From f7dd3bbd0438c0841cd0b7eb4cab9645367916e2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 4 Apr 2025 15:25:29 +0000 Subject: [PATCH 001/160] home: vim: completion: use 'vim.snippet' I don't use any of the advanced features from `LuaSnip` anyway, might as well rely on the built-in one instead and shave some dependencies. --- modules/home/vim/default.nix | 2 -- modules/home/vim/plugin/settings/completion.lua | 12 +++++------- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 20a74fff..75b8447a 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -65,14 +65,12 @@ in plenary-nvim # 'null-ls', 'telescope' dependency # Completion - luasnip # Snippet manager compatible with LSP nvim-cmp # Completion engine cmp-async-path # More responsive path completion cmp-buffer # Words from open buffers cmp-nvim-lsp # LSP suggestions cmp-nvim-lua # NeoVim lua API cmp-under-comparator # Sort items that start with '_' lower - cmp_luasnip # Snippet suggestions from LuaSnip # UX improvements dressing-nvim # Integrate native UI hooks with Telescope etc... diff --git a/modules/home/vim/plugin/settings/completion.lua b/modules/home/vim/plugin/settings/completion.lua index 0ed8c7f1..d50152a9 100644 --- a/modules/home/vim/plugin/settings/completion.lua +++ b/modules/home/vim/plugin/settings/completion.lua @@ -3,25 +3,24 @@ vim.opt.completeopt = { "menu", "menuone", "noselect" } local cmp = require("cmp") local cmp_under_comparator = require("cmp-under-comparator") -local luasnip = require("luasnip") cmp.setup({ snippet = { expand = function(args) - luasnip.lsp_expand(args.body) + vim.snippet.expand(args.body) end, }, mapping = { [""] = function(fallback) - if luasnip.expand_or_jumpable() then - luasnip.expand_or_jump() + if vim.snippet.active({ direction = 1 }) then + vim.snippet.jump(1) else fallback() end end, [""] = function(fallback) - if luasnip.jumpable(-1) then - luasnip.jump(-1) + if vim.snippet.active({ direction = -1 }) then + vim.snippet.jump(-1) else fallback() end @@ -40,7 +39,6 @@ cmp.setup({ { name = "async_path", priority_weight = 110 }, { name = "nvim_lsp", priority_weight = 100 }, { name = "nvim_lua", priority_weight = 90 }, - { name = "luasnip", priority_weight = 80 }, { name = "buffer", max_item_count = 5, priority_weight = 50 }, }, sorting = { From 53569f17a6850d00856ad4788516ff947f8907ad Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 5 Apr 2025 18:27:04 +0100 Subject: [PATCH 002/160] treewide: pre-commit-hooks.nix renaming --- flake.lock | 50 +++++++++++++++++----------------- flake.nix | 4 +-- flake/checks.nix | 2 +- templates/c++-cmake/flake.nix | 8 +++--- templates/c++-meson/flake.nix | 8 +++--- templates/rust-cargo/flake.nix | 8 +++--- 6 files changed, 40 insertions(+), 40 deletions(-) diff --git a/flake.lock b/flake.lock index a2d931a0..353a3923 100644 --- a/flake.lock +++ b/flake.lock @@ -108,10 +108,33 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "master", + "repo": "git-hooks.nix", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ - "pre-commit-hooks", + "git-hooks", "nixpkgs" ] }, @@ -191,38 +214,15 @@ "type": "github" } }, - "pre-commit-hooks": { - "inputs": { - "flake-compat": "flake-compat", - "gitignore": "gitignore", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1742649964, - "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", - "type": "github" - }, - "original": { - "owner": "cachix", - "ref": "master", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", "flake-parts": "flake-parts", "futils": "futils", + "git-hooks": "git-hooks", "home-manager": "home-manager", "nixpkgs": "nixpkgs", "nur": "nur", - "pre-commit-hooks": "pre-commit-hooks", "systems": "systems" } }, diff --git a/flake.nix b/flake.nix index afd3c805..50767290 100644 --- a/flake.nix +++ b/flake.nix @@ -61,10 +61,10 @@ }; }; - pre-commit-hooks = { + git-hooks = { type = "github"; owner = "cachix"; - repo = "pre-commit-hooks.nix"; + repo = "git-hooks.nix"; ref = "master"; inputs = { nixpkgs.follows = "nixpkgs"; diff --git a/flake/checks.nix b/flake/checks.nix index 98e49bd5..73e64d52 100644 --- a/flake/checks.nix +++ b/flake/checks.nix @@ -1,7 +1,7 @@ { inputs, ... }: { imports = [ - inputs.pre-commit-hooks.flakeModule + inputs.git-hooks.flakeModule ]; perSystem = { ... }: { diff --git a/templates/c++-cmake/flake.nix b/templates/c++-cmake/flake.nix index db3b35c1..36fd5ad6 100644 --- a/templates/c++-cmake/flake.nix +++ b/templates/c++-cmake/flake.nix @@ -16,10 +16,10 @@ ref = "nixos-unstable"; }; - pre-commit-hooks = { + git-hooks = { type = "github"; owner = "cachix"; - repo = "pre-commit-hooks.nix"; + repo = "git-hooks.nix"; ref = "master"; inputs = { flake-utils.follows = "futils"; @@ -28,7 +28,7 @@ }; }; - outputs = { self, futils, nixpkgs, pre-commit-hooks }: + outputs = { self, futils, nixpkgs, git-hooks }: { overlays = { default = final: _prev: { @@ -69,7 +69,7 @@ ]; }; - pre-commit = pre-commit-hooks.lib.${system}.run { + pre-commit = git-hooks.lib.${system}.run { src = self; hooks = { diff --git a/templates/c++-meson/flake.nix b/templates/c++-meson/flake.nix index 5957c621..961ba1fb 100644 --- a/templates/c++-meson/flake.nix +++ b/templates/c++-meson/flake.nix @@ -16,10 +16,10 @@ ref = "nixos-unstable"; }; - pre-commit-hooks = { + git-hooks = { type = "github"; owner = "cachix"; - repo = "pre-commit-hooks.nix"; + repo = "git-hooks.nix"; ref = "master"; inputs = { flake-utils.follows = "futils"; @@ -28,7 +28,7 @@ }; }; - outputs = { self, futils, nixpkgs, pre-commit-hooks }: + outputs = { self, futils, nixpkgs, git-hooks }: { overlays = { default = final: _prev: { @@ -69,7 +69,7 @@ ]; }; - pre-commit = pre-commit-hooks.lib.${system}.run { + pre-commit = git-hooks.lib.${system}.run { src = self; hooks = { diff --git a/templates/rust-cargo/flake.nix b/templates/rust-cargo/flake.nix index 6d50369d..b9031d91 100644 --- a/templates/rust-cargo/flake.nix +++ b/templates/rust-cargo/flake.nix @@ -16,10 +16,10 @@ ref = "nixos-unstable"; }; - pre-commit-hooks = { + git-hooks = { type = "github"; owner = "cachix"; - repo = "pre-commit-hooks.nix"; + repo = "git-hooks.nix"; ref = "master"; inputs = { flake-utils.follows = "futils"; @@ -28,7 +28,7 @@ }; }; - outputs = { self, futils, nixpkgs, pre-commit-hooks }: + outputs = { self, futils, nixpkgs, git-hooks }: { overlays = { default = final: _prev: { @@ -60,7 +60,7 @@ ]; }; - pre-commit = pre-commit-hooks.lib.${system}.run { + pre-commit = git-hooks.lib.${system}.run { src = self; hooks = { From 418494004b3479f0e523d3f72eb995aab8dddf41 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 5 Apr 2025 18:29:51 +0100 Subject: [PATCH 003/160] templates: use 'pre-commit.enabledPackages' --- templates/c++-cmake/flake.nix | 6 +++--- templates/c++-meson/flake.nix | 6 +++--- templates/rust-cargo/flake.nix | 7 +++---- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/templates/c++-cmake/flake.nix b/templates/c++-cmake/flake.nix index 36fd5ad6..eecb0070 100644 --- a/templates/c++-cmake/flake.nix +++ b/templates/c++-cmake/flake.nix @@ -92,12 +92,12 @@ devShells = { default = pkgs.mkShell { - inputsFrom = with self.packages.${system}; [ - project + inputsFrom = [ + self.packages.${system}.project ]; packages = with pkgs; [ - clang-tools + self.checks.${system}.pre-commit.enabledPackages ]; inherit (pre-commit) shellHook; diff --git a/templates/c++-meson/flake.nix b/templates/c++-meson/flake.nix index 961ba1fb..a4357772 100644 --- a/templates/c++-meson/flake.nix +++ b/templates/c++-meson/flake.nix @@ -92,12 +92,12 @@ devShells = { default = pkgs.mkShell { - inputsFrom = with self.packages.${system}; [ - project + inputsFrom = [ + self.packages.${system}.project ]; packages = with pkgs; [ - clang-tools + self.checks.${system}.pre-commit.enabledPackages ]; inherit (pre-commit) shellHook; diff --git a/templates/rust-cargo/flake.nix b/templates/rust-cargo/flake.nix index b9031d91..502d902e 100644 --- a/templates/rust-cargo/flake.nix +++ b/templates/rust-cargo/flake.nix @@ -88,14 +88,13 @@ devShells = { default = pkgs.mkShell { - inputsFrom = with self.packages.${system}; [ - project + inputsFrom = [ + self.packages.${system}.project ]; packages = with pkgs; [ - clippy rust-analyzer - rustfmt + self.checks.${system}.pre-commit.enabledPackages ]; RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}"; From 62ddec5c2346959e395b42775fbd82284bc8886f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 5 Apr 2025 18:46:14 +0100 Subject: [PATCH 004/160] templates: remove unused 'follows' --- templates/c++-cmake/flake.nix | 1 - templates/c++-meson/flake.nix | 1 - templates/rust-cargo/flake.nix | 1 - 3 files changed, 3 deletions(-) diff --git a/templates/c++-cmake/flake.nix b/templates/c++-cmake/flake.nix index eecb0070..7796f5e5 100644 --- a/templates/c++-cmake/flake.nix +++ b/templates/c++-cmake/flake.nix @@ -22,7 +22,6 @@ repo = "git-hooks.nix"; ref = "master"; inputs = { - flake-utils.follows = "futils"; nixpkgs.follows = "nixpkgs"; }; }; diff --git a/templates/c++-meson/flake.nix b/templates/c++-meson/flake.nix index a4357772..cb14eb56 100644 --- a/templates/c++-meson/flake.nix +++ b/templates/c++-meson/flake.nix @@ -22,7 +22,6 @@ repo = "git-hooks.nix"; ref = "master"; inputs = { - flake-utils.follows = "futils"; nixpkgs.follows = "nixpkgs"; }; }; diff --git a/templates/rust-cargo/flake.nix b/templates/rust-cargo/flake.nix index 502d902e..efd8358d 100644 --- a/templates/rust-cargo/flake.nix +++ b/templates/rust-cargo/flake.nix @@ -22,7 +22,6 @@ repo = "git-hooks.nix"; ref = "master"; inputs = { - flake-utils.follows = "futils"; nixpkgs.follows = "nixpkgs"; }; }; From ca98b8367c2ae384acd56271696f9a57de7f82f8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 5 Apr 2025 18:18:06 +0100 Subject: [PATCH 005/160] templates: add python-uv --- templates/default.nix | 4 + templates/python-uv/.envrc | 6 ++ templates/python-uv/.gitignore | 6 ++ templates/python-uv/.woodpecker/check.yml | 31 ++++++ templates/python-uv/flake.nix | 112 ++++++++++++++++++++ templates/python-uv/pyproject.toml | 17 +++ templates/python-uv/src/project/__init__.py | 2 + 7 files changed, 178 insertions(+) create mode 100644 templates/python-uv/.envrc create mode 100644 templates/python-uv/.gitignore create mode 100644 templates/python-uv/.woodpecker/check.yml create mode 100644 templates/python-uv/flake.nix create mode 100644 templates/python-uv/pyproject.toml create mode 100644 templates/python-uv/src/project/__init__.py diff --git a/templates/default.nix b/templates/default.nix index 44db753a..51864cda 100644 --- a/templates/default.nix +++ b/templates/default.nix @@ -7,6 +7,10 @@ path = ./c++-meson; description = "A C++ project using Meson"; }; + "python-uv" = { + path = ./python-uv; + description = "A Python project using uv"; + }; "rust-cargo" = { path = ./rust-cargo; description = "A Rust project using Cargo"; diff --git a/templates/python-uv/.envrc b/templates/python-uv/.envrc new file mode 100644 index 00000000..390d06d4 --- /dev/null +++ b/templates/python-uv/.envrc @@ -0,0 +1,6 @@ +# shellcheck shell=bash +if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" +fi + +use flake diff --git a/templates/python-uv/.gitignore b/templates/python-uv/.gitignore new file mode 100644 index 00000000..c79d1e89 --- /dev/null +++ b/templates/python-uv/.gitignore @@ -0,0 +1,6 @@ +# Virtual environments +.venv + +# Nix generated files +/.pre-commit-config.yaml +/result diff --git a/templates/python-uv/.woodpecker/check.yml b/templates/python-uv/.woodpecker/check.yml new file mode 100644 index 00000000..272c0e43 --- /dev/null +++ b/templates/python-uv/.woodpecker/check.yml @@ -0,0 +1,31 @@ +labels: + backend: local + +steps: +- name: pre-commit check + image: bash + commands: + - nix develop --command pre-commit run --all + +- name: nix flake check + image: bash + commands: + - nix flake check + +- name: notify + image: bash + environment: + ADDRESS: + from_secret: matrix_homeserver + ROOM: + from_secret: matrix_roomid + USER: + from_secret: matrix_username + PASS: + from_secret: matrix_password + commands: + - nix run github:ambroisie/matrix-notifier + when: + status: + - failure + - success diff --git a/templates/python-uv/flake.nix b/templates/python-uv/flake.nix new file mode 100644 index 00000000..5059e646 --- /dev/null +++ b/templates/python-uv/flake.nix @@ -0,0 +1,112 @@ +{ + description = "A Python project"; + + inputs = { + futils = { + type = "github"; + owner = "numtide"; + repo = "flake-utils"; + ref = "main"; + }; + + nixpkgs = { + type = "github"; + owner = "NixOS"; + repo = "nixpkgs"; + ref = "nixos-unstable"; + }; + + git-hooks = { + type = "github"; + owner = "cachix"; + repo = "git-hooks.nix"; + ref = "master"; + inputs = { + nixpkgs.follows = "nixpkgs"; + }; + }; + }; + + outputs = { self, futils, nixpkgs, git-hooks }: + { + overlays = { + default = final: _prev: { + project = with final; python3.pkgs.buildPythonApplication { + pname = "project"; + version = (final.lib.importTOML ./pyproject.toml).project.version; + pyproject = true; + + src = self; + + build-system = with python3.pkgs; [ setuptools ]; + + pythonImportsCheck = [ "project" ]; + + meta = with lib; { + description = "A Python project"; + homepage = "https://git.belanyi.fr/ambroisie/project"; + license = licenses.mit; + maintainers = with maintainers; [ ambroisie ]; + }; + }; + }; + }; + } // futils.lib.eachDefaultSystem (system: + let + pkgs = import nixpkgs { + inherit system; + overlays = [ + self.overlays.default + ]; + }; + + pre-commit = git-hooks.lib.${system}.run { + src = self; + + hooks = { + mypy = { + enable = true; + }; + + nixpkgs-fmt = { + enable = true; + }; + + ruff = { + enable = true; + }; + + ruff-format = { + enable = true; + }; + }; + }; + in + { + checks = { + inherit (self.packages.${system}) project; + + inherit pre-commit; + }; + + devShells = { + default = pkgs.mkShell { + inputsFrom = [ + self.packages.${system}.project + ]; + + packages = with pkgs; [ + uv + self.checks.${system}.pre-commit.enabledPackages + ]; + + inherit (pre-commit) shellHook; + }; + }; + + packages = futils.lib.flattenTree { + default = pkgs.project; + inherit (pkgs) project; + }; + }); +} diff --git a/templates/python-uv/pyproject.toml b/templates/python-uv/pyproject.toml new file mode 100644 index 00000000..7b2d896d --- /dev/null +++ b/templates/python-uv/pyproject.toml @@ -0,0 +1,17 @@ +[build-system] +requires = ["setuptools"] +build-backend = "setuptools.build_meta" + + +[project] +name = "project" +version = "0.0.0" +description = "project description" +requires-python = ">=3.12" +dependencies = [] + +[project.scripts] +project = "project:main" + +[dependency-groups] +dev = [] diff --git a/templates/python-uv/src/project/__init__.py b/templates/python-uv/src/project/__init__.py new file mode 100644 index 00000000..b06117df --- /dev/null +++ b/templates/python-uv/src/project/__init__.py @@ -0,0 +1,2 @@ +def main() -> None: + print("Hello, world!") From 7791ad09073529a8b01e534928fc0c61da139d53 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:00:10 +0000 Subject: [PATCH 006/160] nixos: services: servarr: fix 'enableAll' logic I renamed the option and refactored how it worked to make it more explicit that it enables the entire suite by default, with explicit opt-out of individual components (or fine-grained opt-in as an alternative). --- hosts/nixos/porthos/services.nix | 2 +- modules/nixos/services/servarr/default.nix | 20 +++++++++----------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index ffd150a0..021a6ae8 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -144,7 +144,7 @@ in sabnzbd.enable = true; # The whole *arr software suite servarr = { - enable = true; + enableAll = true; # ... But not Lidarr because I don't care for music that much lidarr = { enable = false; diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index e25d9cfd..65c409a3 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -19,6 +19,8 @@ let enable = true; group = "media"; }; + # Set-up media group + users.groups.media = { }; }; mkRedirection = service: { @@ -54,34 +56,30 @@ let in { options.my.services.servarr = { - enable = lib.mkEnableOption "Media automation"; + enableAll = lib.mkEnableOption "media automation suite"; bazarr = { - enable = lib.my.mkDisableOption "Bazarr"; + enable = lib.mkEnableOption "Bazarr" // { default = cfg.enableAll; };; }; lidarr = { - enable = lib.my.mkDisableOption "Lidarr"; + enable = lib.mkEnableOption "Lidarr" // { default = cfg.enableAll; }; }; radarr = { - enable = lib.my.mkDisableOption "Radarr"; + enable = lib.mkEnableOption "Radarr" // { default = cfg.enableAll; }; }; readarr = { - enable = lib.my.mkDisableOption "Readarr"; + enable = lib.mkEnableOption "Readarr" // { default = cfg.enableAll; }; }; sonarr = { - enable = lib.my.mkDisableOption "Sonarr"; + enable = lib.mkEnableOption "Sonarr" // { default = cfg.enableAll; }; }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - { - # Set-up media group - users.groups.media = { }; - } + config = (lib.mkMerge [ # Bazarr does not log authentication failures... (mkFullConfig "bazarr") # Lidarr for music From 860c13ab1f456bc37ef092453c75c09ee08fc950 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 10:51:21 +0000 Subject: [PATCH 007/160] nixos: services: servarr: extract bazarr It's not an actual *arr package, but closely related to them. Extract its configuration to a sub-module. --- modules/nixos/services/servarr/bazarr.nix | 29 ++++++++++++++++++++++ modules/nixos/services/servarr/default.nix | 11 +++----- 2 files changed, 33 insertions(+), 7 deletions(-) create mode 100644 modules/nixos/services/servarr/bazarr.nix diff --git a/modules/nixos/services/servarr/bazarr.nix b/modules/nixos/services/servarr/bazarr.nix new file mode 100644 index 00000000..2d27c958 --- /dev/null +++ b/modules/nixos/services/servarr/bazarr.nix @@ -0,0 +1,29 @@ +{ config, lib, ... }: +let + cfg = config.my.services.servarr.bazarr; +in +{ + options.my.services.servarr.bazarr = with lib; { + enable = lib.mkEnableOption "Bazarr" // { + default = config.my.services.servarr.enableAll; + }; + }; + + config = lib.mkIf cfg.enable { + services.bazarr = { + enable = true; + group = "media"; + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + bazarr = { + port = 6767; + }; + }; + + # Bazarr does not log authentication failures... + }; +} diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 65c409a3..53fd14b9 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -7,7 +7,6 @@ let cfg = config.my.services.servarr; ports = { - bazarr = 6767; lidarr = 8686; radarr = 7878; readarr = 8787; @@ -55,13 +54,13 @@ let ]); in { + imports = [ + ./bazarr.nix + ]; + options.my.services.servarr = { enableAll = lib.mkEnableOption "media automation suite"; - bazarr = { - enable = lib.mkEnableOption "Bazarr" // { default = cfg.enableAll; };; - }; - lidarr = { enable = lib.mkEnableOption "Lidarr" // { default = cfg.enableAll; }; }; @@ -80,8 +79,6 @@ in }; config = (lib.mkMerge [ - # Bazarr does not log authentication failures... - (mkFullConfig "bazarr") # Lidarr for music (mkFullConfig "lidarr") (mkFail2Ban "lidarr") From 1f876d3e214081aa3bd006a9b78fe5772473c382 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 10:53:32 +0000 Subject: [PATCH 008/160] nixos: services: servarr: bazarr: add 'port' --- modules/nixos/services/servarr/bazarr.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/servarr/bazarr.nix b/modules/nixos/services/servarr/bazarr.nix index 2d27c958..637da0c7 100644 --- a/modules/nixos/services/servarr/bazarr.nix +++ b/modules/nixos/services/servarr/bazarr.nix @@ -7,12 +7,20 @@ in enable = lib.mkEnableOption "Bazarr" // { default = config.my.services.servarr.enableAll; }; + + port = mkOption { + type = types.port; + default = 6767; + example = 8080; + description = "Internal port for webui"; + }; }; config = lib.mkIf cfg.enable { services.bazarr = { enable = true; group = "media"; + listenPort = cfg.port; }; # Set-up media group @@ -20,7 +28,7 @@ in my.services.nginx.virtualHosts = { bazarr = { - port = 6767; + inherit (cfg) port; }; }; From 8e6be43817d1337df7a5169bf62ae7d05e5689fb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:07:21 +0000 Subject: [PATCH 009/160] nixox: services: servarr: refactor starr config Makes it slightly DRY-er and more readable. --- modules/nixos/services/servarr/default.nix | 87 ++-------------------- modules/nixos/services/servarr/starr.nix | 51 +++++++++++++ 2 files changed, 56 insertions(+), 82 deletions(-) create mode 100644 modules/nixos/services/servarr/starr.nix diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 53fd14b9..398461bd 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -2,94 +2,17 @@ # Relevant link [1]. # # [1]: https://youtu.be/I26Ql-uX6AM -{ config, lib, ... }: -let - cfg = config.my.services.servarr; - - ports = { - lidarr = 8686; - radarr = 7878; - readarr = 8787; - sonarr = 8989; - }; - - mkService = service: { - services.${service} = { - enable = true; - group = "media"; - }; - # Set-up media group - users.groups.media = { }; - }; - - mkRedirection = service: { - my.services.nginx.virtualHosts = { - ${service} = { - port = ports.${service}; - }; - }; - }; - - mkFail2Ban = service: lib.mkIf cfg.${service}.enable { - services.fail2ban.jails = { - ${service} = '' - enabled = true - filter = ${service} - action = iptables-allports - ''; - }; - - environment.etc = { - "fail2ban/filter.d/${service}.conf".text = '' - [Definition] - failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ - journalmatch = _SYSTEMD_UNIT=${service}.service - ''; - }; - }; - - mkFullConfig = service: lib.mkIf cfg.${service}.enable (lib.mkMerge [ - (mkService service) - (mkRedirection service) - ]); -in +{ lib, ... }: { imports = [ ./bazarr.nix + (import ./starr.nix "lidarr") + (import ./starr.nix "radarr") + (import ./starr.nix "readarr") + (import ./starr.nix "sonarr") ]; options.my.services.servarr = { enableAll = lib.mkEnableOption "media automation suite"; - - lidarr = { - enable = lib.mkEnableOption "Lidarr" // { default = cfg.enableAll; }; - }; - - radarr = { - enable = lib.mkEnableOption "Radarr" // { default = cfg.enableAll; }; - }; - - readarr = { - enable = lib.mkEnableOption "Readarr" // { default = cfg.enableAll; }; - }; - - sonarr = { - enable = lib.mkEnableOption "Sonarr" // { default = cfg.enableAll; }; - }; }; - - config = (lib.mkMerge [ - # Lidarr for music - (mkFullConfig "lidarr") - (mkFail2Ban "lidarr") - # Radarr for movies - (mkFullConfig "radarr") - (mkFail2Ban "radarr") - # Readarr for books - (mkFullConfig "readarr") - (mkFail2Ban "readarr") - # Sonarr for shows - (mkFullConfig "sonarr") - (mkFail2Ban "sonarr") - ]); } diff --git a/modules/nixos/services/servarr/starr.nix b/modules/nixos/services/servarr/starr.nix new file mode 100644 index 00000000..e9c84f90 --- /dev/null +++ b/modules/nixos/services/servarr/starr.nix @@ -0,0 +1,51 @@ +# Templated *arr configuration +starr: +{ config, lib, ... }: +let + cfg = config.my.services.servarr.${starr}; + ports = { + lidarr = 8686; + radarr = 7878; + readarr = 8787; + sonarr = 8989; + }; +in +{ + options.my.services.servarr.${starr} = with lib; { + enable = lib.mkEnableOption (lib.toSentenceCase starr) // { + default = config.my.services.servarr.enableAll; + }; + }; + + config = lib.mkIf cfg.enable { + services.${starr} = { + enable = true; + group = "media"; + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + ${starr} = { + port = ports.${starr}; + }; + }; + + services.fail2ban.jails = { + ${starr} = '' + enabled = true + filter = ${starr} + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/${starr}.conf".text = '' + [Definition] + failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ + journalmatch = _SYSTEMD_UNIT=${starr}.service + ''; + }; + }; +} From d783b5f5ee598ddd82e585c12d8e397c55a1e3b1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:12:16 +0000 Subject: [PATCH 010/160] nixos: services: servarr: starr: add 'port' Now that declarative configurations are supported for those applications. --- modules/nixos/services/servarr/starr.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/servarr/starr.nix b/modules/nixos/services/servarr/starr.nix index e9c84f90..2bf7c114 100644 --- a/modules/nixos/services/servarr/starr.nix +++ b/modules/nixos/services/servarr/starr.nix @@ -15,12 +15,25 @@ in enable = lib.mkEnableOption (lib.toSentenceCase starr) // { default = config.my.services.servarr.enableAll; }; + + port = mkOption { + type = types.port; + default = ports.${starr}; + example = 8080; + description = "Internal port for webui"; + }; }; config = lib.mkIf cfg.enable { services.${starr} = { enable = true; group = "media"; + + settings = { + server = { + port = cfg.port; + }; + }; }; # Set-up media group @@ -28,7 +41,7 @@ in my.services.nginx.virtualHosts = { ${starr} = { - port = ports.${starr}; + port = cfg.port; }; }; From f825d047b5f17cdff8cd096660abf48ed79e7f72 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:21:24 +0000 Subject: [PATCH 011/160] nixos: services: servarr: migrate prowlarr The configuration doesn't have `group`, so it's a slightly different configuration to the rest of the *arr services. I also want to move the other two indexer modules under `servarr`, as they are all closely related. --- hosts/nixos/porthos/services.nix | 4 -- modules/nixos/services/indexers/default.nix | 30 ------------ modules/nixos/services/servarr/default.nix | 1 + modules/nixos/services/servarr/prowlarr.nix | 53 +++++++++++++++++++++ 4 files changed, 54 insertions(+), 34 deletions(-) create mode 100644 modules/nixos/services/servarr/prowlarr.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 021a6ae8..90178944 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -51,10 +51,6 @@ in passwordFile = secrets."forgejo/mail-password".path; }; }; - # Meta-indexers - indexers = { - prowlarr.enable = true; - }; # Jellyfin media server jellyfin.enable = true; # Gitea mirrorig service diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix index 8a42345a..00bf3163 100644 --- a/modules/nixos/services/indexers/default.nix +++ b/modules/nixos/services/indexers/default.nix @@ -5,13 +5,11 @@ let jackettPort = 9117; nzbhydraPort = 5076; - prowlarrPort = 9696; in { options.my.services.indexers = with lib; { jackett.enable = mkEnableOption "Jackett torrent meta-indexer"; nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer"; - prowlarr.enable = mkEnableOption "Prowlarr torrent & usenet meta-indexer"; }; config = lib.mkMerge [ @@ -46,33 +44,5 @@ in }; }; }) - - (lib.mkIf cfg.prowlarr.enable { - services.prowlarr = { - enable = true; - }; - - my.services.nginx.virtualHosts = { - prowlarr = { - port = prowlarrPort; - }; - }; - - services.fail2ban.jails = { - prowlarr = '' - enabled = true - filter = prowlarr - action = iptables-allports - ''; - }; - - environment.etc = { - "fail2ban/filter.d/prowlarr.conf".text = '' - [Definition] - failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ - journalmatch = _SYSTEMD_UNIT=prowlarr.service - ''; - }; - }) ]; } diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 398461bd..1bca773e 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -6,6 +6,7 @@ { imports = [ ./bazarr.nix + ./prowlarr.nix (import ./starr.nix "lidarr") (import ./starr.nix "radarr") (import ./starr.nix "readarr") diff --git a/modules/nixos/services/servarr/prowlarr.nix b/modules/nixos/services/servarr/prowlarr.nix new file mode 100644 index 00000000..ce044c63 --- /dev/null +++ b/modules/nixos/services/servarr/prowlarr.nix @@ -0,0 +1,53 @@ +# Torrent and NZB indexer +{ config, lib, ... }: +let + cfg = config.my.services.servarr.prowlarr; +in +{ + options.my.services.servarr.prowlarr = with lib; { + enable = lib.mkEnableOption "Prowlarr" // { + default = config.my.services.servarr.enableAll; + }; + + port = mkOption { + type = types.port; + default = 9696; + example = 8080; + description = "Internal port for webui"; + }; + }; + + config = lib.mkIf cfg.enable { + services.prowlarr = { + enable = true; + + settings = { + server = { + port = cfg.port; + }; + }; + }; + + my.services.nginx.virtualHosts = { + prowlarr = { + inherit (cfg) port; + }; + }; + + services.fail2ban.jails = { + prowlarr = '' + enabled = true + filter = prowlarr + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/prowlarr.conf".text = '' + [Definition] + failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ + journalmatch = _SYSTEMD_UNIT=prowlarr.service + ''; + }; + }; +} From 950cf4dd059e74d87084747b25e70138753b82d5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:27:18 +0000 Subject: [PATCH 012/160] nixos: services: servarr: migrate jackett --- hosts/nixos/porthos/services.nix | 4 +++ modules/nixos/services/indexers/default.nix | 22 -------------- modules/nixos/services/servarr/default.nix | 1 + modules/nixos/services/servarr/jackett.nix | 33 +++++++++++++++++++++ 4 files changed, 38 insertions(+), 22 deletions(-) create mode 100644 modules/nixos/services/servarr/jackett.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 90178944..d45846ae 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -145,6 +145,10 @@ in lidarr = { enable = false; }; + # I only use Prowlarr nowadays + jackett = { + enable = false; + }; }; # Because I still need to play sysadmin ssh-server.enable = true; diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix index 00bf3163..5d810796 100644 --- a/modules/nixos/services/indexers/default.nix +++ b/modules/nixos/services/indexers/default.nix @@ -3,36 +3,14 @@ let cfg = config.my.services.indexers; - jackettPort = 9117; nzbhydraPort = 5076; in { options.my.services.indexers = with lib; { - jackett.enable = mkEnableOption "Jackett torrent meta-indexer"; nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer"; }; config = lib.mkMerge [ - (lib.mkIf cfg.jackett.enable { - services.jackett = { - enable = true; - }; - - # Jackett wants to eat *all* my RAM if left to its own devices - systemd.services.jackett = { - serviceConfig = { - MemoryHigh = "15%"; - MemoryMax = "25%"; - }; - }; - - my.services.nginx.virtualHosts = { - jackett = { - port = jackettPort; - }; - }; - }) - (lib.mkIf cfg.nzbhydra.enable { services.nzbhydra2 = { enable = true; diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 1bca773e..06a1cef1 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -6,6 +6,7 @@ { imports = [ ./bazarr.nix + ./jackett.nix ./prowlarr.nix (import ./starr.nix "lidarr") (import ./starr.nix "radarr") diff --git a/modules/nixos/services/servarr/jackett.nix b/modules/nixos/services/servarr/jackett.nix new file mode 100644 index 00000000..756df9bf --- /dev/null +++ b/modules/nixos/services/servarr/jackett.nix @@ -0,0 +1,33 @@ +{ config, lib, ... }: +let + cfg = config.my.services.servarr.jackett; +in +{ + options.my.services.servarr.jackett = with lib; { + enable = lib.mkEnableOption "Jackett" // { + default = config.my.services.servarr.enableAll; + }; + }; + + config = lib.mkIf cfg.enable { + services.jackett = { + enable = true; + }; + + # Jackett wants to eat *all* my RAM if left to its own devices + systemd.services.jackett = { + serviceConfig = { + MemoryHigh = "15%"; + MemoryMax = "25%"; + }; + }; + + my.services.nginx.virtualHosts = { + jackett = { + port = 9117; + }; + }; + + # Jackett does not log authentication failures... + }; +} From c823edf58415c1f07eebd03a21617c09447cafbb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:28:04 +0000 Subject: [PATCH 013/160] nixos: services: servarr: jackett: add 'port' --- modules/nixos/services/servarr/jackett.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/servarr/jackett.nix b/modules/nixos/services/servarr/jackett.nix index 756df9bf..481cd3de 100644 --- a/modules/nixos/services/servarr/jackett.nix +++ b/modules/nixos/services/servarr/jackett.nix @@ -7,11 +7,19 @@ in enable = lib.mkEnableOption "Jackett" // { default = config.my.services.servarr.enableAll; }; + + port = mkOption { + type = types.port; + default = 9117; + example = 8080; + description = "Internal port for webui"; + }; }; config = lib.mkIf cfg.enable { services.jackett = { enable = true; + inherit (cfg) port; }; # Jackett wants to eat *all* my RAM if left to its own devices @@ -24,7 +32,7 @@ in my.services.nginx.virtualHosts = { jackett = { - port = 9117; + inherit (cfg) port; }; }; From b1ade723837cbffcfc8a1ac24fa96566392e5e3d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:32:39 +0000 Subject: [PATCH 014/160] nixos: services: servarr: migrate nzbhydra --- hosts/nixos/porthos/services.nix | 3 +++ modules/nixos/services/default.nix | 1 - modules/nixos/services/indexers/default.nix | 26 --------------------- modules/nixos/services/servarr/default.nix | 1 + modules/nixos/services/servarr/nzbhydra.nix | 25 ++++++++++++++++++++ 5 files changed, 29 insertions(+), 27 deletions(-) delete mode 100644 modules/nixos/services/indexers/default.nix create mode 100644 modules/nixos/services/servarr/nzbhydra.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index d45846ae..7efddfa1 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -149,6 +149,9 @@ in jackett = { enable = false; }; + nzbhydra = { + enable = false; + }; }; # Because I still need to play sysadmin ssh-server.enable = true; diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 3992385f..27f8765a 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -15,7 +15,6 @@ ./gitea ./grocy ./homebox - ./indexers ./jellyfin ./komga ./lohr diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix deleted file mode 100644 index 5d810796..00000000 --- a/modules/nixos/services/indexers/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -# Torrent and usenet meta-indexers -{ config, lib, ... }: -let - cfg = config.my.services.indexers; - - nzbhydraPort = 5076; -in -{ - options.my.services.indexers = with lib; { - nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer"; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.nzbhydra.enable { - services.nzbhydra2 = { - enable = true; - }; - - my.services.nginx.virtualHosts = { - nzbhydra = { - port = nzbhydraPort; - }; - }; - }) - ]; -} diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 06a1cef1..23838fde 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -7,6 +7,7 @@ imports = [ ./bazarr.nix ./jackett.nix + ./nzbhydra.nix ./prowlarr.nix (import ./starr.nix "lidarr") (import ./starr.nix "radarr") diff --git a/modules/nixos/services/servarr/nzbhydra.nix b/modules/nixos/services/servarr/nzbhydra.nix new file mode 100644 index 00000000..4112c30d --- /dev/null +++ b/modules/nixos/services/servarr/nzbhydra.nix @@ -0,0 +1,25 @@ +{ config, lib, ... }: +let + cfg = config.my.services.servarr.nzbhydra; +in +{ + options.my.services.servarr.nzbhydra = with lib; { + enable = lib.mkEnableOption "NZBHydra2" // { + default = config.my.services.servarr.enableAll; + }; + }; + + config = lib.mkIf cfg.enable { + services.nzbhydra2 = { + enable = true; + }; + + my.services.nginx.virtualHosts = { + nzbhydra = { + port = 5076; + }; + }; + + # NZBHydra2 does not log authentication failures... + }; +} From ec965800e4a1cd0d8a26f7e2ba50d31e85aaf9b9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:34:25 +0000 Subject: [PATCH 015/160] nixos: services: servarr: nzbhydra: fix websockets From what I could read, NZBHydra2 *might* require proxying websockets in new versions (better safe than sorry). --- modules/nixos/services/servarr/nzbhydra.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/services/servarr/nzbhydra.nix b/modules/nixos/services/servarr/nzbhydra.nix index 4112c30d..7b639869 100644 --- a/modules/nixos/services/servarr/nzbhydra.nix +++ b/modules/nixos/services/servarr/nzbhydra.nix @@ -17,6 +17,7 @@ in my.services.nginx.virtualHosts = { nzbhydra = { port = 5076; + websocketsLocations = [ "/" ]; }; }; From 351026418678281890d469c7d183516f34bba445 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 22:49:11 +0200 Subject: [PATCH 016/160] flake: bump inputs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 353a3923..d86d6b5a 100644 --- a/flake.lock +++ b/flake.lock @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1743607567, - "narHash": "sha256-kTzKPDFmNzwO1cK4fiJgPB/iSw7HgBAmknRTeAPJAeI=", + "lastModified": 1743869639, + "narHash": "sha256-Xhe3whfRW/Ay05z9m1EZ1/AkbV1yo0tm1CbgjtCi4rQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "49748c74cdbae03d70381f150b810f92617f23aa", + "rev": "d094c6763c6ddb860580e7d3b4201f8f496a6836", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743448293, - "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=", + "lastModified": 1743689281, + "narHash": "sha256-y7Hg5lwWhEOgflEHRfzSH96BOt26LaYfrYWzZ+VoVdg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3", + "rev": "2bfc080955153be0be56724be6fa5477b4eefabb", "type": "github" }, "original": { From 215eb4c91ac722b8da4bb38c6791695021c3b516 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 13 Feb 2025 22:59:51 +0100 Subject: [PATCH 017/160] nixos: services: servarr: add autobrr --- hosts/nixos/porthos/services.nix | 3 ++ modules/nixos/services/servarr/autobrr.nix | 62 ++++++++++++++++++++++ modules/nixos/services/servarr/default.nix | 1 + 3 files changed, 66 insertions(+) create mode 100644 modules/nixos/services/servarr/autobrr.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 7efddfa1..cb77fbe1 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -141,6 +141,9 @@ in # The whole *arr software suite servarr = { enableAll = true; + autobrr = { + enable = false; + }; # ... But not Lidarr because I don't care for music that much lidarr = { enable = false; diff --git a/modules/nixos/services/servarr/autobrr.nix b/modules/nixos/services/servarr/autobrr.nix new file mode 100644 index 00000000..afb07f4c --- /dev/null +++ b/modules/nixos/services/servarr/autobrr.nix @@ -0,0 +1,62 @@ +# IRC-based +{ config, lib, ... }: +let + cfg = config.my.services.servarr.autobrr; +in +{ + options.my.services.servarr.autobrr = with lib; { + enable = mkEnableOption "autobrr IRC announce tracker" // { + default = config.my.services.servarr.enableAll; + }; + + port = mkOption { + type = types.port; + default = 7474; + example = 8080; + description = "Internal port for webui"; + }; + + sessionSecretFile = mkOption { + type = types.str; + example = "/run/secrets/autobrr-secret.txt"; + description = '' + File containing the session secret. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + services.autobrr = { + enable = true; + + settings = { + inherit (cfg) port; + checkForUpdates = false; + }; + + secretFile = cfg.sessionSecretFile; + }; + + my.services.nginx.virtualHosts = { + autobrr = { + inherit (cfg) port; + }; + }; + + services.fail2ban.jails = { + autobrr = '' + enabled = true + filter = autobrr + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/autobrr.conf".text = '' + [Definition] + failregex = ^.*Auth: invalid login \[.*\] from: $ + journalmatch = _SYSTEMD_UNIT=autobrr.service + ''; + }; + }; +} diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 23838fde..409fcdc6 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -5,6 +5,7 @@ { lib, ... }: { imports = [ + ./autobrr.nix ./bazarr.nix ./jackett.nix ./nzbhydra.nix From 979814e9dea51880a2ed2c3f37033b994160441d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 13 Feb 2025 21:58:19 +0000 Subject: [PATCH 018/160] hosts: nixos: porthos: secrets: add autobrr --- hosts/nixos/porthos/secrets/secrets.nix | 2 ++ .../porthos/secrets/servarr/autobrr/session-secret.age | 7 +++++++ 2 files changed, 9 insertions(+) create mode 100644 hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index 68e90f2e..425756c5 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -80,6 +80,8 @@ in "pyload/credentials.age".publicKeys = all; + "servarr/autobrr/session-secret.age".publicKeys = all; + "sso/auth-key.age" = { owner = "nginx-sso"; publicKeys = all; diff --git a/hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age b/hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age new file mode 100644 index 00000000..e98b94ad --- /dev/null +++ b/hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 cKojmg bu09lB+fjaPP31cUQZP6EqSPuseucgNK7k9vAS08iS0 ++NGL+b2QD/qGo6hqHvosAXzHZtDvfodmPdcgnrKlD1o +-> ssh-ed25519 jPowng QDCdRBGWhtdvvMCiDH52cZHz1/W7aomhTatZ4+9IKwI +Ou3jjV/O55G1CPgGS33l3eWhhYWrVdwVNPSiE14d5rE +--- q0ssmpG50OX1WaNSInc2hbtH3DbTwQGDU74VGEoMh94 +mCƑ'hK./Xu(g$'M{fK !MZoR՝͟;yb \ No newline at end of file From b8c649d5bff68813cb8589c776cf39a17cef91ea Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 30 Mar 2025 20:22:01 +0200 Subject: [PATCH 019/160] hosts: nixos: porthos: services: enable autobrr --- hosts/nixos/porthos/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index cb77fbe1..784eb313 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -142,7 +142,7 @@ in servarr = { enableAll = true; autobrr = { - enable = false; + sessionSecretFile = secrets."servarr/autobrr/session-secret".path; }; # ... But not Lidarr because I don't care for music that much lidarr = { From 08f7c2bd7912696047e815adbb92adf89f4e47c7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 5 Apr 2025 20:24:21 +0200 Subject: [PATCH 020/160] nixos: services: nextcloud: bump to 31 --- modules/nixos/services/nextcloud/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index fe941778..cf1b876f 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -35,7 +35,7 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud30; + package = pkgs.nextcloud31; hostName = "nextcloud.${config.networking.domain}"; home = "/var/lib/nextcloud"; maxUploadSize = cfg.maxSize; From 01529075369d01274302efaaa8df55aac77b1a21 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 7 Apr 2025 10:19:30 +0000 Subject: [PATCH 021/160] flake: nixos: use 'self.dirtyRev' if available --- flake/nixos.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake/nixos.nix b/flake/nixos.nix index fa656dc0..bf9eac8c 100644 --- a/flake/nixos.nix +++ b/flake/nixos.nix @@ -3,7 +3,7 @@ let defaultModules = [ { # Let 'nixos-version --json' know about the Git revision - system.configurationRevision = self.rev or "dirty"; + system.configurationRevision = self.rev or self.dirtyRev or "dirty"; } { nixpkgs.overlays = (lib.attrValues self.overlays) ++ [ From a1cab7f60649123658bb8df098c5eff934d0364b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 7 Apr 2025 15:50:22 +0000 Subject: [PATCH 022/160] flake: home-manager: set overlays in module I need to inherit `lib` to make sure it picks up my version, not the one from `pkgs`. I can't use `extraSpecialArgs` like NixOS, due to it missing from upstream [1]. [1]: https://github.com/nix-community/home-manager/pull/3969 --- flake/home-manager.nix | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/flake/home-manager.nix b/flake/home-manager.nix index add889eb..093ae8cf 100644 --- a/flake/home-manager.nix +++ b/flake/home-manager.nix @@ -3,6 +3,11 @@ let defaultModules = [ # Include generic settings "${self}/modules/home" + { + nixpkgs.overlays = (lib.attrValues self.overlays) ++ [ + inputs.nur.overlays.default + ]; + } { # Basic user information defaults home.username = lib.mkDefault "ambroisie"; @@ -21,18 +26,15 @@ let # * not letting me set `lib` as an extraSpecialArgs # * not respecting `nixpkgs.overlays` [1] # [1]: https://github.com/nix-community/home-manager/issues/2954 - pkgs = import inputs.nixpkgs { - inherit system; - - overlays = (lib.attrValues self.overlays) ++ [ - inputs.nur.overlays.default - ]; - }; + pkgs = inputs.nixpkgs.legacyPackages.${system}; modules = defaultModules ++ [ "${self}/hosts/homes/${name}" ]; + # Use my extended lib in NixOS configuration + inherit (self) lib; + extraSpecialArgs = { # Inject inputs to use them in global registry inherit inputs; From e5bf5a3ba1ce7c6d2aa09658303dcabf72bb09b9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 9 Apr 2025 11:41:07 +0200 Subject: [PATCH 023/160] flake: bump inputs --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index d86d6b5a..9e61219b 100644 --- a/flake.lock +++ b/flake.lock @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743689281, - "narHash": "sha256-y7Hg5lwWhEOgflEHRfzSH96BOt26LaYfrYWzZ+VoVdg=", + "lastModified": 1744174375, + "narHash": "sha256-oxI9TLgnQbQ/WL0tIwVSIooLbXq4PW1QUhf5aQmXFgk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2bfc080955153be0be56724be6fa5477b4eefabb", + "rev": "ef3a956f697525883b77192cbe208233ea0f8f79", "type": "github" }, "original": { From 439a6bc930ea7eabb372824c71d4a9174d4588b5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 9 Apr 2025 12:26:04 +0200 Subject: [PATCH 024/160] nixos: services: homebox: use postgres --- modules/nixos/services/homebox/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos/services/homebox/default.nix b/modules/nixos/services/homebox/default.nix index d79e3314..bde59e67 100644 --- a/modules/nixos/services/homebox/default.nix +++ b/modules/nixos/services/homebox/default.nix @@ -19,6 +19,11 @@ in services.homebox = { enable = true; + # Automatic PostgreSQL provisioning + database = { + createLocally = true; + }; + settings = { # FIXME: mailer? HBOX_WEB_PORT = toString cfg.port; From 1dd1dbb917b17da7864a4ac20a977869ff752ac2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 9 Apr 2025 12:26:42 +0200 Subject: [PATCH 025/160] nixos: services: homebox: proxy websockets Should avoid a bunch of error logs, and ensure that e.g: adding a label does not require a refresh to show it in a list. --- modules/nixos/services/homebox/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/services/homebox/default.nix b/modules/nixos/services/homebox/default.nix index bde59e67..8ed5d776 100644 --- a/modules/nixos/services/homebox/default.nix +++ b/modules/nixos/services/homebox/default.nix @@ -33,6 +33,7 @@ in my.services.nginx.virtualHosts = { homebox = { inherit (cfg) port; + websocketsLocations = [ "/api" ]; }; }; From bd55ecc016eb49eca60b98ab0d2a22eca49a95ce Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 9 Apr 2025 12:27:51 +0200 Subject: [PATCH 026/160] hosts: nixos: porthos: services: enable homebox --- hosts/nixos/porthos/services.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 784eb313..561da278 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -51,6 +51,10 @@ in passwordFile = secrets."forgejo/mail-password".path; }; }; + # Home inventory + homebox = { + enable = true; + }; # Jellyfin media server jellyfin.enable = true; # Gitea mirrorig service From a28295da27b96301bba49cd68cb6ae017be4be76 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 11 Apr 2025 19:01:08 +0200 Subject: [PATCH 027/160] nixos: services: servarr: autobrr: fix comment --- modules/nixos/services/servarr/autobrr.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/servarr/autobrr.nix b/modules/nixos/services/servarr/autobrr.nix index afb07f4c..4465a78c 100644 --- a/modules/nixos/services/servarr/autobrr.nix +++ b/modules/nixos/services/servarr/autobrr.nix @@ -1,4 +1,4 @@ -# IRC-based +# IRC-based indexer { config, lib, ... }: let cfg = config.my.services.servarr.autobrr; From a0473a5c6cd191ea649c250dc7e8f6094e74adba Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 12 Apr 2025 11:27:47 +0200 Subject: [PATCH 028/160] nixos: services: servarr: autobrr: fix fail2ban The log line for authentication failures has been updated since the original PR. It also happens to be logged in JSON, and I'm a bit too lazy to match it more properly than this. --- modules/nixos/services/servarr/autobrr.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/servarr/autobrr.nix b/modules/nixos/services/servarr/autobrr.nix index 4465a78c..398e8786 100644 --- a/modules/nixos/services/servarr/autobrr.nix +++ b/modules/nixos/services/servarr/autobrr.nix @@ -54,7 +54,7 @@ in environment.etc = { "fail2ban/filter.d/autobrr.conf".text = '' [Definition] - failregex = ^.*Auth: invalid login \[.*\] from: $ + failregex = "message":"Auth: Failed login attempt username: \[.*\] ip: " journalmatch = _SYSTEMD_UNIT=autobrr.service ''; }; From e82ae4a2192191e2894969fe3107fdbcd36c8c92 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 14 Apr 2025 10:19:57 +0000 Subject: [PATCH 029/160] home: vim: numbertoggle: remove 'TermOpen' event It's now part of upstream's default setup. --- modules/home/vim/plugin/numbertoggle.lua | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/modules/home/vim/plugin/numbertoggle.lua b/modules/home/vim/plugin/numbertoggle.lua index 80427101..b1e3df21 100644 --- a/modules/home/vim/plugin/numbertoggle.lua +++ b/modules/home/vim/plugin/numbertoggle.lua @@ -22,13 +22,3 @@ vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "InsertEnter", "WinLeave" end end, }) - --- Never show the sign column in a terminal buffer -vim.api.nvim_create_autocmd({ "TermOpen" }, { - pattern = "*", - group = numbertoggle, - callback = function() - vim.opt.number = false - vim.opt.relativenumber = false - end, -}) From 67936af4c73f8664448efc80b072f40c568517c6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 14 Apr 2025 10:19:57 +0000 Subject: [PATCH 030/160] home: vim: signtoggle: remove 'TermOpen' event It's now part of upstream's default setup. --- modules/home/vim/plugin/signtoggle.lua | 9 --------- 1 file changed, 9 deletions(-) diff --git a/modules/home/vim/plugin/signtoggle.lua b/modules/home/vim/plugin/signtoggle.lua index 9765a818..6a7640c1 100644 --- a/modules/home/vim/plugin/signtoggle.lua +++ b/modules/home/vim/plugin/signtoggle.lua @@ -15,12 +15,3 @@ vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "WinLeave" }, { vim.opt.signcolumn = "no" end, }) - --- Never show the sign column in a terminal buffer -vim.api.nvim_create_autocmd({ "TermOpen" }, { - pattern = "*", - group = signtoggle, - callback = function() - vim.opt.signcolumn = "no" - end, -}) From 6f5ac4e55f644a5e5a473e9fda752fbebdec7455 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 14 Apr 2025 10:24:30 +0000 Subject: [PATCH 031/160] home: vim: signtoggle: only show signs if 'number' If a buffer doesn't show a number column, I probably also don't want a sign column to be toggled on/off in there. --- modules/home/vim/plugin/signtoggle.lua | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/modules/home/vim/plugin/signtoggle.lua b/modules/home/vim/plugin/signtoggle.lua index 6a7640c1..3deca340 100644 --- a/modules/home/vim/plugin/signtoggle.lua +++ b/modules/home/vim/plugin/signtoggle.lua @@ -1,17 +1,21 @@ local signtoggle = vim.api.nvim_create_augroup("signtoggle", { clear = true }) --- Only show sign column for the currently focused buffer +-- Only show sign column for the currently focused buffer, if it has a number column vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "WinEnter" }, { pattern = "*", group = signtoggle, callback = function() - vim.opt.signcolumn = "yes" + if vim.opt.number:get() then + vim.opt.signcolumn = "yes" + end end, }) vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "WinLeave" }, { pattern = "*", group = signtoggle, callback = function() - vim.opt.signcolumn = "no" + if vim.opt.number:get() then + vim.opt.signcolumn = "no" + end end, }) From 26ee59ef6e4f28ccbdbcf87eb28bb4074a87c840 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 14 Apr 2025 13:54:52 +0000 Subject: [PATCH 032/160] home: atuin: use 'uk' dialect for dates This should be for date *parsing*, from my looking at the code. Unlikely to be relevant, but might as well set it to the saner of the two options. --- modules/home/atuin/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home/atuin/default.nix b/modules/home/atuin/default.nix index 3f062638..8c02e692 100644 --- a/modules/home/atuin/default.nix +++ b/modules/home/atuin/default.nix @@ -21,6 +21,8 @@ in ]; settings = { + # Reasonable date format + dialect = "uk"; # The package is managed by Nix update_check = false; # I don't care for the fancy display From c69aaa7adb604593d20d38d0037caaf24cb41f3e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 16 Apr 2025 15:25:18 +0200 Subject: [PATCH 033/160] nixos: services: servarr: autobrr: fix websockets I found some logs complaining about websockets before enabling this. --- modules/nixos/services/servarr/autobrr.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/services/servarr/autobrr.nix b/modules/nixos/services/servarr/autobrr.nix index 398e8786..c3370cb8 100644 --- a/modules/nixos/services/servarr/autobrr.nix +++ b/modules/nixos/services/servarr/autobrr.nix @@ -40,6 +40,7 @@ in my.services.nginx.virtualHosts = { autobrr = { inherit (cfg) port; + websocketsLocations = [ "/api" ]; }; }; From e4bc0444bfe7fdc7a43afcbda1ec7379f8286301 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 16 Apr 2025 15:29:10 +0200 Subject: [PATCH 034/160] nixos: services: transmission: fix umask I want downloads to be readable by the `media` group. The permissions weren't correctly applied without `umask`. --- modules/nixos/services/transmission/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index ac8b24dd..16d51e3f 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -65,6 +65,8 @@ in # Proxied behind Nginx. rpc-whitelist-enabled = true; rpc-whitelist = "127.0.0.1"; + + umask = "002"; # To go with `downloadDirPermissions` }; }; From 1b6a48d6c27a88c98c6c99cbe642ee681c362cbd Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 16 Apr 2025 17:07:23 +0200 Subject: [PATCH 035/160] flake: bump inputs --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 9e61219b..65b8f048 100644 --- a/flake.lock +++ b/flake.lock @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744174375, - "narHash": "sha256-oxI9TLgnQbQ/WL0tIwVSIooLbXq4PW1QUhf5aQmXFgk=", + "lastModified": 1744777043, + "narHash": "sha256-O6jgTxz9BKUiaJl03JsVHvSjtCOC8gHfDvC2UCfcLMc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ef3a956f697525883b77192cbe208233ea0f8f79", + "rev": "7a6f7f4c1c69eee05641beaa40e7f85da8e69fb0", "type": "github" }, "original": { From c40090d17607efbec1d58cefa95f0745ab0806b7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 12 Apr 2025 14:51:46 +0200 Subject: [PATCH 036/160] nixos: services: servarr: add cross-seed --- hosts/nixos/porthos/services.nix | 3 + modules/nixos/services/servarr/cross-seed.nix | 96 +++++++++++++++++++ modules/nixos/services/servarr/default.nix | 1 + 3 files changed, 100 insertions(+) create mode 100644 modules/nixos/services/servarr/cross-seed.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 561da278..a95840a9 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -148,6 +148,9 @@ in autobrr = { sessionSecretFile = secrets."servarr/autobrr/session-secret".path; }; + cross-seed = { + enable = false; + }; # ... But not Lidarr because I don't care for music that much lidarr = { enable = false; diff --git a/modules/nixos/services/servarr/cross-seed.nix b/modules/nixos/services/servarr/cross-seed.nix new file mode 100644 index 00000000..74f216ae --- /dev/null +++ b/modules/nixos/services/servarr/cross-seed.nix @@ -0,0 +1,96 @@ +# Automatic cross-seeding for video media +{ config, lib, ... }: +let + cfg = config.my.services.servarr.cross-seed; +in +{ + options.my.services.servarr.cross-seed = with lib; { + enable = mkEnableOption "cross-seed daemon" // { + default = config.my.services.servarr.enableAll; + }; + + port = mkOption { + type = types.port; + default = 2468; + example = 8080; + description = "Internal port for daemon"; + }; + + linkDirectory = mkOption { + type = types.str; + default = "/data/downloads/complete/links"; + example = "/var/lib/cross-seed/links"; + description = "Link directory"; + }; + + secretSettingsFile = mkOption { + type = types.str; + example = "/run/secrets/cross-seed-secrets.json"; + description = '' + File containing secret settings. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + services.cross-seed = { + enable = true; + group = "media"; + + # Rely on recommended defaults for tracker snatches etc... + useGenConfigDefaults = true; + + settings = { + inherit (cfg) port; + host = "127.0.0.1"; + + # Inject torrents to client directly + action = "inject"; + # Query the client for torrents to match + useClientTorrents = true; + # Use hardlinks + linkType = "hardlink"; + # Use configured link directory + linkDirs = [ cfg.linkDirectory ]; + # Match as many torrents as possible + matchMode = "partial"; + # Cross-seed full season if at least 50% of episodes are already downloaded + seasonFromEpisodes = 0.5; + }; + + settingsFile = cfg.secretSettingsFile; + }; + + systemd.services.cross-seed = { + serviceConfig = { + # Loose umask to make cross-seed links readable by `media` + UMask = "0002"; + }; + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + cross-seed = { + inherit (cfg) port; + }; + }; + + services.fail2ban.jails = { + cross-seed = '' + enabled = true + filter = cross-seed + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/cross-seed.conf".text = '' + [Definition] + failregex = ^.*Unauthorized API access attempt to .* from $ + journalmatch = _SYSTEMD_UNIT=cross-seed.service + ''; + }; + }; +} diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 409fcdc6..dca57cf6 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -7,6 +7,7 @@ imports = [ ./autobrr.nix ./bazarr.nix + ./cross-seed.nix ./jackett.nix ./nzbhydra.nix ./prowlarr.nix From 058096079eadcf5fb488f00156dcd6d3a5489256 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 12 Apr 2025 14:52:10 +0200 Subject: [PATCH 037/160] hosts: nixos: porthos: secrets: add cross-seed --- hosts/nixos/porthos/secrets/secrets.nix | 1 + .../servarr/cross-seed/configuration.json.age | Bin 0 -> 1282 bytes 2 files changed, 1 insertion(+) create mode 100644 hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index 425756c5..b3812b43 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -81,6 +81,7 @@ in "pyload/credentials.age".publicKeys = all; "servarr/autobrr/session-secret.age".publicKeys = all; + "servarr/cross-seed/configuration.json.age".publicKeys = all; "sso/auth-key.age" = { owner = "nginx-sso"; diff --git a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age new file mode 100644 index 0000000000000000000000000000000000000000..e9af03f472da8411b7106cf733ba1d389201263a GIT binary patch literal 1282 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSn_Ri1BO;^Y%D)lpW z_Vox$^UBlD_YJRfEOs*TaI7%TamjG@@%MBN_6+q4%rlBG4CFEk(T)lZswgWlj0|@T zOfI%GGIq@J$u08_b}~sxN^>zZ3kh=Z)~^WiGeNg4DR)FdraKP>Q?&_key4;IpeNQjT-={NB3)O=pQ;MLzxPQS!oIb3v^1Sri)Zs9eVB=lXAmyUEuZlJ%3cK^Gi!u7w2uv-`dOQZ$FXe z3*(03pW)Xgwfh=0Gjk-(y5bwTz)`wS;CJZJWp^yK``2&nXpHTb_IM9_Qkgn(YnF5BSA*H`bfRnLD#;ukQR_DQvniFx=(b?Qj2! zjwJcLmRIPtk}o>ACGkbuS&frT;XOMSX2r>6bGA<`5MKBvH)cmpdxG$^g=^xroJ_lW zj8(z<=7Gg4?T`5IWK_04n)k`A_^6Ro?}Rfup7}iebiiEhj^WR)BYmZDuN1^h=f3NB z6c#wu{Eyn*Tra+3;%3F&h3x;{ z^$9+GF!jix1q_uog>SvI7|Yxv)Rh!9ZmoJe^Hct_oFjD>yg&T+$mUMnlCH0>@~5aB{o`yCkb0pdG)BVZ)G22c?)L5Mi!54$;;YvkVqAOw@6QYkJHc+T zNuQ?QSKG(kYxG~eg5$-Dk9TiY9FCcs7awN$Li4RTlb1v|*GGSr=bP_ytXh#jaoPRb zwqIJFxK>UPFfTilIA`aV#ZKF@6J~T=_+H2N?wKE_+oI|3g2V15M&`b+lZ*TGd$II~ zp4Y!@)U{7*rY!nfB+ayF=43{`-Tk2xT8jLvukPx;c-d-lXH&IZ+b@X|F$b9DSJ}w? zn|)=Ec)*@~w|7Ctwy8c>9*bKP8$9m~Z2lAQOWRa0DSvOJ^E$QZQ65=0Za0753*7ZutHTFF1He;Ff2n;b$@S zO@^oRdHR_y1$Hbr^txewUfIF>X6zzqJWZZTPgB_3-hUQrYkHDkaX$G8Gn2mmfp2fO a3$3o2qvJ8ZJ$CJ3_b3jI6I)+s@Bjd%=|BMh literal 0 HcmV?d00001 From ee1139713c908ab43cd86b86fc984f1824395ca2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 12 Apr 2025 14:52:38 +0200 Subject: [PATCH 038/160] hosts: nixos: porthos: services: enable cross-seed --- hosts/nixos/porthos/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index a95840a9..96f15d38 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -149,7 +149,7 @@ in sessionSecretFile = secrets."servarr/autobrr/session-secret".path; }; cross-seed = { - enable = false; + secretSettingsFile = secrets."servarr/cross-seed/configuration.json".path; }; # ... But not Lidarr because I don't care for music that much lidarr = { From 135cef25365c25a1efaa912489c960a5fe839663 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 16 Apr 2025 16:04:52 +0000 Subject: [PATCH 039/160] home: atuin: add daemon Enabled by default, I probably won't have a reason *not* to use it. --- modules/home/atuin/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/home/atuin/default.nix b/modules/home/atuin/default.nix index 8c02e692..dbd9690a 100644 --- a/modules/home/atuin/default.nix +++ b/modules/home/atuin/default.nix @@ -8,6 +8,10 @@ in # I want the full experience by default package = mkPackageOption pkgs "atuin" { }; + + daemon = { + enable = my.mkDisableOption "atuin daemon"; + }; }; config = lib.mkIf cfg.enable { @@ -15,6 +19,10 @@ in enable = true; inherit (cfg) package; + daemon = lib.mkIf cfg.daemon.enable { + enable = true; + }; + flags = [ # I *despise* this hijacking of the up key, even though I use Ctrl-p "--disable-up-arrow" From 29b47d7f84c67428d44ccc1f385161f187702661 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 22 Apr 2025 13:04:36 +0000 Subject: [PATCH 040/160] home: tmux: rename 'mkTerminalFeature' This is a more accurate name to describe what the function is doing. --- modules/home/tmux/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 08b9202c..82ceb3a3 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -6,7 +6,7 @@ let (config.my.home.wm.windowManager != null) ]; - mkTerminalFlags = opt: flag: + mkTerminalFeature = opt: flag: let mkFlag = term: ''set -as terminal-features ",${term}:${flag}"''; enabledTerminals = lib.filterAttrs (_: v: v.${opt}) cfg.terminalFeatures; @@ -123,9 +123,9 @@ in } # Force OSC8 hyperlinks for each relevant $TERM - ${mkTerminalFlags "hyperlinks" "hyperlinks"} + ${mkTerminalFeature "hyperlinks" "hyperlinks"} # Force 24-bit color for each relevant $TERM - ${mkTerminalFlags "trueColor" "RGB"} + ${mkTerminalFeature "trueColor" "RGB"} ''; }; } From ec1c94676a727ee7b6e20c377ad0f7d05af9d69e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 22 Apr 2025 13:15:04 +0000 Subject: [PATCH 041/160] home: vim: highlight over-extended commit subjects --- modules/home/vim/after/queries/gitcommit/highlights.scm | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 modules/home/vim/after/queries/gitcommit/highlights.scm diff --git a/modules/home/vim/after/queries/gitcommit/highlights.scm b/modules/home/vim/after/queries/gitcommit/highlights.scm new file mode 100644 index 00000000..05162c9d --- /dev/null +++ b/modules/home/vim/after/queries/gitcommit/highlights.scm @@ -0,0 +1,6 @@ +; extends + +; Highlight over-extended subject lines (rely on wrapping for message body) +((subject) @comment.error + (#vim-match? @comment.error ".\{50,}") + (#offset! @comment.error 0 50 0 0)) From 946eab9ec00bfba393d1ed292a28f0f692048096 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 21 Feb 2025 16:26:39 +0000 Subject: [PATCH 042/160] home: git: extract 'delta' configuration I want to be able to re-use it between different source control systems (e.g: `jj`). As a first step, extract it to a proper module so that I can have it live in a single space. --- modules/home/default.nix | 1 + modules/home/delta/default.nix | 61 ++++++++++++++++++++++++++++++++++ modules/home/git/default.nix | 28 ---------------- 3 files changed, 62 insertions(+), 28 deletions(-) create mode 100644 modules/home/delta/default.nix diff --git a/modules/home/default.nix b/modules/home/default.nix index c8183cfd..e642e878 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -8,6 +8,7 @@ ./bluetooth ./calibre ./comma + ./delta ./dircolors ./direnv ./discord diff --git a/modules/home/delta/default.nix b/modules/home/delta/default.nix new file mode 100644 index 00000000..e9350bb4 --- /dev/null +++ b/modules/home/delta/default.nix @@ -0,0 +1,61 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.my.home.delta; +in +{ + options.my.home.delta = with lib; { + enable = my.mkDisableOption "delta configuration"; + + package = mkPackageOption pkgs "delta" { }; + + git = { + enable = my.mkDisableOption "git integration"; + }; + }; + + config = lib.mkIf cfg.enable { + assertions = [ + { + # For its configuration + assertion = cfg.enable -> cfg.git.enable; + message = '' + `config.my.home.delta` must enable `config.my.home.delta.git` to be + properly configured. + ''; + } + ]; + + home.packages = [ cfg.package ]; + + programs.git = lib.mkIf cfg.git.enable { + delta = { + enable = true; + inherit (cfg) package; + + options = { + features = "diff-highlight decorations"; + + # Less jarring style for `diff-highlight` emulation + diff-highlight = { + minus-style = "red"; + minus-non-emph-style = "red"; + minus-emph-style = "bold red 52"; + + plus-style = "green"; + plus-non-emph-style = "green"; + plus-emph-style = "bold green 22"; + + whitespace-error-style = "reverse red"; + }; + + # Personal preference for easier reading + decorations = { + commit-style = "raw"; # Do not recolor meta information + keep-plus-minus-markers = true; + paging = "always"; + }; + }; + }; + }; + }; +} diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index c88008fa..ca59a5fb 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -42,34 +42,6 @@ in lfs.enable = true; - delta = { - enable = true; - - options = { - features = "diff-highlight decorations"; - - # Less jarring style for `diff-highlight` emulation - diff-highlight = { - minus-style = "red"; - minus-non-emph-style = "red"; - minus-emph-style = "bold red 52"; - - plus-style = "green"; - plus-non-emph-style = "green"; - plus-emph-style = "bold green 22"; - - whitespace-error-style = "reverse red"; - }; - - # Personal preference for easier reading - decorations = { - commit-style = "raw"; # Do not recolor meta information - keep-plus-minus-markers = true; - paging = "always"; - }; - }; - }; - # There's more extraConfig = { # Makes it a bit more readable From 2eb2a83dca68ffd2ff5380300fbaec23e8038e6a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 24 Apr 2025 09:29:37 +0000 Subject: [PATCH 043/160] flake: bump inputs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 65b8f048..6bd45a88 100644 --- a/flake.lock +++ b/flake.lock @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1743869639, - "narHash": "sha256-Xhe3whfRW/Ay05z9m1EZ1/AkbV1yo0tm1CbgjtCi4rQ=", + "lastModified": 1745439012, + "narHash": "sha256-TwbdiH28QK7Da2JQTqFHdb+UCJq6QbF2mtf+RxHVzEA=", "owner": "nix-community", "repo": "home-manager", - "rev": "d094c6763c6ddb860580e7d3b4201f8f496a6836", + "rev": "d31710fb2cd536b1966fee2af74e99a0816a61a8", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744777043, - "narHash": "sha256-O6jgTxz9BKUiaJl03JsVHvSjtCOC8gHfDvC2UCfcLMc=", + "lastModified": 1745469902, + "narHash": "sha256-+kHgeD+3+WZZcOaIsS6XwQWb+qbYYWYXzoEjdmdW6OY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7a6f7f4c1c69eee05641beaa40e7f85da8e69fb0", + "rev": "4975ac49a527b505803958595fcb191c9e889f60", "type": "github" }, "original": { From 89bc60609f07b4f3cff4cb4e0610f1b8243a9ad3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 24 Apr 2025 12:46:24 +0200 Subject: [PATCH 044/160] home: firefox: tridactyl: use 'replaceVars' --- modules/home/firefox/tridactyl/default.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/modules/home/firefox/tridactyl/default.nix b/modules/home/firefox/tridactyl/default.nix index 35b58c2d..26ddfad5 100644 --- a/modules/home/firefox/tridactyl/default.nix +++ b/modules/home/firefox/tridactyl/default.nix @@ -12,9 +12,7 @@ let in { config = lib.mkIf cfg.enable { - xdg.configFile."tridactyl/tridactylrc".source = pkgs.substituteAll { - src = ./tridactylrc; - + xdg.configFile."tridactyl/tridactylrc".source = pkgs.replaceVars ./tridactylrc { editorcmd = lib.concatStringsSep " " [ # Use my configured terminal term From bfda64288ead8796e1f3c8a5980fabb228f2e844 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 30 Apr 2025 21:05:22 +0100 Subject: [PATCH 045/160] nix: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 6bd45a88..584d9423 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1736955230, - "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", + "lastModified": 1745630506, + "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", "owner": "ryantm", "repo": "agenix", - "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "rev": "96e078c646b711aee04b82ba01aefbff87004ded", "type": "github" }, "original": { @@ -36,11 +36,11 @@ ] }, "locked": { - "lastModified": 1700795494, - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1745439012, - "narHash": "sha256-TwbdiH28QK7Da2JQTqFHdb+UCJq6QbF2mtf+RxHVzEA=", + "lastModified": 1746040799, + "narHash": "sha256-osgPX/SzIpkR50vev/rqoTEAVkEcOWXoQXmbzsaI4KU=", "owner": "nix-community", "repo": "home-manager", - "rev": "d31710fb2cd536b1966fee2af74e99a0816a61a8", + "rev": "5f217e5a319f6c186283b530f8c975e66c028433", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1745469902, - "narHash": "sha256-+kHgeD+3+WZZcOaIsS6XwQWb+qbYYWYXzoEjdmdW6OY=", + "lastModified": 1745930157, + "narHash": "sha256-y3h3NLnzRSiUkYpnfvnS669zWZLoqqI6NprtLQ+5dck=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4975ac49a527b505803958595fcb191c9e889f60", + "rev": "46e634be05ce9dc6d4db8e664515ba10b78151ae", "type": "github" }, "original": { From c5be292dfca50b740acf130bb0c3138fb4261a26 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 30 Apr 2025 21:34:11 +0100 Subject: [PATCH 046/160] nixos: profiles: wm: fix i3lock PAM service This was announced as a breaking change, and would lock me out if not set. I wish the transition went a bit slower, by first introducing the option for each PAM service, and *then* toggling it. Oh well. --- modules/nixos/profiles/wm/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/profiles/wm/default.nix b/modules/nixos/profiles/wm/default.nix index c2273281..bca4d700 100644 --- a/modules/nixos/profiles/wm/default.nix +++ b/modules/nixos/profiles/wm/default.nix @@ -24,6 +24,8 @@ in my.home.udiskie.enable = true; # udiskie fails if it can't find this dbus service services.udisks2.enable = true; + # Ensure i3lock can actually unlock the session + security.pam.services.i3lock.enable = true; }) ]; } From 4b6f62b25ab9bccf84aa994ac8e8b79a42632e00 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 30 Apr 2025 21:36:50 +0100 Subject: [PATCH 047/160] home: gpg: fix deprecated config --- modules/home/gpg/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/gpg/default.nix b/modules/home/gpg/default.nix index 51c865a2..2a00baf4 100644 --- a/modules/home/gpg/default.nix +++ b/modules/home/gpg/default.nix @@ -17,7 +17,7 @@ in services.gpg-agent = { enable = true; enableSshSupport = true; # One agent to rule them all - pinentryPackage = cfg.pinentry; + pinentry.package = cfg.pinentry; extraConfig = '' allow-loopback-pinentry ''; From e3243ebe80d7c3e55337227d1e4177022d78ca05 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 2 May 2025 17:59:03 +0100 Subject: [PATCH 048/160] nixos: services: nextcloud: simplify DB handling I *think* the option didn't exist when I originally used this module. --- modules/nixos/services/nextcloud/default.nix | 22 +++++--------------- 1 file changed, 5 insertions(+), 17 deletions(-) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index cf1b876f..d8d4fce0 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -44,11 +44,15 @@ in adminuser = cfg.admin; adminpassFile = cfg.passwordFile; dbtype = "pgsql"; - dbhost = "/run/postgresql"; }; https = true; + # Automatic PostgreSQL provisioning + database = { + createLocally = true; + }; + settings = { overwriteprotocol = "https"; # Nginx only allows SSL }; @@ -60,22 +64,6 @@ in }; }; - services.postgresql = { - enable = true; - ensureDatabases = [ "nextcloud" ]; - ensureUsers = [ - { - name = "nextcloud"; - ensureDBOwnership = true; - } - ]; - }; - - systemd.services."nextcloud-setup" = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - }; - # The service above configures the domain, no need for my wrapper services.nginx.virtualHosts."nextcloud.${config.networking.domain}" = { forceSSL = true; From 921d604ebea0d265815c76c60a85efa0929bc1ce Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 2 May 2025 22:35:33 +0100 Subject: [PATCH 049/160] hosts: nixos: porthos: secrets: update cross-seed --- .../servarr/cross-seed/configuration.json.age | Bin 1282 -> 1364 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age index e9af03f472da8411b7106cf733ba1d389201263a..1499a56c21c9911f5a7111177b3458e418cb4b1c 100644 GIT binary patch delta 1337 zcmZqTy23R~+#=N{Kdj6( zkju?CG(W`1q_`?PSKrs8&^6REIMFhosHDiCI6uQN-`^~&Dk-2MG@~>spG((Hp}06h zH#Nn`)YQ;YAuAxiJTF}#B-zj1%rDG1C(EQFDzM7fuRbiR%*Qjgytq`~%%sfKHQ2B) zIV&p6FxSX}%Pci3(7?>gG(SDeGd#u5&&15d(>chkDl^|Zr8Lzd-Q6ravLGxV#oR5D zOIKG{A*d>)D4@V8C#1Y6B-7Nm(juua&p*OE*Uccf#3SF)#LqI&&)hxRB`~p^Yxyd> zj1~K?AFEe4*c%Y58#y;-`z!&8)Tv=jGo`~r_eAP+vgUnQnY4O$&c(W!cUcYk)~Byu z7Vzw@$d$U!zGgcb()tRwY`S*Zy*t7{bAo+2mn5_5`<;szWvw3^-gZ;4wr6wbV}m{m zd#2gfbYzy8RB#p=DDJkBTcaa%;L*aG_3u~ATWG{_FFEEz{e{%6|2DLE)+t6^YG6z` z{A5PL1Fns#@q)XPE=n6m+~kVqJ@igxBk!iS4|MwPt~j;Y#z|+*+yi>9=iQDHGtMxmlmx_$beugPX zC;Bt}=|BBkD}!4icUS!ciOom#Ivr*InYoqZI92{v^Vwc!8_chE_cKSY;`RSeWPFul z&X?ET`*duvY47@lcRoKh`e8Y7LgQ1NNpr*|*IP3%T(3NrlaO?fgQuS3;l0yGIg|F? z{!}L(zr@krBgDYT>E`5BUmn_sn!7X~3~^2tpJcLOcJqtK2^lfZ3r}Bjtbg}%_5#Dc zqDk?V!FnzapA{-pnoWw@EXX9*aZ2FU?%n@uHofl(KhksITjrT*E{~sAZ&>ZykP>k@ zhBG{FR`T)SXCGh595Gz;>=&N`r=!=ejvIe@x_`g<75JTLv5v#rE1e3rcP=`!Rz?4m zgj1iKWZ`x@qp2_DpQWy0WNDJ-Z8<-u{`0#QS+Dv2GkAPmM8Ix=voUBj3W$k#l{*-0QbL{ZE-J+QnJC>Fo*gsol04UVk^a``q54u_trU9f8|D zo0jM{s5;GNSTlFCVb7OefzKNq*{bHwf6q{&cXOiI)9pXkwKE>R=Mp=o=s-YT;TDy5 z^KNdbFDf}(SvHYtZ5jXevMiA!!7o^w**8>XUjFyP_wgz2<%gCmICJvImNvx*|6_Sc ztKTo5bYT83`FY!TEDjyWR=HIko%HP2pJ^whY?PS)`5ONVx_xf*(=~mX3m+^yw_&OO zPnYN248r+y*$z+f+OWn`%%DuxQ`vk+S&!fq$Jt+Zm?w4Bx4zE1EjJ_2EP26Uj$>}E zf99q5{9E+3{kYq<)s=;t{-jy0yYsvL)+|#|)k_`I)&<@vSC=ThFPfPa+kXGa|C?3& zyXVAA<7!)|wXdxFcrr(Oit`Rm|2HR}Z#wv8p3Vh4tLYSxJDgG{VwPHIo zeaf^J!vop2KROTB)y=Hm{d)H6ef$D;Onn{)&aNpaKY#K9d)G5+8AQE#OR7#0Z4=(_&r^bDJ`Uv34fERD`MG{=0+ zDWQe(h2f6cGk8CDwcdR7)oJG4PdmRPvwmBt)u|BJa&&H(RXdxa_pF@k=V?Y+|39{5 zpRZXh*QprkDgDa!?(xIv(!ZNuYX=;`p A&j0`b delta 1254 zcmcb@)xp}06h zH#Nn`)YQ;YAuAxiJTG0r(aAKzuhb+hQ$H-o$yK*g3Dnza+ze zOIKG{!7{3>pft!-JJH)R#3wSq%``0_(J55BI78dqG|@vlu{b0*Ezcy$E7;M3OU$$T zOi$zTjC!Hcr%_pq^|q{YqMUTMUJzZUVt;dS=>JF7+R}RBrb5r1v-C{wp8EOYkag9@ z)IA4kjVJC|Y3IoQ*ClIrh09m5{4=J%+`Vg-neY9xKl=8hz%@_gr=Qy~_0FeN`!ZZ# zIsSQEYn31=Hib3r>Y}T<+>2#>PcO^gn!vE4G25=@|NZ>vdZp7Hf%(t>={NB3)O=pQ z;MLzxPQS!oIb3v^1Sri)Zs z9eVB=lXAmyUEuZlJ%3cK^Gi!u7w2uv-`dOQZ$FXe3*(03pW)Xgwfh=0Gjk-(y5bwT zz)`wS;CJZJWp^yK``6cR?P!ecm-u`$!`J)Iie_WYNnV^!zD|qcP^n5{2%328Ms|6- z@AQiavYQKyn=~HGV3O+PXL~ByUSaPOTg$Jo;j~M@fBArHo@+0o5ql@v8@t$IB3Q~tA@BXt(MKm7N|=1$#|?pB@p;PPcl`yxH*%`*$~r>GtM<7^X< zdZE50G)BVZ)G22c?)L5Mi!54$;;YvkVqAOw@6QYkJHc+TNuQ?QSKG(kYxG~eg5$-D zk9TiY9FCcs7awN$Li4RTlb1v|*GGSr=bP_ytXh#jaoPRbwqIJFxK>UPFfTilIA`aV z#ZKF@6J~T=_+H2N?wKE_+oI|3g2V15M&`b+lZ*TGyMD3sho0BJY}B<+Yo;vvTO`f2 zXy#-_zTN$y6IzP=tgr6szIfSca%WSuUE42-6EO#v=2zLs{F{Ack9feIe7AQ&# Date: Sat, 3 May 2025 13:56:12 +0100 Subject: [PATCH 050/160] home: vim: lua: lsp: configure inlay hints --- modules/home/vim/lua/ambroisie/lsp.lua | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index e48de128..fef04873 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -53,6 +53,10 @@ M.on_attach = function(client, bufnr) vim.diagnostic.open_float(nil, { scope = "buffer" }) end + local function toggle_inlay_hints() + vim.lsp.inlay_hint.enable(not vim.lsp.inlay_hint.is_enabled()) + end + local keys = { buffer = bufnr, -- LSP navigation @@ -67,6 +71,7 @@ M.on_attach = function(client, bufnr) { "ca", vim.lsp.buf.code_action, desc = "Code actions" }, { "cd", cycle_diagnostics_display, desc = "Cycle diagnostics display" }, { "cD", show_buffer_diagnostics, desc = "Show buffer diagnostics" }, + { "ch", toggle_inlay_hints, desc = "Toggle inlay hints" }, { "cr", vim.lsp.buf.rename, desc = "Rename symbol" }, { "cs", vim.lsp.buf.signature_help, desc = "Show signature" }, { "ct", vim.lsp.buf.type_definition, desc = "Go to type definition" }, From d2a8894eb298a2fbdee409b20995c51d6dcbaf4e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 5 May 2025 18:06:41 +0100 Subject: [PATCH 051/160] home: wm: i3: make 'firefox' history float --- modules/home/wm/i3/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix index 029a14ba..5f22bbe2 100644 --- a/modules/home/wm/i3/default.nix +++ b/modules/home/wm/i3/default.nix @@ -127,6 +127,7 @@ in { class = "^Blueman-.*$"; } { title = "^htop$"; } { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; } + { class = "^firefox$"; instance = "Places"; window_role = "Organizer"; } { class = "^pavucontrol.*$"; } { class = "^Arandr$"; } { class = "^\\.blueman-manager-wrapped$"; } From a9ba93f834db067e9d791c4299ceab483c8ef6f8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 7 May 2025 11:27:12 +0000 Subject: [PATCH 052/160] home: delta: assert git is enabled --- modules/home/delta/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/home/delta/default.nix b/modules/home/delta/default.nix index e9350bb4..58ee0311 100644 --- a/modules/home/delta/default.nix +++ b/modules/home/delta/default.nix @@ -23,6 +23,13 @@ in properly configured. ''; } + { + assertion = cfg.enable -> config.programs.git.enable; + message = '' + `config.my.home.delta` relies on `config.programs.git` to be + enabled. + ''; + } ]; home.packages = [ cfg.package ]; From 07d8f5a03fbc5a1e36e6425953ad30f2c7037287 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 7 May 2025 17:25:28 +0200 Subject: [PATCH 053/160] flake: nixos: use 'nixpkgs.hostPlatform' This is the proper way to set `system` nowadays. --- flake/nixos.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/flake/nixos.nix b/flake/nixos.nix index bf9eac8c..0fbd3a6a 100644 --- a/flake/nixos.nix +++ b/flake/nixos.nix @@ -15,8 +15,10 @@ let ]; buildHost = name: system: lib.nixosSystem { - inherit system; modules = defaultModules ++ [ + { + nixpkgs.hostPlatform = system; + } "${self}/hosts/nixos/${name}" ]; specialArgs = { From 8a8e4f93a513ad3aaafdbeced14a61d5f961ff1d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 7 May 2025 17:16:44 +0000 Subject: [PATCH 054/160] flake: home-manager: remove obsolete comment --- flake/home-manager.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/flake/home-manager.nix b/flake/home-manager.nix index 093ae8cf..88a74e8f 100644 --- a/flake/home-manager.nix +++ b/flake/home-manager.nix @@ -22,10 +22,6 @@ let ]; mkHome = name: system: inputs.home-manager.lib.homeManagerConfiguration { - # Work-around for home-manager - # * not letting me set `lib` as an extraSpecialArgs - # * not respecting `nixpkgs.overlays` [1] - # [1]: https://github.com/nix-community/home-manager/issues/2954 pkgs = inputs.nixpkgs.legacyPackages.${system}; modules = defaultModules ++ [ From 77839ab2ef3003c38324cade0810b41d1c84cc8c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 8 May 2025 13:29:35 +0000 Subject: [PATCH 055/160] flake: bump inputs --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 584d9423..ef7aba8e 100644 --- a/flake.lock +++ b/flake.lock @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1745930157, - "narHash": "sha256-y3h3NLnzRSiUkYpnfvnS669zWZLoqqI6NprtLQ+5dck=", + "lastModified": 1746683680, + "narHash": "sha256-+5zk+UbG0+GQlKt+gIKm+OhlYvHmkAHFXvf7hl1HDeM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "46e634be05ce9dc6d4db8e664515ba10b78151ae", + "rev": "16762245d811fdd74b417cc922223dc8eb741e8b", "type": "github" }, "original": { From 0c5836bc56e9048e27db4081595ff7cb566f9c31 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 8 May 2025 23:22:11 +0200 Subject: [PATCH 056/160] nixos: services: paperless: use 'PAPERLESS_URL' --- modules/nixos/services/paperless/default.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index 63f456b2..9cdac38a 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -53,17 +53,13 @@ in mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath; settings = - let - paperlessDomain = "paperless.${config.networking.domain}"; - in { # Use SSO PAPERLESS_ENABLE_HTTP_REMOTE_USER = true; PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER"; # Security settings - PAPERLESS_ALLOWED_HOSTS = paperlessDomain; - PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}"; + PAPERLESS_URL = "https://paperless.${config.networking.domain}"; # OCR settings PAPERLESS_OCR_LANGUAGE = "fra+eng"; From a997d36964830a96b13c99175c51165614686edf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 8 May 2025 23:22:35 +0200 Subject: [PATCH 057/160] nixos: services: paperless: fix formatting --- modules/nixos/services/paperless/default.nix | 32 ++++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index 9cdac38a..f345e8a8 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -52,26 +52,26 @@ in mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath; - settings = - { - # Use SSO - PAPERLESS_ENABLE_HTTP_REMOTE_USER = true; - PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER"; + settings = { + # Use SSO + PAPERLESS_ENABLE_HTTP_REMOTE_USER = true; + PAPERLESS_ENABLE_HTTP_REMOTE_USER_API = true; + PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER"; - # Security settings - PAPERLESS_URL = "https://paperless.${config.networking.domain}"; + # Security settings + PAPERLESS_URL = "https://paperless.${config.networking.domain}"; - # OCR settings - PAPERLESS_OCR_LANGUAGE = "fra+eng"; + # OCR settings + PAPERLESS_OCR_LANGUAGE = "fra+eng"; - # Workers - PAPERLESS_TASK_WORKERS = 3; - PAPERLESS_THREADS_PER_WORKER = 4; + # Workers + PAPERLESS_TASK_WORKERS = 3; + PAPERLESS_THREADS_PER_WORKER = 4; - # Misc - PAPERLESS_TIME_ZONE = config.time.timeZone; - PAPERLESS_ADMIN_USER = cfg.username; - }; + # Misc + PAPERLESS_TIME_ZONE = config.time.timeZone; + PAPERLESS_ADMIN_USER = cfg.username; + }; # Admin password passwordFile = cfg.passwordFile; From 1dc65a37e7dc8041ee639dac882c5e2503708170 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 8 May 2025 23:29:30 +0200 Subject: [PATCH 058/160] nixos: services: paperless: set proxy settings --- modules/nixos/services/paperless/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index f345e8a8..b6965cae 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -60,6 +60,8 @@ in # Security settings PAPERLESS_URL = "https://paperless.${config.networking.domain}"; + PAPERLESS_USE_X_FORWARD_HOST = true; + PAPERLESS_PROXY_SSL_HEADER = ''["HTTP_X_FORWARDED_PROTO", "https"]''; # OCR settings PAPERLESS_OCR_LANGUAGE = "fra+eng"; From 5b545a28f10c90d07f0442fb8c5823b1cb53f2f3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 9 May 2025 00:02:07 +0200 Subject: [PATCH 059/160] nixos: services: mealie: use automatic DB setup --- modules/nixos/services/mealie/default.nix | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 664d5ba8..3b4d4f73 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -38,27 +38,13 @@ in # Make it work with socket auth POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql"; }; - }; - systemd.services = { - mealie = { - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; + # Automatic PostgreSQL provisioning + database = { + createLocally = true; }; }; - # Set-up database - services.postgresql = { - enable = true; - ensureDatabases = [ "mealie" ]; - ensureUsers = [ - { - name = "mealie"; - ensureDBOwnership = true; - } - ]; - }; - my.services.nginx.virtualHosts = { mealie = { inherit (cfg) port; From f14f5c7f8aa3e87cb025e04b3f8cac2b1315d596 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 14 May 2025 18:51:12 +0000 Subject: [PATCH 060/160] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index ef7aba8e..b90b54a0 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1742649964, - "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "lastModified": 1746537231, + "narHash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "rev": "fa466640195d38ec97cf0493d6d6882bc4d14969", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1746040799, - "narHash": "sha256-osgPX/SzIpkR50vev/rqoTEAVkEcOWXoQXmbzsaI4KU=", + "lastModified": 1747225851, + "narHash": "sha256-4IbmZrNOdXP143kZEUzxBS5SqyxUlaSHLgdpeJfP2ZU=", "owner": "nix-community", "repo": "home-manager", - "rev": "5f217e5a319f6c186283b530f8c975e66c028433", + "rev": "6bf057fc8326e83bda05a669fc08d106547679fb", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746683680, - "narHash": "sha256-+5zk+UbG0+GQlKt+gIKm+OhlYvHmkAHFXvf7hl1HDeM=", + "lastModified": 1746904237, + "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "16762245d811fdd74b417cc922223dc8eb741e8b", + "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956", "type": "github" }, "original": { From 97bcc5f34ed0b7154829f4bd0a43b485f16205b7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 18 May 2025 02:14:36 +0200 Subject: [PATCH 061/160] hosts: nixos: porthos: secrets: update cross-seed --- .../servarr/cross-seed/configuration.json.age | Bin 1364 -> 1528 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age index 1499a56c21c9911f5a7111177b3458e418cb4b1c..e319f3a823c4eb4c84b15f6630ea5fbf42f9092b 100644 GIT binary patch delta 1502 zcmcb@^@DqYPJM)-VR?CgkBPZawo9aGMoCdYRk>4OQGumFMo6W5x^rP=Mt)AETV`3V z1(#E4QAJ@+N^qv5r>~)BvQubgdVynQWKwEazOiRuRf$n@d4RJ~l2Kr;1(&X!LUD11 zZfc5=si~o*LRLV2d0x7LTcA^FQMP_+ScYYkbCiF2Kz*uLx|y4Yvy+>npMhItskXmS zqIsZaWtO7}muXf=R=J;Zl8HxhR8p98WpSjBN1#htPF{*xP+m@HvU6p4X<2GTMrw)$ zm#(g^f>}hNuTxTJMdzPPBsB^Mmo>ycf*D2@n z37;fCdeuv+?>w+R<0Yeo{}QfuMmN)!+&k=0a;^TSYwE4IY0U~Q?{9Yfw0X#~C0&SF zX}+aS((K$VJ-bblR?1ZG`JdIke`#ik!jg~Af1G*t+V950$FnqoQUr|mohx^EF@65T z!^>7rb@N!fc}v>LkM#>r%T@8aynXUz(Vrc1N_9sTE>E4Nw7mX$h0l{u+OqtM1bTj@ z{(q8F`{LD`c_O|u&izgQ`QeY>?OCTZ*t+M1PUGCN>2JW}-2Va(cQ3Qqb*%S#`^L*J zG+q`LyViT9Zd*R-NA%IVo*yc{RKzX66}P)FtGzy)v4%Z9f!XkKo!$0ChYdC^i?TxQ zn;!e4|M;`7(CJ-Ed03yy+^*NF)SaH%BJzKE^2OXKtanWAHZ%#J&b~Tv%d`CgUAeXM zmqgG0v{sNa#44C8s9yZV?WjFxZhl>tDqUQvv?~1K4ePy1>-d}J>u|1KJ8x&IqfYo+ zv*Wuy^8DMJ_IAY~9#8ikC1JDBo^u^VY~lYmh;NKyxvQY*wpb@t-T7Qi$XnlQ^#W44 zZ`SP8{vYOUcPhZZFKDgXN`tTQ-^=Rxdu|@>URiWR^t<<$J0G5AKAz@imKnqS{_7*H z#FFImH@qBwus*nwkZR2-_kL^j^KWZC&P&xjDY@4u!1R1$kMd!|Dd)3Oj?a-1@bQuJ zGhz?e+$&-I#Jc~q!JT&{OXn-=ZTu><_0+@qFGA5bx1N1jc_%AC@a99t6+hbVFjPD* zlbM&YU~#mT=C-yyD6{*CAU zbAcA213k_z6ZG$z|4sdxvnDiormsueVi3I=hEAwk9|GFUKP*( zmVCWq#*6=IN3OVUo_;VjW9z5BgI6P(MYo&%yc#j-Pdb0amK!C$A9UOt4%p@|(ERo= zklTIkm2$WJ$%@ynyzZJ(QCwgDr_KO<~sq1K!1b7eBA@YG1o_ZS9v8 z<^gMpl?pxQNNIoN50~D4D9GRL(1pc$?pxUA*sb!4%qx!Ga!2Fh)W#z7ZdRxIg}XfB zp55k34$-WbeoQ+va{*q&I@m&wc zd^er?vXJvLKbtK3YbrlQ;`sKm-4o}XlD+TIschDg_~GD{&rUZ^itg#_SzfzD;_Y=d zZS&;ktru!-w(1*&1`97TayHfcbHvdhOU!CRc)|p!BKv182~T_$y*_L?x37jXhvyNK9{bYLUD11 zZfc5=si~o*LRLV2d0x6gNV1>1nO~T3PL@eURA7~{Uwv3snU7~~d2y+}nMs+eYp`Kq za#mEBVXlz{msx67pn;i}X?}W`XLyRApNW}^r*n{7Rc5|-N@=P^y1Q9;WI7txsRS zEa2H)kt=ndea&_>r1ceU*>vr+dv}C^<^=n4E=gw9_d6Fc%341-yzQo7ZO`V=#|C{C z_Dr*{>BuZGso*R$P~2@Lw?;?kz@vpV>))@Kx6p{=UUJNb`U|OB|7~dTtW%7-)WDc> z_{off2V5If;{|soU6eMCxXBgId+43YM&3;;B> zMU&z!gY{e&vq3U-{a~ z*FQGab)CFyN4|xhBj@^rxz}%h`kyjcw2QNN)7ul~Q@d?9y#8)-_qn}8V^8LyI|8?R zHZ9R@P<5Kkux9RN!=5j{0-rZJvQ^EU|DK^l@8(3ar`vz7YiB%s&n0$F(Sd-x!YwNA z=H1*So? zR=;09>A?J7^7FRwSR6W#t#Ye8I_cT3KhsW1*(fpp^ELh#bo<=qr)&B&7d}{aZo^Xl zpDxe48HDravK^k{wPB5?m_eDWr?UBuvL3-Jj$MtD9NB`}OSC`}hUynEE^poLy5;e*WZzB>QVlyR#GCM9pjMT)w+% z|MIqz9@5-VzPpQ7zOP%b@b($oWBkAKquxptFf0(7(RKaL=@~X>zuXE|SsI;jXpZ@s zQ$h>n3&S0?XYhXRYQ6dDtJBQ8pLTvpX8pEOt5YGc<>=fnt9CX;?^!w7&(n;u{(o%A zK3}t1u2V76Q~H(d-Q$PTrGGcS)($vyhjINiudWlzW8FbX?;=Q2YG0CoF! AMgRZ+ From c1e2114c57e9e0027b3e17b7fbf48253b22fb651 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 23 May 2025 22:56:19 +0100 Subject: [PATCH 062/160] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index b90b54a0..e0456b8e 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1745630506, - "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", + "lastModified": 1747575206, + "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", "owner": "ryantm", "repo": "agenix", - "rev": "96e078c646b711aee04b82ba01aefbff87004ded", + "rev": "4835b1dc898959d8547a871ef484930675cb47f1", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1746537231, - "narHash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=", + "lastModified": 1747372754, + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "fa466640195d38ec97cf0493d6d6882bc4d14969", + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1747225851, - "narHash": "sha256-4IbmZrNOdXP143kZEUzxBS5SqyxUlaSHLgdpeJfP2ZU=", + "lastModified": 1747978958, + "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "6bf057fc8326e83bda05a669fc08d106547679fb", + "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746904237, - "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=", + "lastModified": 1747744144, + "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956", + "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", "type": "github" }, "original": { From 24407448d498d637b94d04d9b06816f432c9197b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 27 May 2025 11:16:46 +0000 Subject: [PATCH 063/160] hosts: homes: mousqueton: disable 'atuin' package The system-provided package is built without its sync functionality. To ensure the module works as written, I can't use `pkgs.emptyDirectory` for this unfortunately... --- hosts/homes/ambroisie@mousqueton/default.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/hosts/homes/ambroisie@mousqueton/default.nix b/hosts/homes/ambroisie@mousqueton/default.nix index 37884d79..13836189 100644 --- a/hosts/homes/ambroisie@mousqueton/default.nix +++ b/hosts/homes/ambroisie@mousqueton/default.nix @@ -7,6 +7,20 @@ services.gpg-agent.enable = lib.mkForce false; my.home = { + atuin = { + package = pkgs.stdenv.mkDerivation { + pname = "atuin"; + version = "18.4.0"; + + buildCommand = '' + mkdir -p $out/bin + ln -s /usr/bin/atuin $out/bin/atuin + ''; + + meta.mainProgram = "atuin"; + }; + }; + git = { package = pkgs.emptyDirectory; }; From 9751fdb888d0d72801bff0c0381b057e0431f2a8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 27 May 2025 11:39:15 +0000 Subject: [PATCH 064/160] hosts: homes: bazin: disable 'atuin' package Same as on `mousqueton`. --- hosts/homes/ambroisie@bazin/default.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/hosts/homes/ambroisie@bazin/default.nix b/hosts/homes/ambroisie@bazin/default.nix index f52fbce5..365b70df 100644 --- a/hosts/homes/ambroisie@bazin/default.nix +++ b/hosts/homes/ambroisie@bazin/default.nix @@ -4,6 +4,20 @@ services.gpg-agent.enable = lib.mkForce false; my.home = { + atuin = { + package = pkgs.stdenv.mkDerivation { + pname = "atuin"; + version = "18.4.0"; + + buildCommand = '' + mkdir -p $out/bin + ln -s /usr/bin/atuin $out/bin/atuin + ''; + + meta.mainProgram = "atuin"; + }; + }; + git = { package = pkgs.emptyDirectory; }; From a67a54bda27092c9f89e60bf3ce75839e914f9b4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 24 May 2025 22:33:21 +0200 Subject: [PATCH 065/160] nixos: services: paperless: use structured setting The module should stringify it to JSON automatically, so might as well use the more readable option. --- modules/nixos/services/paperless/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index b6965cae..11959772 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -61,7 +61,7 @@ in # Security settings PAPERLESS_URL = "https://paperless.${config.networking.domain}"; PAPERLESS_USE_X_FORWARD_HOST = true; - PAPERLESS_PROXY_SSL_HEADER = ''["HTTP_X_FORWARDED_PROTO", "https"]''; + PAPERLESS_PROXY_SSL_HEADER = [ "HTTP_X_FORWARDED_PROTO" "https" ]; # OCR settings PAPERLESS_OCR_LANGUAGE = "fra+eng"; From 98d39717e2aa0306865982191afa200b5914426b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 31 May 2025 22:37:21 +0100 Subject: [PATCH 066/160] home: direnv: lib: don't erase pre-existing venv Turns out `uv venv` isn't idempotent, it removes the existing virtual environment by default. Thankfully, there's a flag to fix it. --- modules/home/direnv/lib/python.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh index b4b2bcef..b1be8a91 100644 --- a/modules/home/direnv/lib/python.sh +++ b/modules/home/direnv/lib/python.sh @@ -46,7 +46,7 @@ layout_uv() { fi # create venv if it doesn't exist - uv venv -q + uv venv -q --allow-existing export VIRTUAL_ENV export UV_ACTIVE=1 From 151570cccaf8511688769ee0665868340054ba30 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 9 Jun 2025 10:36:33 +0000 Subject: [PATCH 067/160] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index e0456b8e..219d87d6 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1747978958, - "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", + "lastModified": 1749400020, + "narHash": "sha256-0nTmHO8AYgRYk5v6zw5oZ3x9nh+feb+Isn7WNe318M0=", "owner": "nix-community", "repo": "home-manager", - "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", + "rev": "2835e8ba0ad99ba86d4a5e497a962ec9fa35e48f", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1747744144, - "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", + "lastModified": 1749285348, + "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", + "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", "type": "github" }, "original": { From 971f90581397286a3ffb424970cb5c1e9471a203 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 9 Jun 2025 13:52:29 +0200 Subject: [PATCH 068/160] nixos: services: mealie: remove DB settings Looks like I missed them in the original commit to migrate to `database.createLocally`. --- modules/nixos/services/mealie/default.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 3b4d4f73..8c02398c 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -32,11 +32,6 @@ in BASE_URL = "https://mealie.${config.networking.domain}"; TZ = config.time.timeZone; ALLOw_SIGNUP = "false"; - - # Use PostgreSQL - DB_ENGINE = "postgres"; - # Make it work with socket auth - POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql"; }; # Automatic PostgreSQL provisioning From 1b275e1a8a8291b3ed9789d25c2592ba52b8d9ec Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 17 Jun 2025 09:29:24 +0000 Subject: [PATCH 069/160] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 219d87d6..94ab916d 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1747372754, - "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", + "lastModified": 1749636823, + "narHash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", + "rev": "623c56286de5a3193aa38891a6991b28f9bab056", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1749400020, - "narHash": "sha256-0nTmHO8AYgRYk5v6zw5oZ3x9nh+feb+Isn7WNe318M0=", + "lastModified": 1750127463, + "narHash": "sha256-K2xFtlD3PcKAZriOE3LaBLYmVfGQu+rIF4Jr1RFYR0Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "2835e8ba0ad99ba86d4a5e497a962ec9fa35e48f", + "rev": "28eef8722d1af18ca13e687dbf485e1c653a0402", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1749285348, - "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", + "lastModified": 1749794982, + "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", + "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", "type": "github" }, "original": { From 112e3403615f65807dfcc28929b2b8a19656859e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 17 Jun 2025 09:26:09 +0000 Subject: [PATCH 070/160] home: do not hard-code username The flake module already sets it with `mkDefault`, making it easier to override it for a specific host. --- modules/home/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/home/default.nix b/modules/home/default.nix index e642e878..1c403778 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -51,9 +51,6 @@ # First sane reproducible version home.stateVersion = "20.09"; - # Who am I? - home.username = "ambroisie"; - # Start services automatically systemd.user.startServices = "sd-switch"; } From 03bb62777079b4a8ecc755570cc04a45095ca013 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 2 Jul 2025 13:23:34 +0200 Subject: [PATCH 071/160] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 94ab916d..a4da84dc 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1747575206, - "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", + "lastModified": 1750173260, + "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", "owner": "ryantm", "repo": "agenix", - "rev": "4835b1dc898959d8547a871ef484930675cb47f1", + "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1749398372, - "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1749636823, - "narHash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4=", + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "623c56286de5a3193aa38891a6991b28f9bab056", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1750127463, - "narHash": "sha256-K2xFtlD3PcKAZriOE3LaBLYmVfGQu+rIF4Jr1RFYR0Q=", + "lastModified": 1751429452, + "narHash": "sha256-4s5vRtaqdNhVBnbOWOzBNKrRa0ShQTLoEPjJp3joeNI=", "owner": "nix-community", "repo": "home-manager", - "rev": "28eef8722d1af18ca13e687dbf485e1c653a0402", + "rev": "df12269039dcf752600b1bcc176bacf2786ec384", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1749794982, - "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", + "lastModified": 1751271578, + "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", + "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", "type": "github" }, "original": { From d61840651698e3ad05325039e9aa2a6cf9ad6aa2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 2 Jul 2025 13:24:16 +0200 Subject: [PATCH 072/160] nixos: services: use 'postgresql.target' This is now the more correct dependency to use in service definitions, to guarantee read-write access with users and permissions. --- modules/nixos/services/drone/server/default.nix | 4 ++-- modules/nixos/services/tandoor-recipes/default.nix | 4 ++-- modules/nixos/services/woodpecker/server/default.nix | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/nixos/services/drone/server/default.nix b/modules/nixos/services/drone/server/default.nix index a3a1e496..d6148f42 100644 --- a/modules/nixos/services/drone/server/default.nix +++ b/modules/nixos/services/drone/server/default.nix @@ -6,8 +6,8 @@ in config = lib.mkIf cfg.enable { systemd.services.drone-server = { wantedBy = [ "multi-user.target" ]; - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; + after = [ "postgresql.target" ]; + requires = [ "postgresql.target" ]; serviceConfig = { EnvironmentFile = [ cfg.secretFile diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix index 3447beee..169eec82 100644 --- a/modules/nixos/services/tandoor-recipes/default.nix +++ b/modules/nixos/services/tandoor-recipes/default.nix @@ -49,8 +49,8 @@ in systemd.services = { tandoor-recipes = { - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; + after = [ "postgresql.target" ]; + requires = [ "postgresql.target" ]; serviceConfig = { EnvironmentFile = cfg.secretKeyFile; diff --git a/modules/nixos/services/woodpecker/server/default.nix b/modules/nixos/services/woodpecker/server/default.nix index adf533e8..caf0179c 100644 --- a/modules/nixos/services/woodpecker/server/default.nix +++ b/modules/nixos/services/woodpecker/server/default.nix @@ -24,8 +24,8 @@ in }; systemd.services.woodpecker-server = { - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; + after = [ "postgresql.target" ]; + requires = [ "postgresql.target" ]; serviceConfig = { # Set username for DB access From 5d8722397010e1c1ddbc4d59abe53b7a6bd55584 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 2 Jul 2025 13:26:22 +0200 Subject: [PATCH 073/160] nixos: services: transmission: use 'trgui-ng' I like it much better than the built-in UI. --- modules/nixos/services/transmission/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index 16d51e3f..ddd77d4b 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -47,6 +47,7 @@ in enable = true; package = pkgs.transmission_4; group = "media"; + webHome = pkgs.trgui-ng-web; downloadDirPermissions = "775"; From 66ec807dc6729a8aabd7cb5f42797e246f36befa Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 2 Jul 2025 14:01:15 +0200 Subject: [PATCH 074/160] hosts: nixos: aramis: home: use 'trgui-ng' It looks and works much better than the old one. Unfortunately, it's a Tauri app. --- hosts/nixos/aramis/home.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix index 64b63ce4..221b1eae 100644 --- a/hosts/nixos/aramis/home.nix +++ b/hosts/nixos/aramis/home.nix @@ -20,7 +20,7 @@ element-desktop # Matrix client jellyfin-media-player # Wraps the webui and mpv together pavucontrol # Audio mixer GUI - transgui # Transmission remote + trgui-ng # Transmission remote ]; # Minimal video player mpv.enable = true; From 8d809e3ac3c05eb9ca6de3279fee2a8c72cdd293 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 8 Jul 2025 10:40:08 +0000 Subject: [PATCH 075/160] flake: bump inputs --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index a4da84dc..dc32e95f 100644 --- a/flake.lock +++ b/flake.lock @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751271578, - "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", + "lastModified": 1751952840, + "narHash": "sha256-SIkjQb9PPGvR/EcZAU8UZEnO9dwY2Z/BrDWgtyZd7OA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", + "rev": "27278798fe68d7f81131dd7ab62b8ea2b795cd56", "type": "github" }, "original": { From b093faf00d8066e19d144c34533a32602a4fb8f7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 8 Jul 2025 10:42:13 +0000 Subject: [PATCH 076/160] nixos: services: tandoor-recipes: use automatic DB --- .../services/tandoor-recipes/default.nix | 25 +++---------------- 1 file changed, 4 insertions(+), 21 deletions(-) diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix index 169eec82..4b4ed1a0 100644 --- a/modules/nixos/services/tandoor-recipes/default.nix +++ b/modules/nixos/services/tandoor-recipes/default.nix @@ -26,18 +26,16 @@ in services.tandoor-recipes = { enable = true; + database = { + createLocally = true; + }; + port = cfg.port; extraConfig = let tandoorRecipesDomain = "recipes.${config.networking.domain}"; in { - # Use PostgreSQL - DB_ENGINE = "django.db.backends.postgresql"; - POSTGRES_HOST = "/run/postgresql"; - POSTGRES_USER = "tandoor_recipes"; - POSTGRES_DB = "tandoor_recipes"; - # Security settings ALLOWED_HOSTS = tandoorRecipesDomain; CSRF_TRUSTED_ORIGINS = "https://${tandoorRecipesDomain}"; @@ -49,27 +47,12 @@ in systemd.services = { tandoor-recipes = { - after = [ "postgresql.target" ]; - requires = [ "postgresql.target" ]; - serviceConfig = { EnvironmentFile = cfg.secretKeyFile; }; }; }; - # Set-up database - services.postgresql = { - enable = true; - ensureDatabases = [ "tandoor_recipes" ]; - ensureUsers = [ - { - name = "tandoor_recipes"; - ensureDBOwnership = true; - } - ]; - }; - my.services.nginx.virtualHosts = { recipes = { inherit (cfg) port; From 2473bca1671ddaab0ce6de70d5471bf304133af6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 11 Jul 2025 14:24:23 +0000 Subject: [PATCH 077/160] home: vim: telescope: remove LSP handlers The plug-in was broken with the update to 0.11, and I would like to try using the built-in quickfixlist-based handlers for a while. This reverts commit 8d4a1e61b4f26f7443f7c8b0b65643f0bd312e9f. --- modules/home/vim/default.nix | 1 - modules/home/vim/plugin/settings/telescope.lua | 1 - 2 files changed, 2 deletions(-) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 20a74fff..930a853a 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -80,7 +80,6 @@ in nvim-surround # Deal with pairs, now in Lua oil-nvim # Better alternative to NetrW telescope-fzf-native-nvim # Use 'fzf' fuzzy matching algorithm - telescope-lsp-handlers-nvim # Use 'telescope' for various LSP actions telescope-nvim # Fuzzy finder interface which-key-nvim # Show available mappings ]; diff --git a/modules/home/vim/plugin/settings/telescope.lua b/modules/home/vim/plugin/settings/telescope.lua index 1a239282..810d51cb 100644 --- a/modules/home/vim/plugin/settings/telescope.lua +++ b/modules/home/vim/plugin/settings/telescope.lua @@ -23,7 +23,6 @@ telescope.setup({ }) telescope.load_extension("fzf") -telescope.load_extension("lsp_handlers") local keys = { { "f", group = "Fuzzy finder" }, From 979ae901c4057308ce1da3bbf2388e2addd99d7f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 15 Jul 2025 09:52:21 +0000 Subject: [PATCH 078/160] flake: bump inputs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index dc32e95f..0f205ab2 100644 --- a/flake.lock +++ b/flake.lock @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1751429452, - "narHash": "sha256-4s5vRtaqdNhVBnbOWOzBNKrRa0ShQTLoEPjJp3joeNI=", + "lastModified": 1752467539, + "narHash": "sha256-4kaR+xmng9YPASckfvIgl5flF/1nAZOplM+Wp9I5SMI=", "owner": "nix-community", "repo": "home-manager", - "rev": "df12269039dcf752600b1bcc176bacf2786ec384", + "rev": "1e54837569e0b80797c47be4720fab19e0db1616", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751952840, - "narHash": "sha256-SIkjQb9PPGvR/EcZAU8UZEnO9dwY2Z/BrDWgtyZd7OA=", + "lastModified": 1752644555, + "narHash": "sha256-oeRcp4VEyZ/3ZgfRRoq60/08l2zy0K53l8MdfSIYd24=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "27278798fe68d7f81131dd7ab62b8ea2b795cd56", + "rev": "9100a4f6bf446603b9575927c8585162f9ec9aa6", "type": "github" }, "original": { From 13b61346f5cca39d1ba2c66717e14a6d01b99acc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 15 Jul 2025 09:54:23 +0000 Subject: [PATCH 079/160] home: tmux: increase history scrollback Even *longer*. --- modules/home/tmux/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 82ceb3a3..3ea047a2 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -48,7 +48,7 @@ in keyMode = "vi"; # Home-row keys and other niceties clock24 = true; # I'm one of those heathens escapeTime = 0; # Let vim do its thing instead - historyLimit = 100000; # Bigger buffer + historyLimit = 1000000; # Bigger buffer mouse = false; # I dislike mouse support focusEvents = true; # Report focus events terminal = "tmux-256color"; # I want accurate termcap info From add796768567599e9d6b2a54c80baac84d7681b5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 27 Jul 2025 20:49:24 +0100 Subject: [PATCH 080/160] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 0f205ab2..e96a7a08 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "lastModified": 1753121425, + "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1752467539, - "narHash": "sha256-4kaR+xmng9YPASckfvIgl5flF/1nAZOplM+Wp9I5SMI=", + "lastModified": 1753617834, + "narHash": "sha256-WEVfKrdIdu5CpppJ0Va3vzP0DKlS+ZTLbBjugMO2Drg=", "owner": "nix-community", "repo": "home-manager", - "rev": "1e54837569e0b80797c47be4720fab19e0db1616", + "rev": "72cc1e3134a35005006f06640724319caa424737", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1752644555, - "narHash": "sha256-oeRcp4VEyZ/3ZgfRRoq60/08l2zy0K53l8MdfSIYd24=", + "lastModified": 1753429684, + "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9100a4f6bf446603b9575927c8585162f9ec9aa6", + "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", "type": "github" }, "original": { From 2a515754a2c8bb87fe756d9862d3bb04c6be2bbb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 27 Jul 2025 20:48:06 +0100 Subject: [PATCH 081/160] home: zsh: use absolute path to 'XDG_CONFIG_HOME' The path handling has been fixed upstream, which makes this module more readable. --- modules/home/zsh/default.nix | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index f4092d88..08b41018 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -1,14 +1,6 @@ { config, pkgs, lib, ... }: let cfg = config.my.home.zsh; - - # Have a nice relative path for XDG_CONFIG_HOME, without leading `/` - relativeXdgConfig = - let - noHome = lib.removePrefix config.home.homeDirectory; - noSlash = lib.removePrefix "/"; - in - noSlash (noHome config.xdg.configHome); in { options.my.home.zsh = with lib; { @@ -57,7 +49,7 @@ in programs.zsh = { enable = true; - dotDir = "${relativeXdgConfig}/zsh"; # Don't clutter $HOME + dotDir = "${config.xdg.configHome}/zsh"; # Don't clutter $HOME enableCompletion = true; history = { From 4b7c6c1f5eb7cbd7254a8f69050b17c9d4723837 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 29 Jul 2025 16:13:58 +0000 Subject: [PATCH 082/160] pkgs: comma: fix 'nix-locate' invocation --- pkgs/comma/comma | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/comma/comma b/pkgs/comma/comma index 4367a267..857b9c9d 100755 --- a/pkgs/comma/comma +++ b/pkgs/comma/comma @@ -12,7 +12,7 @@ usage() { find_program() { local CANDIDATE - CANDIDATE="$(nix-locate --top-level --minimal --at-root --whole-name "/bin/$1")" + CANDIDATE="$(nix-locate --minimal --at-root --whole-name "/bin/$1")" if [ "$(printf '%s\n' "$CANDIDATE" | wc -l)" -gt 1 ]; then CANDIDATE="$(printf '%s' "$CANDIDATE" | fzf-tmux)" fi From 7786c591b5f1e5745eb73b3a60ebe5e0704669a9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 4 Aug 2025 11:13:52 +0000 Subject: [PATCH 083/160] pkgs: comma: add 'COMMA_PICKER' --- pkgs/comma/comma | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/comma/comma b/pkgs/comma/comma index 857b9c9d..b03a7f24 100755 --- a/pkgs/comma/comma +++ b/pkgs/comma/comma @@ -14,7 +14,7 @@ find_program() { local CANDIDATE CANDIDATE="$(nix-locate --minimal --at-root --whole-name "/bin/$1")" if [ "$(printf '%s\n' "$CANDIDATE" | wc -l)" -gt 1 ]; then - CANDIDATE="$(printf '%s' "$CANDIDATE" | fzf-tmux)" + CANDIDATE="$(printf '%s' "$CANDIDATE" | "${COMMA_PICKER:-fzf-tmux}")" fi printf '%s' "$CANDIDATE" } From f94fc468aa3c3bed51611d083d01e5adbecf75dd Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 4 Aug 2025 14:28:34 +0000 Subject: [PATCH 084/160] home: zsh: ignore more commands for notification --- modules/home/zsh/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 08b41018..1e85ccec 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -14,10 +14,12 @@ in exclude = mkOption { type = with types; listOf str; default = [ + "bat" "delta" "direnv reload" "fg" "git (?!push|pull|fetch)" + "home-manager (?!switch|build|news)" "htop" "less" "man" From a10270f8e16b9e397782a8cd9297e516247b049e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 5 Aug 2025 11:00:26 +0000 Subject: [PATCH 085/160] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index e96a7a08..080c212f 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1750173260, - "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", + "lastModified": 1754337839, + "narHash": "sha256-fEc2/4YsJwtnLU7HCFMRckb0u9UNnDZmwGhXT5U5NTw=", "owner": "ryantm", "repo": "agenix", - "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", + "rev": "856df6f6922845abd4fd958ce21febc07ca2fa45", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1753121425, - "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", + "lastModified": 1754091436, + "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", + "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1753617834, - "narHash": "sha256-WEVfKrdIdu5CpppJ0Va3vzP0DKlS+ZTLbBjugMO2Drg=", + "lastModified": 1754365350, + "narHash": "sha256-NLWIkn1qM0wxtZu/2NXRaujWJ4Y1PSZlc7h0y6pOzOQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "72cc1e3134a35005006f06640724319caa424737", + "rev": "c5d7e957397ecb7d48b99c928611c6e780db1b56", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1753429684, - "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", + "lastModified": 1754372978, + "narHash": "sha256-ByII9p9ek0k9UADC/hT+i9ueM2mw0Zxiz+bOlydU6Oo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", + "rev": "9ebe222ec7ef9de52478f76cba3f0324c1d1119f", "type": "github" }, "original": { @@ -200,11 +200,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1741294988, - "narHash": "sha256-3408u6q615kVTb23WtDriHRmCBBpwX7iau6rvfipcu4=", + "lastModified": 1753980880, + "narHash": "sha256-aj1pbYxL6N+XFqBHjB4B1QP0bnKRcg1AfpgT5zUFsW8=", "owner": "nix-community", "repo": "NUR", - "rev": "b30c245e2c44c7352a27485bfd5bc483df660f0e", + "rev": "16db3e61da7606984a05b4dfc33cd1d26d22fb22", "type": "github" }, "original": { From dd7b6135315c51812e6928087b20235c9fb7638d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 5 Aug 2025 11:03:01 +0000 Subject: [PATCH 086/160] pkgs: lohr: remove 'useFetchCargoVendor' It's now turned on by default. --- pkgs/lohr/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/pkgs/lohr/default.nix b/pkgs/lohr/default.nix index aeb13b1a..d8545e0d 100644 --- a/pkgs/lohr/default.nix +++ b/pkgs/lohr/default.nix @@ -10,7 +10,6 @@ rustPlatform.buildRustPackage rec { hash = "sha256-dunQgtap+XCK5LoSyOqIY/6p6HizBeiyPWNuCffwjDU="; }; - useFetchCargoVendor = true; cargoHash = "sha256-R3/N/43+bGx6acE/rhBcrk6kS5zQu8NJ1sVvKJJkK9w="; meta = with lib; { From f1d7da7fcb72aff435a975adfe710810ab064d93 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 00:11:26 +0200 Subject: [PATCH 087/160] nixos: services: matrix: refactor well-knowns --- modules/nixos/services/matrix/default.nix | 54 ++++++++++------------- 1 file changed, 23 insertions(+), 31 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index f4238342..b43dbcc9 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -14,6 +14,26 @@ let clientPort = { public = 443; private = 11339; }; domain = config.networking.domain; matrixDomain = "matrix.${domain}"; + + serverConfig = { + "m.server" = "${matrixDomain}:${toString federationPort.public}"; + }; + clientConfig = { + "m.homeserver" = { + "base_url" = "https://${matrixDomain}"; + "server_name" = domain; + }; + "m.identity_server" = { + "base_url" = "https://vector.im"; + }; + }; + + # ACAO required to allow element-web on any URL to request this json file + mkWellKnown = data: '' + default_type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON data}'; + ''; in { options.my.services.matrix = with lib; { @@ -96,15 +116,7 @@ in chat = { root = pkgs.element-web.override { conf = { - default_server_config = { - "m.homeserver" = { - "base_url" = "https://${matrixDomain}"; - "server_name" = domain; - }; - "m.identity_server" = { - "base_url" = "https://vector.im"; - }; - }; + default_server_config = clientConfig; showLabsSettings = true; defaultCountryCode = "FR"; # cocorico roomDirectory = { @@ -176,28 +188,8 @@ in forceSSL = true; useACMEHost = domain; - locations."= /.well-known/matrix/server".extraConfig = - let - server = { "m.server" = "${matrixDomain}:${toString federationPort.public}"; }; - in - '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON server}'; - ''; - - locations."= /.well-known/matrix/client".extraConfig = - let - client = { - "m.homeserver" = { "base_url" = "https://${matrixDomain}"; }; - "m.identity_server" = { "base_url" = "https://vector.im"; }; - }; - # ACAO required to allow element-web on any URL to request this json file - in - '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON client}'; - ''; + locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; + locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; }; }; From 0792e8c7cb1b75e608372e44fb36a885f28a998e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 00:34:40 +0200 Subject: [PATCH 088/160] nixos: services: matrix: fix element-web config --- modules/nixos/services/matrix/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index b43dbcc9..42f7b4e2 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -117,10 +117,11 @@ in root = pkgs.element-web.override { conf = { default_server_config = clientConfig; - showLabsSettings = true; - defaultCountryCode = "FR"; # cocorico - roomDirectory = { + show_labs_settings = true; + default_country_code = "FR"; # cocorico + room_directory = { "servers" = [ + domain "matrix.org" "mozilla.org" ]; From bd019258cb4f15e028bc4cb7a68353abe270e6ac Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 10:39:55 +0200 Subject: [PATCH 089/160] nixos: services: matrix: simplify listeners --- modules/nixos/services/matrix/default.nix | 93 ++++++++--------------- 1 file changed, 30 insertions(+), 63 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 42f7b4e2..83dac7cf 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -10,13 +10,11 @@ let cfg = config.my.services.matrix; - federationPort = { public = 8448; private = 11338; }; - clientPort = { public = 443; private = 11339; }; domain = config.networking.domain; matrixDomain = "matrix.${domain}"; serverConfig = { - "m.server" = "${matrixDomain}:${toString federationPort.public}"; + "m.server" = "${matrixDomain}:443"; }; clientConfig = { "m.homeserver" = { @@ -39,6 +37,13 @@ in options.my.services.matrix = with lib; { enable = mkEnableOption "Matrix Synapse"; + port = mkOption { + type = types.port; + default = 8448; + example = 8008; + description = "Internal port for listeners"; + }; + secretFile = mkOption { type = with types; nullOr str; default = null; @@ -78,22 +83,22 @@ in enable_registration = false; listeners = [ - # Federation { + inherit (cfg) port; bind_addresses = [ "::1" ]; - port = federationPort.private; - tls = false; # Terminated by nginx. + type = "http"; + tls = false; x_forwarded = true; - resources = [{ names = [ "federation" ]; compress = false; }]; - } - - # Client - { - bind_addresses = [ "::1" ]; - port = clientPort.private; - tls = false; # Terminated by nginx. - x_forwarded = true; - resources = [{ names = [ "client" ]; compress = false; }]; + resources = [ + { + names = [ "client" ]; + compress = true; + } + { + names = [ "federation" ]; + compress = false; + } + ]; } ]; @@ -130,11 +135,8 @@ in }; }; # Dummy VHosts for port collision detection - matrix-federation = { - port = federationPort.private; - }; - matrix-client = { - port = clientPort.private; + matrix-dummy = { + inherit (cfg) port; }; }; @@ -144,45 +146,15 @@ in onlySSL = true; useACMEHost = domain; - locations = - let - proxyToClientPort = { - proxyPass = "http://[::1]:${toString clientPort.private}"; - }; - in - { - # Or do a redirect instead of the 404, or whatever is appropriate - # for you. But do not put a Matrix Web client here! See the - # Element web section below. - "/".return = "404"; + locations = { + # Or do a redirect instead of the 404, or whatever is appropriate + # for you. But do not put a Matrix Web client here! See the + # Element web section below. + "/".return = "404"; - "/_matrix" = proxyToClientPort; - "/_synapse/client" = proxyToClientPort; - }; - - listen = [ - { addr = "0.0.0.0"; port = clientPort.public; ssl = true; } - { addr = "[::]"; port = clientPort.public; ssl = true; } - ]; - - }; - - # same as above, but listening on the federation port - "${matrixDomain}_federation" = { - onlySSL = true; - serverName = matrixDomain; - useACMEHost = domain; - - locations."/".return = "404"; - - locations."/_matrix" = { - proxyPass = "http://[::1]:${toString federationPort.private}"; + "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; + "/_synapse/client".proxyPass = "http://[::1]:${toString cfg.port}"; }; - - listen = [ - { addr = "0.0.0.0"; port = federationPort.public; ssl = true; } - { addr = "[::]"; port = federationPort.public; ssl = true; } - ]; }; "${domain}" = { @@ -197,11 +169,6 @@ in # For administration tools. environment.systemPackages = [ pkgs.matrix-synapse ]; - networking.firewall.allowedTCPPorts = [ - clientPort.public - federationPort.public - ]; - my.services.backup = { paths = [ config.services.matrix-synapse.dataDir From 1e31b2dfea4e2161c371806b262b924349ab31f5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 10:42:23 +0200 Subject: [PATCH 090/160] nixos: services: matrix: simplify VHost --- modules/nixos/services/matrix/default.nix | 31 ++++++++++------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 83dac7cf..763d9b12 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -134,29 +134,26 @@ in }; }; }; - # Dummy VHosts for port collision detection - matrix-dummy = { + matrix = { + # Somewhat unused, but necessary for port collision detection inherit (cfg) port; + + extraConfig = { + locations = { + # Or do a redirect instead of the 404, or whatever is appropriate + # for you. But do not put a Matrix Web client here! See the + # Element web section below. + "/".return = "404"; + + "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; + "/_synapse/client".proxyPass = "http://[::1]:${toString cfg.port}"; + }; + }; }; }; # Those are too complicated to use my wrapper... services.nginx.virtualHosts = { - ${matrixDomain} = { - onlySSL = true; - useACMEHost = domain; - - locations = { - # Or do a redirect instead of the 404, or whatever is appropriate - # for you. But do not put a Matrix Web client here! See the - # Element web section below. - "/".return = "404"; - - "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; - "/_synapse/client".proxyPass = "http://[::1]:${toString cfg.port}"; - }; - }; - "${domain}" = { forceSSL = true; useACMEHost = domain; From fa7b4910f5cac8bc1f50cc396174ecceae8b1fd5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 11:06:04 +0200 Subject: [PATCH 091/160] nixos: services: matrix: fix proxy to synapse I want to make use of the `/_synapse/matrix/` sub-path, so just proxy the whole of `/_synapse/`. --- modules/nixos/services/matrix/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 763d9b12..dfd5b502 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -146,7 +146,7 @@ in "/".return = "404"; "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; - "/_synapse/client".proxyPass = "http://[::1]:${toString cfg.port}"; + "/_synapse".proxyPass = "http://[::1]:${toString cfg.port}"; }; }; }; From 9cadbe6256b8ea9db3c2acc3eeb0e02b903d7579 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 11:07:37 +0200 Subject: [PATCH 092/160] nixos: services: matrix: add admin interface --- modules/nixos/services/matrix/default.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index dfd5b502..837d1502 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -10,6 +10,8 @@ let cfg = config.my.services.matrix; + adminPkg = pkgs.synapse-admin-etkecc; + domain = config.networking.domain; matrixDomain = "matrix.${domain}"; @@ -147,6 +149,22 @@ in "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; "/_synapse".proxyPass = "http://[::1]:${toString cfg.port}"; + + "= /admin".return = "307 /admin/"; + "/admin/" = { + alias = "${adminPkg}/"; + priority = 500; + tryFiles = "$uri $uri/ /index.html"; + }; + "~ ^/admin/.*\\.(?:css|js|jpg|jpeg|gif|png|svg|ico|woff|woff2|ttf|eot|webp)$" = { + priority = 400; + root = adminPkg; + extraConfig = '' + rewrite ^/admin/(.*)$ /$1 break; + expires 30d; + more_set_headers "Cache-Control: public"; + ''; + }; }; }; }; From 7a85a4440716f752c8f004330c9e2aa1a3c9886f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 20:06:40 +0200 Subject: [PATCH 093/160] nixos: services: matrix: remove obsolete comment --- modules/nixos/services/matrix/default.nix | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 837d1502..483a72ae 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -1,10 +1,4 @@ -# Matrix homeserver setup, using different endpoints for federation and client -# traffic. The main trick for this is defining two nginx servers endpoints for -# matrix.domain.com, each listening on different ports. -# -# Configuration shamelessly stolen from [1] -# -# [1]: https://github.com/alarsyo/nixos-config/blob/main/services/matrix.nix +# Matrix homeserver setup. { config, lib, pkgs, ... }: let From 30348a1e193318b1d8bbb8f6d828226f49e8eaa7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 22:28:22 +0200 Subject: [PATCH 094/160] nixos: services: matrix: add Facebook bridge I probably won't actually use it, after test-driving it quickly. But now that the effort has been expanded, might as well keep it if only as a future reference. --- modules/nixos/services/matrix/bridges.nix | 143 ++++++++++++++++++++++ modules/nixos/services/matrix/default.nix | 4 + 2 files changed, 147 insertions(+) create mode 100644 modules/nixos/services/matrix/bridges.nix diff --git a/modules/nixos/services/matrix/bridges.nix b/modules/nixos/services/matrix/bridges.nix new file mode 100644 index 00000000..70f4118a --- /dev/null +++ b/modules/nixos/services/matrix/bridges.nix @@ -0,0 +1,143 @@ +# Matrix bridges for some services I use +{ config, lib, ... }: +let + cfg = config.my.services.matrix.bridges; + synapseCfg = config.services.matrix-synapse; + + domain = config.networking.domain; + serverName = synapseCfg.settings.server_name; + + mkBridgeOption = n: lib.mkEnableOption "${n} bridge" // { default = cfg.enable; }; + mkPortOption = n: default: lib.mkOption { + type = lib.types.port; + inherit default; + example = 8080; + description = "${n} bridge port"; + }; + mkEnvironmentFileOption = n: lib.mkOption { + type = lib.types.str; + example = "/run/secret/matrix/${lib.toLower n}-bridge-secrets.env"; + description = '' + Path to a file which should contain the secret values for ${n} bridge. + + Using through the following format: + + ``` + MATRIX_APPSERVICE_AS_TOKEN= + MATRIX_APPSERVICE_HS_TOKEN= + ``` + + Each bridge should use a different set of secrets, as they each register + their own independent double-puppetting appservice. + ''; + }; +in +{ + options.my.services.matrix.bridges = with lib; { + enable = mkEnableOption "bridges configuration"; + + admin = mkOption { + type = types.str; + default = "ambroisie"; + example = "admin"; + description = "Local username for the admin"; + }; + + facebook = { + enable = mkBridgeOption "Facebook"; + + port = mkPortOption "Facebook" 29321; + + environmentFile = mkEnvironmentFileOption "Facebook"; + }; + }; + + config = lib.mkMerge [ + (lib.mkIf cfg.facebook.enable { + services.mautrix-meta.instances.facebook = { + enable = true; + # Automatically register the bridge with synapse + registerToSynapse = true; + + # Provide `AS_TOKEN`, `HS_TOKEN` + inherit (cfg.facebook) environmentFile; + + settings = { + homeserver = { + domain = serverName; + address = "http://localhost:${toString config.my.services.matrix.port}"; + }; + + appservice = { + hostname = "localhost"; + inherit (cfg.facebook) port; + address = "http://localhost:${toString cfg.facebook.port}"; + public_address = "https://facebook-bridge.${domain}"; + + as_token = "$MATRIX_APPSERVICE_AS_TOKEN"; + hs_token = "$MATRIX_APPSERVICE_HS_TOKEN"; + + bot = { + username = "fbbot"; + }; + }; + + backfill = { + enabled = true; + }; + + bridge = { + delivery_receipts = true; + permissions = { + "*" = "relay"; + ${serverName} = "user"; + "@${cfg.admin}:${serverName}" = "admin"; + }; + }; + + database = { + type = "postgres"; + uri = "postgres:///mautrix-meta-facebook?host=/var/run/postgresql/"; + }; + + double_puppet = { + secrets = { + ${serverName} = "as_token:$MATRIX_APPSERVICE_AS_TOKEN"; + }; + }; + + network = { + # Don't be picky on Facebook/Messenger + allow_messenger_com_on_fb = true; + displayname_template = ''{{or .DisplayName .Username "Unknown user"}} (FB)''; + }; + + provisioning = { + shared_secret = "disable"; + }; + }; + }; + + services.postgresql = { + enable = true; + ensureDatabases = [ "mautrix-meta-facebook" ]; + ensureUsers = [{ + name = "mautrix-meta-facebook"; + ensureDBOwnership = true; + }]; + }; + + systemd.services.mautrix-meta-facebook = { + wants = [ "postgres.service" ]; + after = [ "postgres.service" ]; + }; + + my.services.nginx.virtualHosts = { + # Proxy to the bridge + "facebook-bridge" = { + inherit (cfg.facebook) port; + }; + }; + }) + ]; +} diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 483a72ae..04d24a02 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -30,6 +30,10 @@ let ''; in { + imports = [ + ./bridges.nix + ]; + options.my.services.matrix = with lib; { enable = mkEnableOption "Matrix Synapse"; From b1c9279c637956d134793431e0760d71a0e8bd97 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 2 Aug 2025 14:46:32 +0200 Subject: [PATCH 095/160] nixos: services: add thelounge --- modules/nixos/services/default.nix | 1 + modules/nixos/services/thelounge/default.nix | 59 ++++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100644 modules/nixos/services/thelounge/default.nix diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 27f8765a..e03eca19 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -38,6 +38,7 @@ ./servarr ./ssh-server ./tandoor-recipes + ./thelounge ./tlp ./transmission ./vikunja diff --git a/modules/nixos/services/thelounge/default.nix b/modules/nixos/services/thelounge/default.nix new file mode 100644 index 00000000..e224839e --- /dev/null +++ b/modules/nixos/services/thelounge/default.nix @@ -0,0 +1,59 @@ +# Web IRC client +{ config, lib, ... }: +let + cfg = config.my.services.thelounge; +in +{ + options.my.services.thelounge = with lib; { + enable = mkEnableOption "The Lounge, a self-hosted web IRC client"; + + port = mkOption { + type = types.port; + default = 9050; + example = 4242; + description = "The port on which The Lounge will listen for incoming HTTP traffic."; + }; + }; + + config = lib.mkIf cfg.enable { + services.thelounge = { + enable = true; + inherit (cfg) port; + + extraConfig = { + reverseProxy = true; + }; + }; + + my.services.nginx.virtualHosts = { + irc = { + inherit (cfg) port; + # Proxy websockets for RPC + websocketsLocations = [ "/" ]; + + extraConfig = { + locations."/".extraConfig = '' + proxy_read_timeout 1d; + ''; + }; + }; + }; + + services.fail2ban.jails = { + thelounge = '' + enabled = true + filter = thelounge + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/thelounge.conf".text = '' + [Definition] + failregex = Authentication failed for user .* from $ + Authentication for non existing user attempted from $ + journalmatch = _SYSTEMD_UNIT=thelounge.service + ''; + }; + }; +} From 17ceaa5620c49c5445b99945475c477122637ce7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 6 Aug 2025 15:37:08 +0000 Subject: [PATCH 096/160] nixos: services: matrix: fix out-dated comments --- modules/nixos/services/matrix/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 04d24a02..97dec2e3 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -142,7 +142,7 @@ in locations = { # Or do a redirect instead of the 404, or whatever is appropriate # for you. But do not put a Matrix Web client here! See the - # Element web section below. + # Element web section above. "/".return = "404"; "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; @@ -168,7 +168,7 @@ in }; }; - # Those are too complicated to use my wrapper... + # Setup well-known locations services.nginx.virtualHosts = { "${domain}" = { forceSSL = true; From 8688206ff530dc8fc6da6d2e6e68dcc56dc77622 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 11 Aug 2025 10:05:13 +0000 Subject: [PATCH 097/160] flake: bump inputs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 080c212f..7ee0f96e 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1754337839, - "narHash": "sha256-fEc2/4YsJwtnLU7HCFMRckb0u9UNnDZmwGhXT5U5NTw=", + "lastModified": 1754433428, + "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", "owner": "ryantm", "repo": "agenix", - "rev": "856df6f6922845abd4fd958ce21febc07ca2fa45", + "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", "type": "github" }, "original": { @@ -53,11 +53,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1754091436, - "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1750779888, - "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "lastModified": 1754416808, + "narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1754365350, - "narHash": "sha256-NLWIkn1qM0wxtZu/2NXRaujWJ4Y1PSZlc7h0y6pOzOQ=", + "lastModified": 1754886238, + "narHash": "sha256-LTQomWOwG70lZR+78ZYSZ9sYELWNq3HJ7/tdHzfif/s=", "owner": "nix-community", "repo": "home-manager", - "rev": "c5d7e957397ecb7d48b99c928611c6e780db1b56", + "rev": "0d492b89d1993579e63b9dbdaed17fd7824834da", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1754372978, - "narHash": "sha256-ByII9p9ek0k9UADC/hT+i9ueM2mw0Zxiz+bOlydU6Oo=", + "lastModified": 1754725699, + "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9ebe222ec7ef9de52478f76cba3f0324c1d1119f", + "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", "type": "github" }, "original": { From 8c506ea03cfcbbc805eb5e9b26863fa5a0260400 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 8 Aug 2025 09:56:33 +0000 Subject: [PATCH 098/160] home: xdg: enable 'preferXdgDirectories' At the moment this only makes a difference for `dircolors`. --- modules/home/xdg/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index 803167fa..7a0c5179 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -56,4 +56,7 @@ in XCOMPOSECACHE = "${dataHome}/X11/xcompose"; _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java"; }; + + # Some modules *optionally* use `XDG_*_HOME` when told to + config.home.preferXdgDirectories = lib.mkIf cfg.enable true; } From 5f073875e63aadc7ac925b4fd078248d94f565cd Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 11 Aug 2025 10:18:35 +0000 Subject: [PATCH 099/160] home: tmux: use consistent commenting style --- modules/home/tmux/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 3ea047a2..e3e3dafb 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -61,8 +61,8 @@ in pain-control # Better session management sessionist + # X clipboard integration { - # X clipboard integration plugin = yank; extraConfig = '' # Use 'clipboard' because of misbehaving apps (e.g: firefox) @@ -71,8 +71,8 @@ in set -g @yank_action 'copy-pipe' ''; } + # Show when prefix has been pressed { - # Show when prefix has been pressed plugin = prefix-highlight; extraConfig = '' # Also show when I'm in copy or sync mode From e2ae3e02d91291327f883db2bf6fc6a14e269828 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 18 Aug 2025 11:00:38 +0000 Subject: [PATCH 100/160] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 7ee0f96e..f4d5f576 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1754416808, - "narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=", + "lastModified": 1755446520, + "narHash": "sha256-I0Ok1OGDwc1jPd8cs2VvAYZsHriUVFGIUqW+7uSsOUM=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864", + "rev": "4b04db83821b819bbbe32ed0a025b31e7971f22e", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1754886238, - "narHash": "sha256-LTQomWOwG70lZR+78ZYSZ9sYELWNq3HJ7/tdHzfif/s=", + "lastModified": 1755491080, + "narHash": "sha256-ib1Xi13NEalrFqQAHceRsb+6aIPANFuQq80SS/bY10M=", "owner": "nix-community", "repo": "home-manager", - "rev": "0d492b89d1993579e63b9dbdaed17fd7824834da", + "rev": "f8af2cbe386f9b96dd9efa57ab15a09377f38f4d", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1754725699, - "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", + "lastModified": 1755186698, + "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", + "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", "type": "github" }, "original": { From f3af8f9ba8b0042875d9c856cb6ec5b37889ddcb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 21 Aug 2025 12:06:37 +0000 Subject: [PATCH 101/160] home: atuin: remove bad comment Most likely a copy-paste error. --- modules/home/atuin/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/home/atuin/default.nix b/modules/home/atuin/default.nix index dbd9690a..40d2b04d 100644 --- a/modules/home/atuin/default.nix +++ b/modules/home/atuin/default.nix @@ -6,7 +6,6 @@ in options.my.home.atuin = with lib; { enable = my.mkDisableOption "atuin configuration"; - # I want the full experience by default package = mkPackageOption pkgs "atuin" { }; daemon = { From 1a109b6b1f48919cc07a2a3c853858e5900eede4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 26 Aug 2025 11:39:23 +0000 Subject: [PATCH 102/160] flake: bump inputs And fix a renamed package. --- flake.lock | 18 +++++++++--------- modules/nixos/profiles/x/default.nix | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index f4d5f576..ca1b4226 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1755446520, - "narHash": "sha256-I0Ok1OGDwc1jPd8cs2VvAYZsHriUVFGIUqW+7uSsOUM=", + "lastModified": 1755960406, + "narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "4b04db83821b819bbbe32ed0a025b31e7971f22e", + "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1755491080, - "narHash": "sha256-ib1Xi13NEalrFqQAHceRsb+6aIPANFuQq80SS/bY10M=", + "lastModified": 1756022458, + "narHash": "sha256-J1i35r4HfNDdPpwL0vOBaZopQudAUVtartEerc1Jryc=", "owner": "nix-community", "repo": "home-manager", - "rev": "f8af2cbe386f9b96dd9efa57ab15a09377f38f4d", + "rev": "9e3a33c0bcbc25619e540b9dfea372282f8a9740", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1755186698, - "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", + "lastModified": 1756125398, + "narHash": "sha256-XexyKZpf46cMiO5Vbj+dWSAXOnr285GHsMch8FBoHbc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", + "rev": "3b9f00d7a7bf68acd4c4abb9d43695afb04e03a5", "type": "github" }, "original": { diff --git a/modules/nixos/profiles/x/default.nix b/modules/nixos/profiles/x/default.nix index ea77939c..874f36f6 100644 --- a/modules/nixos/profiles/x/default.nix +++ b/modules/nixos/profiles/x/default.nix @@ -13,7 +13,7 @@ in # Nice wallpaper services.xserver.displayManager.lightdm.background = let - wallpapers = "${pkgs.plasma5Packages.plasma-workspace-wallpapers}/share/wallpapers"; + wallpapers = "${pkgs.kdePackages.plasma-workspace-wallpapers}/share/wallpapers"; in "${wallpapers}/summer_1am/contents/images/2560x1600.jpg"; From a889dfbb1a9ce76410e6655ba82616a4c20a3e71 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 26 Aug 2025 11:40:40 +0000 Subject: [PATCH 103/160] home: nix: fix renamed option --- modules/home/nix/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/nix/default.nix b/modules/home/nix/default.nix index c67cc6a1..2f435a8d 100644 --- a/modules/home/nix/default.nix +++ b/modules/home/nix/default.nix @@ -69,7 +69,7 @@ in automatic = true; # Every week, with some wiggle room - frequency = "weekly"; + dates = "weekly"; randomizedDelaySec = "10min"; # Use a persistent timer for e.g: laptops From 31147abd9176c9b8afbfa4924df0f589f041b3fc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 26 Aug 2025 13:07:41 +0000 Subject: [PATCH 104/160] home: add trgui --- modules/home/default.nix | 1 + modules/home/trgui/default.nix | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 modules/home/trgui/default.nix diff --git a/modules/home/default.nix b/modules/home/default.nix index 1c403778..ad3b9791 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -38,6 +38,7 @@ ./ssh ./terminal ./tmux + ./trgui ./udiskie ./vim ./wget diff --git a/modules/home/trgui/default.nix b/modules/home/trgui/default.nix new file mode 100644 index 00000000..ee545a98 --- /dev/null +++ b/modules/home/trgui/default.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.my.home.trgui; +in +{ + options.my.home.trgui = with lib; { + enable = mkEnableOption "Transmission GUI onfiguration"; + + package = mkPackageOption pkgs "TrguiNG" { default = "trgui-ng"; }; + }; + + config = lib.mkIf cfg.enable { + home.packages = with pkgs; [ + cfg.package + ]; + }; +} From 1800cb9daa62bf87d55b98baf84a0d2d9a70129c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 26 Aug 2025 13:08:58 +0000 Subject: [PATCH 105/160] hosts: nixos: aramis: use 'trgui' module --- hosts/nixos/aramis/home.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix index 221b1eae..75785821 100644 --- a/hosts/nixos/aramis/home.nix +++ b/hosts/nixos/aramis/home.nix @@ -20,7 +20,6 @@ element-desktop # Matrix client jellyfin-media-player # Wraps the webui and mpv together pavucontrol # Audio mixer GUI - trgui-ng # Transmission remote ]; # Minimal video player mpv.enable = true; @@ -28,6 +27,8 @@ nm-applet.enable = true; # Terminal terminal.program = "alacritty"; + # Transmission remote + trgui.enable = true; # Zathura document viewer zathura.enable = true; }; From 3fa1664b5c574632c67848e44c167c77cf638ccb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 21 Feb 2025 16:47:11 +0000 Subject: [PATCH 106/160] home: delta: use stand-alone configuration file Ideally, I'd like for `delta` to just read a configuration file at `$XDG_CONFIG_HOME/delta/config` by default, but upstream seems somewhat reticent to the idea :-/. So instead, let's keep relying on `git` being enabled, but rather than inlining the configuration, let's store it where I think it should belong and include it into `gitconfig`. --- modules/home/delta/default.nix | 59 ++++++++++++++++++++-------------- 1 file changed, 35 insertions(+), 24 deletions(-) diff --git a/modules/home/delta/default.nix b/modules/home/delta/default.nix index 58ee0311..16d3d597 100644 --- a/modules/home/delta/default.nix +++ b/modules/home/delta/default.nix @@ -1,6 +1,9 @@ { config, pkgs, lib, ... }: let cfg = config.my.home.delta; + + configFormat = pkgs.formats.gitIni { }; + configPath = "${config.xdg.configHome}/delta/config"; in { options.my.home.delta = with lib; { @@ -34,35 +37,43 @@ in home.packages = [ cfg.package ]; + xdg.configFile."delta/config".source = configFormat.generate "delta-config" { + delta = { + features = "diff-highlight decorations"; + + # Less jarring style for `diff-highlight` emulation + diff-highlight = { + minus-style = "red"; + minus-non-emph-style = "red"; + minus-emph-style = "bold red 52"; + + plus-style = "green"; + plus-non-emph-style = "green"; + plus-emph-style = "bold green 22"; + + whitespace-error-style = "reverse red"; + }; + + # Personal preference for easier reading + decorations = { + commit-style = "raw"; # Do not recolor meta information + keep-plus-minus-markers = true; + paging = "always"; + }; + }; + }; + programs.git = lib.mkIf cfg.git.enable { delta = { enable = true; inherit (cfg) package; - - options = { - features = "diff-highlight decorations"; - - # Less jarring style for `diff-highlight` emulation - diff-highlight = { - minus-style = "red"; - minus-non-emph-style = "red"; - minus-emph-style = "bold red 52"; - - plus-style = "green"; - plus-non-emph-style = "green"; - plus-emph-style = "bold green 22"; - - whitespace-error-style = "reverse red"; - }; - - # Personal preference for easier reading - decorations = { - commit-style = "raw"; # Do not recolor meta information - keep-plus-minus-markers = true; - paging = "always"; - }; - }; }; + + includes = [ + { + path = configPath; + } + ]; }; }; } From 3dd4f07609a8d8c9f15530745aa68ba458b943f3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 4 Sep 2025 11:35:39 +0000 Subject: [PATCH 107/160] hosts: nixos: aramis: home: drop 'jellyfin-media-player' It's about to be made broken due to using QtWebEngine 5, which is EOL and marked insecure in new nixpkgs. --- hosts/nixos/aramis/home.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix index 75785821..e8c99e41 100644 --- a/hosts/nixos/aramis/home.nix +++ b/hosts/nixos/aramis/home.nix @@ -18,7 +18,6 @@ # Machine specific packages packages.additionalPackages = with pkgs; [ element-desktop # Matrix client - jellyfin-media-player # Wraps the webui and mpv together pavucontrol # Audio mixer GUI ]; # Minimal video player From b9bc37d365c607bdda473c9f2a0a992f0e8f6cc0 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 4 Sep 2025 11:14:25 +0000 Subject: [PATCH 108/160] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index ca1b4226..e86674e1 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1754487366, - "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", + "rev": "4524271976b625a4a605beefd893f270620fd751", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1756022458, - "narHash": "sha256-J1i35r4HfNDdPpwL0vOBaZopQudAUVtartEerc1Jryc=", + "lastModified": 1756954499, + "narHash": "sha256-Pg4xBHzvzNY8l9x/rLWoJMnIR8ebG+xeU+IyqThIkqU=", "owner": "nix-community", "repo": "home-manager", - "rev": "9e3a33c0bcbc25619e540b9dfea372282f8a9740", + "rev": "ed1a98c375450dfccf427adacd2bfd1a7b22eb25", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1756125398, - "narHash": "sha256-XexyKZpf46cMiO5Vbj+dWSAXOnr285GHsMch8FBoHbc=", + "lastModified": 1756936398, + "narHash": "sha256-/o1TTpMIICpjrMHBilL9lYm/r69uhdK1L8j1pfY6tWU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3b9f00d7a7bf68acd4c4abb9d43695afb04e03a5", + "rev": "47f28ad9378956563df9a884fd1b209b64336ba3", "type": "github" }, "original": { From e6c95245b27e5ac6fbac237d222c56a39ba401f9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 4 Sep 2025 11:17:27 +0000 Subject: [PATCH 109/160] home: ssh: disable default config It's been deprecated. This also makes my `addKeysToAgent` configuration more explicit. --- modules/home/ssh/default.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/modules/home/ssh/default.nix b/modules/home/ssh/default.nix index 748b1957..b0b41675 100644 --- a/modules/home/ssh/default.nix +++ b/modules/home/ssh/default.nix @@ -17,6 +17,7 @@ in { programs.ssh = { enable = true; + enableDefaultConfig = false; includes = [ # Local configuration, not-versioned @@ -53,11 +54,12 @@ in identityFile = "~/.ssh/shared_rsa"; user = "ambroisie"; }; - }; - extraConfig = '' - AddKeysToAgent yes - ''; + # `*` is automatically made the last match block by the module + "*" = { + addKeysToAgent = "yes"; + }; + }; }; } From fa6bcabf95d8d1d860612880198271b6d31cbb0a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 11 Sep 2025 13:33:27 +0000 Subject: [PATCH 110/160] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index e86674e1..d5104222 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1755960406, - "narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=", + "lastModified": 1757588530, + "narHash": "sha256-tJ7A8mID3ct69n9WCvZ3PzIIl3rXTdptn/lZmqSS95U=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2", + "rev": "b084b2c2b6bc23e83bbfe583b03664eb0b18c411", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1756954499, - "narHash": "sha256-Pg4xBHzvzNY8l9x/rLWoJMnIR8ebG+xeU+IyqThIkqU=", + "lastModified": 1757578556, + "narHash": "sha256-w1PGkTGow5XzsjccV364No46rkuGxTqo7m/4cfhnkIk=", "owner": "nix-community", "repo": "home-manager", - "rev": "ed1a98c375450dfccf427adacd2bfd1a7b22eb25", + "rev": "b7112b12ea5b8c3aa6af344498ed9ca27dd03ba3", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1756936398, - "narHash": "sha256-/o1TTpMIICpjrMHBilL9lYm/r69uhdK1L8j1pfY6tWU=", + "lastModified": 1757487488, + "narHash": "sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/+G0lKfv4kk/5Izdg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "47f28ad9378956563df9a884fd1b209b64336ba3", + "rev": "ab0f3607a6c7486ea22229b92ed2d355f1482ee0", "type": "github" }, "original": { From 27da55519c74d63010d67153041aed789b9add97 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 25 Jul 2025 17:57:07 +0200 Subject: [PATCH 111/160] hosts: nixos: porthos: secrets: update cross-seed --- .../servarr/cross-seed/configuration.json.age | Bin 1528 -> 2031 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age index e319f3a823c4eb4c84b15f6630ea5fbf42f9092b..94fdf975d6418d394c62c42e572374b24865a776 100644 GIT binary patch delta 2009 zcmeyt{hohedfX?k{` z1y`7VVx&c?t9gk}QGTLxrkh!^t9em@esE}{g_)bXV|KY;V0m7Fd!m_FI+w1ULUD11 zZfc5=si~o*LRLV2d0x7Lc4U~PQL39qp1E1MdzE&0T786jgi(<}SWvRRr>}W=NOneY zrcYjImWfk2S4vnwc0qtaN}6SkajCw(qj8|KuW4wYgetwcC zm#(g^f^l-HWw5zNc~GcZlw(O$j#rLXR7JXTSaMlrp{u)Zm9JTfp`lNNdw8ZVSDWh2 z#!s*K@6<=xMeC=_?o%thNw!FzUK4zk}9+{djIX+e!sW%u-<*K zg`x6<({7nAg+QS)2}b2ZmsR#`cpQHtgw@qh{oS4Gr>yq1s#KP78(f|7M(2v?f%cFe zdK+w(Zm`yo-MD;X``@U5HMtds3LFpZa5q1Cf75z}isUzQ>VLkt(ynF|81>FrXLCH$ z&Wg1ktsTOTJ1K~>PqjR-D6s8Rtp3~@hpFB>^wx-#gs$M}+jXGsy0-4(1ewXs50~V9 zigIN*cem0SAT8vTwG@xF2&}V%g5S zbvLK-3d;z?W9>pkOWr#(XkWXVVP|5$)ZhG+qZ8B2YbTa}`trR_>-1!U!(B7G11l{bt?>D>|=Kub_=9QkS@T}J?SIitfI~6^tt!|Y)v2h;1n)1`V z^%<7OY!&Qdwto1vAxZbHfJdh+7gNxYqZbm7g{+Ugy6ZIe(uq2;z6)gUTv&2mIwWs} z`Jb6(eo-4|_i@JaeX8Aga9R4TNoQQjnCdU9=-tg%yWXYGos)OrL|50Lsa>f#I|Tn( zm;8>rDZ-*VTesuU&gWORr%Bgeue7R^~XAzs7N@4HA;{rsO9 z(lcKkSH8CF)vc%7PI{P}PhjU&yYZyV>r;N$oW#dc`PN(KH6K_c*=RX)jl4ik>7nF) zi}y3+>-Q_2J1E(mqogFoT;R$fBa%KTE2z-p=sQbU3)SaQ8?7D|xwkx1+x=Ulwobr`hivkGzlMSL?8Q-sbhbg}o$K$mIIH zn0HrR$J-qIx@KYe{<}(PTLeqJn~Z~X9<@w9f4_O%`H!FKAJtY##bwWRs!*8z{MRC` zI-BiZr>zmYS)$ z*m*YGcj9~FFg0lr+tj)MjT`d&KJjcaDB}82=PS>xrn-*l#vVq~IgZkasoUcwy?*9n zH#IWykeL|GQm@(g<#EC39dVNl8!f#inVDF< z$!ubHtf#Ue)$W-%d&^UW%1wOYr(Dfmq(9@P%IEI)U~jA!nzX*@t#PvD zDtUul9?IUFi#z5V4msEVsjKen0zdPe`3<|x6EvO#&f&HE_d~?})olj5HA3MR%BGr2 z_*Z=pntyD?-8F6pjf9_a2=2euvi3vMm(aqg=Y$zvh(BeT)V|(D)9IV@nu9!v*JR{n z&M`7N^;$&l_*0NFLr7&|#!U16tojWXxUPF{dfv<5`Qu`Q$PKIfAJ1iO80l}nptO9+ z?i90~zY5O$PSC#n$>b|9fBch~(ckU}{JdRZUvsv-eaW*k$0Qn;-O6fSw@bnP-KruH z#&1F$=Wd>1*mhZ}{V-cHgWhihiEFIvEw?Hz_}LitY2LL* zt@Z1oj|R+tZ+Ggb>@tQY@q5qN3J5UR2b!JHXuRSz#rx+HDSvbIJ)7;%?4Q(sVDEgB zDX|yxcpJEV-JA|Od%LWCbNvl}&yV&e`Toj}<$%nuu`;S@J6{!d_~ppE)|WJbR<50BIXQa& z+@HM~=S~$}b5jXYU(#)V<;K6#-sL^Wip$!Eo@>XNquY$E z7?Hu=vv9MR$YZ_4OQGumFMo6W5x^rP=Mt)AETV`3V z1(#E4QAJ@+N^qv5r>~)BvQubgdVynQWKwEazOiRuRf$n@d4RJ~l2Kr;1(&X!LUD11 zZfc5=si~o*LRLV2d0x7LTcA^FQMP_+ScYYkbCiF2Kz*uLx|y4Yvy+>npMhItskXmS zqIsZaWtO7}muXf=R=J;Zl8HxhR8p98WpSjBN1#htPF{*xP+m@HvU6p4X<2GTMrw)$ zm#(g^f>}hNuTxTJMdzPPBsB^Mmo>ycf*D2@n z37;fCdeuv+?>w+R<0Yeo{}QfuMmN)!+&k=0a;^TSYwE4IY0U~Q?{9Yfw0X#~C0&SF zX}+aS((K$VJ-bblR?1ZG`JdIke`#ik!jg~Af1G*t+V950$FnqoQUr|mohx^EF@65T z!^>7rb@N!fc}v>LkM#>r%T@8aynXUz(Vrc1N_9sTE>E4Nw7mX$h0l{u+OqtM1bTj@ z{(q8F`{LD`c_O|u&izgQ`QeY>?OCTZ*t+M1PUGCN>2JW}-2Va(cQ3Qqb*%S#`^L*J zG+q`LyViT9Zd*R-NA%IVo*yc{RKzX66}P)FtGzy)v4%Z9f!XkKo!$0ChYdC^i?TxQ zn;!e4|M;`7(CJ-Ed03yy+^*NF)SaH%BJzKE^2OXKtanWAHZ%#J&b~Tv%d`CgUAeXM zmqgG0v{sNa#44C8s9yZV?WjFxZhl>tDqUQvv?~1K4ePy1>-d}J>u|1KJ8x&IqfYo+ zv*Wuy^8DMJ_IAY~9#8ikC1JDBo^u^VY~lYmh;NKyxvQY*wpb@t-T7Qi$XnlQ^#W44 zZ`SP8{vYOUcPhZZFKDgXN`tTQ-^=Rxdu|@>URiWR^t<<$J0G5AKAz@imKnqS{_7*H z#FFImH@qBwus*nwkZR2-_kL^j^KWZC&P&xjDY@4u!1R1$kMd!|Dd)3Oj?a-1@bQuJ zGhz?e+$&-I#Jc~q!JT&{OXn-=ZTu><_0+@qFGA5bx1N1jc_%AC@a99t6+hbVFjPD* zlbM&YU~#mT=C-yyD6{*CAU zbAcA213k_z6ZG$z|4sdxvnDiormsueVi3I=hEAwk9|GFUKP*( zmVCWq#*6=IN3OVUo_;VjW9z5BgI6P(MYo&%yc#j-Pdb0amK!C$A9UOt4%p@|(ERo= zklTIkm2$WJ$%@ynyzZJ(QCwgDr_KO<~sq1K!1b7eBA@YG1o_ZS9v8 z<^gMpl?pxQNNIoN50~D4D9GRL(1pc$?pxUA*sb!4%qx!Ga!2Fh)W#z7ZdRxIg}XfB zp55k34$-WbeoQ+va{*q&I@m&wc zd^er?vXJvLKbtK3YbrlQ;`sKm-4o}XlD+TIschDg_~GD{&rUZ^itg#_SzfzD;_Y=d zZS&;ktru!-w(1*&1`97TayHfcbHvdhOU!CRc)|p!BKv182~T_$y*_L?x3k From 4c3e3d471fa61dcd5de24f0338b36e3b29c83f1f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 13 Sep 2025 19:10:39 +0200 Subject: [PATCH 112/160] modules: services: nginx: fix SSL renewal, again I'd previously fixed this in 1e10c6630b2c46bd40c2b23fa6a4f7c8fa751823, however NixOS has recently updated how the renewal units work [1], which broke it. [1]: https://github.com/NixOS/nixpkgs/pull/422076 --- modules/nixos/services/nginx/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index 1e9e38a8..ff530b0a 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -444,7 +444,7 @@ in }; }; - systemd.services."acme-${domain}" = { + systemd.services."acme-order-renew-${domain}" = { serviceConfig = { Environment = [ # Since I do a "weird" setup with a wildcard CNAME From 445b3d1422651d1604eda311f74ff0260386f76e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 18 Sep 2025 10:03:06 +0000 Subject: [PATCH 113/160] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index d5104222..b9c0fd5a 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1757588530, - "narHash": "sha256-tJ7A8mID3ct69n9WCvZ3PzIIl3rXTdptn/lZmqSS95U=", + "lastModified": 1758108966, + "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "b084b2c2b6bc23e83bbfe583b03664eb0b18c411", + "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1757578556, - "narHash": "sha256-w1PGkTGow5XzsjccV364No46rkuGxTqo7m/4cfhnkIk=", + "lastModified": 1758184248, + "narHash": "sha256-TOazVsj8D1LTGQ6q8xdtfoPs9Z+PiqUS952WvZPssR0=", "owner": "nix-community", "repo": "home-manager", - "rev": "b7112b12ea5b8c3aa6af344498ed9ca27dd03ba3", + "rev": "bf7056c6a2d893d80db18d06d7e730d6515aaae8", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1757487488, - "narHash": "sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/+G0lKfv4kk/5Izdg=", + "lastModified": 1758035966, + "narHash": "sha256-qqIJ3yxPiB0ZQTT9//nFGQYn8X/PBoJbofA7hRKZnmE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ab0f3607a6c7486ea22229b92ed2d355f1482ee0", + "rev": "8d4ddb19d03c65a36ad8d189d001dc32ffb0306b", "type": "github" }, "original": { From 9f9c1e571b7a871db4a19d9bfe7fc3ebf9b24875 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 15 Sep 2025 13:22:30 +0000 Subject: [PATCH 114/160] home: zsh: do not notify on 'home-manager news' --- modules/home/zsh/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 1e85ccec..3c1e5152 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -19,7 +19,7 @@ in "direnv reload" "fg" "git (?!push|pull|fetch)" - "home-manager (?!switch|build|news)" + "home-manager (?!switch|build)" "htop" "less" "man" From 5b47fc63656b7583fb427386339c7adce3cc7e97 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 3 Oct 2025 12:23:54 +0200 Subject: [PATCH 115/160] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index b9c0fd5a..1889e0ce 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "lastModified": 1759362264, + "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", + "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1758184248, - "narHash": "sha256-TOazVsj8D1LTGQ6q8xdtfoPs9Z+PiqUS952WvZPssR0=", + "lastModified": 1759337100, + "narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=", "owner": "nix-community", "repo": "home-manager", - "rev": "bf7056c6a2d893d80db18d06d7e730d6515aaae8", + "rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1758035966, - "narHash": "sha256-qqIJ3yxPiB0ZQTT9//nFGQYn8X/PBoJbofA7hRKZnmE=", + "lastModified": 1759422813, + "narHash": "sha256-WNkZqscW/dPLK5NMKH/jCkYMaVm/3KWgPmKMq65IXxk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8d4ddb19d03c65a36ad8d189d001dc32ffb0306b", + "rev": "2a7c84e1e740f004e0fe5c2577a63d1e659a496c", "type": "github" }, "original": { From 62533d435b9d86cf0c1271cd0a14ed73a67584f2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 3 Oct 2025 12:18:38 +0000 Subject: [PATCH 116/160] home: vim: lspconfig: use native configuration The `nvim-lspconfig` "framework" is being deprecated to use the native `vim.lsp.config` and `vim.lsp.enable` functionality. I _could_ remove the `is_executable` checks, as native LSP handling does _not_ loudly error out when enabling a server which isn't executable. However I think `:LspInfo` is more readable if I don't. --- .../home/vim/plugin/settings/lspconfig.lua | 57 ++++++------------- 1 file changed, 17 insertions(+), 40 deletions(-) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 7817d4c1..68158b21 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -1,4 +1,3 @@ -local lspconfig = require("lspconfig") local lsp = require("ambroisie.lsp") local utils = require("ambroisie.utils") @@ -25,59 +24,45 @@ vim.diagnostic.config({ -- Inform servers we are able to do completion, snippets, etc... local capabilities = require("cmp_nvim_lsp").default_capabilities() +-- Shared configuration +vim.lsp.config("*", { + capabilities = capabilities, + on_attach = lsp.on_attach, +}) + -- C/C++ if utils.is_executable("clangd") then - lspconfig.clangd.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("clangd") end -- Haskell if utils.is_executable("haskell-language-server-wrapper") then - lspconfig.hls.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("hls") end -- Nix if utils.is_executable("nil") then - lspconfig.nil_ls.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("nil_ls") end -- Python if utils.is_executable("pyright") then - lspconfig.pyright.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("pyright") end if utils.is_executable("ruff") then - lspconfig.ruff.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("ruff") end -- Rust if utils.is_executable("rust-analyzer") then - lspconfig.rust_analyzer.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("rust_analyzer") end -- Shell if utils.is_executable("bash-language-server") then - lspconfig.bashls.setup({ + vim.lsp.config("bashls", { filetypes = { "bash", "sh", "zsh" }, - capabilities = capabilities, - on_attach = lsp.on_attach, settings = { bashIde = { shfmt = { @@ -89,27 +74,19 @@ if utils.is_executable("bash-language-server") then }, }, }) + vim.lsp.enable("bashls") end -- Starlark if utils.is_executable("starpls") then - lspconfig.starpls.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("starpls") end -- Generic if utils.is_executable("harper-ls") then - lspconfig.harper_ls.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("harper_ls") end if utils.is_executable("typos-lsp") then - lspconfig.typos_lsp.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("typos_lsp") end From 6b1b5300cdc275422e1eab5cdc24b7f6f6798d1b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 3 Oct 2025 12:39:18 +0000 Subject: [PATCH 117/160] home: vim: lspconfig: simplify LSP config Despite what I just said in the previous commit, I decided to remove the `is_executable` checks and always enable all servers. I figured out that NeoVim actually handles `PATH` modifications pretty well in this scenario: making a previously unavailable server executable will automatically enable it. --- .../home/vim/plugin/settings/lspconfig.lua | 73 +++++++------------ 1 file changed, 26 insertions(+), 47 deletions(-) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 68158b21..1596e84a 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -30,38 +30,20 @@ vim.lsp.config("*", { on_attach = lsp.on_attach, }) --- C/C++ -if utils.is_executable("clangd") then - vim.lsp.enable("clangd") -end - --- Haskell -if utils.is_executable("haskell-language-server-wrapper") then - vim.lsp.enable("hls") -end - --- Nix -if utils.is_executable("nil") then - vim.lsp.enable("nil_ls") -end - --- Python -if utils.is_executable("pyright") then - vim.lsp.enable("pyright") -end - -if utils.is_executable("ruff") then - vim.lsp.enable("ruff") -end - --- Rust -if utils.is_executable("rust-analyzer") then - vim.lsp.enable("rust_analyzer") -end - --- Shell -if utils.is_executable("bash-language-server") then - vim.lsp.config("bashls", { +local servers = { + -- C/C++ + clangd = {}, + -- Haskell + hls = {}, + -- Nix + nil_ls = {}, + -- Python + pyright = {}, + ruff = {}, + -- Rust + rust_analyzer = {}, + -- Shell + bashls = { filetypes = { "bash", "sh", "zsh" }, settings = { bashIde = { @@ -73,20 +55,17 @@ if utils.is_executable("bash-language-server") then }, }, }, - }) - vim.lsp.enable("bashls") -end + }, + -- Starlark + starpls = {}, + -- Generic + harper_ls = {}, + typos_lsp = {}, +} --- Starlark -if utils.is_executable("starpls") then - vim.lsp.enable("starpls") -end - --- Generic -if utils.is_executable("harper-ls") then - vim.lsp.enable("harper_ls") -end - -if utils.is_executable("typos-lsp") then - vim.lsp.enable("typos_lsp") +for server, config in pairs(servers) do + if not vim.tbl_isempty(config) then + vim.lsp.config(server, config) + end + vim.lsp.enable(server) end From 2df05aaa1a2f85601df107f16bfec70b9239eab4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 Oct 2025 09:33:49 +0000 Subject: [PATCH 118/160] flake: bump inputs And fix a breaking change leading to an evaluation failure. --- flake.lock | 36 +++++++++++----------- modules/nixos/services/homebox/default.nix | 2 +- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index 1889e0ce..1a8a9347 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1754433428, - "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", + "lastModified": 1760836749, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", + "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1759362264, - "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1758108966, - "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", + "lastModified": 1760663237, + "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", + "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1759337100, - "narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=", + "lastModified": 1760969583, + "narHash": "sha256-vsf5mvR0xxK4GsfLx5bMJAQ4ysdrKymMIifNw+4TP7g=", "owner": "nix-community", "repo": "home-manager", - "rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3", + "rev": "c9d758b500e53db5b74aa02d17dc45b65229e8e9", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1759422813, - "narHash": "sha256-WNkZqscW/dPLK5NMKH/jCkYMaVm/3KWgPmKMq65IXxk=", + "lastModified": 1760878510, + "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2a7c84e1e740f004e0fe5c2577a63d1e659a496c", + "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", "type": "github" }, "original": { @@ -200,11 +200,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1753980880, - "narHash": "sha256-aj1pbYxL6N+XFqBHjB4B1QP0bnKRcg1AfpgT5zUFsW8=", + "lastModified": 1759781536, + "narHash": "sha256-v/X5gKmgVoGtu5elYyUu2w037PyWVhrqnWzXkLJ9xnY=", "owner": "nix-community", "repo": "NUR", - "rev": "16db3e61da7606984a05b4dfc33cd1d26d22fb22", + "rev": "c30a53a5947bcc874b3f8842e6fe5c34bc81d8dd", "type": "github" }, "original": { diff --git a/modules/nixos/services/homebox/default.nix b/modules/nixos/services/homebox/default.nix index 8ed5d776..524a6d73 100644 --- a/modules/nixos/services/homebox/default.nix +++ b/modules/nixos/services/homebox/default.nix @@ -39,7 +39,7 @@ in my.services.backup = { paths = [ - config.services.homebox.settings.HBOX_STORAGE_DATA + (lib.removePrefix "file://" config.services.homebox.settings.HBOX_STORAGE_CONN_STRING) ]; }; From 9ddc77958ab4c647df7173a3a5eee08ae88f926b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 Oct 2025 09:35:02 +0000 Subject: [PATCH 119/160] home: git: fix deprecated config --- modules/home/git/default.nix | 38 +++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index ca59a5fb..c3a51a0f 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -21,29 +21,31 @@ in config.programs.git = lib.mkIf cfg.enable { enable = true; - # Who am I? - userEmail = mkMailAddress "bruno" "belanyi.fr"; - userName = "Bruno BELANYI"; - inherit (cfg) package; - aliases = { - git = "!git"; - lol = "log --graph --decorate --pretty=oneline --abbrev-commit --topo-order"; - lola = "lol --all"; - assume = "update-index --assume-unchanged"; - unassume = "update-index --no-assume-unchanged"; - assumed = "!git ls-files -v | grep ^h | cut -c 3-"; - pick = "log -p -G"; - push-new = "!git push -u origin " - + ''"$(git branch | grep '^* ' | cut -f2- -d' ')"''; - root = "git rev-parse --show-toplevel"; - }; - lfs.enable = true; # There's more - extraConfig = { + settings = { + # Who am I? + user = { + email = mkMailAddress "bruno" "belanyi.fr"; + name = "Bruno BELANYI"; + }; + + alias = { + git = "!git"; + lol = "log --graph --decorate --pretty=oneline --abbrev-commit --topo-order"; + lola = "lol --all"; + assume = "update-index --assume-unchanged"; + unassume = "update-index --no-assume-unchanged"; + assumed = "!git ls-files -v | grep ^h | cut -c 3-"; + pick = "log -p -G"; + push-new = "!git push -u origin " + + ''"$(git branch | grep '^* ' | cut -f2- -d' ')"''; + root = "git rev-parse --show-toplevel"; + }; + # Makes it a bit more readable blame = { coloring = "repeatedLines"; From 4000a848ef21903b7d593160b509173c2fe81736 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 Oct 2025 09:39:19 +0000 Subject: [PATCH 120/160] home: delta: use upstream module --- modules/home/delta/default.nix | 42 +++++----------------------------- 1 file changed, 6 insertions(+), 36 deletions(-) diff --git a/modules/home/delta/default.nix b/modules/home/delta/default.nix index 16d3d597..e76edc60 100644 --- a/modules/home/delta/default.nix +++ b/modules/home/delta/default.nix @@ -1,9 +1,6 @@ { config, pkgs, lib, ... }: let cfg = config.my.home.delta; - - configFormat = pkgs.formats.gitIni { }; - configPath = "${config.xdg.configHome}/delta/config"; in { options.my.home.delta = with lib; { @@ -17,28 +14,14 @@ in }; config = lib.mkIf cfg.enable { - assertions = [ - { - # For its configuration - assertion = cfg.enable -> cfg.git.enable; - message = '' - `config.my.home.delta` must enable `config.my.home.delta.git` to be - properly configured. - ''; - } - { - assertion = cfg.enable -> config.programs.git.enable; - message = '' - `config.my.home.delta` relies on `config.programs.git` to be - enabled. - ''; - } - ]; + programs.delta = { + enable = true; - home.packages = [ cfg.package ]; + inherit (cfg) package; - xdg.configFile."delta/config".source = configFormat.generate "delta-config" { - delta = { + enableGitIntegration = cfg.git.enable; + + options = { features = "diff-highlight decorations"; # Less jarring style for `diff-highlight` emulation @@ -62,18 +45,5 @@ in }; }; }; - - programs.git = lib.mkIf cfg.git.enable { - delta = { - enable = true; - inherit (cfg) package; - }; - - includes = [ - { - path = configPath; - } - ]; - }; }; } From a20c8f820dcf77e0b0a75c67d2edf38d97488ba2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 27 Oct 2025 12:30:49 +0000 Subject: [PATCH 121/160] flake: bump inputs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 1a8a9347..f56e8f29 100644 --- a/flake.lock +++ b/flake.lock @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1760969583, - "narHash": "sha256-vsf5mvR0xxK4GsfLx5bMJAQ4ysdrKymMIifNw+4TP7g=", + "lastModified": 1761530345, + "narHash": "sha256-+9+YCK9Lh6GThkXu/8JTxMFUnImIdZpb8ElUh6/F5Y8=", "owner": "nix-community", "repo": "home-manager", - "rev": "c9d758b500e53db5b74aa02d17dc45b65229e8e9", + "rev": "bbaeb9f1c29e79bb1653b32c3d73244cdf4bd888", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "lastModified": 1761373498, + "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", "type": "github" }, "original": { From c536ee0136969aa1715e07939dfac9b02342f60d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 27 Oct 2025 12:31:12 +0000 Subject: [PATCH 122/160] home: zsh: add 'zsh-completion-sync' It's gated behind `completionSync.enable`, as it does make entering/leaving direnv-enabled projects slower (due to the calls to `compinit`). This might need a bit more work to avoid multiple `compinit`s at shell startup, will refine in the future if necessary. --- modules/home/zsh/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 3c1e5152..6c6a4693 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -8,6 +8,10 @@ in launchTmux = mkEnableOption "auto launch tmux at shell start"; + completionSync = { + enable = mkEnableOption "zsh-completion-sync plugin"; + }; + notify = { enable = mkEnableOption "zsh-done notification"; @@ -118,6 +122,18 @@ in }; } + (lib.mkIf cfg.completionSync.enable { + programs.zsh = { + plugins = [ + { + name = "zsh-completion-sync"; + file = "share/zsh-completion-sync/zsh-completion-sync.plugin.zsh"; + src = pkgs.zsh-completion-sync; + } + ]; + }; + }) + (lib.mkIf cfg.notify.enable { programs.zsh = { plugins = [ From 983bf0f7646ea2ebdff895751eea7054b9140b3a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 3 Nov 2025 17:22:29 +0100 Subject: [PATCH 123/160] nixos: services: nextcloud: bump to 32 --- modules/nixos/services/nextcloud/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index d8d4fce0..dd3b3868 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -35,7 +35,7 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud31; + package = pkgs.nextcloud32; hostName = "nextcloud.${config.networking.domain}"; home = "/var/lib/nextcloud"; maxUploadSize = cfg.maxSize; From 41c506749ef389c9a2f11dd3f3d17493892820f2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Nov 2025 14:39:11 +0000 Subject: [PATCH 124/160] flake: overlays: use 'lib' It's a `lib` function, not _really_ a Nixpkgs one. Also it's about to break after the next flake update :-). --- flake/overlays.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake/overlays.nix b/flake/overlays.nix index 0c47989d..c10afc33 100644 --- a/flake/overlays.nix +++ b/flake/overlays.nix @@ -1,4 +1,4 @@ -{ self, ... }: +{ self, lib, ... }: let default-overlays = import "${self}/overlays"; @@ -8,7 +8,7 @@ let # Expose my custom packages pkgs = _final: prev: { - ambroisie = prev.recurseIntoAttrs (import "${self}/pkgs" { pkgs = prev; }); + ambroisie = lib.recurseIntoAttrs (import "${self}/pkgs" { pkgs = prev; }); }; }; in From 44246b4ea146b1ca7b4687b35e0b833decb35b89 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 8 Nov 2025 11:56:25 +0000 Subject: [PATCH 125/160] flake: NUR has renamed its branch to 'main' --- flake.lock | 2 +- flake.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.lock b/flake.lock index f56e8f29..50f38e4e 100644 --- a/flake.lock +++ b/flake.lock @@ -209,7 +209,7 @@ }, "original": { "owner": "nix-community", - "ref": "master", + "ref": "main", "repo": "NUR", "type": "github" } diff --git a/flake.nix b/flake.nix index 50767290..0bdd180e 100644 --- a/flake.nix +++ b/flake.nix @@ -54,7 +54,7 @@ type = "github"; owner = "nix-community"; repo = "NUR"; - ref = "master"; + ref = "main"; inputs = { flake-parts.follows = "flake-parts"; nixpkgs.follows = "nixpkgs"; From fe681d3f16eea4d87d55d02c1e8e915eaaf415e6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Nov 2025 14:35:53 +0000 Subject: [PATCH 126/160] flake: bump inputs --- flake.lock | 54 ++++++++++++++++-------------------------------------- 1 file changed, 16 insertions(+), 38 deletions(-) diff --git a/flake.lock b/flake.lock index 50f38e4e..d95de526 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1760836749, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1761656077, + "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", "owner": "ryantm", "repo": "agenix", - "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", + "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1760948891, - "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "lastModified": 1762040540, + "narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "rev": "0010412d62a25d959151790968765a70c436598b", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1761530345, - "narHash": "sha256-+9+YCK9Lh6GThkXu/8JTxMFUnImIdZpb8ElUh6/F5Y8=", + "lastModified": 1762435363, + "narHash": "sha256-BTmHXtuuwVO1dRs6jPHcHCoO6+A7G3+GzrgeluiSkww=", "owner": "nix-community", "repo": "home-manager", - "rev": "bbaeb9f1c29e79bb1653b32c3d73244cdf4bd888", + "rev": "432bc8a5da66638b5f139588efd6c4bd327e4cdc", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1761373498, - "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", "type": "github" }, "original": { @@ -196,15 +196,14 @@ ], "nixpkgs": [ "nixpkgs" - ], - "treefmt-nix": "treefmt-nix" + ] }, "locked": { - "lastModified": 1759781536, - "narHash": "sha256-v/X5gKmgVoGtu5elYyUu2w037PyWVhrqnWzXkLJ9xnY=", + "lastModified": 1762602346, + "narHash": "sha256-BVzjmS25ihrfnfpfLD6gzXqMp9vP0hOyjIWkV0LP6E0=", "owner": "nix-community", "repo": "NUR", - "rev": "c30a53a5947bcc874b3f8842e6fe5c34bc81d8dd", + "rev": "fe5118da8d7e09651e0362ff130d194bc1441185", "type": "github" }, "original": { @@ -241,27 +240,6 @@ "repo": "default", "type": "github" } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nur", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733222881, - "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "49717b5af6f80172275d47a418c9719a31a78b53", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } } }, "root": "root", From 0ac983a71f8cec556babe577e65b513173143417 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 9 Oct 2025 10:47:23 +0000 Subject: [PATCH 127/160] home: vim: do not set 'background' explicitly Rely on the new behaviour from v0.10 which detects it more intelligently. --- modules/home/vim/init.vim | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index 39ef32e3..11429250 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -81,9 +81,6 @@ set updatetime=250 " Disable all mouse integrations set mouse= -" Set dark mode by default -set background=dark - " Setup some overrides for gruvbox lua << EOF local gruvbox = require("gruvbox") From bbdbc1e55cb8b2125b2ece2ff1c9d4c5922d821b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 28 Oct 2025 12:43:53 +0000 Subject: [PATCH 128/160] home: vim: ftdetect: remove glsl GLSL is now correctly detected starting with v0.11. This reverts commit b8b64bed8e4b3d8d109e7dcf38f69a4242142ec3. --- modules/home/vim/ftdetect/glsl.lua | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 modules/home/vim/ftdetect/glsl.lua diff --git a/modules/home/vim/ftdetect/glsl.lua b/modules/home/vim/ftdetect/glsl.lua deleted file mode 100644 index 2f4f1ddd..00000000 --- a/modules/home/vim/ftdetect/glsl.lua +++ /dev/null @@ -1,7 +0,0 @@ --- Use GLSL filetype for common shader file extensions -vim.filetype.add({ - extension = { - frag = "glsl", - vert = "glsl", - }, -}) From 6e73c936b09d46c8427963b5139588804aceddaa Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 7 Nov 2025 14:48:49 +0000 Subject: [PATCH 129/160] home: zsh: fix plug-in path The upstream commit [1] said it was a non-breaking change, but didn't actually setup the symlinks for this package... [1]: 10f01ded353d5a76c6acbecaa0ac5e5063f60c13 --- modules/home/zsh/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 6c6a4693..95242628 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -72,7 +72,7 @@ in plugins = [ { name = "fast-syntax-highlighting"; - file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh"; + file = "share/zsh/plugins/fast-syntax-highlighting/fast-syntax-highlighting.plugin.zsh"; src = pkgs.zsh-fast-syntax-highlighting; } { From 1b4111e28fc68d5b4592f3238854ba1164443c7e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 8 Nov 2025 22:12:42 +0100 Subject: [PATCH 130/160] nixos: services: nextcloud: use declarative apps Now that the `notify_push` module declaratively installs _its_ app [1], I should declaratively install _all_ apps. [1]: https://github.com/NixOS/nixpkgs/pull/451501 --- modules/nixos/services/nextcloud/collabora.nix | 6 ++++++ modules/nixos/services/nextcloud/default.nix | 10 ++++++++++ 2 files changed, 16 insertions(+) diff --git a/modules/nixos/services/nextcloud/collabora.nix b/modules/nixos/services/nextcloud/collabora.nix index f8f42a77..408b232e 100644 --- a/modules/nixos/services/nextcloud/collabora.nix +++ b/modules/nixos/services/nextcloud/collabora.nix @@ -16,6 +16,12 @@ in }; config = lib.mkIf cfg.enable { + services.nextcloud = { + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) richdocuments; + }; + }; + services.collabora-online = { enable = true; inherit (cfg) port; diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index dd3b3868..24515ffe 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -62,6 +62,16 @@ in # Allow using the push service without hard-coding my IP in the configuration bendDomainToLocalhost = true; }; + + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) + calendar + contacts + deck + tasks + ; + # notify_push is automatically installed by the module + }; }; # The service above configures the domain, no need for my wrapper From 6124d07c1b846d316e03e78a3cb65a77ce2e9832 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Nov 2025 12:35:54 +0100 Subject: [PATCH 131/160] flake: bump inputs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index d95de526..b0414094 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1761656077, - "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1762040540, - "narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=", + "lastModified": 1762980239, + "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "0010412d62a25d959151790968765a70c436598b", + "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1760663237, - "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", + "lastModified": 1763319842, + "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", + "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1762435363, - "narHash": "sha256-BTmHXtuuwVO1dRs6jPHcHCoO6+A7G3+GzrgeluiSkww=", + "lastModified": 1763313531, + "narHash": "sha256-yvdCYUL85zEDp2NzPUBmaNBXP6KnWEOhAk3j7PTfsKw=", "owner": "nix-community", "repo": "home-manager", - "rev": "432bc8a5da66638b5f139588efd6c4bd327e4cdc", + "rev": "3670a78eee49deebe4825fc8ecc46b172d1a8391", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "lastModified": 1763283776, + "narHash": "sha256-Y7TDFPK4GlqrKrivOcsHG8xSGqQx3A6c+i7novT85Uk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "rev": "50a96edd8d0db6cc8db57dab6bb6d6ee1f3dc49a", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1762602346, - "narHash": "sha256-BVzjmS25ihrfnfpfLD6gzXqMp9vP0hOyjIWkV0LP6E0=", + "lastModified": 1763378400, + "narHash": "sha256-9eZj8GNTBYnI8PQf9n8m9XbFCA/ugQ5r7sylY9DEx9M=", "owner": "nix-community", "repo": "NUR", - "rev": "fe5118da8d7e09651e0362ff130d194bc1441185", + "rev": "6bd477535ba71aa22d2712c8735c92812a1c74dc", "type": "github" }, "original": { From ad6a0bf4d3e5c5914160b2f427ef153d534b1030 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Nov 2025 22:36:18 +0100 Subject: [PATCH 132/160] nixos: services: mealie: extend session timeout --- modules/nixos/services/mealie/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 8c02398c..837bff29 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -32,6 +32,7 @@ in BASE_URL = "https://mealie.${config.networking.domain}"; TZ = config.time.timeZone; ALLOw_SIGNUP = "false"; + TOKEN_TIME = 24 * 180; # 180 days }; # Automatic PostgreSQL provisioning From 127e26b259624c6a57bc839abdde4f245c3099b8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Nov 2025 12:38:30 +0100 Subject: [PATCH 133/160] nixos: services: transmission: use high file limit Seeding a lot of files means keeping them all open. The actual limit was cargo-culted from an open issue. --- modules/nixos/services/transmission/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index ddd77d4b..2ed01fd0 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -71,10 +71,12 @@ in }; }; - # Transmission wants to eat *all* my RAM if left to its own devices systemd.services.transmission = { serviceConfig = { + # Transmission wants to eat *all* my RAM if left to its own devices MemoryMax = "33%"; + # Avoid errors due to high number of open files. + LimitNOFILE = 1048576; }; }; From b37bde6eaf150033149d0bbd5d924d0f9fb4b145 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Nov 2025 12:45:22 +0100 Subject: [PATCH 134/160] nixos: services: transmission: use longer timeout It looks like Transmission takes time roughly proportional with the number of open files to stop, so let's increase the timeout slightly. --- modules/nixos/services/transmission/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index 2ed01fd0..6a7fbc72 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -77,6 +77,8 @@ in MemoryMax = "33%"; # Avoid errors due to high number of open files. LimitNOFILE = 1048576; + # Longer stop timeout to finish all torrents + TimeoutStopSec = "5m"; }; }; From 29fb7c5066132e12b98a6cb7a7f9ba3c5460d8c1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Nov 2025 13:57:48 +0000 Subject: [PATCH 135/160] home: discord: use upstream module --- modules/home/discord/default.nix | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/modules/home/discord/default.nix b/modules/home/discord/default.nix index bfa5d40e..f9892df3 100644 --- a/modules/home/discord/default.nix +++ b/modules/home/discord/default.nix @@ -1,8 +1,6 @@ { config, lib, pkgs, ... }: let cfg = config.my.home.discord; - - jsonFormat = pkgs.formats.json { }; in { options.my.home.discord = with lib; { @@ -12,14 +10,15 @@ in }; config = lib.mkIf cfg.enable { - home.packages = with pkgs; [ - cfg.package - ]; + programs.discord = { + enable = true; - xdg.configFile."discord/settings.json".source = - jsonFormat.generate "discord.json" { + inherit (cfg) package; + + settings = { # Do not keep me from using the app just to force an update SKIP_HOST_UPDATE = true; }; + }; }; } From 3020c6433b0056aa805cdabd8d4c30f82cfb47e4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 30 Nov 2025 00:20:07 +0100 Subject: [PATCH 136/160] flake: bump inputs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index b0414094..b84e16d7 100644 --- a/flake.lock +++ b/flake.lock @@ -53,11 +53,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1762980239, - "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1763319842, - "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=", + "lastModified": 1763988335, + "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761", + "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1763313531, - "narHash": "sha256-yvdCYUL85zEDp2NzPUBmaNBXP6KnWEOhAk3j7PTfsKw=", + "lastModified": 1764361670, + "narHash": "sha256-jgWzgpIaHbL3USIq0gihZeuy1lLf2YSfwvWEwnfAJUw=", "owner": "nix-community", "repo": "home-manager", - "rev": "3670a78eee49deebe4825fc8ecc46b172d1a8391", + "rev": "780be8ef503a28939cf9dc7996b48ffb1a3e04c6", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1763283776, - "narHash": "sha256-Y7TDFPK4GlqrKrivOcsHG8xSGqQx3A6c+i7novT85Uk=", + "lastModified": 1764242076, + "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "50a96edd8d0db6cc8db57dab6bb6d6ee1f3dc49a", + "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1763378400, - "narHash": "sha256-9eZj8GNTBYnI8PQf9n8m9XbFCA/ugQ5r7sylY9DEx9M=", + "lastModified": 1764449851, + "narHash": "sha256-VnodC1+3KML8MYLLnK84E6U2Fz4ioNacOeQd1pMCSTw=", "owner": "nix-community", "repo": "NUR", - "rev": "6bd477535ba71aa22d2712c8735c92812a1c74dc", + "rev": "b1781c0aa8935d8d1f35d228bcc7127fcebcd363", "type": "github" }, "original": { From f546f85037bf23f105a721132f06ab3a562d38f7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 22 Nov 2025 23:34:06 +0100 Subject: [PATCH 137/160] hosts: nixos: porthos: secrets: sso: remove owner Now that the service uses `LoadCredential` [1], I can make the files root-owned. [1]: https://github.com/NixOS/nixpkgs/pull/460305 --- hosts/nixos/porthos/secrets/secrets.nix | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index b3812b43..f1842b4c 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -83,18 +83,9 @@ in "servarr/autobrr/session-secret.age".publicKeys = all; "servarr/cross-seed/configuration.json.age".publicKeys = all; - "sso/auth-key.age" = { - owner = "nginx-sso"; - publicKeys = all; - }; - "sso/ambroisie/password-hash.age" = { - owner = "nginx-sso"; - publicKeys = all; - }; - "sso/ambroisie/totp-secret.age" = { - owner = "nginx-sso"; - publicKeys = all; - }; + "sso/auth-key.age".publicKeys = all; + "sso/ambroisie/password-hash.age".publicKeys = all; + "sso/ambroisie/totp-secret.age".publicKeys = all; "tandoor-recipes/secret-key.age".publicKeys = all; From 5cd9155a5838d54c3606f6b0851e54252ea0774c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 23 Nov 2025 17:08:35 +0100 Subject: [PATCH 138/160] nixos: services: mealie: backup state directory Somehow forgot to do this when first writing the module. --- modules/nixos/services/mealie/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 837bff29..f3774e17 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -54,6 +54,12 @@ in }; }; + my.services.backup = { + paths = [ + "/var/lib/mealie" + ]; + }; + services.fail2ban.jails = { mealie = '' enabled = true From ddc6cd37adbb80960e8c99ddbb549057b64126ed Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 11 Dec 2025 21:00:17 +0100 Subject: [PATCH 139/160] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index b84e16d7..fd6173b9 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1763988335, - "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=", + "lastModified": 1765464257, + "narHash": "sha256-dixPWKiHzh80PtD0aLuxYNQ0xP+843dfXG/yM3OzaYQ=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce", + "rev": "09e45f2598e1a8499c3594fe11ec2943f34fe509", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1764361670, - "narHash": "sha256-jgWzgpIaHbL3USIq0gihZeuy1lLf2YSfwvWEwnfAJUw=", + "lastModified": 1765480374, + "narHash": "sha256-HlbvQAqLx7WqZFFQZ8nu5UUJAVlXiV/kqKbyueA8srw=", "owner": "nix-community", "repo": "home-manager", - "rev": "780be8ef503a28939cf9dc7996b48ffb1a3e04c6", + "rev": "39cb677ed9e908e90478aa9fe5f3383dfc1a63f3", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1764242076, - "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", + "lastModified": 1765186076, + "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", + "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1764449851, - "narHash": "sha256-VnodC1+3KML8MYLLnK84E6U2Fz4ioNacOeQd1pMCSTw=", + "lastModified": 1765481746, + "narHash": "sha256-oWDp4EMOXvPZSC5ZVdg90K7EFgUGvxmrFAwA/1hJ/j4=", "owner": "nix-community", "repo": "NUR", - "rev": "b1781c0aa8935d8d1f35d228bcc7127fcebcd363", + "rev": "2b2d6d53d6a66d1be2d8620024cc61ad986bcee2", "type": "github" }, "original": { From bf428aaeca03be801b53396eeba5ab73fab7c297 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 2 Dec 2025 12:34:42 +0000 Subject: [PATCH 140/160] nixos: hardware: graphics: remove 'amdvlk' It's been fully deprecated, the package was removed. --- modules/nixos/hardware/graphics/default.nix | 9 --------- 1 file changed, 9 deletions(-) diff --git a/modules/nixos/hardware/graphics/default.nix b/modules/nixos/hardware/graphics/default.nix index 7d8b359c..4b6eb375 100644 --- a/modules/nixos/hardware/graphics/default.nix +++ b/modules/nixos/hardware/graphics/default.nix @@ -15,8 +15,6 @@ in amd = { enableKernelModule = lib.my.mkDisableOption "Kernel driver module"; - - amdvlk = lib.mkEnableOption "Use AMDVLK instead of Mesa RADV driver"; }; intel = { @@ -35,13 +33,6 @@ in (lib.mkIf (cfg.gpuFlavor == "amd") { hardware.amdgpu = { initrd.enable = cfg.amd.enableKernelModule; - # Vulkan - amdvlk = lib.mkIf cfg.amd.amdvlk { - enable = true; - support32Bit = { - enable = true; - }; - }; }; hardware.graphics = { From 88024f16e59eb35dc1f13ff17626126604424ff6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 20 Dec 2025 14:56:25 +0000 Subject: [PATCH 141/160] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index fd6173b9..c8c20733 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "lastModified": 1765835352, + "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "rev": "a34fae9c08a15ad73f295041fec82323541400a9", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1765464257, - "narHash": "sha256-dixPWKiHzh80PtD0aLuxYNQ0xP+843dfXG/yM3OzaYQ=", + "lastModified": 1765911976, + "narHash": "sha256-t3T/xm8zstHRLx+pIHxVpQTiySbKqcQbK+r+01XVKc0=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "09e45f2598e1a8499c3594fe11ec2943f34fe509", + "rev": "b68b780b69702a090c8bb1b973bab13756cc7a27", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1765480374, - "narHash": "sha256-HlbvQAqLx7WqZFFQZ8nu5UUJAVlXiV/kqKbyueA8srw=", + "lastModified": 1766171975, + "narHash": "sha256-47Ee0bTidhF/3/sHuYnWRuxcCrrm0mBNDxBkOTd3wWQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "39cb677ed9e908e90478aa9fe5f3383dfc1a63f3", + "rev": "bb35f07cc95a73aacbaf1f7f46bb8a3f40f265b5", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1765186076, - "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", + "lastModified": 1766070988, + "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", + "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1765481746, - "narHash": "sha256-oWDp4EMOXvPZSC5ZVdg90K7EFgUGvxmrFAwA/1hJ/j4=", + "lastModified": 1766242030, + "narHash": "sha256-GdaKIZrzm4fbFf9jBVmeQFZTwYPxUlSTZrSId/JNMAU=", "owner": "nix-community", "repo": "NUR", - "rev": "2b2d6d53d6a66d1be2d8620024cc61ad986bcee2", + "rev": "30006228925f07c5c2a270bb95dc8da35d9942dc", "type": "github" }, "original": { From 7202fa191197d24c05b621a643bd4b07f13f8a43 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 20 Dec 2025 13:43:06 +0000 Subject: [PATCH 142/160] home: firefox: do not trim URLs --- modules/home/firefox/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/firefox/default.nix b/modules/home/firefox/default.nix index 6346dc9b..19a008cc 100644 --- a/modules/home/firefox/default.nix +++ b/modules/home/firefox/default.nix @@ -52,6 +52,7 @@ in "browser.newtabpage.activity-stream.feeds.sections" = false; "browser.newtabpage.activity-stream.feeds.system.topstories" = false; # Disable top stories "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; # Disable pocket + "browser.urlbar.trimURLs" = false; # Always show the `http://` prefix "extensions.pocket.enabled" = false; # Disable pocket "media.eme.enabled" = true; # Enable DRM "media.gmp-widevinecdm.enabled" = true; # Enable DRM From 852ded641a1e47b9cd95c5aaf3a3a2c1c6e01e38 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 26 Jan 2026 16:53:16 +0000 Subject: [PATCH 143/160] home: vim: lua: move 'list_clients' to lsp' --- modules/home/vim/lua/ambroisie/lsp.lua | 14 ++++++++++++++ modules/home/vim/lua/ambroisie/utils.lua | 14 -------------- modules/home/vim/plugin/settings/lualine.lua | 4 ++-- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index fef04873..05ca47a9 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -85,4 +85,18 @@ M.on_attach = function(client, bufnr) wk.add(keys) end +--- list all active LSP clients for specific buffer, or all buffers +--- @param bufnr int? buffer number +--- @return table all active LSP client names +M.list_clients = function(bufnr) + local clients = vim.lsp.get_clients({ bufnr = bufnr }) + local names = {} + + for _, client in ipairs(clients) do + table.insert(names, client.name) + end + + return names +end + return M diff --git a/modules/home/vim/lua/ambroisie/utils.lua b/modules/home/vim/lua/ambroisie/utils.lua index 0ee7c83b..482325e5 100644 --- a/modules/home/vim/lua/ambroisie/utils.lua +++ b/modules/home/vim/lua/ambroisie/utils.lua @@ -34,20 +34,6 @@ M.is_ssh = function() return false end ---- list all active LSP clients for specific buffer, or all buffers ---- @param bufnr int? buffer number ---- @return table all active LSP client names -M.list_lsp_clients = function(bufnr) - local clients = vim.lsp.get_clients({ bufnr = bufnr }) - local names = {} - - for _, client in ipairs(clients) do - table.insert(names, client.name) - end - - return names -end - --- partially apply a function with given arguments M.partial = function(f, ...) local a = { ... } diff --git a/modules/home/vim/plugin/settings/lualine.lua b/modules/home/vim/plugin/settings/lualine.lua index bbe46475..2dbc916e 100644 --- a/modules/home/vim/plugin/settings/lualine.lua +++ b/modules/home/vim/plugin/settings/lualine.lua @@ -1,6 +1,6 @@ local lualine = require("lualine") local oil = require("oil") -local utils = require("ambroisie.utils") +local lsp = require("ambroisie.lsp") local function list_spell_languages() if not vim.opt.spell:get() then @@ -11,7 +11,7 @@ local function list_spell_languages() end local function list_lsp_clients() - local client_names = utils.list_lsp_clients(0) + local client_names = lsp.list_clients(0) if #client_names == 0 then return "" From 034a432c8e408aeb606e4100b1758a956124328f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 26 Jan 2026 16:57:25 +0000 Subject: [PATCH 144/160] home: vim: null-ls: use 'partial' Just noticed that 'is_executable_condition' wasn't necessary now that I have this more generic solution. --- modules/home/vim/plugin/settings/null-ls.lua | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/home/vim/plugin/settings/null-ls.lua b/modules/home/vim/plugin/settings/null-ls.lua index 258a2094..00295bcc 100644 --- a/modules/home/vim/plugin/settings/null-ls.lua +++ b/modules/home/vim/plugin/settings/null-ls.lua @@ -10,11 +10,11 @@ null_ls.setup({ null_ls.register({ null_ls.builtins.diagnostics.buildifier.with({ -- Only used if available - condition = utils.is_executable_condition("buildifier"), + condition = utils.partial(utils.is_executable, "buildifier"), }), null_ls.builtins.formatting.buildifier.with({ -- Only used if available - condition = utils.is_executable_condition("buildifier"), + condition = utils.partial(utils.is_executable, "buildifier"), }), }) @@ -22,7 +22,7 @@ null_ls.register({ null_ls.register({ null_ls.builtins.formatting.nixpkgs_fmt.with({ -- Only used if available - condition = utils.is_executable_condition("nixpkgs-fmt"), + condition = utils.partial(utils.is_executable, "nixpkgs-fmt"), }), }) @@ -30,19 +30,19 @@ null_ls.register({ null_ls.register({ null_ls.builtins.diagnostics.mypy.with({ -- Only used if available - condition = utils.is_executable_condition("mypy"), + condition = utils.partial(utils.is_executable, "mypy"), }), null_ls.builtins.diagnostics.pylint.with({ -- Only used if available - condition = utils.is_executable_condition("pylint"), + condition = utils.partial(utils.is_executable, "pylint"), }), null_ls.builtins.formatting.black.with({ extra_args = { "--fast" }, -- Only used if available - condition = utils.is_executable_condition("black"), + condition = utils.partial(utils.is_executable, "black"), }), null_ls.builtins.formatting.isort.with({ -- Only used if available - condition = utils.is_executable_condition("isort"), + condition = utils.partial(utils.is_executable, "isort"), }), }) From ab34234c8392130d0158940d761dfa2923d527bf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 26 Jan 2026 16:57:25 +0000 Subject: [PATCH 145/160] home: vim: lua: remove 'is_executable_condition' --- modules/home/vim/lua/ambroisie/utils.lua | 9 --------- 1 file changed, 9 deletions(-) diff --git a/modules/home/vim/lua/ambroisie/utils.lua b/modules/home/vim/lua/ambroisie/utils.lua index 482325e5..5cb8df10 100644 --- a/modules/home/vim/lua/ambroisie/utils.lua +++ b/modules/home/vim/lua/ambroisie/utils.lua @@ -7,15 +7,6 @@ M.is_executable = function(cmd) return cmd and vim.fn.executable(cmd) == 1 end ---- return a function that checks if a given command is executable ---- @param cmd string? command to check ---- @return fun(): boolean executable -M.is_executable_condition = function(cmd) - return function() - return M.is_executable(cmd) - end -end - --- whether or not we are currently in an SSH connection --- @return boolean ssh connection M.is_ssh = function() From 69b9480aa10d6cedcad2d31048dfe2dea1fdeac1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 20 Jan 2026 11:43:50 +0000 Subject: [PATCH 146/160] home: vim: git: use consistent textobject names Specifically, use a lower-case name, to be consistent with all other textobjects. --- modules/home/vim/plugin/settings/git.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua index b9b92a69..fcae4252 100644 --- a/modules/home/vim/plugin/settings/git.lua +++ b/modules/home/vim/plugin/settings/git.lua @@ -57,12 +57,12 @@ local keys = { local objects = { mode = "o", - { "ih", gitsigns.select_hunk, desc = "Git hunk" }, + { "ih", gitsigns.select_hunk, desc = "git hunk" }, } -- Visual local visual = { mode = { "x" }, - { "ih", gitsigns.select_hunk, desc = "Git hunk" }, + { "ih", gitsigns.select_hunk, desc = "git hunk" }, { "g", group = "Git" }, { "gp", gitsigns.preview_hunk, desc = "Preview selection" }, { "gr", make_visual(gitsigns.reset_hunk), desc = "Restore selection" }, From 47ca4ed61cd328aff79cbec8f933e396ef53ffb8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 19 Jan 2026 16:01:37 +0000 Subject: [PATCH 147/160] overlays: add 'nvim-treesitter-legacy-shim' There has been a major breaking change upstream, as they have merged updated the plug-in to its (majorly incompatible) main branch rewrite. To make the upgrade process easier, this overlay ensures my configuration will keep evaluating with the legacy plug-in variant. --- .../nvim-treesitter-legacy-shim/default.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 overlays/nvim-treesitter-legacy-shim/default.nix diff --git a/overlays/nvim-treesitter-legacy-shim/default.nix b/overlays/nvim-treesitter-legacy-shim/default.nix new file mode 100644 index 00000000..d629f717 --- /dev/null +++ b/overlays/nvim-treesitter-legacy-shim/default.nix @@ -0,0 +1,18 @@ +final: prev: +let + inherit (final) lib; + overrides = final: prev: + let + hasLegacyPackage = prev ? nvim-treesitter-legacy; + in + { + nvim-treesitter-textobjects-legacy = prev.nvim-treesitter-textobjects.overrideAttrs { + dependencies = [ final.nvim-treesitter-legacy ]; + }; + } // (lib.optionalAttrs (!hasLegacyPackage) { + nvim-treesitter-legacy = final.nvim-treesitter; + }); +in +{ + vimPlugins = prev.vimPlugins.extend (overrides); +} From 28a36cfdaab7154ec1eec5534963829edd89da83 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 20 Jan 2026 11:33:16 +0000 Subject: [PATCH 148/160] home: vim: use legacy 'nvim-treesitter' plug-ins --- modules/home/vim/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 930a853a..726d4870 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -60,8 +60,8 @@ in nvim-lspconfig # Easy LSP configuration lsp-format-nvim # Simplified formatting configuration none-ls-nvim # LSP integration for linters and formatters - nvim-treesitter.withAllGrammars # Better highlighting - nvim-treesitter-textobjects # More textobjects + nvim-treesitter-legacy.withAllGrammars # Better highlighting + nvim-treesitter-textobjects-legacy # More textobjects plenary-nvim # 'null-ls', 'telescope' dependency # Completion From dbd7e077e5f23f3b6f2c42b1c55d9180680c6faf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 19 Jan 2026 18:12:55 +0000 Subject: [PATCH 149/160] flake: bump inputs --- flake.lock | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/flake.lock b/flake.lock index c8c20733..3f7a9b57 100644 --- a/flake.lock +++ b/flake.lock @@ -53,15 +53,15 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", - "owner": "edolstra", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { - "owner": "edolstra", + "owner": "NixOS", "repo": "flake-compat", "type": "github" } @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1765835352, - "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "a34fae9c08a15ad73f295041fec82323541400a9", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1765911976, - "narHash": "sha256-t3T/xm8zstHRLx+pIHxVpQTiySbKqcQbK+r+01XVKc0=", + "lastModified": 1769069492, + "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "b68b780b69702a090c8bb1b973bab13756cc7a27", + "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1766171975, - "narHash": "sha256-47Ee0bTidhF/3/sHuYnWRuxcCrrm0mBNDxBkOTd3wWQ=", + "lastModified": 1769442288, + "narHash": "sha256-p+Xqr+P22TYW2RqbwccSd4UlUDEwl7PnoW3qiH8wVoE=", "owner": "nix-community", "repo": "home-manager", - "rev": "bb35f07cc95a73aacbaf1f7f46bb8a3f40f265b5", + "rev": "384786dc70c4992643f916c7e57f378714fec4f1", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1766070988, - "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=", + "lastModified": 1769170682, + "narHash": "sha256-oMmN1lVQU0F0W2k6OI3bgdzp2YOHWYUAw79qzDSjenU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8", + "rev": "c5296fdd05cfa2c187990dd909864da9658df755", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1766242030, - "narHash": "sha256-GdaKIZrzm4fbFf9jBVmeQFZTwYPxUlSTZrSId/JNMAU=", + "lastModified": 1769444957, + "narHash": "sha256-2VIGLo/Xj7v+ZZqR/k2uoaZ75vpYB1FLa2UAW5ZhIK8=", "owner": "nix-community", "repo": "NUR", - "rev": "30006228925f07c5c2a270bb95dc8da35d9942dc", + "rev": "9183819b926f1f58e8af86e86f28cc7d1e87698f", "type": "github" }, "original": { From 96a76f8c7f3811af06438b848bd266f013249e91 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 20 Jan 2026 11:41:38 +0000 Subject: [PATCH 150/160] home: vim: tree-sitter: migrate textobjects config This uses the new configuration format. I might DRY it up at some point in the future, though I probably won't. --- .../home/vim/plugin/settings/tree-sitter.lua | 105 +++++++++++------- 1 file changed, 64 insertions(+), 41 deletions(-) diff --git a/modules/home/vim/plugin/settings/tree-sitter.lua b/modules/home/vim/plugin/settings/tree-sitter.lua index d5fff465..cbb0d455 100644 --- a/modules/home/vim/plugin/settings/tree-sitter.lua +++ b/modules/home/vim/plugin/settings/tree-sitter.lua @@ -1,4 +1,58 @@ local ts_config = require("nvim-treesitter.configs") +local ts_select = require("nvim-treesitter-textobjects.select") +local ts_move = require("nvim-treesitter-textobjects.move") +local utils = require("ambroisie.utils") +local wk = require("which-key") + +local function select_textobject(query) + return utils.partial(ts_select.select_textobject, query) +end + +local function goto_next_start(query) + return utils.partial(ts_move.goto_next_start, query) +end +local function goto_next_end(query) + return utils.partial(ts_move.goto_next_end, query) +end +local function goto_previous_start(query) + return utils.partial(ts_move.goto_previous_start, query) +end +local function goto_previous_end(query) + return utils.partial(ts_move.goto_previous_end, query) +end + +local objects = { + mode = { "x", "o" }, + { "aa", select_textobject("@parameter.outer"), desc = "a parameter" }, + { "ia", select_textobject("@parameter.inner"), desc = "inner parameter" }, + { "ab", select_textobject("@block.outer"), desc = "a block" }, + { "ib", select_textobject("@block.inner"), desc = "inner block" }, + { "ac", select_textobject("@class.outer"), desc = "a class" }, + { "ic", select_textobject("@class.inner"), desc = "inner class" }, + { "af", select_textobject("@function.outer"), desc = "a function" }, + { "if", select_textobject("@function.inner"), desc = "inner function" }, + { "ak", select_textobject("@comment.outer"), desc = "a comment" }, + { "aS", select_textobject("@statement.outer"), desc = "a statement" }, +} +local moves = { + mode = { "n", "x", "o" }, + -- Next start + { "]m", goto_next_start("@function.outer"), desc = "Next method start" }, + { "]S", goto_next_start("@statement.outer"), desc = "Next statement start" }, + { "]]", goto_next_start("@class.outer"), desc = "Next class start" }, + -- Next end + { "]M", goto_next_end("@function.outer"), desc = "Next method end" }, + { "][", goto_next_end("@class.outer"), desc = "Next class end" }, + -- Previous start + { "[m", goto_previous_start("@function.outer"), desc = "Previous method start" }, + { "[S", goto_previous_start("@statement.outer"), desc = "Previous statement start" }, + { "[[", goto_previous_start("@class.outer"), desc = "Previous class start" }, + -- Previous end + { "[M", goto_previous_end("@function.outer"), desc = "Previous method end" }, + { "[]", goto_previous_end("@class.outer"), desc = "Previous class end" }, +} +wk.add(objects) +wk.add(moves) ts_config.setup({ highlight = { @@ -9,46 +63,15 @@ ts_config.setup({ indent = { enable = true, }, - textobjects = { - select = { - enable = true, - -- Jump to matching text objects - lookahead = true, - keymaps = { - ["aa"] = { query = "@parameter.outer", desc = "a parameter" }, - ["ia"] = { query = "@parameter.inner", desc = "inner parameter" }, - ["ab"] = { query = "@block.outer", desc = "a block" }, - ["ib"] = { query = "@block.inner", desc = "inner block" }, - ["ac"] = { query = "@class.outer", desc = "a class" }, - ["ic"] = { query = "@class.inner", desc = "inner class" }, - ["af"] = { query = "@function.outer", desc = "a function" }, - ["if"] = { query = "@function.inner", desc = "inner function" }, - ["ak"] = { query = "@comment.outer", desc = "a comment" }, - ["aS"] = { query = "@statement.outer", desc = "a statement" }, - }, - }, - move = { - enable = true, - -- Add to jump list - set_jumps = true, - goto_next_start = { - ["]m"] = { query = "@function.outer", desc = "Next method start" }, - ["]S"] = { query = "@statement.outer", desc = "Next statement start" }, - ["]]"] = { query = "@class.outer", desc = "Next class start" }, - }, - goto_next_end = { - ["]M"] = { query = "@function.outer", desc = "Next method end" }, - ["]["] = { query = "@class.outer", desc = "Next class end" }, - }, - goto_previous_start = { - ["[m"] = { query = "@function.outer", desc = "Previous method start" }, - ["[S"] = { query = "@statement.outer", desc = "Previous statement start" }, - ["[["] = { query = "@class.outer", desc = "Previous class start" }, - }, - goto_previous_end = { - ["[M"] = { query = "@function.outer", desc = "Previous method end" }, - ["[]"] = { query = "@class.outer", desc = "Previous class end" }, - }, - }, +}) + +require("nvim-treesitter-textobjects").setup({ + select = { + -- Jump to matching text objects + lookahead = true, + }, + move = { + -- Add to jump list + set_jumps = true, }, }) From 635fddc3388c4b2883bed382062ee8a5847a8dd7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 20 Jan 2026 12:26:37 +0000 Subject: [PATCH 151/160] home: vim: migrate to new 'nvim-treesitter' --- modules/home/vim/default.nix | 4 +- .../home/vim/plugin/settings/tree-sitter.lua | 42 +++++++++++++------ 2 files changed, 32 insertions(+), 14 deletions(-) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 726d4870..930a853a 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -60,8 +60,8 @@ in nvim-lspconfig # Easy LSP configuration lsp-format-nvim # Simplified formatting configuration none-ls-nvim # LSP integration for linters and formatters - nvim-treesitter-legacy.withAllGrammars # Better highlighting - nvim-treesitter-textobjects-legacy # More textobjects + nvim-treesitter.withAllGrammars # Better highlighting + nvim-treesitter-textobjects # More textobjects plenary-nvim # 'null-ls', 'telescope' dependency # Completion diff --git a/modules/home/vim/plugin/settings/tree-sitter.lua b/modules/home/vim/plugin/settings/tree-sitter.lua index cbb0d455..2958c2a9 100644 --- a/modules/home/vim/plugin/settings/tree-sitter.lua +++ b/modules/home/vim/plugin/settings/tree-sitter.lua @@ -1,4 +1,4 @@ -local ts_config = require("nvim-treesitter.configs") +local treesitter = require("nvim-treesitter") local ts_select = require("nvim-treesitter-textobjects.select") local ts_move = require("nvim-treesitter-textobjects.move") local utils = require("ambroisie.utils") @@ -54,17 +54,6 @@ local moves = { wk.add(objects) wk.add(moves) -ts_config.setup({ - highlight = { - enable = true, - -- Avoid duplicate highlighting - additional_vim_regex_highlighting = false, - }, - indent = { - enable = true, - }, -}) - require("nvim-treesitter-textobjects").setup({ select = { -- Jump to matching text objects @@ -75,3 +64,32 @@ require("nvim-treesitter-textobjects").setup({ set_jumps = true, }, }) + +-- Automatically setup treesitter for supported filetypes +local function treesitter_try_attach(buf, language) + -- Try to load language + -- NOTE: the best way I found to check if a filetype has a grammar + if not vim.treesitter.language.add(language) then + return false + end + + -- Syntax highlighting + vim.treesitter.start(buf, language) + -- Indentation + vim.bo.indentexpr = "v:lua.require('nvim-treesitter').indentexpr()" + + return true +end + +vim.api.nvim_create_autocmd("FileType", { + pattern = "*", + group = vim.api.nvim_create_augroup("treesitter_attach", { clear = true }), + callback = function(args) + local buf, filetype = args.buf, args.match + local language = vim.treesitter.language.get_lang(filetype) + if not language then + return + end + treesitter_try_attach(buf, language) + end, +}) From f3f0cb6a34eb339d0a60a064aef340e5415b50bf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 20 Jan 2026 12:27:26 +0000 Subject: [PATCH 152/160] overlays: remove 'nvim-treesitter-legacy-shim' With the migration complete, I do not need it anymore. This reverts commit bf260de243e55d02ae6be52678ccadc6ea77439b. --- .../nvim-treesitter-legacy-shim/default.nix | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 overlays/nvim-treesitter-legacy-shim/default.nix diff --git a/overlays/nvim-treesitter-legacy-shim/default.nix b/overlays/nvim-treesitter-legacy-shim/default.nix deleted file mode 100644 index d629f717..00000000 --- a/overlays/nvim-treesitter-legacy-shim/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -final: prev: -let - inherit (final) lib; - overrides = final: prev: - let - hasLegacyPackage = prev ? nvim-treesitter-legacy; - in - { - nvim-treesitter-textobjects-legacy = prev.nvim-treesitter-textobjects.overrideAttrs { - dependencies = [ final.nvim-treesitter-legacy ]; - }; - } // (lib.optionalAttrs (!hasLegacyPackage) { - nvim-treesitter-legacy = final.nvim-treesitter; - }); -in -{ - vimPlugins = prev.vimPlugins.extend (overrides); -} From bfd058da36a535ace178e66a3a9100b879e15b45 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 4 Feb 2026 20:39:05 +0000 Subject: [PATCH 153/160] home: vim: git: map hunk-navigation in more modes --- modules/home/vim/plugin/settings/git.lua | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua index fcae4252..2c4504dd 100644 --- a/modules/home/vim/plugin/settings/git.lua +++ b/modules/home/vim/plugin/settings/git.lua @@ -33,10 +33,6 @@ gitsigns.setup({ }) local keys = { - -- Navigation - { "[c", utils.partial(nav_hunk, "prev"), desc = "Previous hunk/diff" }, - { "]c", utils.partial(nav_hunk, "next"), desc = "Next hunk/diff" }, - -- Commands { "g", group = "Git" }, { "gb", gitsigns.toggle_current_line_blame, desc = "Toggle blame virtual text" }, { "gd", gitsigns.diffthis, desc = "Diff buffer" }, @@ -55,6 +51,12 @@ local keys = { { "g]", utils.partial(gitsigns.nav_hunk, "next"), desc = "Next hunk" }, } +local moves = { + mode = { "n", "x", "o" }, + { "[c", utils.partial(nav_hunk, "prev"), desc = "Previous hunk/diff" }, + { "]c", utils.partial(nav_hunk, "next"), desc = "Next hunk/diff" }, +} + local objects = { mode = "o", { "ih", gitsigns.select_hunk, desc = "git hunk" }, @@ -71,5 +73,6 @@ local visual = { } wk.add(keys) +wk.add(moves) wk.add(objects) wk.add(visual) From 89db8883e961a417f6a6c78fc3c7b3ad4794ffb8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 10 Feb 2026 14:53:14 +0000 Subject: [PATCH 154/160] flake: bump inputs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 3f7a9b57..dad55a08 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1762618334, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1770165109, + "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", "owner": "ryantm", "repo": "agenix", - "rev": "fcdea223397448d35d9b31f798479227e80183f6", + "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1769069492, - "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", + "lastModified": 1770726378, + "narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", + "rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1769442288, - "narHash": "sha256-p+Xqr+P22TYW2RqbwccSd4UlUDEwl7PnoW3qiH8wVoE=", + "lastModified": 1770654520, + "narHash": "sha256-mg5WZMIPGsFu9MxSrUcuJUPMbfMsF77el5yb/7rc10k=", "owner": "nix-community", "repo": "home-manager", - "rev": "384786dc70c4992643f916c7e57f378714fec4f1", + "rev": "6c4fdbe1ad198fac36c320fd45c5957324a80b8e", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1769170682, - "narHash": "sha256-oMmN1lVQU0F0W2k6OI3bgdzp2YOHWYUAw79qzDSjenU=", + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c5296fdd05cfa2c187990dd909864da9658df755", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1769444957, - "narHash": "sha256-2VIGLo/Xj7v+ZZqR/k2uoaZ75vpYB1FLa2UAW5ZhIK8=", + "lastModified": 1770732881, + "narHash": "sha256-yGkibRit67Pz1uo1Kk55kZBHQq90K3gc0N762JGW/uQ=", "owner": "nix-community", "repo": "NUR", - "rev": "9183819b926f1f58e8af86e86f28cc7d1e87698f", + "rev": "06490c1287ab62a8c5075c440fd3e247913bc29c", "type": "github" }, "original": { From f2ae223c665968d94c573c3a6eb37b7d19513e2d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 19 Feb 2026 15:01:11 +0100 Subject: [PATCH 155/160] nixos: services: sabnzbd: fix deprecated config I want to have _some_ settings set outside my NixOS configuration, so keep the config-file writable. --- modules/nixos/services/sabnzbd/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos/services/sabnzbd/default.nix b/modules/nixos/services/sabnzbd/default.nix index 9e0d9c3c..6c9eadd4 100644 --- a/modules/nixos/services/sabnzbd/default.nix +++ b/modules/nixos/services/sabnzbd/default.nix @@ -13,6 +13,11 @@ in services.sabnzbd = { enable = true; group = "media"; + + # Don't warn about the config file + configFile = null; + # I want to configure servers outside of Nix + allowConfigWrite = true; }; # Set-up media group From c8f9e002f62e770be83d9af56a58f176b92a7474 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 19 Feb 2026 15:08:09 +0100 Subject: [PATCH 156/160] nixos: services: sabnzbd: add 'port' option --- modules/nixos/services/sabnzbd/default.nix | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/modules/nixos/services/sabnzbd/default.nix b/modules/nixos/services/sabnzbd/default.nix index 6c9eadd4..37ba96cf 100644 --- a/modules/nixos/services/sabnzbd/default.nix +++ b/modules/nixos/services/sabnzbd/default.nix @@ -2,11 +2,17 @@ { config, lib, ... }: let cfg = config.my.services.sabnzbd; - port = 9090; # NOTE: not declaratively set... in { options.my.services.sabnzbd = with lib; { enable = mkEnableOption "SABnzbd binary news reader"; + + port = mkOption { + type = types.port; + default = 9090; + example = 4242; + description = "The port on which SABnzbd will listen for incoming HTTP traffic"; + }; }; config = lib.mkIf cfg.enable { @@ -18,6 +24,13 @@ in configFile = null; # I want to configure servers outside of Nix allowConfigWrite = true; + + settings = { + misc = { + host = "127.0.0.1"; + inherit (cfg) port; + }; + }; }; # Set-up media group @@ -25,7 +38,7 @@ in my.services.nginx.virtualHosts = { sabnzbd = { - inherit port; + inherit (cfg) port; }; }; From 72efb0c7eae9a14c26e702dbca0ebbd1c2822f46 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 19 Feb 2026 19:46:25 +0100 Subject: [PATCH 157/160] hosts: nixos: porthos: secrets: update cross-seed --- .../servarr/cross-seed/configuration.json.age | Bin 2031 -> 3119 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age index 94fdf975d6418d394c62c42e572374b24865a776..b8cbe6aa7d2a5491342a62798ddaf2830e28cb7d 100644 GIT binary patch literal 3119 zcmdM|0Vh{?Pd^1mcUJ{hKj)yxfDl&~1vgJ0SCE`8S7dlfj!$@4X{522X|hL9L6VV4 zX_B#5o{w>4g>$BXwx@?*Rid+DPLzwMp-OH&<9-en~*4 zV_9IZMXqOvUzksLN@Y~ITUAuBlY5Yhle>?BVRnjRfvaz5SW%!+L2;r-RAo?zt4Xql zpGjbdV-Z(KXoX==M7B||L5Znzra_5Mu#<6!YlVAiXhu$CZct%VmXk?{tEEY>foEl4 zR*+eUhm(PCSb<4WZlqyUSX4Pza70d4Vor){RJd!obDn=nx{p&~aaOo*qH9ukKuVTx zS&+YTsk2*-c6OCtu5)T~Sa7OqQktc4X^xY5ScS0xSBQaIu4h(?QDT{EmU*#LzF$&F zgjryfTe4GXNI+#)xuJP}xItucQeIhEd0s_TQKoU3Pqt@?aa3-lQJHH}6<3%~cy3u} zNUm=|Xr@7#v2UJtYGuB!qq(_rV5woEuZdrIgppa9g{5z)pMjZMnqx(%f0RL>WoB4# zp@mn7vpH94P)bCEi+)yEs=Gl+s)2imXHjLienqfvxNnhTx<__qS)zZYk8w$fzn^Pb zs+)gRx{FgmQCg6pdzDF6K#4O~s#!sPqQGkVa zx?8weR(eIMcCN8ux^G&Ek#}-tRElGGg?~zAW@Je=m#KbYak-8G`MU_jAi*sg{Z)kCGgpsFVnv+v@nP-8MK~RuIQGiRXV`gSqrSdNg}G~JQese$QL0OTb5%q{u6u5}iK&rKqJ@E@V?ddav4>-% zuSIEbkh6JGWp-3Rva6$`Q${dXXh2Y)nR9rirKMTAX;EIWk+HrNB*v8#c5Rhf&nMXp(ZVV-H2Wr(Azi>YHemqnR-g+*p+Mwv&UxuI{6XGy71 zl5<&TPHCc9Zc15rXnBT*w_k9ob7qlyNl3YweoA7bkBhc(Vpe)?nn$RsE0=q&Ur3N& zK%jx6p_xH;zPYQVsY_r+SxKRnsdGtjq<>;nezCt{R*F$@YN?N(YpPFPxtB#{lwXju zPfnnvxj$D~iEnmgK$2y8u47t7SxAzhvw?SBs7bm(VoEVRA)=f1;zgcVtnacThf8U~!^nVMJn1ct(a}aHyk+XK8U-SV@(6VUS6pX=t{$ zPobMhR+&$^n|psE>JyQ$Suws%eUwpRq}Ju9rcYQA$}#c#yeQ zkdaA5fssdXT6T7zwwHf$zF8udp=VB*c3MWMt-7Eq=$EKl!ZwmSCwJ5m!)$_T7jXncDbojwu_&> zS8kHNzh9VR zZ(e%2rC)eiSZ;AniMK^ST1i-{Q)ZyPqmPGippScGpj&8WqGM8Ev5%osK%jAjkF&nM ztC@F3XcU*Pxpt_FKv|hZZnAz>qJ?>&S!Iz|o@ID= zm`7@Wp_yTtOHp!GXi9`>5X|}eTc|c)#prLC;c4l&wd%90i za=C9-PD+|vhIg{NcWR!8MTL2oTc%5tTTw)wTS|pDmws`HtADC%kZEb5U!GY;Wnoxu zq`OZ*v2$g*Wtd5&i&vgca+G7fw~1G>ey~AmW`4R)k+XS3aA8tKMNnCmDVMKHSYp0e zu}Ni~Q<8U?xv#%LQDAXIpii!gr@LuNfwzmRez-+$XsEtVaax*pfTc@BuxDXWNp@wW zdq75!sUcT{VX~`!a=y2jc}hjTNvf~8QE_&8NU(2lP-%#vaiCdIq+yA9u6|^yhe@J) zvPr17yLNd{N_wfWS(#66WQrwMnTw};Zl$w_c7bQEN1}UJx>2E@Yg&q9nWtx{yPv;F zqL+tfaDaZLc4b*cqNRCKZbW)mo{^z`sCjZlzIkNZo^ye7VNr>bQ+8gMGnbJ;ib+aV zSaMKSP^G?kp=XLmwn1TLfoW<=R+vjwdPJzVsj0JLxvNR0ab-|xMOaW`MwyFafJ;=7 zep+E}l^IutepX77WsY~4Pfl2hw_$2#mRD7zNxFAoUXizxmtj;%g@>cIk6*rTd8tL3 zep;njWu#A1L{+(gv0FufZ$OPwpT@Po_ShYP^h_UK%$p-M5Tp$ zZgx^wYEfcUNKj#vzf+ijexNs3m04v(iA#2tsb#pCe~NLQwtMuvxx zXL_o3WMyJvfK!o2KxSg1d#P(kae;H1b67~Ji)TeTmr+1LRJvJ~cZgGzV^FG}xl?MW zqqbR!p>}48e||=Wd1zH$W=V;0URtt#x?8YIrn7Hlc2QBNcc{63Nl{6NK37h7fnj#2 ztG}07kWZpxSV>BvL5ORJS4d!yiBpzOh^c=`xud(KOL3A{m1BresBw_9OOB_hOJzW+ zg-4*dTRxYwi(6(+q_&q?YJOUXTWLm^o2Pqvj%!*;Nvg4NWK?cdXjze0a=D9#c6g~z dsE?UZRiv?{u}hM_qpd9$xWVu0=Yq2@004Qv`|1Dy literal 2031 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSn_Ri1BO;<=S&$J9m zF108%Ez1fnwba%(@lP*Gv8;3pa4ITEa}G-n@GUjXG)>PAwBQQ!PmHukbu};XDaucD z&U7>_!m*q%D~GW!PCyAa=HPkhbXbVF37 zN?-GNd`T7B8omGaZol8#dRXti*uqeG!fCfmmqMUWnFOQqq01_JHaw2M5yI+fsQ&KG z^;1^+T2(5`xDBq(c%ySg^gw&a54{aGOE*~S$ZlM|vHfpUz?$5OLj{h9cDS1#y}xO_ zLPheMIX_=qX;-rfjCyCRvpJq=XT{o&)(+vvofO2`r&=CZ6xenuR)21d!&L7bdTYc= zLRawg?K)6*U0Zi?g3M&+hfDH4MY%GZyIb|5$M(Tg$;?inturkgj$Cn?HA&oN&q>*d z%j-_D9KL^(xx`Y#*#2;2Tk};p!Goa_9{fFLEF2WYr!0H+-AYr=0EGqj?(Yt>XF4Ff z^LVF#gTiOoH``>~kGU?fZ0Fs&n^Sp(WrX3ecA=sr@0}U6uieeCGqGRlZ+^IFKd}_&m#(Kht>q1$~?7h-IrI~ z%&SkOu>6!LUVgh?F8FEI=G%@PI}5)Uy%oJEr}TA>qx1J0-VF19e_!)T&sBKVYnCf! z4xgQhp43*i%AVLbk6%ss>E8Mb%VV|*_Ay&O{MwMDdso1tQGxeEs(${@4C$FKk1JnW_UhKtZ6`fU&L^<*s@-@}=JhGRYfj>0seJ3L z^O_GVl5Dh`xkg?fr}R*Azs36*^81y}9hB_OQBsm(E^y_L5lNqv6;$YP^qr-wh3fOD zjaCnf+*_Wh?f$f8*WIT<-`&ool<`Wgm|XZ^*~-gj&-*O;Qghv`FN-(z)9m+-N8U&B zt995tZ}WQJ!d{XqWODsp%)2YE<82OpU9&KK|6QfDErO-qO~%1Gk6I?5zu&y>{Krp^ zYOAE;vgbNgC`^C;YY|tS&GxU;)`;D#QDsfsZl6C({NUrz;_B1_=fy5LIdQ+W=JsBW z%nm*x^*YF&WF4f%bacs3anas8oq8>zcl;?xnIWXIFk_~9f7XTzT-QA}J@4i3{Bbctb2ra0Y`ZMgewZzp!SLVqDv#rWyUy*%TIj5Qnnm;M#5Gp- zmRl7U{A>*SH1FD@)^*WG1LnWCJ9Sic8N-wKz2|HN1Q_fC&CX~vUh$gZ{d0+wzq$IJ z&Gu*ZPwGFgcfQG#*o%3*4cxwNP6wU6UDm$2{)WHjNBfg}f91z=>nEK5wmQG|*T%vp zugUpj5qt5jvDxYAG8`$p`}cS0uK8!4wBd<@xa5ov-@>x` z4YxeF|KPXg(WwiqZH=k|s~OU!>h#QKwp+$GFD?D!my!U6gBn}j3M?G5IK4cBmr8yEjszWJTf zp1W!cj|^YLd89JDQEszyTYUQNp5XT0Nv|6oOkb2T!}#*+l9x$$F8u1*eEf3cUF%C4 zK`Ylzw45Bhf9}s-jdQ1puDPiMsW0iazjEVWY436#4iUuytqpbFRcg%T-vqDc6s{=g z4Jk}MwrrQLDd(G*jh+&7GI&|bm=9iYX7k+?#ah`e5XX1^e8pw$L(jEi&2pb)PMa+i zFva=c(QQUn47`Oi_WNAlX{^l28dhHW(0{s6O$>+bT+YbNvq~3Q>UY;AW&R7x@b Date: Wed, 18 Feb 2026 11:18:41 +0000 Subject: [PATCH 158/160] pkgs: i3-get-window-criteria: fix 'xorg' packages The `xorg` namespace is about to be removed in my next bump, so let's pro-actively remove them now. --- pkgs/i3-get-window-criteria/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/i3-get-window-criteria/default.nix b/pkgs/i3-get-window-criteria/default.nix index 2fc840dc..cba51944 100644 --- a/pkgs/i3-get-window-criteria/default.nix +++ b/pkgs/i3-get-window-criteria/default.nix @@ -1,4 +1,4 @@ -{ lib, coreutils, gnused, makeWrapper, stdenvNoCC, xorg }: +{ lib, coreutils, gnused, makeWrapper, stdenvNoCC, xprop, xwininfo }: stdenvNoCC.mkDerivation rec { pname = "i3-get-window-criteria"; version = "0.1.0"; @@ -22,8 +22,8 @@ stdenvNoCC.mkDerivation rec { wrapperPath = lib.makeBinPath [ coreutils gnused - xorg.xprop - xorg.xwininfo + xprop + xwininfo ]; fixupPhase = '' From 4704b34db3e248abab508f0f8c2b5c6f45a26549 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 19 Feb 2026 21:40:35 +0100 Subject: [PATCH 159/160] overlays: downgrade-transmission: add derivation I need to vendor the full derivation definition, as upstream diverges further and further away from 4.0.5. On the next bump, the packaging for 4.1.0 starts becoming sufficiently different to break my overlay. --- overlays/downgrade-transmission/default.nix | 17 +- .../downgrade-transmission/transmission_4.nix | 232 ++++++++++++++++++ 2 files changed, 237 insertions(+), 12 deletions(-) create mode 100644 overlays/downgrade-transmission/transmission_4.nix diff --git a/overlays/downgrade-transmission/default.nix b/overlays/downgrade-transmission/default.nix index 9d3fc8ae..9fc6d140 100644 --- a/overlays/downgrade-transmission/default.nix +++ b/overlays/downgrade-transmission/default.nix @@ -1,14 +1,7 @@ -self: prev: +self: _prev: { - transmission_4 = prev.transmission_4.overrideAttrs (_: { - version = "4.0.5"; - - src = self.fetchFromGitHub { - owner = "transmission"; - repo = "transmission"; - rev = "4.0.5"; - hash = "sha256-gd1LGAhMuSyC/19wxkoE2mqVozjGPfupIPGojKY0Hn4="; - fetchSubmodules = true; - }; - }); + transmission_4 = self.callPackage ./transmission_4.nix { + fmt = self.fmt_9; + libutp = self.libutp_3_4; + }; } diff --git a/overlays/downgrade-transmission/transmission_4.nix b/overlays/downgrade-transmission/transmission_4.nix new file mode 100644 index 00000000..a49f6b9b --- /dev/null +++ b/overlays/downgrade-transmission/transmission_4.nix @@ -0,0 +1,232 @@ +{ stdenv +, lib +, fetchFromGitHub +, fetchpatch2 +, cmake +, pkg-config +, python3 +, openssl +, curl +, libevent +, inotify-tools +, systemd +, zlib +, pcre +, libb64 +, libutp +, libdeflate +, utf8cpp +, fast-float +, fmt +, libpsl +, miniupnpc +, dht +, libnatpmp +, # Build options + enableGTK3 ? false +, gtkmm3 +, libpthread-stubs +, wrapGAppsHook3 +, enableQt5 ? false +, enableQt6 ? false +, qt5 +, qt6Packages +, nixosTests +, enableSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd +, enableDaemon ? true +, enableCli ? true +, installLib ? false +, apparmorRulesFromClosure +}: + +let + inherit (lib) cmakeBool optionals; + + apparmorRules = apparmorRulesFromClosure { name = "transmission-daemon"; } ( + [ + curl + libdeflate + libevent + libnatpmp + libpsl + miniupnpc + openssl + pcre + zlib + ] + ++ optionals enableSystemd [ systemd ] + ++ optionals stdenv.hostPlatform.isLinux [ inotify-tools ] + ); + +in +stdenv.mkDerivation (finalAttrs: { + pname = "transmission"; + version = "4.0.5"; + + src = fetchFromGitHub { + owner = "transmission"; + repo = "transmission"; + rev = finalAttrs.version; + hash = "sha256-gd1LGAhMuSyC/19wxkoE2mqVozjGPfupIPGojKY0Hn4="; + fetchSubmodules = true; + }; + + patches = [ + (fetchpatch2 { + url = "https://github.com/transmission/transmission/commit/febfe49ca3ecab1a7142ecb34012c1f0b2bcdee8.patch?full_index=1"; + hash = "sha256-Ge0+AXf/ilfMieGBAdvvImY7JOb0gGIdeKprC37AROs="; + excludes = [ + # The submodule that we don't use (we use our miniupnp) + "third-party/miniupnp" + # Hunk fails for this one, but we don't care because we don't rely upon + # xcode definitions even for the Darwin build. + "Transmission.xcodeproj/project.pbxproj" + ]; + }) + ]; + + outputs = [ + "out" + "apparmor" + ]; + + cmakeFlags = [ + (cmakeBool "ENABLE_CLI" enableCli) + (cmakeBool "ENABLE_DAEMON" enableDaemon) + (cmakeBool "ENABLE_GTK" enableGTK3) + (cmakeBool "ENABLE_MAC" false) # requires xcodebuild + (cmakeBool "ENABLE_QT" (enableQt5 || enableQt6)) + (cmakeBool "INSTALL_LIB" installLib) + ] + ++ optionals stdenv.hostPlatform.isDarwin [ + # Transmission sets this to 10.13 if not explicitly specified, see https://github.com/transmission/transmission/blob/0be7091eb12f4eb55f6690f313ef70a66795ee72/CMakeLists.txt#L7-L16. + "-DCMAKE_OSX_DEPLOYMENT_TARGET=${stdenv.hostPlatform.darwinMinVersion}" + ]; + + postPatch = '' + # Clean third-party libraries to ensure system ones are used. + # Excluding gtest since it is hardcoded to vendored version. The rest of the listed libraries are not packaged. + pushd third-party + for f in *; do + if [[ ! $f =~ googletest|wildmat|wide-integer|jsonsl ]]; then + rm -r "$f" + fi + done + popd + rm \ + cmake/FindFastFloat.cmake \ + cmake/FindFmt.cmake \ + cmake/FindUtfCpp.cmake + # Upstream uses different config file name. + substituteInPlace CMakeLists.txt --replace 'find_package(UtfCpp)' 'find_package(utf8cpp)' + + # Use gettext even on Darwin + substituteInPlace libtransmission/utils.h \ + --replace-fail '#if defined(HAVE_GETTEXT) && !defined(__APPLE__)' '#if defined(HAVE_GETTEXT)' + ''; + + nativeBuildInputs = [ + pkg-config + cmake + python3 + ] + ++ optionals enableGTK3 [ wrapGAppsHook3 ] + ++ optionals enableQt5 [ qt5.wrapQtAppsHook ] + ++ optionals enableQt6 [ qt6Packages.wrapQtAppsHook ]; + + buildInputs = [ + curl + dht + fast-float + fmt + libb64 + libdeflate + libevent + libnatpmp + libpsl + libutp + miniupnpc + openssl + pcre + utf8cpp + zlib + ] + ++ optionals enableQt5 ( + with qt5; + [ + qttools + qtbase + ] + ) + ++ optionals enableQt6 ( + with qt6Packages; + [ + qttools + qtbase + qtsvg + ] + ) + ++ optionals enableGTK3 [ + gtkmm3 + libpthread-stubs + ] + ++ optionals enableSystemd [ systemd ] + ++ optionals stdenv.hostPlatform.isLinux [ inotify-tools ]; + + postInstall = '' + mkdir $apparmor + cat >$apparmor/bin.transmission-daemon <, + include + profile $out/bin/transmission-daemon { + include + include + include + include "${apparmorRules}" + @{PROC}/sys/kernel/random/uuid r, + @{PROC}/sys/vm/overcommit_memory r, + @{PROC}/@{pid}/environ r, + @{PROC}/@{pid}/mounts r, + /tmp/tr_session_id_* rwk, + + $out/share/transmission/public_html/** r, + + include if exists + } + EOF + install -Dm0444 -t $out/share/icons ../qt/icons/transmission.svg + ''; + + passthru.tests = { + apparmor = nixosTests.transmission_4; # starts the service with apparmor enabled + smoke-test = nixosTests.bittorrent; + }; + + meta = { + description = "Fast, easy and free BitTorrent client"; + mainProgram = + if (enableQt5 || enableQt6) then + "transmission-qt" + else if enableGTK3 then + "transmission-gtk" + else + "transmission-cli"; + longDescription = '' + Transmission is a BitTorrent client which features a simple interface + on top of a cross-platform back-end. + Feature spotlight: + * Uses fewer resources than other clients + * Native Mac, GTK and Qt GUI clients + * Daemon ideal for servers, embedded systems, and headless use + * All these can be remote controlled by Web and Terminal clients + * Bluetack (PeerGuardian) blocklists with automatic updates + * Full encryption, DHT, and PEX support + ''; + homepage = "https://www.transmissionbt.com/"; + license = with lib.licenses; [ + gpl2Plus + mit + ]; + platforms = lib.platforms.unix; + }; +}) From 89bd3aa428ab9bb37c61f2fa0e75c755b37bc3c3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 19 Feb 2026 15:21:56 +0100 Subject: [PATCH 160/160] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index dad55a08..1f7bb189 100644 --- a/flake.lock +++ b/flake.lock @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1770654520, - "narHash": "sha256-mg5WZMIPGsFu9MxSrUcuJUPMbfMsF77el5yb/7rc10k=", + "lastModified": 1771505064, + "narHash": "sha256-lh9rF+C/nKFyWAqbHIa6tK9L/6N0UaQg7zw15aP4jBM=", "owner": "nix-community", "repo": "home-manager", - "rev": "6c4fdbe1ad198fac36c320fd45c5957324a80b8e", + "rev": "a0a01d8811fd5e99e003078ed64a0e7b531545dd", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1770562336, - "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", + "lastModified": 1771369470, + "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", + "rev": "0182a361324364ae3f436a63005877674cf45efb", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1770732881, - "narHash": "sha256-yGkibRit67Pz1uo1Kk55kZBHQq90K3gc0N762JGW/uQ=", + "lastModified": 1771506707, + "narHash": "sha256-R9oBi0EPsWN4bHfYgcyiSzx31/Fkgg3IHubf30II7Ow=", "owner": "nix-community", "repo": "NUR", - "rev": "06490c1287ab62a8c5075c440fd3e247913bc29c", + "rev": "30ad144e51a0ae8b47aa84c1139e84fc278d6e86", "type": "github" }, "original": {