diff --git a/flake.lock b/flake.lock index 1f7bb189..a2d931a0 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1770165109, - "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", + "lastModified": 1736955230, + "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", "owner": "ryantm", "repo": "agenix", - "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", + "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", "type": "github" }, "original": { @@ -36,11 +36,11 @@ ] }, "locked": { - "lastModified": 1744478979, - "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "type": "github" }, "original": { @@ -53,15 +53,15 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "NixOS", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "edolstra", "repo": "flake-compat", "type": "github" } @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", "type": "github" }, "original": { @@ -108,33 +108,10 @@ "type": "github" } }, - "git-hooks": { - "inputs": { - "flake-compat": "flake-compat", - "gitignore": "gitignore", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1770726378, - "narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae", - "type": "github" - }, - "original": { - "owner": "cachix", - "ref": "master", - "repo": "git-hooks.nix", - "type": "github" - } - }, "gitignore": { "inputs": { "nixpkgs": [ - "git-hooks", + "pre-commit-hooks", "nixpkgs" ] }, @@ -159,11 +136,11 @@ ] }, "locked": { - "lastModified": 1771505064, - "narHash": "sha256-lh9rF+C/nKFyWAqbHIa6tK9L/6N0UaQg7zw15aP4jBM=", + "lastModified": 1743607567, + "narHash": "sha256-kTzKPDFmNzwO1cK4fiJgPB/iSw7HgBAmknRTeAPJAeI=", "owner": "nix-community", "repo": "home-manager", - "rev": "a0a01d8811fd5e99e003078ed64a0e7b531545dd", + "rev": "49748c74cdbae03d70381f150b810f92617f23aa", "type": "github" }, "original": { @@ -175,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1771369470, - "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=", + "lastModified": 1743448293, + "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0182a361324364ae3f436a63005877674cf45efb", + "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3", "type": "github" }, "original": { @@ -196,32 +173,56 @@ ], "nixpkgs": [ "nixpkgs" - ] + ], + "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1771506707, - "narHash": "sha256-R9oBi0EPsWN4bHfYgcyiSzx31/Fkgg3IHubf30II7Ow=", + "lastModified": 1741294988, + "narHash": "sha256-3408u6q615kVTb23WtDriHRmCBBpwX7iau6rvfipcu4=", "owner": "nix-community", "repo": "NUR", - "rev": "30ad144e51a0ae8b47aa84c1139e84fc278d6e86", + "rev": "b30c245e2c44c7352a27485bfd5bc483df660f0e", "type": "github" }, "original": { "owner": "nix-community", - "ref": "main", + "ref": "master", "repo": "NUR", "type": "github" } }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "master", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", "flake-parts": "flake-parts", "futils": "futils", - "git-hooks": "git-hooks", "home-manager": "home-manager", "nixpkgs": "nixpkgs", "nur": "nur", + "pre-commit-hooks": "pre-commit-hooks", "systems": "systems" } }, @@ -240,6 +241,27 @@ "repo": "default", "type": "github" } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733222881, + "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "49717b5af6f80172275d47a418c9719a31a78b53", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 0bdd180e..afd3c805 100644 --- a/flake.nix +++ b/flake.nix @@ -54,17 +54,17 @@ type = "github"; owner = "nix-community"; repo = "NUR"; - ref = "main"; + ref = "master"; inputs = { flake-parts.follows = "flake-parts"; nixpkgs.follows = "nixpkgs"; }; }; - git-hooks = { + pre-commit-hooks = { type = "github"; owner = "cachix"; - repo = "git-hooks.nix"; + repo = "pre-commit-hooks.nix"; ref = "master"; inputs = { nixpkgs.follows = "nixpkgs"; diff --git a/flake/checks.nix b/flake/checks.nix index 73e64d52..98e49bd5 100644 --- a/flake/checks.nix +++ b/flake/checks.nix @@ -1,7 +1,7 @@ { inputs, ... }: { imports = [ - inputs.git-hooks.flakeModule + inputs.pre-commit-hooks.flakeModule ]; perSystem = { ... }: { diff --git a/flake/home-manager.nix b/flake/home-manager.nix index 88a74e8f..add889eb 100644 --- a/flake/home-manager.nix +++ b/flake/home-manager.nix @@ -3,11 +3,6 @@ let defaultModules = [ # Include generic settings "${self}/modules/home" - { - nixpkgs.overlays = (lib.attrValues self.overlays) ++ [ - inputs.nur.overlays.default - ]; - } { # Basic user information defaults home.username = lib.mkDefault "ambroisie"; @@ -22,15 +17,22 @@ let ]; mkHome = name: system: inputs.home-manager.lib.homeManagerConfiguration { - pkgs = inputs.nixpkgs.legacyPackages.${system}; + # Work-around for home-manager + # * not letting me set `lib` as an extraSpecialArgs + # * not respecting `nixpkgs.overlays` [1] + # [1]: https://github.com/nix-community/home-manager/issues/2954 + pkgs = import inputs.nixpkgs { + inherit system; + + overlays = (lib.attrValues self.overlays) ++ [ + inputs.nur.overlays.default + ]; + }; modules = defaultModules ++ [ "${self}/hosts/homes/${name}" ]; - # Use my extended lib in NixOS configuration - inherit (self) lib; - extraSpecialArgs = { # Inject inputs to use them in global registry inherit inputs; diff --git a/flake/nixos.nix b/flake/nixos.nix index 0fbd3a6a..fa656dc0 100644 --- a/flake/nixos.nix +++ b/flake/nixos.nix @@ -3,7 +3,7 @@ let defaultModules = [ { # Let 'nixos-version --json' know about the Git revision - system.configurationRevision = self.rev or self.dirtyRev or "dirty"; + system.configurationRevision = self.rev or "dirty"; } { nixpkgs.overlays = (lib.attrValues self.overlays) ++ [ @@ -15,10 +15,8 @@ let ]; buildHost = name: system: lib.nixosSystem { + inherit system; modules = defaultModules ++ [ - { - nixpkgs.hostPlatform = system; - } "${self}/hosts/nixos/${name}" ]; specialArgs = { diff --git a/flake/overlays.nix b/flake/overlays.nix index c10afc33..0c47989d 100644 --- a/flake/overlays.nix +++ b/flake/overlays.nix @@ -1,4 +1,4 @@ -{ self, lib, ... }: +{ self, ... }: let default-overlays = import "${self}/overlays"; @@ -8,7 +8,7 @@ let # Expose my custom packages pkgs = _final: prev: { - ambroisie = lib.recurseIntoAttrs (import "${self}/pkgs" { pkgs = prev; }); + ambroisie = prev.recurseIntoAttrs (import "${self}/pkgs" { pkgs = prev; }); }; }; in diff --git a/hosts/homes/ambroisie@bazin/default.nix b/hosts/homes/ambroisie@bazin/default.nix index 365b70df..f52fbce5 100644 --- a/hosts/homes/ambroisie@bazin/default.nix +++ b/hosts/homes/ambroisie@bazin/default.nix @@ -4,20 +4,6 @@ services.gpg-agent.enable = lib.mkForce false; my.home = { - atuin = { - package = pkgs.stdenv.mkDerivation { - pname = "atuin"; - version = "18.4.0"; - - buildCommand = '' - mkdir -p $out/bin - ln -s /usr/bin/atuin $out/bin/atuin - ''; - - meta.mainProgram = "atuin"; - }; - }; - git = { package = pkgs.emptyDirectory; }; diff --git a/hosts/homes/ambroisie@mousqueton/default.nix b/hosts/homes/ambroisie@mousqueton/default.nix index 13836189..37884d79 100644 --- a/hosts/homes/ambroisie@mousqueton/default.nix +++ b/hosts/homes/ambroisie@mousqueton/default.nix @@ -7,20 +7,6 @@ services.gpg-agent.enable = lib.mkForce false; my.home = { - atuin = { - package = pkgs.stdenv.mkDerivation { - pname = "atuin"; - version = "18.4.0"; - - buildCommand = '' - mkdir -p $out/bin - ln -s /usr/bin/atuin $out/bin/atuin - ''; - - meta.mainProgram = "atuin"; - }; - }; - git = { package = pkgs.emptyDirectory; }; diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix index e8c99e41..64b63ce4 100644 --- a/hosts/nixos/aramis/home.nix +++ b/hosts/nixos/aramis/home.nix @@ -18,7 +18,9 @@ # Machine specific packages packages.additionalPackages = with pkgs; [ element-desktop # Matrix client + jellyfin-media-player # Wraps the webui and mpv together pavucontrol # Audio mixer GUI + transgui # Transmission remote ]; # Minimal video player mpv.enable = true; @@ -26,8 +28,6 @@ nm-applet.enable = true; # Terminal terminal.program = "alacritty"; - # Transmission remote - trgui.enable = true; # Zathura document viewer zathura.enable = true; }; diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index f1842b4c..68e90f2e 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -80,12 +80,18 @@ in "pyload/credentials.age".publicKeys = all; - "servarr/autobrr/session-secret.age".publicKeys = all; - "servarr/cross-seed/configuration.json.age".publicKeys = all; - - "sso/auth-key.age".publicKeys = all; - "sso/ambroisie/password-hash.age".publicKeys = all; - "sso/ambroisie/totp-secret.age".publicKeys = all; + "sso/auth-key.age" = { + owner = "nginx-sso"; + publicKeys = all; + }; + "sso/ambroisie/password-hash.age" = { + owner = "nginx-sso"; + publicKeys = all; + }; + "sso/ambroisie/totp-secret.age" = { + owner = "nginx-sso"; + publicKeys = all; + }; "tandoor-recipes/secret-key.age".publicKeys = all; diff --git a/hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age b/hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age deleted file mode 100644 index e98b94ad..00000000 --- a/hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 cKojmg bu09lB+fjaPP31cUQZP6EqSPuseucgNK7k9vAS08iS0 -+NGL+b2QD/qGo6hqHvosAXzHZtDvfodmPdcgnrKlD1o --> ssh-ed25519 jPowng QDCdRBGWhtdvvMCiDH52cZHz1/W7aomhTatZ4+9IKwI -Ou3jjV/O55G1CPgGS33l3eWhhYWrVdwVNPSiE14d5rE ---- q0ssmpG50OX1WaNSInc2hbtH3DbTwQGDU74VGEoMh94 -mCƑ'hK./Xu(g$'M{fK !MZoR՝͟;yb \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age deleted file mode 100644 index b8cbe6aa..00000000 --- a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age +++ /dev/null @@ -1,49 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGNLb2ptZyA2ZGpt -QmJ0Z0dnQWZPM2hTdVJ3ZEpXZlVqZlZEcTlUbVl5ZHh3M0o4OFJNCm5QcUVCRU45 -MENqbC84YmNreTdIYlJSRlIrQ2E4bVNVNXBJNVRvSDdXL1EKLT4gc3NoLWVkMjU1 -MTkgalBvd25nIGFCc0lOSXZLRUN1SEcwWHpQcjFBYk9pQXh1TFArb1dFMmUrc2F6 -ZWNNQTAKZFovdUcrWGx2TVB1S0lvdW1Eb29DbkpNRHpPVFlLWFlEZjVVdXVMaVVK -VQotPiAvQS8mITNVLWdyZWFzZSBGRDBGL01kdApEMUVrQ2psaHZyRTE4cHN4QTAr -TUx1RXk2S0t5Ci0tLSB3TExGeUhlYmRqZjB4TE94S0IyQjR6THB0MVp4bmY1ZVZw -SXljaldEZWEwCnOdgLBqsjWMaEbWPdjMvROCuCFl+kzNmCecVSeEbf93ulB7Vx30 -T0FmIjd2avEj7sBoNbtX6QzFcBeTPyjw17oW0Ycbnvvwnxzri3vLkIt3Zmy2vEbz -VLWmvUTmMpUi0v3MnKeyoMA77CQu1aM4NwX26v89MuN06FfAxUOZ0Q9iVSq8JTC7 -eRdXXD/jVeG0te0GTIryW/xSMWMrAgHkivaOiL3ttONEfeFOzgDBprfR1Gz4jPtC -e6poYGj+O98W4HN77tscR3uwMXJO2P8KgFW6jgxe+m31gMft2KciZdAWxOdyiYtk -5/aswA52SHBWEnrqkmhn2q5xzDlDCijMUssX2I1fBBkvIpB0RR8rPDmAiimli/4P -rPx4NeI9wSqjRYF5VC5hv7w+PQdzBFztElqM/IWW9K4vydrwTWNFdep/RLH+gM7w -vyxQzA//Dx7EUbaRR2eDPCzXXmGmg452La80AAPv23HAYM8usRC7bykZPcEAABhS -UPRQ6CWi996g5rns23/HZ2b3MNZyREo79MIXYU6oBxHD5Zl9JjzSLqFAddKVWU2w -tNFtsgQSmwkmNw3xatWwQdtbO6bMVTkVzd+a6DdiIa81GX60T9Xa6+fx1E+bpwXk -D084szcLkSHxd6J9mQzqIQ8W+1Vdj3lyoT9VT63YM2+JUYRIBNl0NpRetQYVXOKS -S5d6KMT4+TlCGzjbfnUlVAxvKres2m2xpRqkcfyK0zKtY8uszlg9eTauKRBdVDDI -z0azuXVKgWqgt/YvD0QjXOVgL58Nvjxr2ye3drTqsE0GzvD+8m6P1n5V9TAED5Ag -8vGx8iehvHq71MRItu2bCvUlua6mdvWUwhHKNSeCirGtTw6/daYLD+3ajgmfHUEE -GmNTRNPQ0A160ko7E95DQhvtqJ5CtsYOazosO1jd2SeuLNEeLnwJ8yZNRCLlQ97O -vtMkyPb9gmAfxvTb1C0KnU4g0aRwA/HRf+aXYavclxh1teR8WqcxhOaA7KYrqKRo -QsaIqXalWhhASUA4IusfVtz7qR4a5UkKLqF4jvLwFGxMKJxs7qBWoCZXa3iHedQ0 -OIbt9kh8Zlr1ZKZQ0ysulHQ7VeaBdtbbTmsiGmaxsoIrh2PgDA4c8sFS8DyiEDhJ -MUlushDfECznTjqLxZj4i5zW7hCOrMVfQQjr6w2e7RaydiFwdqAc7cGaY33MW/87 -XvzA8n5VGMyY/U2K6UL7dBPnTe5dFN34WmJ0f2dvdWR7JR24Xp2HsfkkQ+JOco6a -1IlV+fZaQvRyqLBxNxgOo8hVUTP0w1EqqTCqyzzLuk7IK2s2qk5thoa2YHKSZ84a -z1kJ9Ctfp1C+w5BkDN/Jmb/ONi6aw/+yxFR8+1l7VLyObAQT7eKKdFZRfPZc41Q0 -LzTg7CMngw9NWvVmsltK8PftVeBiQ/ALH3QLGYQFUiaAbQsL1BPQ3xLC//E6KhUZ -M7+iC4unfP5vs6XN2nui4X0LYPvv8mc/ja87Q6yrJn9WWVHeP161fDrcjUdXId5O -qEzvashKOqYeuk+F7PqwQ1ExkiczGgLrcwMjldfFhKcGKenH8x7VFiDZFrXnFdxK -/stEOeER5uqNn6hyqVmYGLPsCyg9V4yDJnLcZAoK4Jc/S0eiogLrC7XSqbxxRvj5 -MDVao6s4ynBbKv7MO0rQsXQLmDIG5dpKDE/W8mUU/LsffKP9DXSIqrtkyyGPhr51 -X1cE/coK67dxo4eM72skwTSMsRuT13Q6rY1t7m/YeH4aGc4UKG+wRdgu36vLmYd9 -vDIGmyCH+pImHaGVg2qNEfdAvIIUGNO4aJHISP/y+yvha97bmXgVn21/U7cxo7yp -V8KORv1nHCCmr55og3WSeo0J7/KFiaAfH6eAz0muK40jfKAlyohnCpCqrtBBknVC -20d4djVcRjRy/7qIdHk0qip5edjVDzgXUK55CAwE4i3yRuxVRahvDAPDZr/fqmz6 -h/jdb9lKVLlVdK1eijJzY4gKqnrKBJ1ZtxHA+LNoMwu8f/fy6yYLbXzw03FxpMhP -wg0S+Nzjrydacx4IsLhLNaJocvIWDxkTWPMjZQhB0T5lC/7L0TO5EfJk6RcKCRI9 -HFm2i4pZohtOSLE8xNgqYGbp6TK6gWPelmWt3tak+ITj7fcqmUIaUryVD0bE3shJ -3HCbBC/AIS7Dofz0bz6h2T7/QMb9fPHzxLc6TidVc8k5fQPmuMZy0JN9Awsqlwvh -iWU4YyPsUjgEGrid/raf0/YRR+JxSn7ffRU7EPaJKXy8GmkbVerazTRqZOBV0/QK -z6yXtDkj59W6Od3n+0HHjt1Bp6LDhhH2Ige+YyaaPBrHPiaaGuETspCfCVTuDIxg -2PpZg6jKTBZAReN7BeUA+6d1+itOohh7Uznitt3nfc/gFSDiCMykrrUKU7/trtT/ -lWp1kUEOJ6RLaAVtda0TETJTQr4BjLT5OtwAG9DsbJzAT2U3RCDlI5DyPe8HQ7Fo -CDFilY+J6eofTFuhVFIGglEftte33YZmzUvrJcwDH+WuLUL62zY393DbOA== ------END AGE ENCRYPTED FILE----- diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 96f15d38..ffd150a0 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -51,9 +51,9 @@ in passwordFile = secrets."forgejo/mail-password".path; }; }; - # Home inventory - homebox = { - enable = true; + # Meta-indexers + indexers = { + prowlarr.enable = true; }; # Jellyfin media server jellyfin.enable = true; @@ -144,24 +144,11 @@ in sabnzbd.enable = true; # The whole *arr software suite servarr = { - enableAll = true; - autobrr = { - sessionSecretFile = secrets."servarr/autobrr/session-secret".path; - }; - cross-seed = { - secretSettingsFile = secrets."servarr/cross-seed/configuration.json".path; - }; + enable = true; # ... But not Lidarr because I don't care for music that much lidarr = { enable = false; }; - # I only use Prowlarr nowadays - jackett = { - enable = false; - }; - nzbhydra = { - enable = false; - }; }; # Because I still need to play sysadmin ssh-server.enable = true; diff --git a/modules/home/atuin/default.nix b/modules/home/atuin/default.nix index 40d2b04d..3f062638 100644 --- a/modules/home/atuin/default.nix +++ b/modules/home/atuin/default.nix @@ -6,11 +6,8 @@ in options.my.home.atuin = with lib; { enable = my.mkDisableOption "atuin configuration"; + # I want the full experience by default package = mkPackageOption pkgs "atuin" { }; - - daemon = { - enable = my.mkDisableOption "atuin daemon"; - }; }; config = lib.mkIf cfg.enable { @@ -18,18 +15,12 @@ in enable = true; inherit (cfg) package; - daemon = lib.mkIf cfg.daemon.enable { - enable = true; - }; - flags = [ # I *despise* this hijacking of the up key, even though I use Ctrl-p "--disable-up-arrow" ]; settings = { - # Reasonable date format - dialect = "uk"; # The package is managed by Nix update_check = false; # I don't care for the fancy display diff --git a/modules/home/default.nix b/modules/home/default.nix index ad3b9791..c8183cfd 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -8,7 +8,6 @@ ./bluetooth ./calibre ./comma - ./delta ./dircolors ./direnv ./discord @@ -38,7 +37,6 @@ ./ssh ./terminal ./tmux - ./trgui ./udiskie ./vim ./wget @@ -52,6 +50,9 @@ # First sane reproducible version home.stateVersion = "20.09"; + # Who am I? + home.username = "ambroisie"; + # Start services automatically systemd.user.startServices = "sd-switch"; } diff --git a/modules/home/delta/default.nix b/modules/home/delta/default.nix deleted file mode 100644 index e76edc60..00000000 --- a/modules/home/delta/default.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, pkgs, lib, ... }: -let - cfg = config.my.home.delta; -in -{ - options.my.home.delta = with lib; { - enable = my.mkDisableOption "delta configuration"; - - package = mkPackageOption pkgs "delta" { }; - - git = { - enable = my.mkDisableOption "git integration"; - }; - }; - - config = lib.mkIf cfg.enable { - programs.delta = { - enable = true; - - inherit (cfg) package; - - enableGitIntegration = cfg.git.enable; - - options = { - features = "diff-highlight decorations"; - - # Less jarring style for `diff-highlight` emulation - diff-highlight = { - minus-style = "red"; - minus-non-emph-style = "red"; - minus-emph-style = "bold red 52"; - - plus-style = "green"; - plus-non-emph-style = "green"; - plus-emph-style = "bold green 22"; - - whitespace-error-style = "reverse red"; - }; - - # Personal preference for easier reading - decorations = { - commit-style = "raw"; # Do not recolor meta information - keep-plus-minus-markers = true; - paging = "always"; - }; - }; - }; - }; -} diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh index b1be8a91..b4b2bcef 100644 --- a/modules/home/direnv/lib/python.sh +++ b/modules/home/direnv/lib/python.sh @@ -46,7 +46,7 @@ layout_uv() { fi # create venv if it doesn't exist - uv venv -q --allow-existing + uv venv -q export VIRTUAL_ENV export UV_ACTIVE=1 diff --git a/modules/home/discord/default.nix b/modules/home/discord/default.nix index f9892df3..bfa5d40e 100644 --- a/modules/home/discord/default.nix +++ b/modules/home/discord/default.nix @@ -1,6 +1,8 @@ { config, lib, pkgs, ... }: let cfg = config.my.home.discord; + + jsonFormat = pkgs.formats.json { }; in { options.my.home.discord = with lib; { @@ -10,15 +12,14 @@ in }; config = lib.mkIf cfg.enable { - programs.discord = { - enable = true; + home.packages = with pkgs; [ + cfg.package + ]; - inherit (cfg) package; - - settings = { + xdg.configFile."discord/settings.json".source = + jsonFormat.generate "discord.json" { # Do not keep me from using the app just to force an update SKIP_HOST_UPDATE = true; }; - }; }; } diff --git a/modules/home/firefox/default.nix b/modules/home/firefox/default.nix index 19a008cc..6346dc9b 100644 --- a/modules/home/firefox/default.nix +++ b/modules/home/firefox/default.nix @@ -52,7 +52,6 @@ in "browser.newtabpage.activity-stream.feeds.sections" = false; "browser.newtabpage.activity-stream.feeds.system.topstories" = false; # Disable top stories "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; # Disable pocket - "browser.urlbar.trimURLs" = false; # Always show the `http://` prefix "extensions.pocket.enabled" = false; # Disable pocket "media.eme.enabled" = true; # Enable DRM "media.gmp-widevinecdm.enabled" = true; # Enable DRM diff --git a/modules/home/firefox/tridactyl/default.nix b/modules/home/firefox/tridactyl/default.nix index 26ddfad5..35b58c2d 100644 --- a/modules/home/firefox/tridactyl/default.nix +++ b/modules/home/firefox/tridactyl/default.nix @@ -12,7 +12,9 @@ let in { config = lib.mkIf cfg.enable { - xdg.configFile."tridactyl/tridactylrc".source = pkgs.replaceVars ./tridactylrc { + xdg.configFile."tridactyl/tridactylrc".source = pkgs.substituteAll { + src = ./tridactylrc; + editorcmd = lib.concatStringsSep " " [ # Use my configured terminal term diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index c3a51a0f..c88008fa 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -21,31 +21,57 @@ in config.programs.git = lib.mkIf cfg.enable { enable = true; + # Who am I? + userEmail = mkMailAddress "bruno" "belanyi.fr"; + userName = "Bruno BELANYI"; + inherit (cfg) package; + aliases = { + git = "!git"; + lol = "log --graph --decorate --pretty=oneline --abbrev-commit --topo-order"; + lola = "lol --all"; + assume = "update-index --assume-unchanged"; + unassume = "update-index --no-assume-unchanged"; + assumed = "!git ls-files -v | grep ^h | cut -c 3-"; + pick = "log -p -G"; + push-new = "!git push -u origin " + + ''"$(git branch | grep '^* ' | cut -f2- -d' ')"''; + root = "git rev-parse --show-toplevel"; + }; + lfs.enable = true; + delta = { + enable = true; + + options = { + features = "diff-highlight decorations"; + + # Less jarring style for `diff-highlight` emulation + diff-highlight = { + minus-style = "red"; + minus-non-emph-style = "red"; + minus-emph-style = "bold red 52"; + + plus-style = "green"; + plus-non-emph-style = "green"; + plus-emph-style = "bold green 22"; + + whitespace-error-style = "reverse red"; + }; + + # Personal preference for easier reading + decorations = { + commit-style = "raw"; # Do not recolor meta information + keep-plus-minus-markers = true; + paging = "always"; + }; + }; + }; + # There's more - settings = { - # Who am I? - user = { - email = mkMailAddress "bruno" "belanyi.fr"; - name = "Bruno BELANYI"; - }; - - alias = { - git = "!git"; - lol = "log --graph --decorate --pretty=oneline --abbrev-commit --topo-order"; - lola = "lol --all"; - assume = "update-index --assume-unchanged"; - unassume = "update-index --no-assume-unchanged"; - assumed = "!git ls-files -v | grep ^h | cut -c 3-"; - pick = "log -p -G"; - push-new = "!git push -u origin " - + ''"$(git branch | grep '^* ' | cut -f2- -d' ')"''; - root = "git rev-parse --show-toplevel"; - }; - + extraConfig = { # Makes it a bit more readable blame = { coloring = "repeatedLines"; diff --git a/modules/home/gpg/default.nix b/modules/home/gpg/default.nix index 2a00baf4..51c865a2 100644 --- a/modules/home/gpg/default.nix +++ b/modules/home/gpg/default.nix @@ -17,7 +17,7 @@ in services.gpg-agent = { enable = true; enableSshSupport = true; # One agent to rule them all - pinentry.package = cfg.pinentry; + pinentryPackage = cfg.pinentry; extraConfig = '' allow-loopback-pinentry ''; diff --git a/modules/home/nix/default.nix b/modules/home/nix/default.nix index 2f435a8d..c67cc6a1 100644 --- a/modules/home/nix/default.nix +++ b/modules/home/nix/default.nix @@ -69,7 +69,7 @@ in automatic = true; # Every week, with some wiggle room - dates = "weekly"; + frequency = "weekly"; randomizedDelaySec = "10min"; # Use a persistent timer for e.g: laptops diff --git a/modules/home/ssh/default.nix b/modules/home/ssh/default.nix index b0b41675..748b1957 100644 --- a/modules/home/ssh/default.nix +++ b/modules/home/ssh/default.nix @@ -17,7 +17,6 @@ in { programs.ssh = { enable = true; - enableDefaultConfig = false; includes = [ # Local configuration, not-versioned @@ -54,12 +53,11 @@ in identityFile = "~/.ssh/shared_rsa"; user = "ambroisie"; }; - - # `*` is automatically made the last match block by the module - "*" = { - addKeysToAgent = "yes"; - }; }; + + extraConfig = '' + AddKeysToAgent yes + ''; }; } diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index e3e3dafb..08b9202c 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -6,7 +6,7 @@ let (config.my.home.wm.windowManager != null) ]; - mkTerminalFeature = opt: flag: + mkTerminalFlags = opt: flag: let mkFlag = term: ''set -as terminal-features ",${term}:${flag}"''; enabledTerminals = lib.filterAttrs (_: v: v.${opt}) cfg.terminalFeatures; @@ -48,7 +48,7 @@ in keyMode = "vi"; # Home-row keys and other niceties clock24 = true; # I'm one of those heathens escapeTime = 0; # Let vim do its thing instead - historyLimit = 1000000; # Bigger buffer + historyLimit = 100000; # Bigger buffer mouse = false; # I dislike mouse support focusEvents = true; # Report focus events terminal = "tmux-256color"; # I want accurate termcap info @@ -61,8 +61,8 @@ in pain-control # Better session management sessionist - # X clipboard integration { + # X clipboard integration plugin = yank; extraConfig = '' # Use 'clipboard' because of misbehaving apps (e.g: firefox) @@ -71,8 +71,8 @@ in set -g @yank_action 'copy-pipe' ''; } - # Show when prefix has been pressed { + # Show when prefix has been pressed plugin = prefix-highlight; extraConfig = '' # Also show when I'm in copy or sync mode @@ -123,9 +123,9 @@ in } # Force OSC8 hyperlinks for each relevant $TERM - ${mkTerminalFeature "hyperlinks" "hyperlinks"} + ${mkTerminalFlags "hyperlinks" "hyperlinks"} # Force 24-bit color for each relevant $TERM - ${mkTerminalFeature "trueColor" "RGB"} + ${mkTerminalFlags "trueColor" "RGB"} ''; }; } diff --git a/modules/home/trgui/default.nix b/modules/home/trgui/default.nix deleted file mode 100644 index ee545a98..00000000 --- a/modules/home/trgui/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, lib, pkgs, ... }: -let - cfg = config.my.home.trgui; -in -{ - options.my.home.trgui = with lib; { - enable = mkEnableOption "Transmission GUI onfiguration"; - - package = mkPackageOption pkgs "TrguiNG" { default = "trgui-ng"; }; - }; - - config = lib.mkIf cfg.enable { - home.packages = with pkgs; [ - cfg.package - ]; - }; -} diff --git a/modules/home/vim/after/queries/gitcommit/highlights.scm b/modules/home/vim/after/queries/gitcommit/highlights.scm deleted file mode 100644 index 05162c9d..00000000 --- a/modules/home/vim/after/queries/gitcommit/highlights.scm +++ /dev/null @@ -1,6 +0,0 @@ -; extends - -; Highlight over-extended subject lines (rely on wrapping for message body) -((subject) @comment.error - (#vim-match? @comment.error ".\{50,}") - (#offset! @comment.error 0 50 0 0)) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 930a853a..75b8447a 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -65,14 +65,12 @@ in plenary-nvim # 'null-ls', 'telescope' dependency # Completion - luasnip # Snippet manager compatible with LSP nvim-cmp # Completion engine cmp-async-path # More responsive path completion cmp-buffer # Words from open buffers cmp-nvim-lsp # LSP suggestions cmp-nvim-lua # NeoVim lua API cmp-under-comparator # Sort items that start with '_' lower - cmp_luasnip # Snippet suggestions from LuaSnip # UX improvements dressing-nvim # Integrate native UI hooks with Telescope etc... @@ -80,6 +78,7 @@ in nvim-surround # Deal with pairs, now in Lua oil-nvim # Better alternative to NetrW telescope-fzf-native-nvim # Use 'fzf' fuzzy matching algorithm + telescope-lsp-handlers-nvim # Use 'telescope' for various LSP actions telescope-nvim # Fuzzy finder interface which-key-nvim # Show available mappings ]; diff --git a/modules/home/vim/ftdetect/glsl.lua b/modules/home/vim/ftdetect/glsl.lua new file mode 100644 index 00000000..2f4f1ddd --- /dev/null +++ b/modules/home/vim/ftdetect/glsl.lua @@ -0,0 +1,7 @@ +-- Use GLSL filetype for common shader file extensions +vim.filetype.add({ + extension = { + frag = "glsl", + vert = "glsl", + }, +}) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index 11429250..39ef32e3 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -81,6 +81,9 @@ set updatetime=250 " Disable all mouse integrations set mouse= +" Set dark mode by default +set background=dark + " Setup some overrides for gruvbox lua << EOF local gruvbox = require("gruvbox") diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index 05ca47a9..e48de128 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -53,10 +53,6 @@ M.on_attach = function(client, bufnr) vim.diagnostic.open_float(nil, { scope = "buffer" }) end - local function toggle_inlay_hints() - vim.lsp.inlay_hint.enable(not vim.lsp.inlay_hint.is_enabled()) - end - local keys = { buffer = bufnr, -- LSP navigation @@ -71,7 +67,6 @@ M.on_attach = function(client, bufnr) { "ca", vim.lsp.buf.code_action, desc = "Code actions" }, { "cd", cycle_diagnostics_display, desc = "Cycle diagnostics display" }, { "cD", show_buffer_diagnostics, desc = "Show buffer diagnostics" }, - { "ch", toggle_inlay_hints, desc = "Toggle inlay hints" }, { "cr", vim.lsp.buf.rename, desc = "Rename symbol" }, { "cs", vim.lsp.buf.signature_help, desc = "Show signature" }, { "ct", vim.lsp.buf.type_definition, desc = "Go to type definition" }, @@ -85,18 +80,4 @@ M.on_attach = function(client, bufnr) wk.add(keys) end ---- list all active LSP clients for specific buffer, or all buffers ---- @param bufnr int? buffer number ---- @return table all active LSP client names -M.list_clients = function(bufnr) - local clients = vim.lsp.get_clients({ bufnr = bufnr }) - local names = {} - - for _, client in ipairs(clients) do - table.insert(names, client.name) - end - - return names -end - return M diff --git a/modules/home/vim/lua/ambroisie/utils.lua b/modules/home/vim/lua/ambroisie/utils.lua index 5cb8df10..0ee7c83b 100644 --- a/modules/home/vim/lua/ambroisie/utils.lua +++ b/modules/home/vim/lua/ambroisie/utils.lua @@ -7,6 +7,15 @@ M.is_executable = function(cmd) return cmd and vim.fn.executable(cmd) == 1 end +--- return a function that checks if a given command is executable +--- @param cmd string? command to check +--- @return fun(): boolean executable +M.is_executable_condition = function(cmd) + return function() + return M.is_executable(cmd) + end +end + --- whether or not we are currently in an SSH connection --- @return boolean ssh connection M.is_ssh = function() @@ -25,6 +34,20 @@ M.is_ssh = function() return false end +--- list all active LSP clients for specific buffer, or all buffers +--- @param bufnr int? buffer number +--- @return table all active LSP client names +M.list_lsp_clients = function(bufnr) + local clients = vim.lsp.get_clients({ bufnr = bufnr }) + local names = {} + + for _, client in ipairs(clients) do + table.insert(names, client.name) + end + + return names +end + --- partially apply a function with given arguments M.partial = function(f, ...) local a = { ... } diff --git a/modules/home/vim/plugin/numbertoggle.lua b/modules/home/vim/plugin/numbertoggle.lua index b1e3df21..80427101 100644 --- a/modules/home/vim/plugin/numbertoggle.lua +++ b/modules/home/vim/plugin/numbertoggle.lua @@ -22,3 +22,13 @@ vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "InsertEnter", "WinLeave" end end, }) + +-- Never show the sign column in a terminal buffer +vim.api.nvim_create_autocmd({ "TermOpen" }, { + pattern = "*", + group = numbertoggle, + callback = function() + vim.opt.number = false + vim.opt.relativenumber = false + end, +}) diff --git a/modules/home/vim/plugin/settings/completion.lua b/modules/home/vim/plugin/settings/completion.lua index 0ed8c7f1..d50152a9 100644 --- a/modules/home/vim/plugin/settings/completion.lua +++ b/modules/home/vim/plugin/settings/completion.lua @@ -3,25 +3,24 @@ vim.opt.completeopt = { "menu", "menuone", "noselect" } local cmp = require("cmp") local cmp_under_comparator = require("cmp-under-comparator") -local luasnip = require("luasnip") cmp.setup({ snippet = { expand = function(args) - luasnip.lsp_expand(args.body) + vim.snippet.expand(args.body) end, }, mapping = { [""] = function(fallback) - if luasnip.expand_or_jumpable() then - luasnip.expand_or_jump() + if vim.snippet.active({ direction = 1 }) then + vim.snippet.jump(1) else fallback() end end, [""] = function(fallback) - if luasnip.jumpable(-1) then - luasnip.jump(-1) + if vim.snippet.active({ direction = -1 }) then + vim.snippet.jump(-1) else fallback() end @@ -40,7 +39,6 @@ cmp.setup({ { name = "async_path", priority_weight = 110 }, { name = "nvim_lsp", priority_weight = 100 }, { name = "nvim_lua", priority_weight = 90 }, - { name = "luasnip", priority_weight = 80 }, { name = "buffer", max_item_count = 5, priority_weight = 50 }, }, sorting = { diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua index 2c4504dd..b9b92a69 100644 --- a/modules/home/vim/plugin/settings/git.lua +++ b/modules/home/vim/plugin/settings/git.lua @@ -33,6 +33,10 @@ gitsigns.setup({ }) local keys = { + -- Navigation + { "[c", utils.partial(nav_hunk, "prev"), desc = "Previous hunk/diff" }, + { "]c", utils.partial(nav_hunk, "next"), desc = "Next hunk/diff" }, + -- Commands { "g", group = "Git" }, { "gb", gitsigns.toggle_current_line_blame, desc = "Toggle blame virtual text" }, { "gd", gitsigns.diffthis, desc = "Diff buffer" }, @@ -51,20 +55,14 @@ local keys = { { "g]", utils.partial(gitsigns.nav_hunk, "next"), desc = "Next hunk" }, } -local moves = { - mode = { "n", "x", "o" }, - { "[c", utils.partial(nav_hunk, "prev"), desc = "Previous hunk/diff" }, - { "]c", utils.partial(nav_hunk, "next"), desc = "Next hunk/diff" }, -} - local objects = { mode = "o", - { "ih", gitsigns.select_hunk, desc = "git hunk" }, + { "ih", gitsigns.select_hunk, desc = "Git hunk" }, } -- Visual local visual = { mode = { "x" }, - { "ih", gitsigns.select_hunk, desc = "git hunk" }, + { "ih", gitsigns.select_hunk, desc = "Git hunk" }, { "g", group = "Git" }, { "gp", gitsigns.preview_hunk, desc = "Preview selection" }, { "gr", make_visual(gitsigns.reset_hunk), desc = "Restore selection" }, @@ -73,6 +71,5 @@ local visual = { } wk.add(keys) -wk.add(moves) wk.add(objects) wk.add(visual) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 1596e84a..7817d4c1 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -1,3 +1,4 @@ +local lspconfig = require("lspconfig") local lsp = require("ambroisie.lsp") local utils = require("ambroisie.utils") @@ -24,27 +25,59 @@ vim.diagnostic.config({ -- Inform servers we are able to do completion, snippets, etc... local capabilities = require("cmp_nvim_lsp").default_capabilities() --- Shared configuration -vim.lsp.config("*", { - capabilities = capabilities, - on_attach = lsp.on_attach, -}) +-- C/C++ +if utils.is_executable("clangd") then + lspconfig.clangd.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end -local servers = { - -- C/C++ - clangd = {}, - -- Haskell - hls = {}, - -- Nix - nil_ls = {}, - -- Python - pyright = {}, - ruff = {}, - -- Rust - rust_analyzer = {}, - -- Shell - bashls = { +-- Haskell +if utils.is_executable("haskell-language-server-wrapper") then + lspconfig.hls.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end + +-- Nix +if utils.is_executable("nil") then + lspconfig.nil_ls.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end + +-- Python +if utils.is_executable("pyright") then + lspconfig.pyright.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end + +if utils.is_executable("ruff") then + lspconfig.ruff.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end + +-- Rust +if utils.is_executable("rust-analyzer") then + lspconfig.rust_analyzer.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end + +-- Shell +if utils.is_executable("bash-language-server") then + lspconfig.bashls.setup({ filetypes = { "bash", "sh", "zsh" }, + capabilities = capabilities, + on_attach = lsp.on_attach, settings = { bashIde = { shfmt = { @@ -55,17 +88,28 @@ local servers = { }, }, }, - }, - -- Starlark - starpls = {}, - -- Generic - harper_ls = {}, - typos_lsp = {}, -} - -for server, config in pairs(servers) do - if not vim.tbl_isempty(config) then - vim.lsp.config(server, config) - end - vim.lsp.enable(server) + }) +end + +-- Starlark +if utils.is_executable("starpls") then + lspconfig.starpls.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end + +-- Generic +if utils.is_executable("harper-ls") then + lspconfig.harper_ls.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end + +if utils.is_executable("typos-lsp") then + lspconfig.typos_lsp.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) end diff --git a/modules/home/vim/plugin/settings/lualine.lua b/modules/home/vim/plugin/settings/lualine.lua index 2dbc916e..bbe46475 100644 --- a/modules/home/vim/plugin/settings/lualine.lua +++ b/modules/home/vim/plugin/settings/lualine.lua @@ -1,6 +1,6 @@ local lualine = require("lualine") local oil = require("oil") -local lsp = require("ambroisie.lsp") +local utils = require("ambroisie.utils") local function list_spell_languages() if not vim.opt.spell:get() then @@ -11,7 +11,7 @@ local function list_spell_languages() end local function list_lsp_clients() - local client_names = lsp.list_clients(0) + local client_names = utils.list_lsp_clients(0) if #client_names == 0 then return "" diff --git a/modules/home/vim/plugin/settings/null-ls.lua b/modules/home/vim/plugin/settings/null-ls.lua index 00295bcc..258a2094 100644 --- a/modules/home/vim/plugin/settings/null-ls.lua +++ b/modules/home/vim/plugin/settings/null-ls.lua @@ -10,11 +10,11 @@ null_ls.setup({ null_ls.register({ null_ls.builtins.diagnostics.buildifier.with({ -- Only used if available - condition = utils.partial(utils.is_executable, "buildifier"), + condition = utils.is_executable_condition("buildifier"), }), null_ls.builtins.formatting.buildifier.with({ -- Only used if available - condition = utils.partial(utils.is_executable, "buildifier"), + condition = utils.is_executable_condition("buildifier"), }), }) @@ -22,7 +22,7 @@ null_ls.register({ null_ls.register({ null_ls.builtins.formatting.nixpkgs_fmt.with({ -- Only used if available - condition = utils.partial(utils.is_executable, "nixpkgs-fmt"), + condition = utils.is_executable_condition("nixpkgs-fmt"), }), }) @@ -30,19 +30,19 @@ null_ls.register({ null_ls.register({ null_ls.builtins.diagnostics.mypy.with({ -- Only used if available - condition = utils.partial(utils.is_executable, "mypy"), + condition = utils.is_executable_condition("mypy"), }), null_ls.builtins.diagnostics.pylint.with({ -- Only used if available - condition = utils.partial(utils.is_executable, "pylint"), + condition = utils.is_executable_condition("pylint"), }), null_ls.builtins.formatting.black.with({ extra_args = { "--fast" }, -- Only used if available - condition = utils.partial(utils.is_executable, "black"), + condition = utils.is_executable_condition("black"), }), null_ls.builtins.formatting.isort.with({ -- Only used if available - condition = utils.partial(utils.is_executable, "isort"), + condition = utils.is_executable_condition("isort"), }), }) diff --git a/modules/home/vim/plugin/settings/telescope.lua b/modules/home/vim/plugin/settings/telescope.lua index 810d51cb..1a239282 100644 --- a/modules/home/vim/plugin/settings/telescope.lua +++ b/modules/home/vim/plugin/settings/telescope.lua @@ -23,6 +23,7 @@ telescope.setup({ }) telescope.load_extension("fzf") +telescope.load_extension("lsp_handlers") local keys = { { "f", group = "Fuzzy finder" }, diff --git a/modules/home/vim/plugin/settings/tree-sitter.lua b/modules/home/vim/plugin/settings/tree-sitter.lua index 2958c2a9..d5fff465 100644 --- a/modules/home/vim/plugin/settings/tree-sitter.lua +++ b/modules/home/vim/plugin/settings/tree-sitter.lua @@ -1,95 +1,54 @@ -local treesitter = require("nvim-treesitter") -local ts_select = require("nvim-treesitter-textobjects.select") -local ts_move = require("nvim-treesitter-textobjects.move") -local utils = require("ambroisie.utils") -local wk = require("which-key") +local ts_config = require("nvim-treesitter.configs") -local function select_textobject(query) - return utils.partial(ts_select.select_textobject, query) -end - -local function goto_next_start(query) - return utils.partial(ts_move.goto_next_start, query) -end -local function goto_next_end(query) - return utils.partial(ts_move.goto_next_end, query) -end -local function goto_previous_start(query) - return utils.partial(ts_move.goto_previous_start, query) -end -local function goto_previous_end(query) - return utils.partial(ts_move.goto_previous_end, query) -end - -local objects = { - mode = { "x", "o" }, - { "aa", select_textobject("@parameter.outer"), desc = "a parameter" }, - { "ia", select_textobject("@parameter.inner"), desc = "inner parameter" }, - { "ab", select_textobject("@block.outer"), desc = "a block" }, - { "ib", select_textobject("@block.inner"), desc = "inner block" }, - { "ac", select_textobject("@class.outer"), desc = "a class" }, - { "ic", select_textobject("@class.inner"), desc = "inner class" }, - { "af", select_textobject("@function.outer"), desc = "a function" }, - { "if", select_textobject("@function.inner"), desc = "inner function" }, - { "ak", select_textobject("@comment.outer"), desc = "a comment" }, - { "aS", select_textobject("@statement.outer"), desc = "a statement" }, -} -local moves = { - mode = { "n", "x", "o" }, - -- Next start - { "]m", goto_next_start("@function.outer"), desc = "Next method start" }, - { "]S", goto_next_start("@statement.outer"), desc = "Next statement start" }, - { "]]", goto_next_start("@class.outer"), desc = "Next class start" }, - -- Next end - { "]M", goto_next_end("@function.outer"), desc = "Next method end" }, - { "][", goto_next_end("@class.outer"), desc = "Next class end" }, - -- Previous start - { "[m", goto_previous_start("@function.outer"), desc = "Previous method start" }, - { "[S", goto_previous_start("@statement.outer"), desc = "Previous statement start" }, - { "[[", goto_previous_start("@class.outer"), desc = "Previous class start" }, - -- Previous end - { "[M", goto_previous_end("@function.outer"), desc = "Previous method end" }, - { "[]", goto_previous_end("@class.outer"), desc = "Previous class end" }, -} -wk.add(objects) -wk.add(moves) - -require("nvim-treesitter-textobjects").setup({ - select = { - -- Jump to matching text objects - lookahead = true, +ts_config.setup({ + highlight = { + enable = true, + -- Avoid duplicate highlighting + additional_vim_regex_highlighting = false, }, - move = { - -- Add to jump list - set_jumps = true, + indent = { + enable = true, + }, + textobjects = { + select = { + enable = true, + -- Jump to matching text objects + lookahead = true, + keymaps = { + ["aa"] = { query = "@parameter.outer", desc = "a parameter" }, + ["ia"] = { query = "@parameter.inner", desc = "inner parameter" }, + ["ab"] = { query = "@block.outer", desc = "a block" }, + ["ib"] = { query = "@block.inner", desc = "inner block" }, + ["ac"] = { query = "@class.outer", desc = "a class" }, + ["ic"] = { query = "@class.inner", desc = "inner class" }, + ["af"] = { query = "@function.outer", desc = "a function" }, + ["if"] = { query = "@function.inner", desc = "inner function" }, + ["ak"] = { query = "@comment.outer", desc = "a comment" }, + ["aS"] = { query = "@statement.outer", desc = "a statement" }, + }, + }, + move = { + enable = true, + -- Add to jump list + set_jumps = true, + goto_next_start = { + ["]m"] = { query = "@function.outer", desc = "Next method start" }, + ["]S"] = { query = "@statement.outer", desc = "Next statement start" }, + ["]]"] = { query = "@class.outer", desc = "Next class start" }, + }, + goto_next_end = { + ["]M"] = { query = "@function.outer", desc = "Next method end" }, + ["]["] = { query = "@class.outer", desc = "Next class end" }, + }, + goto_previous_start = { + ["[m"] = { query = "@function.outer", desc = "Previous method start" }, + ["[S"] = { query = "@statement.outer", desc = "Previous statement start" }, + ["[["] = { query = "@class.outer", desc = "Previous class start" }, + }, + goto_previous_end = { + ["[M"] = { query = "@function.outer", desc = "Previous method end" }, + ["[]"] = { query = "@class.outer", desc = "Previous class end" }, + }, + }, }, }) - --- Automatically setup treesitter for supported filetypes -local function treesitter_try_attach(buf, language) - -- Try to load language - -- NOTE: the best way I found to check if a filetype has a grammar - if not vim.treesitter.language.add(language) then - return false - end - - -- Syntax highlighting - vim.treesitter.start(buf, language) - -- Indentation - vim.bo.indentexpr = "v:lua.require('nvim-treesitter').indentexpr()" - - return true -end - -vim.api.nvim_create_autocmd("FileType", { - pattern = "*", - group = vim.api.nvim_create_augroup("treesitter_attach", { clear = true }), - callback = function(args) - local buf, filetype = args.buf, args.match - local language = vim.treesitter.language.get_lang(filetype) - if not language then - return - end - treesitter_try_attach(buf, language) - end, -}) diff --git a/modules/home/vim/plugin/signtoggle.lua b/modules/home/vim/plugin/signtoggle.lua index 3deca340..9765a818 100644 --- a/modules/home/vim/plugin/signtoggle.lua +++ b/modules/home/vim/plugin/signtoggle.lua @@ -1,21 +1,26 @@ local signtoggle = vim.api.nvim_create_augroup("signtoggle", { clear = true }) --- Only show sign column for the currently focused buffer, if it has a number column +-- Only show sign column for the currently focused buffer vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "WinEnter" }, { pattern = "*", group = signtoggle, callback = function() - if vim.opt.number:get() then - vim.opt.signcolumn = "yes" - end + vim.opt.signcolumn = "yes" end, }) vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "WinLeave" }, { pattern = "*", group = signtoggle, callback = function() - if vim.opt.number:get() then - vim.opt.signcolumn = "no" - end + vim.opt.signcolumn = "no" + end, +}) + +-- Never show the sign column in a terminal buffer +vim.api.nvim_create_autocmd({ "TermOpen" }, { + pattern = "*", + group = signtoggle, + callback = function() + vim.opt.signcolumn = "no" end, }) diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix index 5f22bbe2..029a14ba 100644 --- a/modules/home/wm/i3/default.nix +++ b/modules/home/wm/i3/default.nix @@ -127,7 +127,6 @@ in { class = "^Blueman-.*$"; } { title = "^htop$"; } { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; } - { class = "^firefox$"; instance = "Places"; window_role = "Organizer"; } { class = "^pavucontrol.*$"; } { class = "^Arandr$"; } { class = "^\\.blueman-manager-wrapped$"; } diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index 7a0c5179..803167fa 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -56,7 +56,4 @@ in XCOMPOSECACHE = "${dataHome}/X11/xcompose"; _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java"; }; - - # Some modules *optionally* use `XDG_*_HOME` when told to - config.home.preferXdgDirectories = lib.mkIf cfg.enable true; } diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 95242628..f4092d88 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -1,6 +1,14 @@ { config, pkgs, lib, ... }: let cfg = config.my.home.zsh; + + # Have a nice relative path for XDG_CONFIG_HOME, without leading `/` + relativeXdgConfig = + let + noHome = lib.removePrefix config.home.homeDirectory; + noSlash = lib.removePrefix "/"; + in + noSlash (noHome config.xdg.configHome); in { options.my.home.zsh = with lib; { @@ -8,22 +16,16 @@ in launchTmux = mkEnableOption "auto launch tmux at shell start"; - completionSync = { - enable = mkEnableOption "zsh-completion-sync plugin"; - }; - notify = { enable = mkEnableOption "zsh-done notification"; exclude = mkOption { type = with types; listOf str; default = [ - "bat" "delta" "direnv reload" "fg" "git (?!push|pull|fetch)" - "home-manager (?!switch|build)" "htop" "less" "man" @@ -55,7 +57,7 @@ in programs.zsh = { enable = true; - dotDir = "${config.xdg.configHome}/zsh"; # Don't clutter $HOME + dotDir = "${relativeXdgConfig}/zsh"; # Don't clutter $HOME enableCompletion = true; history = { @@ -72,7 +74,7 @@ in plugins = [ { name = "fast-syntax-highlighting"; - file = "share/zsh/plugins/fast-syntax-highlighting/fast-syntax-highlighting.plugin.zsh"; + file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh"; src = pkgs.zsh-fast-syntax-highlighting; } { @@ -122,18 +124,6 @@ in }; } - (lib.mkIf cfg.completionSync.enable { - programs.zsh = { - plugins = [ - { - name = "zsh-completion-sync"; - file = "share/zsh-completion-sync/zsh-completion-sync.plugin.zsh"; - src = pkgs.zsh-completion-sync; - } - ]; - }; - }) - (lib.mkIf cfg.notify.enable { programs.zsh = { plugins = [ diff --git a/modules/nixos/hardware/graphics/default.nix b/modules/nixos/hardware/graphics/default.nix index 4b6eb375..7d8b359c 100644 --- a/modules/nixos/hardware/graphics/default.nix +++ b/modules/nixos/hardware/graphics/default.nix @@ -15,6 +15,8 @@ in amd = { enableKernelModule = lib.my.mkDisableOption "Kernel driver module"; + + amdvlk = lib.mkEnableOption "Use AMDVLK instead of Mesa RADV driver"; }; intel = { @@ -33,6 +35,13 @@ in (lib.mkIf (cfg.gpuFlavor == "amd") { hardware.amdgpu = { initrd.enable = cfg.amd.enableKernelModule; + # Vulkan + amdvlk = lib.mkIf cfg.amd.amdvlk { + enable = true; + support32Bit = { + enable = true; + }; + }; }; hardware.graphics = { diff --git a/modules/nixos/profiles/wm/default.nix b/modules/nixos/profiles/wm/default.nix index bca4d700..c2273281 100644 --- a/modules/nixos/profiles/wm/default.nix +++ b/modules/nixos/profiles/wm/default.nix @@ -24,8 +24,6 @@ in my.home.udiskie.enable = true; # udiskie fails if it can't find this dbus service services.udisks2.enable = true; - # Ensure i3lock can actually unlock the session - security.pam.services.i3lock.enable = true; }) ]; } diff --git a/modules/nixos/profiles/x/default.nix b/modules/nixos/profiles/x/default.nix index 874f36f6..ea77939c 100644 --- a/modules/nixos/profiles/x/default.nix +++ b/modules/nixos/profiles/x/default.nix @@ -13,7 +13,7 @@ in # Nice wallpaper services.xserver.displayManager.lightdm.background = let - wallpapers = "${pkgs.kdePackages.plasma-workspace-wallpapers}/share/wallpapers"; + wallpapers = "${pkgs.plasma5Packages.plasma-workspace-wallpapers}/share/wallpapers"; in "${wallpapers}/summer_1am/contents/images/2560x1600.jpg"; diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index e03eca19..3992385f 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -15,6 +15,7 @@ ./gitea ./grocy ./homebox + ./indexers ./jellyfin ./komga ./lohr @@ -38,7 +39,6 @@ ./servarr ./ssh-server ./tandoor-recipes - ./thelounge ./tlp ./transmission ./vikunja diff --git a/modules/nixos/services/drone/server/default.nix b/modules/nixos/services/drone/server/default.nix index d6148f42..a3a1e496 100644 --- a/modules/nixos/services/drone/server/default.nix +++ b/modules/nixos/services/drone/server/default.nix @@ -6,8 +6,8 @@ in config = lib.mkIf cfg.enable { systemd.services.drone-server = { wantedBy = [ "multi-user.target" ]; - after = [ "postgresql.target" ]; - requires = [ "postgresql.target" ]; + after = [ "postgresql.service" ]; + requires = [ "postgresql.service" ]; serviceConfig = { EnvironmentFile = [ cfg.secretFile diff --git a/modules/nixos/services/homebox/default.nix b/modules/nixos/services/homebox/default.nix index 524a6d73..d79e3314 100644 --- a/modules/nixos/services/homebox/default.nix +++ b/modules/nixos/services/homebox/default.nix @@ -19,11 +19,6 @@ in services.homebox = { enable = true; - # Automatic PostgreSQL provisioning - database = { - createLocally = true; - }; - settings = { # FIXME: mailer? HBOX_WEB_PORT = toString cfg.port; @@ -33,13 +28,12 @@ in my.services.nginx.virtualHosts = { homebox = { inherit (cfg) port; - websocketsLocations = [ "/api" ]; }; }; my.services.backup = { paths = [ - (lib.removePrefix "file://" config.services.homebox.settings.HBOX_STORAGE_CONN_STRING) + config.services.homebox.settings.HBOX_STORAGE_DATA ]; }; diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix new file mode 100644 index 00000000..8a42345a --- /dev/null +++ b/modules/nixos/services/indexers/default.nix @@ -0,0 +1,78 @@ +# Torrent and usenet meta-indexers +{ config, lib, ... }: +let + cfg = config.my.services.indexers; + + jackettPort = 9117; + nzbhydraPort = 5076; + prowlarrPort = 9696; +in +{ + options.my.services.indexers = with lib; { + jackett.enable = mkEnableOption "Jackett torrent meta-indexer"; + nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer"; + prowlarr.enable = mkEnableOption "Prowlarr torrent & usenet meta-indexer"; + }; + + config = lib.mkMerge [ + (lib.mkIf cfg.jackett.enable { + services.jackett = { + enable = true; + }; + + # Jackett wants to eat *all* my RAM if left to its own devices + systemd.services.jackett = { + serviceConfig = { + MemoryHigh = "15%"; + MemoryMax = "25%"; + }; + }; + + my.services.nginx.virtualHosts = { + jackett = { + port = jackettPort; + }; + }; + }) + + (lib.mkIf cfg.nzbhydra.enable { + services.nzbhydra2 = { + enable = true; + }; + + my.services.nginx.virtualHosts = { + nzbhydra = { + port = nzbhydraPort; + }; + }; + }) + + (lib.mkIf cfg.prowlarr.enable { + services.prowlarr = { + enable = true; + }; + + my.services.nginx.virtualHosts = { + prowlarr = { + port = prowlarrPort; + }; + }; + + services.fail2ban.jails = { + prowlarr = '' + enabled = true + filter = prowlarr + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/prowlarr.conf".text = '' + [Definition] + failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ + journalmatch = _SYSTEMD_UNIT=prowlarr.service + ''; + }; + }) + ]; +} diff --git a/modules/nixos/services/matrix/bridges.nix b/modules/nixos/services/matrix/bridges.nix deleted file mode 100644 index 70f4118a..00000000 --- a/modules/nixos/services/matrix/bridges.nix +++ /dev/null @@ -1,143 +0,0 @@ -# Matrix bridges for some services I use -{ config, lib, ... }: -let - cfg = config.my.services.matrix.bridges; - synapseCfg = config.services.matrix-synapse; - - domain = config.networking.domain; - serverName = synapseCfg.settings.server_name; - - mkBridgeOption = n: lib.mkEnableOption "${n} bridge" // { default = cfg.enable; }; - mkPortOption = n: default: lib.mkOption { - type = lib.types.port; - inherit default; - example = 8080; - description = "${n} bridge port"; - }; - mkEnvironmentFileOption = n: lib.mkOption { - type = lib.types.str; - example = "/run/secret/matrix/${lib.toLower n}-bridge-secrets.env"; - description = '' - Path to a file which should contain the secret values for ${n} bridge. - - Using through the following format: - - ``` - MATRIX_APPSERVICE_AS_TOKEN= - MATRIX_APPSERVICE_HS_TOKEN= - ``` - - Each bridge should use a different set of secrets, as they each register - their own independent double-puppetting appservice. - ''; - }; -in -{ - options.my.services.matrix.bridges = with lib; { - enable = mkEnableOption "bridges configuration"; - - admin = mkOption { - type = types.str; - default = "ambroisie"; - example = "admin"; - description = "Local username for the admin"; - }; - - facebook = { - enable = mkBridgeOption "Facebook"; - - port = mkPortOption "Facebook" 29321; - - environmentFile = mkEnvironmentFileOption "Facebook"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.facebook.enable { - services.mautrix-meta.instances.facebook = { - enable = true; - # Automatically register the bridge with synapse - registerToSynapse = true; - - # Provide `AS_TOKEN`, `HS_TOKEN` - inherit (cfg.facebook) environmentFile; - - settings = { - homeserver = { - domain = serverName; - address = "http://localhost:${toString config.my.services.matrix.port}"; - }; - - appservice = { - hostname = "localhost"; - inherit (cfg.facebook) port; - address = "http://localhost:${toString cfg.facebook.port}"; - public_address = "https://facebook-bridge.${domain}"; - - as_token = "$MATRIX_APPSERVICE_AS_TOKEN"; - hs_token = "$MATRIX_APPSERVICE_HS_TOKEN"; - - bot = { - username = "fbbot"; - }; - }; - - backfill = { - enabled = true; - }; - - bridge = { - delivery_receipts = true; - permissions = { - "*" = "relay"; - ${serverName} = "user"; - "@${cfg.admin}:${serverName}" = "admin"; - }; - }; - - database = { - type = "postgres"; - uri = "postgres:///mautrix-meta-facebook?host=/var/run/postgresql/"; - }; - - double_puppet = { - secrets = { - ${serverName} = "as_token:$MATRIX_APPSERVICE_AS_TOKEN"; - }; - }; - - network = { - # Don't be picky on Facebook/Messenger - allow_messenger_com_on_fb = true; - displayname_template = ''{{or .DisplayName .Username "Unknown user"}} (FB)''; - }; - - provisioning = { - shared_secret = "disable"; - }; - }; - }; - - services.postgresql = { - enable = true; - ensureDatabases = [ "mautrix-meta-facebook" ]; - ensureUsers = [{ - name = "mautrix-meta-facebook"; - ensureDBOwnership = true; - }]; - }; - - systemd.services.mautrix-meta-facebook = { - wants = [ "postgres.service" ]; - after = [ "postgres.service" ]; - }; - - my.services.nginx.virtualHosts = { - # Proxy to the bridge - "facebook-bridge" = { - inherit (cfg.facebook) port; - }; - }; - }) - ]; -} diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 97dec2e3..f4238342 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -1,49 +1,24 @@ -# Matrix homeserver setup. +# Matrix homeserver setup, using different endpoints for federation and client +# traffic. The main trick for this is defining two nginx servers endpoints for +# matrix.domain.com, each listening on different ports. +# +# Configuration shamelessly stolen from [1] +# +# [1]: https://github.com/alarsyo/nixos-config/blob/main/services/matrix.nix { config, lib, pkgs, ... }: let cfg = config.my.services.matrix; - adminPkg = pkgs.synapse-admin-etkecc; - + federationPort = { public = 8448; private = 11338; }; + clientPort = { public = 443; private = 11339; }; domain = config.networking.domain; matrixDomain = "matrix.${domain}"; - - serverConfig = { - "m.server" = "${matrixDomain}:443"; - }; - clientConfig = { - "m.homeserver" = { - "base_url" = "https://${matrixDomain}"; - "server_name" = domain; - }; - "m.identity_server" = { - "base_url" = "https://vector.im"; - }; - }; - - # ACAO required to allow element-web on any URL to request this json file - mkWellKnown = data: '' - default_type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON data}'; - ''; in { - imports = [ - ./bridges.nix - ]; - options.my.services.matrix = with lib; { enable = mkEnableOption "Matrix Synapse"; - port = mkOption { - type = types.port; - default = 8448; - example = 8008; - description = "Internal port for listeners"; - }; - secretFile = mkOption { type = with types; nullOr str; default = null; @@ -83,22 +58,22 @@ in enable_registration = false; listeners = [ + # Federation { - inherit (cfg) port; bind_addresses = [ "::1" ]; - type = "http"; - tls = false; + port = federationPort.private; + tls = false; # Terminated by nginx. x_forwarded = true; - resources = [ - { - names = [ "client" ]; - compress = true; - } - { - names = [ "federation" ]; - compress = false; - } - ]; + resources = [{ names = [ "federation" ]; compress = false; }]; + } + + # Client + { + bind_addresses = [ "::1" ]; + port = clientPort.private; + tls = false; # Terminated by nginx. + x_forwarded = true; + resources = [{ names = [ "client" ]; compress = false; }]; } ]; @@ -121,12 +96,19 @@ in chat = { root = pkgs.element-web.override { conf = { - default_server_config = clientConfig; - show_labs_settings = true; - default_country_code = "FR"; # cocorico - room_directory = { + default_server_config = { + "m.homeserver" = { + "base_url" = "https://${matrixDomain}"; + "server_name" = domain; + }; + "m.identity_server" = { + "base_url" = "https://vector.im"; + }; + }; + showLabsSettings = true; + defaultCountryCode = "FR"; # cocorico + roomDirectory = { "servers" = [ - domain "matrix.org" "mozilla.org" ]; @@ -134,54 +116,99 @@ in }; }; }; - matrix = { - # Somewhat unused, but necessary for port collision detection - inherit (cfg) port; - - extraConfig = { - locations = { - # Or do a redirect instead of the 404, or whatever is appropriate - # for you. But do not put a Matrix Web client here! See the - # Element web section above. - "/".return = "404"; - - "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; - "/_synapse".proxyPass = "http://[::1]:${toString cfg.port}"; - - "= /admin".return = "307 /admin/"; - "/admin/" = { - alias = "${adminPkg}/"; - priority = 500; - tryFiles = "$uri $uri/ /index.html"; - }; - "~ ^/admin/.*\\.(?:css|js|jpg|jpeg|gif|png|svg|ico|woff|woff2|ttf|eot|webp)$" = { - priority = 400; - root = adminPkg; - extraConfig = '' - rewrite ^/admin/(.*)$ /$1 break; - expires 30d; - more_set_headers "Cache-Control: public"; - ''; - }; - }; - }; + # Dummy VHosts for port collision detection + matrix-federation = { + port = federationPort.private; + }; + matrix-client = { + port = clientPort.private; }; }; - # Setup well-known locations + # Those are too complicated to use my wrapper... services.nginx.virtualHosts = { + ${matrixDomain} = { + onlySSL = true; + useACMEHost = domain; + + locations = + let + proxyToClientPort = { + proxyPass = "http://[::1]:${toString clientPort.private}"; + }; + in + { + # Or do a redirect instead of the 404, or whatever is appropriate + # for you. But do not put a Matrix Web client here! See the + # Element web section below. + "/".return = "404"; + + "/_matrix" = proxyToClientPort; + "/_synapse/client" = proxyToClientPort; + }; + + listen = [ + { addr = "0.0.0.0"; port = clientPort.public; ssl = true; } + { addr = "[::]"; port = clientPort.public; ssl = true; } + ]; + + }; + + # same as above, but listening on the federation port + "${matrixDomain}_federation" = { + onlySSL = true; + serverName = matrixDomain; + useACMEHost = domain; + + locations."/".return = "404"; + + locations."/_matrix" = { + proxyPass = "http://[::1]:${toString federationPort.private}"; + }; + + listen = [ + { addr = "0.0.0.0"; port = federationPort.public; ssl = true; } + { addr = "[::]"; port = federationPort.public; ssl = true; } + ]; + }; + "${domain}" = { forceSSL = true; useACMEHost = domain; - locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; - locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; + locations."= /.well-known/matrix/server".extraConfig = + let + server = { "m.server" = "${matrixDomain}:${toString federationPort.public}"; }; + in + '' + add_header Content-Type application/json; + return 200 '${builtins.toJSON server}'; + ''; + + locations."= /.well-known/matrix/client".extraConfig = + let + client = { + "m.homeserver" = { "base_url" = "https://${matrixDomain}"; }; + "m.identity_server" = { "base_url" = "https://vector.im"; }; + }; + # ACAO required to allow element-web on any URL to request this json file + in + '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON client}'; + ''; }; }; # For administration tools. environment.systemPackages = [ pkgs.matrix-synapse ]; + networking.firewall.allowedTCPPorts = [ + clientPort.public + federationPort.public + ]; + my.services.backup = { paths = [ config.services.matrix-synapse.dataDir diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index f3774e17..664d5ba8 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -32,15 +32,33 @@ in BASE_URL = "https://mealie.${config.networking.domain}"; TZ = config.time.timeZone; ALLOw_SIGNUP = "false"; - TOKEN_TIME = 24 * 180; # 180 days - }; - # Automatic PostgreSQL provisioning - database = { - createLocally = true; + # Use PostgreSQL + DB_ENGINE = "postgres"; + # Make it work with socket auth + POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql"; }; }; + systemd.services = { + mealie = { + after = [ "postgresql.service" ]; + requires = [ "postgresql.service" ]; + }; + }; + + # Set-up database + services.postgresql = { + enable = true; + ensureDatabases = [ "mealie" ]; + ensureUsers = [ + { + name = "mealie"; + ensureDBOwnership = true; + } + ]; + }; + my.services.nginx.virtualHosts = { mealie = { inherit (cfg) port; @@ -54,12 +72,6 @@ in }; }; - my.services.backup = { - paths = [ - "/var/lib/mealie" - ]; - }; - services.fail2ban.jails = { mealie = '' enabled = true diff --git a/modules/nixos/services/nextcloud/collabora.nix b/modules/nixos/services/nextcloud/collabora.nix index 408b232e..f8f42a77 100644 --- a/modules/nixos/services/nextcloud/collabora.nix +++ b/modules/nixos/services/nextcloud/collabora.nix @@ -16,12 +16,6 @@ in }; config = lib.mkIf cfg.enable { - services.nextcloud = { - extraApps = { - inherit (config.services.nextcloud.package.packages.apps) richdocuments; - }; - }; - services.collabora-online = { enable = true; inherit (cfg) port; diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index 24515ffe..fe941778 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -35,7 +35,7 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud32; + package = pkgs.nextcloud30; hostName = "nextcloud.${config.networking.domain}"; home = "/var/lib/nextcloud"; maxUploadSize = cfg.maxSize; @@ -44,15 +44,11 @@ in adminuser = cfg.admin; adminpassFile = cfg.passwordFile; dbtype = "pgsql"; + dbhost = "/run/postgresql"; }; https = true; - # Automatic PostgreSQL provisioning - database = { - createLocally = true; - }; - settings = { overwriteprotocol = "https"; # Nginx only allows SSL }; @@ -62,16 +58,22 @@ in # Allow using the push service without hard-coding my IP in the configuration bendDomainToLocalhost = true; }; + }; - extraApps = { - inherit (config.services.nextcloud.package.packages.apps) - calendar - contacts - deck - tasks - ; - # notify_push is automatically installed by the module - }; + services.postgresql = { + enable = true; + ensureDatabases = [ "nextcloud" ]; + ensureUsers = [ + { + name = "nextcloud"; + ensureDBOwnership = true; + } + ]; + }; + + systemd.services."nextcloud-setup" = { + requires = [ "postgresql.service" ]; + after = [ "postgresql.service" ]; }; # The service above configures the domain, no need for my wrapper diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index ff530b0a..1e9e38a8 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -444,7 +444,7 @@ in }; }; - systemd.services."acme-order-renew-${domain}" = { + systemd.services."acme-${domain}" = { serviceConfig = { Environment = [ # Since I do a "weird" setup with a wildcard CNAME diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index 11959772..63f456b2 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -52,28 +52,30 @@ in mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath; - settings = { - # Use SSO - PAPERLESS_ENABLE_HTTP_REMOTE_USER = true; - PAPERLESS_ENABLE_HTTP_REMOTE_USER_API = true; - PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER"; + settings = + let + paperlessDomain = "paperless.${config.networking.domain}"; + in + { + # Use SSO + PAPERLESS_ENABLE_HTTP_REMOTE_USER = true; + PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER"; - # Security settings - PAPERLESS_URL = "https://paperless.${config.networking.domain}"; - PAPERLESS_USE_X_FORWARD_HOST = true; - PAPERLESS_PROXY_SSL_HEADER = [ "HTTP_X_FORWARDED_PROTO" "https" ]; + # Security settings + PAPERLESS_ALLOWED_HOSTS = paperlessDomain; + PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}"; - # OCR settings - PAPERLESS_OCR_LANGUAGE = "fra+eng"; + # OCR settings + PAPERLESS_OCR_LANGUAGE = "fra+eng"; - # Workers - PAPERLESS_TASK_WORKERS = 3; - PAPERLESS_THREADS_PER_WORKER = 4; + # Workers + PAPERLESS_TASK_WORKERS = 3; + PAPERLESS_THREADS_PER_WORKER = 4; - # Misc - PAPERLESS_TIME_ZONE = config.time.timeZone; - PAPERLESS_ADMIN_USER = cfg.username; - }; + # Misc + PAPERLESS_TIME_ZONE = config.time.timeZone; + PAPERLESS_ADMIN_USER = cfg.username; + }; # Admin password passwordFile = cfg.passwordFile; diff --git a/modules/nixos/services/sabnzbd/default.nix b/modules/nixos/services/sabnzbd/default.nix index 37ba96cf..9e0d9c3c 100644 --- a/modules/nixos/services/sabnzbd/default.nix +++ b/modules/nixos/services/sabnzbd/default.nix @@ -2,35 +2,17 @@ { config, lib, ... }: let cfg = config.my.services.sabnzbd; + port = 9090; # NOTE: not declaratively set... in { options.my.services.sabnzbd = with lib; { enable = mkEnableOption "SABnzbd binary news reader"; - - port = mkOption { - type = types.port; - default = 9090; - example = 4242; - description = "The port on which SABnzbd will listen for incoming HTTP traffic"; - }; }; config = lib.mkIf cfg.enable { services.sabnzbd = { enable = true; group = "media"; - - # Don't warn about the config file - configFile = null; - # I want to configure servers outside of Nix - allowConfigWrite = true; - - settings = { - misc = { - host = "127.0.0.1"; - inherit (cfg) port; - }; - }; }; # Set-up media group @@ -38,7 +20,7 @@ in my.services.nginx.virtualHosts = { sabnzbd = { - inherit (cfg) port; + inherit port; }; }; diff --git a/modules/nixos/services/servarr/autobrr.nix b/modules/nixos/services/servarr/autobrr.nix deleted file mode 100644 index c3370cb8..00000000 --- a/modules/nixos/services/servarr/autobrr.nix +++ /dev/null @@ -1,63 +0,0 @@ -# IRC-based indexer -{ config, lib, ... }: -let - cfg = config.my.services.servarr.autobrr; -in -{ - options.my.services.servarr.autobrr = with lib; { - enable = mkEnableOption "autobrr IRC announce tracker" // { - default = config.my.services.servarr.enableAll; - }; - - port = mkOption { - type = types.port; - default = 7474; - example = 8080; - description = "Internal port for webui"; - }; - - sessionSecretFile = mkOption { - type = types.str; - example = "/run/secrets/autobrr-secret.txt"; - description = '' - File containing the session secret. - ''; - }; - }; - - config = lib.mkIf cfg.enable { - services.autobrr = { - enable = true; - - settings = { - inherit (cfg) port; - checkForUpdates = false; - }; - - secretFile = cfg.sessionSecretFile; - }; - - my.services.nginx.virtualHosts = { - autobrr = { - inherit (cfg) port; - websocketsLocations = [ "/api" ]; - }; - }; - - services.fail2ban.jails = { - autobrr = '' - enabled = true - filter = autobrr - action = iptables-allports - ''; - }; - - environment.etc = { - "fail2ban/filter.d/autobrr.conf".text = '' - [Definition] - failregex = "message":"Auth: Failed login attempt username: \[.*\] ip: " - journalmatch = _SYSTEMD_UNIT=autobrr.service - ''; - }; - }; -} diff --git a/modules/nixos/services/servarr/bazarr.nix b/modules/nixos/services/servarr/bazarr.nix deleted file mode 100644 index 637da0c7..00000000 --- a/modules/nixos/services/servarr/bazarr.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.my.services.servarr.bazarr; -in -{ - options.my.services.servarr.bazarr = with lib; { - enable = lib.mkEnableOption "Bazarr" // { - default = config.my.services.servarr.enableAll; - }; - - port = mkOption { - type = types.port; - default = 6767; - example = 8080; - description = "Internal port for webui"; - }; - }; - - config = lib.mkIf cfg.enable { - services.bazarr = { - enable = true; - group = "media"; - listenPort = cfg.port; - }; - - # Set-up media group - users.groups.media = { }; - - my.services.nginx.virtualHosts = { - bazarr = { - inherit (cfg) port; - }; - }; - - # Bazarr does not log authentication failures... - }; -} diff --git a/modules/nixos/services/servarr/cross-seed.nix b/modules/nixos/services/servarr/cross-seed.nix deleted file mode 100644 index 74f216ae..00000000 --- a/modules/nixos/services/servarr/cross-seed.nix +++ /dev/null @@ -1,96 +0,0 @@ -# Automatic cross-seeding for video media -{ config, lib, ... }: -let - cfg = config.my.services.servarr.cross-seed; -in -{ - options.my.services.servarr.cross-seed = with lib; { - enable = mkEnableOption "cross-seed daemon" // { - default = config.my.services.servarr.enableAll; - }; - - port = mkOption { - type = types.port; - default = 2468; - example = 8080; - description = "Internal port for daemon"; - }; - - linkDirectory = mkOption { - type = types.str; - default = "/data/downloads/complete/links"; - example = "/var/lib/cross-seed/links"; - description = "Link directory"; - }; - - secretSettingsFile = mkOption { - type = types.str; - example = "/run/secrets/cross-seed-secrets.json"; - description = '' - File containing secret settings. - ''; - }; - }; - - config = lib.mkIf cfg.enable { - services.cross-seed = { - enable = true; - group = "media"; - - # Rely on recommended defaults for tracker snatches etc... - useGenConfigDefaults = true; - - settings = { - inherit (cfg) port; - host = "127.0.0.1"; - - # Inject torrents to client directly - action = "inject"; - # Query the client for torrents to match - useClientTorrents = true; - # Use hardlinks - linkType = "hardlink"; - # Use configured link directory - linkDirs = [ cfg.linkDirectory ]; - # Match as many torrents as possible - matchMode = "partial"; - # Cross-seed full season if at least 50% of episodes are already downloaded - seasonFromEpisodes = 0.5; - }; - - settingsFile = cfg.secretSettingsFile; - }; - - systemd.services.cross-seed = { - serviceConfig = { - # Loose umask to make cross-seed links readable by `media` - UMask = "0002"; - }; - }; - - # Set-up media group - users.groups.media = { }; - - my.services.nginx.virtualHosts = { - cross-seed = { - inherit (cfg) port; - }; - }; - - services.fail2ban.jails = { - cross-seed = '' - enabled = true - filter = cross-seed - action = iptables-allports - ''; - }; - - environment.etc = { - "fail2ban/filter.d/cross-seed.conf".text = '' - [Definition] - failregex = ^.*Unauthorized API access attempt to .* from $ - journalmatch = _SYSTEMD_UNIT=cross-seed.service - ''; - }; - }; -} diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index dca57cf6..e25d9cfd 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -2,22 +2,99 @@ # Relevant link [1]. # # [1]: https://youtu.be/I26Ql-uX6AM -{ lib, ... }: -{ - imports = [ - ./autobrr.nix - ./bazarr.nix - ./cross-seed.nix - ./jackett.nix - ./nzbhydra.nix - ./prowlarr.nix - (import ./starr.nix "lidarr") - (import ./starr.nix "radarr") - (import ./starr.nix "readarr") - (import ./starr.nix "sonarr") - ]; +{ config, lib, ... }: +let + cfg = config.my.services.servarr; - options.my.services.servarr = { - enableAll = lib.mkEnableOption "media automation suite"; + ports = { + bazarr = 6767; + lidarr = 8686; + radarr = 7878; + readarr = 8787; + sonarr = 8989; }; + + mkService = service: { + services.${service} = { + enable = true; + group = "media"; + }; + }; + + mkRedirection = service: { + my.services.nginx.virtualHosts = { + ${service} = { + port = ports.${service}; + }; + }; + }; + + mkFail2Ban = service: lib.mkIf cfg.${service}.enable { + services.fail2ban.jails = { + ${service} = '' + enabled = true + filter = ${service} + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/${service}.conf".text = '' + [Definition] + failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ + journalmatch = _SYSTEMD_UNIT=${service}.service + ''; + }; + }; + + mkFullConfig = service: lib.mkIf cfg.${service}.enable (lib.mkMerge [ + (mkService service) + (mkRedirection service) + ]); +in +{ + options.my.services.servarr = { + enable = lib.mkEnableOption "Media automation"; + + bazarr = { + enable = lib.my.mkDisableOption "Bazarr"; + }; + + lidarr = { + enable = lib.my.mkDisableOption "Lidarr"; + }; + + radarr = { + enable = lib.my.mkDisableOption "Radarr"; + }; + + readarr = { + enable = lib.my.mkDisableOption "Readarr"; + }; + + sonarr = { + enable = lib.my.mkDisableOption "Sonarr"; + }; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + { + # Set-up media group + users.groups.media = { }; + } + # Bazarr does not log authentication failures... + (mkFullConfig "bazarr") + # Lidarr for music + (mkFullConfig "lidarr") + (mkFail2Ban "lidarr") + # Radarr for movies + (mkFullConfig "radarr") + (mkFail2Ban "radarr") + # Readarr for books + (mkFullConfig "readarr") + (mkFail2Ban "readarr") + # Sonarr for shows + (mkFullConfig "sonarr") + (mkFail2Ban "sonarr") + ]); } diff --git a/modules/nixos/services/servarr/jackett.nix b/modules/nixos/services/servarr/jackett.nix deleted file mode 100644 index 481cd3de..00000000 --- a/modules/nixos/services/servarr/jackett.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.my.services.servarr.jackett; -in -{ - options.my.services.servarr.jackett = with lib; { - enable = lib.mkEnableOption "Jackett" // { - default = config.my.services.servarr.enableAll; - }; - - port = mkOption { - type = types.port; - default = 9117; - example = 8080; - description = "Internal port for webui"; - }; - }; - - config = lib.mkIf cfg.enable { - services.jackett = { - enable = true; - inherit (cfg) port; - }; - - # Jackett wants to eat *all* my RAM if left to its own devices - systemd.services.jackett = { - serviceConfig = { - MemoryHigh = "15%"; - MemoryMax = "25%"; - }; - }; - - my.services.nginx.virtualHosts = { - jackett = { - inherit (cfg) port; - }; - }; - - # Jackett does not log authentication failures... - }; -} diff --git a/modules/nixos/services/servarr/nzbhydra.nix b/modules/nixos/services/servarr/nzbhydra.nix deleted file mode 100644 index 7b639869..00000000 --- a/modules/nixos/services/servarr/nzbhydra.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.my.services.servarr.nzbhydra; -in -{ - options.my.services.servarr.nzbhydra = with lib; { - enable = lib.mkEnableOption "NZBHydra2" // { - default = config.my.services.servarr.enableAll; - }; - }; - - config = lib.mkIf cfg.enable { - services.nzbhydra2 = { - enable = true; - }; - - my.services.nginx.virtualHosts = { - nzbhydra = { - port = 5076; - websocketsLocations = [ "/" ]; - }; - }; - - # NZBHydra2 does not log authentication failures... - }; -} diff --git a/modules/nixos/services/servarr/prowlarr.nix b/modules/nixos/services/servarr/prowlarr.nix deleted file mode 100644 index ce044c63..00000000 --- a/modules/nixos/services/servarr/prowlarr.nix +++ /dev/null @@ -1,53 +0,0 @@ -# Torrent and NZB indexer -{ config, lib, ... }: -let - cfg = config.my.services.servarr.prowlarr; -in -{ - options.my.services.servarr.prowlarr = with lib; { - enable = lib.mkEnableOption "Prowlarr" // { - default = config.my.services.servarr.enableAll; - }; - - port = mkOption { - type = types.port; - default = 9696; - example = 8080; - description = "Internal port for webui"; - }; - }; - - config = lib.mkIf cfg.enable { - services.prowlarr = { - enable = true; - - settings = { - server = { - port = cfg.port; - }; - }; - }; - - my.services.nginx.virtualHosts = { - prowlarr = { - inherit (cfg) port; - }; - }; - - services.fail2ban.jails = { - prowlarr = '' - enabled = true - filter = prowlarr - action = iptables-allports - ''; - }; - - environment.etc = { - "fail2ban/filter.d/prowlarr.conf".text = '' - [Definition] - failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ - journalmatch = _SYSTEMD_UNIT=prowlarr.service - ''; - }; - }; -} diff --git a/modules/nixos/services/servarr/starr.nix b/modules/nixos/services/servarr/starr.nix deleted file mode 100644 index 2bf7c114..00000000 --- a/modules/nixos/services/servarr/starr.nix +++ /dev/null @@ -1,64 +0,0 @@ -# Templated *arr configuration -starr: -{ config, lib, ... }: -let - cfg = config.my.services.servarr.${starr}; - ports = { - lidarr = 8686; - radarr = 7878; - readarr = 8787; - sonarr = 8989; - }; -in -{ - options.my.services.servarr.${starr} = with lib; { - enable = lib.mkEnableOption (lib.toSentenceCase starr) // { - default = config.my.services.servarr.enableAll; - }; - - port = mkOption { - type = types.port; - default = ports.${starr}; - example = 8080; - description = "Internal port for webui"; - }; - }; - - config = lib.mkIf cfg.enable { - services.${starr} = { - enable = true; - group = "media"; - - settings = { - server = { - port = cfg.port; - }; - }; - }; - - # Set-up media group - users.groups.media = { }; - - my.services.nginx.virtualHosts = { - ${starr} = { - port = cfg.port; - }; - }; - - services.fail2ban.jails = { - ${starr} = '' - enabled = true - filter = ${starr} - action = iptables-allports - ''; - }; - - environment.etc = { - "fail2ban/filter.d/${starr}.conf".text = '' - [Definition] - failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ - journalmatch = _SYSTEMD_UNIT=${starr}.service - ''; - }; - }; -} diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix index 4b4ed1a0..3447beee 100644 --- a/modules/nixos/services/tandoor-recipes/default.nix +++ b/modules/nixos/services/tandoor-recipes/default.nix @@ -26,16 +26,18 @@ in services.tandoor-recipes = { enable = true; - database = { - createLocally = true; - }; - port = cfg.port; extraConfig = let tandoorRecipesDomain = "recipes.${config.networking.domain}"; in { + # Use PostgreSQL + DB_ENGINE = "django.db.backends.postgresql"; + POSTGRES_HOST = "/run/postgresql"; + POSTGRES_USER = "tandoor_recipes"; + POSTGRES_DB = "tandoor_recipes"; + # Security settings ALLOWED_HOSTS = tandoorRecipesDomain; CSRF_TRUSTED_ORIGINS = "https://${tandoorRecipesDomain}"; @@ -47,12 +49,27 @@ in systemd.services = { tandoor-recipes = { + after = [ "postgresql.service" ]; + requires = [ "postgresql.service" ]; + serviceConfig = { EnvironmentFile = cfg.secretKeyFile; }; }; }; + # Set-up database + services.postgresql = { + enable = true; + ensureDatabases = [ "tandoor_recipes" ]; + ensureUsers = [ + { + name = "tandoor_recipes"; + ensureDBOwnership = true; + } + ]; + }; + my.services.nginx.virtualHosts = { recipes = { inherit (cfg) port; diff --git a/modules/nixos/services/thelounge/default.nix b/modules/nixos/services/thelounge/default.nix deleted file mode 100644 index e224839e..00000000 --- a/modules/nixos/services/thelounge/default.nix +++ /dev/null @@ -1,59 +0,0 @@ -# Web IRC client -{ config, lib, ... }: -let - cfg = config.my.services.thelounge; -in -{ - options.my.services.thelounge = with lib; { - enable = mkEnableOption "The Lounge, a self-hosted web IRC client"; - - port = mkOption { - type = types.port; - default = 9050; - example = 4242; - description = "The port on which The Lounge will listen for incoming HTTP traffic."; - }; - }; - - config = lib.mkIf cfg.enable { - services.thelounge = { - enable = true; - inherit (cfg) port; - - extraConfig = { - reverseProxy = true; - }; - }; - - my.services.nginx.virtualHosts = { - irc = { - inherit (cfg) port; - # Proxy websockets for RPC - websocketsLocations = [ "/" ]; - - extraConfig = { - locations."/".extraConfig = '' - proxy_read_timeout 1d; - ''; - }; - }; - }; - - services.fail2ban.jails = { - thelounge = '' - enabled = true - filter = thelounge - port = http,https - ''; - }; - - environment.etc = { - "fail2ban/filter.d/thelounge.conf".text = '' - [Definition] - failregex = Authentication failed for user .* from $ - Authentication for non existing user attempted from $ - journalmatch = _SYSTEMD_UNIT=thelounge.service - ''; - }; - }; -} diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index 6a7fbc72..ac8b24dd 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -47,7 +47,6 @@ in enable = true; package = pkgs.transmission_4; group = "media"; - webHome = pkgs.trgui-ng-web; downloadDirPermissions = "775"; @@ -66,19 +65,13 @@ in # Proxied behind Nginx. rpc-whitelist-enabled = true; rpc-whitelist = "127.0.0.1"; - - umask = "002"; # To go with `downloadDirPermissions` }; }; + # Transmission wants to eat *all* my RAM if left to its own devices systemd.services.transmission = { serviceConfig = { - # Transmission wants to eat *all* my RAM if left to its own devices MemoryMax = "33%"; - # Avoid errors due to high number of open files. - LimitNOFILE = 1048576; - # Longer stop timeout to finish all torrents - TimeoutStopSec = "5m"; }; }; diff --git a/modules/nixos/services/woodpecker/server/default.nix b/modules/nixos/services/woodpecker/server/default.nix index caf0179c..adf533e8 100644 --- a/modules/nixos/services/woodpecker/server/default.nix +++ b/modules/nixos/services/woodpecker/server/default.nix @@ -24,8 +24,8 @@ in }; systemd.services.woodpecker-server = { - after = [ "postgresql.target" ]; - requires = [ "postgresql.target" ]; + after = [ "postgresql.service" ]; + requires = [ "postgresql.service" ]; serviceConfig = { # Set username for DB access diff --git a/overlays/downgrade-transmission/default.nix b/overlays/downgrade-transmission/default.nix index 9fc6d140..9d3fc8ae 100644 --- a/overlays/downgrade-transmission/default.nix +++ b/overlays/downgrade-transmission/default.nix @@ -1,7 +1,14 @@ -self: _prev: +self: prev: { - transmission_4 = self.callPackage ./transmission_4.nix { - fmt = self.fmt_9; - libutp = self.libutp_3_4; - }; + transmission_4 = prev.transmission_4.overrideAttrs (_: { + version = "4.0.5"; + + src = self.fetchFromGitHub { + owner = "transmission"; + repo = "transmission"; + rev = "4.0.5"; + hash = "sha256-gd1LGAhMuSyC/19wxkoE2mqVozjGPfupIPGojKY0Hn4="; + fetchSubmodules = true; + }; + }); } diff --git a/overlays/downgrade-transmission/transmission_4.nix b/overlays/downgrade-transmission/transmission_4.nix deleted file mode 100644 index a49f6b9b..00000000 --- a/overlays/downgrade-transmission/transmission_4.nix +++ /dev/null @@ -1,232 +0,0 @@ -{ stdenv -, lib -, fetchFromGitHub -, fetchpatch2 -, cmake -, pkg-config -, python3 -, openssl -, curl -, libevent -, inotify-tools -, systemd -, zlib -, pcre -, libb64 -, libutp -, libdeflate -, utf8cpp -, fast-float -, fmt -, libpsl -, miniupnpc -, dht -, libnatpmp -, # Build options - enableGTK3 ? false -, gtkmm3 -, libpthread-stubs -, wrapGAppsHook3 -, enableQt5 ? false -, enableQt6 ? false -, qt5 -, qt6Packages -, nixosTests -, enableSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd -, enableDaemon ? true -, enableCli ? true -, installLib ? false -, apparmorRulesFromClosure -}: - -let - inherit (lib) cmakeBool optionals; - - apparmorRules = apparmorRulesFromClosure { name = "transmission-daemon"; } ( - [ - curl - libdeflate - libevent - libnatpmp - libpsl - miniupnpc - openssl - pcre - zlib - ] - ++ optionals enableSystemd [ systemd ] - ++ optionals stdenv.hostPlatform.isLinux [ inotify-tools ] - ); - -in -stdenv.mkDerivation (finalAttrs: { - pname = "transmission"; - version = "4.0.5"; - - src = fetchFromGitHub { - owner = "transmission"; - repo = "transmission"; - rev = finalAttrs.version; - hash = "sha256-gd1LGAhMuSyC/19wxkoE2mqVozjGPfupIPGojKY0Hn4="; - fetchSubmodules = true; - }; - - patches = [ - (fetchpatch2 { - url = "https://github.com/transmission/transmission/commit/febfe49ca3ecab1a7142ecb34012c1f0b2bcdee8.patch?full_index=1"; - hash = "sha256-Ge0+AXf/ilfMieGBAdvvImY7JOb0gGIdeKprC37AROs="; - excludes = [ - # The submodule that we don't use (we use our miniupnp) - "third-party/miniupnp" - # Hunk fails for this one, but we don't care because we don't rely upon - # xcode definitions even for the Darwin build. - "Transmission.xcodeproj/project.pbxproj" - ]; - }) - ]; - - outputs = [ - "out" - "apparmor" - ]; - - cmakeFlags = [ - (cmakeBool "ENABLE_CLI" enableCli) - (cmakeBool "ENABLE_DAEMON" enableDaemon) - (cmakeBool "ENABLE_GTK" enableGTK3) - (cmakeBool "ENABLE_MAC" false) # requires xcodebuild - (cmakeBool "ENABLE_QT" (enableQt5 || enableQt6)) - (cmakeBool "INSTALL_LIB" installLib) - ] - ++ optionals stdenv.hostPlatform.isDarwin [ - # Transmission sets this to 10.13 if not explicitly specified, see https://github.com/transmission/transmission/blob/0be7091eb12f4eb55f6690f313ef70a66795ee72/CMakeLists.txt#L7-L16. - "-DCMAKE_OSX_DEPLOYMENT_TARGET=${stdenv.hostPlatform.darwinMinVersion}" - ]; - - postPatch = '' - # Clean third-party libraries to ensure system ones are used. - # Excluding gtest since it is hardcoded to vendored version. The rest of the listed libraries are not packaged. - pushd third-party - for f in *; do - if [[ ! $f =~ googletest|wildmat|wide-integer|jsonsl ]]; then - rm -r "$f" - fi - done - popd - rm \ - cmake/FindFastFloat.cmake \ - cmake/FindFmt.cmake \ - cmake/FindUtfCpp.cmake - # Upstream uses different config file name. - substituteInPlace CMakeLists.txt --replace 'find_package(UtfCpp)' 'find_package(utf8cpp)' - - # Use gettext even on Darwin - substituteInPlace libtransmission/utils.h \ - --replace-fail '#if defined(HAVE_GETTEXT) && !defined(__APPLE__)' '#if defined(HAVE_GETTEXT)' - ''; - - nativeBuildInputs = [ - pkg-config - cmake - python3 - ] - ++ optionals enableGTK3 [ wrapGAppsHook3 ] - ++ optionals enableQt5 [ qt5.wrapQtAppsHook ] - ++ optionals enableQt6 [ qt6Packages.wrapQtAppsHook ]; - - buildInputs = [ - curl - dht - fast-float - fmt - libb64 - libdeflate - libevent - libnatpmp - libpsl - libutp - miniupnpc - openssl - pcre - utf8cpp - zlib - ] - ++ optionals enableQt5 ( - with qt5; - [ - qttools - qtbase - ] - ) - ++ optionals enableQt6 ( - with qt6Packages; - [ - qttools - qtbase - qtsvg - ] - ) - ++ optionals enableGTK3 [ - gtkmm3 - libpthread-stubs - ] - ++ optionals enableSystemd [ systemd ] - ++ optionals stdenv.hostPlatform.isLinux [ inotify-tools ]; - - postInstall = '' - mkdir $apparmor - cat >$apparmor/bin.transmission-daemon <, - include - profile $out/bin/transmission-daemon { - include - include - include - include "${apparmorRules}" - @{PROC}/sys/kernel/random/uuid r, - @{PROC}/sys/vm/overcommit_memory r, - @{PROC}/@{pid}/environ r, - @{PROC}/@{pid}/mounts r, - /tmp/tr_session_id_* rwk, - - $out/share/transmission/public_html/** r, - - include if exists - } - EOF - install -Dm0444 -t $out/share/icons ../qt/icons/transmission.svg - ''; - - passthru.tests = { - apparmor = nixosTests.transmission_4; # starts the service with apparmor enabled - smoke-test = nixosTests.bittorrent; - }; - - meta = { - description = "Fast, easy and free BitTorrent client"; - mainProgram = - if (enableQt5 || enableQt6) then - "transmission-qt" - else if enableGTK3 then - "transmission-gtk" - else - "transmission-cli"; - longDescription = '' - Transmission is a BitTorrent client which features a simple interface - on top of a cross-platform back-end. - Feature spotlight: - * Uses fewer resources than other clients - * Native Mac, GTK and Qt GUI clients - * Daemon ideal for servers, embedded systems, and headless use - * All these can be remote controlled by Web and Terminal clients - * Bluetack (PeerGuardian) blocklists with automatic updates - * Full encryption, DHT, and PEX support - ''; - homepage = "https://www.transmissionbt.com/"; - license = with lib.licenses; [ - gpl2Plus - mit - ]; - platforms = lib.platforms.unix; - }; -}) diff --git a/pkgs/comma/comma b/pkgs/comma/comma index b03a7f24..4367a267 100755 --- a/pkgs/comma/comma +++ b/pkgs/comma/comma @@ -12,9 +12,9 @@ usage() { find_program() { local CANDIDATE - CANDIDATE="$(nix-locate --minimal --at-root --whole-name "/bin/$1")" + CANDIDATE="$(nix-locate --top-level --minimal --at-root --whole-name "/bin/$1")" if [ "$(printf '%s\n' "$CANDIDATE" | wc -l)" -gt 1 ]; then - CANDIDATE="$(printf '%s' "$CANDIDATE" | "${COMMA_PICKER:-fzf-tmux}")" + CANDIDATE="$(printf '%s' "$CANDIDATE" | fzf-tmux)" fi printf '%s' "$CANDIDATE" } diff --git a/pkgs/i3-get-window-criteria/default.nix b/pkgs/i3-get-window-criteria/default.nix index cba51944..2fc840dc 100644 --- a/pkgs/i3-get-window-criteria/default.nix +++ b/pkgs/i3-get-window-criteria/default.nix @@ -1,4 +1,4 @@ -{ lib, coreutils, gnused, makeWrapper, stdenvNoCC, xprop, xwininfo }: +{ lib, coreutils, gnused, makeWrapper, stdenvNoCC, xorg }: stdenvNoCC.mkDerivation rec { pname = "i3-get-window-criteria"; version = "0.1.0"; @@ -22,8 +22,8 @@ stdenvNoCC.mkDerivation rec { wrapperPath = lib.makeBinPath [ coreutils gnused - xprop - xwininfo + xorg.xprop + xorg.xwininfo ]; fixupPhase = '' diff --git a/pkgs/lohr/default.nix b/pkgs/lohr/default.nix index d8545e0d..aeb13b1a 100644 --- a/pkgs/lohr/default.nix +++ b/pkgs/lohr/default.nix @@ -10,6 +10,7 @@ rustPlatform.buildRustPackage rec { hash = "sha256-dunQgtap+XCK5LoSyOqIY/6p6HizBeiyPWNuCffwjDU="; }; + useFetchCargoVendor = true; cargoHash = "sha256-R3/N/43+bGx6acE/rhBcrk6kS5zQu8NJ1sVvKJJkK9w="; meta = with lib; { diff --git a/templates/c++-cmake/flake.nix b/templates/c++-cmake/flake.nix index 7796f5e5..db3b35c1 100644 --- a/templates/c++-cmake/flake.nix +++ b/templates/c++-cmake/flake.nix @@ -16,18 +16,19 @@ ref = "nixos-unstable"; }; - git-hooks = { + pre-commit-hooks = { type = "github"; owner = "cachix"; - repo = "git-hooks.nix"; + repo = "pre-commit-hooks.nix"; ref = "master"; inputs = { + flake-utils.follows = "futils"; nixpkgs.follows = "nixpkgs"; }; }; }; - outputs = { self, futils, nixpkgs, git-hooks }: + outputs = { self, futils, nixpkgs, pre-commit-hooks }: { overlays = { default = final: _prev: { @@ -68,7 +69,7 @@ ]; }; - pre-commit = git-hooks.lib.${system}.run { + pre-commit = pre-commit-hooks.lib.${system}.run { src = self; hooks = { @@ -91,12 +92,12 @@ devShells = { default = pkgs.mkShell { - inputsFrom = [ - self.packages.${system}.project + inputsFrom = with self.packages.${system}; [ + project ]; packages = with pkgs; [ - self.checks.${system}.pre-commit.enabledPackages + clang-tools ]; inherit (pre-commit) shellHook; diff --git a/templates/c++-meson/flake.nix b/templates/c++-meson/flake.nix index cb14eb56..5957c621 100644 --- a/templates/c++-meson/flake.nix +++ b/templates/c++-meson/flake.nix @@ -16,18 +16,19 @@ ref = "nixos-unstable"; }; - git-hooks = { + pre-commit-hooks = { type = "github"; owner = "cachix"; - repo = "git-hooks.nix"; + repo = "pre-commit-hooks.nix"; ref = "master"; inputs = { + flake-utils.follows = "futils"; nixpkgs.follows = "nixpkgs"; }; }; }; - outputs = { self, futils, nixpkgs, git-hooks }: + outputs = { self, futils, nixpkgs, pre-commit-hooks }: { overlays = { default = final: _prev: { @@ -68,7 +69,7 @@ ]; }; - pre-commit = git-hooks.lib.${system}.run { + pre-commit = pre-commit-hooks.lib.${system}.run { src = self; hooks = { @@ -91,12 +92,12 @@ devShells = { default = pkgs.mkShell { - inputsFrom = [ - self.packages.${system}.project + inputsFrom = with self.packages.${system}; [ + project ]; packages = with pkgs; [ - self.checks.${system}.pre-commit.enabledPackages + clang-tools ]; inherit (pre-commit) shellHook; diff --git a/templates/default.nix b/templates/default.nix index 51864cda..44db753a 100644 --- a/templates/default.nix +++ b/templates/default.nix @@ -7,10 +7,6 @@ path = ./c++-meson; description = "A C++ project using Meson"; }; - "python-uv" = { - path = ./python-uv; - description = "A Python project using uv"; - }; "rust-cargo" = { path = ./rust-cargo; description = "A Rust project using Cargo"; diff --git a/templates/python-uv/.envrc b/templates/python-uv/.envrc deleted file mode 100644 index 390d06d4..00000000 --- a/templates/python-uv/.envrc +++ /dev/null @@ -1,6 +0,0 @@ -# shellcheck shell=bash -if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then - source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" -fi - -use flake diff --git a/templates/python-uv/.gitignore b/templates/python-uv/.gitignore deleted file mode 100644 index c79d1e89..00000000 --- a/templates/python-uv/.gitignore +++ /dev/null @@ -1,6 +0,0 @@ -# Virtual environments -.venv - -# Nix generated files -/.pre-commit-config.yaml -/result diff --git a/templates/python-uv/.woodpecker/check.yml b/templates/python-uv/.woodpecker/check.yml deleted file mode 100644 index 272c0e43..00000000 --- a/templates/python-uv/.woodpecker/check.yml +++ /dev/null @@ -1,31 +0,0 @@ -labels: - backend: local - -steps: -- name: pre-commit check - image: bash - commands: - - nix develop --command pre-commit run --all - -- name: nix flake check - image: bash - commands: - - nix flake check - -- name: notify - image: bash - environment: - ADDRESS: - from_secret: matrix_homeserver - ROOM: - from_secret: matrix_roomid - USER: - from_secret: matrix_username - PASS: - from_secret: matrix_password - commands: - - nix run github:ambroisie/matrix-notifier - when: - status: - - failure - - success diff --git a/templates/python-uv/flake.nix b/templates/python-uv/flake.nix deleted file mode 100644 index 5059e646..00000000 --- a/templates/python-uv/flake.nix +++ /dev/null @@ -1,112 +0,0 @@ -{ - description = "A Python project"; - - inputs = { - futils = { - type = "github"; - owner = "numtide"; - repo = "flake-utils"; - ref = "main"; - }; - - nixpkgs = { - type = "github"; - owner = "NixOS"; - repo = "nixpkgs"; - ref = "nixos-unstable"; - }; - - git-hooks = { - type = "github"; - owner = "cachix"; - repo = "git-hooks.nix"; - ref = "master"; - inputs = { - nixpkgs.follows = "nixpkgs"; - }; - }; - }; - - outputs = { self, futils, nixpkgs, git-hooks }: - { - overlays = { - default = final: _prev: { - project = with final; python3.pkgs.buildPythonApplication { - pname = "project"; - version = (final.lib.importTOML ./pyproject.toml).project.version; - pyproject = true; - - src = self; - - build-system = with python3.pkgs; [ setuptools ]; - - pythonImportsCheck = [ "project" ]; - - meta = with lib; { - description = "A Python project"; - homepage = "https://git.belanyi.fr/ambroisie/project"; - license = licenses.mit; - maintainers = with maintainers; [ ambroisie ]; - }; - }; - }; - }; - } // futils.lib.eachDefaultSystem (system: - let - pkgs = import nixpkgs { - inherit system; - overlays = [ - self.overlays.default - ]; - }; - - pre-commit = git-hooks.lib.${system}.run { - src = self; - - hooks = { - mypy = { - enable = true; - }; - - nixpkgs-fmt = { - enable = true; - }; - - ruff = { - enable = true; - }; - - ruff-format = { - enable = true; - }; - }; - }; - in - { - checks = { - inherit (self.packages.${system}) project; - - inherit pre-commit; - }; - - devShells = { - default = pkgs.mkShell { - inputsFrom = [ - self.packages.${system}.project - ]; - - packages = with pkgs; [ - uv - self.checks.${system}.pre-commit.enabledPackages - ]; - - inherit (pre-commit) shellHook; - }; - }; - - packages = futils.lib.flattenTree { - default = pkgs.project; - inherit (pkgs) project; - }; - }); -} diff --git a/templates/python-uv/pyproject.toml b/templates/python-uv/pyproject.toml deleted file mode 100644 index 7b2d896d..00000000 --- a/templates/python-uv/pyproject.toml +++ /dev/null @@ -1,17 +0,0 @@ -[build-system] -requires = ["setuptools"] -build-backend = "setuptools.build_meta" - - -[project] -name = "project" -version = "0.0.0" -description = "project description" -requires-python = ">=3.12" -dependencies = [] - -[project.scripts] -project = "project:main" - -[dependency-groups] -dev = [] diff --git a/templates/python-uv/src/project/__init__.py b/templates/python-uv/src/project/__init__.py deleted file mode 100644 index b06117df..00000000 --- a/templates/python-uv/src/project/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -def main() -> None: - print("Hello, world!") diff --git a/templates/rust-cargo/flake.nix b/templates/rust-cargo/flake.nix index efd8358d..6d50369d 100644 --- a/templates/rust-cargo/flake.nix +++ b/templates/rust-cargo/flake.nix @@ -16,18 +16,19 @@ ref = "nixos-unstable"; }; - git-hooks = { + pre-commit-hooks = { type = "github"; owner = "cachix"; - repo = "git-hooks.nix"; + repo = "pre-commit-hooks.nix"; ref = "master"; inputs = { + flake-utils.follows = "futils"; nixpkgs.follows = "nixpkgs"; }; }; }; - outputs = { self, futils, nixpkgs, git-hooks }: + outputs = { self, futils, nixpkgs, pre-commit-hooks }: { overlays = { default = final: _prev: { @@ -59,7 +60,7 @@ ]; }; - pre-commit = git-hooks.lib.${system}.run { + pre-commit = pre-commit-hooks.lib.${system}.run { src = self; hooks = { @@ -87,13 +88,14 @@ devShells = { default = pkgs.mkShell { - inputsFrom = [ - self.packages.${system}.project + inputsFrom = with self.packages.${system}; [ + project ]; packages = with pkgs; [ + clippy rust-analyzer - self.checks.${system}.pre-commit.enabledPackages + rustfmt ]; RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}";