDIDATE="$(nix-locate --minimal --at-root --whole-name "/bin/$1")" if [ "$(printf '%s\n' "$CANDIDATE" | wc -l)" -gt 1 ]; then - CANDIDATE="$(printf '%s' "$CANDIDATE" | fzf-tmux)" + CANDIDATE="$(printf '%s' "$CANDIDATE" | "${COMMA_PICKER:-fzf-tmux}")" fi printf '%s' "$CANDIDATE" } From f94fc468aa3c3bed51611d083d01e5adbecf75dd Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 4 Aug 2025 14:28:34 +0000 Subject: [PATCH 286/362] home: zsh: ignore more commands for notification --- modules/home/zsh/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 08b41018..1e85ccec 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -14,10 +14,12 @@ in exclude = mkOption { type = with types; listOf str; default = [ + "bat" "delta" "direnv reload" "fg" "git (?!push|pull|fetch)" + "home-manager (?!switch|build|news)" "htop" "less" "man" From a10270f8e16b9e397782a8cd9297e516247b049e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 5 Aug 2025 11:00:26 +0000 Subject: [PATCH 287/362] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index e96a7a08..080c212f 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1750173260, - "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", + "lastModified": 1754337839, + "narHash": "sha256-fEc2/4YsJwtnLU7HCFMRckb0u9UNnDZmwGhXT5U5NTw=", "owner": "ryantm", "repo": "agenix", - "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", + "rev": "856df6f6922845abd4fd958ce21febc07ca2fa45", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1753121425, - "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", + "lastModified": 1754091436, + "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", + "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1753617834, - "narHash": "sha256-WEVfKrdIdu5CpppJ0Va3vzP0DKlS+ZTLbBjugMO2Drg=", + "lastModified": 1754365350, + "narHash": "sha256-NLWIkn1qM0wxtZu/2NXRaujWJ4Y1PSZlc7h0y6pOzOQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "72cc1e3134a35005006f06640724319caa424737", + "rev": "c5d7e957397ecb7d48b99c928611c6e780db1b56", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1753429684, - "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", + "lastModified": 1754372978, + "narHash": "sha256-ByII9p9ek0k9UADC/hT+i9ueM2mw0Zxiz+bOlydU6Oo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", + "rev": "9ebe222ec7ef9de52478f76cba3f0324c1d1119f", "type": "github" }, "original": { @@ -200,11 +200,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1741294988, - "narHash": "sha256-3408u6q615kVTb23WtDriHRmCBBpwX7iau6rvfipcu4=", + "lastModified": 1753980880, + "narHash": "sha256-aj1pbYxL6N+XFqBHjB4B1QP0bnKRcg1AfpgT5zUFsW8=", "owner": "nix-community", "repo": "NUR", - "rev": "b30c245e2c44c7352a27485bfd5bc483df660f0e", + "rev": "16db3e61da7606984a05b4dfc33cd1d26d22fb22", "type": "github" }, "original": { From dd7b6135315c51812e6928087b20235c9fb7638d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 5 Aug 2025 11:03:01 +0000 Subject: [PATCH 288/362] pkgs: lohr: remove 'useFetchCargoVendor' It's now turned on by default. --- pkgs/lohr/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/pkgs/lohr/default.nix b/pkgs/lohr/default.nix index aeb13b1a..d8545e0d 100644 --- a/pkgs/lohr/default.nix +++ b/pkgs/lohr/default.nix @@ -10,7 +10,6 @@ rustPlatform.buildRustPackage rec { hash = "sha256-dunQgtap+XCK5LoSyOqIY/6p6HizBeiyPWNuCffwjDU="; }; - useFetchCargoVendor = true; cargoHash = "sha256-R3/N/43+bGx6acE/rhBcrk6kS5zQu8NJ1sVvKJJkK9w="; meta = with lib; { From f1d7da7fcb72aff435a975adfe710810ab064d93 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 00:11:26 +0200 Subject: [PATCH 289/362] nixos: services: matrix: refactor well-knowns --- modules/nixos/services/matrix/default.nix | 54 ++++++++++------------- 1 file changed, 23 insertions(+), 31 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index f4238342..b43dbcc9 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -14,6 +14,26 @@ let clientPort = { public = 443; private = 11339; }; domain = config.networking.domain; matrixDomain = "matrix.${domain}"; + + serverConfig = { + "m.server" = "${matrixDomain}:${toString federationPort.public}"; + }; + clientConfig = { + "m.homeserver" = { + "base_url" = "https://${matrixDomain}"; + "server_name" = domain; + }; + "m.identity_server" = { + "base_url" = "https://vector.im"; + }; + }; + + # ACAO required to allow element-web on any URL to request this json file + mkWellKnown = data: '' + default_type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON data}'; + ''; in { options.my.services.matrix = with lib; { @@ -96,15 +116,7 @@ in chat = { root = pkgs.element-web.override { conf = { - default_server_config = { - "m.homeserver" = { - "base_url" = "https://${matrixDomain}"; - "server_name" = domain; - }; - "m.identity_server" = { - "base_url" = "https://vector.im"; - }; - }; + default_server_config = clientConfig; showLabsSettings = true; defaultCountryCode = "FR"; # cocorico roomDirectory = { @@ -176,28 +188,8 @@ in forceSSL = true; useACMEHost = domain; - locations."= /.well-known/matrix/server".extraConfig = - let - server = { "m.server" = "${matrixDomain}:${toString federationPort.public}"; }; - in - '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON server}'; - ''; - - locations."= /.well-known/matrix/client".extraConfig = - let - client = { - "m.homeserver" = { "base_url" = "https://${matrixDomain}"; }; - "m.identity_server" = { "base_url" = "https://vector.im"; }; - }; - # ACAO required to allow element-web on any URL to request this json file - in - '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON client}'; - ''; + locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; + locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; }; }; From 0792e8c7cb1b75e608372e44fb36a885f28a998e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 00:34:40 +0200 Subject: [PATCH 290/362] nixos: services: matrix: fix element-web config --- modules/nixos/services/matrix/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index b43dbcc9..42f7b4e2 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -117,10 +117,11 @@ in root = pkgs.element-web.override { conf = { default_server_config = clientConfig; - showLabsSettings = true; - defaultCountryCode = "FR"; # cocorico - roomDirectory = { + show_labs_settings = true; + default_country_code = "FR"; # cocorico + room_directory = { "servers" = [ + domain "matrix.org" "mozilla.org" ]; From bd019258cb4f15e028bc4cb7a68353abe270e6ac Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 10:39:55 +0200 Subject: [PATCH 291/362] nixos: services: matrix: simplify listeners --- modules/nixos/services/matrix/default.nix | 93 ++++++++--------------- 1 file changed, 30 insertions(+), 63 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 42f7b4e2..83dac7cf 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -10,13 +10,11 @@ let cfg = config.my.services.matrix; - federationPort = { public = 8448; private = 11338; }; - clientPort = { public = 443; private = 11339; }; domain = config.networking.domain; matrixDomain = "matrix.${domain}"; serverConfig = { - "m.server" = "${matrixDomain}:${toString federationPort.public}"; + "m.server" = "${matrixDomain}:443"; }; clientConfig = { "m.homeserver" = { @@ -39,6 +37,13 @@ in options.my.services.matrix = with lib; { enable = mkEnableOption "Matrix Synapse"; + port = mkOption { + type = types.port; + default = 8448; + example = 8008; + description = "Internal port for listeners"; + }; + secretFile = mkOption { type = with types; nullOr str; default = null; @@ -78,22 +83,22 @@ in enable_registration = false; listeners = [ - # Federation { + inherit (cfg) port; bind_addresses = [ "::1" ]; - port = federationPort.private; - tls = false; # Terminated by nginx. + type = "http"; + tls = false; x_forwarded = true; - resources = [{ names = [ "federation" ]; compress = false; }]; - } - - # Client - { - bind_addresses = [ "::1" ]; - port = clientPort.private; - tls = false; # Terminated by nginx. - x_forwarded = true; - resources = [{ names = [ "client" ]; compress = false; }]; + resources = [ + { + names = [ "client" ]; + compress = true; + } + { + names = [ "federation" ]; + compress = false; + } + ]; } ]; @@ -130,11 +135,8 @@ in }; }; # Dummy VHosts for port collision detection - matrix-federation = { - port = federationPort.private; - }; - matrix-client = { - port = clientPort.private; + matrix-dummy = { + inherit (cfg) port; }; }; @@ -144,45 +146,15 @@ in onlySSL = true; useACMEHost = domain; - locations = - let - proxyToClientPort = { - proxyPass = "http://[::1]:${toString clientPort.private}"; - }; - in - { - # Or do a redirect instead of the 404, or whatever is appropriate - # for you. But do not put a Matrix Web client here! See the - # Element web section below. - "/".return = "404"; + locations = { + # Or do a redirect instead of the 404, or whatever is appropriate + # for you. But do not put a Matrix Web client here! See the + # Element web section below. + "/".return = "404"; - "/_matrix" = proxyToClientPort; - "/_synapse/client" = proxyToClientPort; - }; - - listen = [ - { addr = "0.0.0.0"; port = clientPort.public; ssl = true; } - { addr = "[::]"; port = clientPort.public; ssl = true; } - ]; - - }; - - # same as above, but listening on the federation port - "${matrixDomain}_federation" = { - onlySSL = true; - serverName = matrixDomain; - useACMEHost = domain; - - locations."/".return = "404"; - - locations."/_matrix" = { - proxyPass = "http://[::1]:${toString federationPort.private}"; + "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; + "/_synapse/client".proxyPass = "http://[::1]:${toString cfg.port}"; }; - - listen = [ - { addr = "0.0.0.0"; port = federationPort.public; ssl = true; } - { addr = "[::]"; port = federationPort.public; ssl = true; } - ]; }; "${domain}" = { @@ -197,11 +169,6 @@ in # For administration tools. environment.systemPackages = [ pkgs.matrix-synapse ]; - networking.firewall.allowedTCPPorts = [ - clientPort.public - federationPort.public - ]; - my.services.backup = { paths = [ config.services.matrix-synapse.dataDir From 1e31b2dfea4e2161c371806b262b924349ab31f5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 10:42:23 +0200 Subject: [PATCH 292/362] nixos: services: matrix: simplify VHost --- modules/nixos/services/matrix/default.nix | 31 ++++++++++------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 83dac7cf..763d9b12 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -134,29 +134,26 @@ in }; }; }; - # Dummy VHosts for port collision detection - matrix-dummy = { + matrix = { + # Somewhat unused, but necessary for port collision detection inherit (cfg) port; + + extraConfig = { + locations = { + # Or do a redirect instead of the 404, or whatever is appropriate + # for you. But do not put a Matrix Web client here! See the + # Element web section below. + "/".return = "404"; + + "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; + "/_synapse/client".proxyPass = "http://[::1]:${toString cfg.port}"; + }; + }; }; }; # Those are too complicated to use my wrapper... services.nginx.virtualHosts = { - ${matrixDomain} = { - onlySSL = true; - useACMEHost = domain; - - locations = { - # Or do a redirect instead of the 404, or whatever is appropriate - # for you. But do not put a Matrix Web client here! See the - # Element web section below. - "/".return = "404"; - - "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; - "/_synapse/client".proxyPass = "http://[::1]:${toString cfg.port}"; - }; - }; - "${domain}" = { forceSSL = true; useACMEHost = domain; From fa7b4910f5cac8bc1f50cc396174ecceae8b1fd5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 11:06:04 +0200 Subject: [PATCH 293/362] nixos: services: matrix: fix proxy to synapse I want to make use of the `/_synapse/matrix/` sub-path, so just proxy the whole of `/_synapse/`. --- modules/nixos/services/matrix/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 763d9b12..dfd5b502 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -146,7 +146,7 @@ in "/".return = "404"; "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; - "/_synapse/client".proxyPass = "http://[::1]:${toString cfg.port}"; + "/_synapse".proxyPass = "http://[::1]:${toString cfg.port}"; }; }; }; From 9cadbe6256b8ea9db3c2acc3eeb0e02b903d7579 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 11:07:37 +0200 Subject: [PATCH 294/362] nixos: services: matrix: add admin interface --- modules/nixos/services/matrix/default.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index dfd5b502..837d1502 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -10,6 +10,8 @@ let cfg = config.my.services.matrix; + adminPkg = pkgs.synapse-admin-etkecc; + domain = config.networking.domain; matrixDomain = "matrix.${domain}"; @@ -147,6 +149,22 @@ in "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; "/_synapse".proxyPass = "http://[::1]:${toString cfg.port}"; + + "= /admin".return = "307 /admin/"; + "/admin/" = { + alias = "${adminPkg}/"; + priority = 500; + tryFiles = "$uri $uri/ /index.html"; + }; + "~ ^/admin/.*\\.(?:css|js|jpg|jpeg|gif|png|svg|ico|woff|woff2|ttf|eot|webp)$" = { + priority = 400; + root = adminPkg; + extraConfig = '' + rewrite ^/admin/(.*)$ /$1 break; + expires 30d; + more_set_headers "Cache-Control: public"; + ''; + }; }; }; }; From 7a85a4440716f752c8f004330c9e2aa1a3c9886f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 20:06:40 +0200 Subject: [PATCH 295/362] nixos: services: matrix: remove obsolete comment --- modules/nixos/services/matrix/default.nix | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 837d1502..483a72ae 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -1,10 +1,4 @@ -# Matrix homeserver setup, using different endpoints for federation and client -# traffic. The main trick for this is defining two nginx servers endpoints for -# matrix.domain.com, each listening on different ports. -# -# Configuration shamelessly stolen from [1] -# -# [1]: https://github.com/alarsyo/nixos-config/blob/main/services/matrix.nix +# Matrix homeserver setup. { config, lib, pkgs, ... }: let From 30348a1e193318b1d8bbb8f6d828226f49e8eaa7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 22:28:22 +0200 Subject: [PATCH 296/362] nixos: services: matrix: add Facebook bridge I probably won't actually use it, after test-driving it quickly. But now that the effort has been expanded, might as well keep it if only as a future reference. --- modules/nixos/services/matrix/bridges.nix | 143 ++++++++++++++++++++++ modules/nixos/services/matrix/default.nix | 4 + 2 files changed, 147 insertions(+) create mode 100644 modules/nixos/services/matrix/bridges.nix diff --git a/modules/nixos/services/matrix/bridges.nix b/modules/nixos/services/matrix/bridges.nix new file mode 100644 index 00000000..70f4118a --- /dev/null +++ b/modules/nixos/services/matrix/bridges.nix @@ -0,0 +1,143 @@ +# Matrix bridges for some services I use +{ config, lib, ... }: +let + cfg = config.my.services.matrix.bridges; + synapseCfg = config.services.matrix-synapse; + + domain = config.networking.domain; + serverName = synapseCfg.settings.server_name; + + mkBridgeOption = n: lib.mkEnableOption "${n} bridge" // { default = cfg.enable; }; + mkPortOption = n: default: lib.mkOption { + type = lib.types.port; + inherit default; + example = 8080; + description = "${n} bridge port"; + }; + mkEnvironmentFileOption = n: lib.mkOption { + type = lib.types.str; + example = "/run/secret/matrix/${lib.toLower n}-bridge-secrets.env"; + description = '' + Path to a file which should contain the secret values for ${n} bridge. + + Using through the following format: + + ``` + MATRIX_APPSERVICE_AS_TOKEN= + MATRIX_APPSERVICE_HS_TOKEN= + ``` + + Each bridge should use a different set of secrets, as they each register + their own independent double-puppetting appservice. + ''; + }; +in +{ + options.my.services.matrix.bridges = with lib; { + enable = mkEnableOption "bridges configuration"; + + admin = mkOption { + type = types.str; + default = "ambroisie"; + example = "admin"; + description = "Local username for the admin"; + }; + + facebook = { + enable = mkBridgeOption "Facebook"; + + port = mkPortOption "Facebook" 29321; + + environmentFile = mkEnvironmentFileOption "Facebook"; + }; + }; + + config = lib.mkMerge [ + (lib.mkIf cfg.facebook.enable { + services.mautrix-meta.instances.facebook = { + enable = true; + # Automatically register the bridge with synapse + registerToSynapse = true; + + # Provide `AS_TOKEN`, `HS_TOKEN` + inherit (cfg.facebook) environmentFile; + + settings = { + homeserver = { + domain = serverName; + address = "http://localhost:${toString config.my.services.matrix.port}"; + }; + + appservice = { + hostname = "localhost"; + inherit (cfg.facebook) port; + address = "http://localhost:${toString cfg.facebook.port}"; + public_address = "https://facebook-bridge.${domain}"; + + as_token = "$MATRIX_APPSERVICE_AS_TOKEN"; + hs_token = "$MATRIX_APPSERVICE_HS_TOKEN"; + + bot = { + username = "fbbot"; + }; + }; + + backfill = { + enabled = true; + }; + + bridge = { + delivery_receipts = true; + permissions = { + "*" = "relay"; + ${serverName} = "user"; + "@${cfg.admin}:${serverName}" = "admin"; + }; + }; + + database = { + type = "postgres"; + uri = "postgres:///mautrix-meta-facebook?host=/var/run/postgresql/"; + }; + + double_puppet = { + secrets = { + ${serverName} = "as_token:$MATRIX_APPSERVICE_AS_TOKEN"; + }; + }; + + network = { + # Don't be picky on Facebook/Messenger + allow_messenger_com_on_fb = true; + displayname_template = ''{{or .DisplayName .Username "Unknown user"}} (FB)''; + }; + + provisioning = { + shared_secret = "disable"; + }; + }; + }; + + services.postgresql = { + enable = true; + ensureDatabases = [ "mautrix-meta-facebook" ]; + ensureUsers = [{ + name = "mautrix-meta-facebook"; + ensureDBOwnership = true; + }]; + }; + + systemd.services.mautrix-meta-facebook = { + wants = [ "postgres.service" ]; + after = [ "postgres.service" ]; + }; + + my.services.nginx.virtualHosts = { + # Proxy to the bridge + "facebook-bridge" = { + inherit (cfg.facebook) port; + }; + }; + }) + ]; +} diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 483a72ae..04d24a02 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -30,6 +30,10 @@ let ''; in { + imports = [ + ./bridges.nix + ]; + options.my.services.matrix = with lib; { enable = mkEnableOption "Matrix Synapse"; From b1c9279c637956d134793431e0760d71a0e8bd97 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 2 Aug 2025 14:46:32 +0200 Subject: [PATCH 297/362] nixos: services: add thelounge --- modules/nixos/services/default.nix | 1 + modules/nixos/services/thelounge/default.nix | 59 ++++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100644 modules/nixos/services/thelounge/default.nix diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 27f8765a..e03eca19 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -38,6 +38,7 @@ ./servarr ./ssh-server ./tandoor-recipes + ./thelounge ./tlp ./transmission ./vikunja diff --git a/modules/nixos/services/thelounge/default.nix b/modules/nixos/services/thelounge/default.nix new file mode 100644 index 00000000..e224839e --- /dev/null +++ b/modules/nixos/services/thelounge/default.nix @@ -0,0 +1,59 @@ +# Web IRC client +{ config, lib, ... }: +let + cfg = config.my.services.thelounge; +in +{ + options.my.services.thelounge = with lib; { + enable = mkEnableOption "The Lounge, a self-hosted web IRC client"; + + port = mkOption { + type = types.port; + default = 9050; + example = 4242; + description = "The port on which The Lounge will listen for incoming HTTP traffic."; + }; + }; + + config = lib.mkIf cfg.enable { + services.thelounge = { + enable = true; + inherit (cfg) port; + + extraConfig = { + reverseProxy = true; + }; + }; + + my.services.nginx.virtualHosts = { + irc = { + inherit (cfg) port; + # Proxy websockets for RPC + websocketsLocations = [ "/" ]; + + extraConfig = { + locations."/".extraConfig = '' + proxy_read_timeout 1d; + ''; + }; + }; + }; + + services.fail2ban.jails = { + thelounge = '' + enabled = true + filter = thelounge + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/thelounge.conf".text = '' + [Definition] + failregex = Authentication failed for user .* from $ + Authentication for non existing user attempted from $ + journalmatch = _SYSTEMD_UNIT=thelounge.service + ''; + }; + }; +} From 17ceaa5620c49c5445b99945475c477122637ce7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 6 Aug 2025 15:37:08 +0000 Subject: [PATCH 298/362] nixos: services: matrix: fix out-dated comments --- modules/nixos/services/matrix/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 04d24a02..97dec2e3 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -142,7 +142,7 @@ in locations = { # Or do a redirect instead of the 404, or whatever is appropriate # for you. But do not put a Matrix Web client here! See the - # Element web section below. + # Element web section above. "/".return = "404"; "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; @@ -168,7 +168,7 @@ in }; }; - # Those are too complicated to use my wrapper... + # Setup well-known locations services.nginx.virtualHosts = { "${domain}" = { forceSSL = true; From 8688206ff530dc8fc6da6d2e6e68dcc56dc77622 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 11 Aug 2025 10:05:13 +0000 Subject: [PATCH 299/362] flake: bump inputs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 080c212f..7ee0f96e 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1754337839, - "narHash": "sha256-fEc2/4YsJwtnLU7HCFMRckb0u9UNnDZmwGhXT5U5NTw=", + "lastModified": 1754433428, + "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", "owner": "ryantm", "repo": "agenix", - "rev": "856df6f6922845abd4fd958ce21febc07ca2fa45", + "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", "type": "github" }, "original": { @@ -53,11 +53,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1754091436, - "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1750779888, - "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "lastModified": 1754416808, + "narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1754365350, - "narHash": "sha256-NLWIkn1qM0wxtZu/2NXRaujWJ4Y1PSZlc7h0y6pOzOQ=", + "lastModified": 1754886238, + "narHash": "sha256-LTQomWOwG70lZR+78ZYSZ9sYELWNq3HJ7/tdHzfif/s=", "owner": "nix-community", "repo": "home-manager", - "rev": "c5d7e957397ecb7d48b99c928611c6e780db1b56", + "rev": "0d492b89d1993579e63b9dbdaed17fd7824834da", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1754372978, - "narHash": "sha256-ByII9p9ek0k9UADC/hT+i9ueM2mw0Zxiz+bOlydU6Oo=", + "lastModified": 1754725699, + "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9ebe222ec7ef9de52478f76cba3f0324c1d1119f", + "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", "type": "github" }, "original": { From 8c506ea03cfcbbc805eb5e9b26863fa5a0260400 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 8 Aug 2025 09:56:33 +0000 Subject: [PATCH 300/362] home: xdg: enable 'preferXdgDirectories' At the moment this only makes a difference for `dircolors`. --- modules/home/xdg/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index 803167fa..7a0c5179 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -56,4 +56,7 @@ in XCOMPOSECACHE = "${dataHome}/X11/xcompose"; _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java"; }; + + # Some modules *optionally* use `XDG_*_HOME` when told to + config.home.preferXdgDirectories = lib.mkIf cfg.enable true; } From 5f073875e63aadc7ac925b4fd078248d94f565cd Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 11 Aug 2025 10:18:35 +0000 Subject: [PATCH 301/362] home: tmux: use consistent commenting style --- modules/home/tmux/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 3ea047a2..e3e3dafb 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -61,8 +61,8 @@ in pain-control # Better session management sessionist + # X clipboard integration { - # X clipboard integration plugin = yank; extraConfig = '' # Use 'clipboard' because of misbehaving apps (e.g: firefox) @@ -71,8 +71,8 @@ in set -g @yank_action 'copy-pipe' ''; } + # Show when prefix has been pressed { - # Show when prefix has been pressed plugin = prefix-highlight; extraConfig = '' # Also show when I'm in copy or sync mode From e2ae3e02d91291327f883db2bf6fc6a14e269828 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 18 Aug 2025 11:00:38 +0000 Subject: [PATCH 302/362] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 7ee0f96e..f4d5f576 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1754416808, - "narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=", + "lastModified": 1755446520, + "narHash": "sha256-I0Ok1OGDwc1jPd8cs2VvAYZsHriUVFGIUqW+7uSsOUM=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864", + "rev": "4b04db83821b819bbbe32ed0a025b31e7971f22e", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1754886238, - "narHash": "sha256-LTQomWOwG70lZR+78ZYSZ9sYELWNq3HJ7/tdHzfif/s=", + "lastModified": 1755491080, + "narHash": "sha256-ib1Xi13NEalrFqQAHceRsb+6aIPANFuQq80SS/bY10M=", "owner": "nix-community", "repo": "home-manager", - "rev": "0d492b89d1993579e63b9dbdaed17fd7824834da", + "rev": "f8af2cbe386f9b96dd9efa57ab15a09377f38f4d", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1754725699, - "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", + "lastModified": 1755186698, + "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", + "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", "type": "github" }, "original": { From f3af8f9ba8b0042875d9c856cb6ec5b37889ddcb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 21 Aug 2025 12:06:37 +0000 Subject: [PATCH 303/362] home: atuin: remove bad comment Most likely a copy-paste error. --- modules/home/atuin/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/home/atuin/default.nix b/modules/home/atuin/default.nix index dbd9690a..40d2b04d 100644 --- a/modules/home/atuin/default.nix +++ b/modules/home/atuin/default.nix @@ -6,7 +6,6 @@ in options.my.home.atuin = with lib; { enable = my.mkDisableOption "atuin configuration"; - # I want the full experience by default package = mkPackageOption pkgs "atuin" { }; daemon = { From 1a109b6b1f48919cc07a2a3c853858e5900eede4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 26 Aug 2025 11:39:23 +0000 Subject: [PATCH 304/362] flake: bump inputs And fix a renamed package. --- flake.lock | 18 +++++++++--------- modules/nixos/profiles/x/default.nix | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index f4d5f576..ca1b4226 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1755446520, - "narHash": "sha256-I0Ok1OGDwc1jPd8cs2VvAYZsHriUVFGIUqW+7uSsOUM=", + "lastModified": 1755960406, + "narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "4b04db83821b819bbbe32ed0a025b31e7971f22e", + "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1755491080, - "narHash": "sha256-ib1Xi13NEalrFqQAHceRsb+6aIPANFuQq80SS/bY10M=", + "lastModified": 1756022458, + "narHash": "sha256-J1i35r4HfNDdPpwL0vOBaZopQudAUVtartEerc1Jryc=", "owner": "nix-community", "repo": "home-manager", - "rev": "f8af2cbe386f9b96dd9efa57ab15a09377f38f4d", + "rev": "9e3a33c0bcbc25619e540b9dfea372282f8a9740", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1755186698, - "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", + "lastModified": 1756125398, + "narHash": "sha256-XexyKZpf46cMiO5Vbj+dWSAXOnr285GHsMch8FBoHbc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", + "rev": "3b9f00d7a7bf68acd4c4abb9d43695afb04e03a5", "type": "github" }, "original": { diff --git a/modules/nixos/profiles/x/default.nix b/modules/nixos/profiles/x/default.nix index ea77939c..874f36f6 100644 --- a/modules/nixos/profiles/x/default.nix +++ b/modules/nixos/profiles/x/default.nix @@ -13,7 +13,7 @@ in # Nice wallpaper services.xserver.displayManager.lightdm.background = let - wallpapers = "${pkgs.plasma5Packages.plasma-workspace-wallpapers}/share/wallpapers"; + wallpapers = "${pkgs.kdePackages.plasma-workspace-wallpapers}/share/wallpapers"; in "${wallpapers}/summer_1am/contents/images/2560x1600.jpg"; From a889dfbb1a9ce76410e6655ba82616a4c20a3e71 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 26 Aug 2025 11:40:40 +0000 Subject: [PATCH 305/362] home: nix: fix renamed option --- modules/home/nix/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/nix/default.nix b/modules/home/nix/default.nix index c67cc6a1..2f435a8d 100644 --- a/modules/home/nix/default.nix +++ b/modules/home/nix/default.nix @@ -69,7 +69,7 @@ in automatic = true; # Every week, with some wiggle room - frequency = "weekly"; + dates = "weekly"; randomizedDelaySec = "10min"; # Use a persistent timer for e.g: laptops From 31147abd9176c9b8afbfa4924df0f589f041b3fc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 26 Aug 2025 13:07:41 +0000 Subject: [PATCH 306/362] home: add trgui --- modules/home/default.nix | 1 + modules/home/trgui/default.nix | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 modules/home/trgui/default.nix diff --git a/modules/home/default.nix b/modules/home/default.nix index 1c403778..ad3b9791 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -38,6 +38,7 @@ ./ssh ./terminal ./tmux + ./trgui ./udiskie ./vim ./wget diff --git a/modules/home/trgui/default.nix b/modules/home/trgui/default.nix new file mode 100644 index 00000000..ee545a98 --- /dev/null +++ b/modules/home/trgui/default.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.my.home.trgui; +in +{ + options.my.home.trgui = with lib; { + enable = mkEnableOption "Transmission GUI onfiguration"; + + package = mkPackageOption pkgs "TrguiNG" { default = "trgui-ng"; }; + }; + + config = lib.mkIf cfg.enable { + home.packages = with pkgs; [ + cfg.package + ]; + }; +} From 1800cb9daa62bf87d55b98baf84a0d2d9a70129c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 26 Aug 2025 13:08:58 +0000 Subject: [PATCH 307/362] hosts: nixos: aramis: use 'trgui' module --- hosts/nixos/aramis/home.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix index 221b1eae..75785821 100644 --- a/hosts/nixos/aramis/home.nix +++ b/hosts/nixos/aramis/home.nix @@ -20,7 +20,6 @@ element-desktop # Matrix client jellyfin-media-player # Wraps the webui and mpv together pavucontrol # Audio mixer GUI - trgui-ng # Transmission remote ]; # Minimal video player mpv.enable = true; @@ -28,6 +27,8 @@ nm-applet.enable = true; # Terminal terminal.program = "alacritty"; + # Transmission remote + trgui.enable = true; # Zathura document viewer zathura.enable = true; }; From 3fa1664b5c574632c67848e44c167c77cf638ccb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 21 Feb 2025 16:47:11 +0000 Subject: [PATCH 308/362] home: delta: use stand-alone configuration file Ideally, I'd like for `delta` to just read a configuration file at `$XDG_CONFIG_HOME/delta/config` by default, but upstream seems somewhat reticent to the idea :-/. So instead, let's keep relying on `git` being enabled, but rather than inlining the configuration, let's store it where I think it should belong and include it into `gitconfig`. --- modules/home/delta/default.nix | 59 ++++++++++++++++++++-------------- 1 file changed, 35 insertions(+), 24 deletions(-) diff --git a/modules/home/delta/default.nix b/modules/home/delta/default.nix index 58ee0311..16d3d597 100644 --- a/modules/home/delta/default.nix +++ b/modules/home/delta/default.nix @@ -1,6 +1,9 @@ { config, pkgs, lib, ... }: let cfg = config.my.home.delta; + + configFormat = pkgs.formats.gitIni { }; + configPath = "${config.xdg.configHome}/delta/config"; in { options.my.home.delta = with lib; { @@ -34,35 +37,43 @@ in home.packages = [ cfg.package ]; + xdg.configFile."delta/config".source = configFormat.generate "delta-config" { + delta = { + features = "diff-highlight decorations"; + + # Less jarring style for `diff-highlight` emulation + diff-highlight = { + minus-style = "red"; + minus-non-emph-style = "red"; + minus-emph-style = "bold red 52"; + + plus-style = "green"; + plus-non-emph-style = "green"; + plus-emph-style = "bold green 22"; + + whitespace-error-style = "reverse red"; + }; + + # Personal preference for easier reading + decorations = { + commit-style = "raw"; # Do not recolor meta information + keep-plus-minus-markers = true; + paging = "always"; + }; + }; + }; + programs.git = lib.mkIf cfg.git.enable { delta = { enable = true; inherit (cfg) package; - - options = { - features = "diff-highlight decorations"; - - # Less jarring style for `diff-highlight` emulation - diff-highlight = { - minus-style = "red"; - minus-non-emph-style = "red"; - minus-emph-style = "bold red 52"; - - plus-style = "green"; - plus-non-emph-style = "green"; - plus-emph-style = "bold green 22"; - - whitespace-error-style = "reverse red"; - }; - - # Personal preference for easier reading - decorations = { - commit-style = "raw"; # Do not recolor meta information - keep-plus-minus-markers = true; - paging = "always"; - }; - }; }; + + includes = [ + { + path = configPath; + } + ]; }; }; } From 3dd4f07609a8d8c9f15530745aa68ba458b943f3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 4 Sep 2025 11:35:39 +0000 Subject: [PATCH 309/362] hosts: nixos: aramis: home: drop 'jellyfin-media-player' It's about to be made broken due to using QtWebEngine 5, which is EOL and marked insecure in new nixpkgs. --- hosts/nixos/aramis/home.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix index 75785821..e8c99e41 100644 --- a/hosts/nixos/aramis/home.nix +++ b/hosts/nixos/aramis/home.nix @@ -18,7 +18,6 @@ # Machine specific packages packages.additionalPackages = with pkgs; [ element-desktop # Matrix client - jellyfin-media-player # Wraps the webui and mpv together pavucontrol # Audio mixer GUI ]; # Minimal video player From b9bc37d365c607bdda473c9f2a0a992f0e8f6cc0 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 4 Sep 2025 11:14:25 +0000 Subject: [PATCH 310/362] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index ca1b4226..e86674e1 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1754487366, - "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", + "rev": "4524271976b625a4a605beefd893f270620fd751", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1756022458, - "narHash": "sha256-J1i35r4HfNDdPpwL0vOBaZopQudAUVtartEerc1Jryc=", + "lastModified": 1756954499, + "narHash": "sha256-Pg4xBHzvzNY8l9x/rLWoJMnIR8ebG+xeU+IyqThIkqU=", "owner": "nix-community", "repo": "home-manager", - "rev": "9e3a33c0bcbc25619e540b9dfea372282f8a9740", + "rev": "ed1a98c375450dfccf427adacd2bfd1a7b22eb25", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1756125398, - "narHash": "sha256-XexyKZpf46cMiO5Vbj+dWSAXOnr285GHsMch8FBoHbc=", + "lastModified": 1756936398, + "narHash": "sha256-/o1TTpMIICpjrMHBilL9lYm/r69uhdK1L8j1pfY6tWU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3b9f00d7a7bf68acd4c4abb9d43695afb04e03a5", + "rev": "47f28ad9378956563df9a884fd1b209b64336ba3", "type": "github" }, "original": { From e6c95245b27e5ac6fbac237d222c56a39ba401f9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 4 Sep 2025 11:17:27 +0000 Subject: [PATCH 311/362] home: ssh: disable default config It's been deprecated. This also makes my `addKeysToAgent` configuration more explicit. --- modules/home/ssh/default.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/modules/home/ssh/default.nix b/modules/home/ssh/default.nix index 748b1957..b0b41675 100644 --- a/modules/home/ssh/default.nix +++ b/modules/home/ssh/default.nix @@ -17,6 +17,7 @@ in { programs.ssh = { enable = true; + enableDefaultConfig = false; includes = [ # Local configuration, not-versioned @@ -53,11 +54,12 @@ in identityFile = "~/.ssh/shared_rsa"; user = "ambroisie"; }; - }; - extraConfig = '' - AddKeysToAgent yes - ''; + # `*` is automatically made the last match block by the module + "*" = { + addKeysToAgent = "yes"; + }; + }; }; } From fa6bcabf95d8d1d860612880198271b6d31cbb0a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 11 Sep 2025 13:33:27 +0000 Subject: [PATCH 312/362] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index e86674e1..d5104222 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1755960406, - "narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=", + "lastModified": 1757588530, + "narHash": "sha256-tJ7A8mID3ct69n9WCvZ3PzIIl3rXTdptn/lZmqSS95U=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2", + "rev": "b084b2c2b6bc23e83bbfe583b03664eb0b18c411", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1756954499, - "narHash": "sha256-Pg4xBHzvzNY8l9x/rLWoJMnIR8ebG+xeU+IyqThIkqU=", + "lastModified": 1757578556, + "narHash": "sha256-w1PGkTGow5XzsjccV364No46rkuGxTqo7m/4cfhnkIk=", "owner": "nix-community", "repo": "home-manager", - "rev": "ed1a98c375450dfccf427adacd2bfd1a7b22eb25", + "rev": "b7112b12ea5b8c3aa6af344498ed9ca27dd03ba3", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1756936398, - "narHash": "sha256-/o1TTpMIICpjrMHBilL9lYm/r69uhdK1L8j1pfY6tWU=", + "lastModified": 1757487488, + "narHash": "sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/+G0lKfv4kk/5Izdg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "47f28ad9378956563df9a884fd1b209b64336ba3", + "rev": "ab0f3607a6c7486ea22229b92ed2d355f1482ee0", "type": "github" }, "original": { From 27da55519c74d63010d67153041aed789b9add97 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 25 Jul 2025 17:57:07 +0200 Subject: [PATCH 313/362] hosts: nixos: porthos: secrets: update cross-seed --- .../servarr/cross-seed/configuration.json.age | Bin 1528 -> 2031 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age index e319f3a823c4eb4c84b15f6630ea5fbf42f9092b..94fdf975d6418d394c62c42e572374b24865a776 100644 GIT binary patch delta 2009 zcmeyt{hohedfX?k{` z1y`7VVx&c?t9gk}QGTLxrkh!^t9em@esE}{g_)bXV|KY;V0m7Fd!m_FI+w1ULUD11 zZfc5=si~o*LRLV2d0x7Lc4U~PQL39qp1E1MdzE&0T786jgi(<}SWvRRr>}W=NOneY zrcYjImWfk2S4vnwc0qtaN}6SkajCw(qj8|KuW4wYgetwcC zm#(g^f^l-HWw5zNc~GcZlw(O$j#rLXR7JXTSaMlrp{u)Zm9JTfp`lNNdw8ZVSDWh2 z#!s*K@6<=xMeC=_?o%thNw!FzUK4zk}9+{djIX+e!sW%u-<*K zg`x6<({7nAg+QS)2}b2ZmsR#`cpQHtgw@qh{oS4Gr>yq1s#KP78(f|7M(2v?f%cFe zdK+w(Zm`yo-MD;X``@U5HMtds3LFpZa5q1Cf75z}isUzQ>VLkt(ynF|81>FrXLCH$ z&Wg1ktsTOTJ1K~>PqjR-D6s8Rtp3~@hpFB>^wx-#gs$M}+jXGsy0-4(1ewXs50~V9 zigIN*cem0SAT8vTwG@xF2&}V%g5S zbvLK-3d;z?W9>pkOWr#(XkWXVVP|5$)ZhG+qZ8B2YbTa}`trR_>-1!U!(B7G11l{bt?>D>|=Kub_=9QkS@T}J?SIitfI~6^tt!|Y)v2h;1n)1`V z^%<7OY!&Qdwto1vAxZbHfJdh+7gNxYqZbm7g{+Ugy6ZIe(uq2;z6)gUTv&2mIwWs} z`Jb6(eo-4|_i@JaeX8Aga9R4TNoQQjnCdU9=-tg%yWXYGos)OrL|50Lsa>f#I|Tn( zm;8>rDZ-*VTesuU&gWORr%Bgeue7R^~XAzs7N@4HA;{rsO9 z(lcKkSH8CF)vc%7PI{P}PhjU&yYZyV>r;N$oW#dc`PN(KH6K_c*=RX)jl4ik>7nF) zi}y3+>-Q_2J1E(mqogFoT;R$fBa%KTE2z-p=sQbU3)SaQ8?7D|xwkx1+x=Ulwobr`hivkGzlMSL?8Q-sbhbg}o$K$mIIH zn0HrR$J-qIx@KYe{<}(PTLeqJn~Z~X9<@w9f4_O%`H!FKAJtY##bwWRs!*8z{MRC` zI-BiZr>zmYS)$ z*m*YGcj9~FFg0lr+tj)MjT`d&KJjcaDB}82=PS>xrn-*l#vVq~IgZkasoUcwy?*9n zH#IWykeL|GQm@(g<#EC39dVNl8!f#inVDF< z$!ubHtf#Ue)$W-%d&^UW%1wOYr(Dfmq(9@P%IEI)U~jA!nzX*@t#PvD zDtUul9?IUFi#z5V4msEVsjKen0zdPe`3<|x6EvO#&f&HE_d~?})olj5HA3MR%BGr2 z_*Z=pntyD?-8F6pjf9_a2=2euvi3vMm(aqg=Y$zvh(BeT)V|(D)9IV@nu9!v*JR{n z&M`7N^;$&l_*0NFLr7&|#!U16tojWXxUPF{dfv<5`Qu`Q$PKIfAJ1iO80l}nptO9+ z?i90~zY5O$PSC#n$>b|9fBch~(ckU}{JdRZUvsv-eaW*k$0Qn;-O6fSw@bnP-KruH z#&1F$=Wd>1*mhZ}{V-cHgWhihiEFIvEw?Hz_}LitY2LL* zt@Z1oj|R+tZ+Ggb>@tQY@q5qN3J5UR2b!JHXuRSz#rx+HDSvbIJ)7;%?4Q(sVDEgB zDX|yxcpJEV-JA|Od%LWCbNvl}&yV&e`Toj}<$%nuu`;S@J6{!d_~ppE)|WJbR<50BIXQa& z+@HM~=S~$}b5jXYU(#)V<;K6#-sL^Wip$!Eo@>XNquY$E z7?Hu=vv9MR$YZ_4OQGumFMo6W5x^rP=Mt)AETV`3V z1(#E4QAJ@+N^qv5r>~)BvQubgdVynQWKwEazOiRuRf$n@d4RJ~l2Kr;1(&X!LUD11 zZfc5=si~o*LRLV2d0x7LTcA^FQMP_+ScYYkbCiF2Kz*uLx|y4Yvy+>npMhItskXmS zqIsZaWtO7}muXf=R=J;Zl8HxhR8p98WpSjBN1#htPF{*xP+m@HvU6p4X<2GTMrw)$ zm#(g^f>}hNuTxTJMdzPPBsB^Mmo>ycf*D2@n z37;fCdeuv+?>w+R<0Yeo{}QfuMmN)!+&k=0a;^TSYwE4IY0U~Q?{9Yfw0X#~C0&SF zX}+aS((K$VJ-bblR?1ZG`JdIke`#ik!jg~Af1G*t+V950$FnqoQUr|mohx^EF@65T z!^>7rb@N!fc}v>LkM#>r%T@8aynXUz(Vrc1N_9sTE>E4Nw7mX$h0l{u+OqtM1bTj@ z{(q8F`{LD`c_O|u&izgQ`QeY>?OCTZ*t+M1PUGCN>2JW}-2Va(cQ3Qqb*%S#`^L*J zG+q`LyViT9Zd*R-NA%IVo*yc{RKzX66}P)FtGzy)v4%Z9f!XkKo!$0ChYdC^i?TxQ zn;!e4|M;`7(CJ-Ed03yy+^*NF)SaH%BJzKE^2OXKtanWAHZ%#J&b~Tv%d`CgUAeXM zmqgG0v{sNa#44C8s9yZV?WjFxZhl>tDqUQvv?~1K4ePy1>-d}J>u|1KJ8x&IqfYo+ zv*Wuy^8DMJ_IAY~9#8ikC1JDBo^u^VY~lYmh;NKyxvQY*wpb@t-T7Qi$XnlQ^#W44 zZ`SP8{vYOUcPhZZFKDgXN`tTQ-^=Rxdu|@>URiWR^t<<$J0G5AKAz@imKnqS{_7*H z#FFImH@qBwus*nwkZR2-_kL^j^KWZC&P&xjDY@4u!1R1$kMd!|Dd)3Oj?a-1@bQuJ zGhz?e+$&-I#Jc~q!JT&{OXn-=ZTu><_0+@qFGA5bx1N1jc_%AC@a99t6+hbVFjPD* zlbM&YU~#mT=C-yyD6{*CAU zbAcA213k_z6ZG$z|4sdxvnDiormsueVi3I=hEAwk9|GFUKP*( zmVCWq#*6=IN3OVUo_;VjW9z5BgI6P(MYo&%yc#j-Pdb0amK!C$A9UOt4%p@|(ERo= zklTIkm2$WJ$%@ynyzZJ(QCwgDr_KO<~sq1K!1b7eBA@YG1o_ZS9v8 z<^gMpl?pxQNNIoN50~D4D9GRL(1pc$?pxUA*sb!4%qx!Ga!2Fh)W#z7ZdRxIg}XfB zp55k34$-WbeoQ+va{*q&I@m&wc zd^er?vXJvLKbtK3YbrlQ;`sKm-4o}XlD+TIschDg_~GD{&rUZ^itg#_SzfzD;_Y=d zZS&;ktru!-w(1*&1`97TayHfcbHvdhOU!CRc)|p!BKv182~T_$y*_L?x3k From 4c3e3d471fa61dcd5de24f0338b36e3b29c83f1f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 13 Sep 2025 19:10:39 +0200 Subject: [PATCH 314/362] modules: services: nginx: fix SSL renewal, again I'd previously fixed this in 1e10c6630b2c46bd40c2b23fa6a4f7c8fa751823, however NixOS has recently updated how the renewal units work [1], which broke it. [1]: https://github.com/NixOS/nixpkgs/pull/422076 --- modules/nixos/services/nginx/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index 1e9e38a8..ff530b0a 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -444,7 +444,7 @@ in }; }; - systemd.services."acme-${domain}" = { + systemd.services."acme-order-renew-${domain}" = { serviceConfig = { Environment = [ # Since I do a "weird" setup with a wildcard CNAME From 445b3d1422651d1604eda311f74ff0260386f76e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 18 Sep 2025 10:03:06 +0000 Subject: [PATCH 315/362] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index d5104222..b9c0fd5a 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1757588530, - "narHash": "sha256-tJ7A8mID3ct69n9WCvZ3PzIIl3rXTdptn/lZmqSS95U=", + "lastModified": 1758108966, + "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "b084b2c2b6bc23e83bbfe583b03664eb0b18c411", + "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1757578556, - "narHash": "sha256-w1PGkTGow5XzsjccV364No46rkuGxTqo7m/4cfhnkIk=", + "lastModified": 1758184248, + "narHash": "sha256-TOazVsj8D1LTGQ6q8xdtfoPs9Z+PiqUS952WvZPssR0=", "owner": "nix-community", "repo": "home-manager", - "rev": "b7112b12ea5b8c3aa6af344498ed9ca27dd03ba3", + "rev": "bf7056c6a2d893d80db18d06d7e730d6515aaae8", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1757487488, - "narHash": "sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/+G0lKfv4kk/5Izdg=", + "lastModified": 1758035966, + "narHash": "sha256-qqIJ3yxPiB0ZQTT9//nFGQYn8X/PBoJbofA7hRKZnmE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ab0f3607a6c7486ea22229b92ed2d355f1482ee0", + "rev": "8d4ddb19d03c65a36ad8d189d001dc32ffb0306b", "type": "github" }, "original": { From 9f9c1e571b7a871db4a19d9bfe7fc3ebf9b24875 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 15 Sep 2025 13:22:30 +0000 Subject: [PATCH 316/362] home: zsh: do not notify on 'home-manager news' --- modules/home/zsh/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 1e85ccec..3c1e5152 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -19,7 +19,7 @@ in "direnv reload" "fg" "git (?!push|pull|fetch)" - "home-manager (?!switch|build|news)" + "home-manager (?!switch|build)" "htop" "less" "man" From 5b47fc63656b7583fb427386339c7adce3cc7e97 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 3 Oct 2025 12:23:54 +0200 Subject: [PATCH 317/362] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index b9c0fd5a..1889e0ce 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "lastModified": 1759362264, + "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", + "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1758184248, - "narHash": "sha256-TOazVsj8D1LTGQ6q8xdtfoPs9Z+PiqUS952WvZPssR0=", + "lastModified": 1759337100, + "narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=", "owner": "nix-community", "repo": "home-manager", - "rev": "bf7056c6a2d893d80db18d06d7e730d6515aaae8", + "rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1758035966, - "narHash": "sha256-qqIJ3yxPiB0ZQTT9//nFGQYn8X/PBoJbofA7hRKZnmE=", + "lastModified": 1759422813, + "narHash": "sha256-WNkZqscW/dPLK5NMKH/jCkYMaVm/3KWgPmKMq65IXxk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8d4ddb19d03c65a36ad8d189d001dc32ffb0306b", + "rev": "2a7c84e1e740f004e0fe5c2577a63d1e659a496c", "type": "github" }, "original": { From 62533d435b9d86cf0c1271cd0a14ed73a67584f2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 3 Oct 2025 12:18:38 +0000 Subject: [PATCH 318/362] home: vim: lspconfig: use native configuration The `nvim-lspconfig` "framework" is being deprecated to use the native `vim.lsp.config` and `vim.lsp.enable` functionality. I _could_ remove the `is_executable` checks, as native LSP handling does _not_ loudly error out when enabling a server which isn't executable. However I think `:LspInfo` is more readable if I don't. --- .../home/vim/plugin/settings/lspconfig.lua | 57 ++++++------------- 1 file changed, 17 insertions(+), 40 deletions(-) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 7817d4c1..68158b21 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -1,4 +1,3 @@ -local lspconfig = require("lspconfig") local lsp = require("ambroisie.lsp") local utils = require("ambroisie.utils") @@ -25,59 +24,45 @@ vim.diagnostic.config({ -- Inform servers we are able to do completion, snippets, etc... local capabilities = require("cmp_nvim_lsp").default_capabilities() +-- Shared configuration +vim.lsp.config("*", { + capabilities = capabilities, + on_attach = lsp.on_attach, +}) + -- C/C++ if utils.is_executable("clangd") then - lspconfig.clangd.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("clangd") end -- Haskell if utils.is_executable("haskell-language-server-wrapper") then - lspconfig.hls.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("hls") end -- Nix if utils.is_executable("nil") then - lspconfig.nil_ls.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("nil_ls") end -- Python if utils.is_executable("pyright") then - lspconfig.pyright.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("pyright") end if utils.is_executable("ruff") then - lspconfig.ruff.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("ruff") end -- Rust if utils.is_executable("rust-analyzer") then - lspconfig.rust_analyzer.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("rust_analyzer") end -- Shell if utils.is_executable("bash-language-server") then - lspconfig.bashls.setup({ + vim.lsp.config("bashls", { filetypes = { "bash", "sh", "zsh" }, - capabilities = capabilities, - on_attach = lsp.on_attach, settings = { bashIde = { shfmt = { @@ -89,27 +74,19 @@ if utils.is_executable("bash-language-server") then }, }, }) + vim.lsp.enable("bashls") end -- Starlark if utils.is_executable("starpls") then - lspconfig.starpls.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("starpls") end -- Generic if utils.is_executable("harper-ls") then - lspconfig.harper_ls.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("harper_ls") end if utils.is_executable("typos-lsp") then - lspconfig.typos_lsp.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("typos_lsp") end From 6b1b5300cdc275422e1eab5cdc24b7f6f6798d1b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 3 Oct 2025 12:39:18 +0000 Subject: [PATCH 319/362] home: vim: lspconfig: simplify LSP config Despite what I just said in the previous commit, I decided to remove the `is_executable` checks and always enable all servers. I figured out that NeoVim actually handles `PATH` modifications pretty well in this scenario: making a previously unavailable server executable will automatically enable it. --- .../home/vim/plugin/settings/lspconfig.lua | 73 +++++++------------ 1 file changed, 26 insertions(+), 47 deletions(-) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 68158b21..1596e84a 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -30,38 +30,20 @@ vim.lsp.config("*", { on_attach = lsp.on_attach, }) --- C/C++ -if utils.is_executable("clangd") then - vim.lsp.enable("clangd") -end - --- Haskell -if utils.is_executable("haskell-language-server-wrapper") then - vim.lsp.enable("hls") -end - --- Nix -if utils.is_executable("nil") then - vim.lsp.enable("nil_ls") -end - --- Python -if utils.is_executable("pyright") then - vim.lsp.enable("pyright") -end - -if utils.is_executable("ruff") then - vim.lsp.enable("ruff") -end - --- Rust -if utils.is_executable("rust-analyzer") then - vim.lsp.enable("rust_analyzer") -end - --- Shell -if utils.is_executable("bash-language-server") then - vim.lsp.config("bashls", { +local servers = { + -- C/C++ + clangd = {}, + -- Haskell + hls = {}, + -- Nix + nil_ls = {}, + -- Python + pyright = {}, + ruff = {}, + -- Rust + rust_analyzer = {}, + -- Shell + bashls = { filetypes = { "bash", "sh", "zsh" }, settings = { bashIde = { @@ -73,20 +55,17 @@ if utils.is_executable("bash-language-server") then }, }, }, - }) - vim.lsp.enable("bashls") -end + }, + -- Starlark + starpls = {}, + -- Generic + harper_ls = {}, + typos_lsp = {}, +} --- Starlark -if utils.is_executable("starpls") then - vim.lsp.enable("starpls") -end - --- Generic -if utils.is_executable("harper-ls") then - vim.lsp.enable("harper_ls") -end - -if utils.is_executable("typos-lsp") then - vim.lsp.enable("typos_lsp") +for server, config in pairs(servers) do + if not vim.tbl_isempty(config) then + vim.lsp.config(server, config) + end + vim.lsp.enable(server) end From 2df05aaa1a2f85601df107f16bfec70b9239eab4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 Oct 2025 09:33:49 +0000 Subject: [PATCH 320/362] flake: bump inputs And fix a breaking change leading to an evaluation failure. --- flake.lock | 36 +++++++++++----------- modules/nixos/services/homebox/default.nix | 2 +- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index 1889e0ce..1a8a9347 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1754433428, - "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", + "lastModified": 1760836749, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", + "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1759362264, - "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1758108966, - "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", + "lastModified": 1760663237, + "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", + "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1759337100, - "narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=", + "lastModified": 1760969583, + "narHash": "sha256-vsf5mvR0xxK4GsfLx5bMJAQ4ysdrKymMIifNw+4TP7g=", "owner": "nix-community", "repo": "home-manager", - "rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3", + "rev": "c9d758b500e53db5b74aa02d17dc45b65229e8e9", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1759422813, - "narHash": "sha256-WNkZqscW/dPLK5NMKH/jCkYMaVm/3KWgPmKMq65IXxk=", + "lastModified": 1760878510, + "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2a7c84e1e740f004e0fe5c2577a63d1e659a496c", + "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", "type": "github" }, "original": { @@ -200,11 +200,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1753980880, - "narHash": "sha256-aj1pbYxL6N+XFqBHjB4B1QP0bnKRcg1AfpgT5zUFsW8=", + "lastModified": 1759781536, + "narHash": "sha256-v/X5gKmgVoGtu5elYyUu2w037PyWVhrqnWzXkLJ9xnY=", "owner": "nix-community", "repo": "NUR", - "rev": "16db3e61da7606984a05b4dfc33cd1d26d22fb22", + "rev": "c30a53a5947bcc874b3f8842e6fe5c34bc81d8dd", "type": "github" }, "original": { diff --git a/modules/nixos/services/homebox/default.nix b/modules/nixos/services/homebox/default.nix index 8ed5d776..524a6d73 100644 --- a/modules/nixos/services/homebox/default.nix +++ b/modules/nixos/services/homebox/default.nix @@ -39,7 +39,7 @@ in my.services.backup = { paths = [ - config.services.homebox.settings.HBOX_STORAGE_DATA + (lib.removePrefix "file://" config.services.homebox.settings.HBOX_STORAGE_CONN_STRING) ]; }; From 9ddc77958ab4c647df7173a3a5eee08ae88f926b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 Oct 2025 09:35:02 +0000 Subject: [PATCH 321/362] home: git: fix deprecated config --- modules/home/git/default.nix | 38 +++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index ca59a5fb..c3a51a0f 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -21,29 +21,31 @@ in config.programs.git = lib.mkIf cfg.enable { enable = true; - # Who am I? - userEmail = mkMailAddress "bruno" "belanyi.fr"; - userName = "Bruno BELANYI"; - inherit (cfg) package; - aliases = { - git = "!git"; - lol = "log --graph --decorate --pretty=oneline --abbrev-commit --topo-order"; - lola = "lol --all"; - assume = "update-index --assume-unchanged"; - unassume = "update-index --no-assume-unchanged"; - assumed = "!git ls-files -v | grep ^h | cut -c 3-"; - pick = "log -p -G"; - push-new = "!git push -u origin " - + ''"$(git branch | grep '^* ' | cut -f2- -d' ')"''; - root = "git rev-parse --show-toplevel"; - }; - lfs.enable = true; # There's more - extraConfig = { + settings = { + # Who am I? + user = { + email = mkMailAddress "bruno" "belanyi.fr"; + name = "Bruno BELANYI"; + }; + + alias = { + git = "!git"; + lol = "log --graph --decorate --pretty=oneline --abbrev-commit --topo-order"; + lola = "lol --all"; + assume = "update-index --assume-unchanged"; + unassume = "update-index --no-assume-unchanged"; + assumed = "!git ls-files -v | grep ^h | cut -c 3-"; + pick = "log -p -G"; + push-new = "!git push -u origin " + + ''"$(git branch | grep '^* ' | cut -f2- -d' ')"''; + root = "git rev-parse --show-toplevel"; + }; + # Makes it a bit more readable blame = { coloring = "repeatedLines"; From 4000a848ef21903b7d593160b509173c2fe81736 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 Oct 2025 09:39:19 +0000 Subject: [PATCH 322/362] home: delta: use upstream module --- modules/home/delta/default.nix | 42 +++++----------------------------- 1 file changed, 6 insertions(+), 36 deletions(-) diff --git a/modules/home/delta/default.nix b/modules/home/delta/default.nix index 16d3d597..e76edc60 100644 --- a/modules/home/delta/default.nix +++ b/modules/home/delta/default.nix @@ -1,9 +1,6 @@ { config, pkgs, lib, ... }: let cfg = config.my.home.delta; - - configFormat = pkgs.formats.gitIni { }; - configPath = "${config.xdg.configHome}/delta/config"; in { options.my.home.delta = with lib; { @@ -17,28 +14,14 @@ in }; config = lib.mkIf cfg.enable { - assertions = [ - { - # For its configuration - assertion = cfg.enable -> cfg.git.enable; - message = '' - `config.my.home.delta` must enable `config.my.home.delta.git` to be - properly configured. - ''; - } - { - assertion = cfg.enable -> config.programs.git.enable; - message = '' - `config.my.home.delta` relies on `config.programs.git` to be - enabled. - ''; - } - ]; + programs.delta = { + enable = true; - home.packages = [ cfg.package ]; + inherit (cfg) package; - xdg.configFile."delta/config".source = configFormat.generate "delta-config" { - delta = { + enableGitIntegration = cfg.git.enable; + + options = { features = "diff-highlight decorations"; # Less jarring style for `diff-highlight` emulation @@ -62,18 +45,5 @@ in }; }; }; - - programs.git = lib.mkIf cfg.git.enable { - delta = { - enable = true; - inherit (cfg) package; - }; - - includes = [ - { - path = configPath; - } - ]; - }; }; } From a20c8f820dcf77e0b0a75c67d2edf38d97488ba2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 27 Oct 2025 12:30:49 +0000 Subject: [PATCH 323/362] flake: bump inputs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 1a8a9347..f56e8f29 100644 --- a/flake.lock +++ b/flake.lock @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1760969583, - "narHash": "sha256-vsf5mvR0xxK4GsfLx5bMJAQ4ysdrKymMIifNw+4TP7g=", + "lastModified": 1761530345, + "narHash": "sha256-+9+YCK9Lh6GThkXu/8JTxMFUnImIdZpb8ElUh6/F5Y8=", "owner": "nix-community", "repo": "home-manager", - "rev": "c9d758b500e53db5b74aa02d17dc45b65229e8e9", + "rev": "bbaeb9f1c29e79bb1653b32c3d73244cdf4bd888", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "lastModified": 1761373498, + "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", "type": "github" }, "original": { From c536ee0136969aa1715e07939dfac9b02342f60d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 27 Oct 2025 12:31:12 +0000 Subject: [PATCH 324/362] home: zsh: add 'zsh-completion-sync' It's gated behind `completionSync.enable`, as it does make entering/leaving direnv-enabled projects slower (due to the calls to `compinit`). This might need a bit more work to avoid multiple `compinit`s at shell startup, will refine in the future if necessary. --- modules/home/zsh/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 3c1e5152..6c6a4693 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -8,6 +8,10 @@ in launchTmux = mkEnableOption "auto launch tmux at shell start"; + completionSync = { + enable = mkEnableOption "zsh-completion-sync plugin"; + }; + notify = { enable = mkEnableOption "zsh-done notification"; @@ -118,6 +122,18 @@ in }; } + (lib.mkIf cfg.completionSync.enable { + programs.zsh = { + plugins = [ + { + name = "zsh-completion-sync"; + file = "share/zsh-completion-sync/zsh-completion-sync.plugin.zsh"; + src = pkgs.zsh-completion-sync; + } + ]; + }; + }) + (lib.mkIf cfg.notify.enable { programs.zsh = { plugins = [ From 983bf0f7646ea2ebdff895751eea7054b9140b3a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 3 Nov 2025 17:22:29 +0100 Subject: [PATCH 325/362] nixos: services: nextcloud: bump to 32 --- modules/nixos/services/nextcloud/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index d8d4fce0..dd3b3868 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -35,7 +35,7 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud31; + package = pkgs.nextcloud32; hostName = "nextcloud.${config.networking.domain}"; home = "/var/lib/nextcloud"; maxUploadSize = cfg.maxSize; From 41c506749ef389c9a2f11dd3f3d17493892820f2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Nov 2025 14:39:11 +0000 Subject: [PATCH 326/362] flake: overlays: use 'lib' It's a `lib` function, not _really_ a Nixpkgs one. Also it's about to break after the next flake update :-). --- flake/overlays.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake/overlays.nix b/flake/overlays.nix index 0c47989d..c10afc33 100644 --- a/flake/overlays.nix +++ b/flake/overlays.nix @@ -1,4 +1,4 @@ -{ self, ... }: +{ self, lib, ... }: let default-overlays = import "${self}/overlays"; @@ -8,7 +8,7 @@ let # Expose my custom packages pkgs = _final: prev: { - ambroisie = prev.recurseIntoAttrs (import "${self}/pkgs" { pkgs = prev; }); + ambroisie = lib.recurseIntoAttrs (import "${self}/pkgs" { pkgs = prev; }); }; }; in From 44246b4ea146b1ca7b4687b35e0b833decb35b89 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 8 Nov 2025 11:56:25 +0000 Subject: [PATCH 327/362] flake: NUR has renamed its branch to 'main' --- flake.lock | 2 +- flake.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.lock b/flake.lock index f56e8f29..50f38e4e 100644 --- a/flake.lock +++ b/flake.lock @@ -209,7 +209,7 @@ }, "original": { "owner": "nix-community", - "ref": "master", + "ref": "main", "repo": "NUR", "type": "github" } diff --git a/flake.nix b/flake.nix index 50767290..0bdd180e 100644 --- a/flake.nix +++ b/flake.nix @@ -54,7 +54,7 @@ type = "github"; owner = "nix-community"; repo = "NUR"; - ref = "master"; + ref = "main"; inputs = { flake-parts.follows = "flake-parts"; nixpkgs.follows = "nixpkgs"; From fe681d3f16eea4d87d55d02c1e8e915eaaf415e6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Nov 2025 14:35:53 +0000 Subject: [PATCH 328/362] flake: bump inputs --- flake.lock | 54 ++++++++++++++++-------------------------------------- 1 file changed, 16 insertions(+), 38 deletions(-) diff --git a/flake.lock b/flake.lock index 50f38e4e..d95de526 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1760836749, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1761656077, + "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", "owner": "ryantm", "repo": "agenix", - "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", + "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1760948891, - "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "lastModified": 1762040540, + "narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "rev": "0010412d62a25d959151790968765a70c436598b", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1761530345, - "narHash": "sha256-+9+YCK9Lh6GThkXu/8JTxMFUnImIdZpb8ElUh6/F5Y8=", + "lastModified": 1762435363, + "narHash": "sha256-BTmHXtuuwVO1dRs6jPHcHCoO6+A7G3+GzrgeluiSkww=", "owner": "nix-community", "repo": "home-manager", - "rev": "bbaeb9f1c29e79bb1653b32c3d73244cdf4bd888", + "rev": "432bc8a5da66638b5f139588efd6c4bd327e4cdc", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1761373498, - "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", "type": "github" }, "original": { @@ -196,15 +196,14 @@ ], "nixpkgs": [ "nixpkgs" - ], - "treefmt-nix": "treefmt-nix" + ] }, "locked": { - "lastModified": 1759781536, - "narHash": "sha256-v/X5gKmgVoGtu5elYyUu2w037PyWVhrqnWzXkLJ9xnY=", + "lastModified": 1762602346, + "narHash": "sha256-BVzjmS25ihrfnfpfLD6gzXqMp9vP0hOyjIWkV0LP6E0=", "owner": "nix-community", "repo": "NUR", - "rev": "c30a53a5947bcc874b3f8842e6fe5c34bc81d8dd", + "rev": "fe5118da8d7e09651e0362ff130d194bc1441185", "type": "github" }, "original": { @@ -241,27 +240,6 @@ "repo": "default", "type": "github" } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nur", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733222881, - "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "49717b5af6f80172275d47a418c9719a31a78b53", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } } }, "root": "root", From 0ac983a71f8cec556babe577e65b513173143417 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 9 Oct 2025 10:47:23 +0000 Subject: [PATCH 329/362] home: vim: do not set 'background' explicitly Rely on the new behaviour from v0.10 which detects it more intelligently. --- modules/home/vim/init.vim | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index 39ef32e3..11429250 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -81,9 +81,6 @@ set updatetime=250 " Disable all mouse integrations set mouse= -" Set dark mode by default -set background=dark - " Setup some overrides for gruvbox lua << EOF local gruvbox = require("gruvbox") From bbdbc1e55cb8b2125b2ece2ff1c9d4c5922d821b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 28 Oct 2025 12:43:53 +0000 Subject: [PATCH 330/362] home: vim: ftdetect: remove glsl GLSL is now correctly detected starting with v0.11. This reverts commit b8b64bed8e4b3d8d109e7dcf38f69a4242142ec3. --- modules/home/vim/ftdetect/glsl.lua | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 modules/home/vim/ftdetect/glsl.lua diff --git a/modules/home/vim/ftdetect/glsl.lua b/modules/home/vim/ftdetect/glsl.lua deleted file mode 100644 index 2f4f1ddd..00000000 --- a/modules/home/vim/ftdetect/glsl.lua +++ /dev/null @@ -1,7 +0,0 @@ --- Use GLSL filetype for common shader file extensions -vim.filetype.add({ - extension = { - frag = "glsl", - vert = "glsl", - }, -}) From 6e73c936b09d46c8427963b5139588804aceddaa Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 7 Nov 2025 14:48:49 +0000 Subject: [PATCH 331/362] home: zsh: fix plug-in path The upstream commit [1] said it was a non-breaking change, but didn't actually setup the symlinks for this package... [1]: 10f01ded353d5a76c6acbecaa0ac5e5063f60c13 --- modules/home/zsh/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 6c6a4693..95242628 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -72,7 +72,7 @@ in plugins = [ { name = "fast-syntax-highlighting"; - file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh"; + file = "share/zsh/plugins/fast-syntax-highlighting/fast-syntax-highlighting.plugin.zsh"; src = pkgs.zsh-fast-syntax-highlighting; } { From 1b4111e28fc68d5b4592f3238854ba1164443c7e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 8 Nov 2025 22:12:42 +0100 Subject: [PATCH 332/362] nixos: services: nextcloud: use declarative apps Now that the `notify_push` module declaratively installs _its_ app [1], I should declaratively install _all_ apps. [1]: https://github.com/NixOS/nixpkgs/pull/451501 --- modules/nixos/services/nextcloud/collabora.nix | 6 ++++++ modules/nixos/services/nextcloud/default.nix | 10 ++++++++++ 2 files changed, 16 insertions(+) diff --git a/modules/nixos/services/nextcloud/collabora.nix b/modules/nixos/services/nextcloud/collabora.nix index f8f42a77..408b232e 100644 --- a/modules/nixos/services/nextcloud/collabora.nix +++ b/modules/nixos/services/nextcloud/collabora.nix @@ -16,6 +16,12 @@ in }; config = lib.mkIf cfg.enable { + services.nextcloud = { + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) richdocuments; + }; + }; + services.collabora-online = { enable = true; inherit (cfg) port; diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index dd3b3868..24515ffe 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -62,6 +62,16 @@ in # Allow using the push service without hard-coding my IP in the configuration bendDomainToLocalhost = true; }; + + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) + calendar + contacts + deck + tasks + ; + # notify_push is automatically installed by the module + }; }; # The service above configures the domain, no need for my wrapper From 6124d07c1b846d316e03e78a3cb65a77ce2e9832 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Nov 2025 12:35:54 +0100 Subject: [PATCH 333/362] flake: bump inputs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index d95de526..b0414094 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1761656077, - "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1762040540, - "narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=", + "lastModified": 1762980239, + "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "0010412d62a25d959151790968765a70c436598b", + "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1760663237, - "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", + "lastModified": 1763319842, + "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", + "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1762435363, - "narHash": "sha256-BTmHXtuuwVO1dRs6jPHcHCoO6+A7G3+GzrgeluiSkww=", + "lastModified": 1763313531, + "narHash": "sha256-yvdCYUL85zEDp2NzPUBmaNBXP6KnWEOhAk3j7PTfsKw=", "owner": "nix-community", "repo": "home-manager", - "rev": "432bc8a5da66638b5f139588efd6c4bd327e4cdc", + "rev": "3670a78eee49deebe4825fc8ecc46b172d1a8391", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "lastModified": 1763283776, + "narHash": "sha256-Y7TDFPK4GlqrKrivOcsHG8xSGqQx3A6c+i7novT85Uk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "rev": "50a96edd8d0db6cc8db57dab6bb6d6ee1f3dc49a", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1762602346, - "narHash": "sha256-BVzjmS25ihrfnfpfLD6gzXqMp9vP0hOyjIWkV0LP6E0=", + "lastModified": 1763378400, + "narHash": "sha256-9eZj8GNTBYnI8PQf9n8m9XbFCA/ugQ5r7sylY9DEx9M=", "owner": "nix-community", "repo": "NUR", - "rev": "fe5118da8d7e09651e0362ff130d194bc1441185", + "rev": "6bd477535ba71aa22d2712c8735c92812a1c74dc", "type": "github" }, "original": { From ad6a0bf4d3e5c5914160b2f427ef153d534b1030 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Nov 2025 22:36:18 +0100 Subject: [PATCH 334/362] nixos: services: mealie: extend session timeout --- modules/nixos/services/mealie/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 8c02398c..837bff29 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -32,6 +32,7 @@ in BASE_URL = "https://mealie.${config.networking.domain}"; TZ = config.time.timeZone; ALLOw_SIGNUP = "false"; + TOKEN_TIME = 24 * 180; # 180 days }; # Automatic PostgreSQL provisioning From 127e26b259624c6a57bc839abdde4f245c3099b8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Nov 2025 12:38:30 +0100 Subject: [PATCH 335/362] nixos: services: transmission: use high file limit Seeding a lot of files means keeping them all open. The actual limit was cargo-culted from an open issue. --- modules/nixos/services/transmission/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index ddd77d4b..2ed01fd0 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -71,10 +71,12 @@ in }; }; - # Transmission wants to eat *all* my RAM if left to its own devices systemd.services.transmission = { serviceConfig = { + # Transmission wants to eat *all* my RAM if left to its own devices MemoryMax = "33%"; + # Avoid errors due to high number of open files. + LimitNOFILE = 1048576; }; }; From b37bde6eaf150033149d0bbd5d924d0f9fb4b145 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Nov 2025 12:45:22 +0100 Subject: [PATCH 336/362] nixos: services: transmission: use longer timeout It looks like Transmission takes time roughly proportional with the number of open files to stop, so let's increase the timeout slightly. --- modules/nixos/services/transmission/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index 2ed01fd0..6a7fbc72 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -77,6 +77,8 @@ in MemoryMax = "33%"; # Avoid errors due to high number of open files. LimitNOFILE = 1048576; + # Longer stop timeout to finish all torrents + TimeoutStopSec = "5m"; }; }; From 29fb7c5066132e12b98a6cb7a7f9ba3c5460d8c1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Nov 2025 13:57:48 +0000 Subject: [PATCH 337/362] home: discord: use upstream module --- modules/home/discord/default.nix | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/modules/home/discord/default.nix b/modules/home/discord/default.nix index bfa5d40e..f9892df3 100644 --- a/modules/home/discord/default.nix +++ b/modules/home/discord/default.nix @@ -1,8 +1,6 @@ { config, lib, pkgs, ... }: let cfg = config.my.home.discord; - - jsonFormat = pkgs.formats.json { }; in { options.my.home.discord = with lib; { @@ -12,14 +10,15 @@ in }; config = lib.mkIf cfg.enable { - home.packages = with pkgs; [ - cfg.package - ]; + programs.discord = { + enable = true; - xdg.configFile."discord/settings.json".source = - jsonFormat.generate "discord.json" { + inherit (cfg) package; + + settings = { # Do not keep me from using the app just to force an update SKIP_HOST_UPDATE = true; }; + }; }; } From 3020c6433b0056aa805cdabd8d4c30f82cfb47e4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 30 Nov 2025 00:20:07 +0100 Subject: [PATCH 338/362] flake: bump inputs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index b0414094..b84e16d7 100644 --- a/flake.lock +++ b/flake.lock @@ -53,11 +53,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1762980239, - "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1763319842, - "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=", + "lastModified": 1763988335, + "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761", + "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1763313531, - "narHash": "sha256-yvdCYUL85zEDp2NzPUBmaNBXP6KnWEOhAk3j7PTfsKw=", + "lastModified": 1764361670, + "narHash": "sha256-jgWzgpIaHbL3USIq0gihZeuy1lLf2YSfwvWEwnfAJUw=", "owner": "nix-community", "repo": "home-manager", - "rev": "3670a78eee49deebe4825fc8ecc46b172d1a8391", + "rev": "780be8ef503a28939cf9dc7996b48ffb1a3e04c6", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1763283776, - "narHash": "sha256-Y7TDFPK4GlqrKrivOcsHG8xSGqQx3A6c+i7novT85Uk=", + "lastModified": 1764242076, + "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "50a96edd8d0db6cc8db57dab6bb6d6ee1f3dc49a", + "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1763378400, - "narHash": "sha256-9eZj8GNTBYnI8PQf9n8m9XbFCA/ugQ5r7sylY9DEx9M=", + "lastModified": 1764449851, + "narHash": "sha256-VnodC1+3KML8MYLLnK84E6U2Fz4ioNacOeQd1pMCSTw=", "owner": "nix-community", "repo": "NUR", - "rev": "6bd477535ba71aa22d2712c8735c92812a1c74dc", + "rev": "b1781c0aa8935d8d1f35d228bcc7127fcebcd363", "type": "github" }, "original": { From f546f85037bf23f105a721132f06ab3a562d38f7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 22 Nov 2025 23:34:06 +0100 Subject: [PATCH 339/362] hosts: nixos: porthos: secrets: sso: remove owner Now that the service uses `LoadCredential` [1], I can make the files root-owned. [1]: https://github.com/NixOS/nixpkgs/pull/460305 --- hosts/nixos/porthos/secrets/secrets.nix | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index b3812b43..f1842b4c 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -83,18 +83,9 @@ in "servarr/autobrr/session-secret.age".publicKeys = all; "servarr/cross-seed/configuration.json.age".publicKeys = all; - "sso/auth-key.age" = { - owner = "nginx-sso"; - publicKeys = all; - }; - "sso/ambroisie/password-hash.age" = { - owner = "nginx-sso"; - publicKeys = all; - }; - "sso/ambroisie/totp-secret.age" = { - owner = "nginx-sso"; - publicKeys = all; - }; + "sso/auth-key.age".publicKeys = all; + "sso/ambroisie/password-hash.age".publicKeys = all; + "sso/ambroisie/totp-secret.age".publicKeys = all; "tandoor-recipes/secret-key.age".publicKeys = all; From 5cd9155a5838d54c3606f6b0851e54252ea0774c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 23 Nov 2025 17:08:35 +0100 Subject: [PATCH 340/362] nixos: services: mealie: backup state directory Somehow forgot to do this when first writing the module. --- modules/nixos/services/mealie/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 837bff29..f3774e17 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -54,6 +54,12 @@ in }; }; + my.services.backup = { + paths = [ + "/var/lib/mealie" + ]; + }; + services.fail2ban.jails = { mealie = '' enabled = true From ddc6cd37adbb80960e8c99ddbb549057b64126ed Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 11 Dec 2025 21:00:17 +0100 Subject: [PATCH 341/362] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index b84e16d7..fd6173b9 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1763988335, - "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=", + "lastModified": 1765464257, + "narHash": "sha256-dixPWKiHzh80PtD0aLuxYNQ0xP+843dfXG/yM3OzaYQ=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce", + "rev": "09e45f2598e1a8499c3594fe11ec2943f34fe509", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1764361670, - "narHash": "sha256-jgWzgpIaHbL3USIq0gihZeuy1lLf2YSfwvWEwnfAJUw=", + "lastModified": 1765480374, + "narHash": "sha256-HlbvQAqLx7WqZFFQZ8nu5UUJAVlXiV/kqKbyueA8srw=", "owner": "nix-community", "repo": "home-manager", - "rev": "780be8ef503a28939cf9dc7996b48ffb1a3e04c6", + "rev": "39cb677ed9e908e90478aa9fe5f3383dfc1a63f3", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1764242076, - "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", + "lastModified": 1765186076, + "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", + "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1764449851, - "narHash": "sha256-VnodC1+3KML8MYLLnK84E6U2Fz4ioNacOeQd1pMCSTw=", + "lastModified": 1765481746, + "narHash": "sha256-oWDp4EMOXvPZSC5ZVdg90K7EFgUGvxmrFAwA/1hJ/j4=", "owner": "nix-community", "repo": "NUR", - "rev": "b1781c0aa8935d8d1f35d228bcc7127fcebcd363", + "rev": "2b2d6d53d6a66d1be2d8620024cc61ad986bcee2", "type": "github" }, "original": { From bf428aaeca03be801b53396eeba5ab73fab7c297 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 2 Dec 2025 12:34:42 +0000 Subject: [PATCH 342/362] nixos: hardware: graphics: remove 'amdvlk' It's been fully deprecated, the package was removed. --- modules/nixos/hardware/graphics/default.nix | 9 --------- 1 file changed, 9 deletions(-) diff --git a/modules/nixos/hardware/graphics/default.nix b/modules/nixos/hardware/graphics/default.nix index 7d8b359c..4b6eb375 100644 --- a/modules/nixos/hardware/graphics/default.nix +++ b/modules/nixos/hardware/graphics/default.nix @@ -15,8 +15,6 @@ in amd = { enableKernelModule = lib.my.mkDisableOption "Kernel driver module"; - - amdvlk = lib.mkEnableOption "Use AMDVLK instead of Mesa RADV driver"; }; intel = { @@ -35,13 +33,6 @@ in (lib.mkIf (cfg.gpuFlavor == "amd") { hardware.amdgpu = { initrd.enable = cfg.amd.enableKernelModule; - # Vulkan - amdvlk = lib.mkIf cfg.amd.amdvlk { - enable = true; - support32Bit = { - enable = true; - }; - }; }; hardware.graphics = { From 88024f16e59eb35dc1f13ff17626126604424ff6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 20 Dec 2025 14:56:25 +0000 Subject: [PATCH 343/362] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index fd6173b9..c8c20733 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "lastModified": 1765835352, + "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "rev": "a34fae9c08a15ad73f295041fec82323541400a9", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1765464257, - "narHash": "sha256-dixPWKiHzh80PtD0aLuxYNQ0xP+843dfXG/yM3OzaYQ=", + "lastModified": 1765911976, + "narHash": "sha256-t3T/xm8zstHRLx+pIHxVpQTiySbKqcQbK+r+01XVKc0=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "09e45f2598e1a8499c3594fe11ec2943f34fe509", + "rev": "b68b780b69702a090c8bb1b973bab13756cc7a27", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1765480374, - "narHash": "sha256-HlbvQAqLx7WqZFFQZ8nu5UUJAVlXiV/kqKbyueA8srw=", + "lastModified": 1766171975, + "narHash": "sha256-47Ee0bTidhF/3/sHuYnWRuxcCrrm0mBNDxBkOTd3wWQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "39cb677ed9e908e90478aa9fe5f3383dfc1a63f3", + "rev": "bb35f07cc95a73aacbaf1f7f46bb8a3f40f265b5", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1765186076, - "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", + "lastModified": 1766070988, + "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", + "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1765481746, - "narHash": "sha256-oWDp4EMOXvPZSC5ZVdg90K7EFgUGvxmrFAwA/1hJ/j4=", + "lastModified": 1766242030, + "narHash": "sha256-GdaKIZrzm4fbFf9jBVmeQFZTwYPxUlSTZrSId/JNMAU=", "owner": "nix-community", "repo": "NUR", - "rev": "2b2d6d53d6a66d1be2d8620024cc61ad986bcee2", + "rev": "30006228925f07c5c2a270bb95dc8da35d9942dc", "type": "github" }, "original": { From 7202fa191197d24c05b621a643bd4b07f13f8a43 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 20 Dec 2025 13:43:06 +0000 Subject: [PATCH 344/362] home: firefox: do not trim URLs --- modules/home/firefox/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/firefox/default.nix b/modules/home/firefox/default.nix index 6346dc9b..19a008cc 100644 --- a/modules/home/firefox/default.nix +++ b/modules/home/firefox/default.nix @@ -52,6 +52,7 @@ in "browser.newtabpage.activity-stream.feeds.sections" = false; "browser.newtabpage.activity-stream.feeds.system.topstories" = false; # Disable top stories "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; # Disable pocket + "browser.urlbar.trimURLs" = false; # Always show the `http://` prefix "extensions.pocket.enabled" = false; # Disable pocket "media.eme.enabled" = true; # Enable DRM "media.gmp-widevinecdm.enabled" = true; # Enable DRM From 852ded641a1e47b9cd95c5aaf3a3a2c1c6e01e38 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 26 Jan 2026 16:53:16 +0000 Subject: [PATCH 345/362] home: vim: lua: move 'list_clients' to lsp' --- modules/home/vim/lua/ambroisie/lsp.lua | 14 ++++++++++++++ modules/home/vim/lua/ambroisie/utils.lua | 14 -------------- modules/home/vim/plugin/settings/lualine.lua | 4 ++-- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index fef04873..05ca47a9 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -85,4 +85,18 @@ M.on_attach = function(client, bufnr) wk.add(keys) end +--- list all active LSP clients for specific buffer, or all buffers +--- @param bufnr int? buffer number +--- @return table all active LSP client names +M.list_clients = function(bufnr) + local clients = vim.lsp.get_clients({ bufnr = bufnr }) + local names = {} + + for _, client in ipairs(clients) do + table.insert(names, client.name) + end + + return names +end + return M diff --git a/modules/home/vim/lua/ambroisie/utils.lua b/modules/home/vim/lua/ambroisie/utils.lua index 0ee7c83b..482325e5 100644 --- a/modules/home/vim/lua/ambroisie/utils.lua +++ b/modules/home/vim/lua/ambroisie/utils.lua @@ -34,20 +34,6 @@ M.is_ssh = function() return false end ---- list all active LSP clients for specific buffer, or all buffers ---- @param bufnr int? buffer number ---- @return table all active LSP client names -M.list_lsp_clients = function(bufnr) - local clients = vim.lsp.get_clients({ bufnr = bufnr }) - local names = {} - - for _, client in ipairs(clients) do - table.insert(names, client.name) - end - - return names -end - --- partially apply a function with given arguments M.partial = function(f, ...) local a = { ... } diff --git a/modules/home/vim/plugin/settings/lualine.lua b/modules/home/vim/plugin/settings/lualine.lua index bbe46475..2dbc916e 100644 --- a/modules/home/vim/plugin/settings/lualine.lua +++ b/modules/home/vim/plugin/settings/lualine.lua @@ -1,6 +1,6 @@ local lualine = require("lualine") local oil = require("oil") -local utils = require("ambroisie.utils") +local lsp = require("ambroisie.lsp") local function list_spell_languages() if not vim.opt.spell:get() then @@ -11,7 +11,7 @@ local function list_spell_languages() end local function list_lsp_clients() - local client_names = utils.list_lsp_clients(0) + local client_names = lsp.list_clients(0) if #client_names == 0 then return "" From 034a432c8e408aeb606e4100b1758a956124328f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 26 Jan 2026 16:57:25 +0000 Subject: [PATCH 346/362] home: vim: null-ls: use 'partial' Just noticed that 'is_executable_condition' wasn't necessary now that I have this more generic solution. --- modules/home/vim/plugin/settings/null-ls.lua | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/home/vim/plugin/settings/null-ls.lua b/modules/home/vim/plugin/settings/null-ls.lua index 258a2094..00295bcc 100644 --- a/modules/home/vim/plugin/settings/null-ls.lua +++ b/modules/home/vim/plugin/settings/null-ls.lua @@ -10,11 +10,11 @@ null_ls.setup({ null_ls.register({ null_ls.builtins.diagnostics.buildifier.with({ -- Only used if available - condition = utils.is_executable_condition("buildifier"), + condition = utils.partial(utils.is_executable, "buildifier"), }), null_ls.builtins.formatting.buildifier.with({ -- Only used if available - condition = utils.is_executable_condition("buildifier"), + condition = utils.partial(utils.is_executable, "buildifier"), }), }) @@ -22,7 +22,7 @@ null_ls.register({ null_ls.register({ null_ls.builtins.formatting.nixpkgs_fmt.with({ -- Only used if available - condition = utils.is_executable_condition("nixpkgs-fmt"), + condition = utils.partial(utils.is_executable, "nixpkgs-fmt"), }), }) @@ -30,19 +30,19 @@ null_ls.register({ null_ls.register({ null_ls.builtins.diagnostics.mypy.with({ -- Only used if available - condition = utils.is_executable_condition("mypy"), + condition = utils.partial(utils.is_executable, "mypy"), }), null_ls.builtins.diagnostics.pylint.with({ -- Only used if available - condition = utils.is_executable_condition("pylint"), + condition = utils.partial(utils.is_executable, "pylint"), }), null_ls.builtins.formatting.black.with({ extra_args = { "--fast" }, -- Only used if available - condition = utils.is_executable_condition("black"), + condition = utils.partial(utils.is_executable, "black"), }), null_ls.builtins.formatting.isort.with({ -- Only used if available - condition = utils.is_executable_condition("isort"), + condition = utils.partial(utils.is_executable, "isort"), }), }) From ab34234c8392130d0158940d761dfa2923d527bf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 26 Jan 2026 16:57:25 +0000 Subject: [PATCH 347/362] home: vim: lua: remove 'is_executable_condition' --- modules/home/vim/lua/ambroisie/utils.lua | 9 --------- 1 file changed, 9 deletions(-) diff --git a/modules/home/vim/lua/ambroisie/utils.lua b/modules/home/vim/lua/ambroisie/utils.lua index 482325e5..5cb8df10 100644 --- a/modules/home/vim/lua/ambroisie/utils.lua +++ b/modules/home/vim/lua/ambroisie/utils.lua @@ -7,15 +7,6 @@ M.is_executable = function(cmd) return cmd and vim.fn.executable(cmd) == 1 end ---- return a function that checks if a given command is executable ---- @param cmd string? command to check ---- @return fun(): boolean executable -M.is_executable_condition = function(cmd) - return function() - return M.is_executable(cmd) - end -end - --- whether or not we are currently in an SSH connection --- @return boolean ssh connection M.is_ssh = function() From 69b9480aa10d6cedcad2d31048dfe2dea1fdeac1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 20 Jan 2026 11:43:50 +0000 Subject: [PATCH 348/362] home: vim: git: use consistent textobject names Specifically, use a lower-case name, to be consistent with all other textobjects. --- modules/home/vim/plugin/settings/git.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua index b9b92a69..fcae4252 100644 --- a/modules/home/vim/plugin/settings/git.lua +++ b/modules/home/vim/plugin/settings/git.lua @@ -57,12 +57,12 @@ local keys = { local objects = { mode = "o", - { "ih", gitsigns.select_hunk, desc = "Git hunk" }, + { "ih", gitsigns.select_hunk, desc = "git hunk" }, } -- Visual local visual = { mode = { "x" }, - { "ih", gitsigns.select_hunk, desc = "Git hunk" }, + { "ih", gitsigns.select_hunk, desc = "git hunk" }, { "g", group = "Git" }, { "gp", gitsigns.preview_hunk, desc = "Preview selection" }, { "gr", make_visual(gitsigns.reset_hunk), desc = "Restore selection" }, From 47ca4ed61cd328aff79cbec8f933e396ef53ffb8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 19 Jan 2026 16:01:37 +0000 Subject: [PATCH 349/362] overlays: add 'nvim-treesitter-legacy-shim' There has been a major breaking change upstream, as they have merged updated the plug-in to its (majorly incompatible) main branch rewrite. To make the upgrade process easier, this overlay ensures my configuration will keep evaluating with the legacy plug-in variant. --- .../nvim-treesitter-legacy-shim/default.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 overlays/nvim-treesitter-legacy-shim/default.nix diff --git a/overlays/nvim-treesitter-legacy-shim/default.nix b/overlays/nvim-treesitter-legacy-shim/default.nix new file mode 100644 index 00000000..d629f717 --- /dev/null +++ b/overlays/nvim-treesitter-legacy-shim/default.nix @@ -0,0 +1,18 @@ +final: prev: +let + inherit (final) lib; + overrides = final: prev: + let + hasLegacyPackage = prev ? nvim-treesitter-legacy; + in + { + nvim-treesitter-textobjects-legacy = prev.nvim-treesitter-textobjects.overrideAttrs { + dependencies = [ final.nvim-treesitter-legacy ]; + }; + } // (lib.optionalAttrs (!hasLegacyPackage) { + nvim-treesitter-legacy = final.nvim-treesitter; + }); +in +{ + vimPlugins = prev.vimPlugins.extend (overrides); +} From 28a36cfdaab7154ec1eec5534963829edd89da83 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 20 Jan 2026 11:33:16 +0000 Subject: [PATCH 350/362] home: vim: use legacy 'nvim-treesitter' plug-ins --- modules/home/vim/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 930a853a..726d4870 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -60,8 +60,8 @@ in nvim-lspconfig # Easy LSP configuration lsp-format-nvim # Simplified formatting configuration none-ls-nvim # LSP integration for linters and formatters - nvim-treesitter.withAllGrammars # Better highlighting - nvim-treesitter-textobjects # More textobjects + nvim-treesitter-legacy.withAllGrammars # Better highlighting + nvim-treesitter-textobjects-legacy # More textobjects plenary-nvim # 'null-ls', 'telescope' dependency # Completion From dbd7e077e5f23f3b6f2c42b1c55d9180680c6faf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 19 Jan 2026 18:12:55 +0000 Subject: [PATCH 351/362] flake: bump inputs --- flake.lock | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/flake.lock b/flake.lock index c8c20733..3f7a9b57 100644 --- a/flake.lock +++ b/flake.lock @@ -53,15 +53,15 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", - "owner": "edolstra", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { - "owner": "edolstra", + "owner": "NixOS", "repo": "flake-compat", "type": "github" } @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1765835352, - "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "a34fae9c08a15ad73f295041fec82323541400a9", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1765911976, - "narHash": "sha256-t3T/xm8zstHRLx+pIHxVpQTiySbKqcQbK+r+01XVKc0=", + "lastModified": 1769069492, + "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "b68b780b69702a090c8bb1b973bab13756cc7a27", + "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1766171975, - "narHash": "sha256-47Ee0bTidhF/3/sHuYnWRuxcCrrm0mBNDxBkOTd3wWQ=", + "lastModified": 1769442288, + "narHash": "sha256-p+Xqr+P22TYW2RqbwccSd4UlUDEwl7PnoW3qiH8wVoE=", "owner": "nix-community", "repo": "home-manager", - "rev": "bb35f07cc95a73aacbaf1f7f46bb8a3f40f265b5", + "rev": "384786dc70c4992643f916c7e57f378714fec4f1", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1766070988, - "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=", + "lastModified": 1769170682, + "narHash": "sha256-oMmN1lVQU0F0W2k6OI3bgdzp2YOHWYUAw79qzDSjenU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8", + "rev": "c5296fdd05cfa2c187990dd909864da9658df755", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1766242030, - "narHash": "sha256-GdaKIZrzm4fbFf9jBVmeQFZTwYPxUlSTZrSId/JNMAU=", + "lastModified": 1769444957, + "narHash": "sha256-2VIGLo/Xj7v+ZZqR/k2uoaZ75vpYB1FLa2UAW5ZhIK8=", "owner": "nix-community", "repo": "NUR", - "rev": "30006228925f07c5c2a270bb95dc8da35d9942dc", + "rev": "9183819b926f1f58e8af86e86f28cc7d1e87698f", "type": "github" }, "original": { From 96a76f8c7f3811af06438b848bd266f013249e91 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 20 Jan 2026 11:41:38 +0000 Subject: [PATCH 352/362] home: vim: tree-sitter: migrate textobjects config This uses the new configuration format. I might DRY it up at some point in the future, though I probably won't. --- .../home/vim/plugin/settings/tree-sitter.lua | 105 +++++++++++------- 1 file changed, 64 insertions(+), 41 deletions(-) diff --git a/modules/home/vim/plugin/settings/tree-sitter.lua b/modules/home/vim/plugin/settings/tree-sitter.lua index d5fff465..cbb0d455 100644 --- a/modules/home/vim/plugin/settings/tree-sitter.lua +++ b/modules/home/vim/plugin/settings/tree-sitter.lua @@ -1,4 +1,58 @@ local ts_config = require("nvim-treesitter.configs") +local ts_select = require("nvim-treesitter-textobjects.select") +local ts_move = require("nvim-treesitter-textobjects.move") +local utils = require("ambroisie.utils") +local wk = require("which-key") + +local function select_textobject(query) + return utils.partial(ts_select.select_textobject, query) +end + +local function goto_next_start(query) + return utils.partial(ts_move.goto_next_start, query) +end +local function goto_next_end(query) + return utils.partial(ts_move.goto_next_end, query) +end +local function goto_previous_start(query) + return utils.partial(ts_move.goto_previous_start, query) +end +local function goto_previous_end(query) + return utils.partial(ts_move.goto_previous_end, query) +end + +local objects = { + mode = { "x", "o" }, + { "aa", select_textobject("@parameter.outer"), desc = "a parameter" }, + { "ia", select_textobject("@parameter.inner"), desc = "inner parameter" }, + { "ab", select_textobject("@block.outer"), desc = "a block" }, + { "ib", select_textobject("@block.inner"), desc = "inner block" }, + { "ac", select_textobject("@class.outer"), desc = "a class" }, + { "ic", select_textobject("@class.inner"), desc = "inner class" }, + { "af", select_textobject("@function.outer"), desc = "a function" }, + { "if", select_textobject("@function.inner"), desc = "inner function" }, + { "ak", select_textobject("@comment.outer"), desc = "a comment" }, + { "aS", select_textobject("@statement.outer"), desc = "a statement" }, +} +local moves = { + mode = { "n", "x", "o" }, + -- Next start + { "]m", goto_next_start("@function.outer"), desc = "Next method start" }, + { "]S", goto_next_start("@statement.outer"), desc = "Next statement start" }, + { "]]", goto_next_start("@class.outer"), desc = "Next class start" }, + -- Next end + { "]M", goto_next_end("@function.outer"), desc = "Next method end" }, + { "][", goto_next_end("@class.outer"), desc = "Next class end" }, + -- Previous start + { "[m", goto_previous_start("@function.outer"), desc = "Previous method start" }, + { "[S", goto_previous_start("@statement.outer"), desc = "Previous statement start" }, + { "[[", goto_previous_start("@class.outer"), desc = "Previous class start" }, + -- Previous end + { "[M", goto_previous_end("@function.outer"), desc = "Previous method end" }, + { "[]", goto_previous_end("@class.outer"), desc = "Previous class end" }, +} +wk.add(objects) +wk.add(moves) ts_config.setup({ highlight = { @@ -9,46 +63,15 @@ ts_config.setup({ indent = { enable = true, }, - textobjects = { - select = { - enable = true, - -- Jump to matching text objects - lookahead = true, - keymaps = { - ["aa"] = { query = "@parameter.outer", desc = "a parameter" }, - ["ia"] = { query = "@parameter.inner", desc = "inner parameter" }, - ["ab"] = { query = "@block.outer", desc = "a block" }, - ["ib"] = { query = "@block.inner", desc = "inner block" }, - ["ac"] = { query = "@class.outer", desc = "a class" }, - ["ic"] = { query = "@class.inner", desc = "inner class" }, - ["af"] = { query = "@function.outer", desc = "a function" }, - ["if"] = { query = "@function.inner", desc = "inner function" }, - ["ak"] = { query = "@comment.outer", desc = "a comment" }, - ["aS"] = { query = "@statement.outer", desc = "a statement" }, - }, - }, - move = { - enable = true, - -- Add to jump list - set_jumps = true, - goto_next_start = { - ["]m"] = { query = "@function.outer", desc = "Next method start" }, - ["]S"] = { query = "@statement.outer", desc = "Next statement start" }, - ["]]"] = { query = "@class.outer", desc = "Next class start" }, - }, - goto_next_end = { - ["]M"] = { query = "@function.outer", desc = "Next method end" }, - ["]["] = { query = "@class.outer", desc = "Next class end" }, - }, - goto_previous_start = { - ["[m"] = { query = "@function.outer", desc = "Previous method start" }, - ["[S"] = { query = "@statement.outer", desc = "Previous statement start" }, - ["[["] = { query = "@class.outer", desc = "Previous class start" }, - }, - goto_previous_end = { - ["[M"] = { query = "@function.outer", desc = "Previous method end" }, - ["[]"] = { query = "@class.outer", desc = "Previous class end" }, - }, - }, +}) + +require("nvim-treesitter-textobjects").setup({ + select = { + -- Jump to matching text objects + lookahead = true, + }, + move = { + -- Add to jump list + set_jumps = true, }, }) From 635fddc3388c4b2883bed382062ee8a5847a8dd7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 20 Jan 2026 12:26:37 +0000 Subject: [PATCH 353/362] home: vim: migrate to new 'nvim-treesitter' --- modules/home/vim/default.nix | 4 +- .../home/vim/plugin/settings/tree-sitter.lua | 42 +++++++++++++------ 2 files changed, 32 insertions(+), 14 deletions(-) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 726d4870..930a853a 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -60,8 +60,8 @@ in nvim-lspconfig # Easy LSP configuration lsp-format-nvim # Simplified formatting configuration none-ls-nvim # LSP integration for linters and formatters - nvim-treesitter-legacy.withAllGrammars # Better highlighting - nvim-treesitter-textobjects-legacy # More textobjects + nvim-treesitter.withAllGrammars # Better highlighting + nvim-treesitter-textobjects # More textobjects plenary-nvim # 'null-ls', 'telescope' dependency # Completion diff --git a/modules/home/vim/plugin/settings/tree-sitter.lua b/modules/home/vim/plugin/settings/tree-sitter.lua index cbb0d455..2958c2a9 100644 --- a/modules/home/vim/plugin/settings/tree-sitter.lua +++ b/modules/home/vim/plugin/settings/tree-sitter.lua @@ -1,4 +1,4 @@ -local ts_config = require("nvim-treesitter.configs") +local treesitter = require("nvim-treesitter") local ts_select = require("nvim-treesitter-textobjects.select") local ts_move = require("nvim-treesitter-textobjects.move") local utils = require("ambroisie.utils") @@ -54,17 +54,6 @@ local moves = { wk.add(objects) wk.add(moves) -ts_config.setup({ - highlight = { - enable = true, - -- Avoid duplicate highlighting - additional_vim_regex_highlighting = false, - }, - indent = { - enable = true, - }, -}) - require("nvim-treesitter-textobjects").setup({ select = { -- Jump to matching text objects @@ -75,3 +64,32 @@ require("nvim-treesitter-textobjects").setup({ set_jumps = true, }, }) + +-- Automatically setup treesitter for supported filetypes +local function treesitter_try_attach(buf, language) + -- Try to load language + -- NOTE: the best way I found to check if a filetype has a grammar + if not vim.treesitter.language.add(language) then + return false + end + + -- Syntax highlighting + vim.treesitter.start(buf, language) + -- Indentation + vim.bo.indentexpr = "v:lua.require('nvim-treesitter').indentexpr()" + + return true +end + +vim.api.nvim_create_autocmd("FileType", { + pattern = "*", + group = vim.api.nvim_create_augroup("treesitter_attach", { clear = true }), + callback = function(args) + local buf, filetype = args.buf, args.match + local language = vim.treesitter.language.get_lang(filetype) + if not language then + return + end + treesitter_try_attach(buf, language) + end, +}) From f3f0cb6a34eb339d0a60a064aef340e5415b50bf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 20 Jan 2026 12:27:26 +0000 Subject: [PATCH 354/362] overlays: remove 'nvim-treesitter-legacy-shim' With the migration complete, I do not need it anymore. This reverts commit bf260de243e55d02ae6be52678ccadc6ea77439b. --- .../nvim-treesitter-legacy-shim/default.nix | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 overlays/nvim-treesitter-legacy-shim/default.nix diff --git a/overlays/nvim-treesitter-legacy-shim/default.nix b/overlays/nvim-treesitter-legacy-shim/default.nix deleted file mode 100644 index d629f717..00000000 --- a/overlays/nvim-treesitter-legacy-shim/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -final: prev: -let - inherit (final) lib; - overrides = final: prev: - let - hasLegacyPackage = prev ? nvim-treesitter-legacy; - in - { - nvim-treesitter-textobjects-legacy = prev.nvim-treesitter-textobjects.overrideAttrs { - dependencies = [ final.nvim-treesitter-legacy ]; - }; - } // (lib.optionalAttrs (!hasLegacyPackage) { - nvim-treesitter-legacy = final.nvim-treesitter; - }); -in -{ - vimPlugins = prev.vimPlugins.extend (overrides); -} From bfd058da36a535ace178e66a3a9100b879e15b45 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 4 Feb 2026 20:39:05 +0000 Subject: [PATCH 355/362] home: vim: git: map hunk-navigation in more modes --- modules/home/vim/plugin/settings/git.lua | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua index fcae4252..2c4504dd 100644 --- a/modules/home/vim/plugin/settings/git.lua +++ b/modules/home/vim/plugin/settings/git.lua @@ -33,10 +33,6 @@ gitsigns.setup({ }) local keys = { - -- Navigation - { "[c", utils.partial(nav_hunk, "prev"), desc = "Previous hunk/diff" }, - { "]c", utils.partial(nav_hunk, "next"), desc = "Next hunk/diff" }, - -- Commands { "g", group = "Git" }, { "gb", gitsigns.toggle_current_line_blame, desc = "Toggle blame virtual text" }, { "gd", gitsigns.diffthis, desc = "Diff buffer" }, @@ -55,6 +51,12 @@ local keys = { { "g]", utils.partial(gitsigns.nav_hunk, "next"), desc = "Next hunk" }, } +local moves = { + mode = { "n", "x", "o" }, + { "[c", utils.partial(nav_hunk, "prev"), desc = "Previous hunk/diff" }, + { "]c", utils.partial(nav_hunk, "next"), desc = "Next hunk/diff" }, +} + local objects = { mode = "o", { "ih", gitsigns.select_hunk, desc = "git hunk" }, @@ -71,5 +73,6 @@ local visual = { } wk.add(keys) +wk.add(moves) wk.add(objects) wk.add(visual) From 89db8883e961a417f6a6c78fc3c7b3ad4794ffb8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 10 Feb 2026 14:53:14 +0000 Subject: [PATCH 356/362] flake: bump inputs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 3f7a9b57..dad55a08 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1762618334, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1770165109, + "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", "owner": "ryantm", "repo": "agenix", - "rev": "fcdea223397448d35d9b31f798479227e80183f6", + "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1769069492, - "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", + "lastModified": 1770726378, + "narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", + "rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1769442288, - "narHash": "sha256-p+Xqr+P22TYW2RqbwccSd4UlUDEwl7PnoW3qiH8wVoE=", + "lastModified": 1770654520, + "narHash": "sha256-mg5WZMIPGsFu9MxSrUcuJUPMbfMsF77el5yb/7rc10k=", "owner": "nix-community", "repo": "home-manager", - "rev": "384786dc70c4992643f916c7e57f378714fec4f1", + "rev": "6c4fdbe1ad198fac36c320fd45c5957324a80b8e", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1769170682, - "narHash": "sha256-oMmN1lVQU0F0W2k6OI3bgdzp2YOHWYUAw79qzDSjenU=", + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c5296fdd05cfa2c187990dd909864da9658df755", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1769444957, - "narHash": "sha256-2VIGLo/Xj7v+ZZqR/k2uoaZ75vpYB1FLa2UAW5ZhIK8=", + "lastModified": 1770732881, + "narHash": "sha256-yGkibRit67Pz1uo1Kk55kZBHQq90K3gc0N762JGW/uQ=", "owner": "nix-community", "repo": "NUR", - "rev": "9183819b926f1f58e8af86e86f28cc7d1e87698f", + "rev": "06490c1287ab62a8c5075c440fd3e247913bc29c", "type": "github" }, "original": { From f2ae223c665968d94c573c3a6eb37b7d19513e2d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 19 Feb 2026 15:01:11 +0100 Subject: [PATCH 357/362] nixos: services: sabnzbd: fix deprecated config I want to have _some_ settings set outside my NixOS configuration, so keep the config-file writable. --- modules/nixos/services/sabnzbd/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos/services/sabnzbd/default.nix b/modules/nixos/services/sabnzbd/default.nix index 9e0d9c3c..6c9eadd4 100644 --- a/modules/nixos/services/sabnzbd/default.nix +++ b/modules/nixos/services/sabnzbd/default.nix @@ -13,6 +13,11 @@ in services.sabnzbd = { enable = true; group = "media"; + + # Don't warn about the config file + configFile = null; + # I want to configure servers outside of Nix + allowConfigWrite = true; }; # Set-up media group From c8f9e002f62e770be83d9af56a58f176b92a7474 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 19 Feb 2026 15:08:09 +0100 Subject: [PATCH 358/362] nixos: services: sabnzbd: add 'port' option --- modules/nixos/services/sabnzbd/default.nix | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/modules/nixos/services/sabnzbd/default.nix b/modules/nixos/services/sabnzbd/default.nix index 6c9eadd4..37ba96cf 100644 --- a/modules/nixos/services/sabnzbd/default.nix +++ b/modules/nixos/services/sabnzbd/default.nix @@ -2,11 +2,17 @@ { config, lib, ... }: let cfg = config.my.services.sabnzbd; - port = 9090; # NOTE: not declaratively set... in { options.my.services.sabnzbd = with lib; { enable = mkEnableOption "SABnzbd binary news reader"; + + port = mkOption { + type = types.port; + default = 9090; + example = 4242; + description = "The port on which SABnzbd will listen for incoming HTTP traffic"; + }; }; config = lib.mkIf cfg.enable { @@ -18,6 +24,13 @@ in configFile = null; # I want to configure servers outside of Nix allowConfigWrite = true; + + settings = { + misc = { + host = "127.0.0.1"; + inherit (cfg) port; + }; + }; }; # Set-up media group @@ -25,7 +38,7 @@ in my.services.nginx.virtualHosts = { sabnzbd = { - inherit port; + inherit (cfg) port; }; }; From 72efb0c7eae9a14c26e702dbca0ebbd1c2822f46 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 19 Feb 2026 19:46:25 +0100 Subject: [PATCH 359/362] hosts: nixos: porthos: secrets: update cross-seed --- .../servarr/cross-seed/configuration.json.age | Bin 2031 -> 3119 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age index 94fdf975d6418d394c62c42e572374b24865a776..b8cbe6aa7d2a5491342a62798ddaf2830e28cb7d 100644 GIT binary patch literal 3119 zcmdM|0Vh{?Pd^1mcUJ{hKj)yxfDl&~1vgJ0SCE`8S7dlfj!$@4X{522X|hL9L6VV4 zX_B#5o{w>4g>$BXwx@?*Rid+DPLzwMp-OH&<9-en~*4 zV_9IZMXqOvUzksLN@Y~ITUAuBlY5Yhle>?BVRnjRfvaz5SW%!+L2;r-RAo?zt4Xql zpGjbdV-Z(KXoX==M7B||L5Znzra_5Mu#<6!YlVAiXhu$CZct%VmXk?{tEEY>foEl4 zR*+eUhm(PCSb<4WZlqyUSX4Pza70d4Vor){RJd!obDn=nx{p&~aaOo*qH9ukKuVTx zS&+YTsk2*-c6OCtu5)T~Sa7OqQktc4X^xY5ScS0xSBQaIu4h(?QDT{EmU*#LzF$&F zgjryfTe4GXNI+#)xuJP}xItucQeIhEd0s_TQKoU3Pqt@?aa3-lQJHH}6<3%~cy3u} zNUm=|Xr@7#v2UJtYGuB!qq(_rV5woEuZdrIgppa9g{5z)pMjZMnqx(%f0RL>WoB4# zp@mn7vpH94P)bCEi+)yEs=Gl+s)2imXHjLienqfvxNnhTx<__qS)zZYk8w$fzn^Pb zs+)gRx{FgmQCg6pdzDF6K#4O~s#!sPqQGkVa zx?8weR(eIMcCN8ux^G&Ek#}-tRElGGg?~zAW@Je=m#KbYak-8G`MU_jAi*sg{Z)kCGgpsFVnv+v@nP-8MK~RuIQGiRXV`gSqrSdNg}G~JQese$QL0OTb5%q{u6u5}iK&rKqJ@E@V?ddav4>-% zuSIEbkh6JGWp-3Rva6$`Q${dXXh2Y)nR9rirKMTAX;EIWk+HrNB*v8#c5Rhf&nMXp(ZVV-H2Wr(Azi>YHemqnR-g+*p+Mwv&UxuI{6XGy71 zl5<&TPHCc9Zc15rXnBT*w_k9ob7qlyNl3YweoA7bkBhc(Vpe)?nn$RsE0=q&Ur3N& zK%jx6p_xH;zPYQVsY_r+SxKRnsdGtjq<>;nezCt{R*F$@YN?N(YpPFPxtB#{lwXju zPfnnvxj$D~iEnmgK$2y8u47t7SxAzhvw?SBs7bm(VoEVRA)=f1;zgcVtnacThf8U~!^nVMJn1ct(a}aHyk+XK8U-SV@(6VUS6pX=t{$ zPobMhR+&$^n|psE>JyQ$Suws%eUwpRq}Ju9rcYQA$}#c#yeQ zkdaA5fssdXT6T7zwwHf$zF8udp=VB*c3MWMt-7Eq=$EKl!ZwmSCwJ5m!)$_T7jXncDbojwu_&> zS8kHNzh9VR zZ(e%2rC)eiSZ;AniMK^ST1i-{Q)ZyPqmPGippScGpj&8WqGM8Ev5%osK%jAjkF&nM ztC@F3XcU*Pxpt_FKv|hZZnAz>qJ?>&S!Iz|o@ID= zm`7@Wp_yTtOHp!GXi9`>5X|}eTc|c)#prLC;c4l&wd%90i za=C9-PD+|vhIg{NcWR!8MTL2oTc%5tTTw)wTS|pDmws`HtADC%kZEb5U!GY;Wnoxu zq`OZ*v2$g*Wtd5&i&vgca+G7fw~1G>ey~AmW`4R)k+XS3aA8tKMNnCmDVMKHSYp0e zu}Ni~Q<8U?xv#%LQDAXIpii!gr@LuNfwzmRez-+$XsEtVaax*pfTc@BuxDXWNp@wW zdq75!sUcT{VX~`!a=y2jc}hjTNvf~8QE_&8NU(2lP-%#vaiCdIq+yA9u6|^yhe@J) zvPr17yLNd{N_wfWS(#66WQrwMnTw};Zl$w_c7bQEN1}UJx>2E@Yg&q9nWtx{yPv;F zqL+tfaDaZLc4b*cqNRCKZbW)mo{^z`sCjZlzIkNZo^ye7VNr>bQ+8gMGnbJ;ib+aV zSaMKSP^G?kp=XLmwn1TLfoW<=R+vjwdPJzVsj0JLxvNR0ab-|xMOaW`MwyFafJ;=7 zep+E}l^IutepX77WsY~4Pfl2hw_$2#mRD7zNxFAoUXizxmtj;%g@>cIk6*rTd8tL3 zep;njWu#A1L{+(gv0FufZ$OPwpT@Po_ShYP^h_UK%$p-M5Tp$ zZgx^wYEfcUNKj#vzf+ijexNs3m04v(iA#2tsb#pCe~NLQwtMuvxx zXL_o3WMyJvfK!o2KxSg1d#P(kae;H1b67~Ji)TeTmr+1LRJvJ~cZgGzV^FG}xl?MW zqqbR!p>}48e||=Wd1zH$W=V;0URtt#x?8YIrn7Hlc2QBNcc{63Nl{6NK37h7fnj#2 ztG}07kWZpxSV>BvL5ORJS4d!yiBpzOh^c=`xud(KOL3A{m1BresBw_9OOB_hOJzW+ zg-4*dTRxYwi(6(+q_&q?YJOUXTWLm^o2Pqvj%!*;Nvg4NWK?cdXjze0a=D9#c6g~z dsE?UZRiv?{u}hM_qpd9$xWVu0=Yq2@004Qv`|1Dy literal 2031 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSn_Ri1BO;<=S&$J9m zF108%Ez1fnwba%(@lP*Gv8;3pa4ITEa}G-n@GUjXG)>PAwBQQ!PmHukbu};XDaucD z&U7>_!m*q%D~GW!PCyAa=HPkhbXbVF37 zN?-GNd`T7B8omGaZol8#dRXti*uqeG!fCfmmqMUWnFOQqq01_JHaw2M5yI+fsQ&KG z^;1^+T2(5`xDBq(c%ySg^gw&a54{aGOE*~S$ZlM|vHfpUz?$5OLj{h9cDS1#y}xO_ zLPheMIX_=qX;-rfjCyCRvpJq=XT{o&)(+vvofO2`r&=CZ6xenuR)21d!&L7bdTYc= zLRawg?K)6*U0Zi?g3M&+hfDH4MY%GZyIb|5$M(Tg$;?inturkgj$Cn?HA&oN&q>*d z%j-_D9KL^(xx`Y#*#2;2Tk};p!Goa_9{fFLEF2WYr!0H+-AYr=0EGqj?(Yt>XF4Ff z^LVF#gTiOoH``>~kGU?fZ0Fs&n^Sp(WrX3ecA=sr@0}U6uieeCGqGRlZ+^IFKd}_&m#(Kht>q1$~?7h-IrI~ z%&SkOu>6!LUVgh?F8FEI=G%@PI}5)Uy%oJEr}TA>qx1J0-VF19e_!)T&sBKVYnCf! z4xgQhp43*i%AVLbk6%ss>E8Mb%VV|*_Ay&O{MwMDdso1tQGxeEs(${@4C$FKk1JnW_UhKtZ6`fU&L^<*s@-@}=JhGRYfj>0seJ3L z^O_GVl5Dh`xkg?fr}R*Azs36*^81y}9hB_OQBsm(E^y_L5lNqv6;$YP^qr-wh3fOD zjaCnf+*_Wh?f$f8*WIT<-`&ool<`Wgm|XZ^*~-gj&-*O;Qghv`FN-(z)9m+-N8U&B zt995tZ}WQJ!d{XqWODsp%)2YE<82OpU9&KK|6QfDErO-qO~%1Gk6I?5zu&y>{Krp^ zYOAE;vgbNgC`^C;YY|tS&GxU;)`;D#QDsfsZl6C({NUrz;_B1_=fy5LIdQ+W=JsBW z%nm*x^*YF&WF4f%bacs3anas8oq8>zcl;?xnIWXIFk_~9f7XTzT-QA}J@4i3{Bbctb2ra0Y`ZMgewZzp!SLVqDv#rWyUy*%TIj5Qnnm;M#5Gp- zmRl7U{A>*SH1FD@)^*WG1LnWCJ9Sic8N-wKz2|HN1Q_fC&CX~vUh$gZ{d0+wzq$IJ z&Gu*ZPwGFgcfQG#*o%3*4cxwNP6wU6UDm$2{)WHjNBfg}f91z=>nEK5wmQG|*T%vp zugUpj5qt5jvDxYAG8`$p`}cS0uK8!4wBd<@xa5ov-@>x` z4YxeF|KPXg(WwiqZH=k|s~OU!>h#QKwp+$GFD?D!my!U6gBn}j3M?G5IK4cBmr8yEjszWJTf zp1W!cj|^YLd89JDQEszyTYUQNp5XT0Nv|6oOkb2T!}#*+l9x$$F8u1*eEf3cUF%C4 zK`Ylzw45Bhf9}s-jdQ1puDPiMsW0iazjEVWY436#4iUuytqpbFRcg%T-vqDc6s{=g z4Jk}MwrrQLDd(G*jh+&7GI&|bm=9iYX7k+?#ah`e5XX1^e8pw$L(jEi&2pb)PMa+i zFva=c(QQUn47`Oi_WNAlX{^l28dhHW(0{s6O$>+bT+YbNvq~3Q>UY;AW&R7x@b Date: Wed, 18 Feb 2026 11:18:41 +0000 Subject: [PATCH 360/362] pkgs: i3-get-window-criteria: fix 'xorg' packages The `xorg` namespace is about to be removed in my next bump, so let's pro-actively remove them now. --- pkgs/i3-get-window-criteria/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/i3-get-window-criteria/default.nix b/pkgs/i3-get-window-criteria/default.nix index 2fc840dc..cba51944 100644 --- a/pkgs/i3-get-window-criteria/default.nix +++ b/pkgs/i3-get-window-criteria/default.nix @@ -1,4 +1,4 @@ -{ lib, coreutils, gnused, makeWrapper, stdenvNoCC, xorg }: +{ lib, coreutils, gnused, makeWrapper, stdenvNoCC, xprop, xwininfo }: stdenvNoCC.mkDerivation rec { pname = "i3-get-window-criteria"; version = "0.1.0"; @@ -22,8 +22,8 @@ stdenvNoCC.mkDerivation rec { wrapperPath = lib.makeBinPath [ coreutils gnused - xorg.xprop - xorg.xwininfo + xprop + xwininfo ]; fixupPhase = '' From 4704b34db3e248abab508f0f8c2b5c6f45a26549 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 19 Feb 2026 21:40:35 +0100 Subject: [PATCH 361/362] overlays: downgrade-transmission: add derivation I need to vendor the full derivation definition, as upstream diverges further and further away from 4.0.5. On the next bump, the packaging for 4.1.0 starts becoming sufficiently different to break my overlay. --- overlays/downgrade-transmission/default.nix | 17 +- .../downgrade-transmission/transmission_4.nix | 232 ++++++++++++++++++ 2 files changed, 237 insertions(+), 12 deletions(-) create mode 100644 overlays/downgrade-transmission/transmission_4.nix diff --git a/overlays/downgrade-transmission/default.nix b/overlays/downgrade-transmission/default.nix index 9d3fc8ae..9fc6d140 100644 --- a/overlays/downgrade-transmission/default.nix +++ b/overlays/downgrade-transmission/default.nix @@ -1,14 +1,7 @@ -self: prev: +self: _prev: { - transmission_4 = prev.transmission_4.overrideAttrs (_: { - version = "4.0.5"; - - src = self.fetchFromGitHub { - owner = "transmission"; - repo = "transmission"; - rev = "4.0.5"; - hash = "sha256-gd1LGAhMuSyC/19wxkoE2mqVozjGPfupIPGojKY0Hn4="; - fetchSubmodules = true; - }; - }); + transmission_4 = self.callPackage ./transmission_4.nix { + fmt = self.fmt_9; + libutp = self.libutp_3_4; + }; } diff --git a/overlays/downgrade-transmission/transmission_4.nix b/overlays/downgrade-transmission/transmission_4.nix new file mode 100644 index 00000000..a49f6b9b --- /dev/null +++ b/overlays/downgrade-transmission/transmission_4.nix @@ -0,0 +1,232 @@ +{ stdenv +, lib +, fetchFromGitHub +, fetchpatch2 +, cmake +, pkg-config +, python3 +, openssl +, curl +, libevent +, inotify-tools +, systemd +, zlib +, pcre +, libb64 +, libutp +, libdeflate +, utf8cpp +, fast-float +, fmt +, libpsl +, miniupnpc +, dht +, libnatpmp +, # Build options + enableGTK3 ? false +, gtkmm3 +, libpthread-stubs +, wrapGAppsHook3 +, enableQt5 ? false +, enableQt6 ? false +, qt5 +, qt6Packages +, nixosTests +, enableSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd +, enableDaemon ? true +, enableCli ? true +, installLib ? false +, apparmorRulesFromClosure +}: + +let + inherit (lib) cmakeBool optionals; + + apparmorRules = apparmorRulesFromClosure { name = "transmission-daemon"; } ( + [ + curl + libdeflate + libevent + libnatpmp + libpsl + miniupnpc + openssl + pcre + zlib + ] + ++ optionals enableSystemd [ systemd ] + ++ optionals stdenv.hostPlatform.isLinux [ inotify-tools ] + ); + +in +stdenv.mkDerivation (finalAttrs: { + pname = "transmission"; + version = "4.0.5"; + + src = fetchFromGitHub { + owner = "transmission"; + repo = "transmission"; + rev = finalAttrs.version; + hash = "sha256-gd1LGAhMuSyC/19wxkoE2mqVozjGPfupIPGojKY0Hn4="; + fetchSubmodules = true; + }; + + patches = [ + (fetchpatch2 { + url = "https://github.com/transmission/transmission/commit/febfe49ca3ecab1a7142ecb34012c1f0b2bcdee8.patch?full_index=1"; + hash = "sha256-Ge0+AXf/ilfMieGBAdvvImY7JOb0gGIdeKprC37AROs="; + excludes = [ + # The submodule that we don't use (we use our miniupnp) + "third-party/miniupnp" + # Hunk fails for this one, but we don't care because we don't rely upon + # xcode definitions even for the Darwin build. + "Transmission.xcodeproj/project.pbxproj" + ]; + }) + ]; + + outputs = [ + "out" + "apparmor" + ]; + + cmakeFlags = [ + (cmakeBool "ENABLE_CLI" enableCli) + (cmakeBool "ENABLE_DAEMON" enableDaemon) + (cmakeBool "ENABLE_GTK" enableGTK3) + (cmakeBool "ENABLE_MAC" false) # requires xcodebuild + (cmakeBool "ENABLE_QT" (enableQt5 || enableQt6)) + (cmakeBool "INSTALL_LIB" installLib) + ] + ++ optionals stdenv.hostPlatform.isDarwin [ + # Transmission sets this to 10.13 if not explicitly specified, see https://github.com/transmission/transmission/blob/0be7091eb12f4eb55f6690f313ef70a66795ee72/CMakeLists.txt#L7-L16. + "-DCMAKE_OSX_DEPLOYMENT_TARGET=${stdenv.hostPlatform.darwinMinVersion}" + ]; + + postPatch = '' + # Clean third-party libraries to ensure system ones are used. + # Excluding gtest since it is hardcoded to vendored version. The rest of the listed libraries are not packaged. + pushd third-party + for f in *; do + if [[ ! $f =~ googletest|wildmat|wide-integer|jsonsl ]]; then + rm -r "$f" + fi + done + popd + rm \ + cmake/FindFastFloat.cmake \ + cmake/FindFmt.cmake \ + cmake/FindUtfCpp.cmake + # Upstream uses different config file name. + substituteInPlace CMakeLists.txt --replace 'find_package(UtfCpp)' 'find_package(utf8cpp)' + + # Use gettext even on Darwin + substituteInPlace libtransmission/utils.h \ + --replace-fail '#if defined(HAVE_GETTEXT) && !defined(__APPLE__)' '#if defined(HAVE_GETTEXT)' + ''; + + nativeBuildInputs = [ + pkg-config + cmake + python3 + ] + ++ optionals enableGTK3 [ wrapGAppsHook3 ] + ++ optionals enableQt5 [ qt5.wrapQtAppsHook ] + ++ optionals enableQt6 [ qt6Packages.wrapQtAppsHook ]; + + buildInputs = [ + curl + dht + fast-float + fmt + libb64 + libdeflate + libevent + libnatpmp + libpsl + libutp + miniupnpc + openssl + pcre + utf8cpp + zlib + ] + ++ optionals enableQt5 ( + with qt5; + [ + qttools + qtbase + ] + ) + ++ optionals enableQt6 ( + with qt6Packages; + [ + qttools + qtbase + qtsvg + ] + ) + ++ optionals enableGTK3 [ + gtkmm3 + libpthread-stubs + ] + ++ optionals enableSystemd [ systemd ] + ++ optionals stdenv.hostPlatform.isLinux [ inotify-tools ]; + + postInstall = '' + mkdir $apparmor + cat >$apparmor/bin.transmission-daemon <, + include + profile $out/bin/transmission-daemon { + include + include + include + include "${apparmorRules}" + @{PROC}/sys/kernel/random/uuid r, + @{PROC}/sys/vm/overcommit_memory r, + @{PROC}/@{pid}/environ r, + @{PROC}/@{pid}/mounts r, + /tmp/tr_session_id_* rwk, + + $out/share/transmission/public_html/** r, + + include if exists + } + EOF + install -Dm0444 -t $out/share/icons ../qt/icons/transmission.svg + ''; + + passthru.tests = { + apparmor = nixosTests.transmission_4; # starts the service with apparmor enabled + smoke-test = nixosTests.bittorrent; + }; + + meta = { + description = "Fast, easy and free BitTorrent client"; + mainProgram = + if (enableQt5 || enableQt6) then + "transmission-qt" + else if enableGTK3 then + "transmission-gtk" + else + "transmission-cli"; + longDescription = '' + Transmission is a BitTorrent client which features a simple interface + on top of a cross-platform back-end. + Feature spotlight: + * Uses fewer resources than other clients + * Native Mac, GTK and Qt GUI clients + * Daemon ideal for servers, embedded systems, and headless use + * All these can be remote controlled by Web and Terminal clients + * Bluetack (PeerGuardian) blocklists with automatic updates + * Full encryption, DHT, and PEX support + ''; + homepage = "https://www.transmissionbt.com/"; + license = with lib.licenses; [ + gpl2Plus + mit + ]; + platforms = lib.platforms.unix; + }; +}) From 89bd3aa428ab9bb37c61f2fa0e75c755b37bc3c3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 19 Feb 2026 15:21:56 +0100 Subject: [PATCH 362/362] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index dad55a08..1f7bb189 100644 --- a/flake.lock +++ b/flake.lock @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1770654520, - "narHash": "sha256-mg5WZMIPGsFu9MxSrUcuJUPMbfMsF77el5yb/7rc10k=", + "lastModified": 1771505064, + "narHash": "sha256-lh9rF+C/nKFyWAqbHIa6tK9L/6N0UaQg7zw15aP4jBM=", "owner": "nix-community", "repo": "home-manager", - "rev": "6c4fdbe1ad198fac36c320fd45c5957324a80b8e", + "rev": "a0a01d8811fd5e99e003078ed64a0e7b531545dd", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1770562336, - "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", + "lastModified": 1771369470, + "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", + "rev": "0182a361324364ae3f436a63005877674cf45efb", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1770732881, - "narHash": "sha256-yGkibRit67Pz1uo1Kk55kZBHQq90K3gc0N762JGW/uQ=", + "lastModified": 1771506707, + "narHash": "sha256-R9oBi0EPsWN4bHfYgcyiSzx31/Fkgg3IHubf30II7Ow=", "owner": "nix-community", "repo": "NUR", - "rev": "06490c1287ab62a8c5075c440fd3e247913bc29c", + "rev": "30ad144e51a0ae8b47aa84c1139e84fc278d6e86", "type": "github" }, "original": {