ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: ambroisie:9c771a26374bedd65aea9e9ef974980c0aa870bf
Branches Tags
ambroisie:main
ambroisie:add-jj
ambroisie:xdg-mime-apps
ambroisie:tmux-undercurls
ambroisie:add-nixgl
ambroisie:export-nixos-homes
ambroisie:native-vim-snippets
ambroisie:add-impermanence
ambroisie:add-typos-hook
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix
...
compare: ambroisie:4a8aaa04b2d18fee534e6ea851451193322610c7
Branches Tags
ambroisie:add-jj
ambroisie:main
ambroisie:xdg-mime-apps
ambroisie:tmux-undercurls
ambroisie:add-nixgl
ambroisie:export-nixos-homes
ambroisie:native-vim-snippets
ambroisie:add-impermanence
ambroisie:add-typos-hook
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix

107 commits
9c771a2637 ... 4a8aaa04b2

Author SHA1 Message Date
Bruno BELANYI
4a8aaa04b2 REMOVE THIS ONE
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-07-30 10:25:41 +00:00
Bruno BELANYI
e076f0931b home: terminal: termite: add MIME associations 2025-07-30 10:25:41 +00:00
Bruno BELANYI
41aa098ba9 home: terminal: alacritty: add MIME associations 2025-07-30 10:25:41 +00:00
Bruno BELANYI
73949718d5 home: zathura: add MIME associations 2025-07-30 10:25:41 +00:00
Bruno BELANYI
d2e0eae56b home: nvim: add MIME associations 2025-07-30 10:25:41 +00:00
Bruno BELANYI
a654f9fb39 home: mpv: add MIME associations 2025-07-30 10:25:41 +00:00
Bruno BELANYI
187482f04b home: himalaya: add MIME associations 2025-07-30 10:25:41 +00:00
Bruno BELANYI
ae42e47287 home: firefox: add MIME associations 2025-07-30 10:25:41 +00:00
Bruno BELANYI
b7b0e50b89 home: feh: add MIME association 2025-07-30 10:25:41 +00:00
Bruno BELANYI
df2f58ca8a WIP: home: xdg: add 'mime-apps' 2025-07-30 10:25:41 +00:00
Bruno BELANYI
2a515754a2 home: zsh: use absolute path to 'XDG_CONFIG_HOME'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
The path handling has been fixed upstream, which makes this module more
readable.
 2025-07-27 20:49:36 +01:00
Bruno BELANYI
add7967685 flake: bump inputs 2025-07-27 20:49:36 +01:00
Bruno BELANYI
13b61346f5 home: tmux: increase history scrollback
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
Even *longer*.
 2025-07-16 14:50:16 +00:00
Bruno BELANYI
979ae901c4 flake: bump inputs 2025-07-16 14:50:16 +00:00
Bruno BELANYI
2473bca167 home: vim: telescope: remove LSP handlers
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
The plug-in was broken with the update to 0.11, and I would like to try
using the built-in quickfixlist-based handlers for a while.

This reverts commit 8d4a1e61b4.
 2025-07-11 14:27:51 +00:00
Bruno BELANYI
b093faf00d nixos: services: tandoor-recipes: use automatic DB
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-07-08 10:42:13 +00:00
Bruno BELANYI
8d809e3ac3 flake: bump inputs 2025-07-08 10:40:08 +00:00
Bruno BELANYI
66ec807dc6 hosts: nixos: aramis: home: use 'trgui-ng'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
It looks and works much better than the old one.

Unfortunately, it's a Tauri app.
 2025-07-02 14:01:18 +02:00
Bruno BELANYI
5d87223970 nixos: services: transmission: use 'trgui-ng'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
I like it much better than the built-in UI.
 2025-07-02 13:26:22 +02:00
Bruno BELANYI
d618406516 nixos: services: use 'postgresql.target' 
This is now the more correct dependency to use in service definitions,
to guarantee read-write access with users and permissions.
 2025-07-02 13:24:19 +02:00
Bruno BELANYI
03bb627770 flake: bump inputs 2025-07-02 13:23:34 +02:00
Bruno BELANYI
112e340361 home: do not hard-code username
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
The flake module already sets it with `mkDefault`, making it easier to
override it for a specific host.
 2025-06-17 09:29:30 +00:00
Bruno BELANYI
1b275e1a8a flake: bump inputs 2025-06-17 09:29:30 +00:00
Bruno BELANYI
971f905813 nixos: services: mealie: remove DB settings
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
Looks like I missed them in the original commit to migrate to
`database.createLocally`.
 2025-06-09 13:52:32 +02:00
Bruno BELANYI
151570ccca flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-06-09 10:36:33 +00:00
Bruno BELANYI
98d39717e2 home: direnv: lib: don't erase pre-existing venv
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
Turns out `uv venv` isn't idempotent, it removes the existing virtual
environment by default.

Thankfully, there's a flag to fix it.
 2025-05-31 22:39:25 +01:00
Bruno BELANYI
a67a54bda2 nixos: services: paperless: use structured setting
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
The module should stringify it to JSON automatically, so might as well
use the more readable option.
 2025-05-31 22:56:30 +02:00
Bruno BELANYI
9751fdb888 hosts: homes: bazin: disable 'atuin' package
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
Same as on `mousqueton`.
 2025-05-27 11:39:15 +00:00
Bruno BELANYI
24407448d4 hosts: homes: mousqueton: disable 'atuin' package 
The system-provided package is built without its sync functionality.

To ensure the module works as written, I can't use `pkgs.emptyDirectory`
for this unfortunately...
 2025-05-27 11:38:09 +00:00
Bruno BELANYI
c1e2114c57 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-05-23 22:57:41 +01:00
Bruno BELANYI
97bcc5f34e hosts: nixos: porthos: secrets: update cross-seed
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-05-22 16:13:55 +02:00
Bruno BELANYI
f14f5c7f8a flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-05-14 18:51:12 +00:00
Bruno BELANYI
5b545a28f1 nixos: services: mealie: use automatic DB setup
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-05-09 00:02:07 +02:00
Bruno BELANYI
1dc65a37e7 nixos: services: paperless: set proxy settings
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-05-08 23:29:30 +02:00
Bruno BELANYI
a997d36964 nixos: services: paperless: fix formatting 2025-05-08 23:22:35 +02:00
Bruno BELANYI
0c5836bc56 nixos: services: paperless: use 'PAPERLESS_URL' 2025-05-08 23:22:11 +02:00
Bruno BELANYI
77839ab2ef flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-05-08 13:29:35 +00:00
Bruno BELANYI
8a8e4f93a5 flake: home-manager: remove obsolete comment
Some checks failed
ci/woodpecker/push/check Pipeline failed
Details
2025-05-07 17:16:44 +00:00
Bruno BELANYI
07d8f5a03f flake: nixos: use 'nixpkgs.hostPlatform'
Some checks failed
ci/woodpecker/push/check Pipeline failed
Details 
This is the proper way to set `system` nowadays.
 2025-05-07 17:46:01 +02:00
Bruno BELANYI
a9ba93f834 home: delta: assert git is enabled
Some checks failed
ci/woodpecker/push/check Pipeline failed
Details
2025-05-07 11:27:12 +00:00
Bruno BELANYI
d2a8894eb2 home: wm: i3: make 'firefox' history float
Some checks failed
ci/woodpecker/manual/check Pipeline failed
Details
2025-05-05 18:06:46 +01:00
Bruno BELANYI
22f97b4ac7 home: vim: lua: lsp: configure inlay hints 2025-05-03 13:56:12 +01:00
Bruno BELANYI
921d604ebe hosts: nixos: porthos: secrets: update cross-seed
Some checks failed
ci/woodpecker/push/check Pipeline failed
Details
2025-05-02 22:35:33 +01:00
Bruno BELANYI
e3243ebe80 nixos: services: nextcloud: simplify DB handling
Some checks failed
ci/woodpecker/push/check Pipeline failed
Details 
I *think* the option didn't exist when I originally used this module.
 2025-05-02 17:59:06 +01:00
Bruno BELANYI
4b6f62b25a home: gpg: fix deprecated config
Some checks failed
ci/woodpecker/push/check Pipeline failed
Details
2025-04-30 21:39:39 +01:00
Bruno BELANYI
c5be292dfc nixos: profiles: wm: fix i3lock PAM service 
This was announced as a breaking change, and would lock me out if not
set.

I wish the transition went a bit slower, by first introducing the
option for each PAM service, and *then* toggling it. Oh well.
 2025-04-30 21:38:29 +01:00
Bruno BELANYI
bfda64288e nix: bump inputs 2025-04-30 21:05:22 +01:00
Bruno BELANYI
89bc60609f home: firefox: tridactyl: use 'replaceVars'
Some checks failed
ci/woodpecker/push/check Pipeline failed
Details
2025-04-24 12:46:24 +02:00
Bruno BELANYI
2eb2a83dca flake: bump inputs
Some checks failed
ci/woodpecker/push/check Pipeline failed
Details
2025-04-24 09:33:30 +00:00
Bruno BELANYI
946eab9ec0 home: git: extract 'delta' configuration
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
I want to be able to re-use it between different source control systems
(e.g: `jj`).

As a first step, extract it to a proper module so that I can have it
live in a single space.
 2025-04-22 13:53:35 +00:00
Bruno BELANYI
ec1c94676a home: vim: highlight over-extended commit subjects
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-22 13:15:04 +00:00
Bruno BELANYI
29b47d7f84 home: tmux: rename 'mkTerminalFeature' 
This is a more accurate name to describe what the function is doing.
 2025-04-22 13:04:36 +00:00
Bruno BELANYI
135cef2536 home: atuin: add daemon
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
Enabled by default, I probably won't have a reason *not* to use it.
 2025-04-16 16:05:14 +00:00
Bruno BELANYI
ee1139713c hosts: nixos: porthos: services: enable cross-seed
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-16 17:26:10 +02:00
Bruno BELANYI
058096079e hosts: nixos: porthos: secrets: add cross-seed 2025-04-16 17:26:10 +02:00
Bruno BELANYI
c40090d176 nixos: services: servarr: add cross-seed 2025-04-16 17:26:10 +02:00
Bruno BELANYI
1b6a48d6c2 flake: bump inputs 2025-04-16 17:07:38 +02:00
Bruno BELANYI
e4bc0444bf nixos: services: transmission: fix umask 
I want downloads to be readable by the `media` group. The permissions
weren't correctly applied without `umask`.
 2025-04-16 17:01:18 +02:00
Bruno BELANYI
c69aaa7adb nixos: services: servarr: autobrr: fix websockets 
I found some logs complaining about websockets before enabling this.
 2025-04-16 17:01:18 +02:00
Bruno BELANYI
26ee59ef6e home: atuin: use 'uk' dialect for dates
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
This should be for date *parsing*, from my looking at the code.

Unlikely to be relevant, but might as well set it to the saner of the
two options.
 2025-04-14 13:54:57 +00:00
Bruno BELANYI
6f5ac4e55f home: vim: signtoggle: only show signs if 'number'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
If a buffer doesn't show a number column, I probably also don't want a
sign column to be toggled on/off in there.
 2025-04-14 10:24:33 +00:00
Bruno BELANYI
67936af4c7 home: vim: signtoggle: remove 'TermOpen' event 
It's now part of upstream's default setup.
 2025-04-14 10:20:02 +00:00
Bruno BELANYI
e82ae4a219 home: vim: numbertoggle: remove 'TermOpen' event 
It's now part of upstream's default setup.
 2025-04-14 10:20:02 +00:00
Bruno BELANYI
a0473a5c6c nixos: services: servarr: autobrr: fix fail2ban
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
The log line for authentication failures has been updated since the
original PR.

It also happens to be logged in JSON, and I'm a bit too lazy to match it
more properly than this.
 2025-04-12 11:30:14 +02:00
Bruno BELANYI
a28295da27 nixos: services: servarr: autobrr: fix comment
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-11 19:01:08 +02:00
Bruno BELANYI
bd55ecc016 hosts: nixos: porthos: services: enable homebox
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-09 12:29:27 +02:00
Bruno BELANYI
1dd1dbb917 nixos: services: homebox: proxy websockets 
Should avoid a bunch of error logs, and ensure that e.g: adding a label
does not require a refresh to show it in a list.
 2025-04-09 12:29:27 +02:00
Bruno BELANYI
439a6bc930 nixos: services: homebox: use postgres 2025-04-09 12:29:27 +02:00
Bruno BELANYI
e5bf5a3ba1 flake: bump inputs 2025-04-09 12:29:27 +02:00
Bruno BELANYI
a1cab7f606 flake: home-manager: set overlays in module
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
I need to inherit `lib` to make sure it picks up my version, not the one
from `pkgs`.

I can't use `extraSpecialArgs` like NixOS, due to it missing from
upstream [1].

[1]: https://github.com/nix-community/home-manager/pull/3969
 2025-04-07 16:16:41 +00:00
Bruno BELANYI
0152907536 flake: nixos: use 'self.dirtyRev' if available
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-07 10:19:30 +00:00
Bruno BELANYI
08f7c2bd79 nixos: services: nextcloud: bump to 31
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-05 20:24:21 +02:00
Bruno BELANYI
b8c649d5bf hosts: nixos: porthos: services: enable autobrr
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-05 20:22:27 +02:00
Bruno BELANYI
979814e9de hosts: nixos: porthos: secrets: add autobrr 2025-04-05 20:22:27 +02:00
Bruno BELANYI
215eb4c91a nixos: services: servarr: add autobrr 2025-04-05 20:22:27 +02:00
Bruno BELANYI
3510264186 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-05 20:11:43 +02:00
Bruno BELANYI
ec965800e4 nixos: services: servarr: nzbhydra: fix websockets 
From what I could read, NZBHydra2 *might* require proxying websockets in
new versions (better safe than sorry).
 2025-04-05 20:07:47 +02:00
Bruno BELANYI
b1ade72383 nixos: services: servarr: migrate nzbhydra 2025-04-05 20:07:47 +02:00
Bruno BELANYI
c823edf584 nixos: services: servarr: jackett: add 'port' 2025-04-05 20:07:47 +02:00
Bruno BELANYI
950cf4dd05 nixos: services: servarr: migrate jackett 2025-04-05 20:07:47 +02:00
Bruno BELANYI
f825d047b5 nixos: services: servarr: migrate prowlarr 
The configuration doesn't have `group`, so it's a slightly different
configuration to the rest of the *arr services.

I also want to move the other two indexer modules under `servarr`, as
they are all closely related.
 2025-04-05 20:07:47 +02:00
Bruno BELANYI
d783b5f5ee nixos: services: servarr: starr: add 'port' 
Now that declarative configurations are supported for those
applications.
 2025-04-05 20:07:47 +02:00
Bruno BELANYI
8e6be43817 nixox: services: servarr: refactor starr config 
Makes it slightly DRY-er and more readable.
 2025-04-05 20:07:47 +02:00
Bruno BELANYI
1f876d3e21 nixos: services: servarr: bazarr: add 'port' 2025-04-05 20:07:46 +02:00
Bruno BELANYI
860c13ab1f nixos: services: servarr: extract bazarr 
It's not an actual *arr package, but closely related to them. Extract
its configuration to a sub-module.
 2025-04-05 20:07:46 +02:00
Bruno BELANYI
7791ad0907 nixos: services: servarr: fix 'enableAll' logic 
I renamed the option and refactored how it worked to make it more
explicit that it enables the entire suite by default, with explicit
opt-out of individual components (or fine-grained opt-in as an
alternative).
 2025-04-05 20:07:46 +02:00
Bruno BELANYI
ca98b8367c templates: add python-uv 2025-04-05 19:00:10 +01:00
Bruno BELANYI
62ddec5c23 templates: remove unused 'follows' 2025-04-05 18:57:18 +01:00
Bruno BELANYI
418494004b templates: use 'pre-commit.enabledPackages' 2025-04-05 18:57:18 +01:00
Bruno BELANYI
53569f17a6 treewide: pre-commit-hooks.nix renaming 2025-04-05 18:33:37 +01:00
Bruno BELANYI
d48d5c45e0 home: vim: remove 'friendly-snippets' 
I never use them...
 2025-04-04 19:06:19 +01:00
Bruno BELANYI
36aa641ec0 home: vim: rely on built-in diagnostic jump config 
This reduces the surface area of my configuration.
 2025-04-03 22:04:44 +01:00
Bruno BELANYI
2583cc6c12 home: vim: lua: lsp: add count to diagnostic maps 2025-04-03 22:04:44 +01:00
Bruno BELANYI
262dc48425 home: vim: use default 'diffopt:linematch' 
It's now been defaulted to `linematch:40` on v0.11.
 2025-04-03 22:04:44 +01:00
Bruno BELANYI
c1efc4316d home: vim: lualine: add custom 'oil' extension 
I don't like the built-in one.
 2025-04-03 22:04:44 +01:00
Bruno BELANYI
4ef1b08f4e home: vim: lualine: use built-in 'branch' 
It now supports worktrees correctly (or at least I can't figure out
which issue I used to have with it...).

As a bonus, it also supports showing the correct branch for an `oil`
buffer.

This reverts commit 481d5f6f53.
 2025-04-03 22:04:44 +01:00
Bruno BELANYI
274d143031 home: vim: fix deprecated calls 2025-04-03 22:04:44 +01:00
Bruno BELANYI
dfb3c353ec home: vim: remove 'lsp_lines' 
It's been upstreamed!
 2025-04-03 22:04:44 +01:00
Bruno BELANYI
37e88c2707 flake: bump inputs 
And fix the small `jq` breakage.
 2025-04-03 22:04:44 +01:00
Bruno BELANYI
1841ff391d flake: dev-shells: remove redundant 'pre-commit'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
It's already being installed by the shell hook.
 2025-04-02 20:42:40 +01:00
Bruno BELANYI
458ea144c4 home: vim: remove 'fastfold' configuration 
I missed it in the original commit that removed the plug-in from my
configuration...
 2025-04-02 20:42:40 +01:00
Bruno BELANYI
abec0dd226 home: git: remove 'ignoreRevsFile' 
I remember why I didn't set it globally now, it's because `git blame`
complains and errors out, rather than silently ignoring the setting,
when the file doesn't exist in a repo...

This reverts commit 5ae2eacd49.
 2025-04-02 20:42:40 +01:00
Bruno BELANYI
b2758839e8 home: vim: lspconfig: add 'harper'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
Support for more languages is upcoming, I also need to check how to
handle custom words/dictionaries.
 2025-03-24 16:51:52 +00:00
Bruno BELANYI
6fc81e45e9 home: zsh: migrate to 'initContent'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
This also fixes a small ordering issue: my alias definitions used to be
defined at the very end of the file, they're now slotted _before_ the
`zshrc.local` import.
 2025-03-24 11:58:59 +00:00
Bruno BELANYI
9156a8211d flake: bump inputs 2025-03-24 11:47:59 +00:00
Bruno BELANYI
5ae2eacd49 home: git: add 'ignoreRevsFile'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
I'm surprised I hadn't configured it already.

`.git-blame-ignore-revs` is the usual name, as most forges automatically
detect and use it.
 2025-03-19 11:45:07 +00:00
Bruno BELANYI
dc4221fc17 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
And remove the overlay for `lsp-format.nvim`, which has been fixed.

This reverts commit 92e5fbe7df.
 2025-03-17 13:02:26 +00:00
78 changed files with 1241 additions and 514 deletions
Download patch file Download diff file Expand all files Collapse all files

86
flake.lock generated
View file

@ -14,11 +14,11 @@
]
},
"locked": {
"lastModified": 1736955230,
"narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
"lastModified": 1750173260,
"narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
"rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
"type": "github"
},
"original": {
@ -36,11 +36,11 @@
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
@ -73,11 +73,11 @@
]
},
"locked": {
"lastModified": 1738453229,
"narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
"lastModified": 1753121425,
"narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
"rev": "644e0fc48951a860279da645ba77fe4a6e814c5e",
"type": "github"
},
"original": {
@ -108,10 +108,33 @@
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1750779888,
"narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "master",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"pre-commit-hooks",
"git-hooks",
"nixpkgs"
]
},
@ -136,11 +159,11 @@
]
},
"locked": {
"lastModified": 1740624780,
"narHash": "sha256-8TP61AI3QBQsjzVUQFIV8NoB5nbYfJB3iHczhBikDkU=",
"lastModified": 1753617834,
"narHash": "sha256-WEVfKrdIdu5CpppJ0Va3vzP0DKlS+ZTLbBjugMO2Drg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "b8869e4ead721bbd4f0d6b927e8395705d4f16e6",
"rev": "72cc1e3134a35005006f06640724319caa424737",
"type": "github"
},
"original": {
@ -152,11 +175,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1740560979,
"narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=",
"lastModified": 1753429684,
"narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5135c59491985879812717f4c9fea69604e7f26f",
"rev": "7fd36ee82c0275fb545775cc5e4d30542899511d",
"type": "github"
},
"original": {
@ -177,11 +200,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1740655932,
"narHash": "sha256-BSTcgL2C74x0TgVdVEWfIz2SHkwIFMN0Dvv1lCoOhCA=",
"lastModified": 1741294988,
"narHash": "sha256-3408u6q615kVTb23WtDriHRmCBBpwX7iau6rvfipcu4=",
"owner": "nix-community",
"repo": "NUR",
"rev": "1ca8ff37f33a560c4a292ed83774434854f0b39a",
"rev": "b30c245e2c44c7352a27485bfd5bc483df660f0e",
"type": "github"
},
"original": {
@ -191,38 +214,15 @@
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1737465171,
"narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "master",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"flake-parts": "flake-parts",
"futils": "futils",
"git-hooks": "git-hooks",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"nur": "nur",
"pre-commit-hooks": "pre-commit-hooks",
"systems": "systems"
}
},

4
flake.nix
View file

@ -61,10 +61,10 @@
};
};
pre-commit-hooks = {
git-hooks = {
type = "github";
owner = "cachix";
repo = "pre-commit-hooks.nix";
repo = "git-hooks.nix";
ref = "master";
inputs = {
nixpkgs.follows = "nixpkgs";

2
flake/checks.nix
View file

@ -1,7 +1,7 @@
{ inputs, ... }:
{
imports = [
inputs.pre-commit-hooks.flakeModule
inputs.git-hooks.flakeModule
];
perSystem = { ... }: {

1
flake/dev-shells.nix
View file

@ -6,7 +6,6 @@
name = "NixOS-config";
nativeBuildInputs = with pkgs; [
gitAndTools.pre-commit
nixpkgs-fmt
];

20
flake/home-manager.nix
View file

@ -3,6 +3,11 @@ let
defaultModules = [
# Include generic settings
"${self}/modules/home"
{
nixpkgs.overlays = (lib.attrValues self.overlays) ++ [
inputs.nur.overlays.default
];
}
{
# Basic user information defaults
home.username = lib.mkDefault "ambroisie";
@ -17,22 +22,15 @@ let
];
mkHome = name: system: inputs.home-manager.lib.homeManagerConfiguration {
# Work-around for home-manager
# * not letting me set `lib` as an extraSpecialArgs
# * not respecting `nixpkgs.overlays` [1]
# [1]: https://github.com/nix-community/home-manager/issues/2954
pkgs = import inputs.nixpkgs {
inherit system;
overlays = (lib.attrValues self.overlays) ++ [
inputs.nur.overlays.default
];
};
pkgs = inputs.nixpkgs.legacyPackages.${system};
modules = defaultModules ++ [
"${self}/hosts/homes/${name}"
];
# Use my extended lib in NixOS configuration
inherit (self) lib;
extraSpecialArgs = {
# Inject inputs to use them in global registry
inherit inputs;

6
flake/nixos.nix
View file

@ -3,7 +3,7 @@ let
defaultModules = [
{
# Let 'nixos-version --json' know about the Git revision
system.configurationRevision = self.rev or "dirty";
system.configurationRevision = self.rev or self.dirtyRev or "dirty";
}
{
nixpkgs.overlays = (lib.attrValues self.overlays) ++ [
@ -15,8 +15,10 @@ let
];
buildHost = name: system: lib.nixosSystem {
inherit system;
modules = defaultModules ++ [
{
nixpkgs.hostPlatform = system;
}
"${self}/hosts/nixos/${name}"
];
specialArgs = {

14
hosts/homes/ambroisie@bazin/default.nix
View file

@ -4,6 +4,20 @@
services.gpg-agent.enable = lib.mkForce false;
my.home = {
atuin = {
package = pkgs.stdenv.mkDerivation {
pname = "atuin";
version = "18.4.0";
buildCommand = ''
mkdir -p $out/bin
ln -s /usr/bin/atuin $out/bin/atuin
'';
meta.mainProgram = "atuin";
};
};
git = {
package = pkgs.emptyDirectory;
};

14
hosts/homes/ambroisie@mousqueton/default.nix
View file

@ -7,6 +7,20 @@
services.gpg-agent.enable = lib.mkForce false;
my.home = {
atuin = {
package = pkgs.stdenv.mkDerivation {
pname = "atuin";
version = "18.4.0";
buildCommand = ''
mkdir -p $out/bin
ln -s /usr/bin/atuin $out/bin/atuin
'';
meta.mainProgram = "atuin";
};
};
git = {
package = pkgs.emptyDirectory;
};

2
hosts/nixos/aramis/home.nix
View file

@ -20,7 +20,7 @@
element-desktop # Matrix client
jellyfin-media-player # Wraps the webui and mpv together
pavucontrol # Audio mixer GUI
transgui # Transmission remote
trgui-ng # Transmission remote
];
# Minimal video player
mpv.enable = true;

3
hosts/nixos/porthos/secrets/secrets.nix
View file

@ -80,6 +80,9 @@ in
"pyload/credentials.age".publicKeys = all;
"servarr/autobrr/session-secret.age".publicKeys = all;
"servarr/cross-seed/configuration.json.age".publicKeys = all;
"sso/auth-key.age" = {
owner = "nginx-sso";
publicKeys = all;

7
hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 cKojmg bu09lB+fjaPP31cUQZP6EqSPuseucgNK7k9vAS08iS0
+NGL+b2QD/qGo6hqHvosAXzHZtDvfodmPdcgnrKlD1o
-> ssh-ed25519 jPowng QDCdRBGWhtdvvMCiDH52cZHz1/W7aomhTatZ4+9IKwI
Ou3jjV/O55G1CPgGS33l3eWhhYWrVdwVNPSiE14d5rE
--- q0ssmpG50OX1WaNSInc2hbtH3DbTwQGDU74VGEoMh94
 ¯mCùº<C3B9>Æ'hK.Ðì/™Xu(€«Õ×g$½'¼šM{fK˜ !ÛMZ²oR÷®ˆüÎÕ<C38E>ÍŸö;yb

BIN
hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age Normal file
View file

Binary file not shown.

21
hosts/nixos/porthos/services.nix
View file

@ -51,9 +51,9 @@ in
passwordFile = secrets."forgejo/mail-password".path;
};
};
# Meta-indexers
indexers = {
prowlarr.enable = true;
# Home inventory
homebox = {
enable = true;
};
# Jellyfin media server
jellyfin.enable = true;
@ -144,11 +144,24 @@ in
sabnzbd.enable = true;
# The whole *arr software suite
servarr = {
enable = true;
enableAll = true;
autobrr = {
sessionSecretFile = secrets."servarr/autobrr/session-secret".path;
};
cross-seed = {
secretSettingsFile = secrets."servarr/cross-seed/configuration.json".path;
};
# ... But not Lidarr because I don't care for music that much
lidarr = {
enable = false;
};
# I only use Prowlarr nowadays
jackett = {
enable = false;
};
nzbhydra = {
enable = false;
};
};
# Because I still need to play sysadmin
ssh-server.enable = true;

10
modules/home/atuin/default.nix
View file

@ -8,6 +8,10 @@ in
# I want the full experience by default
package = mkPackageOption pkgs "atuin" { };
daemon = {
enable = my.mkDisableOption "atuin daemon";
};
};
config = lib.mkIf cfg.enable {
@ -15,12 +19,18 @@ in
enable = true;
inherit (cfg) package;
daemon = lib.mkIf cfg.daemon.enable {
enable = true;
};
flags = [
# I *despise* this hijacking of the up key, even though I use Ctrl-p
"--disable-up-arrow"
];
settings = {
# Reasonable date format
dialect = "uk";
# The package is managed by Nix
update_check = false;
# I don't care for the fancy display

4
modules/home/default.nix
View file

@ -8,6 +8,7 @@
./bluetooth
./calibre
./comma
./delta
./dircolors
./direnv
./discord
@ -50,9 +51,6 @@
# First sane reproducible version
home.stateVersion = "20.09";
# Who am I?
home.username = "ambroisie";
# Start services automatically
systemd.user.startServices = "sd-switch";
}

68
modules/home/delta/default.nix Normal file
View file

@ -0,0 +1,68 @@
{ config, pkgs, lib, ... }:
let
cfg = config.my.home.delta;
in
{
options.my.home.delta = with lib; {
enable = my.mkDisableOption "delta configuration";
package = mkPackageOption pkgs "delta" { };
git = {
enable = my.mkDisableOption "git integration";
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
# For its configuration
assertion = cfg.enable -> cfg.git.enable;
message = ''
`config.my.home.delta` must enable `config.my.home.delta.git` to be
properly configured.
'';
}
{
assertion = cfg.enable -> config.programs.git.enable;
message = ''
`config.my.home.delta` relies on `config.programs.git` to be
enabled.
'';
}
];
home.packages = [ cfg.package ];
programs.git = lib.mkIf cfg.git.enable {
delta = {
enable = true;
inherit (cfg) package;
options = {
features = "diff-highlight decorations";
# Less jarring style for `diff-highlight` emulation
diff-highlight = {
minus-style = "red";
minus-non-emph-style = "red";
minus-emph-style = "bold red 52";
plus-style = "green";
plus-non-emph-style = "green";
plus-emph-style = "bold green 22";
whitespace-error-style = "reverse red";
};
# Personal preference for easier reading
decorations = {
commit-style = "raw"; # Do not recolor meta information
keep-plus-minus-markers = true;
paging = "always";
};
};
};
};
};
}

2
modules/home/direnv/lib/python.sh
View file

@ -46,7 +46,7 @@ layout_uv() {
fi
# create venv if it doesn't exist
uv venv -q
uv venv -q --allow-existing
export VIRTUAL_ENV
export UV_ACTIVE=1

7
modules/home/feh/default.nix
View file

@ -10,4 +10,11 @@ in
config.programs.feh = lib.mkIf cfg.enable {
enable = true;
};
config.my.home.xdg.mime-apps = lib.mkIf cfg.enable {
applications.media.image = {
bitmap = [ "feh.desktop" ];
vector = [ "feh.desktop" ];
};
};
}

4
modules/home/firefox/default.nix
View file

@ -79,4 +79,8 @@ in
};
};
};
config.my.home.xdg.mime-apps = lib.mkIf cfg.enable {
applications.editor = [ "firefox.desktop" ];
};
}

4
modules/home/firefox/tridactyl/default.nix
View file

@ -12,9 +12,7 @@ let
in
{
config = lib.mkIf cfg.enable {
xdg.configFile."tridactyl/tridactylrc".source = pkgs.substituteAll {
src = ./tridactylrc;
xdg.configFile."tridactyl/tridactylrc".source = pkgs.replaceVars ./tridactylrc {
editorcmd = lib.concatStringsSep " " [
# Use my configured terminal
term

28
modules/home/git/default.nix
View file

@ -42,34 +42,6 @@ in
lfs.enable = true;
delta = {
enable = true;
options = {
features = "diff-highlight decorations";
# Less jarring style for `diff-highlight` emulation
diff-highlight = {
minus-style = "red";
minus-non-emph-style = "red";
minus-emph-style = "bold red 52";
plus-style = "green";
plus-non-emph-style = "green";
plus-emph-style = "bold green 22";
whitespace-error-style = "reverse red";
};
# Personal preference for easier reading
decorations = {
commit-style = "raw"; # Do not recolor meta information
keep-plus-minus-markers = true;
paging = "always";
};
};
};
# There's more
extraConfig = {
# Makes it a bit more readable

2
modules/home/gpg/default.nix
View file

@ -17,7 +17,7 @@ in
services.gpg-agent = {
enable = true;
enableSshSupport = true; # One agent to rule them all
pinentryPackage = cfg.pinentry;
pinentry.package = cfg.pinentry;
extraConfig = ''
allow-loopback-pinentry
'';

1
modules/home/jq/default.nix
View file

@ -17,6 +17,7 @@ in
strings = "0;32";
arrays = "1;39";
objects = "1;39";
objectKeys = "1;34";
};
};
}

4
modules/home/mail/himalaya/default.nix
View file

@ -20,4 +20,8 @@ in
'';
};
};
config.my.home.xdg.mime-apps = lib.mkIf cfg.enable {
applications.editor = [ "himalaya.desktop" ];
};
}

7
modules/home/mpv/default.nix
View file

@ -17,5 +17,12 @@ in
pkgs.mpvScripts.uosc # Nicer UI
];
};
my.home.xdg.mime-apps = {
applications.media = {
audio = [ "mpv.desktop" ];
video = [ "mpv.desktop" ];
};
};
};
}

4
modules/home/terminal/alacritty/default.nix
View file

@ -48,5 +48,9 @@ in
};
};
};
my.home.xdg.mime-apps = {
applications.terminal = [ "Alacritty.desktop" ];
};
};
}

4
modules/home/terminal/termite/default.nix
View file

@ -49,5 +49,9 @@ in
color15 = ${whiteBold}
'';
};
my.home.xdg.mime-apps = {
applications.terminal = [ "termite.desktop" ];
};
};
}

8
modules/home/tmux/default.nix
View file

@ -6,7 +6,7 @@ let
(config.my.home.wm.windowManager != null)
];
mkTerminalFlags = opt: flag:
mkTerminalFeature = opt: flag:
let
mkFlag = term: ''set -as terminal-features ",${term}:${flag}"'';
enabledTerminals = lib.filterAttrs (_: v: v.${opt}) cfg.terminalFeatures;
@ -48,7 +48,7 @@ in
keyMode = "vi"; # Home-row keys and other niceties
clock24 = true; # I'm one of those heathens
escapeTime = 0; # Let vim do its thing instead
historyLimit = 100000; # Bigger buffer
historyLimit = 1000000; # Bigger buffer
mouse = false; # I dislike mouse support
focusEvents = true; # Report focus events
terminal = "tmux-256color"; # I want accurate termcap info
@ -123,9 +123,9 @@ in
}
# Force OSC8 hyperlinks for each relevant $TERM
${mkTerminalFlags "hyperlinks" "hyperlinks"}
${mkTerminalFeature "hyperlinks" "hyperlinks"}
# Force 24-bit color for each relevant $TERM
${mkTerminalFlags "trueColor" "RGB"}
${mkTerminalFeature "trueColor" "RGB"}
'';
};
}

4
modules/home/vim/after/plugin/mappings/unimpaired.lua
View file

@ -31,8 +31,6 @@ local keys = {
{ "[u", desc = "URL encode" },
{ "[x", desc = "XML encode" },
{ "[y", desc = "C string encode" },
-- Custom
{ "[d", lsp.goto_prev_diagnostic, desc = "Previous diagnostic" },
-- Next
{ "]", group = "Next" },
@ -62,8 +60,6 @@ local keys = {
{ "]u", desc = "URL decode" },
{ "]x", desc = "XML decode" },
{ "]y", desc = "C string decode" },
-- Custom
{ "]d", lsp.goto_next_diagnostic, desc = "Next diagnostic" },
-- Enable option
{ "[o", group = "Enable option" },

6
modules/home/vim/after/queries/gitcommit/highlights.scm Normal file
View file

@ -0,0 +1,6 @@
; extends
; Highlight over-extended subject lines (rely on wrapping for message body)
((subject) @comment.error
(#vim-match? @comment.error ".\{50,}")
(#offset! @comment.error 0 50 0 0))

7
modules/home/vim/default.nix
View file

@ -59,7 +59,6 @@ in
# LSP and linting
nvim-lspconfig # Easy LSP configuration
lsp-format-nvim # Simplified formatting configuration
lsp_lines-nvim # Show diagnostics *over* regions
none-ls-nvim # LSP integration for linters and formatters
nvim-treesitter.withAllGrammars # Better highlighting
nvim-treesitter-textobjects # More textobjects
@ -67,7 +66,6 @@ in
# Completion
luasnip # Snippet manager compatible with LSP
friendly-snippets # LSP snippets collection
nvim-cmp # Completion engine
cmp-async-path # More responsive path completion
cmp-buffer # Words from open buffers
@ -82,7 +80,6 @@ in
nvim-surround # Deal with pairs, now in Lua
oil-nvim # Better alternative to NetrW
telescope-fzf-native-nvim # Use 'fzf' fuzzy matching algorithm
telescope-lsp-handlers-nvim # Use 'telescope' for various LSP actions
telescope-nvim # Fuzzy finder interface
which-key-nvim # Show available mappings
];
@ -107,4 +104,8 @@ in
};
config.xdg.configFile = lib.mkIf cfg.enable configFiles;
config.my.home.xdg.mime-apps = lib.mkIf cfg.enable {
applications.editor = [ "nvim.desktop" ];
};
}

2
modules/home/vim/init.vim
View file

@ -68,8 +68,6 @@ set listchars=tab:>─,trail:·,nbsp:¤
" Use patience diff
set diffopt+=algorithm:patience
" Align similar lines in each hunk
set diffopt+=linematch:50
" Don't redraw when executing macros
set lazyredraw

46
modules/home/vim/lua/ambroisie/lsp.lua
View file

@ -3,43 +3,6 @@ local M = {}
-- Simplified LSP formatting configuration
local lsp_format = require("lsp-format")
--- Move to the next/previous diagnostic, automatically showing the diagnostics
--- float if necessary.
--- @param forward bool whether to go forward or backwards
local function goto_diagnostic(forward)
vim.validate({
forward = { forward, "boolean" },
})
local opts = {
float = false,
}
-- Only show floating diagnostics if they are otherwise not displayed
local config = vim.diagnostic.config()
if not (config.virtual_text or config.virtual_lines) then
opts.float = true
end
if forward then
vim.diagnostic.goto_next(opts)
else
vim.diagnostic.goto_prev(opts)
end
end
--- Move to the next diagnostic, automatically showing the diagnostics float if
--- necessary.
M.goto_next_diagnostic = function()
goto_diagnostic(true)
end
--- Move to the previous diagnostic, automatically showing the diagnostics float
--- if necessary.
M.goto_prev_diagnostic = function()
goto_diagnostic(false)
end
--- shared LSP configuration callback
--- @param client native client configuration
--- @param bufnr int? buffer number of the attached client
@ -79,6 +42,10 @@ M.on_attach = function(client, bufnr)
vim.diagnostic.config({
virtual_text = text,
virtual_lines = lines,
jump = {
-- Show float on jump if no diagnostic text is otherwise shown
float = not (text or lines),
},
})
end
@ -86,6 +53,10 @@ M.on_attach = function(client, bufnr)
vim.diagnostic.open_float(nil, { scope = "buffer" })
end
local function toggle_inlay_hints()
vim.lsp.inlay_hint.enable(not vim.lsp.inlay_hint.is_enabled())
end
local keys = {
buffer = bufnr,
-- LSP navigation
@ -100,6 +71,7 @@ M.on_attach = function(client, bufnr)
{ "<leader>ca", vim.lsp.buf.code_action, desc = "Code actions" },
{ "<leader>cd", cycle_diagnostics_display, desc = "Cycle diagnostics display" },
{ "<leader>cD", show_buffer_diagnostics, desc = "Show buffer diagnostics" },
{ "<leader>ch", toggle_inlay_hints, desc = "Toggle inlay hints" },
{ "<leader>cr", vim.lsp.buf.rename, desc = "Rename symbol" },
{ "<leader>cs", vim.lsp.buf.signature_help, desc = "Show signature" },
{ "<leader>ct", vim.lsp.buf.type_definition, desc = "Go to type definition" },

2
modules/home/vim/lua/ambroisie/utils.lua
View file

@ -38,7 +38,7 @@ end
--- @param bufnr int? buffer number
--- @return table all active LSP client names
M.list_lsp_clients = function(bufnr)
local clients = vim.lsp.get_active_clients({ bufnr = bufnr })
local clients = vim.lsp.get_clients({ bufnr = bufnr })
local names = {}
for _, client in ipairs(clients) do

10
modules/home/vim/plugin/numbertoggle.lua
View file

@ -22,13 +22,3 @@ vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "InsertEnter", "WinLeave"
end
end,
})
-- Never show the sign column in a terminal buffer
vim.api.nvim_create_autocmd({ "TermOpen" }, {
pattern = "*",
group = numbertoggle,
callback = function()
vim.opt.number = false
vim.opt.relativenumber = false
end,
})

5
modules/home/vim/plugin/settings/fastfold.lua
View file

@ -1,5 +0,0 @@
-- Intercept all fold commands
-- stylua: ignore
vim.g.fastfold_fold_command_suffixes = {
"x", "X", "a", "A", "o", "O", "c", "C", "r", "R", "m", "M", "i", "n", "N",
}

3
modules/home/vim/plugin/settings/lsp-lines.lua
View file

@ -1,3 +0,0 @@
local lsp_lines = require("lsp_lines")
lsp_lines.setup()

11
modules/home/vim/plugin/settings/lspconfig.lua
View file

@ -16,6 +16,10 @@ vim.diagnostic.config({
update_in_insert = false,
-- Show highest severity first
severity_sort = true,
jump = {
-- Show float on diagnostic jumps
float = true,
},
})
-- Inform servers we are able to do completion, snippets, etc...
@ -96,6 +100,13 @@ if utils.is_executable("starpls") then
end
-- Generic
if utils.is_executable("harper-ls") then
lspconfig.harper_ls.setup({
capabilities = capabilities,
on_attach = lsp.on_attach,
})
end
if utils.is_executable("typos-lsp") then
lspconfig.typos_lsp.setup({
capabilities = capabilities,

19
modules/home/vim/plugin/settings/lualine.lua
View file

@ -1,4 +1,5 @@
local lualine = require("lualine")
local oil = require("oil")
local utils = require("ambroisie.utils")
local function list_spell_languages()
@ -30,7 +31,7 @@ lualine.setup({
{ "mode" },
},
lualine_b = {
{ "FugitiveHead" },
{ "branch" },
{ "filename", symbols = { readonly = "🔒" } },
},
lualine_c = {
@ -57,5 +58,21 @@ lualine.setup({
extensions = {
"fugitive",
"quickfix",
{
sections = {
lualine_a = {
{ "mode" },
},
lualine_b = {
{ "branch" },
},
lualine_c = {
function()
return vim.fn.fnamemodify(oil.get_current_dir(), ":~")
end,
},
},
filetypes = { "oil" },
},
},
})

1
modules/home/vim/plugin/settings/luasnip.lua
View file

@ -1 +0,0 @@
require("luasnip.loaders.from_vscode").lazy_load()

1
modules/home/vim/plugin/settings/telescope.lua
View file

@ -23,7 +23,6 @@ telescope.setup({
})
telescope.load_extension("fzf")
telescope.load_extension("lsp_handlers")
local keys = {
{ "<leader>f", group = "Fuzzy finder" },

19
modules/home/vim/plugin/signtoggle.lua
View file

@ -1,26 +1,21 @@
local signtoggle = vim.api.nvim_create_augroup("signtoggle", { clear = true })
-- Only show sign column for the currently focused buffer
-- Only show sign column for the currently focused buffer, if it has a number column
vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "WinEnter" }, {
pattern = "*",
group = signtoggle,
callback = function()
vim.opt.signcolumn = "yes"
if vim.opt.number:get() then
vim.opt.signcolumn = "yes"
end
end,
})
vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "WinLeave" }, {
pattern = "*",
group = signtoggle,
callback = function()
vim.opt.signcolumn = "no"
end,
})
-- Never show the sign column in a terminal buffer
vim.api.nvim_create_autocmd({ "TermOpen" }, {
pattern = "*",
group = signtoggle,
callback = function()
vim.opt.signcolumn = "no"
if vim.opt.number:get() then
vim.opt.signcolumn = "no"
end
end,
})

1
modules/home/wm/i3/default.nix
View file

@ -127,6 +127,7 @@ in
{ class = "^Blueman-.*$"; }
{ title = "^htop$"; }
{ class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; }
{ class = "^firefox$"; instance = "Places"; window_role = "Organizer"; }
{ class = "^pavucontrol.*$"; }
{ class = "^Arandr$"; }
{ class = "^\\.blueman-manager-wrapped$"; }

4
modules/home/xdg/default.nix
View file

@ -3,6 +3,10 @@ let
cfg = config.my.home.xdg;
in
{
imports = [
./mime-apps.nix
];
options.my.home.xdg = with lib; {
enable = my.mkDisableOption "XDG configuration";
};

280
modules/home/xdg/mime-apps.nix Normal file
View file

@ -0,0 +1,280 @@
{ config, lib, ... }:
let
cfg = config.my.home.xdg.mime-apps;
app = cfg.applications;
strOrStrList = with lib.types; coercedTo str lib.singleton (listOf str);
mkMimeAppOption = kind: lib.mkOption {
description = "Application to associate as ${kind}";
default = null;
type = lib.types.nullOr strOrStrList;
};
in
{
options.my.home.xdg.mime-apps = with lib; {
enable = my.mkDisableOption "XDG MIME Applications configuration";
applications = lib.mapAttrsRecursive (_: mkMimeAppOption) {
archive = "archive manager";
browser = "internet browser";
calendar = "calendar";
editor = "text editor";
fileManager = "file manager";
mail = "mail client";
media = {
audio = "audio player";
document = {
comic = "comic book reader";
ebook = "ebook reader";
pdf = "PDF reader";
};
image = {
bitmap = "bitmap image viewer";
vector = "vector image viewer";
editor = "image editor";
};
video = "video player";
};
office = {
database = "database management program";
formula = "formula editor";
graphics = "graphics editor";
presentation = "presentation editor";
spreadsheet = "spreadsheet editor";
text = "word processor";
};
terminal = "terminal";
torrent = "bittorrent client";
};
};
config = lib.mkIf cfg.enable {
xdg = {
mimeApps = {
enable = true;
defaultApplications = lib.filterAttrs (_: apps: apps != null) {
"application/epub+zip" = app.media.document.ebook;
"application/gzip" = app.archive;
"application/json" = app.editor;
"application/ld+json" = app.editor;
"application/mxf " = app.media.video;
"application/ogg" = app.media.audio;
"application/pdf" = app.media.document.pdf;
"application/rss+xml" = app.editor;
"application/smil+xml " = app.media.video;
"application/vnd.amazon.ebook" = app.media.document.ebook;
"application/vnd.apple.mpegurl " = app.media.video;
"application/vnd.comicbook+zip" = app.media.document.comic;
"application/vnd.comicbook-rar" = app.media.document.comic;
"application/vnd.mozilla.xul+xml" = app.browser;
"application/vnd.ms-excel" = app.office.spreadsheet;
"application/vnd.ms-powerpoint" = app.office.presentation;
"application/vnd.ms-word" = app.office.text;
"application/vnd.oasis.opendocument.database" = app.office.database;
"application/vnd.oasis.opendocument.formula" = app.office.formula;
"application/vnd.oasis.opendocument.graphics" = app.office.graphics;
"application/vnd.oasis.opendocument.graphics-template" = app.office.graphics;
"application/vnd.oasis.opendocument.presentation" = app.office.presentation;
"application/vnd.oasis.opendocument.presentation-template" = app.office.presentation;
"application/vnd.oasis.opendocument.spreadsheet" = app.office.spreadsheet;
"application/vnd.oasis.opendocument.spreadsheet-template" = app.office.spreadsheet;
"application/vnd.oasis.opendocument.text" = app.office.text;
"application/vnd.oasis.opendocument.text-master" = app.office.text;
"application/vnd.oasis.opendocument.text-template" = app.office.text;
"application/vnd.oasis.opendocument.text-web" = app.office.text;
"application/vnd.openxmlformats-officedocument.presentationml.presentation" = app.office.presentation;
"application/vnd.openxmlformats-officedocument.presentationml.template" = app.office.presentation;
"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = app.office.spreadsheet;
"application/vnd.openxmlformats-officedocument.spreadsheetml.template" = app.office.spreadsheet;
"application/vnd.openxmlformats-officedocument.wordprocessingml.document" = app.office.text;
"application/vnd.openxmlformats-officedocument.wordprocessingml.template" = app.office.text;
"application/vnd.rar" = app.archive;
"application/vnd.stardivision.calc" = app.office.spreadsheet;
"application/vnd.stardivision.draw" = app.office.graphics;
"application/vnd.stardivision.impress" = app.office.presentation;
"application/vnd.stardivision.math" = app.office.formula;
"application/vnd.stardivision.writer" = app.office.text;
"application/vnd.sun.xml.base" = app.office.database;
"application/vnd.sun.xml.calc" = app.office.spreadsheet;
"application/vnd.sun.xml.calc.template" = app.office.spreadsheet;
"application/vnd.sun.xml.draw" = app.office.graphics;
"application/vnd.sun.xml.draw.template" = app.office.graphics;
"application/vnd.sun.xml.impress" = app.office.presentation;
"application/vnd.sun.xml.impress.template" = app.office.presentation;
"application/vnd.sun.xml.math" = app.office.formula;
"application/vnd.sun.xml.writer" = app.office.text;
"application/vnd.sun.xml.writer.global" = app.office.text;
"application/vnd.sun.xml.writer.template" = app.office.text;
"application/vnd.wordperfect" = app.office.text;
"application/x-7z-compressed" = app.archive;
"application/x-arj" = app.archive;
"application/x-bittorrent" = app.torrent;
"application/x-bzip" = app.archive;
"application/x-bzip-compressed-tar" = app.archive;
"application/x-bzip2" = app.archive;
"application/x-cb7" = app.media.document.comic;
"application/x-cbr" = app.media.document.comic;
"application/x-cbt" = app.media.document.comic;
"application/x-cbz" = app.media.document.comic;
"application/x-compress" = app.archive;
"application/x-compressed-tar" = app.archive;
"application/x-csh" = app.editor;
"application/x-cue" = app.media.audio;
"application/x-directory" = app.fileManager;
"application/x-extension-htm" = app.browser;
"application/x-extension-html" = app.browser;
"application/x-extension-ics" = app.calendar;
"application/x-extension-m4a" = app.media.audio;
"application/x-extension-mp4" = app.media.video;
"application/x-extension-shtml" = app.browser;
"application/x-extension-xht" = app.browser;
"application/x-extension-xhtml" = app.browser;
"application/x-fictionbook" = app.media.document.ebook;
"application/x-fictionbook+xml" = app.media.document.ebook;
"application/x-flac" = app.media.audio;
"application/x-gzip" = app.archive;
"application/x-lha" = app.archive;
"application/x-lhz" = app.archive;
"application/x-lzop" = app.archive;
"application/x-matroska" = app.media.video;
"application/x-netshow-channel" = app.media.video;
"application/x-quicktime-media-link" = app.media.video;
"application/x-quicktimeplayer" = app.media.video;
"application/x-rar" = app.archive;
"application/x-sh" = app.editor;
"application/x-shellscript" = app.editor;
"application/x-shorten " = app.media.audio;
"application/x-smil" = app.media.video;
"application/x-tar" = app.archive;
"application/x-tarz" = app.archive;
"application/x-wine-extension-ini" = app.editor;
"application/x-zip-compressed" = app.archive;
"application/x-zoo" = app.archive;
"application/xhtml+xml" = app.browser;
"application/xml" = app.editor;
"application/zip" = app.archive;
"audio/*" = app.media.video;
"image/*" = app.media.image.bitmap;
"image/svg+xml" = app.media.image.vector;
"image/x-compressed-xcf" = app.media.image.editor;
"image/x-fits" = app.media.image.editor;
"image/x-psd" = app.media.image.editor;
"image/x-xcf" = app.media.image.editor;
"inode/directory" = app.fileManager;
"message/rfc822" = app.mail;
"text/*" = app.editor;
"text/calendar" = app.calendar;
"text/html" = app.browser;
"text/plain" = app.editor;
"video/*" = app.media.video;
"x-scheme-handler/about" = app.browser;
"x-scheme-handler/chrome" = app.browser;
"x-scheme-handler/file" = app.fileManager;
"x-scheme-handler/ftp" = app.browser;
"x-scheme-handler/http" = app.browser;
"x-scheme-handler/https" = app.browser;
"x-scheme-handler/mailto" = app.mail;
"x-scheme-handler/mid" = app.mail;
"x-scheme-handler/terminal" = app.terminal;
"x-scheme-handler/unknown" = app.browser;
"x-scheme-handler/webcal" = app.calendar;
"x-scheme-handler/webcals" = app.calendar;
"x-www-browser" = app.browser;
# FIXME: relevant? https://bbs.archlinux.org/viewtopic.php?id=243125
# FIXME: shouldn't be necessary then
# "audio/AMR" = app.media.audio;
# "audio/aac" = app.media.audio;
# "audio/ac3" = app.media.audio;
# "audio/flac" = app.media.audio;
# "audio/mp2" = app.media.audio;
# "audio/mp4" = app.media.audio;
# "audio/mpeg" = app.media.audio;
# "audio/ogg" = app.media.audio;
# "audio/vnd.dts" = app.media.audio;
# "audio/vnd.dts.hd" = app.media.audio;
# "audio/vnd.rn-realaudio" = app.media.audio;
# "audio/webm" = app.media.audio;
# "audio/x-adpcm" = app.media.audio;
# "audio/x-aiff" = app.media.audio;
# "audio/x-ape" = app.media.audio;
# "audio/x-matroska" = app.media.audio;
# "audio/x-mpegurl" = app.media.audio;
# "audio/x-ms-asx" = app.media.audio;
# "audio/x-ms-wma" = app.media.audio;
# "audio/x-musepack" = app.media.audio;
# "audio/x-scpls" = app.media.audio;
# "audio/x-tta" = app.media.audio;
# "audio/x-vorbis+ogg" = app.media.audio;
# "audio/x-wav" = app.media.audio;
# "audio/x-wavpack" = app.media.audio;
# "image/bmp" = app.media.image.bitmap;
# "image/gif" = app.media.image.bitmap;
# "image/heif" = app.media.image.bitmap;
# "image/jpeg" = app.media.image.bitmap;
# "image/jpg" = app.media.image.bitmap;
# "image/pjpeg" = app.media.image.bitmap;
# "image/png" = app.media.image.bitmap;
# "image/tiff" = app.media.image.bitmap;
# "image/vnd.zbrush.pcx" = app.media.image.bitmap;
# "image/webp" = app.media.image.bitmap;
# "image/x-icb" = app.media.image.bitmap;
# "image/x-ico" = app.media.image.bitmap;
# "image/x-pcx" = app.media.image.bitmap;
# "image/x-portable-anymap" = app.media.image.bitmap;
# "image/x-portable-bitmap" = app.media.image.bitmap;
# "image/x-portable-graymap" = app.media.image.bitmap;
# "image/x-portable-pixmap" = app.media.image.bitmap;
# "image/x-tga" = app.media.image.bitmap;
# "image/x-xbitmap" = app.media.image.bitmap;
# "image/x-xpixmap" = app.media.image.bitmap;
# "image/x-xwindowdump" = app.media.image.bitmap;
# "text/tcl" = app.editor;
# "text/x-c++hdr" = app.editor;
# "text/x-c++src" = app.editor;
# "text/x-chdr" = app.editor;
# "text/x-csrc" = app.editor;
# "text/x-java" = app.editor;
# "text/x-makefile" = app.editor;
# "text/x-moc" = app.editor;
# "text/x-pascal" = app.editor;
# "text/x-tex" = app.editor;
# "video/3gpp" = app.media.video;
# "video/3gpp2" = app.media.video;
# "video/dv" = app.media.video;
# "video/mp2t" = app.media.video;
# "video/mp4" = app.media.video;
# "video/mpeg" = app.media.video;
# "video/ogg" = app.media.video;
# "video/quicktime" = app.media.video;
# "video/vnd.mpegurl" = app.media.video;
# "video/vnd.rn-realvideo" = app.media.video;
# "video/webm" = app.media.video;
# "video/x-flic" = app.media.video;
# "video/x-flv" = app.media.video;
# "video/x-matroska" = app.media.video;
# "video/x-ms-wmv" = app.media.video;
# "video/x-msvideo" = app.media.video;
# "video/x-ogm+ogg" = app.media.video;
# "video/x-theora+ogg" = app.media.video;
# FIXME: kind of weird formats, not quite adapted to attribute name
# "application/eps" = app.media.document.pdf
# "application/oxps" = app.media.document.pdf
# "application/postscript" = app.media.document.pdf
# "application/x-eps" = app.media.document.pdf
# "image/eps" = app.media.document.pdf
# "image/vnd.djvu" = app.media.document.pdf
# "image/vnd.djvu+multipage" = app.media.document.pdf
# "image/x-eps" = app.media.document.pdf
# FIXME: additionally interesting, but not necessary
# "x-scheme-handler/discord" = [ "discord.desktop" ];
# "x-scheme-handler/msteams" = [ "teams.desktop" ];
# "x-scheme-handler/slack" = [ "slack.desktop" ];
};
};
};
};
}

8
modules/home/zathura/default.nix
View file

@ -17,4 +17,12 @@ in
"statusbar-home-tilde" = true;
};
};
config.my.home.xdg.mime-apps = lib.mkIf cfg.enable {
applications.media.document = {
comic = [ "org.pwmt.zathura.desktop" ];
ebook = [ "org.pwmt.zathura.desktop" ];
pdf = [ "org.pwmt.zathura.desktop" ];
};
};
}

50
modules/home/zsh/default.nix
View file

@ -1,14 +1,6 @@
{ config, pkgs, lib, ... }:
let
cfg = config.my.home.zsh;
# Have a nice relative path for XDG_CONFIG_HOME, without leading `/`
relativeXdgConfig =
let
noHome = lib.removePrefix config.home.homeDirectory;
noSlash = lib.removePrefix "/";
in
noSlash (noHome config.xdg.configHome);
in
{
options.my.home.zsh = with lib; {
@ -57,7 +49,7 @@ in
programs.zsh = {
enable = true;
dotDir = "${relativeXdgConfig}/zsh"; # Don't clutter $HOME
dotDir = "${config.xdg.configHome}/zsh"; # Don't clutter $HOME
enableCompletion = true;
history = {
@ -87,28 +79,26 @@ in
# Modal editing is life, but CLI benefits from emacs gymnastics
defaultKeymap = "emacs";
# Make those happen early to avoid doing double the work
initExtraFirst = lib.mkBefore ''
${
lib.optionalString cfg.launchTmux ''
# Launch tmux unless already inside one
if [ -z "$TMUX" ]; then
exec tmux new-session
fi
''
}
'';
initContent = lib.mkMerge [
# Make those happen early to avoid doing double the work
(lib.mkBefore (lib.optionalString cfg.launchTmux ''
# Launch tmux unless already inside one
if [ -z "$TMUX" ]; then
exec tmux new-session
fi
''))
initExtra = lib.mkAfter ''
source ${./completion-styles.zsh}
source ${./extra-mappings.zsh}
source ${./options.zsh}
(lib.mkAfter ''
source ${./completion-styles.zsh}
source ${./extra-mappings.zsh}
source ${./options.zsh}
# Source local configuration
if [ -f "$ZDOTDIR/zshrc.local" ]; then
source "$ZDOTDIR/zshrc.local"
fi
'';
# Source local configuration
if [ -f "$ZDOTDIR/zshrc.local" ]; then
source "$ZDOTDIR/zshrc.local"
fi
'')
];
localVariables = {
# I like having the full path
@ -151,7 +141,7 @@ in
};
# Use OSC-777 to send the notification through SSH
initExtra = lib.mkIf cfg.notify.ssh.useOsc777 ''
initContent = lib.mkIf cfg.notify.ssh.useOsc777 ''
done_send_notification() {
local exit_status="$1"
local title="$2"

2
modules/nixos/profiles/wm/default.nix
View file

@ -24,6 +24,8 @@ in
my.home.udiskie.enable = true;
# udiskie fails if it can't find this dbus service
services.udisks2.enable = true;
# Ensure i3lock can actually unlock the session
security.pam.services.i3lock.enable = true;
})
];
}

1
modules/nixos/services/default.nix
View file

@ -15,7 +15,6 @@
./gitea
./grocy
./homebox
./indexers
./jellyfin
./komga
./lohr

4
modules/nixos/services/drone/server/default.nix
View file

@ -6,8 +6,8 @@ in
config = lib.mkIf cfg.enable {
systemd.services.drone-server = {
wantedBy = [ "multi-user.target" ];
after = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
after = [ "postgresql.target" ];
requires = [ "postgresql.target" ];
serviceConfig = {
EnvironmentFile = [
cfg.secretFile

6
modules/nixos/services/homebox/default.nix
View file

@ -19,6 +19,11 @@ in
services.homebox = {
enable = true;
# Automatic PostgreSQL provisioning
database = {
createLocally = true;
};
settings = {
# FIXME: mailer?
HBOX_WEB_PORT = toString cfg.port;
@ -28,6 +33,7 @@ in
my.services.nginx.virtualHosts = {
homebox = {
inherit (cfg) port;
websocketsLocations = [ "/api" ];
};
};

78
modules/nixos/services/indexers/default.nix
View file

@ -1,78 +0,0 @@
# Torrent and usenet meta-indexers
{ config, lib, ... }:
let
cfg = config.my.services.indexers;
jackettPort = 9117;
nzbhydraPort = 5076;
prowlarrPort = 9696;
in
{
options.my.services.indexers = with lib; {
jackett.enable = mkEnableOption "Jackett torrent meta-indexer";
nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer";
prowlarr.enable = mkEnableOption "Prowlarr torrent & usenet meta-indexer";
};
config = lib.mkMerge [
(lib.mkIf cfg.jackett.enable {
services.jackett = {
enable = true;
};
# Jackett wants to eat *all* my RAM if left to its own devices
systemd.services.jackett = {
serviceConfig = {
MemoryHigh = "15%";
MemoryMax = "25%";
};
};
my.services.nginx.virtualHosts = {
jackett = {
port = jackettPort;
};
};
})
(lib.mkIf cfg.nzbhydra.enable {
services.nzbhydra2 = {
enable = true;
};
my.services.nginx.virtualHosts = {
nzbhydra = {
port = nzbhydraPort;
};
};
})
(lib.mkIf cfg.prowlarr.enable {
services.prowlarr = {
enable = true;
};
my.services.nginx.virtualHosts = {
prowlarr = {
port = prowlarrPort;
};
};
services.fail2ban.jails = {
prowlarr = ''
enabled = true
filter = prowlarr
action = iptables-allports
'';
};
environment.etc = {
"fail2ban/filter.d/prowlarr.conf".text = ''
[Definition]
failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
journalmatch = _SYSTEMD_UNIT=prowlarr.service
'';
};
})
];
}

25
modules/nixos/services/mealie/default.nix
View file

@ -32,33 +32,14 @@ in
BASE_URL = "https://mealie.${config.networking.domain}";
TZ = config.time.timeZone;
ALLOw_SIGNUP = "false";
# Use PostgreSQL
DB_ENGINE = "postgres";
# Make it work with socket auth
POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql";
};
};
systemd.services = {
mealie = {
after = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
# Automatic PostgreSQL provisioning
database = {
createLocally = true;
};
};
# Set-up database
services.postgresql = {
enable = true;
ensureDatabases = [ "mealie" ];
ensureUsers = [
{
name = "mealie";
ensureDBOwnership = true;
}
];
};
my.services.nginx.virtualHosts = {
mealie = {
inherit (cfg) port;

24
modules/nixos/services/nextcloud/default.nix
View file

@ -35,7 +35,7 @@ in
config = lib.mkIf cfg.enable {
services.nextcloud = {
enable = true;
package = pkgs.nextcloud30;
package = pkgs.nextcloud31;
hostName = "nextcloud.${config.networking.domain}";
home = "/var/lib/nextcloud";
maxUploadSize = cfg.maxSize;
@ -44,11 +44,15 @@ in
adminuser = cfg.admin;
adminpassFile = cfg.passwordFile;
dbtype = "pgsql";
dbhost = "/run/postgresql";
};
https = true;
# Automatic PostgreSQL provisioning
database = {
createLocally = true;
};
settings = {
overwriteprotocol = "https"; # Nginx only allows SSL
};
@ -60,22 +64,6 @@ in
};
};
services.postgresql = {
enable = true;
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{
name = "nextcloud";
ensureDBOwnership = true;
}
];
};
systemd.services."nextcloud-setup" = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
# The service above configures the domain, no need for my wrapper
services.nginx.virtualHosts."nextcloud.${config.networking.domain}" = {
forceSSL = true;

38
modules/nixos/services/paperless/default.nix
View file

@ -52,30 +52,28 @@ in
mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath;
settings =
let
paperlessDomain = "paperless.${config.networking.domain}";
in
{
# Use SSO
PAPERLESS_ENABLE_HTTP_REMOTE_USER = true;
PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER";
settings = {
# Use SSO
PAPERLESS_ENABLE_HTTP_REMOTE_USER = true;
PAPERLESS_ENABLE_HTTP_REMOTE_USER_API = true;
PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER";
# Security settings
PAPERLESS_ALLOWED_HOSTS = paperlessDomain;
PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}";
# Security settings
PAPERLESS_URL = "https://paperless.${config.networking.domain}";
PAPERLESS_USE_X_FORWARD_HOST = true;
PAPERLESS_PROXY_SSL_HEADER = [ "HTTP_X_FORWARDED_PROTO" "https" ];
# OCR settings
PAPERLESS_OCR_LANGUAGE = "fra+eng";
# OCR settings
PAPERLESS_OCR_LANGUAGE = "fra+eng";
# Workers
PAPERLESS_TASK_WORKERS = 3;
PAPERLESS_THREADS_PER_WORKER = 4;
# Workers
PAPERLESS_TASK_WORKERS = 3;
PAPERLESS_THREADS_PER_WORKER = 4;
# Misc
PAPERLESS_TIME_ZONE = config.time.timeZone;
PAPERLESS_ADMIN_USER = cfg.username;
};
# Misc
PAPERLESS_TIME_ZONE = config.time.timeZone;
PAPERLESS_ADMIN_USER = cfg.username;
};
# Admin password
passwordFile = cfg.passwordFile;

63
modules/nixos/services/servarr/autobrr.nix Normal file
View file

@ -0,0 +1,63 @@
# IRC-based indexer
{ config, lib, ... }:
let
cfg = config.my.services.servarr.autobrr;
in
{
options.my.services.servarr.autobrr = with lib; {
enable = mkEnableOption "autobrr IRC announce tracker" // {
default = config.my.services.servarr.enableAll;
};
port = mkOption {
type = types.port;
default = 7474;
example = 8080;
description = "Internal port for webui";
};
sessionSecretFile = mkOption {
type = types.str;
example = "/run/secrets/autobrr-secret.txt";
description = ''
File containing the session secret.
'';
};
};
config = lib.mkIf cfg.enable {
services.autobrr = {
enable = true;
settings = {
inherit (cfg) port;
checkForUpdates = false;
};
secretFile = cfg.sessionSecretFile;
};
my.services.nginx.virtualHosts = {
autobrr = {
inherit (cfg) port;
websocketsLocations = [ "/api" ];
};
};
services.fail2ban.jails = {
autobrr = ''
enabled = true
filter = autobrr
action = iptables-allports
'';
};
environment.etc = {
"fail2ban/filter.d/autobrr.conf".text = ''
[Definition]
failregex = "message":"Auth: Failed login attempt username: \[.*\] ip: <HOST>"
journalmatch = _SYSTEMD_UNIT=autobrr.service
'';
};
};
}

37
modules/nixos/services/servarr/bazarr.nix Normal file
View file

@ -0,0 +1,37 @@
{ config, lib, ... }:
let
cfg = config.my.services.servarr.bazarr;
in
{
options.my.services.servarr.bazarr = with lib; {
enable = lib.mkEnableOption "Bazarr" // {
default = config.my.services.servarr.enableAll;
};
port = mkOption {
type = types.port;
default = 6767;
example = 8080;
description = "Internal port for webui";
};
};
config = lib.mkIf cfg.enable {
services.bazarr = {
enable = true;
group = "media";
listenPort = cfg.port;
};
# Set-up media group
users.groups.media = { };
my.services.nginx.virtualHosts = {
bazarr = {
inherit (cfg) port;
};
};
# Bazarr does not log authentication failures...
};
}

96
modules/nixos/services/servarr/cross-seed.nix Normal file
View file

@ -0,0 +1,96 @@
# Automatic cross-seeding for video media
{ config, lib, ... }:
let
cfg = config.my.services.servarr.cross-seed;
in
{
options.my.services.servarr.cross-seed = with lib; {
enable = mkEnableOption "cross-seed daemon" // {
default = config.my.services.servarr.enableAll;
};
port = mkOption {
type = types.port;
default = 2468;
example = 8080;
description = "Internal port for daemon";
};
linkDirectory = mkOption {
type = types.str;
default = "/data/downloads/complete/links";
example = "/var/lib/cross-seed/links";
description = "Link directory";
};
secretSettingsFile = mkOption {
type = types.str;
example = "/run/secrets/cross-seed-secrets.json";
description = ''
File containing secret settings.
'';
};
};
config = lib.mkIf cfg.enable {
services.cross-seed = {
enable = true;
group = "media";
# Rely on recommended defaults for tracker snatches etc...
useGenConfigDefaults = true;
settings = {
inherit (cfg) port;
host = "127.0.0.1";
# Inject torrents to client directly
action = "inject";
# Query the client for torrents to match
useClientTorrents = true;
# Use hardlinks
linkType = "hardlink";
# Use configured link directory
linkDirs = [ cfg.linkDirectory ];
# Match as many torrents as possible
matchMode = "partial";
# Cross-seed full season if at least 50% of episodes are already downloaded
seasonFromEpisodes = 0.5;
};
settingsFile = cfg.secretSettingsFile;
};
systemd.services.cross-seed = {
serviceConfig = {
# Loose umask to make cross-seed links readable by `media`
UMask = "0002";
};
};
# Set-up media group
users.groups.media = { };
my.services.nginx.virtualHosts = {
cross-seed = {
inherit (cfg) port;
};
};
services.fail2ban.jails = {
cross-seed = ''
enabled = true
filter = cross-seed
action = iptables-allports
'';
};
environment.etc = {
"fail2ban/filter.d/cross-seed.conf".text = ''
[Definition]
failregex = ^.*Unauthorized API access attempt to .* from <HOST>$
journalmatch = _SYSTEMD_UNIT=cross-seed.service
'';
};
};
}

107
modules/nixos/services/servarr/default.nix
View file

@ -2,99 +2,22 @@
# Relevant link [1].
#
# [1]: https://youtu.be/I26Ql-uX6AM
{ config, lib, ... }:
let
cfg = config.my.services.servarr;
ports = {
bazarr = 6767;
lidarr = 8686;
radarr = 7878;
readarr = 8787;
sonarr = 8989;
};
mkService = service: {
services.${service} = {
enable = true;
group = "media";
};
};
mkRedirection = service: {
my.services.nginx.virtualHosts = {
${service} = {
port = ports.${service};
};
};
};
mkFail2Ban = service: lib.mkIf cfg.${service}.enable {
services.fail2ban.jails = {
${service} = ''
enabled = true
filter = ${service}
action = iptables-allports
'';
};
environment.etc = {
"fail2ban/filter.d/${service}.conf".text = ''
[Definition]
failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
journalmatch = _SYSTEMD_UNIT=${service}.service
'';
};
};
mkFullConfig = service: lib.mkIf cfg.${service}.enable (lib.mkMerge [
(mkService service)
(mkRedirection service)
]);
in
{ lib, ... }:
{
imports = [
./autobrr.nix
./bazarr.nix
./cross-seed.nix
./jackett.nix
./nzbhydra.nix
./prowlarr.nix
(import ./starr.nix "lidarr")
(import ./starr.nix "radarr")
(import ./starr.nix "readarr")
(import ./starr.nix "sonarr")
];
options.my.services.servarr = {
enable = lib.mkEnableOption "Media automation";
bazarr = {
enable = lib.my.mkDisableOption "Bazarr";
};
lidarr = {
enable = lib.my.mkDisableOption "Lidarr";
};
radarr = {
enable = lib.my.mkDisableOption "Radarr";
};
readarr = {
enable = lib.my.mkDisableOption "Readarr";
};
sonarr = {
enable = lib.my.mkDisableOption "Sonarr";
};
enableAll = lib.mkEnableOption "media automation suite";
};
config = lib.mkIf cfg.enable (lib.mkMerge [
{
# Set-up media group
users.groups.media = { };
}
# Bazarr does not log authentication failures...
(mkFullConfig "bazarr")
# Lidarr for music
(mkFullConfig "lidarr")
(mkFail2Ban "lidarr")
# Radarr for movies
(mkFullConfig "radarr")
(mkFail2Ban "radarr")
# Readarr for books
(mkFullConfig "readarr")
(mkFail2Ban "readarr")
# Sonarr for shows
(mkFullConfig "sonarr")
(mkFail2Ban "sonarr")
]);
}

41
modules/nixos/services/servarr/jackett.nix Normal file
View file

@ -0,0 +1,41 @@
{ config, lib, ... }:
let
cfg = config.my.services.servarr.jackett;
in
{
options.my.services.servarr.jackett = with lib; {
enable = lib.mkEnableOption "Jackett" // {
default = config.my.services.servarr.enableAll;
};
port = mkOption {
type = types.port;
default = 9117;
example = 8080;
description = "Internal port for webui";
};
};
config = lib.mkIf cfg.enable {
services.jackett = {
enable = true;
inherit (cfg) port;
};
# Jackett wants to eat *all* my RAM if left to its own devices
systemd.services.jackett = {
serviceConfig = {
MemoryHigh = "15%";
MemoryMax = "25%";
};
};
my.services.nginx.virtualHosts = {
jackett = {
inherit (cfg) port;
};
};
# Jackett does not log authentication failures...
};
}

26
modules/nixos/services/servarr/nzbhydra.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, lib, ... }:
let
cfg = config.my.services.servarr.nzbhydra;
in
{
options.my.services.servarr.nzbhydra = with lib; {
enable = lib.mkEnableOption "NZBHydra2" // {
default = config.my.services.servarr.enableAll;
};
};
config = lib.mkIf cfg.enable {
services.nzbhydra2 = {
enable = true;
};
my.services.nginx.virtualHosts = {
nzbhydra = {
port = 5076;
websocketsLocations = [ "/" ];
};
};
# NZBHydra2 does not log authentication failures...
};
}

53
modules/nixos/services/servarr/prowlarr.nix Normal file
View file

@ -0,0 +1,53 @@
# Torrent and NZB indexer
{ config, lib, ... }:
let
cfg = config.my.services.servarr.prowlarr;
in
{
options.my.services.servarr.prowlarr = with lib; {
enable = lib.mkEnableOption "Prowlarr" // {
default = config.my.services.servarr.enableAll;
};
port = mkOption {
type = types.port;
default = 9696;
example = 8080;
description = "Internal port for webui";
};
};
config = lib.mkIf cfg.enable {
services.prowlarr = {
enable = true;
settings = {
server = {
port = cfg.port;
};
};
};
my.services.nginx.virtualHosts = {
prowlarr = {
inherit (cfg) port;
};
};
services.fail2ban.jails = {
prowlarr = ''
enabled = true
filter = prowlarr
action = iptables-allports
'';
};
environment.etc = {
"fail2ban/filter.d/prowlarr.conf".text = ''
[Definition]
failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
journalmatch = _SYSTEMD_UNIT=prowlarr.service
'';
};
};
}

64
modules/nixos/services/servarr/starr.nix Normal file
View file

@ -0,0 +1,64 @@
# Templated *arr configuration
starr:
{ config, lib, ... }:
let
cfg = config.my.services.servarr.${starr};
ports = {
lidarr = 8686;
radarr = 7878;
readarr = 8787;
sonarr = 8989;
};
in
{
options.my.services.servarr.${starr} = with lib; {
enable = lib.mkEnableOption (lib.toSentenceCase starr) // {
default = config.my.services.servarr.enableAll;
};
port = mkOption {
type = types.port;
default = ports.${starr};
example = 8080;
description = "Internal port for webui";
};
};
config = lib.mkIf cfg.enable {
services.${starr} = {
enable = true;
group = "media";
settings = {
server = {
port = cfg.port;
};
};
};
# Set-up media group
users.groups.media = { };
my.services.nginx.virtualHosts = {
${starr} = {
port = cfg.port;
};
};
services.fail2ban.jails = {
${starr} = ''
enabled = true
filter = ${starr}
action = iptables-allports
'';
};
environment.etc = {
"fail2ban/filter.d/${starr}.conf".text = ''
[Definition]
failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
journalmatch = _SYSTEMD_UNIT=${starr}.service
'';
};
};
}

25
modules/nixos/services/tandoor-recipes/default.nix
View file

@ -26,18 +26,16 @@ in
services.tandoor-recipes = {
enable = true;
database = {
createLocally = true;
};
port = cfg.port;
extraConfig =
let
tandoorRecipesDomain = "recipes.${config.networking.domain}";
in
{
# Use PostgreSQL
DB_ENGINE = "django.db.backends.postgresql";
POSTGRES_HOST = "/run/postgresql";
POSTGRES_USER = "tandoor_recipes";
POSTGRES_DB = "tandoor_recipes";
# Security settings
ALLOWED_HOSTS = tandoorRecipesDomain;
CSRF_TRUSTED_ORIGINS = "https://${tandoorRecipesDomain}";
@ -49,27 +47,12 @@ in
systemd.services = {
tandoor-recipes = {
after = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
serviceConfig = {
EnvironmentFile = cfg.secretKeyFile;
};
};
};
# Set-up database
services.postgresql = {
enable = true;
ensureDatabases = [ "tandoor_recipes" ];
ensureUsers = [
{
name = "tandoor_recipes";
ensureDBOwnership = true;
}
];
};
my.services.nginx.virtualHosts = {
recipes = {
inherit (cfg) port;

3
modules/nixos/services/transmission/default.nix
View file

@ -47,6 +47,7 @@ in
enable = true;
package = pkgs.transmission_4;
group = "media";
webHome = pkgs.trgui-ng-web;
downloadDirPermissions = "775";
@ -65,6 +66,8 @@ in
# Proxied behind Nginx.
rpc-whitelist-enabled = true;
rpc-whitelist = "127.0.0.1";
umask = "002"; # To go with `downloadDirPermissions`
};
};

4
modules/nixos/services/woodpecker/server/default.nix
View file

@ -24,8 +24,8 @@ in
};
systemd.services.woodpecker-server = {
after = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
after = [ "postgresql.target" ];
requires = [ "postgresql.target" ];
serviceConfig = {
# Set username for DB access

4
overlays/lsp-format-nvim-indentation/default.nix
View file

@ -1,4 +0,0 @@
self: prev:
{
vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { });
}

14
overlays/lsp-format-nvim-indentation/generated.nix
View file

@ -1,14 +0,0 @@
{ fetchpatch, ... }:
_final: prev: {
lsp-format-nvim = prev.lsp-format-nvim.overrideAttrs (oa: {
patches = (oa.patches or [ ]) ++ [
# https://github.com/lukas-reineke/lsp-format.nvim/issues/94
(fetchpatch {
name = "use-effective-indentation";
url = "https://github.com/liskin/lsp-format.nvim/commit/3757ac443bdf5bd166673833794553229ee8d939.patch";
hash = "sha256-Dv+TvXrU/IrrPxz2MSPbLmRxch+qkHbI3AyFMj/ssDk=";
})
];
});
}

15
templates/c++-cmake/flake.nix
View file

@ -16,19 +16,18 @@
ref = "nixos-unstable";
};
pre-commit-hooks = {
git-hooks = {
type = "github";
owner = "cachix";
repo = "pre-commit-hooks.nix";
repo = "git-hooks.nix";
ref = "master";
inputs = {
flake-utils.follows = "futils";
nixpkgs.follows = "nixpkgs";
};
};
};
outputs = { self, futils, nixpkgs, pre-commit-hooks }:
outputs = { self, futils, nixpkgs, git-hooks }:
{
overlays = {
default = final: _prev: {
@ -69,7 +68,7 @@
];
};
pre-commit = pre-commit-hooks.lib.${system}.run {
pre-commit = git-hooks.lib.${system}.run {
src = self;
hooks = {
@ -92,12 +91,12 @@
devShells = {
default = pkgs.mkShell {
inputsFrom = with self.packages.${system}; [
project
inputsFrom = [
self.packages.${system}.project
];
packages = with pkgs; [
clang-tools
self.checks.${system}.pre-commit.enabledPackages
];
inherit (pre-commit) shellHook;

15
templates/c++-meson/flake.nix
View file

@ -16,19 +16,18 @@
ref = "nixos-unstable";
};
pre-commit-hooks = {
git-hooks = {
type = "github";
owner = "cachix";
repo = "pre-commit-hooks.nix";
repo = "git-hooks.nix";
ref = "master";
inputs = {
flake-utils.follows = "futils";
nixpkgs.follows = "nixpkgs";
};
};
};
outputs = { self, futils, nixpkgs, pre-commit-hooks }:
outputs = { self, futils, nixpkgs, git-hooks }:
{
overlays = {
default = final: _prev: {
@ -69,7 +68,7 @@
];
};
pre-commit = pre-commit-hooks.lib.${system}.run {
pre-commit = git-hooks.lib.${system}.run {
src = self;
hooks = {
@ -92,12 +91,12 @@
devShells = {
default = pkgs.mkShell {
inputsFrom = with self.packages.${system}; [
project
inputsFrom = [
self.packages.${system}.project
];
packages = with pkgs; [
clang-tools
self.checks.${system}.pre-commit.enabledPackages
];
inherit (pre-commit) shellHook;

4
templates/default.nix
View file

@ -7,6 +7,10 @@
path = ./c++-meson;
description = "A C++ project using Meson";
};
"python-uv" = {
path = ./python-uv;
description = "A Python project using uv";
};
"rust-cargo" = {
path = ./rust-cargo;
description = "A Rust project using Cargo";

6
templates/python-uv/.envrc Normal file
View file

@ -0,0 +1,6 @@
# shellcheck shell=bash
if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then
source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg="
fi
use flake

6
templates/python-uv/.gitignore vendored Normal file
View file

@ -0,0 +1,6 @@
# Virtual environments
.venv
# Nix generated files
/.pre-commit-config.yaml
/result

31
templates/python-uv/.woodpecker/check.yml Normal file
View file

@ -0,0 +1,31 @@
labels:
backend: local
steps:
- name: pre-commit check
image: bash
commands:
- nix develop --command pre-commit run --all
- name: nix flake check
image: bash
commands:
- nix flake check
- name: notify
image: bash
environment:
ADDRESS:
from_secret: matrix_homeserver
ROOM:
from_secret: matrix_roomid
USER:
from_secret: matrix_username
PASS:
from_secret: matrix_password
commands:
- nix run github:ambroisie/matrix-notifier
when:
status:
- failure
- success

112
templates/python-uv/flake.nix Normal file
View file

@ -0,0 +1,112 @@
{
description = "A Python project";
inputs = {
futils = {
type = "github";
owner = "numtide";
repo = "flake-utils";
ref = "main";
};
nixpkgs = {
type = "github";
owner = "NixOS";
repo = "nixpkgs";
ref = "nixos-unstable";
};
git-hooks = {
type = "github";
owner = "cachix";
repo = "git-hooks.nix";
ref = "master";
inputs = {
nixpkgs.follows = "nixpkgs";
};
};
};
outputs = { self, futils, nixpkgs, git-hooks }:
{
overlays = {
default = final: _prev: {
project = with final; python3.pkgs.buildPythonApplication {
pname = "project";
version = (final.lib.importTOML ./pyproject.toml).project.version;
pyproject = true;
src = self;
build-system = with python3.pkgs; [ setuptools ];
pythonImportsCheck = [ "project" ];
meta = with lib; {
description = "A Python project";
homepage = "https://git.belanyi.fr/ambroisie/project";
license = licenses.mit;
maintainers = with maintainers; [ ambroisie ];
};
};
};
};
} // futils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs {
inherit system;
overlays = [
self.overlays.default
];
};
pre-commit = git-hooks.lib.${system}.run {
src = self;
hooks = {
mypy = {
enable = true;
};
nixpkgs-fmt = {
enable = true;
};
ruff = {
enable = true;
};
ruff-format = {
enable = true;
};
};
};
in
{
checks = {
inherit (self.packages.${system}) project;
inherit pre-commit;
};
devShells = {
default = pkgs.mkShell {
inputsFrom = [
self.packages.${system}.project
];
packages = with pkgs; [
uv
self.checks.${system}.pre-commit.enabledPackages
];
inherit (pre-commit) shellHook;
};
};
packages = futils.lib.flattenTree {
default = pkgs.project;
inherit (pkgs) project;
};
});
}

17
templates/python-uv/pyproject.toml Normal file
View file

@ -0,0 +1,17 @@
[build-system]
requires = ["setuptools"]
build-backend = "setuptools.build_meta"
[project]
name = "project"
version = "0.0.0"
description = "project description"
requires-python = ">=3.12"
dependencies = []
[project.scripts]
project = "project:main"
[dependency-groups]
dev = []

2
templates/python-uv/src/project/__init__.py Normal file
View file

@ -0,0 +1,2 @@
def main() -> None:
print("Hello, world!")

16
templates/rust-cargo/flake.nix
View file

@ -16,19 +16,18 @@
ref = "nixos-unstable";
};
pre-commit-hooks = {
git-hooks = {
type = "github";
owner = "cachix";
repo = "pre-commit-hooks.nix";
repo = "git-hooks.nix";
ref = "master";
inputs = {
flake-utils.follows = "futils";
nixpkgs.follows = "nixpkgs";
};
};
};
outputs = { self, futils, nixpkgs, pre-commit-hooks }:
outputs = { self, futils, nixpkgs, git-hooks }:
{
overlays = {
default = final: _prev: {
@ -60,7 +59,7 @@
];
};
pre-commit = pre-commit-hooks.lib.${system}.run {
pre-commit = git-hooks.lib.${system}.run {
src = self;
hooks = {
@ -88,14 +87,13 @@
devShells = {
default = pkgs.mkShell {
inputsFrom = with self.packages.${system}; [
project
inputsFrom = [
self.packages.${system}.project
];
packages = with pkgs; [
clippy
rust-analyzer
rustfmt
self.checks.${system}.pre-commit.enabledPackages
];
RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}";