diff --git a/.envrc b/.envrc index f5141c2..a6b1f81 100644 --- a/.envrc +++ b/.envrc @@ -1,3 +1,4 @@ +# shellcheck shell=bash if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" fi diff --git a/.woodpecker/check.yml b/.woodpecker/check.yml index aff6e84..9e885aa 100644 --- a/.woodpecker/check.yml +++ b/.woodpecker/check.yml @@ -7,17 +7,17 @@ steps: commands: - nix flake check -- name: notifiy +- name: notify image: bash - secrets: - - source: matrix_homeserver - target: address - - source: matrix_roomid - target: room - - source: matrix_username - target: user - - source: matrix_password - target: pass + environment: + ADDRESS: + from_secret: matrix_homeserver + ROOM: + from_secret: matrix_roomid + USER: + from_secret: matrix_username + PASS: + from_secret: matrix_password commands: - nix run '.#matrix-notifier' when: diff --git a/flake.lock b/flake.lock index 5e4a413..a4da84d 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1703433843, - "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=", + "lastModified": 1750173260, + "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", "owner": "ryantm", "repo": "agenix", - "rev": "417caa847f9383e111d1397039c9d4337d024bf0", + "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", "type": "github" }, "original": { @@ -36,11 +36,11 @@ ] }, "locked": { - "lastModified": 1700795494, - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", "type": "github" }, "original": { @@ -53,11 +53,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1704152458, - "narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=", + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "88a2cd8166694ba0b6cb374700799cec53aef527", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", "type": "github" }, "original": { @@ -94,11 +94,11 @@ ] }, "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -108,19 +108,42 @@ "type": "github" } }, - "gitignore": { + "git-hooks": { "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", "nixpkgs": [ - "pre-commit-hooks", "nixpkgs" ] }, "locked": { - "lastModified": 1660459072, - "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "master", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", "owner": "hercules-ci", "repo": "gitignore.nix", - "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", "type": "github" }, "original": { @@ -136,11 +159,11 @@ ] }, "locked": { - "lastModified": 1704276313, - "narHash": "sha256-4eD4RaAKHLj0ztw5pQcNFs3hGpxrsYb0e9Qir+Ute+w=", + "lastModified": 1751429452, + "narHash": "sha256-4s5vRtaqdNhVBnbOWOzBNKrRa0ShQTLoEPjJp3joeNI=", "owner": "nix-community", "repo": "home-manager", - "rev": "4d8f90205c6c90be2e81d94d0e5eedf71c1ba34e", + "rev": "df12269039dcf752600b1bcc176bacf2786ec384", "type": "github" }, "original": { @@ -152,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1703961334, - "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", + "lastModified": 1751271578, + "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", + "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", "type": "github" }, "original": { @@ -167,47 +190,27 @@ } }, "nur": { - "locked": { - "lastModified": 1704289500, - "narHash": "sha256-SMoojjdEMgf6GtPh5vzofdeev4nyM+vBi2J6Z/Sufco=", - "owner": "nix-community", - "repo": "NUR", - "rev": "a18213c74e43dd6e941c41d77382377938c77caf", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "master", - "repo": "NUR", - "type": "github" - } - }, - "pre-commit-hooks": { "inputs": { - "flake-compat": "flake-compat", - "flake-utils": [ - "futils" + "flake-parts": [ + "flake-parts" ], - "gitignore": "gitignore", "nixpkgs": [ "nixpkgs" ], - "nixpkgs-stable": [ - "nixpkgs" - ] + "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1703939133, - "narHash": "sha256-Gxe+mfOT6bL7wLC/tuT2F+V+Sb44jNr8YsJ3cyIl4Mo=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "9d3d7e18c6bc4473d7520200d4ddab12f8402d38", + "lastModified": 1741294988, + "narHash": "sha256-3408u6q615kVTb23WtDriHRmCBBpwX7iau6rvfipcu4=", + "owner": "nix-community", + "repo": "NUR", + "rev": "b30c245e2c44c7352a27485bfd5bc483df660f0e", "type": "github" }, "original": { - "owner": "cachix", + "owner": "nix-community", "ref": "master", - "repo": "pre-commit-hooks.nix", + "repo": "NUR", "type": "github" } }, @@ -216,10 +219,10 @@ "agenix": "agenix", "flake-parts": "flake-parts", "futils": "futils", + "git-hooks": "git-hooks", "home-manager": "home-manager", "nixpkgs": "nixpkgs", "nur": "nur", - "pre-commit-hooks": "pre-commit-hooks", "systems": "systems" } }, @@ -238,6 +241,27 @@ "repo": "default", "type": "github" } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733222881, + "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "49717b5af6f80172275d47a418c9719a31a78b53", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 9c29183..5076729 100644 --- a/flake.nix +++ b/flake.nix @@ -55,17 +55,19 @@ owner = "nix-community"; repo = "NUR"; ref = "master"; + inputs = { + flake-parts.follows = "flake-parts"; + nixpkgs.follows = "nixpkgs"; + }; }; - pre-commit-hooks = { + git-hooks = { type = "github"; owner = "cachix"; - repo = "pre-commit-hooks.nix"; + repo = "git-hooks.nix"; ref = "master"; inputs = { - flake-utils.follows = "futils"; nixpkgs.follows = "nixpkgs"; - nixpkgs-stable.follows = "nixpkgs"; }; }; diff --git a/flake/checks.nix b/flake/checks.nix index 98e49bd..73e64d5 100644 --- a/flake/checks.nix +++ b/flake/checks.nix @@ -1,7 +1,7 @@ { inputs, ... }: { imports = [ - inputs.pre-commit-hooks.flakeModule + inputs.git-hooks.flakeModule ]; perSystem = { ... }: { diff --git a/flake/default.nix b/flake/default.nix index 65102e1..6f1d4ac 100644 --- a/flake/default.nix +++ b/flake/default.nix @@ -1,9 +1,9 @@ { flake-parts -, futils +, systems , ... } @ inputs: let - mySystems = futils.lib.defaultSystems; + mySystems = import systems; in flake-parts.lib.mkFlake { inherit inputs; } { systems = mySystems; @@ -13,6 +13,7 @@ flake-parts.lib.mkFlake { inherit inputs; } { ./checks.nix ./dev-shells.nix ./home-manager.nix + ./hosts.nix ./lib.nix ./nixos.nix ./overlays.nix diff --git a/flake/dev-shells.nix b/flake/dev-shells.nix index d5f5989..87464a4 100644 --- a/flake/dev-shells.nix +++ b/flake/dev-shells.nix @@ -6,7 +6,6 @@ name = "NixOS-config"; nativeBuildInputs = with pkgs; [ - gitAndTools.pre-commit nixpkgs-fmt ]; diff --git a/flake/home-manager.nix b/flake/home-manager.nix index 34af375..d4d14fc 100644 --- a/flake/home-manager.nix +++ b/flake/home-manager.nix @@ -1,8 +1,15 @@ -{ self, inputs, lib, ... }: +{ self, config, inputs, lib, ... }: let + inherit (config) hosts; + defaultModules = [ # Include generic settings "${self}/modules/home" + { + nixpkgs.overlays = (lib.attrValues self.overlays) ++ [ + inputs.nur.overlays.default + ]; + } { # Basic user information defaults home.username = lib.mkDefault "ambroisie"; @@ -14,24 +21,17 @@ let # Enable home-manager programs.home-manager.enable = true; } + # Import common modules + "${self}/modules/common" ]; - mkHome = name: system: inputs.home-manager.lib.homeManagerConfiguration { - # Work-around for home-manager - # * not letting me set `lib` as an extraSpecialArgs - # * not respecting `nixpkgs.overlays` [1] - # [1]: https://github.com/nix-community/home-manager/issues/2954 - pkgs = import inputs.nixpkgs { - inherit system; + mkHomeCommon = mainModules: system: inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.${system}; - overlays = (lib.attrValues self.overlays) ++ [ - inputs.nur.overlay - ]; - }; + modules = defaultModules ++ mainModules; - modules = defaultModules ++ [ - "${self}/hosts/homes/${name}" - ]; + # Use my extended lib in NixOS configuration + inherit (self) lib; extraSpecialArgs = { # Inject inputs to use them in global registry @@ -39,24 +39,41 @@ let }; }; - homes = { + mkHome = name: mkHomeCommon [ "${self}/hosts/homes/${name}" ]; + + mkNixosHome = name: mkHomeCommon [ + "${self}/hosts/nixos/${name}/home.nix" + "${self}/hosts/nixos/${name}/profiles.nix" + ]; +in +{ + hosts.homes = { "ambroisie@bazin" = "x86_64-linux"; "ambroisie@mousqueton" = "x86_64-linux"; }; -in -{ + perSystem = { system, ... }: { # Work-around for https://github.com/nix-community/home-manager/issues/3075 legacyPackages = { homeConfigurations = let - filteredHomes = lib.filterAttrs (_: v: v == system) homes; + filteredHomes = lib.filterAttrs (_: v: v == system) hosts.homes; allHomes = filteredHomes // { # Default configuration ambroisie = system; }; + homeManagerHomes = lib.mapAttrs mkHome allHomes; + + filteredNixosHosts = lib.filterAttrs (_: v: v == system) hosts.nixos; + nixosHomes' = lib.mapAttrs mkNixosHome filteredNixosHosts; + nixosHomeUsername = (host: self.nixosConfigurations.${host}.config.my.user.name); + nixosHomes = lib.mapAttrs' (host: lib.nameValuePair "${nixosHomeUsername host}@${host}") nixosHomes'; in - lib.mapAttrs mkHome allHomes; + lib.foldl' lib.mergeAttrs { } + [ + homeManagerHomes + nixosHomes + ]; }; }; } diff --git a/flake/hosts.nix b/flake/hosts.nix new file mode 100644 index 0000000..7d95fdc --- /dev/null +++ b/flake/hosts.nix @@ -0,0 +1,21 @@ +# Define `hosts.{darwin,home,nixos}` options for consumption in other modules +{ lib, ... }: +let + mkHostsOption = description: lib.mkOption { + inherit description; + type = with lib.types; attrsOf str; + default = { }; + example = { name = "x86_64-linux"; }; + }; +in +{ + options = { + hosts = { + darwin = mkHostsOption "Darwin hosts"; + + homes = mkHostsOption "Home Manager hosts"; + + nixos = mkHostsOption "NixOS hosts"; + }; + }; +} diff --git a/flake/nixos.nix b/flake/nixos.nix index b48b551..9a6d5bc 100644 --- a/flake/nixos.nix +++ b/flake/nixos.nix @@ -1,22 +1,26 @@ -{ self, inputs, lib, ... }: +{ self, config, inputs, lib, ... }: let defaultModules = [ { # Let 'nixos-version --json' know about the Git revision - system.configurationRevision = self.rev or "dirty"; + system.configurationRevision = self.rev or self.dirtyRev or "dirty"; } { nixpkgs.overlays = (lib.attrValues self.overlays) ++ [ - inputs.nur.overlay + inputs.nur.overlays.default ]; } # Include generic settings "${self}/modules/nixos" + # Import common modules + "${self}/modules/common" ]; buildHost = name: system: lib.nixosSystem { - inherit system; modules = defaultModules ++ [ + { + nixpkgs.hostPlatform = system; + } "${self}/hosts/nixos/${name}" ]; specialArgs = { @@ -28,8 +32,12 @@ let }; in { - flake.nixosConfigurations = lib.mapAttrs buildHost { - aramis = "x86_64-linux"; - porthos = "x86_64-linux"; + config = { + hosts.nixos = { + aramis = "x86_64-linux"; + porthos = "x86_64-linux"; + }; + + flake.nixosConfigurations = lib.mapAttrs buildHost config.hosts.nixos; }; } diff --git a/hosts/homes/ambroisie@bazin/default.nix b/hosts/homes/ambroisie@bazin/default.nix index 4490c51..365b70d 100644 --- a/hosts/homes/ambroisie@bazin/default.nix +++ b/hosts/homes/ambroisie@bazin/default.nix @@ -1,9 +1,23 @@ -# Google Cloudtop configuration -{ lib, pkgs, ... }: +# Google Laptop configuration +{ lib, options, pkgs, ... }: { services.gpg-agent.enable = lib.mkForce false; my.home = { + atuin = { + package = pkgs.stdenv.mkDerivation { + pname = "atuin"; + version = "18.4.0"; + + buildCommand = '' + mkdir -p $out/bin + ln -s /usr/bin/atuin $out/bin/atuin + ''; + + meta.mainProgram = "atuin"; + }; + }; + git = { package = pkgs.emptyDirectory; }; @@ -12,8 +26,10 @@ # I use scripts that use the passthrough sequence often on this host enablePassthrough = true; - # HTerm uses `xterm-256color` as its `$TERM`, so use that here - trueColorTerminals = [ "xterm-256color" ]; + terminalFeatures = { + # HTerm uses `xterm-256color` as its `$TERM`, so use that here + xterm-256color = { }; + }; }; ssh = { @@ -21,5 +37,21 @@ package = pkgs.emptyDirectory; }; }; + + zsh = { + notify = { + enable = true; + + exclude = options.my.home.zsh.notify.exclude.default ++ [ + "adb shell$" # Only interactive shell sessions + ]; + + ssh = { + enable = true; + # `notify-send` is proxied to the ChromeOS layer + useOsc777 = false; + }; + }; + }; }; } diff --git a/hosts/homes/ambroisie@mousqueton/default.nix b/hosts/homes/ambroisie@mousqueton/default.nix index 5c0a963..1383618 100644 --- a/hosts/homes/ambroisie@mousqueton/default.nix +++ b/hosts/homes/ambroisie@mousqueton/default.nix @@ -7,6 +7,20 @@ services.gpg-agent.enable = lib.mkForce false; my.home = { + atuin = { + package = pkgs.stdenv.mkDerivation { + pname = "atuin"; + version = "18.4.0"; + + buildCommand = '' + mkdir -p $out/bin + ln -s /usr/bin/atuin $out/bin/atuin + ''; + + meta.mainProgram = "atuin"; + }; + }; + git = { package = pkgs.emptyDirectory; }; @@ -15,8 +29,13 @@ # I use scripts that use the passthrough sequence often on this host enablePassthrough = true; - # HTerm uses `xterm-256color` as its `$TERM`, so use that here - trueColorTerminals = [ "xterm-256color" ]; + # Frequent reboots mean that session persistence can be handy + enableResurrect = true; + + terminalFeatures = { + # HTerm uses `xterm-256color` as its `$TERM`, so use that here + xterm-256color = { }; + }; }; }; } diff --git a/hosts/nixos/aramis/hardware.nix b/hosts/nixos/aramis/hardware.nix index c66b426..99bc77e 100644 --- a/hosts/nixos/aramis/hardware.nix +++ b/hosts/nixos/aramis/hardware.nix @@ -26,6 +26,12 @@ firmware = { cpuFlavor = "intel"; }; + + graphics = { + enable = true; + + gpuFlavor = "intel"; + }; }; hardware = { diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix index dfe9dbe..221b1ea 100644 --- a/hosts/nixos/aramis/home.nix +++ b/hosts/nixos/aramis/home.nix @@ -2,7 +2,7 @@ { my.home = { # Use graphical pinentry - bitwarden.pinentry = "qt"; + bitwarden.pinentry = pkgs.pinentry-gtk2; # Ebook library calibre.enable = true; # Some amount of social life @@ -14,13 +14,13 @@ # Blue light filter gammastep.enable = true; # Use a small popup to enter passwords - gpg.pinentry = "qt"; + gpg.pinentry = pkgs.pinentry-gtk2; # Machine specific packages packages.additionalPackages = with pkgs; [ element-desktop # Matrix client jellyfin-media-player # Wraps the webui and mpv together pavucontrol # Audio mixer GUI - transgui # Transmission remote + trgui-ng # Transmission remote ]; # Minimal video player mpv.enable = true; diff --git a/hosts/nixos/porthos/boot.nix b/hosts/nixos/porthos/boot.nix index fbc5db7..461e969 100644 --- a/hosts/nixos/porthos/boot.nix +++ b/hosts/nixos/porthos/boot.nix @@ -3,15 +3,14 @@ { boot = { - # Use the GRUB 2 boot loader. - loader.grub = { - enable = true; - # Define on which hard drive you want to install Grub. - device = "/dev/disk/by-id/ata-HGST_HUS724020ALA640_PN2181P6J58M1P"; + # Use the systemd-boot EFI boot loader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; }; initrd = { - availableKernelModules = [ "uhci_hcd" "ahci" "usbhid" ]; + availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "usbhid" "sd_mod" ]; kernelModules = [ "dm-snapshot" ]; }; diff --git a/hosts/nixos/porthos/default.nix b/hosts/nixos/porthos/default.nix index 2dea899..e69bccf 100644 --- a/hosts/nixos/porthos/default.nix +++ b/hosts/nixos/porthos/default.nix @@ -7,6 +7,7 @@ ./hardware.nix ./home.nix ./networking.nix + ./profiles.nix ./secrets ./services.nix ./system.nix @@ -16,11 +17,5 @@ # Set your time zone. time.timeZone = "Europe/Paris"; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "20.09"; # Did you read the comment? + system.stateVersion = "24.05"; # Did you read the comment? } diff --git a/hosts/nixos/porthos/hardware.nix b/hosts/nixos/porthos/hardware.nix index 5a6e0d7..2172c5c 100644 --- a/hosts/nixos/porthos/hardware.nix +++ b/hosts/nixos/porthos/hardware.nix @@ -1,5 +1,5 @@ # Hardware configuration -{ lib, modulesPath, ... }: +{ modulesPath, ... }: { imports = [ @@ -11,9 +11,18 @@ fsType = "ext4"; }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; + swapDevices = [ { device = "/dev/disk/by-label/swap"; } ]; - powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; + my.hardware = { + firmware = { + cpuFlavor = "intel"; + }; + }; } diff --git a/hosts/nixos/porthos/home.nix b/hosts/nixos/porthos/home.nix index 90aa0ec..c2c858b 100644 --- a/hosts/nixos/porthos/home.nix +++ b/hosts/nixos/porthos/home.nix @@ -1,11 +1,18 @@ { ... }: { my.home = { - # Allow using 24bit color when SSH-ing from various clients - tmux.trueColorTerminals = [ + nix = { + cache = { + # This server is the one serving the cache, don't try to query it + selfHosted = false; + }; + }; + + # Allow using extended features when SSH-ing from various clients + tmux.terminalFeatures = { # My usual terminal, e.g: on laptop - "alacritty" - ]; + alacritty = { }; + }; # Always start a tmux session when opening a shell session zsh.launchTmux = true; diff --git a/hosts/nixos/porthos/install.sh b/hosts/nixos/porthos/install.sh index 8edc175..e6ba0aa 100644 --- a/hosts/nixos/porthos/install.sh +++ b/hosts/nixos/porthos/install.sh @@ -3,7 +3,7 @@ SWAP_SIZE=16GiB parted /dev/sda --script -- \ - mklabel msdos \ + mklabel gpt \ mkpart primary 512MiB -$SWAP_SIZE \ mkpart primary linux-swap -$SWAP_SIZE 100% \ mkpart ESP fat32 1MiB 512MiB \ @@ -11,14 +11,24 @@ parted /dev/sda --script -- \ parted /dev/sdb --script -- \ mklabel gpt \ - mkpart primary 0MiB 100% + mkpart primary 0% 100% +parted /dev/sdc --script -- \ + mklabel gpt \ + mkpart primary 0% 100% +parted /dev/sdd --script -- \ + mklabel gpt \ + mkpart primary 0% 100% mkfs.ext4 -L media1 /dev/sda1 mkfs.ext4 -L media2 /dev/sdb1 +mkfs.ext4 -L media3 /dev/sdc1 +mkfs.ext4 -L media4 /dev/sdd1 pvcreate /dev/sda1 pvcreate /dev/sdb1 -vgcreate lvm /dev/sda1 /dev/sdb1 +pvcreate /dev/sdc1 +pvcreate /dev/sdd1 +vgcreate lvm /dev/sda1 /dev/sdb1 /dev/sdc1 /dev/sdd1 lvcreate -l 100%FREE -n media lvm mkfs.ext4 -L nixos /dev/mapper/lvm-media @@ -27,17 +37,17 @@ mkfs.fat -F 32 -n boot /dev/sda3 mount /dev/disk/by-label/nixos /mnt swapon /dev/sda2 +mkdir -p /mnt/boot +mount /dev/disk/by-label/boot /mnt/boot apt install sudo useradd -m -G sudo setupuser -# shellcheck disable=2117 -su setupuser cat << EOF # Run the following commands as setup user -curl -L https://nixos.org/nix/install | sh -. $HOME/.nix-profile/etc/profile.d/nix.sh -nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs +curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install +. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh +nix profile install nixpkgs#nixos-install-tools sudo "$(which nixos-generate-config)" --root /mnt # Change uuids to labels @@ -54,3 +64,6 @@ git crypt unlock nixos-install --root /mnt --flake '.#' EOF + +# shellcheck disable=2117 +su setupuser diff --git a/hosts/nixos/porthos/networking.nix b/hosts/nixos/porthos/networking.nix index 1e2c9cd..717652b 100644 --- a/hosts/nixos/porthos/networking.nix +++ b/hosts/nixos/porthos/networking.nix @@ -6,30 +6,17 @@ hostName = "porthos"; # Define your hostname. domain = "belanyi.fr"; # Define your domain. - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - useDHCP = false; - + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = true; interfaces = { - bond0.useDHCP = true; - bonding_masters.useDHCP = true; - dummy0.useDHCP = true; - erspan0.useDHCP = true; - eth0.useDHCP = true; - eth1.useDHCP = true; - gre0.useDHCP = true; - gretap0.useDHCP = true; - ifb0.useDHCP = true; - ifb1.useDHCP = true; - ip6tnl0.useDHCP = true; - sit0.useDHCP = true; - teql0.useDHCP = true; - tunl0.useDHCP = true; + eno1.useDHCP = true; + eno2.useDHCP = true; }; }; # Which interface is used to connect to the internet - my.hardware.networking.externalInterface = "eth0"; + my.hardware.networking.externalInterface = "eno1"; } diff --git a/hosts/nixos/porthos/profiles.nix b/hosts/nixos/porthos/profiles.nix new file mode 100644 index 0000000..3ec736c --- /dev/null +++ b/hosts/nixos/porthos/profiles.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + # Nothing +} diff --git a/hosts/nixos/porthos/secrets/acme/dns-key.age b/hosts/nixos/porthos/secrets/acme/dns-key.age index 97d397c..d7f159e 100644 --- a/hosts/nixos/porthos/secrets/acme/dns-key.age +++ b/hosts/nixos/porthos/secrets/acme/dns-key.age @@ -1,10 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg 0bz3W8QcGaulxy+kDmM717jTthQpFOCwV9HkenFJEyo -NKeh1/JkX4WAWbOjUeKLMbsyCevnDf3a70FfYUav26c --> ssh-ed25519 jPowng Q59ybJMMteOSB6hZ5m6UPP0N2p8jrDSu5vBYwPgGcRw -j420on2jSsfMsv4MDtiOTMIFjaXV7sIsrS+g4iab+68 --> z}.q-grease s2W ssh-ed25519 cKojmg Ec0xt1uJTva8MxUdoTVX5m3uWaIiRlodf345FEM7Uzs +aJIneWFJPB5HVeoUGp57agXih9YeZ6xMEbyQ+zJtWQY +-> ssh-ed25519 jPowng B5XotRgv7s/FUegGhceBj7EoukewNUOIFl4TFRQf1EQ +PgGCBd/Pqwp7ayqi7okHBGF1SfFpwT4KlHJ/np6p2uQ +--- AeLgwGz6k3OABb53cXNaCU/sgI4FlU1s6p8PhAaFOlg +1CԹULfI1Hmb}m šg0`XG>\>8rz+Y`ʢ.JBU!z¸Z50*ٟI] I +ĵo۰g¿tncz[{ +j&NNo{ -eP=L 6.SP:e \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/aria/rpc-token.age b/hosts/nixos/porthos/secrets/aria/rpc-token.age new file mode 100644 index 0000000..e6a42c5 --- /dev/null +++ b/hosts/nixos/porthos/secrets/aria/rpc-token.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 cKojmg fpiyZo1AR5hCfk/KtbgWCTzz+05/VOUnnaHhWgXQRwc +d2w9IX/kq/T6OwQ1zImsCmzIX2yfFD8hQDbs0IW3ZIA +-> ssh-ed25519 jPowng E9R7p9NCubUQrymjnrNfEjSNIIAXrBQLogNkWsOx8xc +MrWEE5LNtOqAjnwA6byfSa1udnbUtqBy4FhdxipuA+g +--- fKgerjgGs+brvNKnrWdpmOadl34LipMT6Msqse2g3E0 +E9flKYRL-Ƿ\EK{7oXGxT)˜6%LOT**8\@G \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/backup/credentials.age b/hosts/nixos/porthos/secrets/backup/credentials.age index b8ea008..63f0d32 100644 Binary files a/hosts/nixos/porthos/secrets/backup/credentials.age and b/hosts/nixos/porthos/secrets/backup/credentials.age differ diff --git a/hosts/nixos/porthos/secrets/backup/password.age b/hosts/nixos/porthos/secrets/backup/password.age index 3af9fbe..db3c2fa 100644 --- a/hosts/nixos/porthos/secrets/backup/password.age +++ b/hosts/nixos/porthos/secrets/backup/password.age @@ -1,8 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg dgS4bezgtDi44R1A8am+J6zh80kUVYTo1heaxJCtzX4 -F3w/62xwtqYa40NU7OvF9pnZzYz/5hACAGJfMA4e2zw --> ssh-ed25519 jPowng lx81CK3yeNp9RjHCUFJeKYZlRzxBmXuADVBvRc13zCI -P7e75t8xU+ZkYmeQ8mmMfyZZsRdG1J8yrvSUkiWzkFQ --> *z4/`-grease S/)a{e sFd";= ---- 15FVhqRTkoPFEeETRRyFQhsv4Fn19Ozlax0u8Zy9mNA -#+vS4}R%ίF4fnDJZA,_ \ No newline at end of file +-> ssh-ed25519 cKojmg O3DMSSPQP9/ehXmzs0xcCGllu7VSzhd6b4Pii8t2vWQ +Ys1nMv2384elWWGW9C8HabvwUeWu52VsQpxx9L/4/dM +-> ssh-ed25519 jPowng ft/9SX5fpG7+7gHMubaFtb+50/gfNgmaofOVq5UjRUE +xMwdFjFdkH0Li+PikaFt0WAZbFUu5daHgkfN8aQQumo +--- 7DVINvXIXdE1MRwIkeajonYsy1cp4HugCxfTeub5SXU +<<{V?fk/I"/5K"(i \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/drone/gitea.age b/hosts/nixos/porthos/secrets/drone/gitea.age index 90ff83b..6b68503 100644 Binary files a/hosts/nixos/porthos/secrets/drone/gitea.age and b/hosts/nixos/porthos/secrets/drone/gitea.age differ diff --git a/hosts/nixos/porthos/secrets/drone/secret.age b/hosts/nixos/porthos/secrets/drone/secret.age index c529200..d6e7330 100644 --- a/hosts/nixos/porthos/secrets/drone/secret.age +++ b/hosts/nixos/porthos/secrets/drone/secret.age @@ -1,9 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg 1+cLlzctgcM0FnVDwMPOAqBkvMcDBRg8SvCw4djI93Y -oV2XI4f1AvM9P591kZZ6NgJXa+SDtqGzCSgc4psOmxM --> ssh-ed25519 jPowng Ufjfh1p350XxRPg95+/DHdmnl4lC0bbzUUlaxd1Bmxc -/RHwFDSn2ov+60r1uHUigrsn99+GmmKmlk4h4T2gbA0 --> *Lc$@-grease -pzVJAHy1qRq3jUrnFV0DDO7/hwV1US4Ogf0RsrVfX0xzbr73uJ003YjieVB25LqN ---- ME7/iVevyiguyhXugbkVFGzJV0yDccyKNlWbEZa/FmY -YXjb2und;i0X]0jLPT~^kc$DrufreOո+p&wϨ \ No newline at end of file +-> ssh-ed25519 cKojmg 0J8FMcVRf78LYG+dTOFzu3luXwhOjdOg0sx4Jxdccj4 +tdrCcfcYbTZYhL18RG3goiqtyhu3NTn+fJhdIAnU5uA +-> ssh-ed25519 jPowng qlF8nkSEg5fZgai0VP5eTSlZOHyj5IcalTf+QNWITVo +O5aiZX0AJD76ixsu6i9xnnFBQANdsu3h6XzdTQ6KtKU +--- ByMQt9bnbzd8YO0Y93FIYF/lmdbYcOydkYdKxpRQujM ++ܢ6JNmq[ Eb1p)vDPL9̀z!߇'Tad5U: [dύRMpzj \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/drone/ssh/private-key.age b/hosts/nixos/porthos/secrets/drone/ssh/private-key.age index 0211701..737777d 100644 Binary files a/hosts/nixos/porthos/secrets/drone/ssh/private-key.age and b/hosts/nixos/porthos/secrets/drone/ssh/private-key.age differ diff --git a/hosts/nixos/porthos/secrets/forgejo/mail-password.age b/hosts/nixos/porthos/secrets/forgejo/mail-password.age new file mode 100644 index 0000000..67ef695 --- /dev/null +++ b/hosts/nixos/porthos/secrets/forgejo/mail-password.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 cKojmg Lhgx43wR8PtAMf5v1eJxKlUBSAoOLdOOn/QaQrwF8zA +jfUCpgNzkHCNTWCqtErDaLMmg1Oy+s9zUra1JLCi+J4 +-> ssh-ed25519 jPowng kSeQ/SmMrzd8ByVu3YHWeZyKmqFZvQSBnDunkB8e6wc +WRmnfrV5xcRXA9t0ZXx6YvbRl0sX4PTrw63VVKX4Ei4 +--- a+LLM1gP9g1AbUapbeeKaS4cEcRBmPo3MHU2DSWTAds +,F6⬘ ix̏e| + +Ϝ,{ v!z$P;TKW + qG \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/gitea/mail-password.age b/hosts/nixos/porthos/secrets/gitea/mail-password.age index 915f8e9..e2e70ac 100644 --- a/hosts/nixos/porthos/secrets/gitea/mail-password.age +++ b/hosts/nixos/porthos/secrets/gitea/mail-password.age @@ -1,9 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 jPowng BkIjie2KrwDLaZYYIguCs7TPA/wQy+YPguikuhfye0M -7viTA/EGYB/jRKQm6fFd86DMd4j+Jxsaw/xQ1T8ZKNo --> ssh-ed25519 cKojmg t1Y8bZvPccNAX8vWQLTfCyOJIBXN515vyfFrEI2EVww -bJEjpIWrKeQrA/JfY7FRdB6hpHwR/aG4Vya1ChFNBKs --> jK/-grease Oz.R ?;)G ], -AuHk9TcC9kl0dg8/L6UfHIk3e9fgGwSTJAJpVgInhok ---- 47z9lol5MtpX0IsO/0ggLDMcNVfl4lNNvoHUSwOU/18 -)gЪeu! - TYAM+GbMe@|A,&E!܆p=P=9P!Q|r \ No newline at end of file +-> ssh-ed25519 cKojmg 46BI3ItrXRWMivmd/K8bmkKlrYFSr8cbehAkmwCskig +gTjYquH1hDEZ2zWD5P7gN/ejTCH8JJb8bC/VLZ3koeg +-> ssh-ed25519 jPowng 5MqfJlasDbbqlI0dX98NZzHxmYmnnpveyBxa4z48V0o +r7Yiv4+SZiDncD0Xzp5eFSP4f2yjGBOILKxEO1iT3Os +--- l43+JtT28i1YDhNX3hE3Qb7swskOBc5ghDqiyh3rU2s ++)PnWT,.eNW YƱkF4#=)6mȵJ# \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/lohr/secret.age b/hosts/nixos/porthos/secrets/lohr/secret.age index fa310b4..1d9c5ba 100644 Binary files a/hosts/nixos/porthos/secrets/lohr/secret.age and b/hosts/nixos/porthos/secrets/lohr/secret.age differ diff --git a/hosts/nixos/porthos/secrets/lohr/ssh-key.age b/hosts/nixos/porthos/secrets/lohr/ssh-key.age index 30a5e25..477a4d1 100644 Binary files a/hosts/nixos/porthos/secrets/lohr/ssh-key.age and b/hosts/nixos/porthos/secrets/lohr/ssh-key.age differ diff --git a/hosts/nixos/porthos/secrets/matrix/mail.age b/hosts/nixos/porthos/secrets/matrix/mail.age index 1fe3a71..94ddf8c 100644 --- a/hosts/nixos/porthos/secrets/matrix/mail.age +++ b/hosts/nixos/porthos/secrets/matrix/mail.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg lmu3MinmydRHD0A/YVRRtopermfoBC8M8cTHfVanY1s -ygrtpZZJ7aeQTblNazpoP7DdifmDxHsE3DFJsIrWX5M --> ssh-ed25519 jPowng X0cihOc+fBtmtrkEivIHQngdYIobezXEF1x+pHqNzAw -/+sw9x1NWY0anZhDMpAywBPrR0F4XCHaF9e8j/Yo/kI --> 32;%1s-grease -JafjuSZty6a4NSO/y4y5wHWL8Mw ---- dwCl66vdpsL0MR5NWWvg3JUnQ2QZQBeW0Dj0l5tvOKY -oi,`#uwW%Poubڭcy8 ><FqKÂk0k/h5势F+u eb>1Q2wnWb֖Bi^xur- /ll-=7;j0I%FiA;YUd]KI0( Ag^uG:pkJ:qWSaLw!M4L/ZD-XUbvbP0f9 J`XO!s{QAcc;4Mچݹ lxH&{}zZ9ûXܓg]V0gtw \ No newline at end of file +-> ssh-ed25519 cKojmg u+5VWUy7eFq4boAIOhuKXZYD4mhczaUAcjz4+coVggA +QlBHHgz7uY3TVgex59yZA0XgsIeHi2WN2S+UleC7bMg +-> ssh-ed25519 jPowng IyeI6WUjF8wxe92xD3xY++4ZqXtY8divB39eLWfAtm8 +eGj8w5X2ydS1LJvNSmo56xzRVoUB0iAKKs2NHX968Yc +--- hsYH9lUl3wIErJmBKzlWV+gIR5v6vgPIcNDgd0hiRGc +@lQsȄףD}^{X)nYJhXhg8wӨǂwy(a.0>|PSlO|E鰀BW_)|x4\_F +Zo0=dtsj[0O+R8id8j +g$x òb흭Xg^G$UB*鲡)[tHav7jD.z+[~ 9z`s,_!^Yʯ2HSŏ*@jZ^v~غ@ \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/matrix/secret.age b/hosts/nixos/porthos/secrets/matrix/secret.age index 539c33e..2c8852d 100644 Binary files a/hosts/nixos/porthos/secrets/matrix/secret.age and b/hosts/nixos/porthos/secrets/matrix/secret.age differ diff --git a/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age b/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age deleted file mode 100644 index d375a35..0000000 --- a/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 cKojmg N182xey8TWRVUWTRP16rT0zlhYZNr/pOZVR7YRnlIkk -HVqAag55z1cKLgjR3WsUj2wvaVjxm169JcDRJGRvCVU --> ssh-ed25519 jPowng Dc+aaUTxDsMTY+oOst0SC3ldq1e6zX8F5A5uBL5RHhc -JWZou6+VaFc5f2OLRIrmFFWg3Er6WSY+TloXU0mP1K8 --> |9_9Aqh%-grease $ X8Mn|5 aKnl' fl ssh-ed25519 cKojmg OdLtFHbHbc28rUn47vgsVvXxFNg9nF+9y9R6XOK390Y -yQQYUPQGjN2+xrSqqBYa7/zS618KrVjX5Amw2MFuSLg --> ssh-ed25519 jPowng NwUjiLtiXVi6XFmht5l1CxEs3gm0oN4vHYwDZyda7Q4 -di6znVjNRO6QdqteVNkeot5Ko2NwWLe6v+zVR3f+o10 --> 4Vx%\(-grease ^^Z>EC91 R 2BJ d48Wip*s -yPiBgChRF31XgxccQFLO3MzRL7+5s29sfRoF3W1yUX6Bu59MpxD4D+n/jhLcxSH/ -CxW7KaiOctNmPm5tWh6qjmgQ+V4bcAji5vo4FKs40l56cfyueEJj+Q ---- WUGF28zqK9E1AlOeeCtSHxFg6ikRy85gOoLtBd4m0y0 -.|rr>12Sɞ.hww q%i *U^)'qO2ӜmQ7m` \ No newline at end of file +-> ssh-ed25519 cKojmg l5lOlGnbvQ4D2kaSj1dd8Xr+btlNbTkT0SxSz02Vr1E +Cjy73yKL1N8LnjRXXLpxX+wIOFCa8wrG44VjXUND1lI +-> ssh-ed25519 jPowng nYHfkP9dRkxu4Fqh8MgrbdZAc8gk+VGDyxIV6RsSeEM +rKKi1NDoKMMzQ+kUs5ZX4zMqRBI0QwGY7q6K/L9+dLI +--- Umv3UCtXlApug7uuqmwbQN38i8Lx9/b0uhLgbc3OdZM +BLs?sӓs2y +R0!<f9txB7dڊ^ɇLJ&W ssh-ed25519 cKojmg zhpo89xef68JoeOFWzhdFshrj2BXXUCFPMLVJzv6EyE -fmJxJi5rmyai9qGwDo7iHg4BrObGre96KCpl+g91O6I --> ssh-ed25519 jPowng INA6EZdy4J1p3QY5mfVOQXiLdOjIDaZR+CZMP+GfkXM -8Nf5soaxY5SEzeJca5kaJkx7ByOvc4NkJVetB7wpEmo --> xjK'w-grease -f5v0cvlt4JbHlAwDOob86qOInWdlN/oohTg ---- NTGv4rr+MhJ/YeZhVHOjoS1V+zCHFf2itJYfK36R+wE -חJ d o'YFU@ -r7_N$>]hq-F۰qX?| ? \ No newline at end of file +-> ssh-ed25519 cKojmg 1hbRAuAGrTy6nmkAq+UWua8weywphZsTIGF68YQEOlQ +92Q7uIKv1EiO73wMh53jrTuEkzP6ziBmX9SWXCl4d3w +-> ssh-ed25519 jPowng aPb9v/S/mLW95Qom+swvasqY878RxpxxOkMJA2wb6nY +qu/dzcqciqKzNc28HqFMHA1XnrJy+/wWgbfM1+BrlkE +--- 8PXOozvZzNZQD2OT4a+0XuIQauzUGSvovdfDugmp+bc +x>禩_C9dT5KzЄqcZɾpใv +) \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/paperless/secret-key.age b/hosts/nixos/porthos/secrets/paperless/secret-key.age index eae5c56..70cb898 100644 --- a/hosts/nixos/porthos/secrets/paperless/secret-key.age +++ b/hosts/nixos/porthos/secrets/paperless/secret-key.age @@ -1,10 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg tZwn2usN6K62oS4vBa6boh9zEp/+cS4chP8boXG6SH4 -Fr3kV8gUDoiDqMxPYWsHyww8umYhQEKhqbVBiVw5NeI --> ssh-ed25519 jPowng wRbJl4G85obH/GluQBBsXE7MOvooEui65eqHfurvuQs -KqVZMBSyHhkayEdwI6ocmA4qhHY9zYJvg1CEKM1SOa0 --> 2E"/OFW-grease o Qp3HFe^ -bGhCNicPqt7txqxUiEWXCFs1OuQLqOqHmjHSqYQv919dqYep/xBXzi/aRf3dsdvh -TCJCTvZG31Qxvikp ---- xKJGbdVp+Z5h0vCBleSF2zYYYd2S5i0y4szNqjRwrDY -T /Ni7m4#MhiPޛ-gI%@E(i7Ygk"+㸠(]o@bާ+[Y"BCR[ >-.4db9v \ No newline at end of file +-> ssh-ed25519 cKojmg r3ZUTfSNcHc1TS2fVtk99Y2xJMMunkwkcR0dQIdiCi4 +LICSnzAaooGy6x4wt0vNM6YtQ4S17QohZNt7lfVrD6Q +-> ssh-ed25519 jPowng KLU68ws4lemr0wWHxm8H8pf1SQAoUZTN4QSPzk2PyHk +6pjH1pI956oaf9ZIHPPq8p3g/mZC5GxWhWkT54Wohf0 +--- cAQbniTwwtTftfXU/dGtA69yF/hh8iB97vHxvkIZMMo +c#=^~?5-wNT̡+!z " Z"2M!p5VjΡѡLyŹ nĊ8zQ+ة9WS0u}YÚ \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/pdf-edit/login.age b/hosts/nixos/porthos/secrets/pdf-edit/login.age new file mode 100644 index 0000000..7f13f88 --- /dev/null +++ b/hosts/nixos/porthos/secrets/pdf-edit/login.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 cKojmg VYlHgHSLpfKb5bn1XA3aCpfX7M23DgbraLxxOfo9PDk +Rj+mDvAsWX3WwpuhTrOubmo17j/aud5+P87df5bosBA +-> ssh-ed25519 jPowng o9ZFaYrITZ6DjWw07Vk/+TkuU187/ytlEK4sw7G32G4 +zmxlpDvDDEgQFqBVARXeX1ABhvfJ4uAHfa6mIxXzjAY +--- k/d9FWW8/OSo8EllwOBV74pZyX918u54jEljGk3ATUc +4+2{hE7!ҭGA`ׁ_@ߗR_6JL4v,6%#^  BOF|7ܽL]jR +B۾as]xS pbo#J1Q=t}5>O{+. M"7ey \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/podgrab/password.age b/hosts/nixos/porthos/secrets/podgrab/password.age index 90e2501..d50dc28 100644 --- a/hosts/nixos/porthos/secrets/podgrab/password.age +++ b/hosts/nixos/porthos/secrets/podgrab/password.age @@ -1,9 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg 8rcBI7fYHuA3jO6EzJNFaAj2niIApKDt1HQEv61AKTs -ANxkIX/CeI7t7Zqp6wmjt/D194Z+xpeiidb+qvYzoQU --> ssh-ed25519 jPowng oruewwTM9X/HjjcmOPcQVdp02rQBlgJPdzvlAffs3T0 -MrO0kaNhjgOkNHuz3NrIMWXNrXOHH9dT/Fk6hoQNKyY --> COK%H7-grease -6yfI90QurOKlM+kgpW8KZ/iBzDYD9yhNmjG1LQ ---- uArz8eHg8sLO0sdlkM6cELFh+FHiI5BrM0+iXJxxiDo -vvNb@FMMY&/%mt֓dh|ߩ8 ڽ9C/ \ No newline at end of file +-> ssh-ed25519 cKojmg bICZUDqk/C2divEZu2lxUDsrtS1inSbDbS8hxJSJfHc +FsfueyP6WCesAu5EcXIxxtvbb8RX09qNTN9GvuhYuTw +-> ssh-ed25519 jPowng Uujsu6c+QTXqCNi6c+zxk5tf0UQcG+Qm/SZF4dzSKCY +RPVNNNauz73A8kWA0VSQiMWCerUkxPoXG2MUrFly3Bc +--- 8h4hGasOwZxk+i5aQfg6AzdA1G4wROhxz2rmM9u41b8 +{Rh=42 yЙjMWQ%X ]JK]F?QK \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/pyload/credentials.age b/hosts/nixos/porthos/secrets/pyload/credentials.age new file mode 100644 index 0000000..089f962 --- /dev/null +++ b/hosts/nixos/porthos/secrets/pyload/credentials.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 cKojmg nJbOfp0/wmFOZLzcWjoGB7wEB8e56aO1NntSmn5KomU +/Vio4Z/t7IPJrdzdwUPidVH3wrouSkwRzNHP0T4z3x0 +-> ssh-ed25519 jPowng QXg/xqs7/VfkYQg3X77w4i53q64bL9oYeTxqb9NVhiQ +sMHIXlmrIxtIr+s0X4lBqev/PPd3AKD5P7AP5K4NeJg +--- gzTn+6+aa4Ptic1lsvSt+r3IEBysHrvMMIyONogMDF0 +ˮUE_ ssh-ed25519 cKojmg bu09lB+fjaPP31cUQZP6EqSPuseucgNK7k9vAS08iS0 ++NGL+b2QD/qGo6hqHvosAXzHZtDvfodmPdcgnrKlD1o +-> ssh-ed25519 jPowng QDCdRBGWhtdvvMCiDH52cZHz1/W7aomhTatZ4+9IKwI +Ou3jjV/O55G1CPgGS33l3eWhhYWrVdwVNPSiE14d5rE +--- q0ssmpG50OX1WaNSInc2hbtH3DbTwQGDU74VGEoMh94 +mCƑ'hK./Xu(g$'M{fK !MZoR՝͟;yb \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age new file mode 100644 index 0000000..e319f3a Binary files /dev/null and b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age differ diff --git a/hosts/nixos/porthos/secrets/sso/ambroisie/password-hash.age b/hosts/nixos/porthos/secrets/sso/ambroisie/password-hash.age index 10d9eaa..efbd945 100644 Binary files a/hosts/nixos/porthos/secrets/sso/ambroisie/password-hash.age and b/hosts/nixos/porthos/secrets/sso/ambroisie/password-hash.age differ diff --git a/hosts/nixos/porthos/secrets/sso/ambroisie/totp-secret.age b/hosts/nixos/porthos/secrets/sso/ambroisie/totp-secret.age index c5ce19b..211bec3 100644 Binary files a/hosts/nixos/porthos/secrets/sso/ambroisie/totp-secret.age and b/hosts/nixos/porthos/secrets/sso/ambroisie/totp-secret.age differ diff --git a/hosts/nixos/porthos/secrets/sso/auth-key.age b/hosts/nixos/porthos/secrets/sso/auth-key.age index 4e05b15..1c12470 100644 Binary files a/hosts/nixos/porthos/secrets/sso/auth-key.age and b/hosts/nixos/porthos/secrets/sso/auth-key.age differ diff --git a/hosts/nixos/porthos/secrets/tandoor-recipes/secret-key.age b/hosts/nixos/porthos/secrets/tandoor-recipes/secret-key.age index 2ec147d..d6db371 100644 Binary files a/hosts/nixos/porthos/secrets/tandoor-recipes/secret-key.age and b/hosts/nixos/porthos/secrets/tandoor-recipes/secret-key.age differ diff --git a/hosts/nixos/porthos/secrets/transmission/credentials.age b/hosts/nixos/porthos/secrets/transmission/credentials.age index 4f407fa..16f90b6 100644 --- a/hosts/nixos/porthos/secrets/transmission/credentials.age +++ b/hosts/nixos/porthos/secrets/transmission/credentials.age @@ -1,10 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg mP2H3PWJN6Pv3q6C2wci3KnXjtFAIiuGy0YH0sGIy2g -f43QqyUQfTYznszub47kgc2Mz95zVScTDkwnG3INi9U --> ssh-ed25519 jPowng fENbu7+FZ1mnQQHQCLm1spLHmsQGlRoJResUJtGzYkY -hX+AqCkLCca6m/aKtGCThi7/mCCz/TZQNJNOlOmlqyA --> J<-grease -n7+CPRr4oazWnE7yzpJN2ZAI4QrGsAerloP4wNeebjQDx8+IxJq1JE0g3Yi0RxzN -chDccuSPLYk45Ov+SD/qqqFZlQ ---- p81HYw3LFj+qz2kiZsDcevM4ZBfvN743P9Jdi7J9XkM -۱S7VBOlEtq_D,PVFp\"AM}g?/\;y Ӛ(SK \ No newline at end of file +-> ssh-ed25519 cKojmg Froxrdh4H2Bsj4X2xicyBXHPRlbkRJAOztoTfzxItSM +FnsLS2QYm8mJUO+c152FieLCFkALxxwQLnY4PAj8zsU +-> ssh-ed25519 jPowng pKl4p02M+U5JsiOnM2wXL5bkPwsI3IHjlTutlvez3zM +NSuOFsyV8JqtTq97lNzacJnJ3YZgWp53XxU3mjUlcMQ +--- 2TK2ViFblmDheaYdat/GF0ze1wVsla1EPLaeRdMM4Gs +ըENܞm›2u~Jubt[$T^2ji@xҸ*İg[MHX!6ezDW]<` XPޛ +q*o$< \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/vikunja/mail.age b/hosts/nixos/porthos/secrets/vikunja/mail.age index 4c83acd..864e5be 100644 Binary files a/hosts/nixos/porthos/secrets/vikunja/mail.age and b/hosts/nixos/porthos/secrets/vikunja/mail.age differ diff --git a/hosts/nixos/porthos/secrets/wireguard/private-key.age b/hosts/nixos/porthos/secrets/wireguard/private-key.age index 4abe1e5..d7e292e 100644 --- a/hosts/nixos/porthos/secrets/wireguard/private-key.age +++ b/hosts/nixos/porthos/secrets/wireguard/private-key.age @@ -1,10 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg +WwRpd2MzycutQFXyLsr2+GzSgF67Z6UuvyqYZaLd3w -sppt8HzaZP3yxnvnhzjl18Trnz8g3VyXJ6CaVBWd7jA --> ssh-ed25519 jPowng wanoqGB7T8bim/WZ4IAYViFQoGzaIZSgeoTr3YKpeTY -ihDAdGa1XVW/qQz40V1v7a7iK7tu0EHMa7ayIogpcRw --> l-grease |PIcZ NIr >0;* -4o8o0bevQZ6uDSx1WxxlDCURbFCM+yK1XPdrb9aztCSvG2a+ne78E42l5rBcoH7I -m51A8uWS4nSj36N/76v6K4kelxKzWUg ---- O6cGbTAVbDcdmPHf7UzfZiyiRtu1yfL4sBI+CkJA1qw -q$`w'SX]?6/N(BNa.H7Ioz/4:sK",7J \ No newline at end of file +-> ssh-ed25519 cKojmg KslHl4v8yCsKZn5TduLgpTfpTi1uOInC9N2e8Ow83FI +NzcJJr8kw1ykAdWRZOeWdNhx0BTgE7FwTKcge+yLJ/w +-> ssh-ed25519 jPowng YGWcOai0A9l2HDZyV0GtD8kEbY/xTUssODFBcseWAkA +nJaHXkipFSHdyektoKV5y1jQrjkvnU7pwZwAymiQm7M +--- IgWkDulol1jRa+pcx7DbEy5pvC+2nrRJHsdQVPvPur0 +Bb<Ōb!E?:=srJCKz5{4`&N057v+1 ++(d{ Q \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/woodpecker/gitea.age b/hosts/nixos/porthos/secrets/woodpecker/gitea.age index e6ede6c..11817ff 100644 Binary files a/hosts/nixos/porthos/secrets/woodpecker/gitea.age and b/hosts/nixos/porthos/secrets/woodpecker/gitea.age differ diff --git a/hosts/nixos/porthos/secrets/woodpecker/secret.age b/hosts/nixos/porthos/secrets/woodpecker/secret.age index 63a4862..89bcb6b 100644 --- a/hosts/nixos/porthos/secrets/woodpecker/secret.age +++ b/hosts/nixos/porthos/secrets/woodpecker/secret.age @@ -1,10 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 jPowng yz0I+AazPmamF7NOnwYNrPE/ArarU01jd2mVDJUPSTY -6Y/YQ7gb8cAZf3zT9SKOorvfUnU7kYff+gHh8fG2mY8 --> ssh-ed25519 cKojmg 0FZU9v8eHsVeE+EoX9Y4IgfIj/8+45waPaSnSDb961I -L6SzJoh5xqai45scoVAa6v9zslBGFYNnZY044d470uQ --> I[G-grease p -AMRQY1alSzHi/PLL80kcvnM1Z9YNfoUo9u5alWXYMyzrRsg+vXjMuBvAXg3fmnzr -wdOowTYMRV+jEG8vzkcQTsv+f7JIyo4DvOOaPyGfWMl1 ---- ih3IAFPcN1JP3FP1vcRGnPrfk91yrnIX0m/Szkbcf7Q -mWr_\)Ͱ]QxMs/݃ݪ6kYxMyJG)i2_'֜HF.g_e5#utՠ7jP'Tޥ8\IWUK1ں9 \ No newline at end of file +-> ssh-ed25519 cKojmg tAW2hbBSxsael6cdbN+vI4h1/PMNrWYct8cppCAasn0 +cex/wBTviSIXc8clNm5PGltTYa1Q5PwqlX4BGsNHiyU +-> ssh-ed25519 jPowng YxfhtpytvuhIARQAaJ0w94aOZiGNUOBR0pF+Sp80D2k +nMon/VdYUQTs6LFccDGeIKWeNYib1wwtFmEYZkDZxg0 +--- giL477X0+uZ2Ocvbixt5f5kNc1laj5P79oW8P9XsNP0 +d>cE?nbv_'2յ_6Pu:usE8ϓxuڶ̪x̧C[ .6 qJ5GK)N builtins.elem type allowedClass; + message = '' + `type` specialArgs must be one of ${allowedClassString}. + ''; + } + ]; + }; +} diff --git a/modules/common/profiles/bluetooth/default.nix b/modules/common/profiles/bluetooth/default.nix new file mode 100644 index 0000000..744864e --- /dev/null +++ b/modules/common/profiles/bluetooth/default.nix @@ -0,0 +1,19 @@ +{ config, lib, _class, ... }: +let + cfg = config.my.profiles.bluetooth; +in +{ + options.my.profiles.bluetooth = with lib; { + enable = mkEnableOption "bluetooth profile"; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + (lib.optionalAttrs (_class == "home") { + my.home.bluetooth.enable = true; + }) + + (lib.optionalAttrs (_class == "nixos") { + my.hardware.bluetooth.enable = true; + }) + ]); +} diff --git a/modules/common/profiles/default.nix b/modules/common/profiles/default.nix new file mode 100644 index 0000000..0421dde --- /dev/null +++ b/modules/common/profiles/default.nix @@ -0,0 +1,25 @@ +# Configuration that spans across system and home, or are almagations of modules +{ config, lib, type, ... }: +{ + imports = [ + ./bluetooth + ./devices + ./gtk + ./laptop + ./wm + ./x + ]; + + config = lib.mkMerge [ + # Transparently enable home-manager profiles as well + (lib.optionalAttrs (type != "home") { + home-manager.users.${config.my.user.name} = { + config = { + my = { + inherit (config.my) profiles; + }; + }; + }; + }) + ]; +} diff --git a/modules/common/profiles/devices/default.nix b/modules/common/profiles/devices/default.nix new file mode 100644 index 0000000..224004a --- /dev/null +++ b/modules/common/profiles/devices/default.nix @@ -0,0 +1,22 @@ +{ config, lib, _class, ... }: +let + cfg = config.my.profiles.devices; +in +{ + options.my.profiles.devices = with lib; { + enable = mkEnableOption "devices profile"; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + (lib.optionalAttrs (_class == "nixos") { + my.hardware = { + ergodox.enable = true; + + trackball.enable = true; + }; + + # MTP devices auto-mount via file explorers + services.gvfs.enable = true; + }) + ]); +} diff --git a/modules/common/profiles/gtk/default.nix b/modules/common/profiles/gtk/default.nix new file mode 100644 index 0000000..e312417 --- /dev/null +++ b/modules/common/profiles/gtk/default.nix @@ -0,0 +1,21 @@ +{ config, lib, _class, ... }: +let + cfg = config.my.profiles.gtk; +in +{ + options.my.profiles.gtk = with lib; { + enable = mkEnableOption "gtk profile"; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + (lib.optionalAttrs (_class == "home") { + # GTK theme configuration + my.home.gtk.enable = true; + }) + + (lib.optionalAttrs (_class == "nixos") { + # Allow setting GTK configuration using home-manager + programs.dconf.enable = true; + }) + ]); +} diff --git a/modules/common/profiles/laptop/default.nix b/modules/common/profiles/laptop/default.nix new file mode 100644 index 0000000..a469f0e --- /dev/null +++ b/modules/common/profiles/laptop/default.nix @@ -0,0 +1,27 @@ +{ config, lib, _class, ... }: +let + cfg = config.my.profiles.laptop; +in +{ + options.my.profiles.laptop = with lib; { + enable = mkEnableOption "laptop profile"; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + (lib.optionalAttrs (_class == "home") { + # Enable battery notifications + my.home.power-alert.enable = true; + }) + + (lib.optionalAttrs (_class == "nixos") { + # Enable touchpad support + services.libinput.enable = true; + + # Enable TLP power management + my.services.tlp.enable = true; + + # Enable upower power management + my.hardware.upower.enable = true; + }) + ]); +} diff --git a/modules/common/profiles/wm/default.nix b/modules/common/profiles/wm/default.nix new file mode 100644 index 0000000..4fd81b9 --- /dev/null +++ b/modules/common/profiles/wm/default.nix @@ -0,0 +1,38 @@ +{ config, lib, _class, ... }: +let + cfg = config.my.profiles.wm; + + applyWm = wm: configs: lib.mkIf (cfg.windowManager == wm) (lib.my.merge configs); +in +{ + options.my.profiles.wm = with lib; { + windowManager = mkOption { + type = with types; nullOr (enum [ "i3" ]); + default = null; + example = "i3"; + description = "Which window manager to use"; + }; + }; + + config = lib.mkMerge [ + (applyWm "i3" [ + (lib.optionalAttrs (_class == "home") { + # i3 settings + my.home.wm.windowManager = "i3"; + # Screenshot tool + my.home.flameshot.enable = true; + # Auto disk mounter + my.home.udiskie.enable = true; + }) + + (lib.optionalAttrs (_class == "nixos") { + # Enable i3 + services.xserver.windowManager.i3.enable = true; + # udiskie fails if it can't find this dbus service + services.udisks2.enable = true; + # Ensure i3lock can actually unlock the session + security.pam.services.i3lock.enable = true; + }) + ]) + ]; +} diff --git a/modules/common/profiles/x/default.nix b/modules/common/profiles/x/default.nix new file mode 100644 index 0000000..3f32edc --- /dev/null +++ b/modules/common/profiles/x/default.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, _class, ... }: +let + cfg = config.my.profiles.x; +in +{ + options.my.profiles.x = with lib; { + enable = mkEnableOption "X profile"; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + (lib.optionalAttrs (_class == "home") { + # X configuration + my.home.x.enable = true; + }) + + (lib.optionalAttrs (_class == "nixos") { + # Enable the X11 windowing system. + services.xserver.enable = true; + # Nice wallpaper + services.xserver.displayManager.lightdm.background = + let + wallpapers = "${pkgs.plasma5Packages.plasma-workspace-wallpapers}/share/wallpapers"; + in + "${wallpapers}/summer_1am/contents/images/2560x1600.jpg"; + }) + ]); +} diff --git a/modules/home/atuin/default.nix b/modules/home/atuin/default.nix index 19a6fb9..dbd9690 100644 --- a/modules/home/atuin/default.nix +++ b/modules/home/atuin/default.nix @@ -1,15 +1,27 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let cfg = config.my.home.atuin; in { options.my.home.atuin = with lib; { enable = my.mkDisableOption "atuin configuration"; + + # I want the full experience by default + package = mkPackageOption pkgs "atuin" { }; + + daemon = { + enable = my.mkDisableOption "atuin daemon"; + }; }; config = lib.mkIf cfg.enable { programs.atuin = { enable = true; + inherit (cfg) package; + + daemon = lib.mkIf cfg.daemon.enable { + enable = true; + }; flags = [ # I *despise* this hijacking of the up key, even though I use Ctrl-p @@ -17,6 +29,8 @@ in ]; settings = { + # Reasonable date format + dialect = "uk"; # The package is managed by Nix update_check = false; # I don't care for the fancy display @@ -25,6 +39,8 @@ in search_mode = "skim"; # Show long command lines at the bottom show_preview = true; + # I like being able to edit my commands + enter_accept = false; }; }; }; diff --git a/modules/home/bitwarden/default.nix b/modules/home/bitwarden/default.nix index c709f7b..0c0dfab 100644 --- a/modules/home/bitwarden/default.nix +++ b/modules/home/bitwarden/default.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let cfg = config.my.home.bitwarden; in @@ -6,12 +6,7 @@ in options.my.home.bitwarden = with lib; { enable = my.mkDisableOption "bitwarden configuration"; - pinentry = mkOption { - type = types.str; - default = "tty"; - example = "gtk2"; - description = "Which pinentry interface to use"; - }; + pinentry = mkPackageOption pkgs "pinentry" { default = [ "pinentry-tty" ]; }; }; config = lib.mkIf cfg.enable { diff --git a/modules/home/calibre/default.nix b/modules/home/calibre/default.nix index 6edf654..de7c126 100644 --- a/modules/home/calibre/default.nix +++ b/modules/home/calibre/default.nix @@ -5,11 +5,13 @@ in { options.my.home.calibre = with lib; { enable = mkEnableOption "calibre configuration"; + + package = mkPackageOption pkgs "calibre" { }; }; config = lib.mkIf cfg.enable { home.packages = with pkgs; [ - calibre + cfg.package ]; }; } diff --git a/modules/home/default.nix b/modules/home/default.nix index 4dcfc35..1c40377 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -8,6 +8,7 @@ ./bluetooth ./calibre ./comma + ./delta ./dircolors ./direnv ./discord @@ -39,6 +40,7 @@ ./tmux ./udiskie ./vim + ./wget ./wm ./x ./xdg @@ -49,9 +51,6 @@ # First sane reproducible version home.stateVersion = "20.09"; - # Who am I? - home.username = "ambroisie"; - # Start services automatically systemd.user.startServices = "sd-switch"; } diff --git a/modules/home/delta/default.nix b/modules/home/delta/default.nix new file mode 100644 index 0000000..58ee031 --- /dev/null +++ b/modules/home/delta/default.nix @@ -0,0 +1,68 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.my.home.delta; +in +{ + options.my.home.delta = with lib; { + enable = my.mkDisableOption "delta configuration"; + + package = mkPackageOption pkgs "delta" { }; + + git = { + enable = my.mkDisableOption "git integration"; + }; + }; + + config = lib.mkIf cfg.enable { + assertions = [ + { + # For its configuration + assertion = cfg.enable -> cfg.git.enable; + message = '' + `config.my.home.delta` must enable `config.my.home.delta.git` to be + properly configured. + ''; + } + { + assertion = cfg.enable -> config.programs.git.enable; + message = '' + `config.my.home.delta` relies on `config.programs.git` to be + enabled. + ''; + } + ]; + + home.packages = [ cfg.package ]; + + programs.git = lib.mkIf cfg.git.enable { + delta = { + enable = true; + inherit (cfg) package; + + options = { + features = "diff-highlight decorations"; + + # Less jarring style for `diff-highlight` emulation + diff-highlight = { + minus-style = "red"; + minus-non-emph-style = "red"; + minus-emph-style = "bold red 52"; + + plus-style = "green"; + plus-non-emph-style = "green"; + plus-emph-style = "bold green 22"; + + whitespace-error-style = "reverse red"; + }; + + # Personal preference for easier reading + decorations = { + commit-style = "raw"; # Do not recolor meta information + keep-plus-minus-markers = true; + paging = "always"; + }; + }; + }; + }; + }; +} diff --git a/modules/home/direnv/default.nix b/modules/home/direnv/default.nix index 93a1f3b..67beb62 100644 --- a/modules/home/direnv/default.nix +++ b/modules/home/direnv/default.nix @@ -7,9 +7,9 @@ in enable = my.mkDisableOption "direnv configuration"; defaultFlake = mkOption { - type = types.str; - default = "pkgs"; - example = "nixpkgs"; + type = with types; nullOr str; + default = null; + example = "pkgs"; description = '' Which flake from the registry should be used for use pkgs by default. @@ -39,7 +39,7 @@ in in lib.my.genAttrs' files linkLibFile; - home.sessionVariables = { + home.sessionVariables = lib.mkIf (cfg.defaultFlake != null) { DIRENV_DEFAULT_FLAKE = cfg.defaultFlake; }; }; diff --git a/modules/home/direnv/lib/android.sh b/modules/home/direnv/lib/android.sh index fa2f856..9344aea 100644 --- a/modules/home/direnv/lib/android.sh +++ b/modules/home/direnv/lib/android.sh @@ -1,4 +1,4 @@ -#shellcheck shell=bash +# shellcheck shell=bash # shellcheck disable=2155 use_android() { @@ -32,10 +32,16 @@ use_android() { -b|--build-tools) build_tools_version="$2" shift 2 + if ! [ -e "$ANDROID_HOME/build-tools/$build_tools_version" ]; then + log_error "use_android: build-tools version '$build_tools_version' does not exist" + fi ;; -n|--ndk) ndk_version="$2" shift 2 + if ! [ -e "$ANDROID_HOME/ndk/$ndk_version" ]; then + log_error "use_android: NDK version '$ndk_version' does not exist" + fi ;; --) shift diff --git a/modules/home/direnv/lib/nix.sh b/modules/home/direnv/lib/nix.sh index a65eb31..4b6c547 100644 --- a/modules/home/direnv/lib/nix.sh +++ b/modules/home/direnv/lib/nix.sh @@ -1,4 +1,4 @@ -#shellcheck shell=bash +# shellcheck shell=bash use_pkgs() { if ! has nix; then diff --git a/modules/home/direnv/lib/postgres.sh b/modules/home/direnv/lib/postgres.sh index c2e6a8f..46e171d 100644 --- a/modules/home/direnv/lib/postgres.sh +++ b/modules/home/direnv/lib/postgres.sh @@ -1,4 +1,4 @@ -#shellcheck shell=bash +# shellcheck shell=bash layout_postgres() { if ! has postgres || ! has initdb; then diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh index 15a273f..b1be8a9 100644 --- a/modules/home/direnv/lib/python.sh +++ b/modules/home/direnv/lib/python.sh @@ -1,4 +1,4 @@ -#shellcheck shell=bash +# shellcheck shell=bash layout_poetry() { if ! has poetry; then @@ -9,12 +9,12 @@ layout_poetry() { if [[ ! -f pyproject.toml ]]; then # shellcheck disable=2016 - log_error 'layout_poetry: no pyproject.toml found. Use `poetry new` or `poetry init` to create one first' + log_error 'layout_poetry: no pyproject.toml found. Use `poetry init` to create one first' return 1 fi # create venv if it doesn't exist - poetry run true + poetry run -q -- true # shellcheck disable=2155 export VIRTUAL_ENV=$(poetry env info --path) @@ -23,3 +23,35 @@ layout_poetry() { watch_file pyproject.toml watch_file poetry.lock } + +layout_uv() { + if ! has uv; then + # shellcheck disable=2016 + log_error 'layout_uv: `uv` is not in PATH' + return 1 + fi + + if [[ ! -f pyproject.toml ]]; then + # shellcheck disable=2016 + log_error 'layout_uv: no pyproject.toml found. Use `uv init` to create one first' + return 1 + fi + + local default_venv="$PWD/.venv" + : "${VIRTUAL_ENV:=$default_venv}" + + # Use non-default venv path if required + if [ "$VIRTUAL_ENV" != "$default_venv" ]; then + export UV_PROJECT_ENVIRONMENT="$VIRTUAL_ENV" + fi + + # create venv if it doesn't exist + uv venv -q --allow-existing + + export VIRTUAL_ENV + export UV_ACTIVE=1 + PATH_add "$VIRTUAL_ENV/bin" + watch_file pyproject.toml + watch_file uv.lock + watch_file .python-version +} diff --git a/modules/home/discord/default.nix b/modules/home/discord/default.nix index 7348bb4..bfa5d40 100644 --- a/modules/home/discord/default.nix +++ b/modules/home/discord/default.nix @@ -7,11 +7,13 @@ in { options.my.home.discord = with lib; { enable = mkEnableOption "discord configuration"; + + package = mkPackageOption pkgs "discord" { }; }; config = lib.mkIf cfg.enable { home.packages = with pkgs; [ - discord + cfg.package ]; xdg.configFile."discord/settings.json".source = diff --git a/modules/home/firefox/default.nix b/modules/home/firefox/default.nix index 02c74f2..6346dc9 100644 --- a/modules/home/firefox/default.nix +++ b/modules/home/firefox/default.nix @@ -61,19 +61,21 @@ in "ui.systemUsesDarkTheme" = true; # Dark mode }; - extensions = with pkgs.nur.repos.rycee.firefox-addons; ([ - bitwarden - consent-o-matic - form-history-control - reddit-comment-collapser - reddit-enhancement-suite - refined-github - sponsorblock - ublock-origin - ] - ++ lib.optional (cfg.tridactyl.enable) tridactyl - ++ lib.optional (cfg.ff2mpv.enable) ff2mpv - ); + extensions = { + packages = with pkgs.nur.repos.rycee.firefox-addons; ([ + bitwarden + consent-o-matic + form-history-control + reddit-comment-collapser + reddit-enhancement-suite + refined-github + sponsorblock + ublock-origin + ] + ++ lib.optional (cfg.tridactyl.enable) tridactyl + ++ lib.optional (cfg.ff2mpv.enable) ff2mpv + ); + }; }; }; }; diff --git a/modules/home/firefox/tridactyl/default.nix b/modules/home/firefox/tridactyl/default.nix index 35b58c2..26ddfad 100644 --- a/modules/home/firefox/tridactyl/default.nix +++ b/modules/home/firefox/tridactyl/default.nix @@ -12,9 +12,7 @@ let in { config = lib.mkIf cfg.enable { - xdg.configFile."tridactyl/tridactylrc".source = pkgs.substituteAll { - src = ./tridactylrc; - + xdg.configFile."tridactyl/tridactylrc".source = pkgs.replaceVars ./tridactylrc { editorcmd = lib.concatStringsSep " " [ # Use my configured terminal term diff --git a/modules/home/firefox/tridactyl/tridactylrc b/modules/home/firefox/tridactyl/tridactylrc index 0401292..775719c 100644 --- a/modules/home/firefox/tridactyl/tridactylrc +++ b/modules/home/firefox/tridactyl/tridactylrc @@ -4,7 +4,7 @@ " Use dark color scheme colorscheme dark -" Make tridactyl open Vim in my prefered terminal +" Make tridactyl open Vim in my preferred terminal set editorcmd @editorcmd@ " Remove editor file after use @@ -15,8 +15,8 @@ bind --mode=input editor_rm " Binds {{{ " Reddit et al. {{{ -" Toggle comments on Reddit, Hacker News, Lobste.rs -bind ;c hint -Jc [class*="expand"],[class*="togg"],[class="comment_folder"] +" Toggle comments on Reddit, Hacker News, Lobste.rs, LWN +bind ;c hint -Jc [class*="expand"],[class*="togg"],[class="comment_folder"],[class="CommentTitle"] " Make `gu` take me back to subreddit from comments bindurl reddit.com gu urlparent 3 @@ -26,8 +26,8 @@ bindurl www.google.com f hint -Jc #search a bindurl www.google.com F hint -Jbc #search a " Only hint search results on DuckDuckGo -bindurl ^https://duckduckgo.com f hint -Jc [data-testid="result-title-a"] -bindurl ^https://duckduckgo.com F hint -Jbc [data-testid="result-title-a"] +bindurl ^https://duckduckgo.com f hint -Jc [data-testid="result"] +bindurl ^https://duckduckgo.com F hint -Jbc [data-testid="result"] " Only hint item pages on Hacker News bindurl news.ycombinator.com ;f hint -Jc .age > a @@ -69,8 +69,6 @@ unbind " Redirections {{{ " Always redirect Reddit to the old site autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old") -" Use a better Twitter front-end -autocmd DocStart ^http(s?)://twitter.com js tri.excmds.urlmodify("-t", "twitter.com", "nitter.net") " }}} " Disabled websites {{{ diff --git a/modules/home/gdb/default.nix b/modules/home/gdb/default.nix index ab51938..1ffc6bd 100644 --- a/modules/home/gdb/default.nix +++ b/modules/home/gdb/default.nix @@ -6,27 +6,29 @@ in options.my.home.gdb = with lib; { enable = my.mkDisableOption "gdb configuration"; + package = mkPackageOption pkgs "gdb" { }; + rr = { enable = my.mkDisableOption "rr configuration"; - package = mkOption { - type = types.package; - default = pkgs.rr; - defaultText = literalExample "pkgs.rr"; - description = '' - Package providing rr - ''; - }; + package = mkPackageOption pkgs "rr" { }; }; }; config = lib.mkIf cfg.enable (lib.mkMerge [ { home.packages = with pkgs; [ - gdb + cfg.package ]; - xdg.configFile."gdb/gdbinit".source = ./gdbinit; + xdg = { + configFile."gdb/gdbinit".source = ./gdbinit; + stateFile."gdb/.keep".text = ""; + }; + + home.sessionVariables = { + GDBHISTFILE = "${config.xdg.stateHome}/gdb/gdb_history"; + }; } (lib.mkIf cfg.rr.enable { diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index 9c10257..ca59a5f 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -42,34 +42,6 @@ in lfs.enable = true; - delta = { - enable = true; - - options = { - features = "diff-highlight decorations"; - - # Less jarring style for `diff-highlight` emulation - diff-highlight = { - minus-style = "red"; - minus-non-emph-style = "red"; - minus-emph-style = "bold red 52"; - - plus-style = "green"; - plus-non-emph-style = "green"; - plus-emph-style = "bold green 22"; - - whitespace-error-style = "reverse red"; - }; - - # Personal preference for easier reading - decorations = { - commit-style = "raw"; # Do not recolor meta information - keep-plus-minus-markers = true; - paging = "always"; - }; - }; - }; - # There's more extraConfig = { # Makes it a bit more readable @@ -123,11 +95,6 @@ in defaultBranch = "main"; }; - # Local configuration, not-versioned - include = { - path = "config.local"; - }; - merge = { conflictStyle = "zdiff3"; }; @@ -148,6 +115,10 @@ in autoStash = true; }; + rerere = { + enabled = true; + }; + url = { "git@git.belanyi.fr:" = { insteadOf = "https://git.belanyi.fr/"; @@ -163,8 +134,8 @@ in }; }; - # Multiple identities - includes = [ + includes = lib.mkAfter [ + # Multiple identities { condition = "gitdir:~/git/EPITA/"; contents = { @@ -183,6 +154,10 @@ in }; }; } + # Local configuration, not-versioned + { + path = "config.local"; + } ]; ignores = diff --git a/modules/home/gpg/default.nix b/modules/home/gpg/default.nix index 7eadf48..2a00baf 100644 --- a/modules/home/gpg/default.nix +++ b/modules/home/gpg/default.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let cfg = config.my.home.gpg; in @@ -6,12 +6,7 @@ in options.my.home.gpg = with lib; { enable = my.mkDisableOption "gpg configuration"; - pinentry = mkOption { - type = types.str; - default = "tty"; - example = "gtk2"; - description = "Which pinentry interface to use"; - }; + pinentry = mkPackageOption pkgs "pinentry" { default = [ "pinentry-tty" ]; }; }; config = lib.mkIf cfg.enable { @@ -22,7 +17,7 @@ in services.gpg-agent = { enable = true; enableSshSupport = true; # One agent to rule them all - pinentryFlavor = cfg.pinentry; + pinentry.package = cfg.pinentry; extraConfig = '' allow-loopback-pinentry ''; diff --git a/modules/home/gtk/default.nix b/modules/home/gtk/default.nix index 62d3f81..f10087d 100644 --- a/modules/home/gtk/default.nix +++ b/modules/home/gtk/default.nix @@ -21,12 +21,12 @@ in }; iconTheme = { - package = pkgs.gnome.gnome-themes-extra; + package = pkgs.gnome-themes-extra; name = "Adwaita"; }; theme = { - package = pkgs.gnome.gnome-themes-extra; + package = pkgs.gnome-themes-extra; name = "Adwaita"; }; }; diff --git a/modules/home/jq/default.nix b/modules/home/jq/default.nix index 57e266f..53e5986 100644 --- a/modules/home/jq/default.nix +++ b/modules/home/jq/default.nix @@ -17,6 +17,7 @@ in strings = "0;32"; arrays = "1;39"; objects = "1;39"; + objectKeys = "1;34"; }; }; } diff --git a/modules/home/mail/accounts/default.nix b/modules/home/mail/accounts/default.nix index e7663d8..5216ad5 100644 --- a/modules/home/mail/accounts/default.nix +++ b/modules/home/mail/accounts/default.nix @@ -18,8 +18,6 @@ let himalaya = { enable = cfg.himalaya.enable; # FIXME: try to actually configure it at some point - backend = "imap"; - sender = "smtp"; }; msmtp = { @@ -28,20 +26,7 @@ let }; migaduConfig = { - imap = { - host = "imap.migadu.com"; - port = 993; - tls = { - enable = true; - }; - }; - smtp = { - host = "smtp.migadu.com"; - port = 465; - tls = { - enable = true; - }; - }; + flavor = "migadu.com"; }; gmailConfig = { @@ -60,7 +45,7 @@ in { config.accounts.email.accounts = { personal = lib.mkMerge [ - # Common configuraton + # Common configuration (mkConfig { domain = "belanyi.fr"; address = "bruno"; @@ -72,7 +57,7 @@ in ]; gmail = lib.mkMerge [ - # Common configuraton + # Common configuration (mkConfig { domain = "gmail.com"; address = "brunobelanyi"; diff --git a/modules/home/mpv/default.nix b/modules/home/mpv/default.nix index 931c252..8af394c 100644 --- a/modules/home/mpv/default.nix +++ b/modules/home/mpv/default.nix @@ -13,6 +13,7 @@ in scripts = [ pkgs.mpvScripts.mpris # Allow controlling using media keys + pkgs.mpvScripts.mpv-cheatsheet # Show some simple mappings on '?' pkgs.mpvScripts.uosc # Nicer UI ]; }; diff --git a/modules/home/nix/default.nix b/modules/home/nix/default.nix index 9ccbdc5..c67cc6a 100644 --- a/modules/home/nix/default.nix +++ b/modules/home/nix/default.nix @@ -12,7 +12,7 @@ let # Use pinned nixpkgs when using `nix run pkgs#` pkgs = inputs.nixpkgs; } - (lib.optionalAttrs cfg.overrideNixpkgs { + (lib.optionalAttrs cfg.inputs.overrideNixpkgs { # ... And with `nix run nixpkgs#` nixpkgs = inputs.nixpkgs; }) @@ -22,20 +22,30 @@ in options.my.home.nix = with lib; { enable = my.mkDisableOption "nix configuration"; - linkInputs = my.mkDisableOption "link inputs to `$XDG_CONFIG_HOME/nix/inputs`"; + gc = { + enable = my.mkDisableOption "nix GC configuration"; + }; - addToRegistry = my.mkDisableOption "add inputs and self to registry"; + cache = { + selfHosted = my.mkDisableOption "self-hosted cache"; + }; - addToNixPath = my.mkDisableOption "add inputs and self to nix path"; + inputs = { + link = my.mkDisableOption "link inputs to `$XDG_CONFIG_HOME/nix/inputs/`"; - overrideNixpkgs = my.mkDisableOption "point nixpkgs to pinned system version"; + addToRegistry = my.mkDisableOption "add inputs and self to registry"; + + addToNixPath = my.mkDisableOption "add inputs and self to nix path"; + + overrideNixpkgs = my.mkDisableOption "point nixpkgs to pinned system version"; + }; }; config = lib.mkIf cfg.enable (lib.mkMerge [ { assertions = [ { - assertion = cfg.addToNixPath -> cfg.linkInputs; + assertion = cfg.inputs.addToNixPath -> cfg.inputs.link; message = '' enabling `my.home.nix.addToNixPath` needs to have `my.home.nix.linkInputs = true` @@ -54,7 +64,37 @@ in }; } - (lib.mkIf cfg.addToRegistry { + (lib.mkIf cfg.gc.enable { + nix.gc = { + automatic = true; + + # Every week, with some wiggle room + frequency = "weekly"; + randomizedDelaySec = "10min"; + + # Use a persistent timer for e.g: laptops + persistent = true; + + # Delete old profiles automatically after 15 days + options = "--delete-older-than 15d"; + }; + }) + + (lib.mkIf cfg.cache.selfHosted { + nix = { + settings = { + extra-substituters = [ + "https://cache.belanyi.fr/" + ]; + + extra-trusted-public-keys = [ + "cache.belanyi.fr:LPhrTqufwfxTceg1nRWueDWf7/2zSVY9K00pq2UI7tw=" + ]; + }; + }; + }) + + (lib.mkIf cfg.inputs.addToRegistry { nix.registry = let makeEntry = v: { flake = v; }; @@ -63,7 +103,7 @@ in makeEntries channels; }) - (lib.mkIf cfg.linkInputs { + (lib.mkIf cfg.inputs.link { xdg.configFile = let makeLink = n: v: { @@ -75,8 +115,8 @@ in makeLinks channels; }) - (lib.mkIf cfg.addToNixPath { - home.sessionVariables.NIX_PATH = "${config.xdg.configHome}/nix/inputs\${NIX_PATH:+:$NIX_PATH}"; + (lib.mkIf cfg.inputs.addToNixPath { + nix.nixPath = [ "${config.xdg.configHome}/nix/inputs" ]; }) ]); } diff --git a/modules/home/packages/default.nix b/modules/home/packages/default.nix index 1362a06..43f7111 100644 --- a/modules/home/packages/default.nix +++ b/modules/home/packages/default.nix @@ -1,6 +1,7 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, osConfig, ... }: let cfg = config.my.home.packages; + useGlobalPkgs = osConfig.home-manager.useGlobalPkgs or false; in { options.my.home.packages = with lib; { @@ -26,9 +27,10 @@ in fd file ripgrep + tree ] ++ cfg.additionalPackages); - nixpkgs.config = { + nixpkgs.config = lib.mkIf (!useGlobalPkgs) { inherit (cfg) allowAliases allowUnfree; }; }; diff --git a/modules/home/pager/default.nix b/modules/home/pager/default.nix index aa72587..e84dcb7 100644 --- a/modules/home/pager/default.nix +++ b/modules/home/pager/default.nix @@ -15,7 +15,12 @@ in # Clear the screen on start and exit LESS = "-R -+X -c"; # Better XDG compliance - LESSHISTFILE = "${config.xdg.dataHome}/less/history"; + LESSHISTFILE = "${config.xdg.stateHome}/less/history"; }; + + xdg.configFile."lesskey".text = '' + # Quit without clearing the screen on `Q` + Q toggle-option -!^Predraw-on-quit\nq + ''; }; } diff --git a/modules/home/secrets/github/token.age b/modules/home/secrets/github/token.age index 1d36ccd..3e8bb5a 100644 Binary files a/modules/home/secrets/github/token.age and b/modules/home/secrets/github/token.age differ diff --git a/modules/home/secrets/secrets.nix b/modules/home/secrets/secrets.nix index f474342..27cdb4e 100644 --- a/modules/home/secrets/secrets.nix +++ b/modules/home/secrets/secrets.nix @@ -1,6 +1,6 @@ # Common secrets let - keys = import ../../keys; + keys = import ../../../keys; all = builtins.attrValues keys.users; in diff --git a/modules/home/ssh/default.nix b/modules/home/ssh/default.nix index 674cf6a..748b195 100644 --- a/modules/home/ssh/default.nix +++ b/modules/home/ssh/default.nix @@ -49,7 +49,7 @@ in }; porthos = { - hostname = "91.121.177.163"; + hostname = "37.187.146.15"; identityFile = "~/.ssh/shared_rsa"; user = "ambroisie"; }; diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 08aeb55..82ceb3a 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -5,6 +5,14 @@ let config.my.home.x.enable (config.my.home.wm.windowManager != null) ]; + + mkTerminalFeature = opt: flag: + let + mkFlag = term: ''set -as terminal-features ",${term}:${flag}"''; + enabledTerminals = lib.filterAttrs (_: v: v.${opt}) cfg.terminalFeatures; + terminals = lib.attrNames enabledTerminals; + in + lib.concatMapStringsSep "\n" mkFlag terminals; in { options.my.home.tmux = with lib; { @@ -12,16 +20,24 @@ in enablePassthrough = mkEnableOption "tmux DCS passthrough sequence"; - trueColorTerminals = mkOption { - type = with types; listOf str; - default = lib.my.nullableToList config.my.home.terminal.program; - defaultText = '' - `[ config.my.home.terminal.program ]` if it is non-null, otherwise an - empty list. + enableResurrect = mkEnableOption "tmux-resurrect plugin"; + + terminalFeatures = mkOption { + type = with types; attrsOf (submodule { + options = { + hyperlinks = my.mkDisableOption "hyperlinks through OSC8"; + + trueColor = my.mkDisableOption "24-bit (RGB) color support"; + }; + }); + + default = { ${config.my.home.terminal.program} = { }; }; + defaultText = literalExpression '' + { ''${config.my.home.terminal.program} = { }; }; ''; - example = [ "xterm-256color" ]; + example = { xterm-256color = { }; }; description = '' - $TERM values which should be considered to always support 24-bit color. + $TERM values which should be considered to have additional features. ''; }; }; @@ -32,10 +48,13 @@ in keyMode = "vi"; # Home-row keys and other niceties clock24 = true; # I'm one of those heathens escapeTime = 0; # Let vim do its thing instead - historyLimit = 50000; # Bigger buffer + historyLimit = 100000; # Bigger buffer + mouse = false; # I dislike mouse support + focusEvents = true; # Report focus events terminal = "tmux-256color"; # I want accurate termcap info + aggressiveResize = true; # Automatic resize when switching client size - plugins = with pkgs.tmuxPlugins; [ + plugins = with pkgs.tmuxPlugins; builtins.filter (attr: attr != { }) [ # Open high-lighted files in copy mode open # Better pane management @@ -63,9 +82,23 @@ in set -g status-right '#{prefix_highlight} %a %Y-%m-%d %H:%M' ''; } + # Resurrect sessions + (lib.optionalAttrs cfg.enableResurrect { + plugin = resurrect; + extraConfig = '' + set -g @resurrect-dir '${config.xdg.stateHome}/tmux/resurrect' + ''; + }) ]; extraConfig = '' + # Refresh configuration + bind-key -N "Source tmux.conf" R source-file ${config.xdg.configHome}/tmux/tmux.conf \; display-message "Sourced tmux.conf!" + + # Accept sloppy Ctrl key when switching windows, on top of default mapping + bind-key -N "Select the previous window" C-p previous-window + bind-key -N "Select the next window" C-n next-window + # Better vim mode bind-key -T copy-mode-vi 'v' send -X begin-selection ${ @@ -89,13 +122,10 @@ in '' } + # Force OSC8 hyperlinks for each relevant $TERM + ${mkTerminalFeature "hyperlinks" "hyperlinks"} # Force 24-bit color for each relevant $TERM - ${ - let - mkTcFlag = term: ''set -as terminal-features ",${term}:RGB"''; - in - lib.concatMapStringsSep "\n" mkTcFlag cfg.trueColorTerminals - } + ${mkTerminalFeature "trueColor" "RGB"} ''; }; } diff --git a/modules/home/vim/after/ftplugin/gn.vim b/modules/home/vim/after/ftplugin/gn.vim new file mode 100644 index 0000000..0cec9df --- /dev/null +++ b/modules/home/vim/after/ftplugin/gn.vim @@ -0,0 +1,6 @@ +" Create the `b:undo_ftplugin` variable if it doesn't exist +call ftplugined#check_undo_ft() + +" Set comment string, as it seems that no official GN support exists upstream +setlocal commentstring=#\ %s +let b:undo_ftplugin.='|setlocal commentstring<' diff --git a/modules/home/vim/after/ftplugin/json.vim b/modules/home/vim/after/ftplugin/json.vim new file mode 100644 index 0000000..3f7b09d --- /dev/null +++ b/modules/home/vim/after/ftplugin/json.vim @@ -0,0 +1,6 @@ +" Create the `b:undo_ftplugin` variable if it doesn't exist +call ftplugined#check_undo_ft() + +" Use a small indentation value on JSON files +setlocal shiftwidth=2 +let b:undo_ftplugin.='|setlocal shiftwidth<' diff --git a/modules/home/vim/after/ftplugin/netrw.vim b/modules/home/vim/after/ftplugin/netrw.vim deleted file mode 100644 index e3689f8..0000000 --- a/modules/home/vim/after/ftplugin/netrw.vim +++ /dev/null @@ -1,6 +0,0 @@ -" Create the `b:undo_ftplugin` variable if it doesn't exist -call ftplugined#check_undo_ft() - -" Don't show Netrw in buffer list -setlocal bufhidden=delete -let b:undo_ftplugin='|setlocal bufhidden<' diff --git a/modules/home/vim/after/ftplugin/query.vim b/modules/home/vim/after/ftplugin/query.vim new file mode 100644 index 0000000..fd2ac73 --- /dev/null +++ b/modules/home/vim/after/ftplugin/query.vim @@ -0,0 +1,6 @@ +" Create the `b:undo_ftplugin` variable if it doesn't exist +call ftplugined#check_undo_ft() + +" Use a small indentation value on query files +setlocal shiftwidth=2 +let b:undo_ftplugin.='|setlocal shiftwidth<' diff --git a/modules/home/vim/after/plugin/mappings/commentary.lua b/modules/home/vim/after/plugin/mappings/commentary.lua deleted file mode 100644 index 6ed3b89..0000000 --- a/modules/home/vim/after/plugin/mappings/commentary.lua +++ /dev/null @@ -1,10 +0,0 @@ -local wk = require("which-key") - -local keys = { - name = "Comment/uncomment", - c = "Current line", - u = "Uncomment the current and adjacent commented lines", - ["gc"] = "Uncomment the current and adjacent commented lines", -} - -wk.register(keys, { prefix = "gc" }) diff --git a/modules/home/vim/after/plugin/mappings/misc.lua b/modules/home/vim/after/plugin/mappings/misc.lua deleted file mode 100644 index 6aa25a2..0000000 --- a/modules/home/vim/after/plugin/mappings/misc.lua +++ /dev/null @@ -1,7 +0,0 @@ -local wk = require("which-key") - -local keys = { - [""] = { "nohls", "Clear search highlight" }, -} - -wk.register(keys, { prefix = "" }) diff --git a/modules/home/vim/after/plugin/mappings/telescope.lua b/modules/home/vim/after/plugin/mappings/telescope.lua deleted file mode 100644 index 0867b36..0000000 --- a/modules/home/vim/after/plugin/mappings/telescope.lua +++ /dev/null @@ -1,15 +0,0 @@ -local wk = require("which-key") -local telescope_builtin = require("telescope.builtin") - -local keys = { - f = { - name = "Fuzzy finder", - b = { telescope_builtin.buffers, "Open buffers" }, - f = { telescope_builtin.git_files, "Git tracked files" }, - F = { telescope_builtin.find_files, "Files" }, - g = { telescope_builtin.live_grep, "Grep string" }, - G = { telescope_builtin.grep_string, "Grep string under cursor" }, - }, -} - -wk.register(keys, { prefix = "" }) diff --git a/modules/home/vim/after/plugin/mappings/tree-sitter-textobjects.lua b/modules/home/vim/after/plugin/mappings/tree-sitter-textobjects.lua deleted file mode 100644 index 631731c..0000000 --- a/modules/home/vim/after/plugin/mappings/tree-sitter-textobjects.lua +++ /dev/null @@ -1,30 +0,0 @@ -local wk = require("which-key") - -local motions = { - ["]m"] = "Next method start", - ["]M"] = "Next method end", - ["]S"] = "Next statement start", - ["]]"] = "Next class start", - ["]["] = "Next class end", - ["[m"] = "Previous method start", - ["[M"] = "Previous method end", - ["[S"] = "Previous statement start", - ["[["] = "Previous class start", - ["[]"] = "Previous class end", -} - -local objects = { - ["aa"] = "a parameter", - ["ia"] = "inner parameter", - ["ab"] = "a block", - ["ib"] = "inner block", - ["ac"] = "a class", - ["ic"] = "inner class", - ["af"] = "a function", - ["if"] = "inner function", - ["ak"] = "a comment", - ["aS"] = "a statement", -} - -wk.register(motions, { mode = "n" }) -wk.register(objects, { mode = "o" }) diff --git a/modules/home/vim/after/plugin/mappings/unimpaired.lua b/modules/home/vim/after/plugin/mappings/unimpaired.lua index f502056..765b6b1 100644 --- a/modules/home/vim/after/plugin/mappings/unimpaired.lua +++ b/modules/home/vim/after/plugin/mappings/unimpaired.lua @@ -3,126 +3,120 @@ local wk = require("which-key") local lsp = require("ambroisie.lsp") local keys = { - -- Edition and navigation mappins - ["["] = { - name = "Previous", - [""] = "Insert blank line above", - [""] = "Previous location list file", - [""] = "Previous quickfix list file", - [""] = "Previous tag in preview window", - a = "Previous argument", - A = "First argument", - b = "Previous buffer", - B = "First buffer", - e = "Exchange previous line", - f = "Previous file in directory", - l = "Previous location list entry", - L = "First Location list entry", - n = "Previous conflict marker/diff hunk", - p = "Paste line above", - P = "Paste line above", - q = "Previous quickfix list entry", - Q = "First quickfix list entry", - t = "Previous matching tag", - T = "First matching tag", - z = "Previous fold", - -- Encoding - C = "C string encode", - u = "URL encode", - x = "XML encode", - y = "C string encode", - -- Custom - d = { lsp.goto_prev_diagnostic, "Previous diagnostic" }, - }, - ["]"] = { - name = "Next", - [""] = "Insert blank line below", - [""] = "Next location list file", - [""] = "Next quickfix list file", - [""] = "Next tag in preview window", - a = "Next argument", - A = "Last argument", - b = "Next buffer", - B = "Last buffer", - e = "Exchange next line", - f = "Next file in directory", - l = "Next location list entry", - L = "Last Location list entry", - n = "Next conflict marker/diff hunk", - p = "Paste line below", - P = "Paste line below", - q = "Next quickfix list entry", - Q = "Last quickfix list entry", - t = "Next matching tag", - T = "Last matching tag", - z = "Next fold", - -- Decoding - C = "C string decode", - u = "URL decode", - x = "XML decode", - y = "C string decode", - -- Custom - d = { lsp.goto_next_diagnostic, "Next diagnostic" }, - }, + -- Previous + { "[", group = "Previous" }, + -- Edition and navigation mappings + { "[", desc = "Insert blank line above" }, + { "[", desc = "Previous location list file" }, + { "[", desc = "Previous quickfix list file" }, + { "[", desc = "Previous tag in preview window" }, + { "[a", desc = "Previous argument" }, + { "[A", desc = "First argument" }, + { "[b", desc = "Previous buffer" }, + { "[B", desc = "First buffer" }, + { "[e", desc = "Exchange previous line" }, + { "[f", desc = "Previous file in directory" }, + { "[l", desc = "Previous location list entry" }, + { "[L", desc = "First Location list entry" }, + { "[n", desc = "Previous conflict marker/diff hunk" }, + { "[p", desc = "Paste line above" }, + { "[P", desc = "Paste line above" }, + { "[q", desc = "Previous quickfix list entry" }, + { "[Q", desc = "First quickfix list entry" }, + { "[t", desc = "Previous matching tag" }, + { "[T", desc = "First matching tag" }, + { "[z", desc = "Previous fold" }, + -- Encoding + { "[C", desc = "C string encode" }, + { "[u", desc = "URL encode" }, + { "[x", desc = "XML encode" }, + { "[y", desc = "C string encode" }, - -- Option mappings - ["[o"] = { - name = "Enable option", - b = "Light background", - c = "Cursor line", - d = "Diff", - f = { "FormatEnable", "LSP Formatting" }, - h = "Search high-lighting", - i = "Case insensitive search", - l = "List mode", - n = "Line numbers", - r = "Relative line numbers", - p = { "lwindow", "Location list" }, - q = { "cwindow", "Quickfix list" }, - u = "Cursor column", - v = "Virtual editing", - w = "Text wrapping", - x = "Cursor line and column", - z = "Spell checking", - }, - ["]o"] = { - name = "Option off", - b = "Light background", - c = "Cursor line", - d = "Diff", - f = { "FormatDisable", "LSP Formatting" }, - h = "Search high-lighting", - i = "Case insensitive search", - l = "List mode", - n = "Line numbers", - p = { "lclose", "Location list" }, - q = { "cclose", "Quickfix list" }, - r = "Relative line numbers", - u = "Cursor column", - v = "Virtual editing", - w = "Text wrapping", - x = "Cursor line and column", - z = "Spell checking", - }, - ["yo"] = { - name = "Option toggle", - b = "Light background", - c = "Cursor line", - d = "Diff", - f = { "FormatToggle", "LSP Formatting" }, - h = "Search high-lighting", - i = "Case insensitive search", - l = "List mode", - n = "Line numbers", - p = { "(qf_loc_toggle)", "Location list" }, - q = { "(qf_qf_toggle)", "Quickfix list" }, - r = "Relative line numbers", - u = "Cursor column", - v = "Virtual editing", - w = "Text wrapping", - x = "Cursor line and column", - z = "Spell checking", - }, + -- Next + { "]", group = "Next" }, + -- Edition and navigation mappings + { "]", desc = "Insert blank line below" }, + { "]", desc = "Next location list file" }, + { "]", desc = "Next quickfix list file" }, + { "]", desc = "Next tag in preview window" }, + { "]a", desc = "Next argument" }, + { "]A", desc = "Last argument" }, + { "]b", desc = "Next buffer" }, + { "]B", desc = "Last buffer" }, + { "]e", desc = "Exchange next line" }, + { "]f", desc = "Next file in directory" }, + { "]l", desc = "Next location list entry" }, + { "]L", desc = "Last Location list entry" }, + { "]n", desc = "Next conflict marker/diff hunk" }, + { "]p", desc = "Paste line below" }, + { "]P", desc = "Paste line below" }, + { "]q", desc = "Next quickfix list entry" }, + { "]Q", desc = "Last quickfix list entry" }, + { "]t", desc = "Next matching tag" }, + { "]T", desc = "Last matching tag" }, + { "]z", desc = "Next fold" }, + -- Decoding + { "]C", desc = "C string decode" }, + { "]u", desc = "URL decode" }, + { "]x", desc = "XML decode" }, + { "]y", desc = "C string decode" }, + + -- Enable option + { "[o", group = "Enable option" }, + { "[ob", desc = "Light background" }, + { "[oc", desc = "Cursor line" }, + { "[od", desc = "Diff" }, + { "[of", "FormatEnable", desc = "LSP Formatting" }, + { "[oh", desc = "Search high-lighting" }, + { "[oi", desc = "Case insensitive search" }, + { "[ol", desc = "List mode" }, + { "[on", desc = "Line numbers" }, + { "[or", desc = "Relative line numbers" }, + { "[op", "lwindow", desc = "Location list" }, + { "[oq", "cwindow", desc = "Quickfix list" }, + { "[ou", desc = "Cursor column" }, + { "[ov", desc = "Virtual editing" }, + { "[ow", desc = "Text wrapping" }, + { "[ox", desc = "Cursor line and column" }, + { "[oz", desc = "Spell checking" }, + + -- Disable option + { "]o", group = "Disable option" }, + { "]ob", desc = "Light background" }, + { "]oc", desc = "Cursor line" }, + { "]od", desc = "Diff" }, + { "]of", "FormatDisable", desc = "LSP Formatting" }, + { "]oh", desc = "Search high-lighting" }, + { "]oi", desc = "Case insensitive search" }, + { "]ol", desc = "List mode" }, + { "]on", desc = "Line numbers" }, + { "]op", "lclose", desc = "Location list" }, + { "]oq", "cclose", desc = "Quickfix list" }, + { "]or", desc = "Relative line numbers" }, + { "]ou", desc = "Cursor column" }, + { "]ov", desc = "Virtual editing" }, + { "]ow", desc = "Text wrapping" }, + { "]ox", desc = "Cursor line and column" }, + { "]oz", desc = "Spell checking" }, + + -- Toggle option + { "yo", group = "Toggle option" }, + { "yob", desc = "Light background" }, + { "yoc", desc = "Cursor line" }, + { "yod", desc = "Diff" }, + { "yof", "FormatToggle", desc = "LSP Formatting" }, + { "yoh", desc = "Search high-lighting" }, + { "yoi", desc = "Case insensitive search" }, + { "yol", desc = "List mode" }, + { "yon", desc = "Line numbers" }, + { "yop", "(qf_loc_toggle)", desc = "Location list" }, + { "yoq", "(qf_qf_toggle)", desc = "Quickfix list" }, + { "yor", desc = "Relative line numbers" }, + { "you", desc = "Cursor column" }, + { "yov", desc = "Virtual editing" }, + { "yow", desc = "Text wrapping" }, + { "yox", desc = "Cursor line and column" }, + { "yoz", desc = "Spell checking" }, } -wk.register(keys) +wk.add(keys) diff --git a/modules/home/vim/after/queries/diff/highlights.scm b/modules/home/vim/after/queries/diff/highlights.scm new file mode 100644 index 0000000..c998725 --- /dev/null +++ b/modules/home/vim/after/queries/diff/highlights.scm @@ -0,0 +1,5 @@ +; extends + +; I want to the line added/removed markers to be the correct color +"+" @diff.plus +"-" @diff.minus diff --git a/modules/home/vim/after/queries/gitcommit/highlights.scm b/modules/home/vim/after/queries/gitcommit/highlights.scm new file mode 100644 index 0000000..05162c9 --- /dev/null +++ b/modules/home/vim/after/queries/gitcommit/highlights.scm @@ -0,0 +1,6 @@ +; extends + +; Highlight over-extended subject lines (rely on wrapping for message body) +((subject) @comment.error + (#vim-match? @comment.error ".\{50,}") + (#offset! @comment.error 0 50 0 0)) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 871bf40..20a74ff 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -40,25 +40,18 @@ in lualine-lsp-progress # Show progress for LSP servers # tpope essentials - vim-commentary # Easy comments vim-eunuch # UNIX integrations vim-fugitive # A 'git' wrapper vim-git # Sane git syntax files vim-repeat # Enanche '.' for plugins vim-rsi # Readline mappings vim-unimpaired # Some ex command mappings - vim-vinegar # Better netrw # Languages - rust-vim vim-beancount - vim-jsonnet - vim-nix - vim-toml # General enhancements vim-qf # Better quick-fix list - nvim-osc52 # Send clipboard data through terminal escape for SSH # Other wrappers git-messenger-vim # A simple blame window @@ -66,16 +59,13 @@ in # LSP and linting nvim-lspconfig # Easy LSP configuration lsp-format-nvim # Simplified formatting configuration - lsp_lines-nvim # Show diagnostics *over* regions none-ls-nvim # LSP integration for linters and formatters nvim-treesitter.withAllGrammars # Better highlighting nvim-treesitter-textobjects # More textobjects - nvim-ts-context-commentstring # Comment string in nested language blocks plenary-nvim # 'null-ls', 'telescope' dependency # Completion luasnip # Snippet manager compatible with LSP - friendly-snippets # LSP snippets collection nvim-cmp # Completion engine cmp-async-path # More responsive path completion cmp-buffer # Words from open buffers @@ -88,6 +78,7 @@ in dressing-nvim # Integrate native UI hooks with Telescope etc... gitsigns-nvim # Fast git UI integration nvim-surround # Deal with pairs, now in Lua + oil-nvim # Better alternative to NetrW telescope-fzf-native-nvim # Use 'fzf' fuzzy matching algorithm telescope-lsp-handlers-nvim # Use 'telescope' for various LSP actions telescope-nvim # Fuzzy finder interface @@ -105,8 +96,11 @@ in nixpkgs-fmt # Shell - shellcheck + bash-language-server shfmt + + # Generic + typos-lsp ]; }; diff --git a/modules/home/vim/ftdetect/automake.lua b/modules/home/vim/ftdetect/automake.lua index cfa15d2..68a30ed 100644 --- a/modules/home/vim/ftdetect/automake.lua +++ b/modules/home/vim/ftdetect/automake.lua @@ -1,4 +1,4 @@ --- Use Automake filetype for `local.am` files, explicit `set` to force override +-- Use Automake filetype for `local.am` files vim.filetype.add({ filename = { ["local.am"] = "automake", diff --git a/modules/home/vim/ftdetect/glsl.lua b/modules/home/vim/ftdetect/glsl.lua new file mode 100644 index 0000000..2f4f1dd --- /dev/null +++ b/modules/home/vim/ftdetect/glsl.lua @@ -0,0 +1,7 @@ +-- Use GLSL filetype for common shader file extensions +vim.filetype.add({ + extension = { + frag = "glsl", + vert = "glsl", + }, +}) diff --git a/modules/home/vim/ftdetect/kbuild.lua b/modules/home/vim/ftdetect/kbuild.lua deleted file mode 100644 index 799570e..0000000 --- a/modules/home/vim/ftdetect/kbuild.lua +++ /dev/null @@ -1,6 +0,0 @@ --- Kbuild is just a Makefile under a different name -vim.filetype.add({ - filename = { - ["Kbuild"] = "make", - }, -}) diff --git a/modules/home/vim/ftdetect/tikz.lua b/modules/home/vim/ftdetect/tikz.lua deleted file mode 100644 index 93b7db0..0000000 --- a/modules/home/vim/ftdetect/tikz.lua +++ /dev/null @@ -1,6 +0,0 @@ --- Use LaTeX filetype for TikZ files -vim.filetype.add({ - extension = { - tikz = "tex", - }, -}) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index bd63d25..39ef32e 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -1,4 +1,4 @@ -" Basic configuraion {{{ +" Basic configuration {{{ """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" " Use UTF-8 set encoding=utf-8 @@ -38,10 +38,10 @@ set tabstop=8 " File parameters {{{ """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -" Disable backups, we have source control for that -set nobackup -" Disable swapfiles too +" Disable swap files set noswapfile +" Enable undo files +set undofile " }}} " UI and UX parameters {{{ @@ -68,8 +68,6 @@ set listchars=tab:>─,trail:·,nbsp:¤ " Use patience diff set diffopt+=algorithm:patience -" Align similar lines in each hunk -set diffopt+=linematch:50 " Don't redraw when executing macros set lazyredraw @@ -86,8 +84,29 @@ set mouse= " Set dark mode by default set background=dark -" 24 bit colors -set termguicolors +" Setup some overrides for gruvbox +lua << EOF +local gruvbox = require("gruvbox") +local colors = gruvbox.palette + +gruvbox.setup({ + overrides = { + -- Only URLs should be underlined + ["@string.special.path"] = { link = "GruvboxOrange" }, + -- Revert back to the better diff highlighting + DiffAdd = { fg = colors.green, bg = "NONE" }, + DiffChange = { fg = colors.aqua, bg = "NONE" }, + DiffDelete = { fg = colors.red, bg = "NONE" }, + DiffText = { fg = colors.yellow, bg = colors.bg0 }, + -- Directories "pop" better in blue + Directory = { link = "GruvboxBlueBold" }, + }, + italic = { + -- Comments should not be italic, for e.g: box drawing + comments = false, + }, +}) +EOF " Use my preferred colorscheme colorscheme gruvbox " }}} diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index 99d8dab..fef0487 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -3,46 +3,9 @@ local M = {} -- Simplified LSP formatting configuration local lsp_format = require("lsp-format") ---- Move to the next/previous diagnostic, automatically showing the diagnostics ---- float if necessary. ---- @param forward whether to go forward or backwards -local function goto_diagnostic(forward) - vim.validate({ - forward = { forward, "boolean" }, - }) - - local opts = { - float = false, - } - - -- Only show floating diagnostics if they are otherwise not displayed - local config = vim.diagnostic.config() - if not (config.virtual_text or config.virtual_lines) then - opts.float = true - end - - if forward then - vim.diagnostic.goto_next(opts) - else - vim.diagnostic.goto_prev(opts) - end -end - ---- Move to the next diagnostic, automatically showing the diagnostics float if ---- necessary. -M.goto_next_diagnostic = function() - goto_diagnostic(true) -end - ---- Move to the previous diagnostic, automatically showing the diagnostics float ---- if necessary. -M.goto_prev_diagnostic = function() - goto_diagnostic(false) -end - --- shared LSP configuration callback --- @param client native client configuration ---- @param bufnr int? buffer number of the attched client +--- @param bufnr int? buffer number of the attached client M.on_attach = function(client, bufnr) -- Format on save lsp_format.on_attach(client, bufnr) @@ -51,8 +14,7 @@ M.on_attach = function(client, bufnr) local wk = require("which-key") local function list_workspace_folders() - local utils = require("ambroisie.utils") - utils.dump(vim.lsp.buf.list_workspace_folders()) + vim.print(vim.lsp.buf.list_workspace_folders()) end local function cycle_diagnostics_display() @@ -80,6 +42,10 @@ M.on_attach = function(client, bufnr) vim.diagnostic.config({ virtual_text = text, virtual_lines = lines, + jump = { + -- Show float on jump if no diagnostic text is otherwise shown + float = not (text or lines), + }, }) end @@ -87,32 +53,36 @@ M.on_attach = function(client, bufnr) vim.diagnostic.open_float(nil, { scope = "buffer" }) end - local keys = { - K = { vim.lsp.buf.hover, "Show symbol information" }, - [""] = { vim.lsp.buf.signature_help, "Show signature information" }, - ["gd"] = { vim.lsp.buf.definition, "Go to definition" }, - ["gD"] = { vim.lsp.buf.declaration, "Go to declaration" }, - ["gi"] = { vim.lsp.buf.implementation, "Go to implementation" }, - ["gr"] = { vim.lsp.buf.references, "List all references" }, + local function toggle_inlay_hints() + vim.lsp.inlay_hint.enable(not vim.lsp.inlay_hint.is_enabled()) + end - ["c"] = { - name = "Code", - a = { vim.lsp.buf.code_action, "Code actions" }, - d = { cycle_diagnostics_display, "Cycle diagnostics display" }, - D = { show_buffer_diagnostics, "Show buffer diagnostics" }, - r = { vim.lsp.buf.rename, "Rename symbol" }, - s = { vim.lsp.buf.signature_help, "Show signature" }, - t = { vim.lsp.buf.type_definition, "Go to type definition" }, - w = { - name = "Workspace", - a = { vim.lsp.buf.add_workspace_folder, "Add folder to workspace" }, - l = { list_workspace_folders, "List folders in workspace" }, - r = { vim.lsp.buf.remove_workspace_folder, "Remove folder from workspace" }, - }, - }, + local keys = { + buffer = bufnr, + -- LSP navigation + { "K", vim.lsp.buf.hover, desc = "Show symbol information" }, + { "", vim.lsp.buf.signature_help, desc = "Show signature information" }, + { "gd", vim.lsp.buf.definition, desc = "Go to definition" }, + { "gD", vim.lsp.buf.declaration, desc = "Go to declaration" }, + { "gi", vim.lsp.buf.implementation, desc = "Go to implementation" }, + { "gr", vim.lsp.buf.references, desc = "List all references" }, + -- Code + { "c", group = "Code" }, + { "ca", vim.lsp.buf.code_action, desc = "Code actions" }, + { "cd", cycle_diagnostics_display, desc = "Cycle diagnostics display" }, + { "cD", show_buffer_diagnostics, desc = "Show buffer diagnostics" }, + { "ch", toggle_inlay_hints, desc = "Toggle inlay hints" }, + { "cr", vim.lsp.buf.rename, desc = "Rename symbol" }, + { "cs", vim.lsp.buf.signature_help, desc = "Show signature" }, + { "ct", vim.lsp.buf.type_definition, desc = "Go to type definition" }, + -- Workspace + { "cw", group = "Workspace" }, + { "cwa", vim.lsp.buf.add_workspace_folder, desc = "Add folder to workspace" }, + { "cwl", list_workspace_folders, desc = "List folders in workspace" }, + { "cwr", vim.lsp.buf.remove_workspace_folder, desc = "Remove folder from workspace" }, } - wk.register(keys, { buffer = bufnr }) + wk.add(keys) end return M diff --git a/modules/home/vim/lua/ambroisie/utils.lua b/modules/home/vim/lua/ambroisie/utils.lua index 418e0d1..0ee7c83 100644 --- a/modules/home/vim/lua/ambroisie/utils.lua +++ b/modules/home/vim/lua/ambroisie/utils.lua @@ -1,11 +1,5 @@ local M = {} ---- pretty print lua object ---- @param obj any object to pretty print -M.dump = function(obj) - print(vim.inspect(obj)) -end - --- checks if a given command is executable --- @param cmd string? command to check --- @return boolean executable @@ -15,7 +9,7 @@ end --- return a function that checks if a given command is executable --- @param cmd string? command to check ---- @return fun(cmd: string): boolean executable +--- @return fun(): boolean executable M.is_executable_condition = function(cmd) return function() return M.is_executable(cmd) @@ -40,11 +34,11 @@ M.is_ssh = function() return false end ---- list all active LSP clients for current buffer +--- list all active LSP clients for specific buffer, or all buffers --- @param bufnr int? buffer number --- @return table all active LSP client names M.list_lsp_clients = function(bufnr) - local clients = vim.lsp.buf_get_clients(bufnr) + local clients = vim.lsp.get_clients({ bufnr = bufnr }) local names = {} for _, client in ipairs(clients) do @@ -54,4 +48,22 @@ M.list_lsp_clients = function(bufnr) return names end +--- partially apply a function with given arguments +M.partial = function(f, ...) + local a = { ... } + local a_len = select("#", ...) + + return function(...) + local tmp = { ... } + local tmp_len = select("#", ...) + + -- Merge arg lists + for i = 1, tmp_len do + a[a_len + i] = tmp[i] + end + + return f(unpack(a, 1, a_len + tmp_len)) + end +end + return M diff --git a/modules/home/vim/plugin/numbertoggle.lua b/modules/home/vim/plugin/numbertoggle.lua index 1f97fc8..b1e3df2 100644 --- a/modules/home/vim/plugin/numbertoggle.lua +++ b/modules/home/vim/plugin/numbertoggle.lua @@ -7,17 +7,18 @@ local numbertoggle = vim.api.nvim_create_augroup("numbertoggle", { clear = true vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "InsertLeave", "WinEnter" }, { pattern = "*", group = numbertoggle, - command = "if &nu | setlocal rnu | endif", + callback = function() + if vim.opt.number:get() then + vim.opt.relativenumber = true + end + end, }) vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "InsertEnter", "WinLeave" }, { pattern = "*", group = numbertoggle, - command = "if &nu | setlocal nornu | endif", -}) - --- Never show the sign column in a terminal buffer -vim.api.nvim_create_autocmd({ "TermOpen" }, { - pattern = "*", - group = numbertoggle, - command = "setlocal nonu nornu", + callback = function() + if vim.opt.number:get() then + vim.opt.relativenumber = false + end + end, }) diff --git a/modules/home/vim/plugin/settings/fastfold.lua b/modules/home/vim/plugin/settings/fastfold.lua deleted file mode 100644 index 78ee937..0000000 --- a/modules/home/vim/plugin/settings/fastfold.lua +++ /dev/null @@ -1,5 +0,0 @@ --- Intercept all fold commands --- stylua: ignore -vim.g.fastfold_fold_command_suffixes = { - "x", "X", "a", "A", "o", "O", "c", "C", "r", "R", "m", "M", "i", "n", "N", -} diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua index 4dbebca..b9b92a6 100644 --- a/modules/home/vim/plugin/settings/git.lua +++ b/modules/home/vim/plugin/settings/git.lua @@ -1,58 +1,75 @@ local gitsigns = require("gitsigns") +local utils = require("ambroisie.utils") local wk = require("which-key") +--- Transform `f` into a function which acts on the current visual selection +local function make_visual(f) + return function() + local first = vim.fn.line("v") + local last = vim.fn.line(".") + f({ first, last }) + end +end + +local function nav_hunk(dir) + if vim.wo.diff then + local map = { + prev = "[c", + next = "]c", + } + vim.cmd.normal({ map[dir], bang = true }) + else + gitsigns.nav_hunk(dir) + end +end + gitsigns.setup({ current_line_blame_opts = { -- Show the blame quickly delay = 100, }, + -- Work-around for https://github.com/lewis6991/gitsigns.nvim/issues/929 + signs_staged_enable = false, }) local keys = { -- Navigation - ["[c"] = { "&diff ? '[c' : 'Gitsigns prev_hunk'", "Previous hunk/diff", expr = true }, - ["]c"] = { "&diff ? ']c' : 'Gitsigns next_hunk'", "Next hunk/diff", expr = true }, - + { "[c", utils.partial(nav_hunk, "prev"), desc = "Previous hunk/diff" }, + { "]c", utils.partial(nav_hunk, "next"), desc = "Next hunk/diff" }, -- Commands - ["g"] = { - name = "Git", - -- Actions - b = { gitsigns.toggle_current_line_blame, "Toggle blame virtual text" }, - d = { gitsigns.diffthis, "Diff buffer" }, - -- stylua: ignore - D = { function() gitsigns.diffthis("~") end, "Diff buffer against last commit" }, - g = { "Git", "Git status" }, - h = { gitsigns.toggle_deleted, "Show deleted hunks" }, - L = { ":spT:Gllog --follow -- %:p", "Current buffer log" }, - m = { "(git-messenger)", "Current line blame" }, - p = { gitsigns.preview_hunk, "Preview hunk" }, - r = { gitsigns.reset_hunk, "Restore hunk" }, - R = { gitsigns.reset_buffer, "Restore buffer" }, - s = { gitsigns.stage_hunk, "Stage hunk" }, - S = { gitsigns.stage_buffer, "Stage buffer" }, - u = { gitsigns.undo_stage_hunk, "Undo stage hunk" }, - ["["] = { gitsigns.prev_hunk, "Previous hunk" }, - ["]"] = { gitsigns.next_hunk, "Next hunk" }, - }, + { "g", group = "Git" }, + { "gb", gitsigns.toggle_current_line_blame, desc = "Toggle blame virtual text" }, + { "gd", gitsigns.diffthis, desc = "Diff buffer" }, + { "gD", utils.partial(gitsigns.diffthis, "~"), desc = "Diff buffer against last commit" }, + { "gg", "Git", desc = "Git status" }, + { "gh", gitsigns.toggle_deleted, desc = "Show deleted hunks" }, + { "gL", ":spT:Gllog --follow -- %:p", desc = "Current buffer log" }, + { "gm", "(git-messenger)", desc = "Current line blame" }, + { "gp", gitsigns.preview_hunk, desc = "Preview hunk" }, + { "gr", gitsigns.reset_hunk, desc = "Restore hunk" }, + { "gR", gitsigns.reset_buffer, desc = "Restore buffer" }, + { "gs", gitsigns.stage_hunk, desc = "Stage hunk" }, + { "gS", gitsigns.stage_buffer, desc = "Stage buffer" }, + { "gu", gitsigns.undo_stage_hunk, desc = "Undo stage hunk" }, + { "g[", utils.partial(gitsigns.nav_hunk, "prev"), desc = "Previous hunk" }, + { "g]", utils.partial(gitsigns.nav_hunk, "next"), desc = "Next hunk" }, } local objects = { - ["ih"] = { gitsigns.select_hunk, "Git hunk" }, + mode = "o", + { "ih", gitsigns.select_hunk, desc = "Git hunk" }, } - +-- Visual local visual = { - ["ih"] = { gitsigns.select_hunk, "Git hunk" }, - - -- Only the actual command can make use of the visual selection... - ["g"] = { - name = "Git", - p = { ":Gitsigns preview_hunk", "Preview selection" }, - r = { ":Gitsigns reset_hunk", "Restore selection" }, - s = { ":Gitsigns stage_hunk", "Stage selection" }, - u = { ":Gitsigns undo_stage_hunk", "Undo stage selection" }, - }, + mode = { "x" }, + { "ih", gitsigns.select_hunk, desc = "Git hunk" }, + { "g", group = "Git" }, + { "gp", gitsigns.preview_hunk, desc = "Preview selection" }, + { "gr", make_visual(gitsigns.reset_hunk), desc = "Restore selection" }, + { "gs", make_visual(gitsigns.stage_hunk), desc = "Stage selection" }, + { "gu", gitsigns.undo_stage_hunk, desc = "Undo stage selection" }, } -wk.register(keys, { buffer = bufnr }) -wk.register(objects, { buffer = bufnr, mode = "o" }) -wk.register(visual, { buffer = bufnr, mode = "x" }) +wk.add(keys) +wk.add(objects) +wk.add(visual) diff --git a/modules/home/vim/plugin/settings/lsp-lines.lua b/modules/home/vim/plugin/settings/lsp-lines.lua deleted file mode 100644 index 9c79818..0000000 --- a/modules/home/vim/plugin/settings/lsp-lines.lua +++ /dev/null @@ -1,3 +0,0 @@ -local lsp_lines = require("lsp_lines") - -lsp_lines.setup() diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 794a765..7817d4c 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -16,6 +16,10 @@ vim.diagnostic.config({ update_in_insert = false, -- Show highest severity first severity_sort = true, + jump = { + -- Show float on diagnostic jumps + float = true, + }, }) -- Inform servers we are able to do completion, snippets, etc... @@ -29,16 +33,17 @@ if utils.is_executable("clangd") then }) end --- Nix -if utils.is_executable("nil") then - lspconfig.nil_ls.setup({ +-- Haskell +if utils.is_executable("haskell-language-server-wrapper") then + lspconfig.hls.setup({ capabilities = capabilities, on_attach = lsp.on_attach, }) end -if utils.is_executable("rnix-lsp") then - lspconfig.rnix.setup({ +-- Nix +if utils.is_executable("nil") then + lspconfig.nil_ls.setup({ capabilities = capabilities, on_attach = lsp.on_attach, }) @@ -52,6 +57,13 @@ if utils.is_executable("pyright") then }) end +if utils.is_executable("ruff") then + lspconfig.ruff.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end + -- Rust if utils.is_executable("rust-analyzer") then lspconfig.rust_analyzer.setup({ @@ -59,3 +71,45 @@ if utils.is_executable("rust-analyzer") then on_attach = lsp.on_attach, }) end + +-- Shell +if utils.is_executable("bash-language-server") then + lspconfig.bashls.setup({ + filetypes = { "bash", "sh", "zsh" }, + capabilities = capabilities, + on_attach = lsp.on_attach, + settings = { + bashIde = { + shfmt = { + -- Simplify the code + simplifyCode = true, + -- Indent switch cases + caseIndent = true, + }, + }, + }, + }) +end + +-- Starlark +if utils.is_executable("starpls") then + lspconfig.starpls.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end + +-- Generic +if utils.is_executable("harper-ls") then + lspconfig.harper_ls.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end + +if utils.is_executable("typos-lsp") then + lspconfig.typos_lsp.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end diff --git a/modules/home/vim/plugin/settings/lualine.lua b/modules/home/vim/plugin/settings/lualine.lua index fdaccda..bbe4647 100644 --- a/modules/home/vim/plugin/settings/lualine.lua +++ b/modules/home/vim/plugin/settings/lualine.lua @@ -1,4 +1,5 @@ local lualine = require("lualine") +local oil = require("oil") local utils = require("ambroisie.utils") local function list_spell_languages() @@ -10,7 +11,7 @@ local function list_spell_languages() end local function list_lsp_clients() - local client_names = utils.list_lsp_clients() + local client_names = utils.list_lsp_clients(0) if #client_names == 0 then return "" @@ -30,7 +31,7 @@ lualine.setup({ { "mode" }, }, lualine_b = { - { "FugitiveHead" }, + { "branch" }, { "filename", symbols = { readonly = "🔒" } }, }, lualine_c = { @@ -57,5 +58,21 @@ lualine.setup({ extensions = { "fugitive", "quickfix", + { + sections = { + lualine_a = { + { "mode" }, + }, + lualine_b = { + { "branch" }, + }, + lualine_c = { + function() + return vim.fn.fnamemodify(oil.get_current_dir(), ":~") + end, + }, + }, + filetypes = { "oil" }, + }, }, }) diff --git a/modules/home/vim/plugin/settings/luasnip.lua b/modules/home/vim/plugin/settings/luasnip.lua deleted file mode 100644 index 80309d7..0000000 --- a/modules/home/vim/plugin/settings/luasnip.lua +++ /dev/null @@ -1 +0,0 @@ -require("luasnip.loaders.from_vscode").lazy_load() diff --git a/modules/home/vim/plugin/settings/null-ls.lua b/modules/home/vim/plugin/settings/null-ls.lua index 0eaa55c..258a209 100644 --- a/modules/home/vim/plugin/settings/null-ls.lua +++ b/modules/home/vim/plugin/settings/null-ls.lua @@ -18,48 +18,16 @@ null_ls.register({ }), }) --- C, C++ -null_ls.register({ - null_ls.builtins.formatting.clang_format.with({ - -- Only used if available, but prefer clangd formatting if available - condition = function() - return utils.is_executable("clang-format") and not utils.is_executable("clangd") - end, - }), -}) - --- Haskell -null_ls.register({ - null_ls.builtins.formatting.brittany.with({ - -- Only used if available - condition = utils.is_executable_condition("brittany"), - }), -}) - -- Nix null_ls.register({ null_ls.builtins.formatting.nixpkgs_fmt.with({ - -- Only used if available, but prefer rnix if available - condition = function() - return utils.is_executable("nixpkgs-fmt") - and not utils.is_executable("rnix-lsp") - and not utils.is_executable("nil") - end, + -- Only used if available + condition = utils.is_executable_condition("nixpkgs-fmt"), }), }) -- Python null_ls.register({ - null_ls.builtins.diagnostics.flake8.with({ - -- Only used if available, but prefer pflake8 if available - condition = function() - return utils.is_executable("flake8") and not utils.is_executable("pflake8") - end, - }), - null_ls.builtins.diagnostics.pyproject_flake8.with({ - -- Only used if available - condition = utils.is_executable_condition("pflake8"), - }), null_ls.builtins.diagnostics.mypy.with({ -- Only used if available condition = utils.is_executable_condition("mypy"), @@ -78,61 +46,3 @@ null_ls.register({ condition = utils.is_executable_condition("isort"), }), }) - --- Shell (non-POSIX) -null_ls.register({ - null_ls.builtins.code_actions.shellcheck.with({ - -- Restrict to bash and zsh - filetypes = { "bash", "zsh" }, - -- Only used if available - condition = utils.is_executable_condition("shellcheck"), - }), - null_ls.builtins.diagnostics.shellcheck.with({ - -- Show error code in message - diagnostics_format = "[#{c}] #{m}", - -- Require explicit empty string test, use bash dialect - extra_args = { "-s", "bash", "-o", "avoid-nullary-conditions" }, - -- Restrict to bash and zsh - filetypes = { "bash", "zsh" }, - -- Only used if available - condition = utils.is_executable_condition("shellcheck"), - }), - null_ls.builtins.formatting.shfmt.with({ - -- Indent with 4 spaces, simplify the code, indent switch cases, - -- add space after redirection, use bash dialect - extra_args = { "-i", "4", "-s", "-ci", "-sr", "-ln", "bash" }, - -- Restrict to bash and zsh - filetypes = { "bash", "zsh" }, - -- Only used if available - condition = utils.is_executable_condition("shfmt"), - }), -}) - --- Shell (POSIX) -null_ls.register({ - null_ls.builtins.code_actions.shellcheck.with({ - -- Restrict to POSIX sh - filetypes = { "sh" }, - -- Only used if available - condition = utils.is_executable_condition("shellcheck"), - }), - null_ls.builtins.diagnostics.shellcheck.with({ - -- Show error code in message - diagnostics_format = "[#{c}] #{m}", - -- Require explicit empty string test - extra_args = { "-o", "avoid-nullary-conditions" }, - -- Restrict to POSIX sh - filetypes = { "sh" }, - -- Only used if available - condition = utils.is_executable_condition("shellcheck"), - }), - null_ls.builtins.formatting.shfmt.with({ - -- Indent with 4 spaces, simplify the code, indent switch cases, - -- add space after redirection, use POSIX - extra_args = { "-i", "4", "-s", "-ci", "-sr", "-ln", "posix" }, - -- Restrict to POSIX sh - filetypes = { "sh" }, - -- Only used if available - condition = utils.is_executable_condition("shfmt"), - }), -}) diff --git a/modules/home/vim/plugin/settings/oil.lua b/modules/home/vim/plugin/settings/oil.lua new file mode 100644 index 0000000..74d5007 --- /dev/null +++ b/modules/home/vim/plugin/settings/oil.lua @@ -0,0 +1,36 @@ +local oil = require("oil") +local wk = require("which-key") + +local detail = false + +oil.setup({ + -- Don't show icons + columns = {}, + view_options = { + -- Show files and directories that start with "." by default + show_hidden = true, + -- But never '..' + is_always_hidden = function(name, bufnr) + return name == ".." + end, + }, + keymaps = { + ["gd"] = { + desc = "Toggle file detail view", + callback = function() + detail = not detail + if detail then + oil.set_columns({ "icon", "permissions", "size", "mtime" }) + else + oil.set_columns({ "icon" }) + end + end, + }, + }, +}) + +local keys = { + { "-", oil.open, desc = "Open parent directory" }, +} + +wk.add(keys) diff --git a/modules/home/vim/plugin/settings/ssh.lua b/modules/home/vim/plugin/settings/ssh.lua deleted file mode 100644 index 992a707..0000000 --- a/modules/home/vim/plugin/settings/ssh.lua +++ /dev/null @@ -1,17 +0,0 @@ -if not require("ambroisie.utils").is_ssh() then - return -end - -local function copy(lines, _) - require("osc52").copy(table.concat(lines, "\n")) -end - -local function paste() - return { vim.fn.split(vim.fn.getreg(""), "\n"), vim.fn.getregtype("") } -end - -vim.g.clipboard = { - name = "osc52", - copy = { ["+"] = copy, ["*"] = copy }, - paste = { ["+"] = paste, ["*"] = paste }, -} diff --git a/modules/home/vim/plugin/settings/telescope.lua b/modules/home/vim/plugin/settings/telescope.lua index 4548ec5..1a23928 100644 --- a/modules/home/vim/plugin/settings/telescope.lua +++ b/modules/home/vim/plugin/settings/telescope.lua @@ -1,4 +1,6 @@ local telescope = require("telescope") +local telescope_builtin = require("telescope.builtin") +local wk = require("which-key") telescope.setup({ defaults = { @@ -22,3 +24,14 @@ telescope.setup({ telescope.load_extension("fzf") telescope.load_extension("lsp_handlers") + +local keys = { + { "f", group = "Fuzzy finder" }, + { "fb", telescope_builtin.buffers, desc = "Open buffers" }, + { "ff", telescope_builtin.git_files, desc = "Git tracked files" }, + { "fF", telescope_builtin.find_files, desc = "Files" }, + { "fg", telescope_builtin.live_grep, desc = "Grep string" }, + { "fG", telescope_builtin.grep_string, desc = "Grep string under cursor" }, +} + +wk.add(keys) diff --git a/modules/home/vim/plugin/settings/tree-sitter.lua b/modules/home/vim/plugin/settings/tree-sitter.lua index 5503857..d5fff46 100644 --- a/modules/home/vim/plugin/settings/tree-sitter.lua +++ b/modules/home/vim/plugin/settings/tree-sitter.lua @@ -1,4 +1,5 @@ local ts_config = require("nvim-treesitter.configs") + ts_config.setup({ highlight = { enable = true, @@ -14,16 +15,16 @@ ts_config.setup({ -- Jump to matching text objects lookahead = true, keymaps = { - ["aa"] = "@parameter.outer", - ["ia"] = "@parameter.inner", - ["ab"] = "@block.outer", - ["ib"] = "@block.inner", - ["ac"] = "@class.outer", - ["ic"] = "@class.inner", - ["af"] = "@function.outer", - ["if"] = "@function.inner", - ["ak"] = "@comment.outer", - ["aS"] = "@statement.outer", + ["aa"] = { query = "@parameter.outer", desc = "a parameter" }, + ["ia"] = { query = "@parameter.inner", desc = "inner parameter" }, + ["ab"] = { query = "@block.outer", desc = "a block" }, + ["ib"] = { query = "@block.inner", desc = "inner block" }, + ["ac"] = { query = "@class.outer", desc = "a class" }, + ["ic"] = { query = "@class.inner", desc = "inner class" }, + ["af"] = { query = "@function.outer", desc = "a function" }, + ["if"] = { query = "@function.inner", desc = "inner function" }, + ["ak"] = { query = "@comment.outer", desc = "a comment" }, + ["aS"] = { query = "@statement.outer", desc = "a statement" }, }, }, move = { @@ -31,22 +32,22 @@ ts_config.setup({ -- Add to jump list set_jumps = true, goto_next_start = { - ["]m"] = "@function.outer", - ["]S"] = "@statement.outer", - ["]]"] = "@class.outer", + ["]m"] = { query = "@function.outer", desc = "Next method start" }, + ["]S"] = { query = "@statement.outer", desc = "Next statement start" }, + ["]]"] = { query = "@class.outer", desc = "Next class start" }, }, goto_next_end = { - ["]M"] = "@function.outer", - ["]["] = "@class.outer", + ["]M"] = { query = "@function.outer", desc = "Next method end" }, + ["]["] = { query = "@class.outer", desc = "Next class end" }, }, goto_previous_start = { - ["[m"] = "@function.outer", - ["[S"] = "@statement.outer", - ["[["] = "@class.outer", + ["[m"] = { query = "@function.outer", desc = "Previous method start" }, + ["[S"] = { query = "@statement.outer", desc = "Previous statement start" }, + ["[["] = { query = "@class.outer", desc = "Previous class start" }, }, goto_previous_end = { - ["[M"] = "@function.outer", - ["[]"] = "@class.outer", + ["[M"] = { query = "@function.outer", desc = "Previous method end" }, + ["[]"] = { query = "@class.outer", desc = "Previous class end" }, }, }, }, diff --git a/modules/home/vim/plugin/settings/which-key.lua b/modules/home/vim/plugin/settings/which-key.lua index 2edfd70..3dc260a 100644 --- a/modules/home/vim/plugin/settings/which-key.lua +++ b/modules/home/vim/plugin/settings/which-key.lua @@ -1,2 +1,33 @@ local wk = require("which-key") -wk.setup() +wk.setup({ + icons = { + -- I don't like icons + mappings = false, + breadcrumb = "»", + separator = "➜", + group = "+", + ellipsis = "…", + keys = { + Up = " ", + Down = " ", + Left = " ", + Right = " ", + C = "", + M = "", + D = "", + S = "", + CR = "", + Esc = " ", + NL = "", + BS = "", + Space = "", + Tab = " ", + }, + }, +}) + +local keys = { + { "", vim.cmd.nohlsearch, desc = "Clear search highlight" }, +} + +wk.add(keys) diff --git a/modules/home/vim/plugin/signtoggle.lua b/modules/home/vim/plugin/signtoggle.lua index d6a26e2..3deca34 100644 --- a/modules/home/vim/plugin/signtoggle.lua +++ b/modules/home/vim/plugin/signtoggle.lua @@ -1,20 +1,21 @@ local signtoggle = vim.api.nvim_create_augroup("signtoggle", { clear = true }) --- Only show sign column for the currently focused buffer +-- Only show sign column for the currently focused buffer, if it has a number column vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "WinEnter" }, { pattern = "*", group = signtoggle, - command = "setlocal signcolumn=yes", + callback = function() + if vim.opt.number:get() then + vim.opt.signcolumn = "yes" + end + end, }) vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "WinLeave" }, { pattern = "*", group = signtoggle, - command = "setlocal signcolumn=yes", -}) - --- Never show the sign column in a terminal buffer -vim.api.nvim_create_autocmd({ "TermOpen" }, { - pattern = "*", - group = signtoggle, - command = "setlocal signcolumn=no", + callback = function() + if vim.opt.number:get() then + vim.opt.signcolumn = "no" + end + end, }) diff --git a/modules/home/wget/default.nix b/modules/home/wget/default.nix new file mode 100644 index 0000000..1be5397 --- /dev/null +++ b/modules/home/wget/default.nix @@ -0,0 +1,26 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.my.home.wget; +in +{ + options.my.home.wget = with lib; { + enable = my.mkDisableOption "wget configuration"; + + package = mkPackageOption pkgs "wget" { }; + }; + + config = lib.mkIf cfg.enable { + home.packages = [ + cfg.package + ]; + + + home.sessionVariables = lib.mkIf cfg.enable { + WGETRC = "${config.xdg.configHome}/wgetrc"; + }; + + xdg.configFile."wgetrc".text = '' + hsts-file = ${config.xdg.stateHome}/wget-hsts + ''; + }; +} diff --git a/modules/home/wm/default.nix b/modules/home/wm/default.nix index 449918a..ae1e136 100644 --- a/modules/home/wm/default.nix +++ b/modules/home/wm/default.nix @@ -58,7 +58,7 @@ in service = "some-service-name"; } ]; - description = "list of block configurations, merged with the defauls"; + description = "list of block configurations, merged with the defaults"; }; }; }; diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix index 69246f0..5f22bbe 100644 --- a/modules/home/wm/i3/default.nix +++ b/modules/home/wm/i3/default.nix @@ -127,9 +127,11 @@ in { class = "^Blueman-.*$"; } { title = "^htop$"; } { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; } - { class = "^Pavucontrol.*$"; } + { class = "^firefox$"; instance = "Places"; window_role = "Organizer"; } + { class = "^pavucontrol.*$"; } { class = "^Arandr$"; } - { class = ".?blueman-manager.*$"; } + { class = "^\\.blueman-manager-wrapped$"; } + { class = "^\\.arandr-wrapped$"; } ]; }; @@ -371,8 +373,7 @@ in }; startup = [ - # FIXME - # { commdand; always; notification; } + # NOTE: rely on systemd user services instead... ]; window = { diff --git a/modules/home/wm/screen-lock/default.nix b/modules/home/wm/screen-lock/default.nix index 3b2ead6..5e6874e 100644 --- a/modules/home/wm/screen-lock/default.nix +++ b/modules/home/wm/screen-lock/default.nix @@ -2,7 +2,7 @@ let cfg = config.my.home.wm.screen-lock; - notficationCmd = + notificationCmd = let duration = toString (cfg.notify.delay * 1000); notifyCmd = "${lib.getExe pkgs.libnotify} -u critical -t ${duration}"; @@ -48,7 +48,7 @@ in "-notify" "${toString cfg.notify.delay}" "-notifier" - notficationCmd + notificationCmd ]; }; }; diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index 3bba198..803167f 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -11,7 +11,7 @@ in enable = true; # File types mime.enable = true; - # File associatons + # File associations mimeApps = { enable = true; }; @@ -30,9 +30,11 @@ in }; # A tidy home is a tidy mind dataFile = { + "tig/.keep".text = ""; # `tig` uses `XDG_DATA_HOME` specifically... + }; + stateFile = { "bash/.keep".text = ""; - "gdb/.keep".text = ""; - "tig/.keep".text = ""; + "python/.keep".text = ""; }; }; @@ -42,14 +44,16 @@ in ANDROID_USER_HOME = "${configHome}/android"; CARGO_HOME = "${dataHome}/cargo"; DOCKER_CONFIG = "${configHome}/docker"; - GDBHISTFILE = "${dataHome}/gdb/gdb_history"; - HISTFILE = "${dataHome}/bash/history"; + GRADLE_USER_HOME = "${dataHome}/gradle"; + HISTFILE = "${stateHome}/bash/history"; INPUTRC = "${configHome}/readline/inputrc"; - LESSHISTFILE = "${dataHome}/less/history"; - LESSKEY = "${configHome}/less/lesskey"; - PSQL_HISTORY = "${dataHome}/psql_history"; + PSQL_HISTORY = "${stateHome}/psql_history"; + PYTHONPYCACHEPREFIX = "${cacheHome}/python/"; + PYTHONUSERBASE = "${dataHome}/python/"; + PYTHON_HISTORY = "${stateHome}/python/history"; + REDISCLI_HISTFILE = "${stateHome}/redis/rediscli_history"; REPO_CONFIG_DIR = "${configHome}/repo"; - REDISCLI_HISTFILE = "${dataHome}/redis/rediscli_history"; XCOMPOSECACHE = "${dataHome}/X11/xcompose"; + _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java"; }; } diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 4cadb57..f4092d8 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -15,81 +15,150 @@ in enable = my.mkDisableOption "zsh configuration"; launchTmux = mkEnableOption "auto launch tmux at shell start"; - }; - config = lib.mkIf cfg.enable { - home.packages = with pkgs; [ - zsh-completions - ]; + notify = { + enable = mkEnableOption "zsh-done notification"; - programs.zsh = { - enable = true; - dotDir = "${relativeXdgConfig}/zsh"; # Don't clutter $HOME - enableCompletion = true; - - history = { - size = 500000; - save = 500000; - extended = true; - expireDuplicatesFirst = true; - ignoreSpace = true; - ignoreDups = true; - share = false; - path = "${config.xdg.dataHome}/zsh/zsh_history"; + exclude = mkOption { + type = with types; listOf str; + default = [ + "delta" + "direnv reload" + "fg" + "git (?!push|pull|fetch)" + "htop" + "less" + "man" + "nvim" + "tail -f" + "tmux" + "vim" + ]; + example = [ "command --long-running-option" ]; + description = '' + List of exclusions which should not be create a notification. Accepts + Perl regexes (implicitly anchored with `^\s*`). + ''; }; - plugins = [ - { - name = "fast-syntax-highlighting"; - file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh"; - src = pkgs.zsh-fast-syntax-highlighting; - } - { - name = "agkozak-zsh-prompt"; - file = "share/zsh/site-functions/agkozak-zsh-prompt.plugin.zsh"; - src = pkgs.agkozak-zsh-prompt; - } + ssh = { + enable = mkEnableOption "notify through SSH/non-graphical connections"; + + useOsc777 = lib.my.mkDisableOption "use OSC-777 for notifications"; + }; + }; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + zsh-completions ]; - # Modal editing is life, but CLI benefits from emacs gymnastics - defaultKeymap = "emacs"; + programs.zsh = { + enable = true; + dotDir = "${relativeXdgConfig}/zsh"; # Don't clutter $HOME + enableCompletion = true; - # Make those happen early to avoid doing double the work - initExtraFirst = '' - ${ - lib.optionalString cfg.launchTmux '' + history = { + size = 500000; + save = 500000; + extended = true; + expireDuplicatesFirst = true; + ignoreSpace = true; + ignoreDups = true; + share = false; + path = "${config.xdg.stateHome}/zsh/zsh_history"; + }; + + plugins = [ + { + name = "fast-syntax-highlighting"; + file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh"; + src = pkgs.zsh-fast-syntax-highlighting; + } + { + name = "agkozak-zsh-prompt"; + file = "share/zsh/site-functions/agkozak-zsh-prompt.plugin.zsh"; + src = pkgs.agkozak-zsh-prompt; + } + ]; + + # Modal editing is life, but CLI benefits from emacs gymnastics + defaultKeymap = "emacs"; + + initContent = lib.mkMerge [ + # Make those happen early to avoid doing double the work + (lib.mkBefore (lib.optionalString cfg.launchTmux '' # Launch tmux unless already inside one if [ -z "$TMUX" ]; then exec tmux new-session fi - '' - } - ''; + '')) - initExtra = '' - source ${./completion-styles.zsh} - source ${./extra-mappings.zsh} - source ${./options.zsh} + (lib.mkAfter '' + source ${./completion-styles.zsh} + source ${./extra-mappings.zsh} + source ${./options.zsh} - # Source local configuration - if [ -f "$ZDOTDIR/zshrc.local" ]; then - source "$ZDOTDIR/zshrc.local" - fi - ''; + # Source local configuration + if [ -f "$ZDOTDIR/zshrc.local" ]; then + source "$ZDOTDIR/zshrc.local" + fi + '') + ]; - localVariables = { - # I like having the full path - AGKOZAK_PROMPT_DIRTRIM = 0; - # Because I *am* from EPITA - AGKOZAK_PROMPT_CHAR = [ "42sh$" "42sh#" ":" ]; - # Easy on the eyes - AGKOZAK_COLORS_BRANCH_STATUS = "magenta"; - # I don't like moving my eyes - AGKOZAK_LEFT_PROMPT_ONLY = 1; + localVariables = { + # I like having the full path + AGKOZAK_PROMPT_DIRTRIM = 0; + # Because I *am* from EPITA + AGKOZAK_PROMPT_CHAR = [ "42sh$" "42sh#" ":" ]; + # Easy on the eyes + AGKOZAK_COLORS_BRANCH_STATUS = "magenta"; + # I don't like moving my eyes + AGKOZAK_LEFT_PROMPT_ONLY = 1; + }; + + # Enable VTE integration + enableVteIntegration = true; }; + } - # Enable VTE integration - enableVteIntegration = true; - }; - }; + (lib.mkIf cfg.notify.enable { + programs.zsh = { + plugins = [ + { + name = "zsh-done"; + file = "share/zsh/site-functions/done.plugin.zsh"; + src = pkgs.ambroisie.zsh-done; + } + ]; + + # `localVariables` values don't get merged correctly due to their type, + # don't use `mkIf` + localVariables = { + DONE_EXCLUDE = + let + joined = lib.concatMapStringsSep "|" (c: "(${c})") cfg.notify.exclude; + in + ''^\s*(${joined})''; + } + # Enable `zsh-done` through SSH, if configured + // lib.optionalAttrs cfg.notify.ssh.enable { + DONE_ALLOW_NONGRAPHICAL = 1; + }; + + # Use OSC-777 to send the notification through SSH + initContent = lib.mkIf cfg.notify.ssh.useOsc777 '' + done_send_notification() { + local exit_status="$1" + local title="$2" + local message="$3" + + ${lib.getExe pkgs.ambroisie.osc777} "$title" "$message" + } + ''; + }; + }) + ]); } diff --git a/modules/home/zsh/options.zsh b/modules/home/zsh/options.zsh index 32da8d8..7bcad03 100644 --- a/modules/home/zsh/options.zsh +++ b/modules/home/zsh/options.zsh @@ -12,7 +12,7 @@ setopt rc_quotes setopt auto_resume # Show history expansion before running a command setopt hist_verify -# Append commands to history as they are exectuted +# Append commands to history as they are executed setopt inc_append_history_time # Remove useless whitespace from commands setopt hist_reduce_blanks diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 3648631..2eaa2e6 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -5,7 +5,6 @@ imports = [ ./hardware ./home - ./profiles ./programs ./secrets ./services diff --git a/modules/nixos/hardware/bluetooth/default.nix b/modules/nixos/hardware/bluetooth/default.nix index 2d840f9..b14ac21 100644 --- a/modules/nixos/hardware/bluetooth/default.nix +++ b/modules/nixos/hardware/bluetooth/default.nix @@ -20,28 +20,10 @@ in # Support for additional bluetooth codecs (lib.mkIf cfg.loadExtraCodecs { - hardware.pulseaudio = { + services.pulseaudio = { extraModules = [ pkgs.pulseaudio-modules-bt ]; package = pkgs.pulseaudioFull; }; - - environment.etc = { - "wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = '' - bluez_monitor.properties = { - -- SBC XQ provides better audio - ["bluez5.enable-sbc-xq"] = true, - - -- mSBC provides better audio + microphone - ["bluez5.enable-msbc"] = true, - - -- Synchronize volume with bluetooth device - ["bluez5.enable-hw-volume"] = true, - - -- FIXME: Some devices may now support both hsp_ag and hfp_ag - ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]" - } - ''; - }; }) # Support for A2DP audio profile diff --git a/modules/nixos/hardware/default.nix b/modules/nixos/hardware/default.nix index 2a686f7..8e125ca 100644 --- a/modules/nixos/hardware/default.nix +++ b/modules/nixos/hardware/default.nix @@ -6,9 +6,10 @@ ./bluetooth ./ergodox ./firmware - ./mx-ergo + ./graphics ./networking ./sound + ./trackball ./upower ]; } diff --git a/modules/nixos/hardware/graphics/default.nix b/modules/nixos/hardware/graphics/default.nix new file mode 100644 index 0000000..7d8b359 --- /dev/null +++ b/modules/nixos/hardware/graphics/default.nix @@ -0,0 +1,84 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.my.hardware.graphics; +in +{ + options.my.hardware.graphics = with lib; { + enable = mkEnableOption "graphics configuration"; + + gpuFlavor = mkOption { + type = with types; nullOr (enum [ "amd" "intel" ]); + default = null; + example = "intel"; + description = "Which kind of GPU to install driver for"; + }; + + amd = { + enableKernelModule = lib.my.mkDisableOption "Kernel driver module"; + + amdvlk = lib.mkEnableOption "Use AMDVLK instead of Mesa RADV driver"; + }; + + intel = { + enableKernelModule = lib.my.mkDisableOption "Kernel driver module"; + }; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + { + hardware.graphics = { + enable = true; + }; + } + + # AMD GPU + (lib.mkIf (cfg.gpuFlavor == "amd") { + hardware.amdgpu = { + initrd.enable = cfg.amd.enableKernelModule; + # Vulkan + amdvlk = lib.mkIf cfg.amd.amdvlk { + enable = true; + support32Bit = { + enable = true; + }; + }; + }; + + hardware.graphics = { + extraPackages = with pkgs; [ + # OpenCL + rocmPackages.clr + rocmPackages.clr.icd + ]; + }; + }) + + # Intel GPU + (lib.mkIf (cfg.gpuFlavor == "intel") { + boot.initrd.kernelModules = lib.mkIf cfg.intel.enableKernelModule [ "i915" ]; + + environment.variables = { + VDPAU_DRIVER = "va_gl"; + }; + + hardware.graphics = { + extraPackages = with pkgs; [ + # Open CL + intel-compute-runtime + + # VA API + intel-media-driver + intel-vaapi-driver + libvdpau-va-gl + ]; + + extraPackages32 = with pkgs.driversi686Linux; [ + # VA API + intel-media-driver + intel-vaapi-driver + libvdpau-va-gl + ]; + }; + }) + ]); +} diff --git a/modules/nixos/hardware/sound/default.nix b/modules/nixos/hardware/sound/default.nix index e8ba7f7..cd453de 100644 --- a/modules/nixos/hardware/sound/default.nix +++ b/modules/nixos/hardware/sound/default.nix @@ -54,10 +54,7 @@ in # Pulseaudio setup (lib.mkIf cfg.pulse.enable { - # ALSA - sound.enable = true; - - hardware.pulseaudio.enable = true; + services.pulseaudio.enable = true; }) ]); } diff --git a/modules/nixos/hardware/mx-ergo/default.nix b/modules/nixos/hardware/trackball/default.nix similarity index 70% rename from modules/nixos/hardware/mx-ergo/default.nix rename to modules/nixos/hardware/trackball/default.nix index e4e55a1..a9b24e3 100644 --- a/modules/nixos/hardware/mx-ergo/default.nix +++ b/modules/nixos/hardware/trackball/default.nix @@ -1,18 +1,19 @@ # Hold down the `next page` button to scroll using the ball { config, lib, ... }: let - cfg = config.my.hardware.mx-ergo; + cfg = config.my.hardware.trackball; in { - options.my.hardware.mx-ergo = with lib; { - enable = mkEnableOption "MX Ergo configuration"; + options.my.hardware.trackball = with lib; { + enable = mkEnableOption "trackball configuration"; }; config = lib.mkIf cfg.enable { services.xserver = { # This section must be *after* the one configured by `libinput` - # for the `ScrollMethod` configuration to not be overriden + # for the `ScrollMethod` configuration to not be overridden inputClassSections = lib.mkAfter [ + # MX Ergo '' Identifier "MX Ergo scroll button configuration" MatchProduct "MX Ergo" diff --git a/modules/nixos/home/default.nix b/modules/nixos/home/default.nix index fe00704..fb120f2 100644 --- a/modules/nixos/home/default.nix +++ b/modules/nixos/home/default.nix @@ -13,8 +13,13 @@ in config = lib.mkIf cfg.enable { home-manager = { - # Not a fan of out-of-directory imports, but this is a good exception - users.${config.my.user.name} = import "${inputs.self}/modules/home"; + users.${config.my.user.name} = { + # Not a fan of out-of-directory imports, but this is a good exception + imports = [ + "${inputs.self}/modules/common" + "${inputs.self}/modules/home" + ]; + }; # Nix Flakes compatibility useGlobalPkgs = true; diff --git a/modules/nixos/profiles/bluetooth/default.nix b/modules/nixos/profiles/bluetooth/default.nix deleted file mode 100644 index 292d0d1..0000000 --- a/modules/nixos/profiles/bluetooth/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.my.profiles.bluetooth; -in -{ - options.my.profiles.bluetooth = with lib; { - enable = mkEnableOption "bluetooth profile"; - }; - - config = lib.mkIf cfg.enable { - my.hardware.bluetooth.enable = true; - - my.home.bluetooth.enable = true; - }; -} diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix deleted file mode 100644 index 43d5a84..0000000 --- a/modules/nixos/profiles/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -# Configuration that spans accross system and home, or are almagations of modules -{ ... }: -{ - imports = [ - ./bluetooth - ./devices - ./gtk - ./laptop - ./wm - ./x - ]; -} diff --git a/modules/nixos/profiles/devices/default.nix b/modules/nixos/profiles/devices/default.nix deleted file mode 100644 index 7dbd299..0000000 --- a/modules/nixos/profiles/devices/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.my.profiles.devices; -in -{ - options.my.profiles.devices = with lib; { - enable = mkEnableOption "devices profile"; - }; - - config = lib.mkIf cfg.enable { - my.hardware = { - ergodox.enable = true; - - mx-ergo.enable = true; - }; - - # MTP devices auto-mount via file explorers - services.gvfs.enable = true; - }; -} diff --git a/modules/nixos/profiles/gtk/default.nix b/modules/nixos/profiles/gtk/default.nix deleted file mode 100644 index a8d6d9a..0000000 --- a/modules/nixos/profiles/gtk/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.my.profiles.gtk; -in -{ - options.my.profiles.gtk = with lib; { - enable = mkEnableOption "gtk profile"; - }; - - config = lib.mkIf cfg.enable { - # Allow setting GTK configuration using home-manager - programs.dconf.enable = true; - - # GTK theme configuration - my.home.gtk.enable = true; - }; -} diff --git a/modules/nixos/profiles/laptop/default.nix b/modules/nixos/profiles/laptop/default.nix deleted file mode 100644 index 20a29d7..0000000 --- a/modules/nixos/profiles/laptop/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.my.profiles.laptop; -in -{ - options.my.profiles.laptop = with lib; { - enable = mkEnableOption "laptop profile"; - }; - - config = lib.mkIf cfg.enable { - # Enable touchpad support - services.xserver.libinput.enable = true; - - # Enable TLP power management - my.services.tlp.enable = true; - - # Enable upower power management - my.hardware.upower.enable = true; - - # Enable battery notifications - my.home.power-alert.enable = true; - }; -} diff --git a/modules/nixos/profiles/wm/default.nix b/modules/nixos/profiles/wm/default.nix deleted file mode 100644 index c227328..0000000 --- a/modules/nixos/profiles/wm/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.my.profiles.wm; -in -{ - options.my.profiles.wm = with lib; { - windowManager = mkOption { - type = with types; nullOr (enum [ "i3" ]); - default = null; - example = "i3"; - description = "Which window manager to use"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf (cfg.windowManager == "i3") { - # Enable i3 - services.xserver.windowManager.i3.enable = true; - # i3 settings - my.home.wm.windowManager = "i3"; - # Screenshot tool - my.home.flameshot.enable = true; - # Auto disk mounter - my.home.udiskie.enable = true; - # udiskie fails if it can't find this dbus service - services.udisks2.enable = true; - }) - ]; -} diff --git a/modules/nixos/profiles/x/default.nix b/modules/nixos/profiles/x/default.nix deleted file mode 100644 index ea77939..0000000 --- a/modules/nixos/profiles/x/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, pkgs, ... }: -let - cfg = config.my.profiles.x; -in -{ - options.my.profiles.x = with lib; { - enable = mkEnableOption "X profile"; - }; - - config = lib.mkIf cfg.enable { - # Enable the X11 windowing system. - services.xserver.enable = true; - # Nice wallpaper - services.xserver.displayManager.lightdm.background = - let - wallpapers = "${pkgs.plasma5Packages.plasma-workspace-wallpapers}/share/wallpapers"; - in - "${wallpapers}/summer_1am/contents/images/2560x1600.jpg"; - - # X configuration - my.home.x.enable = true; - }; -} diff --git a/modules/nixos/services/aria/default.nix b/modules/nixos/services/aria/default.nix new file mode 100644 index 0000000..acbf0b7 --- /dev/null +++ b/modules/nixos/services/aria/default.nix @@ -0,0 +1,74 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.my.services.aria; +in +{ + options.my.services.aria = with lib; { + enable = mkEnableOption ""; + + rpcSecretFile = mkOption { + type = types.str; + example = "/run/secrets/aria-secret.txt"; + description = '' + File containing the RPC secret. + ''; + }; + + rpcPort = mkOption { + type = types.port; + default = 6800; + example = 8080; + description = "RPC port"; + }; + + downloadDir = mkOption { + type = types.str; + default = "/data/downloads"; + example = "/var/lib/transmission/download"; + description = "Download directory"; + }; + }; + + config = lib.mkIf cfg.enable { + services.aria2 = { + enable = true; + + inherit (cfg) downloadDir rpcSecretFile; + + rpcListenPort = cfg.rpcPort; + openPorts = false; # I don't want to expose the RPC port + }; + + # Expose DHT ports + networking.firewall = { + # FIXME: check for overlap? + allowedUDPPortRanges = config.services.aria2.listenPortRange; + }; + + # Set-up media group + users.groups.media = { }; + + systemd.services.aria2 = { + serviceConfig = { + Group = lib.mkForce "media"; # Use 'media' group + }; + }; + + my.services.nginx.virtualHosts = { + aria = { + root = "${pkgs.ariang}/share/ariang"; + # For paranoia, don't allow anybody to use the UI unauthenticated + sso = { + enable = true; + }; + }; + aria-rpc = { + port = cfg.rpcPort; + # Proxy websockets for RPC + websocketsLocations = [ "/" ]; + }; + }; + + # NOTE: unfortunately aria2 does not log connection failures for fail2ban + }; +} diff --git a/modules/nixos/services/audiobookshelf/default.nix b/modules/nixos/services/audiobookshelf/default.nix new file mode 100644 index 0000000..04ec8b9 --- /dev/null +++ b/modules/nixos/services/audiobookshelf/default.nix @@ -0,0 +1,53 @@ +# Audiobook and podcast library +{ config, lib, ... }: +let + cfg = config.my.services.audiobookshelf; +in +{ + options.my.services.audiobookshelf = with lib; { + enable = mkEnableOption "Audiobookshelf, a self-hosted podcast manager"; + + port = mkOption { + type = types.port; + default = 8000; + example = 4242; + description = "The port on which Audiobookshelf will listen for incoming HTTP traffic."; + }; + }; + + config = lib.mkIf cfg.enable { + services.audiobookshelf = { + enable = true; + inherit (cfg) port; + + group = "media"; + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + audiobookshelf = { + inherit (cfg) port; + # Proxy websockets for RPC + websocketsLocations = [ "/" ]; + }; + }; + + services.fail2ban.jails = { + audiobookshelf = '' + enabled = true + filter = audiobookshelf + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/audiobookshelf.conf".text = '' + [Definition] + failregex = ^.*ERROR: \[Auth\] Failed login attempt for username ".*" from ip + journalmatch = _SYSTEMD_UNIT=audiobookshelf.service + ''; + }; + }; +} diff --git a/modules/nixos/services/backup/default.nix b/modules/nixos/services/backup/default.nix index ff0fc7f..8aeeae1 100644 --- a/modules/nixos/services/backup/default.nix +++ b/modules/nixos/services/backup/default.nix @@ -89,6 +89,16 @@ in }; config = lib.mkIf cfg.enable { + # Essential files which should always be backed up + my.services.backup.paths = lib.flatten [ + # Should be unique to a given host, used by some software (e.g: ZFS) + "/etc/machine-id" + # Contains the UID/GID map, and other useful state + "/var/lib/nixos" + # SSH host keys (and public keys for convenience) + (builtins.map (key: [ key.path "${key.path}.pub" ]) config.services.openssh.hostKeys) + ]; + services.restic.backups.backblaze = { # Take care of included and excluded files paths = cfg.paths; diff --git a/modules/nixos/services/blog/default.nix b/modules/nixos/services/blog/default.nix index 3e68df2..e4d2d42 100644 --- a/modules/nixos/services/blog/default.nix +++ b/modules/nixos/services/blog/default.nix @@ -35,7 +35,7 @@ in useACMEHost = domain; default = true; - locations."/".return = "302 https://belanyi.fr$request_uri"; + locations."/".return = "302 https://${domain}$request_uri"; }; }; diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index b27570d..27f8765 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -3,18 +3,23 @@ { imports = [ ./adblock + ./aria + ./audiobookshelf ./backup ./blog ./calibre-web ./drone ./fail2ban ./flood + ./forgejo ./gitea ./grocy - ./indexers + ./homebox ./jellyfin + ./komga ./lohr ./matrix + ./mealie ./miniflux ./monitoring ./navidrome @@ -22,13 +27,15 @@ ./nginx ./nix-cache ./paperless - ./pirate + ./pdf-edit ./podgrab ./postgresql ./postgresql-backup + ./pyload ./quassel ./rss-bridge ./sabnzbd + ./servarr ./ssh-server ./tandoor-recipes ./tlp diff --git a/modules/nixos/services/drone/server/default.nix b/modules/nixos/services/drone/server/default.nix index a3a1e49..d6148f4 100644 --- a/modules/nixos/services/drone/server/default.nix +++ b/modules/nixos/services/drone/server/default.nix @@ -6,8 +6,8 @@ in config = lib.mkIf cfg.enable { systemd.services.drone-server = { wantedBy = [ "multi-user.target" ]; - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; + after = [ "postgresql.target" ]; + requires = [ "postgresql.target" ]; serviceConfig = { EnvironmentFile = [ cfg.secretFile diff --git a/modules/nixos/services/flood/default.nix b/modules/nixos/services/flood/default.nix index 155e73d..f3fe90b 100644 --- a/modules/nixos/services/flood/default.nix +++ b/modules/nixos/services/flood/default.nix @@ -1,5 +1,5 @@ # A nice UI for various torrent clients -{ config, lib, pkgs, ... }: +{ config, lib, ... }: let cfg = config.my.services.flood; in @@ -13,31 +13,13 @@ in example = 3000; description = "Internal port for Flood UI"; }; - - stateDir = mkOption { - type = types.str; - default = "flood"; - example = "floodUI"; - description = "Directory under `/var/run` for storing Flood's files"; - }; }; config = lib.mkIf cfg.enable { - systemd.services.flood = { - description = "Flood torrent UI"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; + services.flood = { + enable = true; - serviceConfig = { - ExecStart = lib.concatStringsSep " " [ - (lib.getExe pkgs.flood) - "--port ${builtins.toString cfg.port}" - "--rundir /var/lib/${cfg.stateDir}" - ]; - DynamicUser = true; - StateDirectory = cfg.stateDir; - ReadWritePaths = ""; - }; + inherit (cfg) port; }; my.services.nginx.virtualHosts = { @@ -45,5 +27,7 @@ in inherit (cfg) port; }; }; + + # NOTE: unfortunately flood does not log connection failures for fail2ban }; } diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix new file mode 100644 index 0000000..511724b --- /dev/null +++ b/modules/nixos/services/forgejo/default.nix @@ -0,0 +1,166 @@ +# A low-resource, full-featured git forge. +{ config, lib, ... }: +let + cfg = config.my.services.forgejo; +in +{ + options.my.services.forgejo = with lib; { + enable = mkEnableOption "Forgejo"; + port = mkOption { + type = types.port; + default = 3042; + example = 8080; + description = "Internal port"; + }; + mail = { + enable = mkEnableOption { + description = "mailer configuration"; + }; + host = mkOption { + type = types.str; + example = "smtp.example.com"; + description = "Host for the mail account"; + }; + port = mkOption { + type = types.port; + default = 465; + example = 587; + description = "Port for the mail account"; + }; + user = mkOption { + type = types.str; + example = "forgejo@example.com"; + description = "User for the mail account"; + }; + passwordFile = mkOption { + type = types.str; + example = "/run/secrets/forgejo-mail-password.txt"; + description = "Password for the mail account"; + }; + protocol = mkOption { + type = types.str; + default = "smtps"; + example = "smtp"; + description = "Protocol for connection"; + }; + }; + }; + + config = lib.mkIf cfg.enable { + assertions = [ + { + assertion = cfg.enable -> !config.my.services.gitea.enable; + message = '' + `config.my.services.forgejo` is incompatible with + `config.my.services.gitea`. + ''; + } + ]; + + services.forgejo = + let + inherit (config.networking) domain; + forgejoDomain = "git.${domain}"; + in + { + enable = true; + + user = "git"; + group = "git"; + + lfs.enable = true; + + useWizard = false; + + database = { + type = "postgres"; # Automatic setup + user = "git"; # User needs to be the same as forgejo user + name = "git"; # Name must be the same as user for `ensureDBOwnership` + }; + + # NixOS module uses `forgejo dump` to backup repositories and the database, + # but it produces a single .zip file that's not very backup friendly. + # I configure my backup system manually below. + dump.enable = false; + + secrets = { + mailer = lib.mkIf cfg.mail.enable { + PASSWD = cfg.mail.passwordFile; + }; + }; + + settings = { + DEFAULT = { + APP_NAME = "Ambroisie's forge"; + }; + + server = { + HTTP_PORT = cfg.port; + DOMAIN = forgejoDomain; + ROOT_URL = "https://${forgejoDomain}"; + }; + + mailer = lib.mkIf cfg.mail.enable { + ENABLED = true; + SMTP_ADDR = cfg.mail.host; + SMTP_PORT = cfg.mail.port; + FROM = "Forgejo <${cfg.mail.user}>"; + USER = cfg.mail.user; + PROTOCOL = cfg.mail.protocol; + }; + + service = { + DISABLE_REGISTRATION = true; + }; + + session = { + # only send cookies via HTTPS + COOKIE_SECURE = true; + }; + }; + }; + + users.users.git = { + description = "Forgejo Service"; + home = config.services.forgejo.stateDir; + useDefaultShell = true; + group = "git"; + isSystemUser = true; + }; + users.groups.git = { }; + + my.services.nginx.virtualHosts = { + # Proxy to Forgejo + git = { + inherit (cfg) port; + }; + # Redirect `forgejo.` to actual forge subdomain + forgejo = { + redirect = config.services.forgejo.settings.server.ROOT_URL; + }; + }; + + my.services.backup = { + paths = [ + config.services.forgejo.lfs.contentDir + config.services.forgejo.repositoryRoot + ]; + }; + + services.fail2ban.jails = { + forgejo = '' + enabled = true + filter = forgejo + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/forgejo.conf".text = '' + [Definition] + failregex = ^.*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from $ + journalmatch = _SYSTEMD_UNIT=forgejo.service + ''; + }; + }; +} diff --git a/modules/nixos/services/gitea/default.nix b/modules/nixos/services/gitea/default.nix index 4a8a3bb..95bdf42 100644 --- a/modules/nixos/services/gitea/default.nix +++ b/modules/nixos/services/gitea/default.nix @@ -1,4 +1,4 @@ -# A low-ressource, full-featured git forge. +# A low-resource, full-featured git forge. { config, lib, ... }: let cfg = config.my.services.gitea; @@ -18,9 +18,15 @@ in }; host = mkOption { type = types.str; - example = "smtp.example.com:465"; + example = "smtp.example.com"; description = "Host for the mail account"; }; + port = mkOption { + type = types.port; + default = 465; + example = 587; + description = "Port for the mail account"; + }; user = mkOption { type = types.str; example = "gitea@example.com"; @@ -31,17 +37,11 @@ in example = "/run/secrets/gitea-mail-password.txt"; description = "Password for the mail account"; }; - type = mkOption { + protocol = mkOption { type = types.str; - default = "smtp"; + default = "smtps"; example = "smtp"; - description = "Password for the mail account"; - }; - tls = mkOption { - type = types.bool; - default = true; - example = false; - description = "Use TLS for connection"; + description = "Protocol for connection"; }; }; }; @@ -58,6 +58,8 @@ in appName = "Ambroisie's forge"; user = "git"; + group = "git"; + lfs.enable = true; useWizard = false; @@ -84,11 +86,11 @@ in mailer = lib.mkIf cfg.mail.enable { ENABLED = true; - HOST = cfg.mail.host; - FROM = cfg.mail.user; + SMTP_ADDR = cfg.mail.host; + SMTP_PORT = cfg.mail.port; + FROM = "Gitea <${cfg.mail.user}>"; USER = cfg.mail.user; - MAILER_TYPE = cfg.mail.type; - IS_TLS_ENABLED = cfg.mail.tls; + PROTOCOL = cfg.mail.protocol; }; service = { @@ -107,11 +109,6 @@ in home = config.services.gitea.stateDir; useDefaultShell = true; group = "git"; - - # The service for gitea seems to hardcode the group as - # gitea, so, uh, just in case? - extraGroups = [ "gitea" ]; - isSystemUser = true; }; users.groups.git = { }; diff --git a/modules/nixos/services/grocy/default.nix b/modules/nixos/services/grocy/default.nix index 87927d6..9045b03 100644 --- a/modules/nixos/services/grocy/default.nix +++ b/modules/nixos/services/grocy/default.nix @@ -36,5 +36,7 @@ in forceSSL = true; useACMEHost = config.networking.domain; }; + + # NOTE: unfortunately grocy does not log connection failures for fail2ban }; } diff --git a/modules/nixos/services/homebox/default.nix b/modules/nixos/services/homebox/default.nix new file mode 100644 index 0000000..8ed5d77 --- /dev/null +++ b/modules/nixos/services/homebox/default.nix @@ -0,0 +1,48 @@ +# Home inventory made easy +{ config, lib, ... }: +let + cfg = config.my.services.homebox; +in +{ + options.my.services.homebox = with lib; { + enable = mkEnableOption "Homebox home inventory"; + + port = mkOption { + type = types.port; + default = 7745; + example = 8080; + description = "Internal port for webui"; + }; + }; + + config = lib.mkIf cfg.enable { + services.homebox = { + enable = true; + + # Automatic PostgreSQL provisioning + database = { + createLocally = true; + }; + + settings = { + # FIXME: mailer? + HBOX_WEB_PORT = toString cfg.port; + }; + }; + + my.services.nginx.virtualHosts = { + homebox = { + inherit (cfg) port; + websocketsLocations = [ "/api" ]; + }; + }; + + my.services.backup = { + paths = [ + config.services.homebox.settings.HBOX_STORAGE_DATA + ]; + }; + + # NOTE: unfortunately homebox does not log connection failures for fail2ban + }; +} diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix deleted file mode 100644 index 8a42345..0000000 --- a/modules/nixos/services/indexers/default.nix +++ /dev/null @@ -1,78 +0,0 @@ -# Torrent and usenet meta-indexers -{ config, lib, ... }: -let - cfg = config.my.services.indexers; - - jackettPort = 9117; - nzbhydraPort = 5076; - prowlarrPort = 9696; -in -{ - options.my.services.indexers = with lib; { - jackett.enable = mkEnableOption "Jackett torrent meta-indexer"; - nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer"; - prowlarr.enable = mkEnableOption "Prowlarr torrent & usenet meta-indexer"; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.jackett.enable { - services.jackett = { - enable = true; - }; - - # Jackett wants to eat *all* my RAM if left to its own devices - systemd.services.jackett = { - serviceConfig = { - MemoryHigh = "15%"; - MemoryMax = "25%"; - }; - }; - - my.services.nginx.virtualHosts = { - jackett = { - port = jackettPort; - }; - }; - }) - - (lib.mkIf cfg.nzbhydra.enable { - services.nzbhydra2 = { - enable = true; - }; - - my.services.nginx.virtualHosts = { - nzbhydra = { - port = nzbhydraPort; - }; - }; - }) - - (lib.mkIf cfg.prowlarr.enable { - services.prowlarr = { - enable = true; - }; - - my.services.nginx.virtualHosts = { - prowlarr = { - port = prowlarrPort; - }; - }; - - services.fail2ban.jails = { - prowlarr = '' - enabled = true - filter = prowlarr - action = iptables-allports - ''; - }; - - environment.etc = { - "fail2ban/filter.d/prowlarr.conf".text = '' - [Definition] - failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ - journalmatch = _SYSTEMD_UNIT=prowlarr.service - ''; - }; - }) - ]; -} diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix index f5aaa99..6edeb67 100644 --- a/modules/nixos/services/jellyfin/default.nix +++ b/modules/nixos/services/jellyfin/default.nix @@ -27,19 +27,31 @@ in my.services.nginx.virtualHosts = { jellyfin = { port = 8096; + websocketsLocations = [ "/socket" ]; extraConfig = { locations."/" = { extraConfig = '' proxy_buffering off; ''; }; - # Too bad for the repetition... - locations."/socket" = { - proxyPass = "http://127.0.0.1:8096/"; - proxyWebsockets = true; - }; }; }; }; + + services.fail2ban.jails = { + jellyfin = '' + enabled = true + filter = jellyfin + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/jellyfin.conf".text = '' + [Definition] + failregex = ^.*Authentication request for .* has been denied \(IP: "?"?\)\. + journalmatch = _SYSTEMD_UNIT=jellyfin.service + ''; + }; }; } diff --git a/modules/nixos/services/komga/default.nix b/modules/nixos/services/komga/default.nix new file mode 100644 index 0000000..9af3cd1 --- /dev/null +++ b/modules/nixos/services/komga/default.nix @@ -0,0 +1,55 @@ +# A Comics/Manga media server +{ config, lib, ... }: +let + cfg = config.my.services.komga; +in +{ + options.my.services.komga = with lib; { + enable = mkEnableOption "Komga comics server"; + + port = mkOption { + type = types.port; + default = 4584; + example = 8080; + description = "Internal port for webui"; + }; + }; + + config = lib.mkIf cfg.enable { + services.komga = { + enable = true; + + group = "media"; + + settings = { + server.port = cfg.port; + logging.level.org.gotson.komga = "DEBUG"; # Needed for fail2ban + }; + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + komga = { + inherit (cfg) port; + }; + }; + + services.fail2ban.jails = { + komga = '' + enabled = true + filter = komga + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/komga.conf".text = '' + [Definition] + failregex = ^.* ip=,.*Bad credentials.*$ + journalmatch = _SYSTEMD_UNIT=komga.service + ''; + }; + }; +} diff --git a/modules/nixos/services/lohr/default.nix b/modules/nixos/services/lohr/default.nix index dd4eea8..21ed93b 100644 --- a/modules/nixos/services/lohr/default.nix +++ b/modules/nixos/services/lohr/default.nix @@ -59,21 +59,6 @@ in "LOHR_HOME=${lohrHome}" "LOHR_CONFIG=" ]; - ExecStartPre = lib.mkIf (cfg.sshKeyFile != null) ''+${ - pkgs.writeScript "copy-ssh-key" '' - #!${pkgs.bash}/bin/bash - # Ensure the key is not there - mkdir -p '${lohrHome}/.ssh' - rm -f '${lohrHome}/.ssh/id_ed25519' - - # Move the key into place - cp ${cfg.sshKeyFile} '${lohrHome}/.ssh/id_ed25519' - - # Fix permissions - chown -R lohr:lohr '${lohrHome}/.ssh' - chmod -R 0700 '${lohrHome}/.ssh' - '' - }''; ExecStart = let configFile = settingsFormat.generate "lohr-config.yaml" cfg.setting; @@ -103,5 +88,24 @@ in inherit (cfg) port; }; }; + + # SSH key provisioning + systemd.tmpfiles.settings."10-lohr" = lib.mkIf (cfg.sshKeyFile != null) { + "${lohrHome}/.ssh" = { + d = { + user = "lohr"; + group = "lohr"; + mode = "0700"; + }; + }; + "${lohrHome}/.ssh/id_ed25519" = { + "L+" = { + user = "lohr"; + group = "lohr"; + mode = "0700"; + argument = cfg.sshKeyFile; + }; + }; + }; }; } diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index bd2a017..f423834 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -26,21 +26,6 @@ in description = "Shared secret to register users"; }; - slidingSync = { - port = mkOption { - type = types.port; - default = 8009; - example = 8084; - description = "Port used by sliding sync server"; - }; - - secretFile = mkOption { - type = types.str; - example = "/var/lib/matrix/sliding-sync-secret-file.env"; - description = "Secret file which contains SYNCV3_SECRET definition"; - }; - }; - mailConfigFile = mkOption { type = types.str; example = "/var/lib/matrix/email-config.yaml"; @@ -104,17 +89,6 @@ in extraConfigFiles = [ cfg.mailConfigFile ] ++ lib.optional (cfg.secretFile != null) cfg.secretFile; - - sliding-sync = { - enable = true; - - settings = { - SYNCV3_SERVER = "https://${matrixDomain}"; - SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.slidingSync.port}"; - }; - - environmentFile = cfg.slidingSync.secretFile; - }; }; my.services.nginx.virtualHosts = { @@ -130,9 +104,6 @@ in "m.identity_server" = { "base_url" = "https://vector.im"; }; - "org.matrix.msc3575.proxy" = { - "url" = "https://matrix-sync.${domain}"; - }; }; showLabsSettings = true; defaultCountryCode = "FR"; # cocorico @@ -152,10 +123,6 @@ in matrix-client = { port = clientPort.private; }; - # Sliding sync - matrix-sync = { - inherit (cfg.slidingSync) port; - }; }; # Those are too complicated to use my wrapper... @@ -178,11 +145,6 @@ in "/_matrix" = proxyToClientPort; "/_synapse/client" = proxyToClientPort; - - # Sliding sync - "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = { - proxyPass = "http://${config.services.matrix-synapse.sliding-sync.settings.SYNCV3_BINDADDR}"; - }; }; listen = [ @@ -228,7 +190,6 @@ in client = { "m.homeserver" = { "base_url" = "https://${matrixDomain}"; }; "m.identity_server" = { "base_url" = "https://vector.im"; }; - "org.matrix.msc3575.proxy" = { "url" = "https://matrix-sync.${domain}"; }; }; # ACAO required to allow element-web on any URL to request this json file in diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix new file mode 100644 index 0000000..8c02398 --- /dev/null +++ b/modules/nixos/services/mealie/default.nix @@ -0,0 +1,72 @@ +{ config, lib, ... }: +let + cfg = config.my.services.mealie; +in +{ + options.my.services.mealie = with lib; { + enable = mkEnableOption "Mealie service"; + + port = mkOption { + type = types.port; + default = 4537; + example = 8080; + description = "Internal port for webui"; + }; + + credentialsFile = mkOption { + type = types.str; + example = "/var/lib/mealie/credentials.env"; + description = '' + Configuration file for secrets. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + services.mealie = { + enable = true; + inherit (cfg) port credentialsFile; + + settings = { + # Basic settings + BASE_URL = "https://mealie.${config.networking.domain}"; + TZ = config.time.timeZone; + ALLOw_SIGNUP = "false"; + }; + + # Automatic PostgreSQL provisioning + database = { + createLocally = true; + }; + }; + + my.services.nginx.virtualHosts = { + mealie = { + inherit (cfg) port; + + extraConfig = { + # Allow bulk upload of recipes for import/export + locations."/".extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + }; + + services.fail2ban.jails = { + mealie = '' + enabled = true + filter = mealie + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/mealie.conf".text = '' + [Definition] + failregex = ^.*ERROR.*Incorrect username or password from + journalmatch = _SYSTEMD_UNIT=mealie.service + ''; + }; + }; +} diff --git a/modules/nixos/services/miniflux/default.nix b/modules/nixos/services/miniflux/default.nix index 5104c8b..400ae00 100644 --- a/modules/nixos/services/miniflux/default.nix +++ b/modules/nixos/services/miniflux/default.nix @@ -48,5 +48,21 @@ in inherit (cfg) port; }; }; + + services.fail2ban.jails = { + miniflux = '' + enabled = true + filter = miniflux + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/miniflux.conf".text = '' + [Definition] + failregex = ^.*msg="[^"]*(Incorrect|Invalid) username or password[^"]*".*client_ip= + journalmatch = _SYSTEMD_UNIT=miniflux.service + ''; + }; }; } diff --git a/modules/nixos/services/navidrome/default.nix b/modules/nixos/services/navidrome/default.nix index 944a97a..c513b91 100644 --- a/modules/nixos/services/navidrome/default.nix +++ b/modules/nixos/services/navidrome/default.nix @@ -52,5 +52,21 @@ in inherit (cfg) port; }; }; + + services.fail2ban.jails = { + navidrome = '' + enabled = true + filter = navidrome + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/navidrome.conf".text = '' + [Definition] + failregex = ^.*msg="Unsuccessful login".*X-Real-Ip:\[\] + journalmatch = _SYSTEMD_UNIT=navidrome.service + ''; + }; }; } diff --git a/modules/nixos/services/nextcloud/collabora.nix b/modules/nixos/services/nextcloud/collabora.nix new file mode 100644 index 0000000..f8f42a7 --- /dev/null +++ b/modules/nixos/services/nextcloud/collabora.nix @@ -0,0 +1,50 @@ +# Document editor with Nextcloud +{ config, lib, ... }: +let + cfg = config.my.services.nextcloud.collabora; +in +{ + options.my.services.nextcloud.collabora = with lib; { + enable = mkEnableOption "Collabora integration"; + + port = mkOption { + type = types.port; + default = 9980; + example = 8080; + description = "Internal port for API"; + }; + }; + + config = lib.mkIf cfg.enable { + services.collabora-online = { + enable = true; + inherit (cfg) port; + + aliasGroups = [ + { + host = "https://collabora.${config.networking.domain}"; + # Allow using from nextcloud + aliases = [ "https://${config.services.nextcloud.hostName}" ]; + } + ]; + + settings = { + # Rely on reverse proxy for SSL + ssl = { + enable = false; + termination = true; + }; + }; + }; + + my.services.nginx.virtualHosts = { + collabora = { + inherit (cfg) port; + websocketsLocations = [ + "~ ^/cool/(.*)/ws$" + "^~ /cool/adminws" + ]; + }; + }; + }; +} diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index 65b7234..d8d4fce 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -4,6 +4,10 @@ let cfg = config.my.services.nextcloud; in { + imports = [ + ./collabora.nix + ]; + options.my.services.nextcloud = with lib; { enable = mkEnableOption "Nextcloud"; maxSize = mkOption { @@ -31,7 +35,7 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud27; + package = pkgs.nextcloud31; hostName = "nextcloud.${config.networking.domain}"; home = "/var/lib/nextcloud"; maxUploadSize = cfg.maxSize; @@ -40,8 +44,17 @@ in adminuser = cfg.admin; adminpassFile = cfg.passwordFile; dbtype = "pgsql"; - dbhost = "/run/postgresql"; - overwriteProtocol = "https"; # Nginx only allows SSL + }; + + https = true; + + # Automatic PostgreSQL provisioning + database = { + createLocally = true; + }; + + settings = { + overwriteprotocol = "https"; # Nginx only allows SSL }; notify_push = { @@ -51,22 +64,6 @@ in }; }; - services.postgresql = { - enable = true; - ensureDatabases = [ "nextcloud" ]; - ensureUsers = [ - { - name = "nextcloud"; - ensureDBOwnership = true; - } - ]; - }; - - systemd.services."nextcloud-setup" = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - }; - # The service above configures the domain, no need for my wrapper services.nginx.virtualHosts."nextcloud.${config.networking.domain}" = { forceSSL = true; @@ -82,5 +79,25 @@ in "${config.services.nextcloud.home}/data/appdata_*/preview" ]; }; + + services.fail2ban.jails = { + nextcloud = '' + enabled = true + filter = nextcloud + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/nextcloud.conf".text = '' + [Definition] + _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*) + datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?" + failregex = ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Login failed: + ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Trusted domain error. + ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Two-factor challenge failed: + journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service + ''; + }; }; } diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index 7980ad9..1e9e38a 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -17,6 +17,16 @@ let ''; }; + websocketsLocations = mkOption { + type = with types; listOf str; + default = [ ]; + example = [ "/socket" ]; + description = '' + Which locations on this virtual host should be configured for + websockets. + ''; + }; + port = mkOption { type = with types; nullOr port; default = null; @@ -59,14 +69,15 @@ let extraConfig = mkOption { type = types.attrs; # FIXME: forward type of virtualHosts - example = litteralExample '' - { - locations."/socket" = { - proxyPass = "http://127.0.0.1:8096/"; - proxyWebsockets = true; - }; - } - ''; + example = { + extraConfig = '' + add_header X-Clacks-Overhead "GNU Terry Pratchett"; + ''; + + locations."/".extraConfig = '' + client_max_body_size 1G; + ''; + }; default = { }; description = '' Any extra configuration that should be applied to this virtual host. @@ -76,10 +87,6 @@ let }); in { - imports = [ - ./sso - ]; - options.my.services.nginx = with lib; { enable = mkEnableOption "Nginx"; @@ -88,7 +95,7 @@ in type = types.str; example = "/var/lib/acme/creds.env"; description = '' - Gandi API key file as an 'EnvironmentFile' (see `systemd.exec(5)`) + OVH API key file as an 'EnvironmentFile' (see `systemd.exec(5)`) ''; }; }; @@ -100,26 +107,19 @@ in virtualHosts = mkOption { type = types.attrsOf virtualHostOption; default = { }; - example = litteralExample '' - { - gitea = { - subdomain = "git"; - port = 8080; - }; - dev = { - root = "/var/www/dev"; - }; - jellyfin = { - port = 8096; - extraConfig = { - locations."/socket" = { - proxyPass = "http://127.0.0.1:8096/"; - proxyWebsockets = true; - }; - }; - }; - } - ''; + example = { + gitea = { + subdomain = "git"; + port = 8080; + }; + dev = { + root = "/var/www/dev"; + }; + jellyfin = { + port = 8096; + websocketsLocations = [ "/socket" ]; + }; + }; description = '' List of virtual hosts to set-up using default settings. ''; @@ -163,25 +163,21 @@ in }; }; }); - example = litteralExample '' - { - alice = { - passwordHashFile = "/var/lib/nginx-sso/alice/password-hash.txt"; - totpSecretFile = "/var/lib/nginx-sso/alice/totp-secret.txt"; - }; - } - ''; + example = { + alice = { + passwordHashFile = "/var/lib/nginx-sso/alice/password-hash.txt"; + totpSecretFile = "/var/lib/nginx-sso/alice/totp-secret.txt"; + }; + }; description = "Definition of users"; }; groups = mkOption { type = with types; attrsOf (listOf str); - example = litteralExample '' - { - root = [ "alice" ]; - users = [ "alice" "bob" ]; - } - ''; + example = { + root = [ "alice" ]; + users = [ "alice" "bob" ]; + }; description = "Groups of users"; }; }; @@ -203,6 +199,19 @@ in } configured. ''; })) + ++ (lib.flip lib.mapAttrsToList cfg.virtualHosts (_: { subdomain, ... } @ args: + let + proxyPass = [ "port" "socket" ]; + proxyPassUsed = lib.any (v: args.${v} != null) proxyPass; + in + { + assertion = args.websocketsLocations != [ ] -> proxyPassUsed; + message = '' + Subdomain '${subdomain}' can only use 'websocketsLocations' with one of ${ + lib.concatStringsSep ", " (builtins.map (v: "'${v}'") proxyPass) + }. + ''; + })) ++ ( let ports = lib.my.mapFilter @@ -244,11 +253,18 @@ in recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - recommendedZstdSettings = true; virtualHosts = let domain = config.networking.domain; + mkProxyPass = { websocketsLocations, ... }: proxyPass: + let + websockets = lib.genAttrs websocketsLocations (_: { + inherit proxyPass; + proxyWebsockets = true; + }); + in + { "/" = { inherit proxyPass; }; } // websockets; mkVHost = ({ subdomain, ... } @ args: lib.nameValuePair "${subdomain}.${domain}" (lib.my.recursiveMerge [ @@ -259,8 +275,7 @@ in } # Proxy to port (lib.optionalAttrs (args.port != null) { - locations."/".proxyPass = - "http://127.0.0.1:${toString args.port}"; + locations = mkProxyPass args "http://127.0.0.1:${toString args.port}"; }) # Serve filesystem content (lib.optionalAttrs (args.root != null) { @@ -268,8 +283,7 @@ in }) # Serve to UNIX socket (lib.optionalAttrs (args.socket != null) { - locations."/".proxyPass = - "http://unix:${args.socket}"; + locations = mkProxyPass args "http://unix:${args.socket}"; }) # Redirect to a different domain (lib.optionalAttrs (args.redirect != null) { @@ -289,6 +303,7 @@ in locations."/" = { extraConfig = + # FIXME: check that X-User is dropped otherwise (args.extraConfig.locations."/".extraConfig or "") + '' # Use SSO auth_request /sso-auth; @@ -422,7 +437,8 @@ in { "${domain}" = { extraDomainNames = [ "*.${domain}" ]; - dnsProvider = "gandiv5"; + dnsProvider = "ovh"; + dnsPropagationCheck = false; # OVH is slow inherit (cfg.acme) credentialsFile; }; }; diff --git a/modules/nixos/services/nginx/sso/default.nix b/modules/nixos/services/nginx/sso/default.nix deleted file mode 100644 index 4a78282..0000000 --- a/modules/nixos/services/nginx/sso/default.nix +++ /dev/null @@ -1,89 +0,0 @@ -# I must override the module to allow having runtime secrets -{ config, lib, pkgs, utils, ... }: -let - cfg = config.services.nginx.sso; - pkg = lib.getBin cfg.package; - confPath = "/var/lib/nginx-sso/config.json"; -in -{ - disabledModules = [ "services/security/nginx-sso.nix" ]; - - - options.services.nginx.sso = with lib; { - enable = mkEnableOption "nginx-sso service"; - - package = mkOption { - type = types.package; - default = pkgs.nginx-sso; - defaultText = "pkgs.nginx-sso"; - description = '' - The nginx-sso package that should be used. - ''; - }; - - configuration = mkOption { - type = types.attrsOf types.unspecified; - default = { }; - example = literalExample '' - { - listen = { addr = "127.0.0.1"; port = 8080; }; - - providers.token.tokens = { - myuser = "MyToken"; - }; - - acl = { - rule_sets = [ - { - rules = [ { field = "x-application"; equals = "MyApp"; } ]; - allow = [ "myuser" ]; - } - ]; - }; - } - ''; - description = '' - nginx-sso configuration - (documentation) - as a Nix attribute set. - ''; - }; - }; - - config = lib.mkIf cfg.enable { - systemd.services.nginx-sso = { - description = "Nginx SSO Backend"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - StateDirectory = "nginx-sso"; - WorkingDirectory = "/var/lib/nginx-sso"; - # The files to be merged might not have the correct permissions - ExecStartPre = ''+${pkgs.writeShellScript "merge-nginx-sso-config" '' - rm -f '${confPath}' - ${utils.genJqSecretsReplacementSnippet cfg.configuration confPath} - - # Fix permissions - chown nginx-sso:nginx-sso ${confPath} - chmod 0600 ${confPath} - '' - }''; - ExecStart = lib.mkForce '' - ${lib.getExe pkg} \ - --config ${confPath} \ - --frontend-dir ${pkg}/share/frontend - ''; - Restart = "always"; - User = "nginx-sso"; - Group = "nginx-sso"; - }; - }; - - users.users.nginx-sso = { - isSystemUser = true; - group = "nginx-sso"; - }; - - users.groups.nginx-sso = { }; - }; -} diff --git a/modules/nixos/services/nix-cache/default.nix b/modules/nixos/services/nix-cache/default.nix index 1ce3161..f3a29aa 100644 --- a/modules/nixos/services/nix-cache/default.nix +++ b/modules/nixos/services/nix-cache/default.nix @@ -40,7 +40,7 @@ in inherit (cfg) priority; }; - signKeyPath = cfg.secretKeyFile; + signKeyPaths = [ cfg.secretKeyFile ]; }; my.services.nginx.virtualHosts = { diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index c40e895..1195977 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -52,88 +52,39 @@ in mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath; - extraConfig = - let - paperlessDomain = "paperless.${config.networking.domain}"; - in - { - # Use SSO - PAPERLESS_ENABLE_HTTP_REMOTE_USER = true; - PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER"; + settings = { + # Use SSO + PAPERLESS_ENABLE_HTTP_REMOTE_USER = true; + PAPERLESS_ENABLE_HTTP_REMOTE_USER_API = true; + PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER"; - # Use PostgreSQL - PAPERLESS_DBHOST = "/run/postgresql"; - PAPERLESS_DBUSER = "paperless"; - PAPERLESS_DBNAME = "paperless"; + # Security settings + PAPERLESS_URL = "https://paperless.${config.networking.domain}"; + PAPERLESS_USE_X_FORWARD_HOST = true; + PAPERLESS_PROXY_SSL_HEADER = [ "HTTP_X_FORWARDED_PROTO" "https" ]; - # Security settings - PAPERLESS_ALLOWED_HOSTS = paperlessDomain; - PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}"; + # OCR settings + PAPERLESS_OCR_LANGUAGE = "fra+eng"; - # OCR settings - PAPERLESS_OCR_LANGUAGE = "fra+eng"; + # Workers + PAPERLESS_TASK_WORKERS = 3; + PAPERLESS_THREADS_PER_WORKER = 4; - # Workers - PAPERLESS_TASK_WORKERS = 3; - PAPERLESS_THREADS_PER_WORKER = 4; - - # Misc - PAPERLESS_TIME_ZONE = config.time.timeZone; - PAPERLESS_ADMIN_USER = cfg.username; - }; + # Misc + PAPERLESS_TIME_ZONE = config.time.timeZone; + PAPERLESS_ADMIN_USER = cfg.username; + }; # Admin password passwordFile = cfg.passwordFile; - }; - systemd.services = { - paperless-scheduler = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; + # Secret key + environmentFile = cfg.secretKeyFile; - serviceConfig = { - EnvironmentFile = cfg.secretKeyFile; - }; + # Automatic PostgreSQL provisioning + database = { + createLocally = true; }; - - paperless-consumer = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - - serviceConfig = { - EnvironmentFile = cfg.secretKeyFile; - }; - }; - - paperless-web = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - - serviceConfig = { - EnvironmentFile = cfg.secretKeyFile; - }; - }; - - paperless-task-queue = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - - serviceConfig = { - EnvironmentFile = cfg.secretKeyFile; - }; - }; - }; - - # Set-up database - services.postgresql = { - enable = true; - ensureDatabases = [ "paperless" ]; - ensureUsers = [ - { - name = "paperless"; - ensureDBOwnership = true; - } - ]; }; # Set-up media group @@ -149,11 +100,7 @@ in sso = { enable = true; }; - - # Enable websockets on root - extraConfig = { - locations."/".proxyWebsockets = true; - }; + websocketsLocations = [ "/" ]; }; }; diff --git a/modules/nixos/services/pdf-edit/default.nix b/modules/nixos/services/pdf-edit/default.nix new file mode 100644 index 0000000..d59507b --- /dev/null +++ b/modules/nixos/services/pdf-edit/default.nix @@ -0,0 +1,73 @@ +{ config, lib, ... }: +let + cfg = config.my.services.pdf-edit; +in +{ + options.my.services.pdf-edit = with lib; { + enable = mkEnableOption "PDF edition service"; + + port = mkOption { + type = types.port; + default = 8089; + example = 8080; + description = "Internal port for webui"; + }; + + loginFile = mkOption { + type = types.str; + example = "/run/secrets/pdf-edit/login.env"; + description = '' + `SECURITY_INITIALLOGIN_USERNAME` and `SECURITY_INITIALLOGIN_PASSWORD` + defined in the format of 'EnvironmentFile' (see `systemd.exec(5)`). + ''; + }; + }; + + config = lib.mkIf cfg.enable { + services.stirling-pdf = lib.mkIf cfg.enable { + enable = true; + + environment = { + SERVER_PORT = cfg.port; + SECURITY_CSRFDISABLED = "false"; + + SYSTEM_SHOWUPDATE = "false"; # We don't care about update notifications + INSTALL_BOOK_AND_ADVANCED_HTML_OPS = "true"; # Installed by the module + + SECURITY_ENABLELOGIN = "true"; + SECURITY_LOGINATTEMPTCOUNT = "-1"; # Rely on fail2ban instead + }; + + environmentFiles = [ cfg.loginFile ]; + }; + + my.services.nginx.virtualHosts = { + pdf-edit = { + inherit (cfg) port; + + extraConfig = { + # Allow upload of PDF files up to 1G + locations."/".extraConfig = '' + client_max_body_size 1G; + ''; + }; + }; + }; + + services.fail2ban.jails = { + stirling-pdf = '' + enabled = true + filter = stirling-pdf + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/stirling-pdf.conf".text = '' + [Definition] + failregex = ^.*Failed login attempt from IP: $ + journalmatch = _SYSTEMD_UNIT=stirling-pdf.service + ''; + }; + }; +} diff --git a/modules/nixos/services/pirate/default.nix b/modules/nixos/services/pirate/default.nix deleted file mode 100644 index e500b54..0000000 --- a/modules/nixos/services/pirate/default.nix +++ /dev/null @@ -1,92 +0,0 @@ -# The total autonomous media delivery system. -# Relevant link [1]. -# -# [1]: https://youtu.be/I26Ql-uX6AM -{ config, lib, ... }: -let - cfg = config.my.services.pirate; - - ports = { - bazarr = 6767; - lidarr = 8686; - radarr = 7878; - sonarr = 8989; - }; - - mkService = service: { - services.${service} = { - enable = true; - group = "media"; - }; - }; - - mkRedirection = service: { - my.services.nginx.virtualHosts = { - ${service} = { - port = ports.${service}; - }; - }; - }; - - mkFail2Ban = service: lib.mkIf cfg.${service}.enable { - services.fail2ban.jails = { - ${service} = '' - enabled = true - filter = ${service} - action = iptables-allports - ''; - }; - - environment.etc = { - "fail2ban/filter.d/${service}.conf".text = '' - [Definition] - failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ - journalmatch = _SYSTEMD_UNIT=${service}.service - ''; - }; - }; - - mkFullConfig = service: lib.mkIf cfg.${service}.enable (lib.mkMerge [ - (mkService service) - (mkRedirection service) - ]); -in -{ - options.my.services.pirate = { - enable = lib.mkEnableOption "Media automation"; - - bazarr = { - enable = lib.my.mkDisableOption "Bazarr"; - }; - - lidarr = { - enable = lib.my.mkDisableOption "Lidarr"; - }; - - radarr = { - enable = lib.my.mkDisableOption "Radarr"; - }; - - sonarr = { - enable = lib.my.mkDisableOption "Sonarr"; - }; - }; - - config = lib.mkIf cfg.enable (lib.mkMerge [ - { - # Set-up media group - users.groups.media = { }; - } - # Bazarr does not log authentication failures... - (mkFullConfig "bazarr") - # Lidarr for music - (mkFullConfig "lidarr") - (mkFail2Ban "lidarr") - # Radarr for movies - (mkFullConfig "radarr") - (mkFail2Ban "radarr") - # Sonarr for shows - (mkFullConfig "sonarr") - (mkFail2Ban "sonarr") - ]); -} diff --git a/modules/nixos/services/podgrab/default.nix b/modules/nixos/services/podgrab/default.nix index 5ceebb6..3ced8d3 100644 --- a/modules/nixos/services/podgrab/default.nix +++ b/modules/nixos/services/podgrab/default.nix @@ -13,7 +13,16 @@ in example = "/run/secrets/password.env"; description = '' The path to a file containing the PASSWORD environment variable - definition for Podgrab's authentification. + definition for Podgrab's authentication. + ''; + }; + + dataDir = mkOption { + type = with types; nullOr str; + default = null; + example = "/mnt/podgrab"; + description = '' + Path to the directory to store the podcasts. Use default if null ''; }; @@ -29,8 +38,14 @@ in services.podgrab = { enable = true; inherit (cfg) passwordFile port; + + group = "media"; + dataDirectory = lib.mkIf (cfg.dataDir != null) cfg.dataDir; }; + # Set-up media group + users.groups.media = { }; + my.services.nginx.virtualHosts = { podgrab = { inherit (cfg) port; diff --git a/modules/nixos/services/postgresql/default.nix b/modules/nixos/services/postgresql/default.nix index 6f51f3e..1dca164 100644 --- a/modules/nixos/services/postgresql/default.nix +++ b/modules/nixos/services/postgresql/default.nix @@ -14,30 +14,34 @@ in # Let other services enable postgres when they need it (lib.mkIf cfg.enable { services.postgresql = { - package = pkgs.postgresql_13; + package = pkgs.postgresql_17; }; }) # Taken from the manual (lib.mkIf cfg.upgradeScript { - containers.temp-pg.config.services.postgresql = { - enable = true; - package = pkgs.postgresql_13; - }; - environment.systemPackages = let - newpg = config.containers.temp-pg.config.services.postgresql; + pgCfg = config.services.postgresql; + newPackage' = pkgs.postgresql_17; + + oldPackage = if pgCfg.enableJIT then pgCfg.package.withJIT else pgCfg.package; + oldData = pgCfg.dataDir; + oldBin = "${if pgCfg.extensions == [] then oldPackage else oldPackage.withPackages pgCfg.extensions}/bin"; + + newPackage = if pgCfg.enableJIT then newPackage'.withJIT else newPackage'; + newData = "/var/lib/postgresql/${newPackage.psqlSchema}"; + newBin = "${if pgCfg.extensions == [] then newPackage else newPackage.withPackages pgCfg.extensions}/bin"; in [ (pkgs.writeScriptBin "upgrade-pg-cluster" '' #!/usr/bin/env bash - set -x - export OLDDATA="${config.services.postgresql.dataDir}" - export NEWDATA="${newpg.dataDir}" - export OLDBIN="${config.services.postgresql.package}/bin" - export NEWBIN="${newpg.package}/bin" + set -eux + export OLDDATA="${oldData}" + export NEWDATA="${newData}" + export OLDBIN="${oldBin}" + export NEWBIN="${newBin}" if [ "$OLDDATA" -ef "$NEWDATA" ]; then echo "Cannot migrate to same data directory" >&2 @@ -46,14 +50,21 @@ in install -d -m 0700 -o postgres -g postgres "$NEWDATA" cd "$NEWDATA" - sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" + sudo -u postgres "$NEWBIN/initdb" -D "$NEWDATA" systemctl stop postgresql # old one - sudo -u postgres $NEWBIN/pg_upgrade \ + sudo -u postgres "$NEWBIN/pg_upgrade" \ --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \ - --old-bindir $OLDBIN --new-bindir $NEWBIN \ + --old-bindir "$OLDBIN" --new-bindir "$NEWBIN" \ "$@" + + cat << EOF + Run the following commands after setting: + services.postgresql.package = pkgs.postgresql_${lib.versions.major newPackage.version} + sudo -u postgres vacuumdb --all --analyze-in-stages + ${newData}/delete_old_cluster.sh + EOF '') ]; }) diff --git a/modules/nixos/services/pyload/default.nix b/modules/nixos/services/pyload/default.nix new file mode 100644 index 0000000..7257d0f --- /dev/null +++ b/modules/nixos/services/pyload/default.nix @@ -0,0 +1,72 @@ +{ config, lib, ... }: +let + cfg = config.my.services.pyload; +in +{ + options.my.services.pyload = with lib; { + enable = mkEnableOption "pyload download manager"; + + credentialsFile = mkOption { + type = types.path; + example = "/run/secrets/pyload-credentials.env"; + description = "pyload credentials"; + }; + + downloadDirectory = mkOption { + type = types.str; + default = "/data/downloads/pyload"; + example = "/var/lib/pyload/download"; + description = "Download directory"; + }; + + port = mkOption { + type = types.port; + default = 9093; + example = 8080; + description = "Internal port for webui"; + }; + }; + + config = lib.mkIf cfg.enable { + services.pyload = { + enable = true; + + # Listening on `localhost` leads to 502 with the reverse proxy... + listenAddress = "127.0.0.1"; + + inherit (cfg) + credentialsFile + downloadDirectory + port + ; + + # Use media group when downloading files + group = "media"; + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + pyload = { + inherit (cfg) port; + }; + }; + + services.fail2ban.jails = { + pyload = '' + enabled = true + filter = pyload + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/pyload.conf".text = '' + [Definition] + failregex = ^.*Login failed for user '.*' \[CLIENT: \]$ + journalmatch = _SYSTEMD_UNIT=pyload.service + ''; + }; + }; +} diff --git a/modules/nixos/services/rss-bridge/default.nix b/modules/nixos/services/rss-bridge/default.nix index 85e37c2..52b1030 100644 --- a/modules/nixos/services/rss-bridge/default.nix +++ b/modules/nixos/services/rss-bridge/default.nix @@ -11,7 +11,9 @@ in config = lib.mkIf cfg.enable { services.rss-bridge = { enable = true; - whitelist = [ "*" ]; # Whitelist all + config = { + system.enabled_bridges = [ "*" ]; # Whitelist all + }; virtualHost = "rss-bridge.${config.networking.domain}"; }; diff --git a/modules/nixos/services/servarr/autobrr.nix b/modules/nixos/services/servarr/autobrr.nix new file mode 100644 index 0000000..c3370cb --- /dev/null +++ b/modules/nixos/services/servarr/autobrr.nix @@ -0,0 +1,63 @@ +# IRC-based indexer +{ config, lib, ... }: +let + cfg = config.my.services.servarr.autobrr; +in +{ + options.my.services.servarr.autobrr = with lib; { + enable = mkEnableOption "autobrr IRC announce tracker" // { + default = config.my.services.servarr.enableAll; + }; + + port = mkOption { + type = types.port; + default = 7474; + example = 8080; + description = "Internal port for webui"; + }; + + sessionSecretFile = mkOption { + type = types.str; + example = "/run/secrets/autobrr-secret.txt"; + description = '' + File containing the session secret. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + services.autobrr = { + enable = true; + + settings = { + inherit (cfg) port; + checkForUpdates = false; + }; + + secretFile = cfg.sessionSecretFile; + }; + + my.services.nginx.virtualHosts = { + autobrr = { + inherit (cfg) port; + websocketsLocations = [ "/api" ]; + }; + }; + + services.fail2ban.jails = { + autobrr = '' + enabled = true + filter = autobrr + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/autobrr.conf".text = '' + [Definition] + failregex = "message":"Auth: Failed login attempt username: \[.*\] ip: " + journalmatch = _SYSTEMD_UNIT=autobrr.service + ''; + }; + }; +} diff --git a/modules/nixos/services/servarr/bazarr.nix b/modules/nixos/services/servarr/bazarr.nix new file mode 100644 index 0000000..637da0c --- /dev/null +++ b/modules/nixos/services/servarr/bazarr.nix @@ -0,0 +1,37 @@ +{ config, lib, ... }: +let + cfg = config.my.services.servarr.bazarr; +in +{ + options.my.services.servarr.bazarr = with lib; { + enable = lib.mkEnableOption "Bazarr" // { + default = config.my.services.servarr.enableAll; + }; + + port = mkOption { + type = types.port; + default = 6767; + example = 8080; + description = "Internal port for webui"; + }; + }; + + config = lib.mkIf cfg.enable { + services.bazarr = { + enable = true; + group = "media"; + listenPort = cfg.port; + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + bazarr = { + inherit (cfg) port; + }; + }; + + # Bazarr does not log authentication failures... + }; +} diff --git a/modules/nixos/services/servarr/cross-seed.nix b/modules/nixos/services/servarr/cross-seed.nix new file mode 100644 index 0000000..74f216a --- /dev/null +++ b/modules/nixos/services/servarr/cross-seed.nix @@ -0,0 +1,96 @@ +# Automatic cross-seeding for video media +{ config, lib, ... }: +let + cfg = config.my.services.servarr.cross-seed; +in +{ + options.my.services.servarr.cross-seed = with lib; { + enable = mkEnableOption "cross-seed daemon" // { + default = config.my.services.servarr.enableAll; + }; + + port = mkOption { + type = types.port; + default = 2468; + example = 8080; + description = "Internal port for daemon"; + }; + + linkDirectory = mkOption { + type = types.str; + default = "/data/downloads/complete/links"; + example = "/var/lib/cross-seed/links"; + description = "Link directory"; + }; + + secretSettingsFile = mkOption { + type = types.str; + example = "/run/secrets/cross-seed-secrets.json"; + description = '' + File containing secret settings. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + services.cross-seed = { + enable = true; + group = "media"; + + # Rely on recommended defaults for tracker snatches etc... + useGenConfigDefaults = true; + + settings = { + inherit (cfg) port; + host = "127.0.0.1"; + + # Inject torrents to client directly + action = "inject"; + # Query the client for torrents to match + useClientTorrents = true; + # Use hardlinks + linkType = "hardlink"; + # Use configured link directory + linkDirs = [ cfg.linkDirectory ]; + # Match as many torrents as possible + matchMode = "partial"; + # Cross-seed full season if at least 50% of episodes are already downloaded + seasonFromEpisodes = 0.5; + }; + + settingsFile = cfg.secretSettingsFile; + }; + + systemd.services.cross-seed = { + serviceConfig = { + # Loose umask to make cross-seed links readable by `media` + UMask = "0002"; + }; + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + cross-seed = { + inherit (cfg) port; + }; + }; + + services.fail2ban.jails = { + cross-seed = '' + enabled = true + filter = cross-seed + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/cross-seed.conf".text = '' + [Definition] + failregex = ^.*Unauthorized API access attempt to .* from $ + journalmatch = _SYSTEMD_UNIT=cross-seed.service + ''; + }; + }; +} diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix new file mode 100644 index 0000000..dca57cf --- /dev/null +++ b/modules/nixos/services/servarr/default.nix @@ -0,0 +1,23 @@ +# The total autonomous media delivery system. +# Relevant link [1]. +# +# [1]: https://youtu.be/I26Ql-uX6AM +{ lib, ... }: +{ + imports = [ + ./autobrr.nix + ./bazarr.nix + ./cross-seed.nix + ./jackett.nix + ./nzbhydra.nix + ./prowlarr.nix + (import ./starr.nix "lidarr") + (import ./starr.nix "radarr") + (import ./starr.nix "readarr") + (import ./starr.nix "sonarr") + ]; + + options.my.services.servarr = { + enableAll = lib.mkEnableOption "media automation suite"; + }; +} diff --git a/modules/nixos/services/servarr/jackett.nix b/modules/nixos/services/servarr/jackett.nix new file mode 100644 index 0000000..481cd3d --- /dev/null +++ b/modules/nixos/services/servarr/jackett.nix @@ -0,0 +1,41 @@ +{ config, lib, ... }: +let + cfg = config.my.services.servarr.jackett; +in +{ + options.my.services.servarr.jackett = with lib; { + enable = lib.mkEnableOption "Jackett" // { + default = config.my.services.servarr.enableAll; + }; + + port = mkOption { + type = types.port; + default = 9117; + example = 8080; + description = "Internal port for webui"; + }; + }; + + config = lib.mkIf cfg.enable { + services.jackett = { + enable = true; + inherit (cfg) port; + }; + + # Jackett wants to eat *all* my RAM if left to its own devices + systemd.services.jackett = { + serviceConfig = { + MemoryHigh = "15%"; + MemoryMax = "25%"; + }; + }; + + my.services.nginx.virtualHosts = { + jackett = { + inherit (cfg) port; + }; + }; + + # Jackett does not log authentication failures... + }; +} diff --git a/modules/nixos/services/servarr/nzbhydra.nix b/modules/nixos/services/servarr/nzbhydra.nix new file mode 100644 index 0000000..7b63986 --- /dev/null +++ b/modules/nixos/services/servarr/nzbhydra.nix @@ -0,0 +1,26 @@ +{ config, lib, ... }: +let + cfg = config.my.services.servarr.nzbhydra; +in +{ + options.my.services.servarr.nzbhydra = with lib; { + enable = lib.mkEnableOption "NZBHydra2" // { + default = config.my.services.servarr.enableAll; + }; + }; + + config = lib.mkIf cfg.enable { + services.nzbhydra2 = { + enable = true; + }; + + my.services.nginx.virtualHosts = { + nzbhydra = { + port = 5076; + websocketsLocations = [ "/" ]; + }; + }; + + # NZBHydra2 does not log authentication failures... + }; +} diff --git a/modules/nixos/services/servarr/prowlarr.nix b/modules/nixos/services/servarr/prowlarr.nix new file mode 100644 index 0000000..ce044c6 --- /dev/null +++ b/modules/nixos/services/servarr/prowlarr.nix @@ -0,0 +1,53 @@ +# Torrent and NZB indexer +{ config, lib, ... }: +let + cfg = config.my.services.servarr.prowlarr; +in +{ + options.my.services.servarr.prowlarr = with lib; { + enable = lib.mkEnableOption "Prowlarr" // { + default = config.my.services.servarr.enableAll; + }; + + port = mkOption { + type = types.port; + default = 9696; + example = 8080; + description = "Internal port for webui"; + }; + }; + + config = lib.mkIf cfg.enable { + services.prowlarr = { + enable = true; + + settings = { + server = { + port = cfg.port; + }; + }; + }; + + my.services.nginx.virtualHosts = { + prowlarr = { + inherit (cfg) port; + }; + }; + + services.fail2ban.jails = { + prowlarr = '' + enabled = true + filter = prowlarr + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/prowlarr.conf".text = '' + [Definition] + failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ + journalmatch = _SYSTEMD_UNIT=prowlarr.service + ''; + }; + }; +} diff --git a/modules/nixos/services/servarr/starr.nix b/modules/nixos/services/servarr/starr.nix new file mode 100644 index 0000000..2bf7c11 --- /dev/null +++ b/modules/nixos/services/servarr/starr.nix @@ -0,0 +1,64 @@ +# Templated *arr configuration +starr: +{ config, lib, ... }: +let + cfg = config.my.services.servarr.${starr}; + ports = { + lidarr = 8686; + radarr = 7878; + readarr = 8787; + sonarr = 8989; + }; +in +{ + options.my.services.servarr.${starr} = with lib; { + enable = lib.mkEnableOption (lib.toSentenceCase starr) // { + default = config.my.services.servarr.enableAll; + }; + + port = mkOption { + type = types.port; + default = ports.${starr}; + example = 8080; + description = "Internal port for webui"; + }; + }; + + config = lib.mkIf cfg.enable { + services.${starr} = { + enable = true; + group = "media"; + + settings = { + server = { + port = cfg.port; + }; + }; + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + ${starr} = { + port = cfg.port; + }; + }; + + services.fail2ban.jails = { + ${starr} = '' + enabled = true + filter = ${starr} + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/${starr}.conf".text = '' + [Definition] + failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ + journalmatch = _SYSTEMD_UNIT=${starr}.service + ''; + }; + }; +} diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix index f5dc2db..169eec8 100644 --- a/modules/nixos/services/tandoor-recipes/default.nix +++ b/modules/nixos/services/tandoor-recipes/default.nix @@ -49,8 +49,8 @@ in systemd.services = { tandoor-recipes = { - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; + after = [ "postgresql.target" ]; + requires = [ "postgresql.target" ]; serviceConfig = { EnvironmentFile = cfg.secretKeyFile; @@ -73,7 +73,16 @@ in my.services.nginx.virtualHosts = { recipes = { inherit (cfg) port; + + extraConfig = { + # Allow bulk upload of recipes for import/export + locations."/".extraConfig = '' + client_max_body_size 0; + ''; + }; }; }; + + # NOTE: unfortunately tandoor-recipes does not log connection failures for fail2ban }; } diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index aeb88b7..ddd77d4 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -47,6 +47,7 @@ in enable = true; package = pkgs.transmission_4; group = "media"; + webHome = pkgs.trgui-ng-web; downloadDirPermissions = "775"; @@ -65,6 +66,8 @@ in # Proxied behind Nginx. rpc-whitelist-enabled = true; rpc-whitelist = "127.0.0.1"; + + umask = "002"; # To go with `downloadDirPermissions` }; }; @@ -90,5 +93,7 @@ in allowedTCPPorts = [ cfg.peerPort ]; allowedUDPPorts = [ cfg.peerPort ]; }; + + # NOTE: unfortunately transmission does not log connection failures for fail2ban }; } diff --git a/modules/nixos/services/vikunja/default.nix b/modules/nixos/services/vikunja/default.nix index 9767d00..2753da3 100644 --- a/modules/nixos/services/vikunja/default.nix +++ b/modules/nixos/services/vikunja/default.nix @@ -30,8 +30,6 @@ in frontendScheme = "https"; frontendHostname = vikunjaDomain; - setupNginx = false; - database = { type = "postgres"; user = "vikunja"; @@ -43,7 +41,7 @@ in service = { # Only allow registration of users through the CLI enableregistration = false; - # Ues the host's timezone + # Use the host's timezone timezone = config.time.timeZone; # Use UNIX socket for serving the API unixsocket = socketPath; @@ -61,28 +59,11 @@ in # This is a weird setup my.services.nginx.virtualHosts = { ${subdomain} = { - # Serve the root for the web-ui - root = config.services.vikunja.package-frontend; - - extraConfig = { - locations = { - "/" = { - tryFiles = "try_files $uri $uri/ /"; - }; - - # Serve the API through a UNIX socket - "~* ^/(api|dav|\\.well-known)/" = { - proxyPass = "http://unix:${socketPath}"; - extraConfig = '' - client_max_body_size 20M; - ''; - }; - }; - }; + socket = socketPath; }; }; - systemd.services.vikunja-api = { + systemd.services.vikunja = { serviceConfig = { # Use a system user to simplify using the CLI DynamicUser = lib.mkForce false; @@ -118,5 +99,7 @@ in config.services.vikunja.settings.files.basepath ]; }; + + # NOTE: unfortunately vikunja does not log connection failures for fail2ban }; } diff --git a/modules/nixos/services/wireguard/default.nix b/modules/nixos/services/wireguard/default.nix index 26e54e0..840ac33 100644 --- a/modules/nixos/services/wireguard/default.nix +++ b/modules/nixos/services/wireguard/default.nix @@ -13,7 +13,7 @@ let porthos = { clientNum = 1; publicKey = "PLdgsizztddri0LYtjuNHr5r2E8D+yI+gM8cm5WDfHQ="; - externalIp = "91.121.177.163"; + externalIp = "37.187.146.15"; }; # "Clients" @@ -206,7 +206,7 @@ in ]; } - # Additional inteface is only used to get access to "LAN" from wireguard + # Additional interface is only used to get access to "LAN" from wireguard (lib.mkIf cfg.internal.enable { networking.wg-quick.interfaces."${cfg.internal.name}" = mkInterface [ "${cfg.net.v4.subnet}.0/${toString cfg.net.v4.mask}" diff --git a/modules/nixos/services/woodpecker/agent-exec/default.nix b/modules/nixos/services/woodpecker/agent-exec/default.nix index 7ae21c8..24161b0 100644 --- a/modules/nixos/services/woodpecker/agent-exec/default.nix +++ b/modules/nixos/services/woodpecker/agent-exec/default.nix @@ -44,6 +44,8 @@ in serviceConfig = { # Same option as upstream, without @setuid SystemCallFilter = lib.mkForce "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap"; + # NodeJS requires RWX memory... + MemoryDenyWriteExecute = lib.mkForce false; BindPaths = [ "/nix/var/nix/daemon-socket/socket" diff --git a/modules/nixos/services/woodpecker/default.nix b/modules/nixos/services/woodpecker/default.nix index 34ffca6..012eaae 100644 --- a/modules/nixos/services/woodpecker/default.nix +++ b/modules/nixos/services/woodpecker/default.nix @@ -8,6 +8,12 @@ options.my.services.woodpecker = with lib; { enable = mkEnableOption "Woodpecker CI"; + forge = mkOption { + type = types.enum [ "gitea" "forgejo" ]; + default = "forgejo"; + example = "gitea"; + description = "Which Forge to connect to"; + }; runners = mkOption { type = with types; listOf (enum [ "exec" "docker" ]); default = [ ]; diff --git a/modules/nixos/services/woodpecker/server/default.nix b/modules/nixos/services/woodpecker/server/default.nix index f02a5c5..caf0179 100644 --- a/modules/nixos/services/woodpecker/server/default.nix +++ b/modules/nixos/services/woodpecker/server/default.nix @@ -17,15 +17,15 @@ in WOODPECKER_GRPC_ADDR = ":${toString cfg.rpcPort}"; WOODPECKER_GITEA = "true"; - WOODPECKER_GITEA_URL = config.services.gitea.settings.server.ROOT_URL; + WOODPECKER_GITEA_URL = config.services.${cfg.forge}.settings.server.ROOT_URL; WOODPECKER_LOG_LEVEL = "debug"; }; }; systemd.services.woodpecker-server = { - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; + after = [ "postgresql.target" ]; + requires = [ "postgresql.target" ]; serviceConfig = { # Set username for DB access diff --git a/modules/nixos/system/nix/default.nix b/modules/nixos/system/nix/default.nix index 47d6499..12a395e 100644 --- a/modules/nixos/system/nix/default.nix +++ b/modules/nixos/system/nix/default.nix @@ -22,6 +22,10 @@ in options.my.system.nix = with lib; { enable = my.mkDisableOption "nix configuration"; + gc = { + enable = my.mkDisableOption "nix GC configuration"; + }; + cache = { selfHosted = my.mkDisableOption "self-hosted cache"; }; @@ -56,10 +60,28 @@ in settings = { experimental-features = [ "nix-command" "flakes" ]; + # Trusted users are equivalent to root, and might as well allow wheel + trusted-users = [ "root" "@wheel" ]; }; }; } + (lib.mkIf cfg.gc.enable { + nix.gc = { + automatic = true; + + # Every week, with some wiggle room + dates = "weekly"; + randomizedDelaySec = "10min"; + + # Use a persistent timer for e.g: laptops + persistent = true; + + # Delete old profiles automatically after 15 days + options = "--delete-older-than 15d"; + }; + }) + (lib.mkIf cfg.cache.selfHosted { nix = { settings = { diff --git a/modules/nixos/system/packages/default.nix b/modules/nixos/system/packages/default.nix index 5c29aa0..6a78ff6 100644 --- a/modules/nixos/system/packages/default.nix +++ b/modules/nixos/system/packages/default.nix @@ -1,5 +1,5 @@ # Common packages -{ config, lib, pkgs, ... }: +{ config, lib, ... }: let cfg = config.my.system.packages; in @@ -13,13 +13,11 @@ in }; config = lib.mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - vim - wget - ]; - programs = { - vim.defaultEditor = true; # Modal editing is life + vim = { + enable = true; + defaultEditor = true; # Modal editing is life + }; zsh = { enable = true; # Use integrations diff --git a/overlays/downgrade-transmission/default.nix b/overlays/downgrade-transmission/default.nix new file mode 100644 index 0000000..9d3fc8a --- /dev/null +++ b/overlays/downgrade-transmission/default.nix @@ -0,0 +1,14 @@ +self: prev: +{ + transmission_4 = prev.transmission_4.overrideAttrs (_: { + version = "4.0.5"; + + src = self.fetchFromGitHub { + owner = "transmission"; + repo = "transmission"; + rev = "4.0.5"; + hash = "sha256-gd1LGAhMuSyC/19wxkoE2mqVozjGPfupIPGojKY0Hn4="; + fetchSubmodules = true; + }; + }); +} diff --git a/overlays/gruvbox-nvim-better-diff/colours.patch b/overlays/gruvbox-nvim-better-diff/colours.patch deleted file mode 100644 index 5b0d61a..0000000 --- a/overlays/gruvbox-nvim-better-diff/colours.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 416b3c9c5e783d173ac0fd5310a76c1b144b92c1 Mon Sep 17 00:00:00 2001 -From: eeeXun -Date: Thu, 19 Oct 2023 02:34:12 +0800 -Subject: Use better diff colours - ---- - README.md | 3 ++- - lua/gruvbox.lua | 7 ++++--- - 2 files changed, 6 insertions(+), 4 deletions(-) - -diff --git a/lua/gruvbox.lua b/lua/gruvbox.lua -index ceba0735..a319fc6a 100644 ---- a/lua/gruvbox.lua -+++ b/lua/gruvbox.lua -@@ -360,9 +361,9 @@ local function get_groups() - PmenuSel = { fg = colors.bg2, bg = colors.blue, bold = config.bold }, - PmenuSbar = { bg = colors.bg2 }, - PmenuThumb = { bg = colors.bg4 }, -- DiffDelete = { bg = colors.dark_red }, -- DiffAdd = { bg = colors.dark_green }, -- DiffChange = { bg = colors.dark_aqua }, -- DiffText = { bg = colors.yellow, fg = colors.bg0 }, -+ DiffDelete = { fg = colors.red }, -+ DiffAdd = { fg = colors.green }, -+ DiffChange = { fg = colors.aqua }, -+ DiffText = { fg = colors.yellow, bg = colors.bg0 }, - SpellCap = { link = "GruvboxBlueUnderline" }, - SpellBad = { link = "GruvboxRedUnderline" }, diff --git a/overlays/gruvbox-nvim-better-diff/generated.nix b/overlays/gruvbox-nvim-better-diff/generated.nix deleted file mode 100644 index 50ea4ad..0000000 --- a/overlays/gruvbox-nvim-better-diff/generated.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ vimUtils, fetchFromGitHub }: - -_final: _prev: { - gruvbox-nvim = vimUtils.buildVimPlugin { - pname = "gruvbox.nvim"; - version = "2023-10-07"; - - src = fetchFromGitHub { - owner = "ellisonleao"; - repo = "gruvbox.nvim"; - rev = "477c62493c82684ed510c4f70eaf83802e398898"; - sha256 = "0250c24c6n6yri48l288irdawhqs16qna3y74rdkgjd2jvh66vdm"; - }; - - patches = [ - # Inspired by https://github.com/ellisonleao/gruvbox.nvim/pull/291 - ./colours.patch - ]; - - meta = { - homepage = "https://github.com/ellisonleao/gruvbox.nvim/"; - }; - }; -} diff --git a/overlays/gruvbox-nvim-better-diff/default.nix b/overlays/gruvbox-nvin-expose-palette/default.nix similarity index 100% rename from overlays/gruvbox-nvim-better-diff/default.nix rename to overlays/gruvbox-nvin-expose-palette/default.nix diff --git a/overlays/gruvbox-nvin-expose-palette/generated.nix b/overlays/gruvbox-nvin-expose-palette/generated.nix new file mode 100644 index 0000000..c52ad04 --- /dev/null +++ b/overlays/gruvbox-nvin-expose-palette/generated.nix @@ -0,0 +1,14 @@ +{ fetchpatch, ... }: + +_final: prev: { + gruvbox-nvim = prev.gruvbox-nvim.overrideAttrs (oa: { + patches = (oa.patches or [ ]) ++ [ + # https://github.com/ellisonleao/gruvbox.nvim/pull/319 + (fetchpatch { + name = "expose-color-palette.patch"; + url = "https://github.com/ellisonleao/gruvbox.nvim/commit/07a493ba4f8b650aab9ed9e486caa89822be0996.patch"; + hash = "sha256-iGwt8qIHe2vaiAUcpaUxyGlM472F89vobTdQ7CF/H70="; + }) + ]; + }); +} diff --git a/pkgs/bw-pass/bw-pass b/pkgs/bw-pass/bw-pass index 124714a..0e974b7 100755 --- a/pkgs/bw-pass/bw-pass +++ b/pkgs/bw-pass/bw-pass @@ -66,7 +66,7 @@ query_password() { printf '%s\n' "$PASSWORD" } -if [ $# -lt 1 ] || [ $# -gt 2 ]; then +if [ $# -lt 1 ] || [ $# -gt 2 ]; then usage exit 1 fi diff --git a/pkgs/change-audio/change-audio b/pkgs/change-audio/change-audio index 612fecf..5a1fb9c 100755 --- a/pkgs/change-audio/change-audio +++ b/pkgs/change-audio/change-audio @@ -62,7 +62,7 @@ do_toggle() { } case "$1" in - up|down) + up | down) do_change_volume "$@" ;; toggle) diff --git a/pkgs/diff-flake/diff-flake b/pkgs/diff-flake/diff-flake index 0572b4e..a2a3513 100755 --- a/pkgs/diff-flake/diff-flake +++ b/pkgs/diff-flake/diff-flake @@ -81,23 +81,23 @@ parse_args() { shift case "$opt" in - -h|--help) + -h | --help) usage exit ;; - -f|--flake-output) + -f | --flake-output) FLAKE_OUTPUTS+=("$1") shift ;; - -o|--output) + -o | --output) OUTPUT_FILE="$1" shift ;; - -n|--new-rev) + -n | --new-rev) NEW_REV="$(git rev-parse "$1")" shift ;; - -p|--previous-rev) + -p | --previous-rev) PREVIOUS_REV="$(git rev-parse "$1")" shift ;; @@ -157,7 +157,7 @@ list_dev_shells() { } diff_output() { - local PREV NEW; + local PREV NEW PREV="$(mktemp --dry-run)" NEW="$(mktemp --dry-run)" @@ -169,7 +169,7 @@ diff_output() { printf 'Closure diff for `%s`:\n```\n' "$1" nix store diff-closures "$PREV" "$NEW" | sanitize_output printf '```\n\n' - } >> "$OUTPUT_FILE" + } >>"$OUTPUT_FILE" } parse_args "$@" diff --git a/pkgs/lohr/default.nix b/pkgs/lohr/default.nix index ddeac7a..aeb13b1 100644 --- a/pkgs/lohr/default.nix +++ b/pkgs/lohr/default.nix @@ -1,16 +1,17 @@ { lib, fetchFromGitHub, rustPlatform }: rustPlatform.buildRustPackage rec { pname = "lohr"; - version = "0.4.5"; + version = "0.4.6"; src = fetchFromGitHub { owner = "alarsyo"; repo = "lohr"; rev = "v${version}"; - hash = "sha256-p6E/r+OxFTpxDpOKSlacOxvRLfHSKg1mHNAfTytfqDY="; + hash = "sha256-dunQgtap+XCK5LoSyOqIY/6p6HizBeiyPWNuCffwjDU="; }; - cargoHash = "sha256-hext0S0o9D9pN9epzXtD5dwAYMPCLpBBOBT4FX0mTMk="; + useFetchCargoVendor = true; + cargoHash = "sha256-R3/N/43+bGx6acE/rhBcrk6kS5zQu8NJ1sVvKJJkK9w="; meta = with lib; { description = "Git mirroring daemon"; diff --git a/pkgs/osc52/osc52 b/pkgs/osc52/osc52 index f64ccb6..de3a982 100755 --- a/pkgs/osc52/osc52 +++ b/pkgs/osc52/osc52 @@ -15,7 +15,7 @@ usage() { exec 1>&2 fi - cat << EOF + cat <&2 fi - cat << EOF + cat < Send a notification (title and message) to the host system using the OSC 777 escape sequence: diff --git a/pkgs/unbound-zones-adblock/default.nix b/pkgs/unbound-zones-adblock/default.nix index 642ac41..11a6c90 100644 --- a/pkgs/unbound-zones-adblock/default.nix +++ b/pkgs/unbound-zones-adblock/default.nix @@ -1,7 +1,7 @@ { lib, gawk, stdenvNoCC, stevenblack-blocklist }: stdenvNoCC.mkDerivation { name = "unbound-zones-adblock"; - version = stevenblack-blocklist.rev; + inherit (stevenblack-blocklist) version; src = stevenblack-blocklist; @@ -30,7 +30,7 @@ stdenvNoCC.mkDerivation { description = "Unified host lists, ready to be used by unbound"; longDescription = '' This is a simple derivation based on StevenBlack's unified hosts list. - The files have been modified for easy use wih unbound. + The files have been modified for easy use with unbound. ''; homepage = "https://github.com/StevenBlack/hosts"; license = licenses.mit; diff --git a/pkgs/zsh-done/default.nix b/pkgs/zsh-done/default.nix index bddc6c1..8fac813 100644 --- a/pkgs/zsh-done/default.nix +++ b/pkgs/zsh-done/default.nix @@ -2,13 +2,13 @@ stdenvNoCC.mkDerivation rec { pname = "zsh-done"; - version = "0.1.0"; + version = "0.1.1"; src = fetchFromGitHub { owner = "ambroisie"; repo = "zsh-done"; rev = "v${version}"; - hash = "sha256-DC7urJDXPP9vBYABrJF5KZ4HfMbrpHIVogSmEB8PWLA="; + hash = "sha256-dyhPhoMrAfDWtrBX5TA+B3G7QZ7gBhoDGNOEqGsCBQU="; }; dontConfigure = true; @@ -26,7 +26,7 @@ stdenvNoCC.mkDerivation rec { description = '' A zsh plug-in to receive notifications when long processes finish ''; - homepage = "https://gitea.belanyi.fr/ambroisie/zsh-done"; + homepage = "https://git.belanyi.fr/ambroisie/zsh-done"; license = licenses.mit; platforms = platforms.unix; maintainers = with maintainers; [ ambroisie ]; diff --git a/templates/c++-cmake/.envrc b/templates/c++-cmake/.envrc old mode 100644 new mode 100755 index de77fcb..390d06d --- a/templates/c++-cmake/.envrc +++ b/templates/c++-cmake/.envrc @@ -1,3 +1,4 @@ +# shellcheck shell=bash if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" fi diff --git a/templates/c++-cmake/.woodpecker/check.yml b/templates/c++-cmake/.woodpecker/check.yml index 628e491..272c0e4 100644 --- a/templates/c++-cmake/.woodpecker/check.yml +++ b/templates/c++-cmake/.woodpecker/check.yml @@ -1,25 +1,30 @@ labels: - type: exec + backend: local steps: +- name: pre-commit check + image: bash + commands: + - nix develop --command pre-commit run --all + - name: nix flake check image: bash commands: - nix flake check -- name: notifiy +- name: notify image: bash - secrets: - - source: matrix_homeserver - target: address - - source: matrix_roomid - target: room - - source: matrix_username - target: user - - source: matrix_password - target: pass + environment: + ADDRESS: + from_secret: matrix_homeserver + ROOM: + from_secret: matrix_roomid + USER: + from_secret: matrix_username + PASS: + from_secret: matrix_password commands: - - nix run '.#matrix-notifier' + - nix run github:ambroisie/matrix-notifier when: status: - failure diff --git a/templates/c++-cmake/flake.nix b/templates/c++-cmake/flake.nix index cb468e7..7796f5e 100644 --- a/templates/c++-cmake/flake.nix +++ b/templates/c++-cmake/flake.nix @@ -16,19 +16,18 @@ ref = "nixos-unstable"; }; - pre-commit-hooks = { + git-hooks = { type = "github"; owner = "cachix"; - repo = "pre-commit-hooks.nix"; + repo = "git-hooks.nix"; ref = "master"; inputs = { - flake-utils.follows = "futils"; nixpkgs.follows = "nixpkgs"; }; }; }; - outputs = { self, futils, nixpkgs, pre-commit-hooks }: + outputs = { self, futils, nixpkgs, git-hooks }: { overlays = { default = final: _prev: { @@ -52,7 +51,7 @@ meta = with lib; { description = "A C++ project"; - homepage = "https://gitea.belanyi.fr/ambroisie/project"; + homepage = "https://git.belanyi.fr/ambroisie/project"; license = licenses.mit; maintainers = with maintainers; [ ambroisie ]; platforms = platforms.unix; @@ -69,7 +68,7 @@ ]; }; - pre-commit = pre-commit-hooks.lib.${system}.run { + pre-commit = git-hooks.lib.${system}.run { src = self; hooks = { @@ -92,12 +91,12 @@ devShells = { default = pkgs.mkShell { - inputsFrom = with self.packages.${system}; [ - project + inputsFrom = [ + self.packages.${system}.project ]; packages = with pkgs; [ - clang-tools + self.checks.${system}.pre-commit.enabledPackages ]; inherit (pre-commit) shellHook; diff --git a/templates/c++-cmake/tests/unit/CMakeLists.txt b/templates/c++-cmake/tests/unit/CMakeLists.txt index bb94448..266e3e3 100644 --- a/templates/c++-cmake/tests/unit/CMakeLists.txt +++ b/templates/c++-cmake/tests/unit/CMakeLists.txt @@ -1,15 +1,15 @@ find_package(GTest) -if (${GTest_FOUND}) -include(GoogleTest) +if(${GTest_FOUND}) + include(GoogleTest) -add_executable(dummy_test dummy_test.cc) -target_link_libraries(dummy_test PRIVATE common_options) + add_executable(dummy_test dummy_test.cc) + target_link_libraries(dummy_test PRIVATE common_options) -target_link_libraries(dummy_test PRIVATE - GTest::gtest - GTest::gtest_main -) + target_link_libraries(dummy_test PRIVATE + GTest::gtest + GTest::gtest_main + ) -gtest_discover_tests(dummy_test) -endif (${GTest_FOUND}) + gtest_discover_tests(dummy_test) +endif() diff --git a/templates/c++-meson/.envrc b/templates/c++-meson/.envrc index de77fcb..390d06d 100644 --- a/templates/c++-meson/.envrc +++ b/templates/c++-meson/.envrc @@ -1,3 +1,4 @@ +# shellcheck shell=bash if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" fi diff --git a/templates/c++-meson/.woodpecker/check.yml b/templates/c++-meson/.woodpecker/check.yml index 628e491..272c0e4 100644 --- a/templates/c++-meson/.woodpecker/check.yml +++ b/templates/c++-meson/.woodpecker/check.yml @@ -1,25 +1,30 @@ labels: - type: exec + backend: local steps: +- name: pre-commit check + image: bash + commands: + - nix develop --command pre-commit run --all + - name: nix flake check image: bash commands: - nix flake check -- name: notifiy +- name: notify image: bash - secrets: - - source: matrix_homeserver - target: address - - source: matrix_roomid - target: room - - source: matrix_username - target: user - - source: matrix_password - target: pass + environment: + ADDRESS: + from_secret: matrix_homeserver + ROOM: + from_secret: matrix_roomid + USER: + from_secret: matrix_username + PASS: + from_secret: matrix_password commands: - - nix run '.#matrix-notifier' + - nix run github:ambroisie/matrix-notifier when: status: - failure diff --git a/templates/c++-meson/flake.nix b/templates/c++-meson/flake.nix index 9cfed0d..cb14eb5 100644 --- a/templates/c++-meson/flake.nix +++ b/templates/c++-meson/flake.nix @@ -16,19 +16,18 @@ ref = "nixos-unstable"; }; - pre-commit-hooks = { + git-hooks = { type = "github"; owner = "cachix"; - repo = "pre-commit-hooks.nix"; + repo = "git-hooks.nix"; ref = "master"; inputs = { - flake-utils.follows = "futils"; nixpkgs.follows = "nixpkgs"; }; }; }; - outputs = { self, futils, nixpkgs, pre-commit-hooks }: + outputs = { self, futils, nixpkgs, git-hooks }: { overlays = { default = final: _prev: { @@ -52,7 +51,7 @@ meta = with lib; { description = "A C++ project"; - homepage = "https://gitea.belanyi.fr/ambroisie/project"; + homepage = "https://git.belanyi.fr/ambroisie/project"; license = licenses.mit; maintainers = with maintainers; [ ambroisie ]; platforms = platforms.unix; @@ -69,7 +68,7 @@ ]; }; - pre-commit = pre-commit-hooks.lib.${system}.run { + pre-commit = git-hooks.lib.${system}.run { src = self; hooks = { @@ -92,12 +91,12 @@ devShells = { default = pkgs.mkShell { - inputsFrom = with self.packages.${system}; [ - project + inputsFrom = [ + self.packages.${system}.project ]; packages = with pkgs; [ - clang-tools + self.checks.${system}.pre-commit.enabledPackages ]; inherit (pre-commit) shellHook; diff --git a/templates/default.nix b/templates/default.nix index f58fd72..51864cd 100644 --- a/templates/default.nix +++ b/templates/default.nix @@ -5,6 +5,14 @@ }; "c++-meson" = { path = ./c++-meson; - description = "A C++ project using CMake"; + description = "A C++ project using Meson"; + }; + "python-uv" = { + path = ./python-uv; + description = "A Python project using uv"; + }; + "rust-cargo" = { + path = ./rust-cargo; + description = "A Rust project using Cargo"; }; } diff --git a/templates/python-uv/.envrc b/templates/python-uv/.envrc new file mode 100644 index 0000000..390d06d --- /dev/null +++ b/templates/python-uv/.envrc @@ -0,0 +1,6 @@ +# shellcheck shell=bash +if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" +fi + +use flake diff --git a/templates/python-uv/.gitignore b/templates/python-uv/.gitignore new file mode 100644 index 0000000..c79d1e8 --- /dev/null +++ b/templates/python-uv/.gitignore @@ -0,0 +1,6 @@ +# Virtual environments +.venv + +# Nix generated files +/.pre-commit-config.yaml +/result diff --git a/templates/python-uv/.woodpecker/check.yml b/templates/python-uv/.woodpecker/check.yml new file mode 100644 index 0000000..272c0e4 --- /dev/null +++ b/templates/python-uv/.woodpecker/check.yml @@ -0,0 +1,31 @@ +labels: + backend: local + +steps: +- name: pre-commit check + image: bash + commands: + - nix develop --command pre-commit run --all + +- name: nix flake check + image: bash + commands: + - nix flake check + +- name: notify + image: bash + environment: + ADDRESS: + from_secret: matrix_homeserver + ROOM: + from_secret: matrix_roomid + USER: + from_secret: matrix_username + PASS: + from_secret: matrix_password + commands: + - nix run github:ambroisie/matrix-notifier + when: + status: + - failure + - success diff --git a/templates/python-uv/flake.nix b/templates/python-uv/flake.nix new file mode 100644 index 0000000..5059e64 --- /dev/null +++ b/templates/python-uv/flake.nix @@ -0,0 +1,112 @@ +{ + description = "A Python project"; + + inputs = { + futils = { + type = "github"; + owner = "numtide"; + repo = "flake-utils"; + ref = "main"; + }; + + nixpkgs = { + type = "github"; + owner = "NixOS"; + repo = "nixpkgs"; + ref = "nixos-unstable"; + }; + + git-hooks = { + type = "github"; + owner = "cachix"; + repo = "git-hooks.nix"; + ref = "master"; + inputs = { + nixpkgs.follows = "nixpkgs"; + }; + }; + }; + + outputs = { self, futils, nixpkgs, git-hooks }: + { + overlays = { + default = final: _prev: { + project = with final; python3.pkgs.buildPythonApplication { + pname = "project"; + version = (final.lib.importTOML ./pyproject.toml).project.version; + pyproject = true; + + src = self; + + build-system = with python3.pkgs; [ setuptools ]; + + pythonImportsCheck = [ "project" ]; + + meta = with lib; { + description = "A Python project"; + homepage = "https://git.belanyi.fr/ambroisie/project"; + license = licenses.mit; + maintainers = with maintainers; [ ambroisie ]; + }; + }; + }; + }; + } // futils.lib.eachDefaultSystem (system: + let + pkgs = import nixpkgs { + inherit system; + overlays = [ + self.overlays.default + ]; + }; + + pre-commit = git-hooks.lib.${system}.run { + src = self; + + hooks = { + mypy = { + enable = true; + }; + + nixpkgs-fmt = { + enable = true; + }; + + ruff = { + enable = true; + }; + + ruff-format = { + enable = true; + }; + }; + }; + in + { + checks = { + inherit (self.packages.${system}) project; + + inherit pre-commit; + }; + + devShells = { + default = pkgs.mkShell { + inputsFrom = [ + self.packages.${system}.project + ]; + + packages = with pkgs; [ + uv + self.checks.${system}.pre-commit.enabledPackages + ]; + + inherit (pre-commit) shellHook; + }; + }; + + packages = futils.lib.flattenTree { + default = pkgs.project; + inherit (pkgs) project; + }; + }); +} diff --git a/templates/python-uv/pyproject.toml b/templates/python-uv/pyproject.toml new file mode 100644 index 0000000..7b2d896 --- /dev/null +++ b/templates/python-uv/pyproject.toml @@ -0,0 +1,17 @@ +[build-system] +requires = ["setuptools"] +build-backend = "setuptools.build_meta" + + +[project] +name = "project" +version = "0.0.0" +description = "project description" +requires-python = ">=3.12" +dependencies = [] + +[project.scripts] +project = "project:main" + +[dependency-groups] +dev = [] diff --git a/templates/python-uv/src/project/__init__.py b/templates/python-uv/src/project/__init__.py new file mode 100644 index 0000000..b06117d --- /dev/null +++ b/templates/python-uv/src/project/__init__.py @@ -0,0 +1,2 @@ +def main() -> None: + print("Hello, world!") diff --git a/templates/rust-cargo/.envrc b/templates/rust-cargo/.envrc new file mode 100644 index 0000000..390d06d --- /dev/null +++ b/templates/rust-cargo/.envrc @@ -0,0 +1,6 @@ +# shellcheck shell=bash +if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" +fi + +use flake diff --git a/templates/rust-cargo/.gitignore b/templates/rust-cargo/.gitignore new file mode 100644 index 0000000..5f360ff --- /dev/null +++ b/templates/rust-cargo/.gitignore @@ -0,0 +1,6 @@ +# Rust build directory +/target + +# Nix generated files +/.pre-commit-config.yaml +/result diff --git a/templates/rust-cargo/.woodpecker/check.yml b/templates/rust-cargo/.woodpecker/check.yml new file mode 100644 index 0000000..272c0e4 --- /dev/null +++ b/templates/rust-cargo/.woodpecker/check.yml @@ -0,0 +1,31 @@ +labels: + backend: local + +steps: +- name: pre-commit check + image: bash + commands: + - nix develop --command pre-commit run --all + +- name: nix flake check + image: bash + commands: + - nix flake check + +- name: notify + image: bash + environment: + ADDRESS: + from_secret: matrix_homeserver + ROOM: + from_secret: matrix_roomid + USER: + from_secret: matrix_username + PASS: + from_secret: matrix_password + commands: + - nix run github:ambroisie/matrix-notifier + when: + status: + - failure + - success diff --git a/templates/rust-cargo/Cargo.lock b/templates/rust-cargo/Cargo.lock new file mode 100644 index 0000000..4f9c86e --- /dev/null +++ b/templates/rust-cargo/Cargo.lock @@ -0,0 +1,7 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "project" +version = "0.0.0" diff --git a/templates/rust-cargo/Cargo.toml b/templates/rust-cargo/Cargo.toml new file mode 100644 index 0000000..4dfdc0b --- /dev/null +++ b/templates/rust-cargo/Cargo.toml @@ -0,0 +1,8 @@ +[package] +name = "project" +version = "0.0.0" +edition = "2021" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] diff --git a/templates/rust-cargo/flake.nix b/templates/rust-cargo/flake.nix new file mode 100644 index 0000000..efd8358 --- /dev/null +++ b/templates/rust-cargo/flake.nix @@ -0,0 +1,110 @@ +{ + description = "A Rust project"; + + inputs = { + futils = { + type = "github"; + owner = "numtide"; + repo = "flake-utils"; + ref = "main"; + }; + + nixpkgs = { + type = "github"; + owner = "NixOS"; + repo = "nixpkgs"; + ref = "nixos-unstable"; + }; + + git-hooks = { + type = "github"; + owner = "cachix"; + repo = "git-hooks.nix"; + ref = "master"; + inputs = { + nixpkgs.follows = "nixpkgs"; + }; + }; + }; + + outputs = { self, futils, nixpkgs, git-hooks }: + { + overlays = { + default = final: _prev: { + project = with final; rustPlatform.buildRustPackage { + pname = "project"; + version = (final.lib.importTOML ./Cargo.toml).package.version; + + src = self; + + cargoLock = { + lockFile = "${self}/Cargo.lock"; + }; + + meta = with lib; { + description = "A Rust project"; + homepage = "https://git.belanyi.fr/ambroisie/project"; + license = licenses.mit; + maintainers = with maintainers; [ ambroisie ]; + }; + }; + }; + }; + } // futils.lib.eachDefaultSystem (system: + let + pkgs = import nixpkgs { + inherit system; + overlays = [ + self.overlays.default + ]; + }; + + pre-commit = git-hooks.lib.${system}.run { + src = self; + + hooks = { + clippy = { + enable = true; + settings = { + denyWarnings = true; + }; + }; + + nixpkgs-fmt = { + enable = true; + }; + + rustfmt = { + enable = true; + }; + }; + }; + in + { + checks = { + inherit (self.packages.${system}) project; + }; + + devShells = { + default = pkgs.mkShell { + inputsFrom = [ + self.packages.${system}.project + ]; + + packages = with pkgs; [ + rust-analyzer + self.checks.${system}.pre-commit.enabledPackages + ]; + + RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}"; + + inherit (pre-commit) shellHook; + }; + }; + + packages = futils.lib.flattenTree { + default = pkgs.project; + inherit (pkgs) project; + }; + }); +} diff --git a/templates/rust-cargo/rustfmt.toml b/templates/rust-cargo/rustfmt.toml new file mode 100644 index 0000000..e69de29 diff --git a/templates/rust-cargo/src/main.rs b/templates/rust-cargo/src/main.rs new file mode 100644 index 0000000..e7a11a9 --- /dev/null +++ b/templates/rust-cargo/src/main.rs @@ -0,0 +1,3 @@ +fn main() { + println!("Hello, world!"); +}