From 9546c00124edd4723ab1188d16c53ed3097b2d43 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 5 Jan 2024 10:59:45 +0000
Subject: [PATCH 001/431] home: vim: ftdetect: fix obsolete comment

---
 modules/home/vim/ftdetect/automake.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/vim/ftdetect/automake.lua b/modules/home/vim/ftdetect/automake.lua
index cfa15d2..68a30ed 100644
--- a/modules/home/vim/ftdetect/automake.lua
+++ b/modules/home/vim/ftdetect/automake.lua
@@ -1,4 +1,4 @@
--- Use Automake filetype for `local.am` files, explicit `set` to force override
+-- Use Automake filetype for `local.am` files
 vim.filetype.add({
     filename = {
         ["local.am"] = "automake",

From b8b64bed8e4b3d8d109e7dcf38f69a4242142ec3 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 5 Jan 2024 10:59:58 +0000
Subject: [PATCH 002/431] home: vim: ftdetect: add glsl

---
 modules/home/vim/ftdetect/glsl.lua | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 modules/home/vim/ftdetect/glsl.lua

diff --git a/modules/home/vim/ftdetect/glsl.lua b/modules/home/vim/ftdetect/glsl.lua
new file mode 100644
index 0000000..2f4f1dd
--- /dev/null
+++ b/modules/home/vim/ftdetect/glsl.lua
@@ -0,0 +1,7 @@
+-- Use GLSL filetype for common shader file extensions
+vim.filetype.add({
+    extension = {
+        frag = "glsl",
+        vert = "glsl",
+    },
+})

From e4f8214cb2edcb7edc188550bc1242ae79c377e6 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 3 Jan 2024 23:36:14 +0100
Subject: [PATCH 003/431] modules: services: nextcloud: bump to 28

---
 modules/nixos/services/nextcloud/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix
index 65b7234..4c0e6a8 100644
--- a/modules/nixos/services/nextcloud/default.nix
+++ b/modules/nixos/services/nextcloud/default.nix
@@ -31,7 +31,7 @@ in
   config = lib.mkIf cfg.enable {
     services.nextcloud = {
       enable = true;
-      package = pkgs.nextcloud27;
+      package = pkgs.nextcloud28;
       hostName = "nextcloud.${config.networking.domain}";
       home = "/var/lib/nextcloud";
       maxUploadSize = cfg.maxSize;

From 10a30551361cc81dfe7bc20590897713f053eff6 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 3 Jan 2024 23:36:59 +0100
Subject: [PATCH 004/431] nixos: services: nextcloud: fix deprecated option

---
 modules/nixos/services/nextcloud/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix
index 4c0e6a8..a962d12 100644
--- a/modules/nixos/services/nextcloud/default.nix
+++ b/modules/nixos/services/nextcloud/default.nix
@@ -41,6 +41,9 @@ in
         adminpassFile = cfg.passwordFile;
         dbtype = "pgsql";
         dbhost = "/run/postgresql";
+      };
+
+      extraOptions = {
         overwriteProtocol = "https"; # Nginx only allows SSL
       };
 

From 136bd342ff03526eccab877809087b249b0f339b Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 3 Jan 2024 23:37:27 +0100
Subject: [PATCH 005/431] nixos: services: matrix: fix deprecated option

---
 modules/nixos/services/matrix/default.nix | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix
index bd2a017..b958f76 100644
--- a/modules/nixos/services/matrix/default.nix
+++ b/modules/nixos/services/matrix/default.nix
@@ -104,17 +104,17 @@ in
       extraConfigFiles = [
         cfg.mailConfigFile
       ] ++ lib.optional (cfg.secretFile != null) cfg.secretFile;
+    };
 
-      sliding-sync = {
-        enable = true;
+    services.matrix-sliding-sync = {
+      enable = true;
 
-        settings = {
-          SYNCV3_SERVER = "https://${matrixDomain}";
-          SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.slidingSync.port}";
-        };
-
-        environmentFile = cfg.slidingSync.secretFile;
+      settings = {
+        SYNCV3_SERVER = "https://${matrixDomain}";
+        SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.slidingSync.port}";
       };
+
+      environmentFile = cfg.slidingSync.secretFile;
     };
 
     my.services.nginx.virtualHosts = {
@@ -181,7 +181,7 @@ in
 
             # Sliding sync
             "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
-              proxyPass = "http://${config.services.matrix-synapse.sliding-sync.settings.SYNCV3_BINDADDR}";
+              proxyPass = "http://${config.services.matrix-sliding-sync.settings.SYNCV3_BINDADDR}";
             };
           };
 

From a5c57333cf2c26c2746d4f109d72f484fd873e5e Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 15 Jan 2024 10:14:35 +0000
Subject: [PATCH 006/431] hosts: homes: bazin: fix typo

---
 hosts/homes/ambroisie@bazin/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hosts/homes/ambroisie@bazin/default.nix b/hosts/homes/ambroisie@bazin/default.nix
index 4490c51..a969d8a 100644
--- a/hosts/homes/ambroisie@bazin/default.nix
+++ b/hosts/homes/ambroisie@bazin/default.nix
@@ -1,4 +1,4 @@
-# Google Cloudtop configuration
+# Google Laptop configuration
 { lib, pkgs, ... }:
 {
   services.gpg-agent.enable = lib.mkForce false;

From 629ec539c912bb3a35d7e90e8cbbdf8390338ccc Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 15 Jan 2024 16:50:38 +0000
Subject: [PATCH 007/431] nixos: services: nextcloud: fix typo

---
 modules/nixos/services/nextcloud/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix
index a962d12..f2ac8e3 100644
--- a/modules/nixos/services/nextcloud/default.nix
+++ b/modules/nixos/services/nextcloud/default.nix
@@ -44,7 +44,7 @@ in
       };
 
       extraOptions = {
-        overwriteProtocol = "https"; # Nginx only allows SSL
+        overwriteprotocol = "https"; # Nginx only allows SSL
       };
 
       notify_push = {

From dca6a9018bd0007426d3f95bda3ebd5b0a55880b Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 16 Jan 2024 17:17:43 +0000
Subject: [PATCH 008/431] home: vim: ftdetect: add gn

---
 modules/home/vim/ftdetect/gn.lua | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 modules/home/vim/ftdetect/gn.lua

diff --git a/modules/home/vim/ftdetect/gn.lua b/modules/home/vim/ftdetect/gn.lua
new file mode 100644
index 0000000..37d772e
--- /dev/null
+++ b/modules/home/vim/ftdetect/gn.lua
@@ -0,0 +1,7 @@
+-- Use GN filetype for Chromium Generate Ninja files
+vim.filetype.add({
+    extension = {
+        gn = "gn",
+        gni = "gn",
+    },
+})

From 13f20a28eb765b0daef11ec5af5ac3dffb46885e Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 16 Jan 2024 17:25:41 +0000
Subject: [PATCH 009/431] home: vim: add gn ftplugin

---
 modules/home/vim/after/ftplugin/gn.vim | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 modules/home/vim/after/ftplugin/gn.vim

diff --git a/modules/home/vim/after/ftplugin/gn.vim b/modules/home/vim/after/ftplugin/gn.vim
new file mode 100644
index 0000000..0cec9df
--- /dev/null
+++ b/modules/home/vim/after/ftplugin/gn.vim
@@ -0,0 +1,6 @@
+" Create the `b:undo_ftplugin` variable if it doesn't exist
+call ftplugined#check_undo_ft()
+
+" Set comment string, as it seems that no official GN support exists upstream
+setlocal commentstring=#\ %s
+let b:undo_ftplugin.='|setlocal commentstring<'

From 309c344a3431d710e73ca6fc92890c46afc48591 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 22 Jan 2024 17:50:38 +0100
Subject: [PATCH 010/431] flake: bump inputs

---
 flake.lock | 48 ++++++++++++++++++++++++------------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/flake.lock b/flake.lock
index 5e4a413..acf6c48 100644
--- a/flake.lock
+++ b/flake.lock
@@ -53,11 +53,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1673956053,
-        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
         "type": "github"
       },
       "original": {
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1704152458,
-        "narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=",
+        "lastModified": 1704982712,
+        "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "88a2cd8166694ba0b6cb374700799cec53aef527",
+        "rev": "07f6395285469419cf9d078f59b5b49993198c00",
         "type": "github"
       },
       "original": {
@@ -94,11 +94,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1701680307,
-        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "lastModified": 1705309234,
+        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
         "type": "github"
       },
       "original": {
@@ -116,11 +116,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1660459072,
-        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
+        "lastModified": 1703887061,
+        "narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=",
         "owner": "hercules-ci",
         "repo": "gitignore.nix",
-        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
+        "rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1704276313,
-        "narHash": "sha256-4eD4RaAKHLj0ztw5pQcNFs3hGpxrsYb0e9Qir+Ute+w=",
+        "lastModified": 1705879479,
+        "narHash": "sha256-ZIohbyly1KOe+8I3gdyNKgVN/oifKdmeI0DzMfytbtg=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "4d8f90205c6c90be2e81d94d0e5eedf71c1ba34e",
+        "rev": "2d47379ad591bcb14ca95a90b6964b8305f6c913",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1703961334,
-        "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
+        "lastModified": 1705856552,
+        "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
+        "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1704289500,
-        "narHash": "sha256-SMoojjdEMgf6GtPh5vzofdeev4nyM+vBi2J6Z/Sufco=",
+        "lastModified": 1705927265,
+        "narHash": "sha256-eUUIBb3qYMrQB0ONGEj2kzKN8yzqwDmR4+Ct5/dvJcs=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "a18213c74e43dd6e941c41d77382377938c77caf",
+        "rev": "a29c6f71063d0ce903e927fa7885651c00abd33b",
         "type": "github"
       },
       "original": {
@@ -197,11 +197,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1703939133,
-        "narHash": "sha256-Gxe+mfOT6bL7wLC/tuT2F+V+Sb44jNr8YsJ3cyIl4Mo=",
+        "lastModified": 1705757126,
+        "narHash": "sha256-Eksr+n4Q8EYZKAN0Scef5JK4H6FcHc+TKNHb95CWm+c=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "9d3d7e18c6bc4473d7520200d4ddab12f8402d38",
+        "rev": "f56597d53fd174f796b5a7d3ee0b494f9e2285cc",
         "type": "github"
       },
       "original": {

From b33938e8251a17e298ea5fb36c575dcf0eb0df6c Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 22 Jan 2024 16:57:18 +0000
Subject: [PATCH 011/431] nixos: services: paperless: rename settings option

---
 modules/nixos/services/paperless/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix
index c40e895..f528ad7 100644
--- a/modules/nixos/services/paperless/default.nix
+++ b/modules/nixos/services/paperless/default.nix
@@ -52,7 +52,7 @@ in
 
       mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath;
 
-      extraConfig =
+      settings =
         let
           paperlessDomain = "paperless.${config.networking.domain}";
         in

From 5cb67cf040c8defbbbc03daf57f89a741c828ce5 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 26 Jan 2024 23:25:59 +0100
Subject: [PATCH 012/431] hosts: nixos: porthos: secrets: rekey secrets

Some of the secrets were using an invalid format due to (probably?)
being encrypted with a beta version of `age`.

I didn't need to rekey *all* the secrets, but I might as well
---
 hosts/nixos/porthos/secrets/acme/dns-key.age  |  16 +++++++---------
 .../porthos/secrets/backup/credentials.age    | Bin 453 -> 409 bytes
 .../nixos/porthos/secrets/backup/password.age |  13 ++++++-------
 hosts/nixos/porthos/secrets/drone/gitea.age   | Bin 575 -> 494 bytes
 hosts/nixos/porthos/secrets/drone/secret.age  |  14 ++++++--------
 .../porthos/secrets/drone/ssh/private-key.age | Bin 3799 -> 3703 bytes
 .../porthos/secrets/gitea/mail-password.age   |  14 ++++++--------
 hosts/nixos/porthos/secrets/lohr/secret.age   | Bin 438 -> 367 bytes
 hosts/nixos/porthos/secrets/lohr/ssh-key.age  | Bin 839 -> 733 bytes
 hosts/nixos/porthos/secrets/matrix/mail.age   |  16 ++++++++--------
 hosts/nixos/porthos/secrets/matrix/secret.age | Bin 478 -> 417 bytes
 .../secrets/matrix/sliding-sync-secret.age    |  15 +++++++--------
 .../porthos/secrets/miniflux/credentials.age  | Bin 477 -> 395 bytes
 .../porthos/secrets/monitoring/password.age   |  17 ++++++++---------
 .../porthos/secrets/monitoring/secret-key.age | Bin 507 -> 355 bytes
 .../porthos/secrets/nextcloud/password.age    | Bin 440 -> 355 bytes
 .../porthos/secrets/nix-cache/cache-key.age   | Bin 501 -> 428 bytes
 .../porthos/secrets/paperless/password.age    |  16 +++++++---------
 .../porthos/secrets/paperless/secret-key.age  |  15 ++++++---------
 .../porthos/secrets/podgrab/password.age      |  14 ++++++--------
 .../secrets/sso/ambroisie/password-hash.age   | Bin 459 -> 383 bytes
 .../secrets/sso/ambroisie/totp-secret.age     | Bin 442 -> 375 bytes
 hosts/nixos/porthos/secrets/sso/auth-key.age  | Bin 483 -> 451 bytes
 .../secrets/tandoor-recipes/secret-key.age    | Bin 496 -> 398 bytes
 .../secrets/transmission/credentials.age      |  16 +++++++---------
 hosts/nixos/porthos/secrets/vikunja/mail.age  | Bin 740 -> 579 bytes
 .../porthos/secrets/wireguard/private-key.age |  16 +++++++---------
 .../porthos/secrets/woodpecker/gitea.age      | Bin 543 -> 464 bytes
 .../porthos/secrets/woodpecker/secret.age     |  15 ++++++---------
 .../secrets/woodpecker/ssh/private-key.age    | Bin 3799 -> 3703 bytes
 30 files changed, 87 insertions(+), 110 deletions(-)

diff --git a/hosts/nixos/porthos/secrets/acme/dns-key.age b/hosts/nixos/porthos/secrets/acme/dns-key.age
index 97d397c..fce2a84 100644
--- a/hosts/nixos/porthos/secrets/acme/dns-key.age
+++ b/hosts/nixos/porthos/secrets/acme/dns-key.age
@@ -1,10 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg 0bz3W8QcGaulxy+kDmM717jTthQpFOCwV9HkenFJEyo
-NKeh1/JkX4WAWbOjUeKLMbsyCevnDf3a70FfYUav26c
--> ssh-ed25519 jPowng Q59ybJMMteOSB6hZ5m6UPP0N2p8jrDSu5vBYwPgGcRw
-j420on2jSsfMsv4MDtiOTMIFjaXV7sIsrS+g4iab+68
--> z}.q-grease s2W<qM_Z t
-n1Yfs/gmNsl/n9HtuKBIIT8iwIjYca2yxlh7Q1XAT1B+RZ8oGjW8yCPj1unbDGZL
-e5BfLO3zgkEZnQ
---- FSgNKEdDeeTjCx9jN9UtOFl58mC/Lbu1PAYRGK0CZW4
-U��+�j��{g�`G����R�Qk]���d�6���y5T�$�ñs~�h�ģ�ԝF���%�v��m�
\ No newline at end of file
+-> ssh-ed25519 cKojmg bQFr9oAnbo1rI/MpUV8wQz/Xj7iZY4ZU+Swf0nSIQFw
+zama2XJ0gdvUlD2GHMhmZqHSxHe+dKSfXnHoWDcSw7Y
+-> ssh-ed25519 jPowng gitUwSKTNKWLSxnwa185O7x/u0ul93g8wPESdZaKRk8
+uvBIfAUkZp5sg6rfeEGvL5ZDV8m2uSEotW02kjPN3Hw
+--- SZxe5f/CUZBvPQa2Sz/UBY3L68rMkIGGRuZPk7YE+Vg
+�r��&���{~v?�}=�
+}+�SQ�M[�]��kM�A�t��mM�/��Ls�|ޅm�C��iYC}����x��
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/backup/credentials.age b/hosts/nixos/porthos/secrets/backup/credentials.age
index b8ea008eda49f6750b99423cfb329a69e2012b89..63f0d32c783d7ab230a0a3f156d80a92a69d5621 100644
GIT binary patch
delta 374
zcmX@gJd=5XPQ7Pnp;?Z;yJ3jAONNW1pK*ASTbOoIL{3CeQd*_Cub+Xoe}s2Zj=5Ks
zBUf5PsY_m^L9S<_e_@45s<ByWdRe8Dwr6UXw!f#PQB+=Kc%G9{p0Sf_IhU@TLUD11
zZfc5=si~o*LRLV2d0x7LN1%~&sk5<5o=Hkll5a(-OTB+eL9nG;iMNSqKuLvLURkDZ
zP?}+2aGFslSAnmmn^C%vpKGCSRECdtQj}vzWtqO8ccqbYYOqCMc6xbEu(!6WS9ysq
zm#(g^LXu}#m~pvLZkfMts*#&>Kv`*ck#j|%c~O?LTZD6}c6vmjfn#}Cs8gr~ms7x#
z=c%tYOXM3YPZV4~d27+C6?L26Jz67RmDlxl!nsA~rZAfqGQ1ABk?9^K(#gC~XMxr<
zjeOzhjkDP-_opxW_ABYXb+gm&LppaklEgO}RyrCubr*bR&(P3#Xjh?N_WpSm2W!@X
XufN+AGps__uzBhkEfnRl*nJ%U8{LQ&

delta 419
zcmbQqe3W^DPJLvKOKFy6dAXB!u!l!kpnpbMNv2_9hNWp)g-e)ml8>vlyK9b9c4df@
z0hf2NZ)J+HkBNI?V4^{)OJG5<c9K^_mUePMr9oAwUzuA(sD+<nZb?XnCzr0BLUD11
zZfc5=si~o*LRLV2d0x7Lmy=0oiC<+@Vv<Q>l1V^nLA`Nea;0xpxpPuZX{l>Ksi#?_
zf1tjBiK$yYSAb<<UQvLHdx3|Sk6}oqUtwg5Us_>yijiStR-V3TZcct#eo=U(nL(Bb
z$hvs5oSI_Y^rF<n;#37+g;=9P-{M5|a)p3cg)9SCSFUhl=aBr+kaR9xU0nr>#PG<_
zOk?BvTvtzTw`8}Zf{YxOsM6d#r&7y^q%7?$LyMHaB-fk@!!iplW0hQuAB|5Ag?LMD
zlzg{+N~&YjBX+x#JbrO2-L;qAHZ7ItIGUk1TcdwlsMIFKqBj+sF2-NlO>S5k*PYm%
zR?YXPd6v(PbKL)qEk1n1?%w^lve`M)7oO9#ZF#$1=E>p-CqvaA?beXj*(#=N&9r2d
P$H!w1e7>qRr<MT#6vvth

diff --git a/hosts/nixos/porthos/secrets/backup/password.age b/hosts/nixos/porthos/secrets/backup/password.age
index 3af9fbe..db3c2fa 100644
--- a/hosts/nixos/porthos/secrets/backup/password.age
+++ b/hosts/nixos/porthos/secrets/backup/password.age
@@ -1,8 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg dgS4bezgtDi44R1A8am+J6zh80kUVYTo1heaxJCtzX4
-F3w/62xwtqYa40NU7OvF9pnZzYz/5hACAGJfMA4e2zw
--> ssh-ed25519 jPowng lx81CK3yeNp9RjHCUFJeKYZlRzxBmXuADVBvRc13zCI
-P7e75t8xU+ZkYmeQ8mmMfyZZsRdG1J8yrvSUkiWzkFQ
--> *z4/`-grease S/)a{e sFd";=
---- 15FVhqRTkoPFEeETRRyFQhsv4Fn19Ozlax0u8Zy9mNA
-�#+���v�S�4��}��R�%�ίF4fnD��J��Z��A���,_
\ No newline at end of file
+-> ssh-ed25519 cKojmg O3DMSSPQP9/ehXmzs0xcCGllu7VSzhd6b4Pii8t2vWQ
+Ys1nMv2384elWWGW9C8HabvwUeWu52VsQpxx9L/4/dM
+-> ssh-ed25519 jPowng ft/9SX5fpG7+7gHMubaFtb+50/gfNgmaofOVq5UjRUE
+xMwdFjFdkH0Li+PikaFt0WAZbFUu5daHgkfN8aQQumo
+--- 7DVINvXIXdE1MRwIkeajonYsy1cp4HugCxfTeub5SXU
+<�����<��{V�?�fk/��I�"���/5K"��(��i�����
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/drone/gitea.age b/hosts/nixos/porthos/secrets/drone/gitea.age
index 90ff83b15b50479b8c0c7a0c174ef6410a8907cb..6b68503af75d0ecf3778dac866e0b86258b1fbea 100644
GIT binary patch
delta 467
zcmdnb@{W0eYJIYIepYU}La;@kfu);oikU~2wr6>Ec|?SPNxrGSk#T6HkF#HSS%`Z|
zUR7yHW`vV3muXJ6w{fC(UbaO*rcarhQDj(lqGM{ReqM=rzE`22c9x@=bBcM6V@09~
zm#&>cadC!jYKoDmsiCDpRzQAvUb=!|U`Dn<h@o>pQGI@4cDY|to_C;!fp3nJvxQMa
zQIeBWsHb6(Q<P(xQBWk8wn<S@golZ*ub*~AN_kqYOKEOprAKPExnp8faFth@N3MaT
zV_HyhrD-ykuCA^^QGtI%Vxo72TT-ZNcuH7?d#Xi+Q(jSCX@H4qR$6v$N?MX(mXU8#
zMs_h*VST55@1>5;`h_2-t<H&B>~SPs`SEGS1^mV(GbL`O#@9bS;>5coMSsJ53Gcnz
zgR5#cbleUO+IV;VUKx?=*0+A_)emI8X<)x<eQuh|N@tc0E$_nL)D?;`Y;avZ;iK^^
zw-2uc&x8y858=|UnCau^-TLa;mm?1Ai<bVLm#Mn){1(1>K9(zYi=-d?c;x}#irJ>h
z5vzjd==HArds}RO$MWe*^w&)Z&pdqho}#%({n<waPb@M{oYGh~!RUrgz411)N3Wg;
TUfTL$)6^Ns#~#*)nR);KN$bCN

delta 549
zcmaFIyq{%)YJFBfetBNHg0V+diKkzvfl*~zWm!RDen^S4yS}?|a(ZR1TbXxwnsH&8
zetJ>4zP6DGm%Fxio<~VhiK(M;sG+BGNI`INYQC$sn^$m_S%zbhNp4nwkxO=(OL&n1
zm#&>cadC!jYKoDmsiCDpvUh$~Zn}bVL{YJGg;zzmU%h8WSy_2xR+M2;QE+5PxsRW3
zka2c+N<g-$YlVkvnwuk+zgMPliCc1BL5h1>MY4r!NV0p0NlucRS7vCac21D7W1*i(
zq(y*diAy%fx&qzwqSVCVR0VSd$3XvT7muneg)9{(HEo5IWUfH-s*Fmr4F9xj*9^0W
z^hm#YkH8`i<Eq?5Lnoh#JXdd*{DJ^S|2(Js0JosDO!H(eU0q#;sA3<}sx))`EHAUl
zfczrMEW<E^%rO0=h>CQ_;)<Mz;tH3@a_7P#pWtjRM}M_PRShim-PSRNOVhM$)n9K`
z)cYLvcKZ~;umg8&&+T0G<NI96vZ~vWN&%d`o9a(lZ{Yc)x$l#=puy{Vf=>0twHduZ
zB2u>B{JZu%w<-Us(Uaxy{206BXT2S!4^EbBTh#yJ_`efXIjbjUc5iff@ZPh!)Us7$
z#kXZSksh4osje}bWV=M&;-_pj{JU5ByXOa!ofoYy{;OQcY&nB*{vB13psOhh)xK^j
tSTG^;n1Pg(-0a-P`!`>3Vr}2WamMHj*J3+S5jiPgt#`ivjq>OG1puG-(}n;5

diff --git a/hosts/nixos/porthos/secrets/drone/secret.age b/hosts/nixos/porthos/secrets/drone/secret.age
index c529200..d6e7330 100644
--- a/hosts/nixos/porthos/secrets/drone/secret.age
+++ b/hosts/nixos/porthos/secrets/drone/secret.age
@@ -1,9 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg 1+cLlzctgcM0FnVDwMPOAqBkvMcDBRg8SvCw4djI93Y
-oV2XI4f1AvM9P591kZZ6NgJXa+SDtqGzCSgc4psOmxM
--> ssh-ed25519 jPowng Ufjfh1p350XxRPg95+/DHdmnl4lC0bbzUUlaxd1Bmxc
-/RHwFDSn2ov+60r1uHUigrsn99+GmmKmlk4h4T2gbA0
--> *Lc$@-grease
-pzVJAHy1qRq3jUrnFV0DDO7/hwV1US4Ogf0RsrVfX0xzbr73uJ003YjieVB25LqN
---- ME7/iVevyiguyhXugbkVFGzJV0yDccyKNlWbEZa/FmY
-Y��Xjb2u�nd;i0��X]���0��j�L�P�T~�����^kc�$D���r��u��fr�e�Oո��+p����&�w��Ϩ
\ No newline at end of file
+-> ssh-ed25519 cKojmg 0J8FMcVRf78LYG+dTOFzu3luXwhOjdOg0sx4Jxdccj4
+tdrCcfcYbTZYhL18RG3goiqtyhu3NTn+fJhdIAnU5uA
+-> ssh-ed25519 jPowng qlF8nkSEg5fZgai0VP5eTSlZOHyj5IcalTf+QNWITVo
+O5aiZX0AJD76ixsu6i9xnnFBQANdsu3h6XzdTQ6KtKU
+--- ByMQt9bnbzd8YO0Y93FIYF/lmdbYcOydkYdKxpRQujM
++ܢ6JNm�q��[Eb1p)vD����PL9�̀z������!���߇�'�T�a��d5�U:[��d�ύR��M�p��zj�
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/drone/ssh/private-key.age b/hosts/nixos/porthos/secrets/drone/ssh/private-key.age
index 0211701ba0ee3d8ef341b6d69d70ccaa25b8379b..737777dfa116dbe553768de3ade7df9d423661ec 100644
GIT binary patch
literal 3703
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSn_Ri1BO;<3qFz_->
z^6@MWG&IRA2?%y~$xq5iH+4@6H%W>JNz2I!Dm5zeaxx6ah~&!jOQ|rAaJ0xXGRiJX
z4fYC5iwY|94l>UO^fYiuHqrM9)Xz@$PD=_;^hCEUD<Ho-FI~Yu$tgX@FFn!F+*dm|
zBPq%#Rlm@+%+fi%#N5%?KP=J9AkR6xs5~+v#Dc5XJU=p{)VR{p#LV5L(lE2a&9F@0
zqsS#E%Phn&CpV+QqcSL8-z%@wG@DCTS69IzsKBfu)IG{DJ=x2@!otrmF{&s$Kflze
zq^Q!vGO{W;y(-f!v&t+YES>9so89*#`RNbVKRg!Xla^@sJi&rHl6fO{(|V3Wp0kB+
z3#8=xhUj+JyKP{}`5l?DJUeagy%pUlKOKTMP5b$_MVQ}Md)=A3MhmyurYsGa{@TvF
zpY9jFKil`tb@%WEJ9~eJ9H>0`-0S2c7VW9`AL~fAyg!o0_g<p^)$$FYjV*<DRrY4y
zZjdT|Yq<7x-x=FTAwKoF4_@82-x@x7L$JKV5l6+t((CTVx&2vQJb8(tjoVD4?a^T&
z+Y9xzAK7{(2uZR`R^Ky0dgqh$d1AKzLW;l1u9#&vWBXDS*Hu$j?#^NTskqPk*4@P!
zhpbG#H6Gh9=e_Szs^E^!-Q5N2|Gk;1Xuz~oaeoHa!Pn1Ui2ThfJ6baHl=uhf_bVCC
zeO>v7^`4LNs@4k5WgPrmcf|W5UMOu@b0WIFpoKC2&8B@?ec3y!p4Z<NxcK9R?CZ;4
zYL$xr`K!M9tZL={KzG@+^Cf>K%PlerdDr{O)BmK7!i%D~wLQufI(xcHZkgZPS5cQV
z-S5t^s2vq5)BUxU%!$a`cWj-r;I+bsJ65#)-1AkxzqBPY_I9mEKRf#*zar^ty$ZMP
zmz?_co}poacA0q4w2d5c6IY+Jy;=TcT72LdZk3DIGcp&pn22ZhDi>_{Hgi{h)QZaJ
zRon&hGbYVEddTzv@7*~sqLx>?bw#{5c2+R3AxJ+=Ju}E`@%pNN8^crI9^q}<lkKBk
zxxme!>-x`!h7R+MMZAyBb$+OPb-~&4fV_wh+uifL+%;u*=AQmBDaUU6QMtHzlFBQt
zCv!aZH%qr%I%kpf<@0hvkE@dAd^27xmEwNzis9@9@6R#+wq5?>^300FUtLEcO>)-G
z54ofuR%CX6nbB-}-hV7==2hN>H>N5-Qc^0*UuC3vE1cobjrltxKiD4LKljG6CuXbn
zwXLgCH7R7Z4VAv47V9x%<EEl}b@z0yu2b%RfAH8e&zX|uoNZmtCGO>YH*AnIi`<x=
zvSZ@D*DuT1nkQAyue{ZnI77Ux?A7m?o_4{X<i9_8Jg?7pf0DEG4F|(^|JBOYFOEg>
zEsD^~<&KXPartxZRQ1;h=@WK7EST`YNhwHAI+OF}l}#7l?w*+NVDF#D)4AV9Nllu6
zZtvoNA19to=nwU_kd5U1p0@8Eqff{A#es{~ZDek3S?Hb0+7$5j@qUSe?woSLiywWu
zvUU0IYr+%X844e`)qA5vaf$x17Yn&-RS(})Pj%(J;CN-?vFb1Bw}l>CSWEjnFj~<5
zN;Ov{Q&KvH?VIUr{WX(%jW;}5T|GBeiM4W;c;1Y2?^#XwmMBg6l)B_#=H<xssXvsQ
zr)GN0OmSJ>|G}-qfAyX}m$gql-1S~Mt5K$Fk@0tyM=MxgEoG>^l|29Ws;up)lC0f2
zKOIYV3)Pu%tTaf8@OmP2ZT{pd2cp-R^ow6z%zvo%b6M<+(~i}A*5%*Rr36kUFFFt$
zdf=AHrOT(+@B2`CZQbU7j?H^oPWu-{L^<5L?VA;!p|bh+{(JA%`*(K~1v-W{&1!V`
zG^HW$jLhm2hKs#FsQUexRM(v1{VKL%)ts&R^16Y+=H3OyB0KM$m1nd_sbRhE5Sn(M
zfBvFNA^Ufko#OcKn5lR%P}{VUzc}FCvvXBH^XhX}8pN=(oa(HeB~v2*`O4mxFQdLM
zdOhuZr{`Qf>s?hhelOSK_;hDYjN+-Iou7qPE$6x*m-@&#^QFbvKgX2$WA2=}XS6WM
zn7c~a>7>`p%6D6&c-(8&ox8O%WhwtA9)*Rsj!m^Y#>=s-%wlt|f@<!atv}jCHEg_B
z)Ytxvdh%L!>gzIp{|-6EWA}G|krYYRDh%lFv$l&7Hh%0}ns8WZ$v$ttE|Dj3d&@6;
zc(wQ6&2Kw6B1Ga=*?tn<7;HAp(&t2$o_}5NHh~{=BfQN_XFaa@y~{aD{HFHZQvHgM
z)om^JRHru<?8%EaE9z8}-1zbS^fOLf8o#fdUD)vc*|}*eDmh!sS6VJnp0j3B^{;<D
zJAV{BJR5rFq|?N=`!4+}T7KSdLZm)RQ<9tAriOF3B2!n$n)rt^uQ|`}aMt(U)@AQj
ztZJR`<jwrmPh&o?EwAW*awq(cWsudS&09Ij3gWV>qdxR>ForK(ec`iNZfak`@)t!F
zn_qu;C^oe$Ve6+_@j#{DZ@aACKNB)l5dKssyl0{yNAK=~LTzy!`+m<i;4=9VdtJP$
z;mnKRH?C!Tad)2XzOreSkoK294@(!n)I5=IBUYTw^^4KyfgkhD$=weAS&ZR6^Ht`*
z_||5y_CJG`WEz9>6e-Kk-#*RU&?Gpw&|pcI(N&9-huh{&JaLHo^a?-k?dQTw1$HG#
zGJ9Y1RLcuBIJ+YG?PHFU@h@sGMf~<&qov-&7QLWuX@HX2?=71*%w>3||K!}M4Aq46
zd5yo=&n>g&xG!n=TC?jy^dZAr&vH0Kaw9AS+g_dZH2k;ybJB|S@rNs`;-s~G76?2z
zc;?ox?N6SnEOJmz5V-kgOYFLD;(H!FZT{kSnYU$XMpmr3+_G$w{eS*xKC|DsWX;r<
z+I8=>8#K@7s~-*CBQb0D``cS3`2T4AI=0AtKS%u3KWW#d?KgI0X;zgjeRg>h*Oixo
z4a+4aEUNu)a{Kq^pVnrxWwoT$r$`1GduU3}(n~d4*dRVtMV-mMyj5tz(|JDLg6(~_
zX?3O-AM!2gb@!NdRlsRka%DyB$~_Cy>!zE(xVB!2KeP2$O7pb$Z`GehO)L`f+_!wi
z&jouzcHi7wl;r&=X#d2+<u!>?Nh)_&-zeFjbM?ypvZz&4^Z#Dg)l@M$z_+z*f#x>x
zAnA-7mv>%SnIh{{lA>OF<ygp@r0`c>pOUxkFuLmU&Hc8h;%@J{)5#IHnK$OWQeyh9
zWw+|s*@~BEQ#xjyxVL_K+q<tmB}t)OdU0=?&M(ipe17fMuM#Y$s$Q`BB<6n$VCgf>
zZ#|OuK6vZuFLhInxRkJL+bNi?f5-J~uW5nt%q{9`-L?J(Eh&_~^0m01qf5))Ou$Yu
z(D|v_B!S~6o6pX%{iC8Ktk^&MYI5(Kn~y$Rxo^j_W!p>s%eTw7*gZ4azTnmTtnd2+
z^G?<`$jK{sP1vwzKU3T!h7wh+?Txq2&wl@V`=do!dv%R1UVN+gt-ODC+iIP?E0pI4
zEvTK9l6Gvy>2t~XyR5eUnw@m@#dRj*cFl|NdnO+c;5K%gw!}(_x$(*4P@#tt-ZZS5
z%)8#~<#OhneCdM93Eve2E=fL6UOIzqQM7@~!lQEU-L|GxmcL#UaoHo~a@q5v5^n0O
zVaGRYTQcwe!eSAZuNsqdmwi8H^25j4aAJMn@>5d&k6%og_P6iRo>g0`<Y#^r<k<e8
z@8m^JLAkisogWTf_}Nt5{kW%pi{G6q31TPKsk+}=!F0;J$SwZnn#7B7l@p9w&b0h`
zxslV%J?LxC@vz$sJ!=*8D}}BepS0nUK`-B%kX_9Y&&-P-6ff$$koa#~$Mu4`cJ6Gq
zY3?x-{LI|SU7uFpu-o%tj^)|qs#8y&XMc0aQ|G_f4$)+}>(&fDTVF^2+@Nm#$X<Mn
z(4-~rW>)Wbm9pjaegB>~5wV*lI}JYs9GEQT8nAuh*7D-2w;VG&H=bU7)I-rza-Z;r
za+b1${YDp`*mz|-Z8O_+Xq$QYt;@p7CzKq|t=Yl7?!%&hOW#6HTL~6y4`j7*>|CpA
zbJDM4vh%e5Z#&js{*qVoE?;oJ>x04smAf?_K}zoWjwM?-kFasQ-u&yKheE-OV_7fP
zY@NFPO3bVa?S^@)9Jb8#EIG<x{wrjujeyh-Z`SNI$JJZ;es2A_^xyRdSznk`Jq7Ny
zl>M49^X+EI>n$!hIdh+~T;sOse4)2`?n?7)-xvQDy)RdpV>P)aYq^OFqlE#pQH$z>
zS=ZTR;urfLW?OJ<_S>|BbD2^kzv|!9NbJy?-aB3DmP*B1&JUI*SKOXBTm2}Cn|!x=
zcgB~GwZb#fBh<6F|6flk)2cHmTy%=}sNpP`kIz3G`d}Wj$3!8Khq;;6D>Q@K>*}Lf
zvWEH{C3R<Px{s#+e)C!=h0&A0@!taeIs@K!osYCi;tX@U7oIDWUC+e#@{_1vi)vVw
zp!X-$*t6zGRklRryxer+y^!;f%Uaxj=6FhY9+umxnW(!~?6vgU0`8lBCwPCYV|9;W
z5s8U;D5adf%T<#-?`Yzq_Lq@gVlxwU|Ae{Tm)@qfQm1j+?*&DgN=NtdPFOvOpZE2Z
z6XHIncYL3-Wbd^%?)(l+E9U5>NPJs(N_EbX`@1buzOOg0W?jOyi{HS&+#`724CBMI
zXCCj+nlGg#ckewn@BHwm@}IT+;u>Ct9$7VGhM1;PW}Iwyc%ik;vuhJp@m~J5yl*>K
z=~1~W%agvDIL+vM-(UQ|OHp$3?OC@B{XAK+mE1nPd+749lvAneugo<@o6^nlcWx|_
znR4>fnwE?IRTbv{(mJwn_j6l!^SV1<996n*ul_t`gMIS4^rV-8XJ5~hyL3j<yT8t)
zuGIW@;}&=SlKW}rK4nMfG|DabkiEP5Oz+=75w>XVum1(|>U{njHhk8pvtYf=G$Dhw
z?#+b>7cQ6N-Pb)HzCGdkZl*~$*`1a4wB)^UVhj{r8C3td<>kR8C28zE>Fif}C(JiL
n#{NMvHgj&i<NG~{d-^1qFEa0_TDg0{1qVNF$FCYp_e$#kUz`!o

literal 3799
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSn_Ri1BO;@NW2`?`+
zPsvL6@G|jp@hZ%UO3L;q%Zo4!s&bAj3-wF$O?S>MaP@c3%;t(nPc}*Rbj)*&2-45?
zt<rYO^YyDV%`&JcHz=@($o0zb3iht5bkDT(GeEa3D<Ho-FI}P7#nM^7Ft5znBc&oS
z$u!Y5C_ErJ*~r5nIJ2PCFC#qEq#(Vtz}GCm*^?_GJF6_QD$PQ>$}K!Jt=vC5xwJIW
zA|k`2FfTVh!ptQ@Kg1<FqogduHy>nMm~MJeYGQG!LVTr>LU~SJgonL}f|{R~t%47i
zuTO=UkCS(1s;R4!M{bIDZc2V+MpAKpl!u|CpIMcUaam5TV^ErRS&nbENkv*vWk5<;
zepp^|kcE-AYd}>lm#(g^LXd?~nR`)WzGJ3&MqX;Fe@I1;WkF!6nY&M+ziEzJc$sUk
zn`LpaftPt8*MVa{E@+%JKU2KHS^m_5%||zQ+rRbaOg>X{_QmSIrWLO5UFA-5ewp!)
zOSUxdeO!O3NZE|HhgF(a%uR4S^y^miX_>(81G^Qr{f;d;`E1?RdpiFwWGnh7Ik?^b
zA7v8hwmQ0f%F*Rsd=ghVa?P9$OxSnP;KuPCEw3#;>xx?5SikVx7T*ekph=ADtS4~Z
zm@#RKQbNz+i-%r*opJY{hDwJ`(}tv~n+*aL7cVq=<XPUh_9RF|?}F7tv7YT}?q?Y$
zzC3BSZwKFngI}eLc{~`7U1WJNfhi%x!aD8TTK>nU-)u;2o$>Y^_xHqCU%njTxvV#L
z$-CKi&g%5PmY){KuuP$l<EH5YJ7%_WUV~V^Kieh?w1nvRC?4Iq<I&N3*Y1XXn6dR@
zK+=bL*+|82+=c=xB(+$7tl#i8)uC+qw^Pz-vTa^(^Aj657c#fsXnb9l^LDpt<cgYO
z3Lk`G)mc1l|LUyG2wwAA>0hj~oKM@6Ir&!WrZZ=xDL&ccq58q`$HUlI`4vV{jc3Ca
zyFc#{-0;lLuHcDJmf^wGXH3E^j@|5>E_i1(ukpb^VX1%}0`K4T-&_3t+(n*~Z=)ht
z-l*kS<EZ6l6Q-S1m2ufOc-d@=6-zW7*FHG4S>>QsK-T%UQ}#VHy0ABRbwMY4{ulX|
zDG9711~R9oZsXgc_O+HjIrz|a=QfMm-<Op}^UJ6o(*I!dalx!$0nVnKlHt}TJ$|z<
z+j(iR`Cb3wHF>oi_j~>BZT__>%&v0J^c(V(dQ(}JtXUYoZV4kVd#>D!z_qN~1i5}1
zCa}!d!Lf+lFwt6(FWP>4{-=9qR&8_<_cXJd=$N)M{)@j#WkY<R>-;~-%VQlvpG}G9
z%oYqkb^rde_D{3=QY}-I7%bPDZiu|MC1B|lwWYT2rmxz$t0i+s{F3jk(V4T2qE4Q?
zS-=`SeYRqO_SeXJ7x)%P3!JF?xaTCd{yGiUzBghMV}8B+zbZqn$oRtAyM|J;I$o)*
zWi`kQoI5q<&duZNPO$~v<Cp3;5f6QxdxvAS&863={sF;BM<>T03$dSm^7+q~PbXQs
zglQ~w`}5iP;+-QMPqxYhBuudPdiN+;f!`=^p2^C0o4%gcvDl_Kjm>0f2kSDHNw*{Q
zzr0tre-$>%{)pi3z&+(@%%QU4*7mG69~GGs8|Kg7{wVnPtOduKCU4%bO3H8T@8Fc{
z@`qkskKty$QTBABk%e1`$#>?G+Vbh|zVP;*{~T%}ulitu)C!iSna>>`<Q;$2Z|-BU
z)gW`@M#stTROdWWU^pdOVDSC)_f;0hMDo<POzfR>u<qzCza?!?H^$tbuJ_&0eEBP{
zb@r7nD-~{=TOPP+{m^)e_riG>cF0{jn)F{jQ&(xL;JY1+n?LzDPm-}q`26+29KlTv
z+iJ27d(2v~b}rY4KgL19M+}{F;y&b<nNRaP<Y9BYezrQBzfs9bep!)ZiEqwl9Syeb
zXq6Y*%vR14qq%AJx{RciiEbC#KXPtkS+-~C-DP5~`(;i(D}A}Bf7*qHq#ebn1t;Ct
z>%4yZJ+Juj!;(il|Lj@c32ezbZ(e@-YEI3kd-Y-S_eFbgSq4tnFIL&{J?dlL*8R4z
zWs4&Y1sT;Uv^f8jHQmG-=#(7YxcU@pr|`*s-lDA^&VLZ86XGrSDXOpWc%_P^-@B;^
z@>NV`*X>_g|7)4L{@(OFVY^vHrvztqd~$Jp_|`Im?Y&lSgWTfq|2tL*Z&>;G(yyzU
zk-7^EX2+>b<=FJ`e1@QHU;DqD9V%6}Dy|uK?k1f1cX`RCh_;o!KWkR#Zq><<x$gdQ
z^V4m@0xn0Na?AK-)a-JYDbKO|en7xcrgG=_ch3*yXBD<72F#mblo_!1EsOUv=i0Yj
zH8;OiDX$RG=zG7aqAu`~%6*ZajkDGm#|NkdxfH*bnQ+ym{imh^WA*1bPc7&8=SOH|
zAFmYH$Nuo!>YC%-|0chgCFCW)chikSi&s@CWj?kNZ762H_}nSsUiqA?t38|A^tGED
zX1%hhnpAad?X!rJsSi$BhhN@y_uzW_Sw6a%52Y_eKMQvj-oVqWY@ws6bn+%&F6-y-
zJLXudoPGMg56?Y6jf*}vB+r<ih~k&CU!iNZcvkdX2c^=9g;DYk<*xYGFirZrzson`
z=(<N8%{`(!4*lXv<g8xEY4<NqFsJ*^x6hmNpIE6bS<L%J;Ig68J^eR*U6%VA#7<4l
z-`Mih`TPD;p~<lwIq{FDypk2Ic=skhlx=rs+kq^vgNcHYB@8uhW=1|r3hoT9{B^y2
zMN-G#rhe(j)}+f?TNE?&O<z?O#V((16_K>wK5Xj0;HLHOm#%RCeR93@>%8zIt?7NX
zdAF*qcI>KNdTOJ}*6Vx^8dg`XogTHo-!D;p*_?CA39d@7XZI8bKCks_UnLe}+VFJF
z<?xP43)Z&pzddP1L}Wt!tG^RoeXKUr<epJociU#gHpgYLcb-V_Yt2ki3ERam;mem9
zwo>byuKKUow{pwXSqqutuZYP!y{pru+@kb2nQhPfh)u04KZaRv+tXt6#eh$lu`BY5
z+H&4W3Z6UcdXA+&@^t<!xidSDMS$&d|4Fu@S9%B6*Sa?>o^Z^lM=*HZ{s`MmH4|Bu
zEqU*%{7Gu&nN;5I{U>6+O;p^vZP(<$OQ-Trtuy@3)GBJ6aH_DUeaDuJ`TO5A_uUZ|
z^Z8gcQDfK7qmEyn-L+QmGS6QoyudoOwQ%0<8NFR|`}u9#ORvXy{!Gb_4!&T=byGxp
z#pMaMbJj*YT)28m%+f!yH#wA35+g&r8QlJrZ<<l^u72G?cFx}kj~?b7?mH%@*?!gh
zzRIUgk+!17L&g(s)qlCR|KPHjXHRHpa9&dT<sH5wy7gUqV9581e`j85t&>#h=#EwT
z{4P(QujkSWzFFGt{dY?K+J0oVx_;GpM?rj~xu!;l?H})Askg2FPCK+F75mw8FqW~i
zdCPc|Zk%iR{{`ov5BJTMWkkKsGj+6Y{IS7Tq<VYhZMLk`^54f}e&l$*k8zNgTDds$
zQ~ZW0pZU*AJ6~e{A9H%of$MW4o|{)lG9_j?3dv9Dim9EI?6`{KTF~#1)=Bf7UYWD8
z&hTQJlI<yK*VHh7=e^#O?K~<=)pjZ@=DwA)d;YF<UFx40Hzj>9*vawA`e5MOYZWXr
zimX?k2{lyR!9TC^$<M@`z0DU@<@)uD*6ZD!`uAsgA@iv(n-yOPD&3j9Bg*EBK)Y}H
z{QnKhes2ERr@S#zdQ(VMgs!~o_59X3k!c&kJs0=h<2$o0CAhV$r8{m8$H}f)5eMh7
zE>>K>f@6hNrt(_5>&F7*^s{&5oH<su=(V6x=if(fD|DBqT#(DYEd0ak&CP;Kt8Y$U
z(0=O9MJ1l&Yb-_QZ+cTN$Y`IeKSg1}jywMSvlp*&@{tZ+pl$DBbMmi}+Jkyg=CHLk
z!KU5?-&bkJ*axQk)~tN@J;7uyPl$A1-rvU4K0Q|rjA!V~pVguIeM)%AshPj|7AEfT
z_?-S|!bizhGrH?%q=!9@-Z!Iq#<N`Mh|(6mEscxIB5%2RSl2C0?*7iaN&kCM+9SUm
zYx>0ceA4gRW~Z{w<bR%a_1VdFH$5&zZInOe6%t}@S?<Pl<}06Ju9vB2-%Z2CPSYpM
z?74m{<-=V5itq*Xc`c87%3VXJyyi?={$J5Te%k-)zjklURLwMV<mSJhIN@H_r7Me$
z+>4s#wkN0SaJBrpb!9J<c^I}|l$Ki&^Qdft-m3lCtMm<*htK=1pe?0yJTPAH@VQre
z-CK9F-Ds&O<=$sF$(Y56|A(^jKh-6F+XAh+ny3C@oD#Ea0(bwF_cx#I^)PWdcbmJH
zr$Sc#`oFDjCf?X2_k8OC>E!ul;pMLGZktQz=Sjam{-E_rO={(K_Z$1Zd}v#B;isfd
z_0jZqPH#WyYc4<27T5E?Yn7a>(>j&+<=mbTGd)E07aB?J^Im#<Qbc^boYq~HMYSg@
z9>1-RJr<er<Z(iCTyITo(}zp`k*3|L9=~3v_m?^*@4n{H$^I(g)zbJ=-)|(`SSPYK
zZJ+Lz<b~p9lFPLEpG=Bo`JAxGx!n0??xD`YU9;0AW!|zW|5&r&_S7?_*EtM2)-UpF
zS+`aHckV~oMf;C#n7dQ^^^Hxhbfml=9-P3U*#5qjH@fZdwK}IAv*%h>zcl2Ycle|9
zs#n`57i7QAUU+FC<5N3}vsVS~owWXuy4cw4_;l+=`9+t-?yvD?nJKpR+kvxR%IC&(
zRo+`#KX3Q3r(dqW5&5PS<FD{v`((MfagXDQWsd@PKjll`|M+O<?|(=9cs`#{U3TS&
z-U;_upIs_-js-8i9Gj+Gu_N9`@p+<lRFbGmGw<<dGxgu^E$n#xRc66yi-KkC_wpKE
zi)V=}o56apyt<(0+w&z4o$tPv(hEu~4!CkQLh_45#-HU$-7eEwRQdl&KHa)P@X@N%
z0p8oUT%V`LWq#z*<>U>AGfhI4PWHFk;;Yqk-Egks>qE8v-Ul*&M6+!d5WDH0C-7p{
zqED@F&#l^X?s*mSOYRv>9l5pK;ft2O@D2F(_w9wnoEgcj)6YD;I@5D&(%i~h!E@iA
zDZamFs&mQw#gCdly47-v9S_fPOyIm9J^kzvuf0-h93+cBpLr*Jc6sj7&86CAHIJ?*
dKeP;5bk>p0qW`T_@y>laN{U{!uw>4i0{~1wH){X@

diff --git a/hosts/nixos/porthos/secrets/gitea/mail-password.age b/hosts/nixos/porthos/secrets/gitea/mail-password.age
index 915f8e9..e2e70ac 100644
--- a/hosts/nixos/porthos/secrets/gitea/mail-password.age
+++ b/hosts/nixos/porthos/secrets/gitea/mail-password.age
@@ -1,9 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 jPowng BkIjie2KrwDLaZYYIguCs7TPA/wQy+YPguikuhfye0M
-7viTA/EGYB/jRKQm6fFd86DMd4j+Jxsaw/xQ1T8ZKNo
--> ssh-ed25519 cKojmg t1Y8bZvPccNAX8vWQLTfCyOJIBXN515vyfFrEI2EVww
-bJEjpIWrKeQrA/JfY7FRdB6hpHwR/aG4Vya1ChFNBKs
--> jK/-grease Oz.R ?;)G ],
-AuHk9TcC9kl0dg8/L6UfHIk3e9fgGwSTJAJpVgInhok
---- 47z9lol5MtpX0IsO/0ggLDMcNVfl4lNNvoHUSwOU/18
-)gЪeu�!��-�T�YA�M+��GbMe@�|A,�&��E!܆p=P�=�9��P�!���Q|��r
\ No newline at end of file
+-> ssh-ed25519 cKojmg 46BI3ItrXRWMivmd/K8bmkKlrYFSr8cbehAkmwCskig
+gTjYquH1hDEZ2zWD5P7gN/ejTCH8JJb8bC/VLZ3koeg
+-> ssh-ed25519 jPowng 5MqfJlasDbbqlI0dX98NZzHxmYmnnpveyBxa4z48V0o
+r7Yiv4+SZiDncD0Xzp5eFSP4f2yjGBOILKxEO1iT3Os
+--- l43+JtT28i1YDhNX3hE3Qb7swskOBc5ghDqiyh3rU2s
+�+)����P��n�WT,.���e�NW��� YƱk��F4�#=�)���6���mȵ�J���#
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/lohr/secret.age b/hosts/nixos/porthos/secrets/lohr/secret.age
index fa310b481b361a28d6cfef8a3a387796460ed1f4..1d9c5ba21388406d6991ba35f31c99325ee29e6b 100644
GIT binary patch
delta 332
zcmdnS{GMroPQ6n~o_j!4QBhimhp%U_XHbPxg^O=hRbWP0gjczXwn<2-vzbd^a<-p~
z1($b{ua{Y&yJL86im9=aSD=?kUQ%{MnsJ_EW<_vVR;pi!MN+V#sc}HQFPE;JLUD11
zZfc5=si~o*LRLV2d0x7LwwHfJSiWh9QMN&Zqk)S>UcITSwuh&ox2KC=c0{hBL6~J)
zsCQ{tqMt!ImuF~kLAp<drGbaDvv<CSVYz#7RAEZ0e?&xZwugnAzF|gWUZh)~frpbL
zm#(g^f`M6~UqPv}uX%WZV{vIkV5qyZUx}x4g+Ziws%J=|cc@o*VSuxnX^K}lSK_*B
zeJ*!;SG(SNsB>s#Rp-{}jADJOzpp+0vFvjR`?^gtYiB2%ey4wh#Y6C$<-T7xxF$4S
gn3>wA`TO~aPBx*w$@(hW`0le#KEm+WU2CZo0G{x8>Hq)$

delta 404
zcmaFQw2gU!PQ8b7SW>p9k(pOkwo`hpp^s5=L1|uCX{JFynum{HT3&@&SaOwXk(;rj
z372t}t4CUhS$SxopPyTlTVhyhrk_)2MzD8OZmD;2PC#yHl8bL~N}{R11(&X!LUD11
zZfc5=si~o*LRLV2d0x6gaHVrjnPs+nNmh_|a70RGdcBc(NoHYznOV7uVTeUwu}7-E
zi;-7gj!B>+mqk@dNm{U%Ylf+QQd+5LNs^hbg;#o|sdH37X1I$*h)<wPK~;fSa!8Q@
z$U5U9Bi;0()WqUcE}wLLcS}RV)Tpe~sE~5gij2anR3o!8mo%^J<lv%w?R4)z)8Npg
z{0g6X-@L@kB)?3<!jRM;pCB$>U0sDhQ~k8e?2NF0d~a<(x6-VT;(XIE^W>6BlWhHz
zz?>?#oGQ~QOPB1b$ZRg2A0_%d;oXkDr5#F=_oQEa*djcA?q^*^76+c$D_jlNPwAIX
xcoGzy+BYfV+HYgt*F7gM1SjX;<#Q@A4EcK_X$9|-1ID@E0<MQ7FG))c0079akIeu8

diff --git a/hosts/nixos/porthos/secrets/lohr/ssh-key.age b/hosts/nixos/porthos/secrets/lohr/ssh-key.age
index 30a5e254eb0031110173e2d83b1ad9fba44a8255..477a4d107fcf2627646628c9ea9b06d6fff8c500 100644
GIT binary patch
delta 701
zcmX@kc9(U6PQ6EPkzt}`Qf@(Rrm3rQPMUr}o|Ct>n|W4wetxM_W{{a>Mrv?om1#w$
z0asK}T9ucvX=SB<X<&q3Ze><gx^qyHhjC(_nNy`jc37}skV}!7iEEB!GMBEMLUD11
zZfc5=si~o*LRLV2d0x7LNw#)rvT0~=W{{J!Q+QNTd3~sNNJc@naiUXcm}5weaY&JA
zdQe)qwog?kmr1s3S!t5LX=P+Vm8o}0S&EBgNN#GTQBr8Kk*jlXrG-;aPDFWmrfEPZ
zm#(g^f^&dnMYvOdg@2HHfWLD^fVqWVYDuMMUYNO~d$~crtD|$6VTiL+qGOdS*QLol
z-zJtGNw3$>II%qFD9gK;UmAsfjDF7YvA2&@TYBI9N5jpcB<Z<Xry|q1ye>Vw*!g?$
zA=f!~%66wb2#V4RD%bGZBDVaw$(zGZ6eY|SKiRQH;L2MSA-0EsIyN^<7T@f7Gj&z#
z@%sWQ>Bo}$zM0-mRBO4uWcIuMl3gzx6!boKRwccc$UIymTi-0vIQ8D5DXgALg|Ek~
z61&^5aicr8r0B~xflnE~R|tIXUms!9qZD>>b64^X&l8-@28m7ImWb!aWEvm(dO>qr
z`X>F*)YEtOZdWnq4R>VWdA~M-D{klRTn2f`uq8_$#e__pW;*N2^l#?=U9a2%(pZaD
z_cY$^PT-f?Xu0rc$8Ed%m{ZJUR;T85YE2bc@NJu*^S-}&b^iGY_D{U`OIa;0{9kZS
z_MecXi@L^{lwDb~Ex#|mx#(#|$etO7dAbcj0V)OGZz{fwWvxDz)!y0ibnm9?f!zAb
z<L=+O>gTn4X3G>wL%-XTkK~+rr&_g4ApVKs)?!Z0CNF_y0Y@YceehpnAY^7P=l|&9
zg8RMcwud7w2z@o1S7@^Q*{_?YOVdvr=qOm>$^7`atyBqbT<_k{gdLl{aDQ2T&f=0g
E0N^<?9smFU

delta 808
zcmcc1dYo;7PJNbpN<>(BNN7+<YDiUPiCeyYSwV7MVw9y*W^iU%nQ>I2tD|X@c78#Y
z37183e!h8jk+W-%iMK~^lwXE>afx4+xo@(8NmPNWPkL@iXilJaREVQnF_*5LLUD11
zZfc5=si~o*LRLV2d0x6gii@eKX+W@(i@A?>Qc+@<Z+%68VYX3Kh)bDIfRS;aN0gay
zh*5e<K)F#eSFul+OIB)jzEg@@X_1pxx|>r<Mu|zHXK`p?WV%nNabB6PTSQ4prFT_6
z$T|bv^rF<n;#36<_afyqPXn%WbHhv{zpS*JD(wuTtOCdEM8{Gii;}W*rxf>;lJL|L
z)9}1{b7PNCSI4BP5>pH9<cQSrpyVQNM{Os^<irSlE>Dw+iX6kj(6XGQ)U-&)$k3F`
zJT6^bU4>#(?_`&NKzGkVlSCgsmk0wB?_dv)s7fRK^qkDhU`Nm5EK@h%&=f=Ca;`fK
z{+Db|+*xsKQa7vI^>aMae;+Eo7j<l1vB8~R&h_hrbJoAUsAYURhuii{=oxvgu2(jb
zZ~2+|Mr%3EaCkcNQ)2Czx$Bw#&6jz2Eb8CGPOjvyyWeFn>sdbJ*tB+fPsx+>JHkKS
zTQ=|Wto9qh#V=}N<=h%<T`qoCJ$7(iedgv5U!&H&{PnolQQ+J43LEhnyPkNbc!${*
z@%9%33~Xm9)Ss8Tld-a^K!2zIbwTeYuf*?tahmUEPgr7|&sD3h@9DkrckEVSPZ>eM
z@B>yJM*eOaZ?~N}DUj0ifxqGz@1rwLG7YkO<ZRDvQ-1!=A}w~mUH#WjS?<yvJKL;y
z&hE_p?%no?SI%VCYx8@5R%!(-k<@Ov%GJy(U?r@nSs}z|w7uT$wd!`i8w!z;86E!5
zs?82;m=Zo~!=~?<x-R_&E1%!(6V=^*!_I#BXEv>{y`R~1MDvc$RVdc0IAf^zCs|D4
zfPqw?U`or{^Gc=)S)wlt`Z*rHdz&|b<w}{IPL7E2woAba{;plUZ<XYEJ%0vUooD_I
zViN1T&bkLIxUVw1C~aS@Vw{0Nfoo7eMwj8E$S>AgloU66=k4QO-`ZU3eBF9VRT>`v
DuWd<K

diff --git a/hosts/nixos/porthos/secrets/matrix/mail.age b/hosts/nixos/porthos/secrets/matrix/mail.age
index 1fe3a71..94ddf8c 100644
--- a/hosts/nixos/porthos/secrets/matrix/mail.age
+++ b/hosts/nixos/porthos/secrets/matrix/mail.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg lmu3MinmydRHD0A/YVRRtopermfoBC8M8cTHfVanY1s
-ygrtpZZJ7aeQTblNazpoP7DdifmDxHsE3DFJsIrWX5M
--> ssh-ed25519 jPowng X0cihOc+fBtmtrkEivIHQngdYIobezXEF1x+pHqNzAw
-/+sw9x1NWY0anZhDMpAywBPrR0F4XCHaF9e8j/Yo/kI
--> 32;%1s-grease
-JafjuSZty6a4NSO/y4y5wHWL8Mw
---- dwCl66vdpsL0MR5NWWvg3JUnQ2QZQBeW0Dj0l5tvOKY
-oi,`��#u�wW%Poubڭcy8�����><�F���q��KÂ�k0�k/�h���5势�F+�u� �e�������b��>1Q�2��wn�Wb֖B���i�^xur�-/ll����-�=�7;j�0�I�%Fi������A;Y��Ud]K�I0(� ��Ag���^�uG:�pkJ��:q���WSaLw���!�M�4�L/�Z����D�-X�Ub��v�bP��0��f�9��� ��J`�X���O�!s�{��QA�c�c;����4�M�چݹlxH&����{�}���zZ���9û�X�ܓg�]V���0gt����w�
\ No newline at end of file
+-> ssh-ed25519 cKojmg u+5VWUy7eFq4boAIOhuKXZYD4mhczaUAcjz4+coVggA
+QlBHHgz7uY3TVgex59yZA0XgsIeHi2WN2S+UleC7bMg
+-> ssh-ed25519 jPowng IyeI6WUjF8wxe92xD3xY++4ZqXtY8divB39eLWfAtm8
+eGj8w5X2ydS1LJvNSmo56xzRVoUB0iAKKs2NHX968Yc
+--- hsYH9lUl3wIErJmBKzlWV+gIR5v6vgPIcNDgd0hiRGc
+��@�l��Q�sȄ�ף�D�}^{���X)�nY�JhXhg8w����������Өǂ�w��y(��a���.0>|�PSlO�|��E����鰀��BW�_����)|x4�����\_F�
+Z�o0=dts��j�[���0O+��R�8���i�����������d���8j���
+�g����$x��ò��b��흭��X��g�^���G�����$U��B*��鲡���)[t��Ha�v�7���j��D.z�+�[~�����9����z���`s�,_!^Y��ʯ2H��S�����ŏ��*���@�jZ^����v~غ�@�
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/matrix/secret.age b/hosts/nixos/porthos/secrets/matrix/secret.age
index 539c33e136a17f9caf49f42d65bbb528d78d7158..2c8852de12162394b78cd99ba47006d8a6cc4c0b 100644
GIT binary patch
delta 389
zcmcb|ypVZ<YJIYIepYU}f~8}TyP>0xQNBr7KyaZ?nNz-LUSe)yVwsbdTUJnzNk&Ri
zvW35Qu69N_SFS<1Yni3HXL^!fzDJ;sMP!zHWlDLTsk?cYc}RwjOK^^5MP^8nxkXVn
zm#&>cadC!jYKoDmsiCDpRzQAvUb=#IexSdHzDKFQQ+<__fpbAsu3?#}pI?4Sd6lV|
zMV_mvMV_H!o`-2lpob@yOR=$Km5WiZOSyr5kbZtypmUj9NLWCbZ;qK^X`YXxWrcIT
zXGKbtOIReAuCA^^Zc?dRTA-1mzJ7{9aB*%_UPwuhUz%gSscA}uYf*7>seZ6`cBpfT
zb5=Ij=ekL`OdlS;{Bead<Iz>`eT!c8-#!0*iBx#YiK&Kx5{0wBCiz);@$5U?K1cE4
zy~UR{F<$=kJdxwG%VCx~jvwzt9;!K3*?Y(O?P&plq>eik@rRnVs#@J9YikO2orvE*
oYk#1U<A(XBrxtR|dA2L&{luWRQSC003ZAb__LOC&hAyiC0Jlh(MF0Q*

delta 451
zcmZ3;e2;m8YJFBfetBNHLQ-N{sHs6ng`=ranNhK)X-H_ekyEi@h`Fg#N?JyGh?`?X
zZhmr-nR9MBmy4yNYngjwQI2U@Zc%=Lk*85WkxQ0weqvN`p`(|+kEwTArJufqkG^vt
zm#&>cadC!jYKoDmsiCDpvUh$~Zn{Exrn{MWVvw_Ae!XE<UWQw)i)mSbUsa)xpIef<
zTS20`pHa4}n}wl%RIUk^Yhs~An5njZu~BNOX+>UYNqM@5M|OsPnPX|FwpUefa%re}
zQki2_Rb)QMy4;K!KV9AQqSVCVR0Y-QI^*IT{dg|R2*Z3+SI=Z;gFwq-{VZQEKSxVn
zU&Eq$0}tm=ePhc+!;DZaU0q#;0)qmxB1aSLutcMD{lFYg567s~f}kv?${b7oB%@N3
zl5+nLS6A(dBJ+H%Z0Fdc^8#Aa7CicsZ6<JX-JCx;&$;)#PhYTI$GAH{AopQeUAn_T
zR&Tv8wHBY9-@bX&lCq4`%(mtC4UYBVwcGN&p9$Oic3o;x|28e`$eX&`o9?7NYK%C$
vizoin-x-EU+H*O=k}@R(pKO@&jiKtx&GUuwS6?J?U4DF!=e8hcsls~zbG@i4

diff --git a/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age b/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age
index d375a35..e938cfa 100644
--- a/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age
+++ b/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age
@@ -1,9 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg N182xey8TWRVUWTRP16rT0zlhYZNr/pOZVR7YRnlIkk
-HVqAag55z1cKLgjR3WsUj2wvaVjxm169JcDRJGRvCVU
--> ssh-ed25519 jPowng Dc+aaUTxDsMTY+oOst0SC3ldq1e6zX8F5A5uBL5RHhc
-JWZou6+VaFc5f2OLRIrmFFWg3Er6WSY+TloXU0mP1K8
--> |9_9Aqh%-grease $ X8Mn|5 aKnl' fl<D{T-
-+fAc0cajqxhYWu55HCY
---- SrmtWXQXGYxNTabSrb5tBRXHnK1F22Qoiy7hKYrrF+0
-�D���:,�n0i����^Ɗ`��2�#y'�9���Ҏ���r]�؛�x��S=����uJ�E��c�lH��~eł��Kt�vo'�v+
\ No newline at end of file
+-> ssh-ed25519 cKojmg xRtF3XVc7yPicAV/E4U7mn0itvD0h1BWBTjwunuoe2E
+OkB9sjGB3ulH4Feuyj3Ed0DBG4+mghW/Qpum9oXL/8c
+-> ssh-ed25519 jPowng 1r8drqhz1yZdTq0Kvqya+ArU1C2fkN7Gg9LiWWfeUFg
+cjbxntVwHvqLaJpiKs/Y8ojeb6e3/cLFcsoeuoobfFg
+--- B1qA2PylJBrdZxZtCzlU2kRPvxLM+IrXTvR+ERxVtTY
+"W9��bg��~�/��b4�Ն����I�
+�}�����-���N��C7vW�b��?�8=��w�B�UpJCl�Oș��nO�\
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/miniflux/credentials.age b/hosts/nixos/porthos/secrets/miniflux/credentials.age
index 979015965f433e63c6451fefcfa5511c614dc814..00d89a4b03c4b440ba1e77750fc8ab10cbe7b03a 100644
GIT binary patch
delta 360
zcmcc1+|4{er`|o&GcYgEJ;Wq1%O%s>G%D9KCCo9kFvlPys4yiwFU>1YJJZWGztS_b
zoXa<?GS@xPEU&`9%-OQiyvQUZB&;emGA%FJ+rY>#wZN&=-^|yqQa>}?fJ@g-p}06h
zH#Nn`)YQ;YAuAxiJTF}#ygb;zz`&?9*drw*B01I2x!$PCJlM-9#XCPUDkH?l)GakV
zHP<U5r_?Q(E88zA#3v;z!zCpz)yyd}DnPp;KReR0Ft9LOKfuf+qR`LHJT<(y#3<Q>
zOIKG{!BsolGt;yzI6EVv%rVN>!{6N7G&m(aIN7oy+cem-+{3`a(m%xABR$WTE8u$F
z!^uzhc@qUoeyR$aR$E`6xZrm1H;1)9;-BTICwnWYE<FDIPC%I)2j44>P4x-o?`wW+
z-!SQ$MxX8qoA0SNW<9zeY4QKtZ7+vTNAs8!Lb{p1v;*%5L^Q_bebAbc^Y_?dd5$^G
JwnqQ=0sz;4hcEyD

delta 443
zcmeBXzRNs8r{35s$;HX3pwQ5>*et5Rq{P5CCAlohGPg9O(ydrOz05rz+tMsK(K(~s
zm&+*4JHRU~*xS|HH?=s?r!vRK&$YnY-#w=y%rUYuza+}tBGJ?$z$3@kmrK`9p}06h
zH#Nn`)YQ;YAuAxiJTF}#DA+5?)Fa2y)H5h5DZ@3<sov3`BG@UrJm1}-BEr}w*wimE
zH&NTEA|=9rOFzRiA}h4epggFmB-q(CD$v-|&{I3Y*d;7IAlWp+Bh}5%vcfPVL)$zZ
zWSw(HN<_7#ZhBE_VsWZMsC`wfQJtcKlV4u7f{8tsabciguv4*bn7OH2qQ7=(Vo;e`
znNN6qxPEzJgo&fOX{beZl97IdMR0gzW~ha8B$uwPu7W|itB1B_Rz*m;VX>iadT2&f
zS#qU?t3hgUZkbPkQCe_TNU(WIR#v2k0oTqAPBzI21<zfk`l!CI{}<&|65kYZnDMUv
z`dd?!trP0EGKBOm&AFwMv4VH`>6{s?H|Ld{+-<VMLt8l7D1T<o%q_LXciqz;H|Lq3
l^Rj&Z^}<c-mzuR{L6g>qnpKzY@;PN%{gpHLZ|nS@e*q?7pI!g}

diff --git a/hosts/nixos/porthos/secrets/monitoring/password.age b/hosts/nixos/porthos/secrets/monitoring/password.age
index 410536f..67c75e6 100644
--- a/hosts/nixos/porthos/secrets/monitoring/password.age
+++ b/hosts/nixos/porthos/secrets/monitoring/password.age
@@ -1,10 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg OdLtFHbHbc28rUn47vgsVvXxFNg9nF+9y9R6XOK390Y
-yQQYUPQGjN2+xrSqqBYa7/zS618KrVjX5Amw2MFuSLg
--> ssh-ed25519 jPowng NwUjiLtiXVi6XFmht5l1CxEs3gm0oN4vHYwDZyda7Q4
-di6znVjNRO6QdqteVNkeot5Ko2NwWLe6v+zVR3f+o10
--> 4Vx%\(-grease ^^Z>EC91 R 2BJ d48Wip*s
-yPiBgChRF31XgxccQFLO3MzRL7+5s29sfRoF3W1yUX6Bu59MpxD4D+n/jhLcxSH/
-CxW7KaiOctNmPm5tWh6qjmgQ+V4bcAji5vo4FKs40l56cfyueEJj+Q
---- WUGF28zqK9E1AlOeeCtSHxFg6ikRy85gOoLtBd4m0y0
-.|�rr>�����1��2Sɞ.�hw�wq��%i���	�*U^�)��'q���O2Ӝ�m�Q�7��m`
\ No newline at end of file
+-> ssh-ed25519 cKojmg l5lOlGnbvQ4D2kaSj1dd8Xr+btlNbTkT0SxSz02Vr1E
+Cjy73yKL1N8LnjRXXLpxX+wIOFCa8wrG44VjXUND1lI
+-> ssh-ed25519 jPowng nYHfkP9dRkxu4Fqh8MgrbdZAc8gk+VGDyxIV6RsSeEM
+rKKi1NDoKMMzQ+kUs5ZX4zMqRBI0QwGY7q6K/L9+dLI
+--- Umv3UCtXlApug7uuqmwbQN38i8Lx9/b0uhLgbc3OdZM
+�BLs���?�sӓs�2�y
+R0��!<f�9txB7d���ڊ�^���ɇLJ&�W�<�e]
+�/$$
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/monitoring/secret-key.age b/hosts/nixos/porthos/secrets/monitoring/secret-key.age
index 4cef94fa385ae398c60f78536f661c35edf04631..6ea8c5442a7cda00d8eff218c06933826b82b42e 100644
GIT binary patch
delta 320
zcmey({FrHiPJL;WepH%KX_<DRd780vm}|aEX-I}gN};!_p;1n{hp$Vbe^6FbkbaPn
zFPBGQabZ+`X;4Lea;b-ZX0m}rvQd6$P`Qz(rKyvzrE^ufYni!QKyi4vFPE;JLUD11
zZfc5=si~o*LRLV2d0x7LpMi(FL7J1HrEh4WQJTMJN_~NMg@2TPcvebix@)etf0k!}
zNk(>sp_f}em#<@bNO*>2ifM|uX=Z6vnxj!_plN_bPDyY?l$VK7ierd{QKXN1r9nn9
zm#(g^Lb|1QVnkACNv@NDsb6@uyGw9oc!g_KzGZoSV4{adl6FW*L0Lpva)GZ2SMueE
z>k2|AmRrs+<xDb?TR3%%ZbSD)C4RoCvx9;!c`j2sb2jit$t96!?!c%OZp*U2=mq${
S;GAUd^JhtL$>VFf-dO;eVQ?n^

delta 473
zcmaFN^qYBtPQ8DKVS#Z#wx70>cZHutuBW?ip;3@on2U2#RdJQMg=d9ldT5w_Sw+4_
zHdjWnS!Jq4n45ovWrjyaWuQ}uzoVsPnzma-v3F2@UO-|+hEGzlV^*1aAeXM4LUD11
zZfc5=si~o*LRLV2d0x7Lw}rn)WJ<o7f2vnfXs%awVZBLkrAbtxyGgK{i%FJig@2lP
zgimFKuc1LCS7D)XgsZW3MT(hOL5R10Rb`~UTY0Weu)ls#kcVYtNKU15L14a5K$xW?
z$U1HFTpiu?qSVCVR0ZW)1=C=K%uri(b4PmvF3-aJ;G$9!17p9?^1|W>L+w;=C$mhy
z%CN$EOUH`r6jQ?zPdD!*_b>x(Hw#0<+)@)qw@g1@V}r!>2<OPW>>{p2<G=z(*Ah!#
z^MGQnh$_Rh;B2?Z0JGA_0AFV#mr!SSm#C_|MD3Kk{0J{Y(-M;iOQYP9#G))NU0q!T
zpF}^4^pqT<)DS0qcZ+bRtP=eSSJx0P^WxH=lJdfc@PgdZ)C$*#{8FEEuKhamr^Uxi
zW=M?M@AZbYQ%T~&&Dbjc3oIsEPX_1S6n%G0W_P3Zk{2S9?{*iym_B{&b)QDTYrMwc
O?^gVtnv(g2=K%mZ`=crV

diff --git a/hosts/nixos/porthos/secrets/nextcloud/password.age b/hosts/nixos/porthos/secrets/nextcloud/password.age
index 9fd3c53f866f5e1785e63ec681d2c37ca7762d10..9039eea5eb2d4050f05969a0339f232864189856 100644
GIT binary patch
delta 320
zcmdnN{FrHiPJLpat6`v}msg>Oi@TR!c79Hvn_*^dMVL!Tgm#K)L|9;?laYmCV2*Z%
z0hgs|Xqs7Bh;y)uhmUtfl)jmxwzH9Qpiip5cD8<GQn_(PM7d){WvO|AFPE;JLUD11
zZfc5=si~o*LRLV2d0x7LiBCwWQC65iq=`#uq=8?4Nxe^Kah|h&xo38;sfnq3rG-IA
zQe{<@r)Om`SBY<azGsqYnO9V%W1gQ^ZhAn3lTnqYcS@*xW`wD8W?q?DsiStde|CN(
zm#(g^LX=yCc3NOWYCyPSScZv5ahiE$khW)_V_ueNak*DiK&hpZzPC$8rBiA#S6;(Y
zyO+m4%(P6O9j!a>K+2}eo6d-(RQG7*&QP`Ew^_Kh)-vksm02?{RobyH{24Yuc*CjN
TtSw*pXGQX#o5*qErrQ?)a<6iJ

delta 406
zcmaFNw1atqPQ9x~WtF~JrDvjrQJ96fwtsM7T4G74i&H>SUS(EtP;qKTfmw;ZsbNr<
zFPBe1afqpVR&ipei+@47zEOU0l0|q}MX67jnMXxxl%;o=c}hsWk*Rk^B$uw8LUD11
zZfc5=si~o*LRLV2d0x6gmS3WCmA1P@PDQSTahQ2nT77<Ar9p+Er-_%ZTWFD!xw*D~
zQd*FUp?{DGSEW}_xS4)rfr*o0d0A3sxNlank-xX8e{h~(c|dkmzNe!_g`swZm#>8h
z$hyQ3TWu@H2;KCe)WqUc1=V<c?eKz1LxqfR1ueBe=aljou53%~AdlpT9Q|;Uq@vu6
zoFI$(97FerLbucsH^-8a0CSg;Fq5FFYy*$HD&y>OE?r$+g_1<Kic)PKM{N(U$f(k+
ze8-Y9f3q@e3#amw3J*h1uP~>4m$0a+v=oz2u6OtM>h6#0F4mY;dARhUPmRXx&A)2;
z=ej*={?X)beJz<Y;HRC-MXw6CEn67AJqYBPvXOtv<=)e~UmkMSV>Ou`A<+Q<^+k=o

diff --git a/hosts/nixos/porthos/secrets/nix-cache/cache-key.age b/hosts/nixos/porthos/secrets/nix-cache/cache-key.age
index e0fb5be786d9814da7c81edeea1e47b67a45c4c5..17732edf1ed61d9a02ad41eaefe29cb50634c4e6 100644
GIT binary patch
delta 394
zcmey$yoPy#PQ67&n6{Inw@-1Qg@=A}MR9gcRjId8pn<+~VR=@#S)oORudkPZYof1<
zCznrXmZOn=VU(j|YGhWpSx8A)Zf2TOXuf{9duF<Kd1{JTfq77#dsa}TBbTn7LUD11
zZfc5=si~o*LRLV2d0x6gd6Acsdq7&GQKE&1Pky1lVZD)lq-T}0lZin|RBn=Ej$24r
zkxNlUk#n9am!)HnW3azTRDf$`V7`-QQL%ohg<F1Ec2#M5ph=o%QIvmDXqZ!!cBo@9
zm#(g^Lb$hYn3qXPMv!A@YEDH&vU!r1nRck3e{hjUg{O&6MnJxCra@4mN4B{mSI3#t
z>(^NZir3FK<@IXMT)a<n8GlId+-(+LwSTP>HvZVhQ!`oZxl*B<n|ABlH4Dm4Hcbl8
zI)8fFlS97#68FQdtM7|h{h-WSrNz`}#=E7r_Py1~`K@zir~mTw`?uEkm|G~m3;Yno
trm{Noo5+#&vl}ezHpqNrWpui*B<W(y)H8?ET$1$*!(EQ5GtW-91OO@nmRA4(

delta 467
zcmZ3({FQlvPJM7hgps9xMPiacs&{FLYoJL)WLki>yGN3#WvGRDQdmijfp3t9Z$(sI
zBv(XfZjp&aTAFu&TegdNX_#43ZiQ!_QE7g$p=oe#aixD`a718KVT68eGMBEMLUD11
zZfc5=si~o*LRLV2d0x7LyLU#GnSN%KpJP>Un4^KSQ+<TLt6y?%RZ@U+m|;kWg-M{9
zhgn#PNq$x~S9y+^i=}UgfoYCOj)`e{ijS*BK)ywxN4`&TxuKt5q?vbNfJcRiWnMuf
z$hvYhzig!{-Snc=#Nt%0lmg#~(6TV|;xO-!B44k<<SKuc(4aCiL(3|C14F-@;z)xa
zgNpF_9RI4qs6h7$KeyEU&_d6AE?r$+g$iF!uL$pA1HZDI(26K?AOED#fUweJ_w=L!
z{c^vcjL2k9->AsqbbT{Nu1o*#Yc#nR7;}a=ES6tl)Np3uyMN+Qx4+u|*by&ZHGN*T
z+)1_XXA}0UD3_hT?r7+n-uoN&1PGiL`gNJ%U}T?9KgSF6KN)wtGELK&J};;~>b1}M
zRb*_>Z?}c%VudV0)3bKZzaY83--mtu>$BgJlQz^o6gnp%vv=p)tcPb0t_zC`bbMWB
M{UJ2#_Wv((06ti>3;+NC

diff --git a/hosts/nixos/porthos/secrets/paperless/password.age b/hosts/nixos/porthos/secrets/paperless/password.age
index 3fe76cb..8d545fd 100644
--- a/hosts/nixos/porthos/secrets/paperless/password.age
+++ b/hosts/nixos/porthos/secrets/paperless/password.age
@@ -1,10 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg zhpo89xef68JoeOFWzhdFshrj2BXXUCFPMLVJzv6EyE
-fmJxJi5rmyai9qGwDo7iHg4BrObGre96KCpl+g91O6I
--> ssh-ed25519 jPowng INA6EZdy4J1p3QY5mfVOQXiLdOjIDaZR+CZMP+GfkXM
-8Nf5soaxY5SEzeJca5kaJkx7ByOvc4NkJVetB7wpEmo
--> xjK'w-grease
-f5v0cvlt4JbHlAwDOob86qOInWdlN/oohTg
---- NTGv4rr+MhJ/YeZhVHOjoS1V+zCHFf2itJYfK36R+wE
-�ח�J� d�� o��'YFU�@
-r7��_N$������>���]hq�-�F۰qX�?�|?��
\ No newline at end of file
+-> ssh-ed25519 cKojmg 1hbRAuAGrTy6nmkAq+UWua8weywphZsTIGF68YQEOlQ
+92Q7uIKv1EiO73wMh53jrTuEkzP6ziBmX9SWXCl4d3w
+-> ssh-ed25519 jPowng aPb9v/S/mLW95Qom+swvasqY878RxpxxOkMJA2wb6nY
+qu/dzcqciqKzNc28HqFMHA1XnrJy+/wWgbfM1+BrlkE
+--- 8PXOozvZzNZQD2OT4a+0XuIQauzUGSvovdfDugmp+bc
+x�����>���禩����_�C9d�T5��KzЄq�cZ��ɾp�����ใ�v
+)�����
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/paperless/secret-key.age b/hosts/nixos/porthos/secrets/paperless/secret-key.age
index eae5c56..70cb898 100644
--- a/hosts/nixos/porthos/secrets/paperless/secret-key.age
+++ b/hosts/nixos/porthos/secrets/paperless/secret-key.age
@@ -1,10 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg tZwn2usN6K62oS4vBa6boh9zEp/+cS4chP8boXG6SH4
-Fr3kV8gUDoiDqMxPYWsHyww8umYhQEKhqbVBiVw5NeI
--> ssh-ed25519 jPowng wRbJl4G85obH/GluQBBsXE7MOvooEui65eqHfurvuQs
-KqVZMBSyHhkayEdwI6ocmA4qhHY9zYJvg1CEKM1SOa0
--> 2E"/OFW-grease o Qp3HFe^
-bGhCNicPqt7txqxUiEWXCFs1OuQLqOqHmjHSqYQv919dqYep/xBXzi/aRf3dsdvh
-TCJCTvZG31Qxvikp
---- xKJGbdVp+Z5h0vCBleSF2zYYYd2S5i0y4szNqjRwrDY
-T�/N����i7m4�#�Mhi�P���ޛ��-�gI��%@E�(�i�7����Yg�k��"+㸠��(�]o�������@b��ާ+�[�Y"���B��CR[ >-�.4d��b9v
\ No newline at end of file
+-> ssh-ed25519 cKojmg r3ZUTfSNcHc1TS2fVtk99Y2xJMMunkwkcR0dQIdiCi4
+LICSnzAaooGy6x4wt0vNM6YtQ4S17QohZNt7lfVrD6Q
+-> ssh-ed25519 jPowng KLU68ws4lemr0wWHxm8H8pf1SQAoUZTN4QSPzk2PyHk
+6pjH1pI956oaf9ZIHPPq8p3g/mZC5GxWhWkT54Wohf0
+--- cAQbniTwwtTftfXU/dGtA69yF/hh8iB97vHxvkIZMMo
+�c#�=^�~?5�-w�NT�̡��+���!z�� "� Z�"2�����M!p�5�V���j�Ρѡ���L���y��Ź���n�Ċ8zQ��+���ة9WS����0�u}YÚ
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/podgrab/password.age b/hosts/nixos/porthos/secrets/podgrab/password.age
index 90e2501..d50dc28 100644
--- a/hosts/nixos/porthos/secrets/podgrab/password.age
+++ b/hosts/nixos/porthos/secrets/podgrab/password.age
@@ -1,9 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg 8rcBI7fYHuA3jO6EzJNFaAj2niIApKDt1HQEv61AKTs
-ANxkIX/CeI7t7Zqp6wmjt/D194Z+xpeiidb+qvYzoQU
--> ssh-ed25519 jPowng oruewwTM9X/HjjcmOPcQVdp02rQBlgJPdzvlAffs3T0
-MrO0kaNhjgOkNHuz3NrIMWXNrXOHH9dT/Fk6hoQNKyY
--> COK%H7-grease
-6yfI90QurOKlM+kgpW8KZ/iBzDYD9yhNmjG1LQ
---- uArz8eHg8sLO0sdlkM6cELFh+FHiI5BrM0+iXJxxiDo
-�v�v���N�b�@��F�MM�Y����&��/%���m���t�֓�d�h��|���ߩ8�� ڽ�9���C�/�
\ No newline at end of file
+-> ssh-ed25519 cKojmg bICZUDqk/C2divEZu2lxUDsrtS1inSbDbS8hxJSJfHc
+FsfueyP6WCesAu5EcXIxxtvbb8RX09qNTN9GvuhYuTw
+-> ssh-ed25519 jPowng Uujsu6c+QTXqCNi6c+zxk5tf0UQcG+Qm/SZF4dzSKCY
+RPVNNNauz73A8kWA0VSQiMWCerUkxPoXG2MUrFly3Bc
+--- 8h4hGasOwZxk+i5aQfg6AzdA1G4wROhxz2rmM9u41b8
+{R��h�=42��y�Й�����j�����MWQ����%�X���	���]���J��K����]�F��?���QK���
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/sso/ambroisie/password-hash.age b/hosts/nixos/porthos/secrets/sso/ambroisie/password-hash.age
index 10d9eaa37c8cc1c8795083db6f5b34d20a30b9db..efbd945037f705059145bbc665e1be54856efb6d 100644
GIT binary patch
delta 348
zcmX@j{GVxpPJLjBn_r?uMV_~LNS3EbSb2m~wokdIlaG6%YgtBeMt)&lpkt-KlW%gc
zBUf%gV3|vHVn9Vmct%;4ewtT$q=##`QAC)zMRBNirdxndM7T+KVz#G|FPE;JLUD11
zZfc5=si~o*LRLV2d0x6gu~Al~sYy~`MwxzMo>y>=X?<cuXoRVUc2Rbkdq{Cnc1DS}
zshdw#nOV3emuF>0SaG67iMwTlS4u&ozd?zGr*E>iK|y%ASz@SHm|0Gmv5~i*d$x8l
zm#(g^f{&$nxm#JGhfhv&WSCESXp(W5tFM7mc3_s1ak9H}if6GwglCYCU!t2Ym)hSn
z&mB%%7lmpaD*x%ox_ra_B`;1z^~4!Iw!i*m+AD^=YPa51hWzhcw)lr*RDIKJ?dP*^
xS~v2a%{4xs$`^G(?DeA6md~HJUE;3Z6n{Q2>FH+9^Fk^-$Gx384qf703IH<+gn<A6

delta 425
zcmey*beegBPJL9UV_1r-d1+FCscCwMb5wY+i*bdQwzFTbsezA&N0Fz2g=M~3p^u@V
z0auo>c2c;7Q*LrbVN^vxltq<6x}&36kZ+-zOG$CQc~XYHc2$yhS+18;D3`9CLUD11
zZfc5=si~o*LRLV2d0x7LX_!fPewm@4fm>#}U$SvQNqu^xnT1c7c1S_0t7(N(Qb@UH
zu#vH$evWfGS8}?kc9v^YMtDYXs6}F=XPQr9khZ_6TZLypesW26g=2VRmUC2Mo{?KV
z$U5^%uSnhWqSVCVR0VDAs6-u01?xZ+^<V|lf?_q(5H9_o#NgCyvmF1tl%T-SG?&C+
zkJ6y}9P`rf3{SJ*(){EwKiAAc16K<!U0q#;fF#$F5SMh%F!xIDsLEiM9LrMkEJIf(
zFR!wIoM4yW>{OquvH<TC3rkn7yGzRFHI&CVEdCL^o}(h^MCB>ll8n~|v2)jKIk>QS
z`MI|uTekf6wwH@~H8DZ*(&uBZwi$(N`%v|7%H=moE1d4?CI=h~?PW+>8M;VF%kO&B
U*E276<{P~f6P}c?U{=j807|!-kN^Mx

diff --git a/hosts/nixos/porthos/secrets/sso/ambroisie/totp-secret.age b/hosts/nixos/porthos/secrets/sso/ambroisie/totp-secret.age
index c5ce19b60a266757ce1389831e273adcd6b6abba..211bec374f0773a28906a9d0d52f0a1dbfb6dd92 100644
GIT binary patch
delta 340
zcmdnR{GDlnPQ7V>M@V^|W0{w$TZx;WPlZWdWN>D=VM=LLs<W}HzeQ1gv6HD;l2fHe
zI#-3iM`}@eU|Lpaxp#3@fO9}tscC9SW|qH8R(@EzXFyrHt7E2Vu5(C$BbTn7LUD11
zZfc5=si~o*LRLV2d0x7Lr)yQZQ&>evj<1JDXkuuhQN5p=QCM0=cvV_KZiK$0VPKk9
zx_e+!nsKl%SBA4&wnvVaVOm~5VR^WdwsB-gK%qyNg;7dcc$K4tUsOe&zel)blu@QD
zm#(g^f?t?{Wks5sr=LekZb4*Jq)%|Ld$xsPu)bGvuuD=_W~qg7K|x}+WkrxHmuu7Z
z!=g_QeD+<O8#?O^ule`4+ukm3X?Jzd$ysQ_e^%?r?}%3ka;v2Hz3y!G4%-{%bne9C
p%q30>Twl%b|9Q1z&XaTLhYqq#&DWjwcbfWnhfjHj8c(?u0su`GfyDp-

delta 408
zcmey)w2OIyPQ9CfbF!ODkb7W=OOa)HM1*BVKzLfIZ-IwXctk~3y1Ausj$1)tnwO<>
zIhSX;S7~Zdg=v79aj<EqMUk;_sBwv7UWSW{L9k;)glDOXze}ETfm^7DE0?aFLUD11
zZfc5=si~o*LRLV2d0x7LVQNyQM?h|lXJL|QNrt(8S-nTLUus^YN2P&FX@+5mYm`}<
zca(o#m~%)rS8{}TS%iCOg<Dp3l&7b5v5`k<K}l$Ouv=bnSWs?dj#qL;QDRkES%|qK
z$hw+3-Snc=#Nt#19fe}UavcQ+lK=<p=x8g2f;_IgqVimye6K>U4E>-GBUd-yC^r*x
z-}IDv@65zhcc=1D({wIfU0sEgGDn}JQ2!i*RFCXXV_y$nV{^-pOnswDck>GKNMnQW
z;FNTiU>~E%(nzk2tr1I7>?>Wrmd6|KmiujbBP8qEK7)P77QgWQHlJbX1ebeJ3cFr+
zUfj{Rb$zw5XU~NnNf`oGb5iZ=#JwUbCLeOVeKuB5s3>@*8`G9@Gn-v!ZXZd{SPTG_
CgOZj2

diff --git a/hosts/nixos/porthos/secrets/sso/auth-key.age b/hosts/nixos/porthos/secrets/sso/auth-key.age
index 4e05b15362db0aa4da54df2c747e5d4bd86d001e..1c1247026fd209d9cfaf58b8e786265c72cdc320 100644
GIT binary patch
delta 417
zcmaFNe3*HHPQ6h^S)hM-UWl`!o0++HMqoxnp1XcplC!ycL2`+Yc}|31VTQAZQDtaG
zAeWzegj<AhqKC0hUbdl&qhVQoM7ep6f2Bc6L1|HVdTNw&N?B-_NqR(-0hg|wLUD11
zZfc5=si~o*LRLV2d0x6gT4hvlVv><dxtYF~PllJLTfLWsi+hTbf1zneUZA$AMT(P?
zTVA?RVNgaWS6;eyRkm4PVQ^G{Q);kNmPv|7NLGY-Xo;a)jzvg8L6~QRdy%hcVwh7t
zm#(g^g1@VAkg0j1Nmyc#e}<c(w@-vgq`O5_a+0fWn2T$cS43rwe`S?<agbv^m;IZp
zg2qrL=Xzzw%|A@-ZHqfw?F|+_X82|69N&KT_S+g6gY!Sz)P5F;-FAPwVezZQ(Qh|T
z+J4#gLg<4Zj8|`LpBZJd!YaG(jj+;*758km>O{?a@$ZS@!fj{jJr*aoN%>BA*rPvr
zPG5{;%N+YJdqVpk#?Mnu_$0lD_0}Pkb<ZyC&^f32aPdu}gHnf&S+5KcPfT}c(Ov2>
Sc{Zcf>|YAJujjI7-vj{L;-y0X

delta 449
zcmX@i{Fr%yPQ6KLa-x4)qJF-Aq=CM%r(02)nQu^eSwyZ=SX6L`rMaJnWl5SxaGsyB
zBUgT=Ta~AwQHrmTZ&rDtVU>AOK}JrdVOWrBs++s3c5Y;)Yh|umq`R}D374*&LUD11
zZfc5=si~o*LRLV2d0x6grcYt6ws%%exT$Gio|k1&d3{o5c0gfhMunG$cY3&Qc2bU?
zzME;HSEQRKmr-F=u!)nuQAmiNdtqKta&bhCpLtHGS4M_Ys;fy^s#{b^W^hWjsi8|K
z$T~fz>?D&a-Snc=#Nt%0vVfrM^rQeo3*S=DvT`n6U0sDNAImDANaG-nkgS57Aj^zG
zU;Xm>LL*l*H&4TmGMB*O@H`8%vJ}${?ZkYp{g$C;4sOrxSUBmO`=-UdoyIGZE7@9Z
zUe7X%2>Lx`=jWVOhUsC~R$sV!^<>g*erXM-^tp`&ZfU<?%sH@cBA?OZ$2%`+n?3!R
zvuN+U&$mAZsJ}DcuxVxld+(PouMV$z@obGlQ_d;Hd$+CZA~wyI_@n-PL)M82W>YJ^
xes<)U`r7NKiH;)kwLAA^ZfK`jPDp>(_R{5$@^>rg_>_IWOw4<~GB!`R4gjazwKxC(

diff --git a/hosts/nixos/porthos/secrets/tandoor-recipes/secret-key.age b/hosts/nixos/porthos/secrets/tandoor-recipes/secret-key.age
index 2ec147d8edff2730442d1ae253609e27bd43bec4..d6db3710f922d6d3d4f9b65cd05c07f0858cccfd 100644
GIT binary patch
delta 370
zcmeys+{ZjYwLaN9KPxv~!OYk<H89IKB1=0vGOfrdSidUGI6pKc!aO-6H9R8AEHpRG
zHz&d;B)~nHtI|6^CAT6uJ1IXSJ=Z<m*C;B?$4KAQCoMHA$~8E*%plo4#K_yt*fYS9
zOV>`JxHv;MHO0u()X-8PD<Ho-FI~Z@tROicGsh)8xW2&8uq4$tG%>KSDj><-Bs?uI
zGG9O4%fhR|z{$hXH=~#<Da0bxw=&$=*|*Hyq%u9qGchS8I4IlSGs(ZGI6bf`FVZzk
zKRd&y(4d@4S65ddEj`5BIm{`j)YmPfGCQxx$Voe+GCicK(zwFYQ$MiKJuo~c(Ky4+
z*EEvrN4BWcIW0rYl(p$D8%qp66r70sduh_`AMSrE(ph_c6uy3)v(@xuU(|h{bB$5c
zEnP0%WVmpqbos2+#Zxqx)m(Ku*s?1OIb2fAFFsuo`|;xCkQts4(av4vPbOIhDSH(%
SExg@2X=g)p&K=<yD{}xm!i+`$

delta 469
zcmeBU{=hszwLU8#zdSEpA;P5G!qO+)*fLGOGR)H>(#XfzD<iwitIRmt$2=#{xWGTe
zG$g3NEUB`XOIyDxC9vG2DkUc>)zmR7CEL`g!qU}0(>Xgi#8N*pqcF;&C^^g^%{<bP
zOV>`JxHv;MHO0u()X-8P**iZgH(enj$KSOiIo&iPyWTH7FxxF9Ei6gfDKppDxY(yW
z$1K+@+uNtetH9aNJt&#0(8SEyG%_?j+q}HUB_PirJu)~uEZZf;tuQgt(7!NDJJ}%3
zvLq=qz`_J%ovTTXZhBE_VsWZMxV}QIs%wf)rmlj&LS7=5i(83-Sz3WXQl*cZV_HT;
zri*KRXrO;!zO#0^Wo}lPVV+x=wxd~&Pl2~*u7|skMM|1eKtQf<se7?^QL15PC0B7e
zm#(g^LRF%1O1f)ch`(d9x0iWJQfh9gzOT8dqf=5=Wr|0Nah0RHZ)A=^q<@|Tm(ii-
z9r<1!rmq-<_l8IAYdt+zFDhjI);VcYR&z|a=Xb;B&!bhghn#0An13~&t5+K;5R}t(
zucU~<pem>_tC7F+0_U6PnO_c6PEwfYHd8~|>*j}ULBIRVg&R|*-+r=fV_jZ7dxC8m
Lhh^qsx9}nW?r5cc

diff --git a/hosts/nixos/porthos/secrets/transmission/credentials.age b/hosts/nixos/porthos/secrets/transmission/credentials.age
index 4f407fa..16f90b6 100644
--- a/hosts/nixos/porthos/secrets/transmission/credentials.age
+++ b/hosts/nixos/porthos/secrets/transmission/credentials.age
@@ -1,10 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg mP2H3PWJN6Pv3q6C2wci3KnXjtFAIiuGy0YH0sGIy2g
-f43QqyUQfTYznszub47kgc2Mz95zVScTDkwnG3INi9U
--> ssh-ed25519 jPowng fENbu7+FZ1mnQQHQCLm1spLHmsQGlRoJResUJtGzYkY
-hX+AqCkLCca6m/aKtGCThi7/mCCz/TZQNJNOlOmlqyA
--> J<-grease
-n7+CPRr4oazWnE7yzpJN2ZAI4QrGsAerloP4wNeebjQDx8+IxJq1JE0g3Yi0RxzN
-chDccuSPLYk45Ov+SD/qqqFZlQ
---- p81HYw3LFj+qz2kiZsDcevM4ZBfvN743P9Jdi7J9XkM
-���۱S�7��������V��B���������O�lEt�����q�</Ǘة9��(�P�$W�0h;����Jy�fe�� >�_D,P�VFp\�"AM}�g?����/\��;�y��Ӛ(��S�K�
\ No newline at end of file
+-> ssh-ed25519 cKojmg Froxrdh4H2Bsj4X2xicyBXHPRlbkRJAOztoTfzxItSM
+FnsLS2QYm8mJUO+c152FieLCFkALxxwQLnY4PAj8zsU
+-> ssh-ed25519 jPowng pKl4p02M+U5JsiOnM2wXL5bkPwsI3IHjlTutlvez3zM
+NSuOFsyV8JqtTq97lNzacJnJ3YZgWp53XxU3mjUlcMQ
+--- 2TK2ViFblmDheaYdat/GF0ze1wVsla1EPLaeRdMM4Gs
+��ըENܞ�m�2u�~Ju�b��t[�$T��^�2����j���i@x�Ҹ*İg[M�H��X�!��6�ez���DW]��<��`X������P�����ޛ
+��q*�o����$���<�
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/vikunja/mail.age b/hosts/nixos/porthos/secrets/vikunja/mail.age
index 4c83acd8586c808c5938889471406eeb283c550a..864e5be1b389dad8408ecef2710b33f6d632a9ce 100644
GIT binary patch
delta 546
zcmaFDdYEN`PJO;<Xufl?r%6#+m6wHyV_<P<Zc?RdUV2VWXmW6%lR-{Yxuu&ymA8eF
zBUeRGa$%TupnqXmL8@<5rk`_4cvwbeP@=0-Vr80fa+#TFMRJj+cSu^LCzr0BLUD11
zZfc5=si~o*LRLV2d0x6gm0MIua7kfmqFbf5hnKsbalLDpk)?KENt$+kVnm2{ag<+P
zMruh}j$f4tmuX6|W2IA7l9#b(nxVJ9Wm#E~ziFsPnOmB7p`ocsMMzm-QmLsyh?{#d
zm#(g^g1&E7WKgA9Kty(xV{(YEZ()griN1Dlwzpeyse4k2Ta>X=gh!O2X=PO;mwwEg
z(}x4qz3UCQnpT*`23GlRk9n|8<o~^?vwg&P*e3i+o6Hh7{rgIr8QN!@8##XLxmVV#
z@TN^usmV<K)^_`sBE|U!zAQg<!K1P3|CQer$0fg;GfUTg-8}6?*^b}8CmE_;P~u#%
z%<c5ko2my@uU@Np_e8zrYoGG%l(620d7<w#?Hm4m|3Cfjhx#1_|1KV_U6Y?88+`rX
z@|qtzLz@0si=OO`6-eXrow1Img89h?yA0#ox8yEYZx0t^f2+62P*81`&o|Al_cz*R
z8(a$xPMTA5Dr{!ACR@mx-z(oc{k7^l`uc<H^!598>viwVDe|10_QK+aV%=%4)aBwf
y+l@Kwt*3v=R`J+3>qIuEwDwc8JxdO;t)Ki~K4Fq_*o;g5b9a}#GkCxydKmyF>FIp{

delta 708
zcmX@i@`QDQPQ8&!s;75asj-=Vc$A@2PL+#MWKwcYXryzpNkmFTZbfL4Z-84_NUm9k
zBUh%Sca>X7Qe?23pG8@DxS><3fsdt|wrO#mr=drfcA%$IWO9k2rDe8XK9{bYLUD11
zZfc5=si~o*LRLV2d0x7Le`sQ+e`G<SdxT$@V^CFye|@@XRA6zgeuSG@xwA=_SCxx<
zaj1Dtx<z(2S9n!OMxH@MWo~(Zv0qM9nO~BLZ$@~PQ+h_8PjFdqSz549W@(tEWom{2
z$hsg!r&`_gqSVCVRE3xjC51d^18XNE1v|ww5BKPrd<9GExYEL4s{$^g?0{keS7YBq
zBk$Du<TSr5Q^QE(i14rs=M??Isti9b&!{4=Y&SFQFr(1aiqbOA^fYa!VmCuyr<}s7
z(o%B|uCU_5%8DXSe+%bC6TeDFXFpSSmymET{lKKCq7e6TmpngjqfC#m63>)0(~Oc3
zZEep;E?r$+1;;4Atn7Tl49A?ZM17~yygak|((Fjr@KO^$pJ2zZw4kaq{amNiirkdK
zWUkNZ1+0;p>Ib}ojQ;IZdbeZw#r~f=9XTW7lzR7Ed|2&b{4r|Hmi({!tEa7F;<VFh
z3jJ7|`{>TmJN;|_@7-8x@VdfxmwBsZ2*>4+LryKP_L++w`d_h=W&76W_b=AUT)Mtw
zzRRX1zv?q2+<tgY`{$XH+xDj7-l^F?vwc6+xHsMMws>>p#iqwxTlMxD%U+q!=*4@_
z#B<-aa53o_mtS_;?%ycyG2x1KDZ`_W+#8EyzC99-w@BSC&A!3EQ`aUSqi5&ZlFX|e
z&(`}*OX=T}c2qFX$~W*riC|V}tIft0vv*&Ts-J2scHx(y?W9*8FGB++yso`EA;x^Q
zkJBn%rJs6Y6(Uz8Pw~oLw`9Aq>SXj)!-xN0h>6XesnnUXhI#I`jqguSa5;5DVJ84Q
C^c&{@

diff --git a/hosts/nixos/porthos/secrets/wireguard/private-key.age b/hosts/nixos/porthos/secrets/wireguard/private-key.age
index 4abe1e5..d7e292e 100644
--- a/hosts/nixos/porthos/secrets/wireguard/private-key.age
+++ b/hosts/nixos/porthos/secrets/wireguard/private-key.age
@@ -1,10 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg +WwRpd2MzycutQFXyLsr2+GzSgF67Z6UuvyqYZaLd3w
-sppt8HzaZP3yxnvnhzjl18Trnz8g3VyXJ6CaVBWd7jA
--> ssh-ed25519 jPowng wanoqGB7T8bim/WZ4IAYViFQoGzaIZSgeoTr3YKpeTY
-ihDAdGa1XVW/qQz40V1v7a7iK7tu0EHMa7ayIogpcRw
--> l-grease |PIcZ NIr >0;*
-4o8o0bevQZ6uDSx1WxxlDCURbFCM+yK1XPdrb9aztCSvG2a+ne78E42l5rBcoH7I
-m51A8uWS4nSj36N/76v6K4kelxKzWUg
---- O6cGbTAVbDcdmPHf7UzfZiyiRtu1yfL4sBI+CkJA1qw
-�q��$�`�w'�S�X�]�������?�6��/�N(B��N�a�.��H�7��I����oz�/4:sK",7J
\ No newline at end of file
+-> ssh-ed25519 cKojmg KslHl4v8yCsKZn5TduLgpTfpTi1uOInC9N2e8Ow83FI
+NzcJJr8kw1ykAdWRZOeWdNhx0BTgE7FwTKcge+yLJ/w
+-> ssh-ed25519 jPowng YGWcOai0A9l2HDZyV0GtD8kEbY/xTUssODFBcseWAkA
+nJaHXkipFSHdyektoKV5y1jQrjkvnU7pwZwAymiQm7M
+--- IgWkDulol1jRa+pcx7DbEy5pvC+2nrRJHsdQVPvPur0
+Bb<Ōb!��E?:���=�srJC���Kz5���{��4`�&N0�����57��v��+�1
++(d��{�Q��
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/woodpecker/gitea.age b/hosts/nixos/porthos/secrets/woodpecker/gitea.age
index e6ede6cc39553e75fd77dee696e90dd193a3daf0..11817ff5ec8bfb3860c5ef36305a12ecc012e668 100644
GIT binary patch
delta 437
zcmbQwa)Eh*YJIYIepYU}f=`IMM}?trVrErPsb7juVxf6hg{y03QF4}Bj%9vOuxp^c
zNlK|(RZ+MBSB_Ifie;XDx<N>=nP*zKQHXP~bDo>NL1>akRH>m+NP4MxM1GW4qP~AJ
zm#&>cadC!jYKoDmsiCDpRzQAvUb=!sN_L`0a9FxwVtr+>afnx%nTv_Jr(s!8foFMz
zc3Eh!rAc~zSaC*9X;3+rXMR|DWsY-6g-L)}ma#!#XpyUXZd9;ePF}J{U{+O`p^veP
zeu{Qrs-p#$uCA_vvv-w2j&GE2j$2h(vAaP)l2@{`bE<b`etv<sfn#NnuXea$N?}QI
zs*f*MNd51S`Dr|ssZY<A?KJ<d5&kE2?p)u;sZ#L^=G?sLJ*(bNcW>L5GqrOrI^5G?
zKbd-W*F;N)qce})x)eLByZ!Zo^m)aX*VM=Sbr0(^3ZF68Hpcl9!@+acTwnh=;<izc
zP5G|#tjmkbPo=g`u}oWI`c}tghE>qVy?IY9+MQ1;T`>&I){{FKD)MMviu1F@aneS=
m=SB#H8p>Hntu=hu&c<JzBg%j1%iqb3zoyF1zWP;#?G^wdkgekY

delta 516
zcmcb>JfCHPYJFBfetBNHLWWmSMOCOvzG11iSB9razF~S%g=L0?d6`?Fzh!DbXpW~x
zRiJi-iC3j7SB|e+VUVd~R*<`yWne^QvTt^3R)DupZl;B!Z;-RUS(;CFntq9~i+fTa
zm#&>cadC!jYKoDmsiCDpvUh$~Zn}cGpTD<RuA@<rN4-~Igno%(R7ha5TUlb7c6o4$
zg}a$$hN)#mKt)KZg=0QfNr0(GrFNP{RdTvnvRkTANQk?uNko)$fJJsiMvh;xr-^@R
zO14Rqmr*guIx~Gk-?Wk(-Snc=#Nt#1Ggtk>a#w{kD+OJJA}-fTf3wnHU&|6Fzv2j!
zq=@u-(~_*5qyiKDq9A?!^dJvI;~>l6{7~;=kG!DDKrUTfU4<z3yr4Y8d}oWuERUqh
z;3Dtju%t*I(~>}c=j?#IH1n_|uQaEmLbFgOPp+(t`Z<=o&zq(+7@5aM)KAiUa3*)7
z+c#aI)%h<}qyzr$7jD0?H{p%fm294h9U(pwoN7PJe(}}r+iUx@?x!ZA+zRiazVTge
zx@4cE_%*+BcI3nI-jf`RLQ;q3p4Ck`tIHM;zwU9J;W>9x#uf6meep9-o@I#2*n8qZ
zcI)<s>RY#WeDR9zxIBSN)8({f8ZWz}XW~Cs^{?lSS55i(XAZy2PQCMT(*J9;7Oh;l
KFmi{|!;=7;aKaz}

diff --git a/hosts/nixos/porthos/secrets/woodpecker/secret.age b/hosts/nixos/porthos/secrets/woodpecker/secret.age
index 63a4862..89bcb6b 100644
--- a/hosts/nixos/porthos/secrets/woodpecker/secret.age
+++ b/hosts/nixos/porthos/secrets/woodpecker/secret.age
@@ -1,10 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 jPowng yz0I+AazPmamF7NOnwYNrPE/ArarU01jd2mVDJUPSTY
-6Y/YQ7gb8cAZf3zT9SKOorvfUnU7kYff+gHh8fG2mY8
--> ssh-ed25519 cKojmg 0FZU9v8eHsVeE+EoX9Y4IgfIj/8+45waPaSnSDb961I
-L6SzJoh5xqai45scoVAa6v9zslBGFYNnZY044d470uQ
--> I[G-grease p
-AMRQY1alSzHi/PLL80kcvnM1Z9YNfoUo9u5alWXYMyzrRsg+vXjMuBvAXg3fmnzr
-wdOowTYMRV+jEG8vzkcQTsv+f7JIyo4DvOOaPyGfWMl1
---- ih3IAFPcN1JP3FP1vcRGnPrfk91yrnIX0m/Szkbcf7Q
-�mW�r���_\)Ͱ]Q��xM�s/݃�ݪ���6�k���Y�x�My��J���G��)i2_'֜HF��.�g_�e5�#u�t��ՠ7j��P��'Tޥ8��\I�W�U��K��1ں9��
\ No newline at end of file
+-> ssh-ed25519 cKojmg tAW2hbBSxsael6cdbN+vI4h1/PMNrWYct8cppCAasn0
+cex/wBTviSIXc8clNm5PGltTYa1Q5PwqlX4BGsNHiyU
+-> ssh-ed25519 jPowng YxfhtpytvuhIARQAaJ0w94aOZiGNUOBR0pF+Sp80D2k
+nMon/VdYUQTs6LFccDGeIKWeNYib1wwtFmEYZkDZxg0
+--- giL477X0+uZ2Ocvbixt5f5kNc1laj5P79oW8P9XsNP0
+���d>�cE?nb�v�_�'2����յ�_6P�u:�us�E�8���ϓxuڶ̪��x�̧�C[�����.��6�� �q����J��5G�K�)N<�yYɥtX=l7T�2���R�
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/woodpecker/ssh/private-key.age b/hosts/nixos/porthos/secrets/woodpecker/ssh/private-key.age
index 0211701ba0ee3d8ef341b6d69d70ccaa25b8379b..b0b7b46ea02749ddeed2e60237daf1972b7be672 100644
GIT binary patch
literal 3703
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSn_Ri1BO;<3lbd5?k
zDD*1LHLx@<sPuF<^iQ&=h%!tGGV(1oFwF}uN{=uM%BnI?59JDVGY!hluQW6cFb?p@
zNDW8}adV6+O;2?<FSK-YbMtibGtMmYPcrg$GeNg4D<Ho-FI^!ZtT;7LJ1Z+U*EKAt
z&^SB7sH)t_CpfIo-^i=nygWbGpwzD@G(0pkCz;D6KiJPZ+ao(EH#H;It;##i#M2_f
zr^rk{EyN%-*T2L)(L&$N-!MHXIGIaVS689JJS8a4)wMV?%-^`M+|x3=$U8XI)F&w2
z(J?zJFT&Ktyu{1fEz->?EuU*cROc){PW#eVe+?#YjV~<pP@T2f-0S(j?uNV<5_St;
z2nycY_2|sCqpJn32yS^A@TKYVq(h2(pCn9rc1`H&@<jzlmVDk_7LqS~;9Bg`)TK{8
zX76`h{cs)cQDgIVjij?{BcF0a?N};WHZ6*wqHj@8NI{>YT+GJCEKy-`5$>Y0vnjLE
zZJj%BbaH<x<enCx`(W1INGlb29`&aiqQCdQ+30sj!*0R$k5QZ6eJq?|GH;LU;ee-`
zv=z3uN@*VIp4*?e=i3}M`7ho1mqK#?eDl&iyFr36A<?nqV9(@DN9KlTzm2ZrX4%@d
z@#+rF+Wh$0Qy+@&j6c`5X5%W^6D}1WYt<$M+tuH<UApAm)HKOevz5LFR89<wJpKRS
zp8MJJbTnu0)%!N_OwC5eTSslA=CMRX-BM~!|6*f#^zC{T-96L3uBdtDI_HN^Q^uRw
zAH^?j+T(pI*+<dm5O3_gk3Y+je{MPTwf6X}!s5ACOnfff>uY&%C%-!I^3U(SuQOTp
z2T%K~y6TSlYRAwSd*(&2Y@IlD!~DPtf73d4*gie6S>^a=U*&b7+k6<@SFDjbtZmtG
zE!}q(>z7l4F52ZaS-)*v&g#znP`-9ow`@i0p4(h670qoD4<#u#v<hr5+va}Zl|B2P
zRxvTN2P|5@TyxW7-}H1#F>tSMYi{K*Dc`_y@cf0#F{>3HKZ}?)?}6j@=}mg?yuSVW
zT=`^j;~{Q)kIRbd^cPOi+_>cF&3A#{6t`B-Tlv$S!>ar08Ot6<dAqq?5>KmcOy9I5
zWM8|9HEaHUAE&c?hmXY_;+8ag$u>Lf&!0^l-M{U>7*5-xJy}5NuX?+X#>&|J^Ikda
znh>9G&+Ua=60@D&Tc*v+<rW@GPAU)PT&i<<i~DuIm4CV;pM)}q?tGThd9WyIjmyEJ
z{rrwCJ(?_!_lZ7M?OFWcuVZz`>41HiuN$XmvV>lnAF7nQ*C}|eYh+8!`g4(c*NJ?)
z9WTtRFMZ^6{6^m%qrF1kigr((?sj;(((E07udn=c=tz3As={J}tXuznBsjG8mfh0+
zc{}lwPQKaerC)k`F8eZV-N=5gK=b_J?KiBRs~yRgQMR?75c+7!gS%`u-`RZ(%$;p?
z_v8H4%=u!8Dn47)r|)m`^fdTVdgR>4DeF|H%u?NJ?|a3mb!%GxE`tU&w&v^ioy_$F
zt{o4%+kLs=(NPUPofiI$E50?q&AiY2*fikPLw=6j{cp7|dOehIY*I)`w^9*HpDB3h
z+t<~J&YN`?yfuifZrrc-a#4kKrJcaam?-V{iaeiAC?tDcmdX^5Z*yZS?OFBv(3k(3
z!kW#gOZX<OshYc#^Sg+_*EZ389}GOA<!tv|SML8Ld5`Ugi~g^(M>dsgTg@+ZpFuZ7
z+uf#h&1OH17xG75M?QLUV(lc>vj?lK+(WOetK?H;JCgN2_perj;Vz9W?e>m;mY!R^
z=l12tCuVxp^Ctz1864GdFJCsXvS{{-tCKty6<&Ux?b!KimY8)@a`-auZS|89&h-Cb
z-m6vIy?4!z5}g$`p*A7n`}B0*JYK)>@_oy$o1N-z)h#dNe|K<R;{9Mdd&0C`;ZfUM
z1uso*+BK!~&nJtGf6i)pU*bJuSQUS&#p|#39xaok`5FJGUu6HWX!_fj<5kl(?0V>F
zZsHJLR-kol_mx_Uqkr4l{6(h8s(-xuB%{mW#i>~1DOFMnrPNoX&c14FsT?F(AaeUh
z!okdW2eTyIM7Q<*pC>qRpWDTc8y+`bc8l99sJ+8d%Dlx;xL;!PLNN`4JxlmDEjQeI
z&&$DCxny~C)v;&)KQ682HCh*Q?7R4si&MK61&er|?RDhd|6|?K+n>MAY|Cb|y*Blp
zT+>%87KZ{sgNB{;zZNDvQw!1hQtlgX{PIOqQte6B=I^gn;$I$iC`o-G;ct0GmBnFc
z_@rs2#``j#xrlt3_|%}2$G!W(mB~G?WNzM36z6{|_fja%tM(}i|MGJQ`%+i1^q+AL
zh~s#r`D0ZLYo)r|PiMgcyKgW0ZN1ktdTC`0-`cAlrWH(&etbQ-`e(uXO^d=R{={%3
z8vkE9tM=;0J^u>XK0V@pv9s}ux#stOCs+NJH#k}woGVrpx-7?Y^Xan+JD<;qc4ZZD
zowDZ8an2VLBe@$KY)U;sZEaNp4jNvsOBVUL=UI@#v)ls)67LtdMri+jQBio|ifygw
zB$3kv@|zB5O;tRg=Q8bWqgZ0jx3BZ+CD){Fy6jT(Wz*hO*>jIyPcwX*BVWhZt18B_
zbjH&3vnT(}`yo~OIh%czz0Bb)(;rT#5|)!x+aTk-y<RVJ&AwoXGs6Dm4i~awvl%uA
zT<QHD`z1qnt<kg2(l_lXJUM#5X4JDBwQOE;=!C0B%aQw&*bgMUd$RP+!A*~)mOm6Z
zm3i>|KDnf>+fr|Tu&y^@KX3ERD9G>a$zRX;E>97R6Di(dBx}+8c!%T)MnmO8l83|}
z)jVu^H|dkFDc8XdQw+Dexv%&&UC=Z6$H}(Tv$>zo9Iq-fk>j3ufZ2SP5x@QQ6Nhhz
zS;)2>T2t7vYEx0ae}l|@H>0Xc+`ad{G8o?3#PFVx_s=x9MumVW7LQ*aT)50|hwj;j
zpA#RZg_S><k<R$n;dR-8=!;sXxjqZ#Z98$0y?@Fk@xAg^5$`uM{uYoD_};s4lchtJ
zub*~vUdXRCEr&OkoLhF`j(Yi?O$Rs<J@i($H{SW>6&IJcNm=XJrhwN>?jJ&TDOEq}
zpSJL-)4?g`S!{VrB#d6QYi~T?mYTU~)qy^hjfOkA{m#kn@a(8J2)J5pw`7s|AG=9O
z2Q`eEZxuaHy5I8Xr*+0j@9&Zx>$!@=Hg9-)LoI3U)lc`=uD_^#^rE*v*G)bvll|LQ
z9Fu&*!9IWUQk%?0Yp(_9d{W{#yMp87wnCN#X6~kULocwJURnQ!t#_;U<hduyFHg?@
z{9WF#F>j^nx#Qs`^9;Xw{dyt5<0CqAvVp`)pPTa^zilo5VdVPk-z?wVOU-;Hr1Tw2
zD~wsOZ(T$}^ua7+m1Qmy>g{!ZIOU&`lYHmg@^zxmQPw}!)AlQ!UVP8%!S5Ck<LTTL
z7mh?mR343c-Ti-I+k%*{4`)v4n<ZSxB9rH);#alc`nMe`CzpL#_-8}BTAs~Qd$pSB
zecOItG&`JoV!pD#q3Scdp7F_Vnic*S*chs-r|eFf`i1pVk~*hHN=C}WFMOV-<}_}P
zsZO2mzHG|flG;-Fqsu%Vtdf=OZoacB`Zvq1%Cy$~XB$dp{68R?zizrlv9nW8(#>7}
z-V2u-9pcFQ>5+B+++&uF^|5WguAHfeJ@Gbb%HHjNg7>DL-J^Zsl!En%Wi3;<=A1wA
z>cHygKp&IO;jIUPCVB|XHZ{s&*Z#X?Yy5{*XY5>UFV@)@ALm_sqSI(Q=WSJu?e7<e
z$FjH{P>5G-nvv79_hOilpe9du+tmo8u6N%Koo2~9p10z})Cgmj$hP%U+fGbYcb*@~
zb!ER&*U3M>qpNI|ZfPv3iD9&vbLx$E<n<r^%Uwl2{eL>Qs-H>aon(1(%^}_66+6Dv
z_s?i>>f1a;xGKP?Z{-d9Id?w==6|``+<kMu#a*Kdxh|&yHUAum-n-<ba8$#KX>;W{
zp4Fb@t90*JGxN*xBF+67l1tlaxXVl{R$OBau6P`6aLvV<Yx&wM!MctiC6kOLPgpA-
z+Pt9r+ku{sE%tGy0-HkT`YSxqH7l|e+YxwVZ`_t!%CcYMu05UHm|`WlNbXE!+Ej^M
zI~o$oC(N^4s$?6nGXCyTmHWGHnA%IqndaRxm)c~%qs8{rPv;G{_D48xdVK4In33MS
zWk%_JjyrY5b_z<$^4D!m$@*>NbK9+V>&+PpBc&8?8;gInT<W&v`n}N8MI{PWTGnn&
zA0F<^<`Yt9)MfeoitC2!qth)hIT5e5R4?=uGJ2|)ew;HyG5ILhi6=ZyLtCaYT?@Xb
z{d4nC&*aG!kxN#D9($qs(jsHw(=XHdwH8(Cd%FLP2zrxbVEKHZZS0ig_u@FURywkq
zNM3Ddc0abI=?UXe#x>c6GlfI?&dF8wPXERe&C{T$R`+|Kj7IfC!|flr=Ql1b|G&lN
ziloVbz!%lK!?(x8r?_QQt<$#JB|k6Y>Vywh&99!^x${CzPM=#z*43R;w)Qh0^gh?D
zW3zXi;i)(Ct_m`hXn(6x2zmW_#_rwMIlfJd-BDUUbxT+2qb!}bv*O~TCv>ze(aUE1
zzi`EzY>DVk8T}uG583REXHXPb?^Sb&*X~=mbJ(M$h7r6SQ#G$}l^t86W_)nNkqr}H
zWIi}$S8_ts=!<7<dQR-q&{OXMyVq4+J7lr7<i(SD=a1jt8vlFhi~ZB%KPQSFUbSU!
zjj2AzgH4$MA<au3?6^Op-gZgbY+*k&mV?Q6OeBR4ddeFZ_dT7<{y}?tmC?g9hG|k)
z4=xJJDw_5Cs@DG)mU(h#Uj}>L3^*Xo+$M9~QF3$Wf$OhyqmO?pZF-w7F)@`TKh|ur
zqCsiVg*VyGr~W4Pp1!c{PWAokPWSj$XjYf}Z!~$rv+w9J)mO_`{$YLJbxi8B+J+yw
z`k%CpCR$eat>T!h!lWL{?loCMd*hoE$I3LW@8@P{o%lWU*u(1)2K%DkoH%fzv+Jv)
q<@6&*=M`tpd;46faLUp6xpM`+Upc4nW_kO^D+e9sR2UuoUJC#v#vv#G

literal 3799
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSn_Ri1BO;@NW2`?`+
zPsvL6@G|jp@hZ%UO3L;q%Zo4!s&bAj3-wF$O?S>MaP@c3%;t(nPc}*Rbj)*&2-45?
zt<rYO^YyDV%`&JcHz=@($o0zb3iht5bkDT(GeEa3D<Ho-FI}P7#nM^7Ft5znBc&oS
z$u!Y5C_ErJ*~r5nIJ2PCFC#qEq#(Vtz}GCm*^?_GJF6_QD$PQ>$}K!Jt=vC5xwJIW
zA|k`2FfTVh!ptQ@Kg1<FqogduHy>nMm~MJeYGQG!LVTr>LU~SJgonL}f|{R~t%47i
zuTO=UkCS(1s;R4!M{bIDZc2V+MpAKpl!u|CpIMcUaam5TV^ErRS&nbENkv*vWk5<;
zepp^|kcE-AYd}>lm#(g^LXd?~nR`)WzGJ3&MqX;Fe@I1;WkF!6nY&M+ziEzJc$sUk
zn`LpaftPt8*MVa{E@+%JKU2KHS^m_5%||zQ+rRbaOg>X{_QmSIrWLO5UFA-5ewp!)
zOSUxdeO!O3NZE|HhgF(a%uR4S^y^miX_>(81G^Qr{f;d;`E1?RdpiFwWGnh7Ik?^b
zA7v8hwmQ0f%F*Rsd=ghVa?P9$OxSnP;KuPCEw3#;>xx?5SikVx7T*ekph=ADtS4~Z
zm@#RKQbNz+i-%r*opJY{hDwJ`(}tv~n+*aL7cVq=<XPUh_9RF|?}F7tv7YT}?q?Y$
zzC3BSZwKFngI}eLc{~`7U1WJNfhi%x!aD8TTK>nU-)u;2o$>Y^_xHqCU%njTxvV#L
z$-CKi&g%5PmY){KuuP$l<EH5YJ7%_WUV~V^Kieh?w1nvRC?4Iq<I&N3*Y1XXn6dR@
zK+=bL*+|82+=c=xB(+$7tl#i8)uC+qw^Pz-vTa^(^Aj657c#fsXnb9l^LDpt<cgYO
z3Lk`G)mc1l|LUyG2wwAA>0hj~oKM@6Ir&!WrZZ=xDL&ccq58q`$HUlI`4vV{jc3Ca
zyFc#{-0;lLuHcDJmf^wGXH3E^j@|5>E_i1(ukpb^VX1%}0`K4T-&_3t+(n*~Z=)ht
z-l*kS<EZ6l6Q-S1m2ufOc-d@=6-zW7*FHG4S>>QsK-T%UQ}#VHy0ABRbwMY4{ulX|
zDG9711~R9oZsXgc_O+HjIrz|a=QfMm-<Op}^UJ6o(*I!dalx!$0nVnKlHt}TJ$|z<
z+j(iR`Cb3wHF>oi_j~>BZT__>%&v0J^c(V(dQ(}JtXUYoZV4kVd#>D!z_qN~1i5}1
zCa}!d!Lf+lFwt6(FWP>4{-=9qR&8_<_cXJd=$N)M{)@j#WkY<R>-;~-%VQlvpG}G9
z%oYqkb^rde_D{3=QY}-I7%bPDZiu|MC1B|lwWYT2rmxz$t0i+s{F3jk(V4T2qE4Q?
zS-=`SeYRqO_SeXJ7x)%P3!JF?xaTCd{yGiUzBghMV}8B+zbZqn$oRtAyM|J;I$o)*
zWi`kQoI5q<&duZNPO$~v<Cp3;5f6QxdxvAS&863={sF;BM<>T03$dSm^7+q~PbXQs
zglQ~w`}5iP;+-QMPqxYhBuudPdiN+;f!`=^p2^C0o4%gcvDl_Kjm>0f2kSDHNw*{Q
zzr0tre-$>%{)pi3z&+(@%%QU4*7mG69~GGs8|Kg7{wVnPtOduKCU4%bO3H8T@8Fc{
z@`qkskKty$QTBABk%e1`$#>?G+Vbh|zVP;*{~T%}ulitu)C!iSna>>`<Q;$2Z|-BU
z)gW`@M#stTROdWWU^pdOVDSC)_f;0hMDo<POzfR>u<qzCza?!?H^$tbuJ_&0eEBP{
zb@r7nD-~{=TOPP+{m^)e_riG>cF0{jn)F{jQ&(xL;JY1+n?LzDPm-}q`26+29KlTv
z+iJ27d(2v~b}rY4KgL19M+}{F;y&b<nNRaP<Y9BYezrQBzfs9bep!)ZiEqwl9Syeb
zXq6Y*%vR14qq%AJx{RciiEbC#KXPtkS+-~C-DP5~`(;i(D}A}Bf7*qHq#ebn1t;Ct
z>%4yZJ+Juj!;(il|Lj@c32ezbZ(e@-YEI3kd-Y-S_eFbgSq4tnFIL&{J?dlL*8R4z
zWs4&Y1sT;Uv^f8jHQmG-=#(7YxcU@pr|`*s-lDA^&VLZ86XGrSDXOpWc%_P^-@B;^
z@>NV`*X>_g|7)4L{@(OFVY^vHrvztqd~$Jp_|`Im?Y&lSgWTfq|2tL*Z&>;G(yyzU
zk-7^EX2+>b<=FJ`e1@QHU;DqD9V%6}Dy|uK?k1f1cX`RCh_;o!KWkR#Zq><<x$gdQ
z^V4m@0xn0Na?AK-)a-JYDbKO|en7xcrgG=_ch3*yXBD<72F#mblo_!1EsOUv=i0Yj
zH8;OiDX$RG=zG7aqAu`~%6*ZajkDGm#|NkdxfH*bnQ+ym{imh^WA*1bPc7&8=SOH|
zAFmYH$Nuo!>YC%-|0chgCFCW)chikSi&s@CWj?kNZ762H_}nSsUiqA?t38|A^tGED
zX1%hhnpAad?X!rJsSi$BhhN@y_uzW_Sw6a%52Y_eKMQvj-oVqWY@ws6bn+%&F6-y-
zJLXudoPGMg56?Y6jf*}vB+r<ih~k&CU!iNZcvkdX2c^=9g;DYk<*xYGFirZrzson`
z=(<N8%{`(!4*lXv<g8xEY4<NqFsJ*^x6hmNpIE6bS<L%J;Ig68J^eR*U6%VA#7<4l
z-`Mih`TPD;p~<lwIq{FDypk2Ic=skhlx=rs+kq^vgNcHYB@8uhW=1|r3hoT9{B^y2
zMN-G#rhe(j)}+f?TNE?&O<z?O#V((16_K>wK5Xj0;HLHOm#%RCeR93@>%8zIt?7NX
zdAF*qcI>KNdTOJ}*6Vx^8dg`XogTHo-!D;p*_?CA39d@7XZI8bKCks_UnLe}+VFJF
z<?xP43)Z&pzddP1L}Wt!tG^RoeXKUr<epJociU#gHpgYLcb-V_Yt2ki3ERam;mem9
zwo>byuKKUow{pwXSqqutuZYP!y{pru+@kb2nQhPfh)u04KZaRv+tXt6#eh$lu`BY5
z+H&4W3Z6UcdXA+&@^t<!xidSDMS$&d|4Fu@S9%B6*Sa?>o^Z^lM=*HZ{s`MmH4|Bu
zEqU*%{7Gu&nN;5I{U>6+O;p^vZP(<$OQ-Trtuy@3)GBJ6aH_DUeaDuJ`TO5A_uUZ|
z^Z8gcQDfK7qmEyn-L+QmGS6QoyudoOwQ%0<8NFR|`}u9#ORvXy{!Gb_4!&T=byGxp
z#pMaMbJj*YT)28m%+f!yH#wA35+g&r8QlJrZ<<l^u72G?cFx}kj~?b7?mH%@*?!gh
zzRIUgk+!17L&g(s)qlCR|KPHjXHRHpa9&dT<sH5wy7gUqV9581e`j85t&>#h=#EwT
z{4P(QujkSWzFFGt{dY?K+J0oVx_;GpM?rj~xu!;l?H})Askg2FPCK+F75mw8FqW~i
zdCPc|Zk%iR{{`ov5BJTMWkkKsGj+6Y{IS7Tq<VYhZMLk`^54f}e&l$*k8zNgTDds$
zQ~ZW0pZU*AJ6~e{A9H%of$MW4o|{)lG9_j?3dv9Dim9EI?6`{KTF~#1)=Bf7UYWD8
z&hTQJlI<yK*VHh7=e^#O?K~<=)pjZ@=DwA)d;YF<UFx40Hzj>9*vawA`e5MOYZWXr
zimX?k2{lyR!9TC^$<M@`z0DU@<@)uD*6ZD!`uAsgA@iv(n-yOPD&3j9Bg*EBK)Y}H
z{QnKhes2ERr@S#zdQ(VMgs!~o_59X3k!c&kJs0=h<2$o0CAhV$r8{m8$H}f)5eMh7
zE>>K>f@6hNrt(_5>&F7*^s{&5oH<su=(V6x=if(fD|DBqT#(DYEd0ak&CP;Kt8Y$U
z(0=O9MJ1l&Yb-_QZ+cTN$Y`IeKSg1}jywMSvlp*&@{tZ+pl$DBbMmi}+Jkyg=CHLk
z!KU5?-&bkJ*axQk)~tN@J;7uyPl$A1-rvU4K0Q|rjA!V~pVguIeM)%AshPj|7AEfT
z_?-S|!bizhGrH?%q=!9@-Z!Iq#<N`Mh|(6mEscxIB5%2RSl2C0?*7iaN&kCM+9SUm
zYx>0ceA4gRW~Z{w<bR%a_1VdFH$5&zZInOe6%t}@S?<Pl<}06Ju9vB2-%Z2CPSYpM
z?74m{<-=V5itq*Xc`c87%3VXJyyi?={$J5Te%k-)zjklURLwMV<mSJhIN@H_r7Me$
z+>4s#wkN0SaJBrpb!9J<c^I}|l$Ki&^Qdft-m3lCtMm<*htK=1pe?0yJTPAH@VQre
z-CK9F-Ds&O<=$sF$(Y56|A(^jKh-6F+XAh+ny3C@oD#Ea0(bwF_cx#I^)PWdcbmJH
zr$Sc#`oFDjCf?X2_k8OC>E!ul;pMLGZktQz=Sjam{-E_rO={(K_Z$1Zd}v#B;isfd
z_0jZqPH#WyYc4<27T5E?Yn7a>(>j&+<=mbTGd)E07aB?J^Im#<Qbc^boYq~HMYSg@
z9>1-RJr<er<Z(iCTyITo(}zp`k*3|L9=~3v_m?^*@4n{H$^I(g)zbJ=-)|(`SSPYK
zZJ+Lz<b~p9lFPLEpG=Bo`JAxGx!n0??xD`YU9;0AW!|zW|5&r&_S7?_*EtM2)-UpF
zS+`aHckV~oMf;C#n7dQ^^^Hxhbfml=9-P3U*#5qjH@fZdwK}IAv*%h>zcl2Ycle|9
zs#n`57i7QAUU+FC<5N3}vsVS~owWXuy4cw4_;l+=`9+t-?yvD?nJKpR+kvxR%IC&(
zRo+`#KX3Q3r(dqW5&5PS<FD{v`((MfagXDQWsd@PKjll`|M+O<?|(=9cs`#{U3TS&
z-U;_upIs_-js-8i9Gj+Gu_N9`@p+<lRFbGmGw<<dGxgu^E$n#xRc66yi-KkC_wpKE
zi)V=}o56apyt<(0+w&z4o$tPv(hEu~4!CkQLh_45#-HU$-7eEwRQdl&KHa)P@X@N%
z0p8oUT%V`LWq#z*<>U>AGfhI4PWHFk;;Yqk-Egks>qE8v-Ul*&M6+!d5WDH0C-7p{
zqED@F&#l^X?s*mSOYRv>9l5pK;ft2O@D2F(_w9wnoEgcj)6YD;I@5D&(%i~h!E@iA
zDZamFs&mQw#gCdly47-v9S_fPOyIm9J^kzvuf0-h93+cBpLr*Jc6sj7&86CAHIJ?*
dKeP;5bk>p0qW`T_@y>laN{U{!uw>4i0{~1wH){X@


From e2091e9e2ec36e602f5a9a47412238951260b146 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 26 Jan 2024 23:35:06 +0100
Subject: [PATCH 013/431] nixos: services: nextcloud: use HTTPS

This should fix my issue with the sliding sync server.
---
 modules/nixos/services/nextcloud/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix
index f2ac8e3..580e9ea 100644
--- a/modules/nixos/services/nextcloud/default.nix
+++ b/modules/nixos/services/nextcloud/default.nix
@@ -43,6 +43,8 @@ in
         dbhost = "/run/postgresql";
       };
 
+      https = true;
+
       extraOptions = {
         overwriteprotocol = "https"; # Nginx only allows SSL
       };

From 58b22b7354c59c6b8a0c1e04a2883bf99414117a Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 25 Jan 2024 20:27:29 +0000
Subject: [PATCH 014/431] home: firefox: tridactyl: remove 'Nitter' rule

Turns out it's very annoying when the Nitter instance has been rate
limited.

This reverts commit e514389a3d3ea25e311b3dd3b24cdd1f7c6eec65.
---
 modules/home/firefox/tridactyl/tridactylrc | 2 --
 1 file changed, 2 deletions(-)

diff --git a/modules/home/firefox/tridactyl/tridactylrc b/modules/home/firefox/tridactyl/tridactylrc
index 0401292..4dc53cf 100644
--- a/modules/home/firefox/tridactyl/tridactylrc
+++ b/modules/home/firefox/tridactyl/tridactylrc
@@ -69,8 +69,6 @@ unbind <C-f>
 " Redirections {{{
 " Always redirect Reddit to the old site
 autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old")
-" Use a better Twitter front-end
-autocmd DocStart ^http(s?)://twitter.com js tri.excmds.urlmodify("-t", "twitter.com", "nitter.net")
 " }}}
 
 " Disabled websites {{{

From e2ec4d3032ee3d3dc3be935b0e2af9ad7ff0c511 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 30 Jan 2024 12:22:04 +0100
Subject: [PATCH 015/431] nixos: services: paperless: fix classifier hangs

This is an experimental fix to try and get around an issue with the
default BLAS/LAPACK implementation. See [1] for more details.

[1]: https://github.com/NixOS/nixpkgs/issues/240591
---
 modules/nixos/services/paperless/default.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix
index f528ad7..f62879a 100644
--- a/modules/nixos/services/paperless/default.nix
+++ b/modules/nixos/services/paperless/default.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 let
   cfg = config.my.services.paperless;
 in
@@ -80,6 +80,9 @@ in
           # Misc
           PAPERLESS_TIME_ZONE = config.time.timeZone;
           PAPERLESS_ADMIN_USER = cfg.username;
+
+          # Fix classifier hangs
+          LD_LIBRARY_PATH = "${lib.getLib pkgs.mkl}/lib";
         };
 
       # Admin password

From 1655afcedf07197fc1ba25c945a2a4fcfb60cf6a Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 30 Jan 2024 12:38:48 +0100
Subject: [PATCH 016/431] flake: bump inputs

---
 flake.lock | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/flake.lock b/flake.lock
index acf6c48..7714038 100644
--- a/flake.lock
+++ b/flake.lock
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1704982712,
-        "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=",
+        "lastModified": 1706569497,
+        "narHash": "sha256-oixb0IDb5eZYw6BaVr/R/1pSoMh4rfJHkVnlgeRIeZs=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "07f6395285469419cf9d078f59b5b49993198c00",
+        "rev": "60c614008eed1d0383d21daac177a3e036192ed8",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1705879479,
-        "narHash": "sha256-ZIohbyly1KOe+8I3gdyNKgVN/oifKdmeI0DzMfytbtg=",
+        "lastModified": 1706473109,
+        "narHash": "sha256-iyuAvpKTsq2u23Cr07RcV5XlfKExrG8gRpF75hf1uVc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2d47379ad591bcb14ca95a90b6964b8305f6c913",
+        "rev": "d634c3abafa454551f2083b054cd95c3f287be61",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1705856552,
-        "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
+        "lastModified": 1706371002,
+        "narHash": "sha256-dwuorKimqSYgyu8Cw6ncKhyQjUDOyuXoxDTVmAXq88s=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
+        "rev": "c002c6aa977ad22c60398daaa9be52f2203d0006",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1705927265,
-        "narHash": "sha256-eUUIBb3qYMrQB0ONGEj2kzKN8yzqwDmR4+Ct5/dvJcs=",
+        "lastModified": 1706613454,
+        "narHash": "sha256-oekBAKlWhNgs4MCORSrZnswYTwD5h7HQkDDFf6INAZs=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "a29c6f71063d0ce903e927fa7885651c00abd33b",
+        "rev": "ce9c09fbd09d8cccb7353fe32bdfbd39ff3cb7be",
         "type": "github"
       },
       "original": {
@@ -197,11 +197,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1705757126,
-        "narHash": "sha256-Eksr+n4Q8EYZKAN0Scef5JK4H6FcHc+TKNHb95CWm+c=",
+        "lastModified": 1706424699,
+        "narHash": "sha256-Q3RBuOpZNH2eFA1e+IHgZLAOqDD9SKhJ/sszrL8bQD4=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "f56597d53fd174f796b5a7d3ee0b494f9e2285cc",
+        "rev": "7c54e08a689b53c8a1e5d70169f2ec9e2a68ffaf",
         "type": "github"
       },
       "original": {

From 02412f2578eabbc030b9a34d6458d2f42070e84d Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 30 Jan 2024 13:21:50 +0100
Subject: [PATCH 017/431] nixos: services: nextcloud: fix renamed option

---
 modules/nixos/services/nextcloud/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix
index 580e9ea..51195df 100644
--- a/modules/nixos/services/nextcloud/default.nix
+++ b/modules/nixos/services/nextcloud/default.nix
@@ -45,7 +45,7 @@ in
 
       https = true;
 
-      extraOptions = {
+      settings = {
         overwriteprotocol = "https"; # Nginx only allows SSL
       };
 

From cc029f7933b73785c5a64aaed02188498b277fb2 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 22 Dec 2023 23:27:04 +0100
Subject: [PATCH 018/431] nixos: services: add aria

---
 modules/nixos/services/aria/default.nix | 76 +++++++++++++++++++++++++
 modules/nixos/services/default.nix      |  1 +
 2 files changed, 77 insertions(+)
 create mode 100644 modules/nixos/services/aria/default.nix

diff --git a/modules/nixos/services/aria/default.nix b/modules/nixos/services/aria/default.nix
new file mode 100644
index 0000000..2d1b3e2
--- /dev/null
+++ b/modules/nixos/services/aria/default.nix
@@ -0,0 +1,76 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.my.services.aria;
+in
+{
+  options.my.services.aria = with lib; {
+    enable = mkEnableOption "";
+
+    rpcSecretFile = mkOption {
+      type = types.str;
+      example = "/run/secrets/aria-secret.txt";
+      description = ''
+        File containing the RPC secret.
+      '';
+    };
+
+    rpcPort = mkOption {
+      type = types.port;
+      default = 6800;
+      example = 8080;
+      description = "RPC port";
+    };
+
+    downloadDir = mkOption {
+      type = types.str;
+      default = "/data/downloads";
+      example = "/var/lib/transmission/download";
+      description = "Download directory";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.aria2 = {
+      enable = true;
+
+      inherit (cfg) downloadDir rpcSecretFile;
+
+      rpcListenPort = cfg.rpcPort;
+      openPorts = false; # I don't want to expose the RPC port
+    };
+
+    # Expose DHT ports
+    networking.firewall = {
+      # FIXME: check for overlap?
+      allowedUDPPortRanges = config.services.aria2.listenPortRange;
+    };
+
+    # Set-up media group
+    users.groups.media = { };
+
+    systemd.services.aria2 = {
+      serviceConfig = {
+        Group = lib.mkForce "media"; # Use 'media' group
+      };
+    };
+
+    my.services.nginx.virtualHosts = {
+      aria = {
+        root = "${pkgs.ariang}/share/ariang";
+        # For paranoia, don't allow anybody to use the UI unauthenticated
+        sso = {
+          enable = true;
+        };
+      };
+      aria-rpc = {
+        port = cfg.rpcPort;
+        # Proxy websockets for RPC
+        extraConfig = {
+          locations."/".proxyWebsockets = true;
+        };
+      };
+    };
+
+    # NOTE: unfortunately aria2 does not log connection failures for fail2ban
+  };
+}
diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix
index b27570d..3e2b3c8 100644
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@@ -3,6 +3,7 @@
 {
   imports = [
     ./adblock
+    ./aria
     ./backup
     ./blog
     ./calibre-web

From 16f98f144eaf68b024090d60c1db2e7e29b7aa04 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 30 Jan 2024 13:37:26 +0100
Subject: [PATCH 019/431] hosts: nixos: porthos: secrets: add aria RPC token

---
 hosts/nixos/porthos/secrets/aria/rpc-token.age | 7 +++++++
 hosts/nixos/porthos/secrets/secrets.nix        | 2 ++
 2 files changed, 9 insertions(+)
 create mode 100644 hosts/nixos/porthos/secrets/aria/rpc-token.age

diff --git a/hosts/nixos/porthos/secrets/aria/rpc-token.age b/hosts/nixos/porthos/secrets/aria/rpc-token.age
new file mode 100644
index 0000000..e6a42c5
--- /dev/null
+++ b/hosts/nixos/porthos/secrets/aria/rpc-token.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 cKojmg fpiyZo1AR5hCfk/KtbgWCTzz+05/VOUnnaHhWgXQRwc
+d2w9IX/kq/T6OwQ1zImsCmzIX2yfFD8hQDbs0IW3ZIA
+-> ssh-ed25519 jPowng E9R7p9NCubUQrymjnrNfEjSNIIAXrBQLogNkWsOx8xc
+MrWEE5LNtOqAjnwA6byfSa1udnbUtqBy4FhdxipuA+g
+--- fKgerjgGs+brvNKnrWdpmOadl34LipMT6Msqse2g3E0
+��E9�ﬂKYRL-����Ƿ\E��K{��7��o���X�Gx��T��)˜��6�%��LO�T��*��*8\��@G
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix
index ed6c2fd..7dd34df 100644
--- a/hosts/nixos/porthos/secrets/secrets.nix
+++ b/hosts/nixos/porthos/secrets/secrets.nix
@@ -12,6 +12,8 @@ in
 {
   "acme/dns-key.age".publicKeys = all;
 
+  "aria/rpc-token.age".publicKeys = all;
+
   "backup/password.age".publicKeys = all;
   "backup/credentials.age".publicKeys = all;
 

From 3f13b3f03f70e7632096c9b88ef8cb637f072e95 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 31 Jan 2024 11:56:09 +0000
Subject: [PATCH 020/431] flake: bump inputs

---
 flake.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/flake.lock b/flake.lock
index 7714038..43c64b5 100644
--- a/flake.lock
+++ b/flake.lock
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1706371002,
-        "narHash": "sha256-dwuorKimqSYgyu8Cw6ncKhyQjUDOyuXoxDTVmAXq88s=",
+        "lastModified": 1706550542,
+        "narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c002c6aa977ad22c60398daaa9be52f2203d0006",
+        "rev": "97b17f32362e475016f942bbdfda4a4a72a8a652",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1706613454,
-        "narHash": "sha256-oekBAKlWhNgs4MCORSrZnswYTwD5h7HQkDDFf6INAZs=",
+        "lastModified": 1706700467,
+        "narHash": "sha256-GYdukl4hSsGoHnlYMV6XgmnumuGr1H4vsL7UNnEmhmA=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "ce9c09fbd09d8cccb7353fe32bdfbd39ff3cb7be",
+        "rev": "e52bfdd7d331dd32f0f0f8eb430488a36d6e6402",
         "type": "github"
       },
       "original": {

From e227ad76b274a866d3a8484fde3531b329407c4b Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 31 Jan 2024 21:41:40 +0000
Subject: [PATCH 021/431] hosts: nixos: aramis: home: use 'pinentry-gtk2'

Now that it's available again, let's use it.

This reverts commit 39eba647acacdf2bb2aafb00be694fa5c2e0726f.
---
 hosts/nixos/aramis/home.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix
index dfe9dbe..66a0892 100644
--- a/hosts/nixos/aramis/home.nix
+++ b/hosts/nixos/aramis/home.nix
@@ -2,7 +2,7 @@
 {
   my.home = {
     # Use graphical pinentry
-    bitwarden.pinentry = "qt";
+    bitwarden.pinentry = "gtk2";
     # Ebook library
     calibre.enable = true;
     # Some amount of social life
@@ -14,7 +14,7 @@
     # Blue light filter
     gammastep.enable = true;
     # Use a small popup to enter passwords
-    gpg.pinentry = "qt";
+    gpg.pinentry = "gtk2";
     # Machine specific packages
     packages.additionalPackages = with pkgs; [
       element-desktop # Matrix client

From 05cf04a11f47a3688ace1787a6ebb5ef16b41260 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 31 Jan 2024 22:07:03 +0000
Subject: [PATCH 022/431] home: mpv: add mpv-cheatsheet

---
 modules/home/mpv/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/home/mpv/default.nix b/modules/home/mpv/default.nix
index 931c252..8af394c 100644
--- a/modules/home/mpv/default.nix
+++ b/modules/home/mpv/default.nix
@@ -13,6 +13,7 @@ in
 
       scripts = [
         pkgs.mpvScripts.mpris # Allow controlling using media keys
+        pkgs.mpvScripts.mpv-cheatsheet # Show some simple mappings on '?'
         pkgs.mpvScripts.uosc # Nicer UI
       ];
     };

From 473be47b29843ae6125296bbf2ea7ea36acc110b Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 3 Feb 2024 23:54:03 +0100
Subject: [PATCH 023/431] overlays: add 'tandoor-recipes-failing-test'

Since it's currently broken on the unstable channel, I am pre-emptively
fixing it so that I can bump my flake inputs.
---
 overlays/tandoor-recipes-failing-test/default.nix | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 overlays/tandoor-recipes-failing-test/default.nix

diff --git a/overlays/tandoor-recipes-failing-test/default.nix b/overlays/tandoor-recipes-failing-test/default.nix
new file mode 100644
index 0000000..43755ac
--- /dev/null
+++ b/overlays/tandoor-recipes-failing-test/default.nix
@@ -0,0 +1,9 @@
+_self: super:
+{
+  tandoor-recipes = super.tandoor-recipes.overridePythonAttrs (oa: {
+    disabledTests = (oa.disabledTests or [ ]) ++ [
+      "test_search_count"
+      "test_url_import_regex_replace"
+    ];
+  });
+}

From b41f0890b8a1cf2d3653cb0e310bbb64b3bffaad Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 3 Feb 2024 18:37:51 +0100
Subject: [PATCH 024/431] flake: bump inputs

---
 flake.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/flake.lock b/flake.lock
index 43c64b5..ae79c1a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1706569497,
-        "narHash": "sha256-oixb0IDb5eZYw6BaVr/R/1pSoMh4rfJHkVnlgeRIeZs=",
+        "lastModified": 1706830856,
+        "narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "60c614008eed1d0383d21daac177a3e036192ed8",
+        "rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1706473109,
-        "narHash": "sha256-iyuAvpKTsq2u23Cr07RcV5XlfKExrG8gRpF75hf1uVc=",
+        "lastModified": 1706955260,
+        "narHash": "sha256-W3y0j77IDVbmbajudHoUr46RpswujUCl+D5Vru53UsI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "d634c3abafa454551f2083b054cd95c3f287be61",
+        "rev": "880d9bc2110f7cae59698f715b8ca42cdc53670c",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1706550542,
-        "narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=",
+        "lastModified": 1706732774,
+        "narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "97b17f32362e475016f942bbdfda4a4a72a8a652",
+        "rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1706700467,
-        "narHash": "sha256-GYdukl4hSsGoHnlYMV6XgmnumuGr1H4vsL7UNnEmhmA=",
+        "lastModified": 1706978646,
+        "narHash": "sha256-XEFktO8Ba41zKawf1Uf6FKIR1x0ShuoSddYXU4PQbx8=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "e52bfdd7d331dd32f0f0f8eb430488a36d6e6402",
+        "rev": "66d6b7b355f3b10ea4140f8b85b2e274c24d442a",
         "type": "github"
       },
       "original": {

From 03dac604e9b8f6925042e7ced1c8f915a842acdb Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 24 Dec 2023 22:56:50 +0100
Subject: [PATCH 025/431] nixos: services: add pyload

---
 modules/nixos/services/default.nix        |  1 +
 modules/nixos/services/pyload/default.nix | 77 +++++++++++++++++++++++
 2 files changed, 78 insertions(+)
 create mode 100644 modules/nixos/services/pyload/default.nix

diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix
index 3e2b3c8..67504da 100644
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@@ -27,6 +27,7 @@
     ./podgrab
     ./postgresql
     ./postgresql-backup
+    ./pyload
     ./quassel
     ./rss-bridge
     ./sabnzbd
diff --git a/modules/nixos/services/pyload/default.nix b/modules/nixos/services/pyload/default.nix
new file mode 100644
index 0000000..40bf12d
--- /dev/null
+++ b/modules/nixos/services/pyload/default.nix
@@ -0,0 +1,77 @@
+{ config, lib, ... }:
+let
+  cfg = config.my.services.pyload;
+in
+{
+  options.my.services.pyload = with lib; {
+    enable = mkEnableOption "pyload download manager";
+
+    credentialsFile = mkOption {
+      type = types.path;
+      example = "/run/secrets/pyload-credentials.env";
+      description = "pyload credentials";
+    };
+
+    downloadDirectory = mkOption {
+      type = types.str;
+      default = "/data/downloads/pyload";
+      example = "/var/lib/pyload/download";
+      description = "Download directory";
+    };
+
+    port = mkOption {
+      type = types.port;
+      default = 9093;
+      example = 8080;
+      description = "Internal port for webui";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.pyload = {
+      enable = true;
+
+      # Listening on `localhost` leads to 502 with the reverse proxy...
+      listenAddress = "127.0.0.1";
+
+      inherit (cfg)
+        credentialsFile
+        downloadDirectory
+        port
+        ;
+    };
+
+    # Use pyload user/media group when downloading files
+    systemd.services.pyload = {
+      serviceConfig = {
+        User = lib.mkForce "pyload";
+        Group = lib.mkForce "media";
+        DynamicUser = lib.mkForce false;
+      };
+    };
+
+    # And make sure the download directory has the correct owners
+    systemd.tmpfiles.settings.pyload = {
+      ${cfg.downloadDirectory}.d = {
+        user = "pyload";
+        group = "media";
+      };
+    };
+
+    # Set-up pyload user and media group
+    users.users.pyload = {
+      isSystemUser = true;
+      group = "media";
+    };
+
+    users.groups.media = { };
+
+    my.services.nginx.virtualHosts = {
+      pyload = {
+        inherit (cfg) port;
+      };
+    };
+
+    # FIXME: fail2ban
+  };
+}

From df44786c9cc5c12935ecce260a5ac55277eb9bef Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 24 Dec 2023 22:57:37 +0100
Subject: [PATCH 026/431] hosts: nixos: porthos: secrets: add pyload creds

---
 hosts/nixos/porthos/secrets/pyload/credentials.age | 7 +++++++
 hosts/nixos/porthos/secrets/secrets.nix            | 2 ++
 2 files changed, 9 insertions(+)
 create mode 100644 hosts/nixos/porthos/secrets/pyload/credentials.age

diff --git a/hosts/nixos/porthos/secrets/pyload/credentials.age b/hosts/nixos/porthos/secrets/pyload/credentials.age
new file mode 100644
index 0000000..089f962
--- /dev/null
+++ b/hosts/nixos/porthos/secrets/pyload/credentials.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 cKojmg nJbOfp0/wmFOZLzcWjoGB7wEB8e56aO1NntSmn5KomU
+/Vio4Z/t7IPJrdzdwUPidVH3wrouSkwRzNHP0T4z3x0
+-> ssh-ed25519 jPowng QXg/xqs7/VfkYQg3X77w4i53q64bL9oYeTxqb9NVhiQ
+sMHIXlmrIxtIr+s0X4lBqev/PPd3AKD5P7AP5K4NeJg
+--- gzTn+6+aa4Ptic1lsvSt+r3IEBysHrvMMIyONogMDF0
+��ˮUE_�</��Q��+U�AГM��/k��dAL/���į�o�\X�ED��f�\i�đ��pF�`#�n4�x1����D����5C���&f�B�q${Gg�Aq��@�Vu!Cc�R\�֨
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix
index 7dd34df..43a9b35 100644
--- a/hosts/nixos/porthos/secrets/secrets.nix
+++ b/hosts/nixos/porthos/secrets/secrets.nix
@@ -64,6 +64,8 @@ in
 
   "podgrab/password.age".publicKeys = all;
 
+  "pyload/credentials.age".publicKeys = all;
+
   "sso/auth-key.age".publicKeys = all;
   "sso/ambroisie/password-hash.age".publicKeys = all;
   "sso/ambroisie/totp-secret.age".publicKeys = all;

From 5ecef0d789ce2fb990f3b5994321cf46c6ad950c Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 24 Dec 2023 22:58:03 +0100
Subject: [PATCH 027/431] hosts: nixos: porthos: services: enable pyload

---
 hosts/nixos/porthos/services.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index d73cdc1..2486752 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -134,6 +134,10 @@ in
     };
     # Regular backups
     postgresql-backup.enable = true;
+    pyload = {
+      enable = true;
+      credentialsFile = secrets."pyload/credentials".path;
+    };
     # RSS provider for websites that do not provide any feeds
     rss-bridge.enable = true;
     # Usenet client

From f54cee8f70cd569fcc77093e7330f327ee1b3970 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 4 Feb 2024 14:37:31 +0000
Subject: [PATCH 028/431] nixos: hardware: add graphics

I did not add an Nvidia knob to this module, as I do not foresee *ever*
using one of their graphics card.
---
 modules/nixos/hardware/default.nix          |  1 +
 modules/nixos/hardware/graphics/default.nix | 75 +++++++++++++++++++++
 2 files changed, 76 insertions(+)
 create mode 100644 modules/nixos/hardware/graphics/default.nix

diff --git a/modules/nixos/hardware/default.nix b/modules/nixos/hardware/default.nix
index 2a686f7..95e6a22 100644
--- a/modules/nixos/hardware/default.nix
+++ b/modules/nixos/hardware/default.nix
@@ -6,6 +6,7 @@
     ./bluetooth
     ./ergodox
     ./firmware
+    ./graphics
     ./mx-ergo
     ./networking
     ./sound
diff --git a/modules/nixos/hardware/graphics/default.nix b/modules/nixos/hardware/graphics/default.nix
new file mode 100644
index 0000000..3baac02
--- /dev/null
+++ b/modules/nixos/hardware/graphics/default.nix
@@ -0,0 +1,75 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.my.hardware.graphics;
+in
+{
+  options.my.hardware.graphics = with lib; {
+    enable = mkEnableOption "graphics configuration";
+
+    gpuFlavor = mkOption {
+      type = with types; nullOr (enum [ "amd" "intel" ]);
+      default = null;
+      example = "intel";
+      description = "Which kind of GPU to install driver for";
+    };
+
+    amd = {
+      enableKernelModule = lib.my.mkDisableOption "Kernel driver module";
+
+      amdvlk = lib.mkEnableOption "Use AMDVLK instead of Mesa RADV driver";
+    };
+
+    intel = {
+      enableKernelModule = lib.my.mkDisableOption "Kernel driver module";
+    };
+  };
+
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    {
+      hardware.opengl = {
+        enable = true;
+      };
+    }
+
+    # AMD GPU
+    (lib.mkIf (cfg.gpuFlavor == "amd") {
+      boot.initrd.kernelModules = lib.mkIf cfg.amd.enableKernelModule [ "amdgpu" ];
+
+      hardware.opengl = {
+        extraPackages = with pkgs; [
+          # OpenCL
+          rocmPackages.clr
+          rocmPackages.clr.icd
+        ]
+        ++ lib.optional cfg.amd.amdvlk amdvlk
+        ;
+
+        extraPackages32 = with pkgs; [
+        ]
+        ++ lib.optional cfg.amd.amdvlk driversi686Linux.amdvlk
+        ;
+      };
+    })
+
+    # Intel GPU
+    (lib.mkIf (cfg.gpuFlavor == "intel") {
+      boot.initrd.kernelModules = lib.mkIf cfg.intel.enableKernelModule [ "i915" ];
+
+      environment.variables = {
+        VDPAU_DRIVER = "va_gl";
+      };
+
+      hardware.opengl = {
+        extraPackages = with pkgs; [
+          # Open CL
+          intel-compute-runtime
+
+          # VA API
+          intel-media-driver
+          intel-vaapi-driver
+          libvdpau-va-gl
+        ];
+      };
+    })
+  ]);
+}

From 183f3b48c822ddd482bc2609c8053b966f4b1d7a Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 4 Feb 2024 14:39:29 +0000
Subject: [PATCH 029/431] hosts: nixos: aramis: hardware: enable graphics

---
 hosts/nixos/aramis/hardware.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/hosts/nixos/aramis/hardware.nix b/hosts/nixos/aramis/hardware.nix
index c66b426..99bc77e 100644
--- a/hosts/nixos/aramis/hardware.nix
+++ b/hosts/nixos/aramis/hardware.nix
@@ -26,6 +26,12 @@
     firmware = {
       cpuFlavor = "intel";
     };
+
+    graphics = {
+      enable = true;
+
+      gpuFlavor = "intel";
+    };
   };
 
   hardware = {

From 7948dc284b0dd7d2cd48932bc52ae64d90a9c01b Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 6 Feb 2024 15:08:16 +0000
Subject: [PATCH 030/431] nixos: hardware: rename 'trackball'

Since I do intend on configuring every trackball I own to use this
scheme, not just the MX Ergo.
---
 modules/nixos/hardware/default.nix                        | 2 +-
 modules/nixos/hardware/{mx-ergo => trackball}/default.nix | 7 ++++---
 modules/nixos/profiles/devices/default.nix                | 2 +-
 3 files changed, 6 insertions(+), 5 deletions(-)
 rename modules/nixos/hardware/{mx-ergo => trackball}/default.nix (79%)

diff --git a/modules/nixos/hardware/default.nix b/modules/nixos/hardware/default.nix
index 95e6a22..8e125ca 100644
--- a/modules/nixos/hardware/default.nix
+++ b/modules/nixos/hardware/default.nix
@@ -7,9 +7,9 @@
     ./ergodox
     ./firmware
     ./graphics
-    ./mx-ergo
     ./networking
     ./sound
+    ./trackball
     ./upower
   ];
 }
diff --git a/modules/nixos/hardware/mx-ergo/default.nix b/modules/nixos/hardware/trackball/default.nix
similarity index 79%
rename from modules/nixos/hardware/mx-ergo/default.nix
rename to modules/nixos/hardware/trackball/default.nix
index e4e55a1..7a99247 100644
--- a/modules/nixos/hardware/mx-ergo/default.nix
+++ b/modules/nixos/hardware/trackball/default.nix
@@ -1,11 +1,11 @@
 # Hold down the `next page` button to scroll using the ball
 { config, lib, ... }:
 let
-  cfg = config.my.hardware.mx-ergo;
+  cfg = config.my.hardware.trackball;
 in
 {
-  options.my.hardware.mx-ergo = with lib; {
-    enable = mkEnableOption "MX Ergo configuration";
+  options.my.hardware.trackball = with lib; {
+    enable = mkEnableOption "trackball configuration";
   };
 
   config = lib.mkIf cfg.enable {
@@ -13,6 +13,7 @@ in
       # This section must be *after* the one configured by `libinput`
       # for the `ScrollMethod` configuration to not be overriden
       inputClassSections = lib.mkAfter [
+        # MX Ergo
         ''
           Identifier      "MX Ergo scroll button configuration"
           MatchProduct    "MX Ergo"
diff --git a/modules/nixos/profiles/devices/default.nix b/modules/nixos/profiles/devices/default.nix
index 7dbd299..7a84bd2 100644
--- a/modules/nixos/profiles/devices/default.nix
+++ b/modules/nixos/profiles/devices/default.nix
@@ -11,7 +11,7 @@ in
     my.hardware = {
       ergodox.enable = true;
 
-      mx-ergo.enable = true;
+      trackball.enable = true;
     };
 
     # MTP devices auto-mount via file explorers

From a5aaf57e63d07666d8b41f8726258ccd88ff8467 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 6 Feb 2024 17:16:43 +0100
Subject: [PATCH 031/431] home: mail: accounts: remove himalaya backends

Their definition is redundant with the logic of the himalaya module,
which does the right thing by default.
---
 modules/home/mail/accounts/default.nix | 2 --
 1 file changed, 2 deletions(-)

diff --git a/modules/home/mail/accounts/default.nix b/modules/home/mail/accounts/default.nix
index e7663d8..8886139 100644
--- a/modules/home/mail/accounts/default.nix
+++ b/modules/home/mail/accounts/default.nix
@@ -18,8 +18,6 @@ let
     himalaya = {
       enable = cfg.himalaya.enable;
       # FIXME: try to actually configure it at some point
-      backend = "imap";
-      sender = "smtp";
     };
 
     msmtp = {

From 0b74332e9c500967bf748ca4c14e89b322d22096 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 6 Feb 2024 17:16:43 +0100
Subject: [PATCH 032/431] flake: bump inputs

---
 flake.lock | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/flake.lock b/flake.lock
index ae79c1a..4773d30 100644
--- a/flake.lock
+++ b/flake.lock
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1706955260,
-        "narHash": "sha256-W3y0j77IDVbmbajudHoUr46RpswujUCl+D5Vru53UsI=",
+        "lastModified": 1707175763,
+        "narHash": "sha256-0MKHC6tQ4KEuM5rui6DjKZ/VNiSANB4E+DJ/+wPS1PU=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "880d9bc2110f7cae59698f715b8ca42cdc53670c",
+        "rev": "f99eace7c167b8a6a0871849493b1c613d0f1b80",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1706732774,
-        "narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=",
+        "lastModified": 1707092692,
+        "narHash": "sha256-ZbHsm+mGk/izkWtT4xwwqz38fdlwu7nUUKXTOmm4SyE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d",
+        "rev": "faf912b086576fd1a15fca610166c98d47bc667e",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1706978646,
-        "narHash": "sha256-XEFktO8Ba41zKawf1Uf6FKIR1x0ShuoSddYXU4PQbx8=",
+        "lastModified": 1707234300,
+        "narHash": "sha256-D+LdA8g0Tq+KE9EmJMmn8EGRO5jZ2nLe/W0Fr5EIsdg=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "66d6b7b355f3b10ea4140f8b85b2e274c24d442a",
+        "rev": "59fceae769455455ef44c1dfb63bbae1ecddc41d",
         "type": "github"
       },
       "original": {

From 8c03bff1cf8531f2afc5c81556361479ab4391ab Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 6 Feb 2024 17:25:03 +0100
Subject: [PATCH 033/431] overlays: remove 'tandoor-recipes-failing-test'

This is now redundant, the nixpkgs bump provided an updated package
which builds successfully.

This reverts commit 473be47b29843ae6125296bbf2ea7ea36acc110b.
---
 overlays/tandoor-recipes-failing-test/default.nix | 9 ---------
 1 file changed, 9 deletions(-)
 delete mode 100644 overlays/tandoor-recipes-failing-test/default.nix

diff --git a/overlays/tandoor-recipes-failing-test/default.nix b/overlays/tandoor-recipes-failing-test/default.nix
deleted file mode 100644
index 43755ac..0000000
--- a/overlays/tandoor-recipes-failing-test/default.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-_self: super:
-{
-  tandoor-recipes = super.tandoor-recipes.overridePythonAttrs (oa: {
-    disabledTests = (oa.disabledTests or [ ]) ++ [
-      "test_search_count"
-      "test_url_import_regex_replace"
-    ];
-  });
-}

From 9e0930aca4fb0ae40c40c5cd932962e832d0ee0a Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 7 Feb 2024 11:49:42 +0000
Subject: [PATCH 034/431] overlays: gruvbox-nvim-better-diff: simplify

---
 .../gruvbox-nvim-better-diff/generated.nix    | 24 ++++---------------
 1 file changed, 5 insertions(+), 19 deletions(-)

diff --git a/overlays/gruvbox-nvim-better-diff/generated.nix b/overlays/gruvbox-nvim-better-diff/generated.nix
index 50ea4ad..82a18c2 100644
--- a/overlays/gruvbox-nvim-better-diff/generated.nix
+++ b/overlays/gruvbox-nvim-better-diff/generated.nix
@@ -1,24 +1,10 @@
-{ vimUtils, fetchFromGitHub }:
+{ ... }:
 
-_final: _prev: {
-  gruvbox-nvim = vimUtils.buildVimPlugin {
-    pname = "gruvbox.nvim";
-    version = "2023-10-07";
-
-    src = fetchFromGitHub {
-      owner = "ellisonleao";
-      repo = "gruvbox.nvim";
-      rev = "477c62493c82684ed510c4f70eaf83802e398898";
-      sha256 = "0250c24c6n6yri48l288irdawhqs16qna3y74rdkgjd2jvh66vdm";
-    };
-
-    patches = [
+_final: prev: {
+  gruvbox-nvim = prev.gruvbox-nvim.overrideAttrs (oa: {
+    patches = (oa.patches or [ ]) ++ [
       # Inspired by https://github.com/ellisonleao/gruvbox.nvim/pull/291
       ./colours.patch
     ];
-
-    meta = {
-      homepage = "https://github.com/ellisonleao/gruvbox.nvim/";
-    };
-  };
+  });
 }

From d6eceea08a12b09ebcf6396402f6f5242242c667 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 7 Feb 2024 11:50:42 +0000
Subject: [PATCH 035/431] overlays: add gruvbox-nvim-treesitter-fix

The version in nixpkgs is not up-to-date with regards to the
nvim-treesitter breaking changes that were recently introduced.
---
 overlays/gruvbox-nvim-treesitter-fix/default.nix   |  4 ++++
 overlays/gruvbox-nvim-treesitter-fix/generated.nix | 14 ++++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 overlays/gruvbox-nvim-treesitter-fix/default.nix
 create mode 100644 overlays/gruvbox-nvim-treesitter-fix/generated.nix

diff --git a/overlays/gruvbox-nvim-treesitter-fix/default.nix b/overlays/gruvbox-nvim-treesitter-fix/default.nix
new file mode 100644
index 0000000..832e71d
--- /dev/null
+++ b/overlays/gruvbox-nvim-treesitter-fix/default.nix
@@ -0,0 +1,4 @@
+self: prev:
+{
+  vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { });
+}
diff --git a/overlays/gruvbox-nvim-treesitter-fix/generated.nix b/overlays/gruvbox-nvim-treesitter-fix/generated.nix
new file mode 100644
index 0000000..5a18d62
--- /dev/null
+++ b/overlays/gruvbox-nvim-treesitter-fix/generated.nix
@@ -0,0 +1,14 @@
+{ fetchFromGitHub }:
+
+_final: prev: {
+  gruvbox-nvim = prev.gruvbox-nvim.overrideAttrs (_: {
+    version = "2024-01-29";
+
+    src = fetchFromGitHub {
+      owner = "ellisonleao";
+      repo = "gruvbox.nvim";
+      rev = "6e4027ae957cddf7b193adfaec4a8f9e03b4555f";
+      sha256 = "sha256-jWnrRy/PT7D0UcPGL+XTbKHWvS0ixvbyqPtTzG9HY84=";
+    };
+  });
+}

From f4c4a485d60fff68a95e423a6888e31b15cb32db Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 7 Feb 2024 19:44:51 +0000
Subject: [PATCH 036/431] home: xdg: fix sort order

---
 modules/home/xdg/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix
index 3bba198..3aa43bd 100644
--- a/modules/home/xdg/default.nix
+++ b/modules/home/xdg/default.nix
@@ -48,8 +48,8 @@ in
     LESSHISTFILE = "${dataHome}/less/history";
     LESSKEY = "${configHome}/less/lesskey";
     PSQL_HISTORY = "${dataHome}/psql_history";
-    REPO_CONFIG_DIR = "${configHome}/repo";
     REDISCLI_HISTFILE = "${dataHome}/redis/rediscli_history";
+    REPO_CONFIG_DIR = "${configHome}/repo";
     XCOMPOSECACHE = "${dataHome}/X11/xcompose";
   };
 }

From cb97b0dbdef8cbeb5a088c5fb373b1c7037371b1 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 7 Feb 2024 19:45:32 +0000
Subject: [PATCH 037/431] home: xdg: add python configuration

It looks like 3.13 finally brought a way to change the history location
through `PYTHON_HISTORY`.
---
 modules/home/xdg/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix
index 3aa43bd..6e49aa1 100644
--- a/modules/home/xdg/default.nix
+++ b/modules/home/xdg/default.nix
@@ -48,6 +48,9 @@ in
     LESSHISTFILE = "${dataHome}/less/history";
     LESSKEY = "${configHome}/less/lesskey";
     PSQL_HISTORY = "${dataHome}/psql_history";
+    PYTHONPYCACHEPREFIX = "${cacheHome}/python/";
+    PYTHONUSERBASE = "${dataHome}/python/";
+    PYTHON_HISTORY = "${stateHome}/python/history";
     REDISCLI_HISTFILE = "${dataHome}/redis/rediscli_history";
     REPO_CONFIG_DIR = "${configHome}/repo";
     XCOMPOSECACHE = "${dataHome}/X11/xcompose";

From 9d9dba2cc224e39f492d9d9e33bde2fecaf65937 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 7 Feb 2024 20:17:46 +0000
Subject: [PATCH 038/431] home: add wget

This is mostly so that I can add the XDG-compliant configuration.
---
 modules/home/default.nix      |  1 +
 modules/home/wget/default.nix | 26 ++++++++++++++++++++++++++
 2 files changed, 27 insertions(+)
 create mode 100644 modules/home/wget/default.nix

diff --git a/modules/home/default.nix b/modules/home/default.nix
index 4dcfc35..c8183cf 100644
--- a/modules/home/default.nix
+++ b/modules/home/default.nix
@@ -39,6 +39,7 @@
     ./tmux
     ./udiskie
     ./vim
+    ./wget
     ./wm
     ./x
     ./xdg
diff --git a/modules/home/wget/default.nix b/modules/home/wget/default.nix
new file mode 100644
index 0000000..32c13c0
--- /dev/null
+++ b/modules/home/wget/default.nix
@@ -0,0 +1,26 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.my.home.wget;
+in
+{
+  options.my.home.wget = with lib; {
+    enable = my.mkDisableOption "wget configuration";
+
+    package = mkPackageOption pkgs "wget" { };
+  };
+
+  config = lib.mkIf cfg.enable {
+    home.packages = [
+      cfg.package
+    ];
+
+
+    home.sessionVariables = lib.mkIf cfg.enable {
+      WGETRC = "${config.xdg.configHome}/wgetrc";
+    };
+
+    xdg.configFile."wgetrc".text = ''
+      hsts-file = ${config.xdg.dataHome}/wget-hsts
+    '';
+  };
+}

From b0aee235cdc2fc7a22aef2ee423a90849336fc5d Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 8 Feb 2024 14:40:48 +0000
Subject: [PATCH 039/431] home: xdg: add 'GRADLE_USER_HOME'

---
 modules/home/xdg/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix
index 6e49aa1..aac5058 100644
--- a/modules/home/xdg/default.nix
+++ b/modules/home/xdg/default.nix
@@ -43,6 +43,7 @@ in
     CARGO_HOME = "${dataHome}/cargo";
     DOCKER_CONFIG = "${configHome}/docker";
     GDBHISTFILE = "${dataHome}/gdb/gdb_history";
+    GRADLE_USER_HOME = "${dataHome}/gradle";
     HISTFILE = "${dataHome}/bash/history";
     INPUTRC = "${configHome}/readline/inputrc";
     LESSHISTFILE = "${dataHome}/less/history";

From 5e3bc5a8c99968b4c238b824e5013b289b6af30e Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 11 Feb 2024 12:38:30 +0100
Subject: [PATCH 040/431] flake: bump inputs

---
 flake.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/flake.lock b/flake.lock
index 4773d30..33d3740 100644
--- a/flake.lock
+++ b/flake.lock
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1707175763,
-        "narHash": "sha256-0MKHC6tQ4KEuM5rui6DjKZ/VNiSANB4E+DJ/+wPS1PU=",
+        "lastModified": 1707607386,
+        "narHash": "sha256-hj/RgQMTvCWQVInkZwiMMieumkfOjHXhtWhfuXHop/8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "f99eace7c167b8a6a0871849493b1c613d0f1b80",
+        "rev": "bfd0ae29a86eff4603098683b516c67e22184511",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1707092692,
-        "narHash": "sha256-ZbHsm+mGk/izkWtT4xwwqz38fdlwu7nUUKXTOmm4SyE=",
+        "lastModified": 1707546158,
+        "narHash": "sha256-nYYJTpzfPMDxI8mzhQsYjIUX+grorqjKEU9Np6Xwy/0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "faf912b086576fd1a15fca610166c98d47bc667e",
+        "rev": "d934204a0f8d9198e1e4515dd6fec76a139c87f0",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1707234300,
-        "narHash": "sha256-D+LdA8g0Tq+KE9EmJMmn8EGRO5jZ2nLe/W0Fr5EIsdg=",
+        "lastModified": 1707648276,
+        "narHash": "sha256-KOU9ae22fglOXsOHCGYW25iFXnfnz2fSrUy75qfDyuA=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "59fceae769455455ef44c1dfb63bbae1ecddc41d",
+        "rev": "c7fa9c6c3becdb8a330bf1202e009494a381ef32",
         "type": "github"
       },
       "original": {
@@ -197,11 +197,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1706424699,
-        "narHash": "sha256-Q3RBuOpZNH2eFA1e+IHgZLAOqDD9SKhJ/sszrL8bQD4=",
+        "lastModified": 1707297608,
+        "narHash": "sha256-ADjo/5VySGlvtCW3qR+vdFF4xM9kJFlRDqcC9ZGI8EA=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "7c54e08a689b53c8a1e5d70169f2ec9e2a68ffaf",
+        "rev": "0db2e67ee49910adfa13010e7f012149660af7f0",
         "type": "github"
       },
       "original": {

From 7f1706999856e136c65ebf0c4608fc3c65862a1a Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 12 Feb 2024 11:39:13 +0000
Subject: [PATCH 041/431] home: nix: rename 'inputs' options

This mirrors the changes made to the NixOS module.
---
 modules/home/nix/default.nix | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/modules/home/nix/default.nix b/modules/home/nix/default.nix
index 9ccbdc5..d734fbd 100644
--- a/modules/home/nix/default.nix
+++ b/modules/home/nix/default.nix
@@ -12,7 +12,7 @@ let
       # Use pinned nixpkgs when using `nix run pkgs#<whatever>`
       pkgs = inputs.nixpkgs;
     }
-    (lib.optionalAttrs cfg.overrideNixpkgs {
+    (lib.optionalAttrs cfg.inputs.overrideNixpkgs {
       # ... And with `nix run nixpkgs#<whatever>`
       nixpkgs = inputs.nixpkgs;
     })
@@ -22,20 +22,22 @@ in
   options.my.home.nix = with lib; {
     enable = my.mkDisableOption "nix configuration";
 
-    linkInputs = my.mkDisableOption "link inputs to `$XDG_CONFIG_HOME/nix/inputs`";
+    inputs = {
+      link = my.mkDisableOption "link inputs to `/etc/nix/inputs/`";
 
-    addToRegistry = my.mkDisableOption "add inputs and self to registry";
+      addToRegistry = my.mkDisableOption "add inputs and self to registry";
 
-    addToNixPath = my.mkDisableOption "add inputs and self to nix path";
+      addToNixPath = my.mkDisableOption "add inputs and self to nix path";
 
-    overrideNixpkgs = my.mkDisableOption "point nixpkgs to pinned system version";
+      overrideNixpkgs = my.mkDisableOption "point nixpkgs to pinned system version";
+    };
   };
 
   config = lib.mkIf cfg.enable (lib.mkMerge [
     {
       assertions = [
         {
-          assertion = cfg.addToNixPath -> cfg.linkInputs;
+          assertion = cfg.inputs.addToNixPath -> cfg.inputs.link;
           message = ''
             enabling `my.home.nix.addToNixPath` needs to have
             `my.home.nix.linkInputs = true`
@@ -54,7 +56,7 @@ in
       };
     }
 
-    (lib.mkIf cfg.addToRegistry {
+    (lib.mkIf cfg.inputs.addToRegistry {
       nix.registry =
         let
           makeEntry = v: { flake = v; };
@@ -63,7 +65,7 @@ in
         makeEntries channels;
     })
 
-    (lib.mkIf cfg.linkInputs {
+    (lib.mkIf cfg.inputs.link {
       xdg.configFile =
         let
           makeLink = n: v: {
@@ -75,7 +77,7 @@ in
         makeLinks channels;
     })
 
-    (lib.mkIf cfg.addToNixPath {
+    (lib.mkIf cfg.inputs.addToNixPath {
       home.sessionVariables.NIX_PATH = "${config.xdg.configHome}/nix/inputs\${NIX_PATH:+:$NIX_PATH}";
     })
   ]);

From 0bb2be6b87ad84e197b2be03514f59d4bd7b11ed Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 12 Feb 2024 11:40:09 +0000
Subject: [PATCH 042/431] home: nix: add 'cache.selfHosted'

Once again mirroring the NixOS module changes that I forgot to port
over.
---
 modules/home/nix/default.nix | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/modules/home/nix/default.nix b/modules/home/nix/default.nix
index d734fbd..07606bb 100644
--- a/modules/home/nix/default.nix
+++ b/modules/home/nix/default.nix
@@ -22,6 +22,10 @@ in
   options.my.home.nix = with lib; {
     enable = my.mkDisableOption "nix configuration";
 
+    cache = {
+      selfHosted = my.mkDisableOption "self-hosted cache";
+    };
+
     inputs = {
       link = my.mkDisableOption "link inputs to `/etc/nix/inputs/`";
 
@@ -56,6 +60,22 @@ in
       };
     }
 
+    (lib.mkIf cfg.cache.selfHosted {
+      nix = {
+        settings = {
+          # The NixOS module adds the official Hydra cache by default
+          # No need to use `extra-*` options.
+          substituters = [
+            "https://cache.belanyi.fr/"
+          ];
+
+          trusted-public-keys = [
+            "cache.belanyi.fr:LPhrTqufwfxTceg1nRWueDWf7/2zSVY9K00pq2UI7tw="
+          ];
+        };
+      };
+    })
+
     (lib.mkIf cfg.inputs.addToRegistry {
       nix.registry =
         let

From c9969775da97b656c5227ec811f51abba52a5550 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 12 Feb 2024 14:18:44 +0000
Subject: [PATCH 043/431] nixos: services: backup: add essential files

---
 modules/nixos/services/backup/default.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/modules/nixos/services/backup/default.nix b/modules/nixos/services/backup/default.nix
index ff0fc7f..8aeeae1 100644
--- a/modules/nixos/services/backup/default.nix
+++ b/modules/nixos/services/backup/default.nix
@@ -89,6 +89,16 @@ in
   };
 
   config = lib.mkIf cfg.enable {
+    # Essential files which should always be backed up
+    my.services.backup.paths = lib.flatten [
+      # Should be unique to a given host, used by some software (e.g: ZFS)
+      "/etc/machine-id"
+      # Contains the UID/GID map, and other useful state
+      "/var/lib/nixos"
+      # SSH host keys (and public keys for convenience)
+      (builtins.map (key: [ key.path "${key.path}.pub" ]) config.services.openssh.hostKeys)
+    ];
+
     services.restic.backups.backblaze = {
       # Take care of included and excluded files
       paths = cfg.paths;

From 521522e4e9163d66b5e6b42231d98e39b633a2a3 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 13 Aug 2023 15:59:25 +0100
Subject: [PATCH 044/431] home: zsh: use 'mkMerge'

This will make adding modular configuration easier.
---
 modules/home/zsh/default.nix | 138 ++++++++++++++++++-----------------
 1 file changed, 70 insertions(+), 68 deletions(-)

diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix
index 4cadb57..2821f28 100644
--- a/modules/home/zsh/default.nix
+++ b/modules/home/zsh/default.nix
@@ -17,79 +17,81 @@ in
     launchTmux = mkEnableOption "auto launch tmux at shell start";
   };
 
-  config = lib.mkIf cfg.enable {
-    home.packages = with pkgs; [
-      zsh-completions
-    ];
-
-    programs.zsh = {
-      enable = true;
-      dotDir = "${relativeXdgConfig}/zsh"; # Don't clutter $HOME
-      enableCompletion = true;
-
-      history = {
-        size = 500000;
-        save = 500000;
-        extended = true;
-        expireDuplicatesFirst = true;
-        ignoreSpace = true;
-        ignoreDups = true;
-        share = false;
-        path = "${config.xdg.dataHome}/zsh/zsh_history";
-      };
-
-      plugins = [
-        {
-          name = "fast-syntax-highlighting";
-          file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh";
-          src = pkgs.zsh-fast-syntax-highlighting;
-        }
-        {
-          name = "agkozak-zsh-prompt";
-          file = "share/zsh/site-functions/agkozak-zsh-prompt.plugin.zsh";
-          src = pkgs.agkozak-zsh-prompt;
-        }
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    {
+      home.packages = with pkgs; [
+        zsh-completions
       ];
 
-      # Modal editing is life, but CLI benefits from emacs gymnastics
-      defaultKeymap = "emacs";
+      programs.zsh = {
+        enable = true;
+        dotDir = "${relativeXdgConfig}/zsh"; # Don't clutter $HOME
+        enableCompletion = true;
 
-      # Make those happen early to avoid doing double the work
-      initExtraFirst = ''
-        ${
-          lib.optionalString cfg.launchTmux ''
-            # Launch tmux unless already inside one
-            if [ -z "$TMUX" ]; then
-              exec tmux new-session
-            fi
-          ''
-        }
-      '';
+        history = {
+          size = 500000;
+          save = 500000;
+          extended = true;
+          expireDuplicatesFirst = true;
+          ignoreSpace = true;
+          ignoreDups = true;
+          share = false;
+          path = "${config.xdg.dataHome}/zsh/zsh_history";
+        };
 
-      initExtra = ''
-        source ${./completion-styles.zsh}
-        source ${./extra-mappings.zsh}
-        source ${./options.zsh}
+        plugins = [
+          {
+            name = "fast-syntax-highlighting";
+            file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh";
+            src = pkgs.zsh-fast-syntax-highlighting;
+          }
+          {
+            name = "agkozak-zsh-prompt";
+            file = "share/zsh/site-functions/agkozak-zsh-prompt.plugin.zsh";
+            src = pkgs.agkozak-zsh-prompt;
+          }
+        ];
 
-        # Source local configuration
-        if [ -f "$ZDOTDIR/zshrc.local" ]; then
-          source "$ZDOTDIR/zshrc.local"
-        fi
-      '';
+        # Modal editing is life, but CLI benefits from emacs gymnastics
+        defaultKeymap = "emacs";
 
-      localVariables = {
-        # I like having the full path
-        AGKOZAK_PROMPT_DIRTRIM = 0;
-        # Because I *am* from EPITA
-        AGKOZAK_PROMPT_CHAR = [ "42sh$" "42sh#" ":" ];
-        # Easy on the eyes
-        AGKOZAK_COLORS_BRANCH_STATUS = "magenta";
-        # I don't like moving my eyes
-        AGKOZAK_LEFT_PROMPT_ONLY = 1;
+        # Make those happen early to avoid doing double the work
+        initExtraFirst = ''
+          ${
+            lib.optionalString cfg.launchTmux ''
+              # Launch tmux unless already inside one
+              if [ -z "$TMUX" ]; then
+                exec tmux new-session
+              fi
+            ''
+          }
+        '';
+
+        initExtra = ''
+          source ${./completion-styles.zsh}
+          source ${./extra-mappings.zsh}
+          source ${./options.zsh}
+
+          # Source local configuration
+          if [ -f "$ZDOTDIR/zshrc.local" ]; then
+            source "$ZDOTDIR/zshrc.local"
+          fi
+        '';
+
+        localVariables = {
+          # I like having the full path
+          AGKOZAK_PROMPT_DIRTRIM = 0;
+          # Because I *am* from EPITA
+          AGKOZAK_PROMPT_CHAR = [ "42sh$" "42sh#" ":" ];
+          # Easy on the eyes
+          AGKOZAK_COLORS_BRANCH_STATUS = "magenta";
+          # I don't like moving my eyes
+          AGKOZAK_LEFT_PROMPT_ONLY = 1;
+        };
+
+        # Enable VTE integration
+        enableVteIntegration = true;
       };
-
-      # Enable VTE integration
-      enableVteIntegration = true;
-    };
-  };
+    }
+  ]);
 }

From c89dec2a38f403cc2b27997493034d05258b3e0f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 13 Aug 2023 16:05:27 +0100
Subject: [PATCH 045/431] home: zsh: enforce order of 'initExtra{First,}'

In case I want to add more values to those options, I still want the
_main_ values to be ordered before/after.
---
 modules/home/zsh/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix
index 2821f28..987f3b8 100644
--- a/modules/home/zsh/default.nix
+++ b/modules/home/zsh/default.nix
@@ -56,7 +56,7 @@ in
         defaultKeymap = "emacs";
 
         # Make those happen early to avoid doing double the work
-        initExtraFirst = ''
+        initExtraFirst = lib.mkBefore ''
           ${
             lib.optionalString cfg.launchTmux ''
               # Launch tmux unless already inside one
@@ -67,7 +67,7 @@ in
           }
         '';
 
-        initExtra = ''
+        initExtra = lib.mkAfter ''
           source ${./completion-styles.zsh}
           source ${./extra-mappings.zsh}
           source ${./options.zsh}

From d6c29481351d6e1de30055c8b50ea5abbe3f310c Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 13 Aug 2023 16:19:47 +0100
Subject: [PATCH 046/431] home: zsh: add 'zsh-done'

---
 modules/home/zsh/default.nix | 40 ++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix
index 987f3b8..d983116 100644
--- a/modules/home/zsh/default.nix
+++ b/modules/home/zsh/default.nix
@@ -15,6 +15,16 @@ in
     enable = my.mkDisableOption "zsh configuration";
 
     launchTmux = mkEnableOption "auto launch tmux at shell start";
+
+    notify = {
+      enable = mkEnableOption "zsh-done notification";
+
+      ssh = {
+        enable = mkEnableOption "notify through SSH/non-graphical connections";
+
+        useOsc777 = lib.my.mkDisableOption "use OSC-777 for notifications";
+      };
+    };
   };
 
   config = lib.mkIf cfg.enable (lib.mkMerge [
@@ -93,5 +103,35 @@ in
         enableVteIntegration = true;
       };
     }
+
+    (lib.mkIf cfg.notify.enable {
+      programs.zsh = {
+        plugins = [
+          {
+            name = "zsh-done";
+            file = "share/zsh/site-functions/done.plugin.zsh";
+            src = pkgs.ambroisie.zsh-done;
+          }
+        ];
+
+        # `localVariables` values don't get merged correctly due to their type,
+        # don't use `mkIf`
+        localVariables = { }
+          # Enable `zsh-done` through SSH, if configured
+          // lib.optionalAttrs cfg.notify.ssh.enable { DONE_ALLOW_NONGRAPHICAL = 1; }
+        ;
+
+        # Use OSC-777 to send the notification through SSH
+        initExtra = lib.mkIf cfg.notify.ssh.useOsc777 ''
+          done_send_notification() {
+            local exit_status="$1"
+            local title="$2"
+            local message="$3"
+
+            ${lib.getExe pkgs.ambroisie.osc777} "$title" "$message"
+          }
+        '';
+      };
+    })
   ]);
 }

From 8b07ff5bbe6bf4078ff8e4a1d356e8de735d505d Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 12 Feb 2024 21:22:19 +0000
Subject: [PATCH 047/431] homes: bazin: enable zsh notifications

---
 hosts/homes/ambroisie@bazin/default.nix | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/hosts/homes/ambroisie@bazin/default.nix b/hosts/homes/ambroisie@bazin/default.nix
index a969d8a..c71e07c 100644
--- a/hosts/homes/ambroisie@bazin/default.nix
+++ b/hosts/homes/ambroisie@bazin/default.nix
@@ -21,5 +21,17 @@
         package = pkgs.emptyDirectory;
       };
     };
+
+    zsh = {
+      notify = {
+        enable = true;
+
+        ssh = {
+          enable = true;
+          # `notify-send` is proxied to the ChromeOS layer
+          useOsc777 = false;
+        };
+      };
+    };
   };
 }

From 08f31c088ba2b2682210a1e2de4aa7f412858fc8 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 13 Feb 2024 14:34:12 +0000
Subject: [PATCH 048/431] home: atuin: explicitly set 'enter_accept'

---
 modules/home/atuin/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/home/atuin/default.nix b/modules/home/atuin/default.nix
index 19a6fb9..b8973cc 100644
--- a/modules/home/atuin/default.nix
+++ b/modules/home/atuin/default.nix
@@ -25,6 +25,8 @@ in
         search_mode = "skim";
         # Show long command lines at the bottom
         show_preview = true;
+        # I like being able to edit my commands
+        enter_accept = false;
       };
     };
   };

From 3c79a373e4744fc57497fedc9990efac6a0ae53b Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 15 Feb 2024 16:32:37 +0000
Subject: [PATCH 049/431] pkgs: zsh-done: 0.1.0 -> 0.1.1

---
 pkgs/zsh-done/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/zsh-done/default.nix b/pkgs/zsh-done/default.nix
index bddc6c1..bdb6af3 100644
--- a/pkgs/zsh-done/default.nix
+++ b/pkgs/zsh-done/default.nix
@@ -2,13 +2,13 @@
 
 stdenvNoCC.mkDerivation rec {
   pname = "zsh-done";
-  version = "0.1.0";
+  version = "0.1.1";
 
   src = fetchFromGitHub {
     owner = "ambroisie";
     repo = "zsh-done";
     rev = "v${version}";
-    hash = "sha256-DC7urJDXPP9vBYABrJF5KZ4HfMbrpHIVogSmEB8PWLA=";
+    hash = "sha256-dyhPhoMrAfDWtrBX5TA+B3G7QZ7gBhoDGNOEqGsCBQU=";
   };
 
   dontConfigure = true;

From a0dde6f27437c8e52c4f72187d8d3899cd90e30f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 15 Feb 2024 16:33:27 +0000
Subject: [PATCH 050/431] home: zsh: add notification exclusion list

---
 modules/home/zsh/default.nix | 36 ++++++++++++++++++++++++++++++++----
 1 file changed, 32 insertions(+), 4 deletions(-)

diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix
index d983116..5bfeaee 100644
--- a/modules/home/zsh/default.nix
+++ b/modules/home/zsh/default.nix
@@ -19,6 +19,27 @@ in
     notify = {
       enable = mkEnableOption "zsh-done notification";
 
+      exclude = mkOption {
+        type = with types; listOf str;
+        default = [
+          "direnv reload"
+          "fg"
+          "git (?!push|pull|fetch)"
+          "htop"
+          "less"
+          "man"
+          "nvim"
+          "tail -f"
+          "tmux"
+          "vim"
+        ];
+        example = [ "command --long-running-option" ];
+        description = ''
+          List of exclusions which should not be create a notification. Accepts
+          Perl regexes (implicitly anchored with `^\s*`).
+        '';
+      };
+
       ssh = {
         enable = mkEnableOption "notify through SSH/non-graphical connections";
 
@@ -116,10 +137,17 @@ in
 
         # `localVariables` values don't get merged correctly due to their type,
         # don't use `mkIf`
-        localVariables = { }
-          # Enable `zsh-done` through SSH, if configured
-          // lib.optionalAttrs cfg.notify.ssh.enable { DONE_ALLOW_NONGRAPHICAL = 1; }
-        ;
+        localVariables = {
+          DONE_EXCLUDE =
+            let
+              joined = lib.concatMapStringsSep "|" (c: "(${c})") cfg.notify.exclude;
+            in
+            ''^\s*(${joined})'';
+        }
+        # Enable `zsh-done` through SSH, if configured
+        // lib.optionalAttrs cfg.notify.ssh.enable {
+          DONE_ALLOW_NONGRAPHICAL = 1;
+        };
 
         # Use OSC-777 to send the notification through SSH
         initExtra = lib.mkIf cfg.notify.ssh.useOsc777 ''

From b2a199c9a02c164f93ecf50e41077dbc3744c2bc Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 15 Feb 2024 16:58:54 +0000
Subject: [PATCH 051/431] home: nix: fix cache configuration

Copy-paste is bad kids, the home-manager module does *not* do the same
as NixOS.

I was rebuilding the world, since this was overriding the official Hydra
cache...
---
 modules/home/nix/default.nix | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/modules/home/nix/default.nix b/modules/home/nix/default.nix
index 07606bb..0934189 100644
--- a/modules/home/nix/default.nix
+++ b/modules/home/nix/default.nix
@@ -63,13 +63,11 @@ in
     (lib.mkIf cfg.cache.selfHosted {
       nix = {
         settings = {
-          # The NixOS module adds the official Hydra cache by default
-          # No need to use `extra-*` options.
-          substituters = [
+          extra-substituters = [
             "https://cache.belanyi.fr/"
           ];
 
-          trusted-public-keys = [
+          extra-trusted-public-keys = [
             "cache.belanyi.fr:LPhrTqufwfxTceg1nRWueDWf7/2zSVY9K00pq2UI7tw="
           ];
         };

From c5e5bee206097db2046496fabff009f9673a99c0 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 16 Feb 2024 19:04:49 +0000
Subject: [PATCH 052/431] home: git: enable 'rerere'

How did I not already have it enabled?
---
 modules/home/git/default.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix
index 9c10257..1bb2215 100644
--- a/modules/home/git/default.nix
+++ b/modules/home/git/default.nix
@@ -148,6 +148,10 @@ in
         autoStash = true;
       };
 
+      rerere = {
+        enabled = true;
+      };
+
       url = {
         "git@git.belanyi.fr:" = {
           insteadOf = "https://git.belanyi.fr/";

From 7e361aff9dd40ea4a9b3cae63c58390d2b6a9c31 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 16 Feb 2024 22:44:24 +0000
Subject: [PATCH 053/431] templates: c++-cmake: fix formatting

---
 templates/c++-cmake/tests/unit/CMakeLists.txt | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/templates/c++-cmake/tests/unit/CMakeLists.txt b/templates/c++-cmake/tests/unit/CMakeLists.txt
index bb94448..266e3e3 100644
--- a/templates/c++-cmake/tests/unit/CMakeLists.txt
+++ b/templates/c++-cmake/tests/unit/CMakeLists.txt
@@ -1,15 +1,15 @@
 find_package(GTest)
 
-if (${GTest_FOUND})
-include(GoogleTest)
+if(${GTest_FOUND})
+  include(GoogleTest)
 
-add_executable(dummy_test dummy_test.cc)
-target_link_libraries(dummy_test PRIVATE common_options)
+  add_executable(dummy_test dummy_test.cc)
+  target_link_libraries(dummy_test PRIVATE common_options)
 
-target_link_libraries(dummy_test PRIVATE
-  GTest::gtest
-  GTest::gtest_main
-)
+  target_link_libraries(dummy_test PRIVATE
+    GTest::gtest
+    GTest::gtest_main
+  )
 
-gtest_discover_tests(dummy_test)
-endif (${GTest_FOUND})
+  gtest_discover_tests(dummy_test)
+endif()

From 5d38d94da6768c8fd0f3a4ab1263f10cdb2bde48 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 16 Feb 2024 22:56:44 +0000
Subject: [PATCH 054/431] templates: use 'backend' CI label

---
 templates/c++-cmake/.woodpecker/check.yml | 2 +-
 templates/c++-meson/.woodpecker/check.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/c++-cmake/.woodpecker/check.yml b/templates/c++-cmake/.woodpecker/check.yml
index 628e491..aff6e84 100644
--- a/templates/c++-cmake/.woodpecker/check.yml
+++ b/templates/c++-cmake/.woodpecker/check.yml
@@ -1,5 +1,5 @@
 labels:
-  type: exec
+  backend: local
 
 steps:
 - name: nix flake check
diff --git a/templates/c++-meson/.woodpecker/check.yml b/templates/c++-meson/.woodpecker/check.yml
index 628e491..aff6e84 100644
--- a/templates/c++-meson/.woodpecker/check.yml
+++ b/templates/c++-meson/.woodpecker/check.yml
@@ -1,5 +1,5 @@
 labels:
-  type: exec
+  backend: local
 
 steps:
 - name: nix flake check

From 65394711863dd75bbd5167ac4455787b05fe435f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 16 Feb 2024 23:00:57 +0000
Subject: [PATCH 055/431] templates: use explicit 'pre-commit check' CI step

---
 templates/c++-cmake/.woodpecker/check.yml | 5 +++++
 templates/c++-meson/.woodpecker/check.yml | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/templates/c++-cmake/.woodpecker/check.yml b/templates/c++-cmake/.woodpecker/check.yml
index aff6e84..9135f7b 100644
--- a/templates/c++-cmake/.woodpecker/check.yml
+++ b/templates/c++-cmake/.woodpecker/check.yml
@@ -2,6 +2,11 @@ labels:
   backend: local
 
 steps:
+- name: pre-commit check
+  image: bash
+  commands:
+  - nix develop --command pre-commit run --all
+
 - name: nix flake check
   image: bash
   commands:
diff --git a/templates/c++-meson/.woodpecker/check.yml b/templates/c++-meson/.woodpecker/check.yml
index aff6e84..9135f7b 100644
--- a/templates/c++-meson/.woodpecker/check.yml
+++ b/templates/c++-meson/.woodpecker/check.yml
@@ -2,6 +2,11 @@ labels:
   backend: local
 
 steps:
+- name: pre-commit check
+  image: bash
+  commands:
+  - nix develop --command pre-commit run --all
+
 - name: nix flake check
   image: bash
   commands:

From eb668525f8e977dd972af075ab8801921d914ffc Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 23 Feb 2024 13:14:09 +0000
Subject: [PATCH 056/431] home: zsh: ignore more commands for notification

---
 modules/home/zsh/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix
index 5bfeaee..a277366 100644
--- a/modules/home/zsh/default.nix
+++ b/modules/home/zsh/default.nix
@@ -22,6 +22,7 @@ in
       exclude = mkOption {
         type = with types; listOf str;
         default = [
+          "delta"
           "direnv reload"
           "fg"
           "git (?!push|pull|fetch)"

From f9cdff8c138e941720850487f90c6aa06878bbaa Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 23 Feb 2024 13:28:48 +0000
Subject: [PATCH 057/431] hosts: homes: bazin: ignore interactive adb shells

---
 hosts/homes/ambroisie@bazin/default.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hosts/homes/ambroisie@bazin/default.nix b/hosts/homes/ambroisie@bazin/default.nix
index c71e07c..a65a626 100644
--- a/hosts/homes/ambroisie@bazin/default.nix
+++ b/hosts/homes/ambroisie@bazin/default.nix
@@ -1,5 +1,5 @@
 # Google Laptop configuration
-{ lib, pkgs, ... }:
+{ lib, options, pkgs, ... }:
 {
   services.gpg-agent.enable = lib.mkForce false;
 
@@ -26,6 +26,10 @@
       notify = {
         enable = true;
 
+        exclude = options.my.home.zsh.notify.exclude.default ++ [
+          "adb shell$" # Only interactive shell sessions
+        ];
+
         ssh = {
           enable = true;
           # `notify-send` is proxied to the ChromeOS layer

From b9b47fffd6cab923fd37bad5fddacfad8f7a1a74 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 29 Feb 2024 12:06:58 +0000
Subject: [PATCH 058/431] flake: bump inputs

Fix the pyLoad user/group option that I added upstream [1].

Fix an evaluation error due to Pipewire changes [2].

[1]: https://github.com/NixOS/nixpkgs/pull/287304
[2]: https://github.com/NixOS/nixpkgs/pull/282377
---
 flake.lock                                   | 36 ++++++++++----------
 modules/nixos/hardware/bluetooth/default.nix |  8 ++---
 modules/nixos/services/pyload/default.nix    | 23 ++-----------
 3 files changed, 24 insertions(+), 43 deletions(-)

diff --git a/flake.lock b/flake.lock
index 33d3740..cd0b2de 100644
--- a/flake.lock
+++ b/flake.lock
@@ -14,11 +14,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1703433843,
-        "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=",
+        "lastModified": 1707830867,
+        "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "417caa847f9383e111d1397039c9d4337d024bf0",
+        "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
         "type": "github"
       },
       "original": {
@@ -94,11 +94,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1705309234,
-        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
+        "lastModified": 1709126324,
+        "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
+        "rev": "d465f4819400de7c8d874d50b982301f28a84605",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1707607386,
-        "narHash": "sha256-hj/RgQMTvCWQVInkZwiMMieumkfOjHXhtWhfuXHop/8=",
+        "lastModified": 1709204054,
+        "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "bfd0ae29a86eff4603098683b516c67e22184511",
+        "rev": "2f3367769a93b226c467551315e9e270c3f78b15",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1707546158,
-        "narHash": "sha256-nYYJTpzfPMDxI8mzhQsYjIUX+grorqjKEU9Np6Xwy/0=",
+        "lastModified": 1709150264,
+        "narHash": "sha256-HofykKuisObPUfj0E9CJVfaMhawXkYx3G8UIFR/XQ38=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d934204a0f8d9198e1e4515dd6fec76a139c87f0",
+        "rev": "9099616b93301d5cf84274b184a3a5ec69e94e08",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1707648276,
-        "narHash": "sha256-KOU9ae22fglOXsOHCGYW25iFXnfnz2fSrUy75qfDyuA=",
+        "lastModified": 1709206595,
+        "narHash": "sha256-lBU/gE7DiJCNkJGPVUms0zA0hxzDVgENIXfebj1oeLc=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "c7fa9c6c3becdb8a330bf1202e009494a381ef32",
+        "rev": "fbe8df1c13fd8e63e35c2c4654104661eb1fbbed",
         "type": "github"
       },
       "original": {
@@ -197,11 +197,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1707297608,
-        "narHash": "sha256-ADjo/5VySGlvtCW3qR+vdFF4xM9kJFlRDqcC9ZGI8EA=",
+        "lastModified": 1708018599,
+        "narHash": "sha256-M+Ng6+SePmA8g06CmUZWi1AjG2tFBX9WCXElBHEKnyM=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "0db2e67ee49910adfa13010e7f012149660af7f0",
+        "rev": "5df5a70ad7575f6601d91f0efec95dd9bc619431",
         "type": "github"
       },
       "original": {
diff --git a/modules/nixos/hardware/bluetooth/default.nix b/modules/nixos/hardware/bluetooth/default.nix
index 2d840f9..c019b31 100644
--- a/modules/nixos/hardware/bluetooth/default.nix
+++ b/modules/nixos/hardware/bluetooth/default.nix
@@ -25,8 +25,8 @@ in
         package = pkgs.pulseaudioFull;
       };
 
-      environment.etc = {
-        "wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
+      services.pipewire.wireplumber.configPackages = [
+        (pkgs.writeTextDir "share/wireplumber/bluetooth.lua.d/51-bluez-config.lua" ''
           bluez_monitor.properties = {
             -- SBC XQ provides better audio
             ["bluez5.enable-sbc-xq"] = true,
@@ -40,8 +40,8 @@ in
             -- FIXME: Some devices may now support both hsp_ag and hfp_ag
             ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
           }
-        '';
-      };
+        '')
+      ];
     })
 
     # Support for A2DP audio profile
diff --git a/modules/nixos/services/pyload/default.nix b/modules/nixos/services/pyload/default.nix
index 40bf12d..88889bf 100644
--- a/modules/nixos/services/pyload/default.nix
+++ b/modules/nixos/services/pyload/default.nix
@@ -39,31 +39,12 @@ in
         downloadDirectory
         port
         ;
-    };
 
-    # Use pyload user/media group when downloading files
-    systemd.services.pyload = {
-      serviceConfig = {
-        User = lib.mkForce "pyload";
-        Group = lib.mkForce "media";
-        DynamicUser = lib.mkForce false;
-      };
-    };
-
-    # And make sure the download directory has the correct owners
-    systemd.tmpfiles.settings.pyload = {
-      ${cfg.downloadDirectory}.d = {
-        user = "pyload";
-        group = "media";
-      };
-    };
-
-    # Set-up pyload user and media group
-    users.users.pyload = {
-      isSystemUser = true;
+      # Use media group when downloading files
       group = "media";
     };
 
+    # Set-up media group
     users.groups.media = { };
 
     my.services.nginx.virtualHosts = {

From 56c0c28b02acc493ae028ebca5d77cc3a455ba81 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 1 Mar 2024 17:20:44 +0000
Subject: [PATCH 059/431] hosts: nixos: porthos: home: disable cache

Same reason as the system-wide configuration...
---
 hosts/nixos/porthos/home.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/hosts/nixos/porthos/home.nix b/hosts/nixos/porthos/home.nix
index 90aa0ec..1de3565 100644
--- a/hosts/nixos/porthos/home.nix
+++ b/hosts/nixos/porthos/home.nix
@@ -1,6 +1,13 @@
 { ... }:
 {
   my.home = {
+    nix = {
+      cache = {
+        # This server is the one serving the cache, don't try to query it
+        selfHosted = false;
+      };
+    };
+
     # Allow using 24bit color when SSH-ing from various clients
     tmux.trueColorTerminals = [
       # My usual terminal, e.g: on laptop

From 4d25609b26633b6ccf3994162ca74cc179d6fbc6 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 1 Mar 2024 20:48:44 +0000
Subject: [PATCH 060/431] nixos: system: nix: expand trusted users

---
 modules/nixos/system/nix/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/nixos/system/nix/default.nix b/modules/nixos/system/nix/default.nix
index 47d6499..ad13539 100644
--- a/modules/nixos/system/nix/default.nix
+++ b/modules/nixos/system/nix/default.nix
@@ -56,6 +56,8 @@ in
 
         settings = {
           experimental-features = [ "nix-command" "flakes" ];
+          # Trusted users are equivalent to root, and might as well allow wheel
+          trusted-users = [ "root" "@wheel" ];
         };
       };
     }

From a3afafd9e05958f6cf6368d10a36717562d3d99c Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 2 Mar 2024 12:48:08 +0100
Subject: [PATCH 061/431] nixos: services: add mealie

---
 modules/nixos/services/default.nix        |  1 +
 modules/nixos/services/mealie/default.nix | 72 +++++++++++++++++++++++
 2 files changed, 73 insertions(+)
 create mode 100644 modules/nixos/services/mealie/default.nix

diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix
index 67504da..90dd3e1 100644
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@@ -16,6 +16,7 @@
     ./jellyfin
     ./lohr
     ./matrix
+    ./mealie
     ./miniflux
     ./monitoring
     ./navidrome
diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix
new file mode 100644
index 0000000..ebbebb2
--- /dev/null
+++ b/modules/nixos/services/mealie/default.nix
@@ -0,0 +1,72 @@
+{ config, lib, ... }:
+let
+  cfg = config.my.services.mealie;
+in
+{
+  options.my.services.mealie = with lib; {
+    enable = mkEnableOption "Mealie service";
+
+    port = mkOption {
+      type = types.port;
+      default = 4537;
+      example = 8080;
+      description = "Internal port for webui";
+    };
+
+    credentialsFile = mkOption {
+      type = types.str;
+      example = "/var/lib/mealie/credentials.env";
+      description = ''
+        Configuration file for secrets.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.mealie = {
+      enable = true;
+      inherit (cfg) port credentialsFile;
+
+      settings = {
+        # Basic settings
+        BASE_URL = "https://mealie.${config.networking.domain}";
+        TZ = config.time.timeZone;
+        ALLOw_SIGNUP = "false";
+
+        # Use PostgreSQL
+        DB_ENGINE = "postgres";
+        POSTGRES_USER = "mealie";
+        POSTGRES_PASSWORD = "";
+        POSTGRES_SERVER = "/run/postgresql";
+        # Pydantic and/or mealie doesn't handle the URI correctly, hijack it
+        # with query parameters...
+        POSTGRES_DB = "mealie?host=/run/postgresql&dbname=mealie";
+      };
+    };
+
+    systemd.services = {
+      mealie = {
+        after = [ "postgresql.service" ];
+        requires = [ "postgresql.service" ];
+      };
+    };
+
+    # Set-up database
+    services.postgresql = {
+      enable = true;
+      ensureDatabases = [ "mealie" ];
+      ensureUsers = [
+        {
+          name = "mealie";
+          ensureDBOwnership = true;
+        }
+      ];
+    };
+
+    my.services.nginx.virtualHosts = {
+      mealie = {
+        inherit (cfg) port;
+      };
+    };
+  };
+}

From 380933e69b83c7662ec97510e6ab52eef5aad159 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 2 Mar 2024 12:48:42 +0100
Subject: [PATCH 062/431] hosts: nixos: porthos: secrets: add mealie mail

---
 hosts/nixos/porthos/secrets/mealie/mail.age | Bin 0 -> 516 bytes
 hosts/nixos/porthos/secrets/secrets.nix     |   4 ++++
 2 files changed, 4 insertions(+)
 create mode 100644 hosts/nixos/porthos/secrets/mealie/mail.age

diff --git a/hosts/nixos/porthos/secrets/mealie/mail.age b/hosts/nixos/porthos/secrets/mealie/mail.age
new file mode 100644
index 0000000000000000000000000000000000000000..b7348ae2a09fbf001f2354936f2df7112ed29c5d
GIT binary patch
literal 516
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSn_Ri1BO;-r;FpNkx
zarH6C4=*q_$PdV^^3Mw|@riKHk4g%!N(}Th2nj4s%`D4z_vA|Vjm#?Yc6Kawb16$J
zHgpMbuQV?X$qdP?NH(nUEHMiz3v|v%EG_k{Oh&gYD<Ho-FI^!&yF4hxyTBkfImjtI
zAUVg#BgiDzC&Rg*(m$=pt<p8uz$7dz+cP)I-GVE$O5Zmk*efU_$RxzCDl6A5GQ-$0
z&(u)cGP%kvJWAiE!rk1}$)lpu-Iq&OS63lFE4;MQFw`)^Ez{gJC^90aJS4y|u_CG}
zFDEoKAjKlXFw(-O+{nelt(+^(>dN{xo*F+wSMJ%o+)34Qd+m$Y#mNF2nAzMs+zmCZ
z&HkO;SFQHv_}4?xM|;~Qq<<+mA+_rmgEqgD?OD!_Kj9&@^Z#_{x_13#%22y&^)Az0
zYmp+WBU25pX>QpU{}mgV3oV+S%QPoCC#oAvx+|#8!d`zx;7Rp8zG&tf!rQZWpU(F6
z*?IH(%8v^^9AYf7@Y(wF|K9|0riHO=+L2#*-Y>sV+qFDQonOmAkHPHSX2-s*GY_7d
zy}Kc*<3{?G)01B=%sMEVsJ$zXk89V>r5C0>cJT~bmUFSQxxVDqmm3`kZ;j%20{|t3
B%@+Uw

literal 0
HcmV?d00001

diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix
index 43a9b35..3545e3a 100644
--- a/hosts/nixos/porthos/secrets/secrets.nix
+++ b/hosts/nixos/porthos/secrets/secrets.nix
@@ -41,6 +41,10 @@ in
     publicKeys = all;
   };
 
+  "mealie/mail.age" = {
+    publicKeys = all;
+  };
+
   "miniflux/credentials.age".publicKeys = all;
 
   "monitoring/password.age" = {

From 7f0a889ccd1cf1139fe7c9327dd1821ed884b116 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 2 Mar 2024 12:48:59 +0100
Subject: [PATCH 063/431] hosts: nixos: porthos: services: enable mealie

---
 hosts/nixos/porthos/services.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index 2486752..c3ffa39 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -68,6 +68,10 @@ in
         secretFile = secrets."matrix/sliding-sync-secret".path;
       };
     };
+    mealie = {
+      enable = true;
+      credentialsFile = secrets."mealie/mail".path;
+    };
     miniflux = {
       enable = true;
       credentialsFiles = secrets."miniflux/credentials".path;

From 6bef924513a1e72243808ab4d8277cb65aa68047 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 4 Mar 2024 11:44:49 +0000
Subject: [PATCH 064/431] overlays: remove gruvbox-nvim-treesitter-fix

Not needed anymore.

This reverts commit d6eceea08a12b09ebcf6396402f6f5242242c667.
---
 overlays/gruvbox-nvim-treesitter-fix/default.nix   |  4 ----
 overlays/gruvbox-nvim-treesitter-fix/generated.nix | 14 --------------
 2 files changed, 18 deletions(-)
 delete mode 100644 overlays/gruvbox-nvim-treesitter-fix/default.nix
 delete mode 100644 overlays/gruvbox-nvim-treesitter-fix/generated.nix

diff --git a/overlays/gruvbox-nvim-treesitter-fix/default.nix b/overlays/gruvbox-nvim-treesitter-fix/default.nix
deleted file mode 100644
index 832e71d..0000000
--- a/overlays/gruvbox-nvim-treesitter-fix/default.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-self: prev:
-{
-  vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { });
-}
diff --git a/overlays/gruvbox-nvim-treesitter-fix/generated.nix b/overlays/gruvbox-nvim-treesitter-fix/generated.nix
deleted file mode 100644
index 5a18d62..0000000
--- a/overlays/gruvbox-nvim-treesitter-fix/generated.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ fetchFromGitHub }:
-
-_final: prev: {
-  gruvbox-nvim = prev.gruvbox-nvim.overrideAttrs (_: {
-    version = "2024-01-29";
-
-    src = fetchFromGitHub {
-      owner = "ellisonleao";
-      repo = "gruvbox.nvim";
-      rev = "6e4027ae957cddf7b193adfaec4a8f9e03b4555f";
-      sha256 = "sha256-jWnrRy/PT7D0UcPGL+XTbKHWvS0ixvbyqPtTzG9HY84=";
-    };
-  });
-}

From ed15e62e1d390d46f18565a02266c9021ec09075 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 5 Mar 2024 12:44:08 +0000
Subject: [PATCH 065/431] nixos: services: gitea: use 'git' group

---
 modules/nixos/services/gitea/default.nix | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/modules/nixos/services/gitea/default.nix b/modules/nixos/services/gitea/default.nix
index 4a8a3bb..e7f39a5 100644
--- a/modules/nixos/services/gitea/default.nix
+++ b/modules/nixos/services/gitea/default.nix
@@ -58,6 +58,8 @@ in
         appName = "Ambroisie's forge";
 
         user = "git";
+        group = "git";
+
         lfs.enable = true;
 
         useWizard = false;
@@ -107,11 +109,6 @@ in
       home = config.services.gitea.stateDir;
       useDefaultShell = true;
       group = "git";
-
-      # The service for gitea seems to hardcode the group as
-      # gitea, so, uh, just in case?
-      extraGroups = [ "gitea" ];
-
       isSystemUser = true;
     };
     users.groups.git = { };

From 40d1b3983700b1b1fa1899679e94dc9bc80fc65b Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 5 Mar 2024 14:16:22 +0000
Subject: [PATCH 066/431] nixos: services: gitea: update mail configuration

---
 hosts/nixos/porthos/services.nix         |  2 +-
 modules/nixos/services/gitea/default.nix | 26 ++++++++++++------------
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index c3ffa39..c872160 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -41,7 +41,7 @@ in
       enable = true;
       mail = {
         enable = true;
-        host = "smtp.migadu.com:465";
+        host = "smtp.migadu.com";
         user = lib.my.mkMailAddress "gitea" "belanyi.fr";
         passwordFile = secrets."gitea/mail-password".path;
       };
diff --git a/modules/nixos/services/gitea/default.nix b/modules/nixos/services/gitea/default.nix
index e7f39a5..6185a22 100644
--- a/modules/nixos/services/gitea/default.nix
+++ b/modules/nixos/services/gitea/default.nix
@@ -18,9 +18,15 @@ in
       };
       host = mkOption {
         type = types.str;
-        example = "smtp.example.com:465";
+        example = "smtp.example.com";
         description = "Host for the mail account";
       };
+      port = mkOption {
+        type = types.port;
+        default = 465;
+        example = 587;
+        description = "Port for the mail account";
+      };
       user = mkOption {
         type = types.str;
         example = "gitea@example.com";
@@ -31,17 +37,11 @@ in
         example = "/run/secrets/gitea-mail-password.txt";
         description = "Password for the mail account";
       };
-      type = mkOption {
+      protocol = mkOption {
         type = types.str;
-        default = "smtp";
+        default = "smtps";
         example = "smtp";
-        description = "Password for the mail account";
-      };
-      tls = mkOption {
-        type = types.bool;
-        default = true;
-        example = false;
-        description = "Use TLS for connection";
+        description = "Protocol for connection";
       };
     };
   };
@@ -86,11 +86,11 @@ in
 
           mailer = lib.mkIf cfg.mail.enable {
             ENABLED = true;
-            HOST = cfg.mail.host;
+            SMTP_ADDR = cfg.mail.host;
+            SMTP_PORT = cfg.mail.port;
             FROM = cfg.mail.user;
             USER = cfg.mail.user;
-            MAILER_TYPE = cfg.mail.type;
-            IS_TLS_ENABLED = cfg.mail.tls;
+            PROTOCOL = cfg.mail.protocol;
           };
 
           service = {

From d423a03663ccabde691f2b59b34ed1be756c0eed Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 5 Mar 2024 14:20:57 +0000
Subject: [PATCH 067/431] nixos: services: gitea: fix mail 'FROM' address

---
 modules/nixos/services/gitea/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/nixos/services/gitea/default.nix b/modules/nixos/services/gitea/default.nix
index 6185a22..212f59c 100644
--- a/modules/nixos/services/gitea/default.nix
+++ b/modules/nixos/services/gitea/default.nix
@@ -88,7 +88,7 @@ in
             ENABLED = true;
             SMTP_ADDR = cfg.mail.host;
             SMTP_PORT = cfg.mail.port;
-            FROM = cfg.mail.user;
+            FROM = "Gitea <${cfg.mail.user}>";
             USER = cfg.mail.user;
             PROTOCOL = cfg.mail.protocol;
           };

From 6a47703c08ebeed4b3f62f5db9844f87eb955ded Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 5 Mar 2024 21:15:57 +0000
Subject: [PATCH 068/431] pkgs: add digestpp

---
 pkgs/default.nix          |  2 ++
 pkgs/digestpp/default.nix | 31 +++++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 pkgs/digestpp/default.nix

diff --git a/pkgs/default.nix b/pkgs/default.nix
index 6b7fce1..94f3440 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -10,6 +10,8 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: {
 
   diff-flake = pkgs.callPackage ./diff-flake { };
 
+  digestpp = pkgs.callPackage ./digestpp { };
+
   dragger = pkgs.callPackage ./dragger { };
 
   drone-rsync = pkgs.callPackage ./drone-rsync { };
diff --git a/pkgs/digestpp/default.nix b/pkgs/digestpp/default.nix
new file mode 100644
index 0000000..2fd90db
--- /dev/null
+++ b/pkgs/digestpp/default.nix
@@ -0,0 +1,31 @@
+{ lib
+, fetchFromGitHub
+, stdenv
+}:
+stdenv.mkDerivation {
+  pname = "digestpp";
+  version = "0-unstable-2023-11-07";
+
+  src = fetchFromGitHub {
+    owner = "kerukuro";
+    repo = "digestpp";
+    rev = "ebb699402c244e22c3aff61d2239bcb2e87b8ef8";
+    hash = "sha256-9X/P7DgZB6bSYjQWRli4iAXEFjhmACOVv3EYQrXuH5c=";
+  };
+
+  installPhase = ''
+    runHook preInstall
+
+    mkdir -p $out/include/digestpp
+    cp -r *.hpp algorithm/ detail/ $out/include/digestpp
+
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    description = "C++11 header-only message digest library";
+    homepage = "https://github.com/kerukuro/digestpp";
+    license = licenses.unlicense;
+    maintainers = with maintainers; [ ambroisie ];
+  };
+}

From ef882a52673bf3b7a7c4f4658624183c760e8b18 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 5 Mar 2024 21:16:10 +0000
Subject: [PATCH 069/431] pkgs: add sqlite_orm

---
 pkgs/default.nix            |  2 ++
 pkgs/sqlite_orm/default.nix | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+)
 create mode 100644 pkgs/sqlite_orm/default.nix

diff --git a/pkgs/default.nix b/pkgs/default.nix
index 94f3440..ddd0b02 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -28,6 +28,8 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: {
 
   rbw-pass = pkgs.callPackage ./rbw-pass { };
 
+  sqlite_orm = pkgs.callPackage ./sqlite_orm { };
+
   unbound-zones-adblock = pkgs.callPackage ./unbound-zones-adblock { };
 
   zsh-done = pkgs.callPackage ./zsh-done { };
diff --git a/pkgs/sqlite_orm/default.nix b/pkgs/sqlite_orm/default.nix
new file mode 100644
index 0000000..3891eee
--- /dev/null
+++ b/pkgs/sqlite_orm/default.nix
@@ -0,0 +1,32 @@
+{ lib
+, cmake
+, fetchFromGitHub
+, sqlite
+, stdenv
+}:
+stdenv.mkDerivation (finalAttrs: {
+  pname = "sqlite_orm";
+  version = "1.8.2";
+
+  src = fetchFromGitHub {
+    owner = "fnc12";
+    repo = "sqlite_orm";
+    rev = "v${finalAttrs.version}";
+    hash = "sha256-KqphGFcnR1Y11KqL7sxODSv7lEvcURdF6kLd3cg84kc=";
+  };
+
+  nativeBuildInputs = [
+    cmake
+  ];
+
+  propagatedBuildInputs = [
+    sqlite
+  ];
+
+  meta = with lib; {
+    description = "Light header only SQLite ORM";
+    homepage = "https://sqliteorm.com/";
+    license = licenses.agpl3Only; # MIT license is commercial
+    maintainers = with maintainers; [ ambroisie ];
+  };
+})

From 84fea2f6771907a7b84cee07030fc3645a3c5dd3 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 5 Mar 2024 21:16:34 +0000
Subject: [PATCH 070/431] pkgs: add bt-migrate

---
 pkgs/bt-migrate/default.nix | 61 +++++++++++++++++++++++++++++++++++++
 pkgs/default.nix            |  2 ++
 2 files changed, 63 insertions(+)
 create mode 100644 pkgs/bt-migrate/default.nix

diff --git a/pkgs/bt-migrate/default.nix b/pkgs/bt-migrate/default.nix
new file mode 100644
index 0000000..df99c55
--- /dev/null
+++ b/pkgs/bt-migrate/default.nix
@@ -0,0 +1,61 @@
+{ lib
+, boost
+, cmake
+, cxxopts
+, digestpp
+, fetchFromGitHub
+, fmt
+, jsoncons
+, pugixml
+, sqlite_orm
+, stdenv
+}:
+stdenv.mkDerivation {
+  pname = "bt-migrate";
+  version = "0-unstable-2023-08-17";
+
+  src = fetchFromGitHub {
+    owner = "mikedld";
+    repo = "bt-migrate";
+    rev = "e15a489c0c76f98355586ebbee08223af4e9bf50";
+    hash = "sha256-kA6yxhbIh3ThmgF8Zyoe3I79giLVmdNr9IIrw5Xx4s0=";
+  };
+
+  nativeBuildInputs = [
+    cmake
+  ];
+
+  buildInputs = [
+    boost
+    cxxopts
+    fmt
+    jsoncons
+    pugixml
+    sqlite_orm
+  ];
+
+  cmakeFlags = [
+    (lib.strings.cmakeBool "USE_VCPKG" false)
+    # NOTE: digestpp does not have proper CMake packaging (yet?)
+    (lib.strings.cmakeBool "USE_FETCHCONTENT" true)
+    (lib.strings.cmakeFeature "FETCHCONTENT_SOURCE_DIR_DIGESTPP" "${digestpp}/include/digestpp")
+  ];
+
+  # NOTE: no install target in CMake...
+  installPhase = ''
+    runHook preInstall
+
+    mkdir -p $out/bin
+    cp BtMigrate $out/bin
+
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    description = "Torrent state migration tool";
+    homepage = "https://github.com/mikedld/bt-migrate";
+    license = licenses.gpl3Only;
+    maintainers = with maintainers; [ ambroisie ];
+    mainProgram = "BtMigrate";
+  };
+}
diff --git a/pkgs/default.nix b/pkgs/default.nix
index ddd0b02..e82a90c 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -1,5 +1,7 @@
 { pkgs }:
 pkgs.lib.makeScope pkgs.newScope (pkgs: {
+  bt-migrate = pkgs.callPackage ./bt-migrate { };
+
   bw-pass = pkgs.callPackage ./bw-pass { };
 
   change-audio = pkgs.callPackage ./change-audio { };

From a4e742bf5541967ee08954ab12f02a29633f8eb8 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 5 Mar 2024 21:45:18 +0000
Subject: [PATCH 071/431] nixos: services: blog: fix catch-all redirection

Don't use a hard-coded address...
---
 modules/nixos/services/blog/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/nixos/services/blog/default.nix b/modules/nixos/services/blog/default.nix
index 3e68df2..e4d2d42 100644
--- a/modules/nixos/services/blog/default.nix
+++ b/modules/nixos/services/blog/default.nix
@@ -35,7 +35,7 @@ in
         useACMEHost = domain;
         default = true;
 
-        locations."/".return = "302 https://belanyi.fr$request_uri";
+        locations."/".return = "302 https://${domain}$request_uri";
       };
     };
 

From 97cc08d199977b5dca863c6c3963a9f3f1708be1 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 7 Mar 2024 11:32:28 +0000
Subject: [PATCH 072/431] flake: use explicit 'systems' input

---
 flake/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/flake/default.nix b/flake/default.nix
index 65102e1..5e52025 100644
--- a/flake/default.nix
+++ b/flake/default.nix
@@ -1,9 +1,9 @@
 { flake-parts
-, futils
+, systems
 , ...
 } @ inputs:
 let
-  mySystems = futils.lib.defaultSystems;
+  mySystems = import systems;
 in
 flake-parts.lib.mkFlake { inherit inputs; } {
   systems = mySystems;

From 742b4c39a277b32d5f8afd0150457c953d09842a Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 7 Mar 2024 15:42:58 +0000
Subject: [PATCH 073/431] home: tmux: migrate to 'terminalFeatures'

There are other terminal capabilities I want to override in tmux, so
let's make this type more extensible.
---
 hosts/homes/ambroisie@bazin/default.nix      |  6 ++--
 hosts/homes/ambroisie@mousqueton/default.nix |  6 ++--
 hosts/nixos/porthos/home.nix                 |  8 ++---
 modules/home/tmux/default.nix                | 35 ++++++++++++--------
 4 files changed, 33 insertions(+), 22 deletions(-)

diff --git a/hosts/homes/ambroisie@bazin/default.nix b/hosts/homes/ambroisie@bazin/default.nix
index a65a626..f52fbce 100644
--- a/hosts/homes/ambroisie@bazin/default.nix
+++ b/hosts/homes/ambroisie@bazin/default.nix
@@ -12,8 +12,10 @@
       # I use scripts that use the passthrough sequence often on this host
       enablePassthrough = true;
 
-      # HTerm uses `xterm-256color` as its `$TERM`, so use that here
-      trueColorTerminals = [ "xterm-256color" ];
+      terminalFeatures = {
+        # HTerm uses `xterm-256color` as its `$TERM`, so use that here
+        xterm-256color = { };
+      };
     };
 
     ssh = {
diff --git a/hosts/homes/ambroisie@mousqueton/default.nix b/hosts/homes/ambroisie@mousqueton/default.nix
index 5c0a963..44e62e6 100644
--- a/hosts/homes/ambroisie@mousqueton/default.nix
+++ b/hosts/homes/ambroisie@mousqueton/default.nix
@@ -15,8 +15,10 @@
       # I use scripts that use the passthrough sequence often on this host
       enablePassthrough = true;
 
-      # HTerm uses `xterm-256color` as its `$TERM`, so use that here
-      trueColorTerminals = [ "xterm-256color" ];
+      terminalFeatures = {
+        # HTerm uses `xterm-256color` as its `$TERM`, so use that here
+        xterm-256color = { };
+      };
     };
   };
 }
diff --git a/hosts/nixos/porthos/home.nix b/hosts/nixos/porthos/home.nix
index 1de3565..c2c858b 100644
--- a/hosts/nixos/porthos/home.nix
+++ b/hosts/nixos/porthos/home.nix
@@ -8,11 +8,11 @@
       };
     };
 
-    # Allow using 24bit color when SSH-ing from various clients
-    tmux.trueColorTerminals = [
+    # Allow using extended features when SSH-ing from various clients
+    tmux.terminalFeatures = {
       # My usual terminal, e.g: on laptop
-      "alacritty"
-    ];
+      alacritty = { };
+    };
 
     # Always start a tmux session when opening a shell session
     zsh.launchTmux = true;
diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix
index 08aeb55..76e18ca 100644
--- a/modules/home/tmux/default.nix
+++ b/modules/home/tmux/default.nix
@@ -5,6 +5,14 @@ let
     config.my.home.x.enable
     (config.my.home.wm.windowManager != null)
   ];
+
+  mkTerminalFlags = opt: flag:
+    let
+      mkFlag = term: ''set -as terminal-features ",${term}:${flag}"'';
+      enabledTerminals = lib.filterAttrs (_: v: v.${opt}) cfg.terminalFeatures;
+      terminals = lib.attrNames enabledTerminals;
+    in
+    lib.concatMapStringsSep "\n" mkFlag terminals;
 in
 {
   options.my.home.tmux = with lib; {
@@ -12,16 +20,20 @@ in
 
     enablePassthrough = mkEnableOption "tmux DCS passthrough sequence";
 
-    trueColorTerminals = mkOption {
-      type = with types; listOf str;
-      default = lib.my.nullableToList config.my.home.terminal.program;
-      defaultText = ''
-        `[ config.my.home.terminal.program ]` if it is non-null, otherwise an
-        empty list.
+    terminalFeatures = mkOption {
+      type = with types; attrsOf (submodule {
+        options = {
+          trueColor = my.mkDisableOption "24-bit (RGB) color support";
+        };
+      });
+
+      default = { ${config.my.home.terminal.program} = { }; };
+      defaultText = litteralExpression ''
+        { ''${config.my.home.terminal.program} = { }; };
       '';
-      example = [ "xterm-256color" ];
+      example = { xterm-256color = { }; };
       description = ''
-        $TERM values which should be considered to always support 24-bit color.
+        $TERM values which should be considered to have additional features.
       '';
     };
   };
@@ -90,12 +102,7 @@ in
       }
 
       # Force 24-bit color for each relevant $TERM
-      ${
-        let
-          mkTcFlag = term: ''set -as terminal-features ",${term}:RGB"'';
-        in
-        lib.concatMapStringsSep "\n" mkTcFlag cfg.trueColorTerminals
-      }
+      ${mkTerminalFlags "trueColor" "RGB"}
     '';
   };
 }

From 22139bd69f20911fb83aa7ab26ed6afd4974e771 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 7 Mar 2024 15:44:17 +0000
Subject: [PATCH 074/431] home: tmux: add hyperlinks support

Somewhat unfortunate that those have to be enabled by force, but easy
enough to support.
---
 modules/home/tmux/default.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix
index 76e18ca..61cf2ec 100644
--- a/modules/home/tmux/default.nix
+++ b/modules/home/tmux/default.nix
@@ -23,6 +23,8 @@ in
     terminalFeatures = mkOption {
       type = with types; attrsOf (submodule {
         options = {
+          hyperlinks = my.mkDisableOption "hyperlinks through OSC8";
+
           trueColor = my.mkDisableOption "24-bit (RGB) color support";
         };
       });
@@ -101,6 +103,8 @@ in
         ''
       }
 
+      # Force OSC8 hyperlinks for each relevant $TERM
+      ${mkTerminalFlags "hyperlinks" "hyperlinks"}
       # Force 24-bit color for each relevant $TERM
       ${mkTerminalFlags "trueColor" "RGB"}
     '';

From 8591fb8b3571899efcb4a850216a0b8bc5942435 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 8 Mar 2024 12:56:19 +0000
Subject: [PATCH 075/431] home: tmux: expand history limit

---
 modules/home/tmux/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix
index 61cf2ec..501b954 100644
--- a/modules/home/tmux/default.nix
+++ b/modules/home/tmux/default.nix
@@ -46,7 +46,7 @@ in
     keyMode = "vi"; # Home-row keys and other niceties
     clock24 = true; # I'm one of those heathens
     escapeTime = 0; # Let vim do its thing instead
-    historyLimit = 50000; # Bigger buffer
+    historyLimit = 100000; # Bigger buffer
     terminal = "tmux-256color"; # I want accurate termcap info
 
     plugins = with pkgs.tmuxPlugins; [

From c1ffe096312ca96aca76b07fa0db465d44331778 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 5 Mar 2024 12:32:40 +0000
Subject: [PATCH 076/431] nixos: services: add forgejo

---
 modules/nixos/services/default.nix         |   1 +
 modules/nixos/services/forgejo/default.nix | 162 +++++++++++++++++++++
 2 files changed, 163 insertions(+)
 create mode 100644 modules/nixos/services/forgejo/default.nix

diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix
index 90dd3e1..3b32d06 100644
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@@ -10,6 +10,7 @@
     ./drone
     ./fail2ban
     ./flood
+    ./forgejo
     ./gitea
     ./grocy
     ./indexers
diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix
new file mode 100644
index 0000000..0f3dfc5
--- /dev/null
+++ b/modules/nixos/services/forgejo/default.nix
@@ -0,0 +1,162 @@
+# A low-ressource, full-featured git forge.
+{ config, lib, ... }:
+let
+  cfg = config.my.services.forgejo;
+in
+{
+  options.my.services.forgejo = with lib; {
+    enable = mkEnableOption "Forgejo";
+    port = mkOption {
+      type = types.port;
+      default = 3042;
+      example = 8080;
+      description = "Internal port";
+    };
+    mail = {
+      enable = mkEnableOption {
+        description = "mailer configuration";
+      };
+      host = mkOption {
+        type = types.str;
+        example = "smtp.example.com";
+        description = "Host for the mail account";
+      };
+      port = mkOption {
+        type = types.port;
+        default = 465;
+        example = 587;
+        description = "Port for the mail account";
+      };
+      user = mkOption {
+        type = types.str;
+        example = "forgejo@example.com";
+        description = "User for the mail account";
+      };
+      passwordFile = mkOption {
+        type = types.str;
+        example = "/run/secrets/forgejo-mail-password.txt";
+        description = "Password for the mail account";
+      };
+      protocol = mkOption {
+        type = types.str;
+        default = "smtps";
+        example = "smtp";
+        description = "Protocol for connection";
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.enable -> !config.my.services.gitea.enable;
+        message = ''
+          `config.my.services.forgejo` is incompatible with
+          `config.my.services.gitea`.
+        '';
+      }
+    ];
+
+    services.forgejo =
+      let
+        inherit (config.networking) domain;
+        forgejoDomain = "git.${domain}";
+      in
+      {
+        enable = true;
+
+        user = "git";
+        group = "git";
+
+        lfs.enable = true;
+
+        useWizard = false;
+
+        database = {
+          type = "postgres"; # Automatic setup
+          user = "git"; # User needs to be the same as forgejo user
+          name = "git"; # Name must be the same as user for `ensureDBOwnership`
+        };
+
+        # NixOS module uses `forgejo dump` to backup repositories and the database,
+        # but it produces a single .zip file that's not very backup friendly.
+        # I configure my backup system manually below.
+        dump.enable = false;
+
+        mailerPasswordFile = lib.mkIf cfg.mail.enable cfg.mail.passwordFile;
+
+        settings = {
+          DEFAULT = {
+            APP_NAME = "Ambroisie's forge";
+          };
+
+          server = {
+            HTTP_PORT = cfg.port;
+            DOMAIN = forgejoDomain;
+            ROOT_URL = "https://${forgejoDomain}";
+          };
+
+          mailer = lib.mkIf cfg.mail.enable {
+            ENABLED = true;
+            SMTP_ADDR = cfg.mail.host;
+            SMTP_PORT = cfg.mail.port;
+            FROM = "Forgejo <${cfg.mail.user}>";
+            USER = cfg.mail.user;
+            PROTOCOL = cfg.mail.protocol;
+          };
+
+          service = {
+            DISABLE_REGISTRATION = true;
+          };
+
+          session = {
+            # only send cookies via HTTPS
+            COOKIE_SECURE = true;
+          };
+        };
+      };
+
+    users.users.git = {
+      description = "Forgejo Service";
+      home = config.services.forgejo.stateDir;
+      useDefaultShell = true;
+      group = "git";
+      isSystemUser = true;
+    };
+    users.groups.git = { };
+
+    my.services.nginx.virtualHosts = {
+      # Proxy to Forgejo
+      git = {
+        inherit (cfg) port;
+      };
+      # Redirect `forgejo.` to actual forge subdomain
+      forgejo = {
+        redirect = config.services.forgejo.settings.server.ROOT_URL;
+      };
+    };
+
+    my.services.backup = {
+      paths = [
+        config.services.forgejo.lfs.contentDir
+        config.services.forgejo.repositoryRoot
+      ];
+    };
+
+    services.fail2ban.jails = {
+      forgejo = ''
+        enabled = true
+        filter = forgejo
+        action = iptables-allports
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/forgejo.conf".text = ''
+        [Definition]
+        failregex = ^.*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>$
+        journalmatch = _SYSTEMD_UNIT=forgejo.service
+      '';
+    };
+  };
+}

From b41fd9e48ecc27f79757f014272c2c190e0c7d9b Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 5 Mar 2024 12:32:40 +0000
Subject: [PATCH 077/431] hosts: nixos: porthos: secrets: add forgejo mail

---
 hosts/nixos/porthos/secrets/forgejo/mail-password.age | 10 ++++++++++
 hosts/nixos/porthos/secrets/secrets.nix               |  5 +++++
 2 files changed, 15 insertions(+)
 create mode 100644 hosts/nixos/porthos/secrets/forgejo/mail-password.age

diff --git a/hosts/nixos/porthos/secrets/forgejo/mail-password.age b/hosts/nixos/porthos/secrets/forgejo/mail-password.age
new file mode 100644
index 0000000..67ef695
--- /dev/null
+++ b/hosts/nixos/porthos/secrets/forgejo/mail-password.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 cKojmg Lhgx43wR8PtAMf5v1eJxKlUBSAoOLdOOn/QaQrwF8zA
+jfUCpgNzkHCNTWCqtErDaLMmg1Oy+s9zUra1JLCi+J4
+-> ssh-ed25519 jPowng kSeQ/SmMrzd8ByVu3YHWeZyKmqFZvQSBnDunkB8e6wc
+WRmnfrV5xcRXA9t0ZXx6YvbRl0sX4PTrw63VVKX4Ei4
+--- a+LLM1gP9g1AbUapbeeKaS4cEcRBmPo3MHU2DSWTAds
+�,F��6��⬘ix̏��e|�
+�
+�Ϝ,{���v�!���z�$P;���T���KW
+ qG�
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix
index 3545e3a..bea380c 100644
--- a/hosts/nixos/porthos/secrets/secrets.nix
+++ b/hosts/nixos/porthos/secrets/secrets.nix
@@ -21,6 +21,11 @@ in
   "drone/secret.age".publicKeys = all;
   "drone/ssh/private-key.age".publicKeys = all;
 
+  "forgejo/mail-password.age" = {
+    owner = "git";
+    publicKeys = all;
+  };
+
   "gitea/mail-password.age" = {
     owner = "git";
     publicKeys = all;

From f3207468f979d5bffc42e131152d33bff6d8548c Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 9 Mar 2024 13:34:38 +0100
Subject: [PATCH 078/431] nixos: services: woodpecker: configurable forge

---
 modules/nixos/services/woodpecker/default.nix        | 6 ++++++
 modules/nixos/services/woodpecker/server/default.nix | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/modules/nixos/services/woodpecker/default.nix b/modules/nixos/services/woodpecker/default.nix
index 34ffca6..8fa692e 100644
--- a/modules/nixos/services/woodpecker/default.nix
+++ b/modules/nixos/services/woodpecker/default.nix
@@ -8,6 +8,12 @@
 
   options.my.services.woodpecker = with lib; {
     enable = mkEnableOption "Woodpecker CI";
+    forge = mkOption {
+      type = types.enum [ "gitea" "forgejo" ];
+      default = "gitea";
+      example = "forgejo";
+      description = "Which Forge to connect to";
+    };
     runners = mkOption {
       type = with types; listOf (enum [ "exec" "docker" ]);
       default = [ ];
diff --git a/modules/nixos/services/woodpecker/server/default.nix b/modules/nixos/services/woodpecker/server/default.nix
index f02a5c5..adf533e 100644
--- a/modules/nixos/services/woodpecker/server/default.nix
+++ b/modules/nixos/services/woodpecker/server/default.nix
@@ -17,7 +17,7 @@ in
         WOODPECKER_GRPC_ADDR = ":${toString cfg.rpcPort}";
 
         WOODPECKER_GITEA = "true";
-        WOODPECKER_GITEA_URL = config.services.gitea.settings.server.ROOT_URL;
+        WOODPECKER_GITEA_URL = config.services.${cfg.forge}.settings.server.ROOT_URL;
 
         WOODPECKER_LOG_LEVEL = "debug";
       };

From 0f33dbd5c24440fd243725fd96f8081ad66750d8 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 5 Mar 2024 12:32:40 +0000
Subject: [PATCH 079/431] hosts: nixos: porthos: switch to forgejo

This required a quick rename to migrate from one to the other.
---
 hosts/nixos/porthos/services.nix              | 8 ++++----
 modules/nixos/services/woodpecker/default.nix | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index c872160..a67ae3b 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -36,14 +36,14 @@ in
     flood = {
       enable = true;
     };
-    # Gitea forge
-    gitea = {
+    # Forgejo forge
+    forgejo = {
       enable = true;
       mail = {
         enable = true;
         host = "smtp.migadu.com";
-        user = lib.my.mkMailAddress "gitea" "belanyi.fr";
-        passwordFile = secrets."gitea/mail-password".path;
+        user = lib.my.mkMailAddress "forgejo" "belanyi.fr";
+        passwordFile = secrets."forgejo/mail-password".path;
       };
     };
     # Meta-indexers
diff --git a/modules/nixos/services/woodpecker/default.nix b/modules/nixos/services/woodpecker/default.nix
index 8fa692e..012eaae 100644
--- a/modules/nixos/services/woodpecker/default.nix
+++ b/modules/nixos/services/woodpecker/default.nix
@@ -10,8 +10,8 @@
     enable = mkEnableOption "Woodpecker CI";
     forge = mkOption {
       type = types.enum [ "gitea" "forgejo" ];
-      default = "gitea";
-      example = "forgejo";
+      default = "forgejo";
+      example = "gitea";
       description = "Which Forge to connect to";
     };
     runners = mkOption {

From 5d3160fb0de293fbc100f511be6d1034fdd91877 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 5 Mar 2024 00:45:31 +0100
Subject: [PATCH 080/431] hosts: nixos: porthos: migrate to new host

OVH/Kimsufi are deprecating my current server by the end of the year. So
let's migrate to a new host.

This was more painful than initially planned, OVH introduced a change to
their rescue system which messes with the NixOS installation [1].

In the end I used a kexec image [2] to run the installation.

[1]: https://github.com/NixOS/nix/issues/7790
[2]: https://github.com/nix-community/nixos-images
---
 hosts/nixos/porthos/boot.nix                 | 11 ++++----
 hosts/nixos/porthos/default.nix              |  8 +-----
 hosts/nixos/porthos/hardware.nix             | 13 +++++++--
 hosts/nixos/porthos/install.sh               | 29 ++++++++++++++------
 hosts/nixos/porthos/networking.nix           | 29 ++++++--------------
 modules/home/ssh/default.nix                 |  2 +-
 modules/nixos/services/wireguard/default.nix |  2 +-
 7 files changed, 48 insertions(+), 46 deletions(-)

diff --git a/hosts/nixos/porthos/boot.nix b/hosts/nixos/porthos/boot.nix
index fbc5db7..461e969 100644
--- a/hosts/nixos/porthos/boot.nix
+++ b/hosts/nixos/porthos/boot.nix
@@ -3,15 +3,14 @@
 
 {
   boot = {
-    # Use the GRUB 2 boot loader.
-    loader.grub = {
-      enable = true;
-      # Define on which hard drive you want to install Grub.
-      device = "/dev/disk/by-id/ata-HGST_HUS724020ALA640_PN2181P6J58M1P";
+    # Use the systemd-boot EFI boot loader.
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
     };
 
     initrd = {
-      availableKernelModules = [ "uhci_hcd" "ahci" "usbhid" ];
+      availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "usbhid" "sd_mod" ];
       kernelModules = [ "dm-snapshot" ];
     };
 
diff --git a/hosts/nixos/porthos/default.nix b/hosts/nixos/porthos/default.nix
index 2dea899..bd1bdb1 100644
--- a/hosts/nixos/porthos/default.nix
+++ b/hosts/nixos/porthos/default.nix
@@ -16,11 +16,5 @@
   # Set your time zone.
   time.timeZone = "Europe/Paris";
 
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "20.09"; # Did you read the comment?
+  system.stateVersion = "24.05"; # Did you read the comment?
 }
diff --git a/hosts/nixos/porthos/hardware.nix b/hosts/nixos/porthos/hardware.nix
index 5a6e0d7..2172c5c 100644
--- a/hosts/nixos/porthos/hardware.nix
+++ b/hosts/nixos/porthos/hardware.nix
@@ -1,5 +1,5 @@
 # Hardware configuration
-{ lib, modulesPath, ... }:
+{ modulesPath, ... }:
 
 {
   imports = [
@@ -11,9 +11,18 @@
     fsType = "ext4";
   };
 
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/boot";
+    fsType = "vfat";
+  };
+
   swapDevices = [
     { device = "/dev/disk/by-label/swap"; }
   ];
 
-  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+  my.hardware = {
+    firmware = {
+      cpuFlavor = "intel";
+    };
+  };
 }
diff --git a/hosts/nixos/porthos/install.sh b/hosts/nixos/porthos/install.sh
index 8edc175..e6ba0aa 100644
--- a/hosts/nixos/porthos/install.sh
+++ b/hosts/nixos/porthos/install.sh
@@ -3,7 +3,7 @@
 SWAP_SIZE=16GiB
 
 parted /dev/sda --script -- \
-    mklabel msdos \
+    mklabel gpt \
     mkpart primary 512MiB -$SWAP_SIZE \
     mkpart primary linux-swap -$SWAP_SIZE 100% \
     mkpart ESP fat32 1MiB 512MiB \
@@ -11,14 +11,24 @@ parted /dev/sda --script -- \
 
 parted /dev/sdb --script -- \
     mklabel gpt \
-    mkpart primary 0MiB 100%
+    mkpart primary 0% 100%
+parted /dev/sdc --script -- \
+    mklabel gpt \
+    mkpart primary 0% 100%
+parted /dev/sdd --script -- \
+    mklabel gpt \
+    mkpart primary 0% 100%
 
 mkfs.ext4 -L media1 /dev/sda1
 mkfs.ext4 -L media2 /dev/sdb1
+mkfs.ext4 -L media3 /dev/sdc1
+mkfs.ext4 -L media4 /dev/sdd1
 
 pvcreate /dev/sda1
 pvcreate /dev/sdb1
-vgcreate lvm /dev/sda1 /dev/sdb1
+pvcreate /dev/sdc1
+pvcreate /dev/sdd1
+vgcreate lvm /dev/sda1 /dev/sdb1 /dev/sdc1 /dev/sdd1
 lvcreate -l 100%FREE -n media lvm
 
 mkfs.ext4 -L nixos /dev/mapper/lvm-media
@@ -27,17 +37,17 @@ mkfs.fat -F 32 -n boot /dev/sda3
 
 mount /dev/disk/by-label/nixos /mnt
 swapon /dev/sda2
+mkdir -p /mnt/boot
+mount /dev/disk/by-label/boot /mnt/boot
 
 apt install sudo
 useradd -m -G sudo setupuser
-# shellcheck disable=2117
-su setupuser
 
 cat << EOF
 # Run the following commands as setup user
-curl -L https://nixos.org/nix/install | sh
-. $HOME/.nix-profile/etc/profile.d/nix.sh
-nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs
+curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
+. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
+nix profile install nixpkgs#nixos-install-tools
 sudo "$(which nixos-generate-config)" --root /mnt
 
 # Change uuids to labels
@@ -54,3 +64,6 @@ git crypt unlock
 
 nixos-install --root /mnt --flake '.#<hostname>'
 EOF
+
+# shellcheck disable=2117
+su setupuser
diff --git a/hosts/nixos/porthos/networking.nix b/hosts/nixos/porthos/networking.nix
index 1e2c9cd..717652b 100644
--- a/hosts/nixos/porthos/networking.nix
+++ b/hosts/nixos/porthos/networking.nix
@@ -6,30 +6,17 @@
     hostName = "porthos"; # Define your hostname.
     domain = "belanyi.fr"; # Define your domain.
 
-
-    # The global useDHCP flag is deprecated, therefore explicitly set to false here.
-    # Per-interface useDHCP will be mandatory in the future, so this generated config
-    # replicates the default behaviour.
-    useDHCP = false;
-
+    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+    # (the default) this is the recommended approach. When using systemd-networkd it's
+    # still possible to use this option, but it's recommended to use it in conjunction
+    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+    useDHCP = true;
     interfaces = {
-      bond0.useDHCP = true;
-      bonding_masters.useDHCP = true;
-      dummy0.useDHCP = true;
-      erspan0.useDHCP = true;
-      eth0.useDHCP = true;
-      eth1.useDHCP = true;
-      gre0.useDHCP = true;
-      gretap0.useDHCP = true;
-      ifb0.useDHCP = true;
-      ifb1.useDHCP = true;
-      ip6tnl0.useDHCP = true;
-      sit0.useDHCP = true;
-      teql0.useDHCP = true;
-      tunl0.useDHCP = true;
+      eno1.useDHCP = true;
+      eno2.useDHCP = true;
     };
   };
 
   # Which interface is used to connect to the internet
-  my.hardware.networking.externalInterface = "eth0";
+  my.hardware.networking.externalInterface = "eno1";
 }
diff --git a/modules/home/ssh/default.nix b/modules/home/ssh/default.nix
index 674cf6a..748b195 100644
--- a/modules/home/ssh/default.nix
+++ b/modules/home/ssh/default.nix
@@ -49,7 +49,7 @@ in
           };
 
           porthos = {
-            hostname = "91.121.177.163";
+            hostname = "37.187.146.15";
             identityFile = "~/.ssh/shared_rsa";
             user = "ambroisie";
           };
diff --git a/modules/nixos/services/wireguard/default.nix b/modules/nixos/services/wireguard/default.nix
index 26e54e0..a76e424 100644
--- a/modules/nixos/services/wireguard/default.nix
+++ b/modules/nixos/services/wireguard/default.nix
@@ -13,7 +13,7 @@ let
     porthos = {
       clientNum = 1;
       publicKey = "PLdgsizztddri0LYtjuNHr5r2E8D+yI+gM8cm5WDfHQ=";
-      externalIp = "91.121.177.163";
+      externalIp = "37.187.146.15";
     };
 
     # "Clients"

From 6140e1c8f926eced8867c71b18cdefa0f8a22f7a Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 9 Mar 2024 22:00:17 +0100
Subject: [PATCH 081/431] nixos: services: lohr: migrate to tmpfiles

This is better than a custom script.
---
 modules/nixos/services/lohr/default.nix | 34 ++++++++++++++-----------
 1 file changed, 19 insertions(+), 15 deletions(-)

diff --git a/modules/nixos/services/lohr/default.nix b/modules/nixos/services/lohr/default.nix
index dd4eea8..21aadba 100644
--- a/modules/nixos/services/lohr/default.nix
+++ b/modules/nixos/services/lohr/default.nix
@@ -59,21 +59,6 @@ in
           "LOHR_HOME=${lohrHome}"
           "LOHR_CONFIG="
         ];
-        ExecStartPre = lib.mkIf (cfg.sshKeyFile != null) ''+${
-          pkgs.writeScript "copy-ssh-key" ''
-            #!${pkgs.bash}/bin/bash
-            # Ensure the key is not there
-            mkdir -p '${lohrHome}/.ssh'
-            rm -f '${lohrHome}/.ssh/id_ed25519'
-
-            # Move the key into place
-            cp ${cfg.sshKeyFile} '${lohrHome}/.ssh/id_ed25519'
-
-            # Fix permissions
-            chown -R lohr:lohr '${lohrHome}/.ssh'
-            chmod -R 0700 '${lohrHome}/.ssh'
-          ''
-        }'';
         ExecStart =
           let
             configFile = settingsFormat.generate "lohr-config.yaml" cfg.setting;
@@ -103,5 +88,24 @@ in
         inherit (cfg) port;
       };
     };
+
+    # SSH key provisioning
+    systemd.tmpfiles.settings."10-lohr" = lib.mkIf (cfg.sshKeyFile != null) {
+      "${lohrHome}/.ssh" = {
+        d = {
+          user = "lohr";
+          group = "lohr";
+          mode = "0700";
+        };
+      };
+      "${lohrHome}/.ssh/id_ed25519" = {
+        "f+" = {
+          user = "lohr";
+          group = "lohr";
+          mode = "0700";
+          argument = cfg.sshKeyFile;
+        };
+      };
+    };
   };
 }

From 08f4175412cc2257f3a30db51e310f4208009560 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 11 Mar 2024 11:52:42 +0000
Subject: [PATCH 082/431] overlays: add none-ls-shellcheck-nvim

---
 overlays/none-ls-shellcheck-nvim/default.nix   |  4 ++++
 overlays/none-ls-shellcheck-nvim/generated.nix | 15 +++++++++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 overlays/none-ls-shellcheck-nvim/default.nix
 create mode 100644 overlays/none-ls-shellcheck-nvim/generated.nix

diff --git a/overlays/none-ls-shellcheck-nvim/default.nix b/overlays/none-ls-shellcheck-nvim/default.nix
new file mode 100644
index 0000000..832e71d
--- /dev/null
+++ b/overlays/none-ls-shellcheck-nvim/default.nix
@@ -0,0 +1,4 @@
+self: prev:
+{
+  vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { });
+}
diff --git a/overlays/none-ls-shellcheck-nvim/generated.nix b/overlays/none-ls-shellcheck-nvim/generated.nix
new file mode 100644
index 0000000..ee93a88
--- /dev/null
+++ b/overlays/none-ls-shellcheck-nvim/generated.nix
@@ -0,0 +1,15 @@
+{ vimUtils, fetchFromGitHub }:
+_final: _prev:
+{
+  none-ls-shellcheck-nvim = vimUtils.buildVimPlugin {
+    pname = "none-ls-shellcheck.nvim";
+    version = "2024-02-28";
+    src = fetchFromGitHub {
+      owner = "gbprod";
+      repo = "none-ls-shellcheck.nvim";
+      rev = "1eed283a7ede771b522a0a9f30bb604f02f51d64";
+      sha256 = "1hs0q9a0xwyqml0bfmplk89f1dk4nyg6aapfarnx44zqiw1183kn";
+    };
+    meta.homepage = "https://github.com/gbprod/none-ls-shellcheck.nvim/";
+  };
+}

From 30247ce3a07a8d804fa471dc69f4c1186a40421e Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 11 Mar 2024 11:53:19 +0000
Subject: [PATCH 083/431] home: vim: null-ls: fix deprecated builtins

`none-ls` deprecated a lot of unmaintained builtins, or ones that they
find has been replaced by a compete LSP server.

This removes those deprecated builtins, or uses a shim until I migrate
to the relevant LSP configuration (for `bash-language-server`).
---
 modules/home/vim/default.nix                 |  1 +
 modules/home/vim/plugin/settings/null-ls.lua | 26 +++-----------------
 2 files changed, 5 insertions(+), 22 deletions(-)

diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix
index 871bf40..3e1aee4 100644
--- a/modules/home/vim/default.nix
+++ b/modules/home/vim/default.nix
@@ -68,6 +68,7 @@ in
       lsp-format-nvim # Simplified formatting configuration
       lsp_lines-nvim # Show diagnostics *over* regions
       none-ls-nvim # LSP integration for linters and formatters
+      none-ls-shellcheck-nvim # shellcheck shim for none-ls
       nvim-treesitter.withAllGrammars # Better highlighting
       nvim-treesitter-textobjects # More textobjects
       nvim-ts-context-commentstring # Comment string in nested language blocks
diff --git a/modules/home/vim/plugin/settings/null-ls.lua b/modules/home/vim/plugin/settings/null-ls.lua
index 0eaa55c..9915194 100644
--- a/modules/home/vim/plugin/settings/null-ls.lua
+++ b/modules/home/vim/plugin/settings/null-ls.lua
@@ -28,14 +28,6 @@ null_ls.register({
     }),
 })
 
--- Haskell
-null_ls.register({
-    null_ls.builtins.formatting.brittany.with({
-        -- Only used if available
-        condition = utils.is_executable_condition("brittany"),
-    }),
-})
-
 -- Nix
 null_ls.register({
     null_ls.builtins.formatting.nixpkgs_fmt.with({
@@ -50,16 +42,6 @@ null_ls.register({
 
 -- Python
 null_ls.register({
-    null_ls.builtins.diagnostics.flake8.with({
-        -- Only used if available, but prefer pflake8 if available
-        condition = function()
-            return utils.is_executable("flake8") and not utils.is_executable("pflake8")
-        end,
-    }),
-    null_ls.builtins.diagnostics.pyproject_flake8.with({
-        -- Only used if available
-        condition = utils.is_executable_condition("pflake8"),
-    }),
     null_ls.builtins.diagnostics.mypy.with({
         -- Only used if available
         condition = utils.is_executable_condition("mypy"),
@@ -81,13 +63,13 @@ null_ls.register({
 
 -- Shell (non-POSIX)
 null_ls.register({
-    null_ls.builtins.code_actions.shellcheck.with({
+    require("none-ls-shellcheck.diagnostics").with({
         -- Restrict to bash and zsh
         filetypes = { "bash", "zsh" },
         -- Only used if available
         condition = utils.is_executable_condition("shellcheck"),
     }),
-    null_ls.builtins.diagnostics.shellcheck.with({
+    require("none-ls-shellcheck.code_actions").with({
         -- Show error code in message
         diagnostics_format = "[#{c}] #{m}",
         -- Require explicit empty string test, use bash dialect
@@ -110,13 +92,13 @@ null_ls.register({
 
 -- Shell (POSIX)
 null_ls.register({
-    null_ls.builtins.code_actions.shellcheck.with({
+    require("none-ls-shellcheck.diagnostics").with({
         -- Restrict to POSIX sh
         filetypes = { "sh" },
         -- Only used if available
         condition = utils.is_executable_condition("shellcheck"),
     }),
-    null_ls.builtins.diagnostics.shellcheck.with({
+    require("none-ls-shellcheck.code_actions").with({
         -- Show error code in message
         diagnostics_format = "[#{c}] #{m}",
         -- Require explicit empty string test

From f13a6fb023bf16954531e27aea752a2d24a18fbd Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 11 Mar 2024 12:01:15 +0000
Subject: [PATCH 084/431] home: vim: lspconfig: add 'ruff-lsp'

Since everybody is moving towards using it instead of other linters...
---
 modules/home/vim/plugin/settings/lspconfig.lua | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua
index 794a765..7b2d95f 100644
--- a/modules/home/vim/plugin/settings/lspconfig.lua
+++ b/modules/home/vim/plugin/settings/lspconfig.lua
@@ -52,6 +52,13 @@ if utils.is_executable("pyright") then
     })
 end
 
+if utils.is_executable("ruff-lsp") then
+    lspconfig.ruff_lsp.setup({
+        capabilities = capabilities,
+        on_attach = lsp.on_attach,
+    })
+end
+
 -- Rust
 if utils.is_executable("rust-analyzer") then
     lspconfig.rust_analyzer.setup({

From 7a3e64f814c9be720eb5e638c5a7d63cd9b5537d Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 11 Mar 2024 12:04:38 +0000
Subject: [PATCH 085/431] home: vim: lspconfig: add 'hls'

If I ever end up actually learning it...
---
 modules/home/vim/plugin/settings/lspconfig.lua | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua
index 7b2d95f..178898a 100644
--- a/modules/home/vim/plugin/settings/lspconfig.lua
+++ b/modules/home/vim/plugin/settings/lspconfig.lua
@@ -29,6 +29,14 @@ if utils.is_executable("clangd") then
     })
 end
 
+-- Haskell
+if utils.is_executable("haskell-language-server-wrapper") then
+    lspconfig.hls.setup({
+        capabilities = capabilities,
+        on_attach = lsp.on_attach,
+    })
+end
+
 -- Nix
 if utils.is_executable("nil") then
     lspconfig.nil_ls.setup({

From dc27b5991220a1d019c339686af484f396660025 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 11 Mar 2024 12:20:53 +0000
Subject: [PATCH 086/431] home: vim: lspconfig: migrate to 'bashls'

Since `none-ls` has removed their `shellcheck` built-in. This actually
makes the diagnostics more robust to POSIX/non-POSIX scripts (the LSP
server detects it at runtime, which is more robust than the `ftdetect`
scripts).

Nice bonus: the shellcheck code is shown in the diagnostics message
without any configuration!

I'm not sure if I can configure `avoid-nullary-conditions` -- though it
seems like this check is broken at the moment (I couldn't get it to
trigger during my tests).
---
 modules/home/vim/default.nix                  |  3 +-
 .../home/vim/plugin/settings/lspconfig.lua    |  9 ++++++
 modules/home/vim/plugin/settings/null-ls.lua  | 32 -------------------
 3 files changed, 10 insertions(+), 34 deletions(-)

diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix
index 3e1aee4..07711cc 100644
--- a/modules/home/vim/default.nix
+++ b/modules/home/vim/default.nix
@@ -68,7 +68,6 @@ in
       lsp-format-nvim # Simplified formatting configuration
       lsp_lines-nvim # Show diagnostics *over* regions
       none-ls-nvim # LSP integration for linters and formatters
-      none-ls-shellcheck-nvim # shellcheck shim for none-ls
       nvim-treesitter.withAllGrammars # Better highlighting
       nvim-treesitter-textobjects # More textobjects
       nvim-ts-context-commentstring # Comment string in nested language blocks
@@ -106,7 +105,7 @@ in
       nixpkgs-fmt
 
       # Shell
-      shellcheck
+      nodePackages.bash-language-server
       shfmt
     ];
   };
diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua
index 178898a..c2de2ea 100644
--- a/modules/home/vim/plugin/settings/lspconfig.lua
+++ b/modules/home/vim/plugin/settings/lspconfig.lua
@@ -74,3 +74,12 @@ if utils.is_executable("rust-analyzer") then
         on_attach = lsp.on_attach,
     })
 end
+
+-- Shell
+if utils.is_executable("bash-language-server") then
+    lspconfig.bashls.setup({
+        filetypes = { "bash", "sh", "zsh" },
+        capabilities = capabilities,
+        on_attach = lsp.on_attach,
+    })
+end
diff --git a/modules/home/vim/plugin/settings/null-ls.lua b/modules/home/vim/plugin/settings/null-ls.lua
index 9915194..c372751 100644
--- a/modules/home/vim/plugin/settings/null-ls.lua
+++ b/modules/home/vim/plugin/settings/null-ls.lua
@@ -63,22 +63,6 @@ null_ls.register({
 
 -- Shell (non-POSIX)
 null_ls.register({
-    require("none-ls-shellcheck.diagnostics").with({
-        -- Restrict to bash and zsh
-        filetypes = { "bash", "zsh" },
-        -- Only used if available
-        condition = utils.is_executable_condition("shellcheck"),
-    }),
-    require("none-ls-shellcheck.code_actions").with({
-        -- Show error code in message
-        diagnostics_format = "[#{c}] #{m}",
-        -- Require explicit empty string test, use bash dialect
-        extra_args = { "-s", "bash", "-o", "avoid-nullary-conditions" },
-        -- Restrict to bash and zsh
-        filetypes = { "bash", "zsh" },
-        -- Only used if available
-        condition = utils.is_executable_condition("shellcheck"),
-    }),
     null_ls.builtins.formatting.shfmt.with({
         -- Indent with 4 spaces, simplify the code, indent switch cases,
         -- add space after redirection, use bash dialect
@@ -92,22 +76,6 @@ null_ls.register({
 
 -- Shell (POSIX)
 null_ls.register({
-    require("none-ls-shellcheck.diagnostics").with({
-        -- Restrict to POSIX sh
-        filetypes = { "sh" },
-        -- Only used if available
-        condition = utils.is_executable_condition("shellcheck"),
-    }),
-    require("none-ls-shellcheck.code_actions").with({
-        -- Show error code in message
-        diagnostics_format = "[#{c}] #{m}",
-        -- Require explicit empty string test
-        extra_args = { "-o", "avoid-nullary-conditions" },
-        -- Restrict to POSIX sh
-        filetypes = { "sh" },
-        -- Only used if available
-        condition = utils.is_executable_condition("shellcheck"),
-    }),
     null_ls.builtins.formatting.shfmt.with({
         -- Indent with 4 spaces, simplify the code, indent switch cases,
         -- add space after redirection, use POSIX

From 9749f0aa28dc945125066aaf47cb6066237ce6f6 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 11 Mar 2024 12:29:34 +0000
Subject: [PATCH 087/431] overlays: remove none-ls-shellcheck-nvim

---
 overlays/none-ls-shellcheck-nvim/default.nix   |  4 ----
 overlays/none-ls-shellcheck-nvim/generated.nix | 15 ---------------
 2 files changed, 19 deletions(-)
 delete mode 100644 overlays/none-ls-shellcheck-nvim/default.nix
 delete mode 100644 overlays/none-ls-shellcheck-nvim/generated.nix

diff --git a/overlays/none-ls-shellcheck-nvim/default.nix b/overlays/none-ls-shellcheck-nvim/default.nix
deleted file mode 100644
index 832e71d..0000000
--- a/overlays/none-ls-shellcheck-nvim/default.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-self: prev:
-{
-  vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { });
-}
diff --git a/overlays/none-ls-shellcheck-nvim/generated.nix b/overlays/none-ls-shellcheck-nvim/generated.nix
deleted file mode 100644
index ee93a88..0000000
--- a/overlays/none-ls-shellcheck-nvim/generated.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ vimUtils, fetchFromGitHub }:
-_final: _prev:
-{
-  none-ls-shellcheck-nvim = vimUtils.buildVimPlugin {
-    pname = "none-ls-shellcheck.nvim";
-    version = "2024-02-28";
-    src = fetchFromGitHub {
-      owner = "gbprod";
-      repo = "none-ls-shellcheck.nvim";
-      rev = "1eed283a7ede771b522a0a9f30bb604f02f51d64";
-      sha256 = "1hs0q9a0xwyqml0bfmplk89f1dk4nyg6aapfarnx44zqiw1183kn";
-    };
-    meta.homepage = "https://github.com/gbprod/none-ls-shellcheck.nvim/";
-  };
-}

From b2dc051e6ad854c26784174c5b7823ebc9dbaec0 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 9 Mar 2024 21:49:12 +0100
Subject: [PATCH 088/431] flake: bump inputs

And fix the breaking changes in Vikunja (which actually make my
configuration simpler).
---
 flake.lock                                 | 24 +++++++++++-----------
 modules/nixos/services/vikunja/default.nix | 23 ++-------------------
 2 files changed, 14 insertions(+), 33 deletions(-)

diff --git a/flake.lock b/flake.lock
index cd0b2de..ce8318f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1706830856,
-        "narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=",
+        "lastModified": 1709336216,
+        "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f",
+        "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709204054,
-        "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=",
+        "lastModified": 1709988192,
+        "narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2f3367769a93b226c467551315e9e270c3f78b15",
+        "rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1709150264,
-        "narHash": "sha256-HofykKuisObPUfj0E9CJVfaMhawXkYx3G8UIFR/XQ38=",
+        "lastModified": 1709703039,
+        "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "9099616b93301d5cf84274b184a3a5ec69e94e08",
+        "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1709206595,
-        "narHash": "sha256-lBU/gE7DiJCNkJGPVUms0zA0hxzDVgENIXfebj1oeLc=",
+        "lastModified": 1710013455,
+        "narHash": "sha256-qzOpU4APTso6JLA+/F4zlO/yL8++n/CsUpmxbQAsy/4=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "fbe8df1c13fd8e63e35c2c4654104661eb1fbbed",
+        "rev": "cf1e9b0e085368cc489c765f285f1d07c2ec8d36",
         "type": "github"
       },
       "original": {
diff --git a/modules/nixos/services/vikunja/default.nix b/modules/nixos/services/vikunja/default.nix
index 9767d00..6e7700f 100644
--- a/modules/nixos/services/vikunja/default.nix
+++ b/modules/nixos/services/vikunja/default.nix
@@ -30,8 +30,6 @@ in
       frontendScheme = "https";
       frontendHostname = vikunjaDomain;
 
-      setupNginx = false;
-
       database = {
         type = "postgres";
         user = "vikunja";
@@ -61,28 +59,11 @@ in
     # This is a weird setup
     my.services.nginx.virtualHosts = {
       ${subdomain} = {
-        # Serve the root for the web-ui
-        root = config.services.vikunja.package-frontend;
-
-        extraConfig = {
-          locations = {
-            "/" = {
-              tryFiles = "try_files $uri $uri/ /";
-            };
-
-            # Serve the API through a UNIX socket
-            "~* ^/(api|dav|\\.well-known)/" = {
-              proxyPass = "http://unix:${socketPath}";
-              extraConfig = ''
-                client_max_body_size 20M;
-              '';
-            };
-          };
-        };
+        socket = socketPath;
       };
     };
 
-    systemd.services.vikunja-api = {
+    systemd.services.vikunja = {
       serviceConfig = {
         # Use a system user to simplify using the CLI
         DynamicUser = lib.mkForce false;

From 276cc7e5f2dcdfe2929128323501b261bcb5b455 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 11 Mar 2024 13:53:11 +0000
Subject: [PATCH 089/431] home: xdg: add '_JAVA_OPTIONS'

---
 modules/home/xdg/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix
index aac5058..b7ba32b 100644
--- a/modules/home/xdg/default.nix
+++ b/modules/home/xdg/default.nix
@@ -55,5 +55,6 @@ in
     REDISCLI_HISTFILE = "${dataHome}/redis/rediscli_history";
     REPO_CONFIG_DIR = "${configHome}/repo";
     XCOMPOSECACHE = "${dataHome}/X11/xcompose";
+    _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java";
   };
 }

From 3fb758028ca02108451e9cad3fb00d6ced482215 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 11 Mar 2024 14:48:14 +0000
Subject: [PATCH 090/431] home: vim: lspconfig: remove 'rnix-lsp'

It's been abandoned, `nil` is a better language server nowadays.
---
 modules/home/vim/plugin/settings/lspconfig.lua | 7 -------
 modules/home/vim/plugin/settings/null-ls.lua   | 6 ++----
 2 files changed, 2 insertions(+), 11 deletions(-)

diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua
index c2de2ea..628eab9 100644
--- a/modules/home/vim/plugin/settings/lspconfig.lua
+++ b/modules/home/vim/plugin/settings/lspconfig.lua
@@ -45,13 +45,6 @@ if utils.is_executable("nil") then
     })
 end
 
-if utils.is_executable("rnix-lsp") then
-    lspconfig.rnix.setup({
-        capabilities = capabilities,
-        on_attach = lsp.on_attach,
-    })
-end
-
 -- Python
 if utils.is_executable("pyright") then
     lspconfig.pyright.setup({
diff --git a/modules/home/vim/plugin/settings/null-ls.lua b/modules/home/vim/plugin/settings/null-ls.lua
index c372751..50d12e0 100644
--- a/modules/home/vim/plugin/settings/null-ls.lua
+++ b/modules/home/vim/plugin/settings/null-ls.lua
@@ -31,11 +31,9 @@ null_ls.register({
 -- Nix
 null_ls.register({
     null_ls.builtins.formatting.nixpkgs_fmt.with({
-        -- Only used if available, but prefer rnix if available
+        -- Only used if available, but prefer LSP if available
         condition = function()
-            return utils.is_executable("nixpkgs-fmt")
-                and not utils.is_executable("rnix-lsp")
-                and not utils.is_executable("nil")
+            return utils.is_executable("nixpkgs-fmt") and not utils.is_executable("nil")
         end,
     }),
 })

From f06e99d95b3ddce679c7569f580d6d2d433ce27f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 11 Mar 2024 18:10:13 +0000
Subject: [PATCH 091/431] home: xdg: move 'less' variables to their module

---
 modules/home/pager/default.nix | 1 +
 modules/home/xdg/default.nix   | 2 --
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/modules/home/pager/default.nix b/modules/home/pager/default.nix
index aa72587..e304097 100644
--- a/modules/home/pager/default.nix
+++ b/modules/home/pager/default.nix
@@ -16,6 +16,7 @@ in
       LESS = "-R -+X -c";
       # Better XDG compliance
       LESSHISTFILE = "${config.xdg.dataHome}/less/history";
+      LESSKEY = "${config.xdg.configHome}/less/lesskey";
     };
   };
 }
diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix
index b7ba32b..8b01696 100644
--- a/modules/home/xdg/default.nix
+++ b/modules/home/xdg/default.nix
@@ -46,8 +46,6 @@ in
     GRADLE_USER_HOME = "${dataHome}/gradle";
     HISTFILE = "${dataHome}/bash/history";
     INPUTRC = "${configHome}/readline/inputrc";
-    LESSHISTFILE = "${dataHome}/less/history";
-    LESSKEY = "${configHome}/less/lesskey";
     PSQL_HISTORY = "${dataHome}/psql_history";
     PYTHONPYCACHEPREFIX = "${cacheHome}/python/";
     PYTHONUSERBASE = "${dataHome}/python/";

From b24d299f7090348053e7b79307bc501b2d54a0e9 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 11 Mar 2024 18:13:41 +0000
Subject: [PATCH 092/431] home: xdg: move 'gdb' variables to their module

---
 modules/home/gdb/default.nix | 9 ++++++++-
 modules/home/xdg/default.nix | 1 -
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/modules/home/gdb/default.nix b/modules/home/gdb/default.nix
index ab51938..fe8eb69 100644
--- a/modules/home/gdb/default.nix
+++ b/modules/home/gdb/default.nix
@@ -26,7 +26,14 @@ in
         gdb
       ];
 
-      xdg.configFile."gdb/gdbinit".source = ./gdbinit;
+      xdg = {
+        configFile."gdb/gdbinit".source = ./gdbinit;
+        dataFile. "gdb/.keep".text = "";
+      };
+
+      home.sessionVariables = {
+        GDBHISTFILE = "${config.xdg.dataHome}/gdb/gdb_history";
+      };
     }
 
     (lib.mkIf cfg.rr.enable {
diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix
index 8b01696..fb2668c 100644
--- a/modules/home/xdg/default.nix
+++ b/modules/home/xdg/default.nix
@@ -42,7 +42,6 @@ in
     ANDROID_USER_HOME = "${configHome}/android";
     CARGO_HOME = "${dataHome}/cargo";
     DOCKER_CONFIG = "${configHome}/docker";
-    GDBHISTFILE = "${dataHome}/gdb/gdb_history";
     GRADLE_USER_HOME = "${dataHome}/gradle";
     HISTFILE = "${dataHome}/bash/history";
     INPUTRC = "${configHome}/readline/inputrc";

From 07eca729f58e244702f953dcd98e0544d36a0bb1 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 12 Mar 2024 11:31:16 +0000
Subject: [PATCH 093/431] home: vim: null-ls: fix 'nixpkgs-fmt' condition

I haven't configured `nil` to format anything.

And I don't really care to, this is good enough for me.
---
 modules/home/vim/plugin/settings/null-ls.lua | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/modules/home/vim/plugin/settings/null-ls.lua b/modules/home/vim/plugin/settings/null-ls.lua
index 50d12e0..e7265c7 100644
--- a/modules/home/vim/plugin/settings/null-ls.lua
+++ b/modules/home/vim/plugin/settings/null-ls.lua
@@ -31,10 +31,8 @@ null_ls.register({
 -- Nix
 null_ls.register({
     null_ls.builtins.formatting.nixpkgs_fmt.with({
-        -- Only used if available, but prefer LSP if available
-        condition = function()
-            return utils.is_executable("nixpkgs-fmt") and not utils.is_executable("nil")
-        end,
+        -- Only used if available
+        condition = utils.is_executable_condition("nixpkgs-fmt"),
     }),
 })
 

From 4a8981c7b493ad49878c1b6606dccc99244a0a6f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 12 Mar 2024 12:30:36 +0000
Subject: [PATCH 094/431] home: vim: lua: utils: fix documentation

---
 modules/home/vim/lua/ambroisie/utils.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/vim/lua/ambroisie/utils.lua b/modules/home/vim/lua/ambroisie/utils.lua
index 418e0d1..7807e71 100644
--- a/modules/home/vim/lua/ambroisie/utils.lua
+++ b/modules/home/vim/lua/ambroisie/utils.lua
@@ -15,7 +15,7 @@ end
 
 --- return a function that checks if a given command is executable
 --- @param cmd string? command to check
---- @return fun(cmd: string): boolean executable
+--- @return fun(): boolean executable
 M.is_executable_condition = function(cmd)
     return function()
         return M.is_executable(cmd)

From 56e158f5c52d4333e7c1a3ddc3e2a34dc0aa40ae Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 12 Mar 2024 12:30:36 +0000
Subject: [PATCH 095/431] home: vim: lua: utils: fix deprecated function

---
 modules/home/vim/lua/ambroisie/utils.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/vim/lua/ambroisie/utils.lua b/modules/home/vim/lua/ambroisie/utils.lua
index 7807e71..fcb86e9 100644
--- a/modules/home/vim/lua/ambroisie/utils.lua
+++ b/modules/home/vim/lua/ambroisie/utils.lua
@@ -44,7 +44,7 @@ end
 --- @param bufnr int? buffer number
 --- @return table all active LSP client names
 M.list_lsp_clients = function(bufnr)
-    local clients = vim.lsp.buf_get_clients(bufnr)
+    local clients = vim.lsp.get_active_clients({ bufnr = bufnr or 0 })
     local names = {}
 
     for _, client in ipairs(clients) do

From 0108b06a02cef330ba71fbca975a9907ea8274c9 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 12 Mar 2024 12:40:49 +0000
Subject: [PATCH 096/431] home: vim: lualine: use explicit buffer number

I want to tighten the API of this function a little bit, so let's be
more specific.
---
 modules/home/vim/plugin/settings/lualine.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/vim/plugin/settings/lualine.lua b/modules/home/vim/plugin/settings/lualine.lua
index fdaccda..5219a95 100644
--- a/modules/home/vim/plugin/settings/lualine.lua
+++ b/modules/home/vim/plugin/settings/lualine.lua
@@ -10,7 +10,7 @@ local function list_spell_languages()
 end
 
 local function list_lsp_clients()
-    local client_names = utils.list_lsp_clients()
+    local client_names = utils.list_lsp_clients(0)
 
     if #client_names == 0 then
         return ""

From 070df03b7e4d81ae75c298379fbd9279be11e903 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 12 Mar 2024 12:42:21 +0000
Subject: [PATCH 097/431] home: vim: lua: utils: allow querying all clients

---
 modules/home/vim/lua/ambroisie/utils.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/home/vim/lua/ambroisie/utils.lua b/modules/home/vim/lua/ambroisie/utils.lua
index fcb86e9..a84ea7b 100644
--- a/modules/home/vim/lua/ambroisie/utils.lua
+++ b/modules/home/vim/lua/ambroisie/utils.lua
@@ -40,11 +40,11 @@ M.is_ssh = function()
     return false
 end
 
---- list all active LSP clients for current buffer
+--- list all active LSP clients for specific buffer, or all buffers
 --- @param bufnr int? buffer number
 --- @return table all active LSP client names
 M.list_lsp_clients = function(bufnr)
-    local clients = vim.lsp.get_active_clients({ bufnr = bufnr or 0 })
+    local clients = vim.lsp.get_active_clients({ bufnr = bufnr })
     local names = {}
 
     for _, client in ipairs(clients) do

From b16b6a534bd55ba67ecbb5bc0c9ed6befbb18f64 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 12 Mar 2024 15:11:11 +0000
Subject: [PATCH 098/431] home: vim: lua: lsp: use 'vim.print'

---
 modules/home/vim/lua/ambroisie/lsp.lua | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua
index 99d8dab..31a5bd1 100644
--- a/modules/home/vim/lua/ambroisie/lsp.lua
+++ b/modules/home/vim/lua/ambroisie/lsp.lua
@@ -51,8 +51,7 @@ M.on_attach = function(client, bufnr)
     local wk = require("which-key")
 
     local function list_workspace_folders()
-        local utils = require("ambroisie.utils")
-        utils.dump(vim.lsp.buf.list_workspace_folders())
+        vim.print(vim.lsp.buf.list_workspace_folders())
     end
 
     local function cycle_diagnostics_display()

From d365aba3c0d91a0b1db91a420c2cddacf032a340 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 12 Mar 2024 15:13:20 +0000
Subject: [PATCH 099/431] home: vim: lua: utils: remove 'dump'

It's now available as 'vim.print'.
---
 modules/home/vim/lua/ambroisie/utils.lua | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/modules/home/vim/lua/ambroisie/utils.lua b/modules/home/vim/lua/ambroisie/utils.lua
index a84ea7b..3d2dd3b 100644
--- a/modules/home/vim/lua/ambroisie/utils.lua
+++ b/modules/home/vim/lua/ambroisie/utils.lua
@@ -1,11 +1,5 @@
 local M = {}
 
---- pretty print lua object
---- @param obj any object to pretty print
-M.dump = function(obj)
-    print(vim.inspect(obj))
-end
-
 --- checks if a given command is executable
 --- @param cmd string? command to check
 --- @return boolean executable

From 0ff8366105ab0ba6d8da2571c58c9a69bc97b2e5 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 13 Mar 2024 13:08:57 +0000
Subject: [PATCH 100/431] home: vim: fix path high-lighting

It was previously linked to `Underlined`, which just looks plain wrong
IMO.

This links it back to `GruvboxOrange`, as it used to be.
---
 modules/home/vim/init.vim | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim
index bd63d25..0650014 100644
--- a/modules/home/vim/init.vim
+++ b/modules/home/vim/init.vim
@@ -88,6 +88,17 @@ set background=dark
 
 " 24 bit colors
 set termguicolors
+" Setup some overrides for gruvbox
+lua << EOF
+local gruvbox = require("gruvbox")
+
+gruvbox.setup({
+    overrides = {
+        -- Only URLs should be underlined
+        ["@string.special.path"] = { link = "GruvboxOrange" },
+    }
+})
+EOF
 " Use my preferred colorscheme
 colorscheme gruvbox
 " }}}

From c0ef5c9275217ba76493cc496be441575ea2d09a Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 13 Mar 2024 11:54:50 +0000
Subject: [PATCH 101/431] overlays: add gruvbox-nvin-expose-palette

---
 overlays/gruvbox-nvin-expose-palette/default.nix   |  4 ++++
 overlays/gruvbox-nvin-expose-palette/generated.nix | 14 ++++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 overlays/gruvbox-nvin-expose-palette/default.nix
 create mode 100644 overlays/gruvbox-nvin-expose-palette/generated.nix

diff --git a/overlays/gruvbox-nvin-expose-palette/default.nix b/overlays/gruvbox-nvin-expose-palette/default.nix
new file mode 100644
index 0000000..832e71d
--- /dev/null
+++ b/overlays/gruvbox-nvin-expose-palette/default.nix
@@ -0,0 +1,4 @@
+self: prev:
+{
+  vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { });
+}
diff --git a/overlays/gruvbox-nvin-expose-palette/generated.nix b/overlays/gruvbox-nvin-expose-palette/generated.nix
new file mode 100644
index 0000000..c52ad04
--- /dev/null
+++ b/overlays/gruvbox-nvin-expose-palette/generated.nix
@@ -0,0 +1,14 @@
+{ fetchpatch, ... }:
+
+_final: prev: {
+  gruvbox-nvim = prev.gruvbox-nvim.overrideAttrs (oa: {
+    patches = (oa.patches or [ ]) ++ [
+      # https://github.com/ellisonleao/gruvbox.nvim/pull/319
+      (fetchpatch {
+        name = "expose-color-palette.patch";
+        url = "https://github.com/ellisonleao/gruvbox.nvim/commit/07a493ba4f8b650aab9ed9e486caa89822be0996.patch";
+        hash = "sha256-iGwt8qIHe2vaiAUcpaUxyGlM472F89vobTdQ7CF/H70=";
+      })
+    ];
+  });
+}

From 10b4e6ce2dffdf829a8e13d056273a2767dafec3 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 14 Mar 2024 10:56:08 +0000
Subject: [PATCH 102/431] home: vim: explicitly revert diff highlighting

---
 modules/home/vim/init.vim | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim
index 0650014..c94fc53 100644
--- a/modules/home/vim/init.vim
+++ b/modules/home/vim/init.vim
@@ -91,11 +91,17 @@ set termguicolors
 " Setup some overrides for gruvbox
 lua << EOF
 local gruvbox = require("gruvbox")
+local colors = gruvbox.palette
 
 gruvbox.setup({
     overrides = {
         -- Only URLs should be underlined
         ["@string.special.path"] = { link = "GruvboxOrange" },
+        -- Revert back to the better diff highlighting
+        DiffAdd = { fg = colors.green, bg = "NONE" },
+        DiffChange = { fg = colors.aqua, bg = "NONE" },
+        DiffDelete = { fg = colors.red, bg = "NONE" },
+        DiffText = { fg = colors.yellow, bg = colors.bg0 },
     }
 })
 EOF

From 41e1ad326569d65120103748f562d3f72caf6562 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 14 Mar 2024 10:57:21 +0000
Subject: [PATCH 103/431] overlays: remove 'gruvbox-nvim-better-diff'

Now that I have the explicit override for it, this overlay is not
necessary.

This reverts commit 9e0930aca4fb0ae40c40c5cd932962e832d0ee0a.
This reverts commit 28187c3b8f34c0912d9f8ce5f74f415a6b77a1c2.
---
 .../gruvbox-nvim-better-diff/colours.patch    | 28 -------------------
 overlays/gruvbox-nvim-better-diff/default.nix |  4 ---
 .../gruvbox-nvim-better-diff/generated.nix    | 10 -------
 3 files changed, 42 deletions(-)
 delete mode 100644 overlays/gruvbox-nvim-better-diff/colours.patch
 delete mode 100644 overlays/gruvbox-nvim-better-diff/default.nix
 delete mode 100644 overlays/gruvbox-nvim-better-diff/generated.nix

diff --git a/overlays/gruvbox-nvim-better-diff/colours.patch b/overlays/gruvbox-nvim-better-diff/colours.patch
deleted file mode 100644
index 5b0d61a..0000000
--- a/overlays/gruvbox-nvim-better-diff/colours.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 416b3c9c5e783d173ac0fd5310a76c1b144b92c1 Mon Sep 17 00:00:00 2001
-From: eeeXun <sdes96303@gmail.com>
-Date: Thu, 19 Oct 2023 02:34:12 +0800
-Subject: Use better diff colours
-
----
- README.md       | 3 ++-
- lua/gruvbox.lua | 7 ++++---
- 2 files changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/lua/gruvbox.lua b/lua/gruvbox.lua
-index ceba0735..a319fc6a 100644
---- a/lua/gruvbox.lua
-+++ b/lua/gruvbox.lua
-@@ -360,9 +361,9 @@ local function get_groups()
-     PmenuSel = { fg = colors.bg2, bg = colors.blue, bold = config.bold },
-     PmenuSbar = { bg = colors.bg2 },
-     PmenuThumb = { bg = colors.bg4 },
--    DiffDelete = { bg = colors.dark_red },
--    DiffAdd = { bg = colors.dark_green },
--    DiffChange = { bg = colors.dark_aqua },
--    DiffText = { bg = colors.yellow, fg = colors.bg0 },
-+    DiffDelete = { fg = colors.red },
-+    DiffAdd = { fg = colors.green },
-+    DiffChange = { fg = colors.aqua },
-+    DiffText = { fg = colors.yellow, bg = colors.bg0 },
-     SpellCap = { link = "GruvboxBlueUnderline" },
-     SpellBad = { link = "GruvboxRedUnderline" },
diff --git a/overlays/gruvbox-nvim-better-diff/default.nix b/overlays/gruvbox-nvim-better-diff/default.nix
deleted file mode 100644
index 832e71d..0000000
--- a/overlays/gruvbox-nvim-better-diff/default.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-self: prev:
-{
-  vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { });
-}
diff --git a/overlays/gruvbox-nvim-better-diff/generated.nix b/overlays/gruvbox-nvim-better-diff/generated.nix
deleted file mode 100644
index 82a18c2..0000000
--- a/overlays/gruvbox-nvim-better-diff/generated.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ ... }:
-
-_final: prev: {
-  gruvbox-nvim = prev.gruvbox-nvim.overrideAttrs (oa: {
-    patches = (oa.patches or [ ]) ++ [
-      # Inspired by https://github.com/ellisonleao/gruvbox.nvim/pull/291
-      ./colours.patch
-    ];
-  });
-}

From 4a01a5053262c45bbeefd5ca4fd8ccff87440f5f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 16 Mar 2024 19:49:00 +0100
Subject: [PATCH 104/431] flake: bump inputs

And fix the update `pinentry` options in home-manager.
---
 flake.lock                         | 24 ++++++++++++------------
 hosts/nixos/aramis/home.nix        |  4 ++--
 modules/home/bitwarden/default.nix |  9 ++-------
 modules/home/gpg/default.nix       | 11 +++--------
 4 files changed, 19 insertions(+), 29 deletions(-)

diff --git a/flake.lock b/flake.lock
index ce8318f..a42d5dd 100644
--- a/flake.lock
+++ b/flake.lock
@@ -94,11 +94,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709126324,
-        "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
+        "lastModified": 1710146030,
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "d465f4819400de7c8d874d50b982301f28a84605",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709988192,
-        "narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=",
+        "lastModified": 1710532761,
+        "narHash": "sha256-SUXGZNrXX05YA9G6EmgupxhOr3swI1gcxLUeDMUhrEY=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030",
+        "rev": "206f457fffdb9a73596a4cb2211a471bd305243d",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1709703039,
-        "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=",
+        "lastModified": 1710451336,
+        "narHash": "sha256-pP86Pcfu3BrAvRO7R64x7hs+GaQrjFes+mEPowCfkxY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d",
+        "rev": "d691274a972b3165335d261cc4671335f5c67de9",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1710013455,
-        "narHash": "sha256-qzOpU4APTso6JLA+/F4zlO/yL8++n/CsUpmxbQAsy/4=",
+        "lastModified": 1710607749,
+        "narHash": "sha256-TRgxM7sOiWF8cea73OzDnmfhyYnN8+vDHUUJlkDDZ/U=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "cf1e9b0e085368cc489c765f285f1d07c2ec8d36",
+        "rev": "b870db4117d587a8c5c2c8c9e2d311d7fa4befe2",
         "type": "github"
       },
       "original": {
diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix
index 66a0892..64b63ce 100644
--- a/hosts/nixos/aramis/home.nix
+++ b/hosts/nixos/aramis/home.nix
@@ -2,7 +2,7 @@
 {
   my.home = {
     # Use graphical pinentry
-    bitwarden.pinentry = "gtk2";
+    bitwarden.pinentry = pkgs.pinentry-gtk2;
     # Ebook library
     calibre.enable = true;
     # Some amount of social life
@@ -14,7 +14,7 @@
     # Blue light filter
     gammastep.enable = true;
     # Use a small popup to enter passwords
-    gpg.pinentry = "gtk2";
+    gpg.pinentry = pkgs.pinentry-gtk2;
     # Machine specific packages
     packages.additionalPackages = with pkgs; [
       element-desktop # Matrix client
diff --git a/modules/home/bitwarden/default.nix b/modules/home/bitwarden/default.nix
index c709f7b..0c0dfab 100644
--- a/modules/home/bitwarden/default.nix
+++ b/modules/home/bitwarden/default.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 let
   cfg = config.my.home.bitwarden;
 in
@@ -6,12 +6,7 @@ in
   options.my.home.bitwarden = with lib; {
     enable = my.mkDisableOption "bitwarden configuration";
 
-    pinentry = mkOption {
-      type = types.str;
-      default = "tty";
-      example = "gtk2";
-      description = "Which pinentry interface to use";
-    };
+    pinentry = mkPackageOption pkgs "pinentry" { default = [ "pinentry-tty" ]; };
   };
 
   config = lib.mkIf cfg.enable {
diff --git a/modules/home/gpg/default.nix b/modules/home/gpg/default.nix
index 7eadf48..51c865a 100644
--- a/modules/home/gpg/default.nix
+++ b/modules/home/gpg/default.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 let
   cfg = config.my.home.gpg;
 in
@@ -6,12 +6,7 @@ in
   options.my.home.gpg = with lib; {
     enable = my.mkDisableOption "gpg configuration";
 
-    pinentry = mkOption {
-      type = types.str;
-      default = "tty";
-      example = "gtk2";
-      description = "Which pinentry interface to use";
-    };
+    pinentry = mkPackageOption pkgs "pinentry" { default = [ "pinentry-tty" ]; };
   };
 
   config = lib.mkIf cfg.enable {
@@ -22,7 +17,7 @@ in
     services.gpg-agent = {
       enable = true;
       enableSshSupport = true; # One agent to rule them all
-      pinentryFlavor = cfg.pinentry;
+      pinentryPackage = cfg.pinentry;
       extraConfig = ''
         allow-loopback-pinentry
       '';

From 61fa35093ce3eb7f3cbcc9ca97dcdb2af471eba5 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 22 Mar 2024 22:03:32 +0100
Subject: [PATCH 105/431] nixos: services: mealie: fix bulk upload

---
 modules/nixos/services/mealie/default.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix
index ebbebb2..55ac376 100644
--- a/modules/nixos/services/mealie/default.nix
+++ b/modules/nixos/services/mealie/default.nix
@@ -66,6 +66,13 @@ in
     my.services.nginx.virtualHosts = {
       mealie = {
         inherit (cfg) port;
+
+        extraConfig = {
+          # Allow bulk upload of recipes for import/export
+          locations."/".extraConfig = ''
+            client_max_body_size 0;
+          '';
+        };
       };
     };
   };

From 607aa5351c94bb52308cc83efc8f0f8f7acaf332 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 22 Mar 2024 22:03:32 +0100
Subject: [PATCH 106/431] nixos: services: tandoor-recipes: fix bulk upload

---
 modules/nixos/services/tandoor-recipes/default.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix
index f5dc2db..48ad7a8 100644
--- a/modules/nixos/services/tandoor-recipes/default.nix
+++ b/modules/nixos/services/tandoor-recipes/default.nix
@@ -73,6 +73,13 @@ in
     my.services.nginx.virtualHosts = {
       recipes = {
         inherit (cfg) port;
+
+        extraConfig = {
+          # Allow bulk upload of recipes for import/export
+          locations."/".extraConfig = ''
+            client_max_body_size 0;
+          '';
+        };
       };
     };
   };

From 15d0e6bb38b86cd9693dd9c43ee1da4a98744974 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 28 Mar 2024 11:19:33 +0000
Subject: [PATCH 107/431] flake: bump inputs

---
 flake.lock | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/flake.lock b/flake.lock
index a42d5dd..4308e9c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -116,11 +116,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1703887061,
-        "narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=",
+        "lastModified": 1709087332,
+        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
         "owner": "hercules-ci",
         "repo": "gitignore.nix",
-        "rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5",
+        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1710532761,
-        "narHash": "sha256-SUXGZNrXX05YA9G6EmgupxhOr3swI1gcxLUeDMUhrEY=",
+        "lastModified": 1711604890,
+        "narHash": "sha256-vbI/gxRTq/gHW1Q8z6D/7JG/qGNl3JTimUDX+MwnC3A=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "206f457fffdb9a73596a4cb2211a471bd305243d",
+        "rev": "3142bdcc470e1e291e1fbe942fd69e06bd00c5df",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1710451336,
-        "narHash": "sha256-pP86Pcfu3BrAvRO7R64x7hs+GaQrjFes+mEPowCfkxY=",
+        "lastModified": 1711523803,
+        "narHash": "sha256-UKcYiHWHQynzj6CN/vTcix4yd1eCu1uFdsuarupdCQQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d691274a972b3165335d261cc4671335f5c67de9",
+        "rev": "2726f127c15a4cc9810843b96cad73c7eb39e443",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1710607749,
-        "narHash": "sha256-TRgxM7sOiWF8cea73OzDnmfhyYnN8+vDHUUJlkDDZ/U=",
+        "lastModified": 1711622043,
+        "narHash": "sha256-nCNcHYlmmPPIDRkDCvNoEog+AuG7jdmkhkU0fqoS82A=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "b870db4117d587a8c5c2c8c9e2d311d7fa4befe2",
+        "rev": "b7ff69e152caedbe4d0e40173d61732ac139a09c",
         "type": "github"
       },
       "original": {
@@ -197,11 +197,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1708018599,
-        "narHash": "sha256-M+Ng6+SePmA8g06CmUZWi1AjG2tFBX9WCXElBHEKnyM=",
+        "lastModified": 1711519547,
+        "narHash": "sha256-Q7YmSCUJmDl71fJv/zD9lrOCJ1/SE/okZ2DsrmRjzhY=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "5df5a70ad7575f6601d91f0efec95dd9bc619431",
+        "rev": "7d47a32e5cd1ea481fab33c516356ce27c8cef4a",
         "type": "github"
       },
       "original": {

From 06c64c1a782c2677edbc55a5bebf3332c3fb7d36 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 1 Apr 2024 22:25:37 +0100
Subject: [PATCH 108/431] templates: fix 'matrix-notifier' CI step

---
 templates/c++-cmake/.woodpecker/check.yml | 2 +-
 templates/c++-meson/.woodpecker/check.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/c++-cmake/.woodpecker/check.yml b/templates/c++-cmake/.woodpecker/check.yml
index 9135f7b..8e71643 100644
--- a/templates/c++-cmake/.woodpecker/check.yml
+++ b/templates/c++-cmake/.woodpecker/check.yml
@@ -24,7 +24,7 @@ steps:
   - source: matrix_password
     target: pass
   commands:
-  - nix run '.#matrix-notifier'
+  - nix run github:ambroisie/matrix-notifier
   when:
     status:
     - failure
diff --git a/templates/c++-meson/.woodpecker/check.yml b/templates/c++-meson/.woodpecker/check.yml
index 9135f7b..8e71643 100644
--- a/templates/c++-meson/.woodpecker/check.yml
+++ b/templates/c++-meson/.woodpecker/check.yml
@@ -24,7 +24,7 @@ steps:
   - source: matrix_password
     target: pass
   commands:
-  - nix run '.#matrix-notifier'
+  - nix run github:ambroisie/matrix-notifier
   when:
     status:
     - failure

From 4b5a19a8faade3a5dda68dab7046fb413de31277 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 1 Apr 2024 22:26:21 +0100
Subject: [PATCH 109/431] templates: fix deprecated CI syntax

---
 .woodpecker/check.yml                     | 18 +++++++++---------
 templates/c++-cmake/.woodpecker/check.yml | 18 +++++++++---------
 templates/c++-meson/.woodpecker/check.yml | 18 +++++++++---------
 3 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/.woodpecker/check.yml b/.woodpecker/check.yml
index aff6e84..e04cd46 100644
--- a/.woodpecker/check.yml
+++ b/.woodpecker/check.yml
@@ -9,15 +9,15 @@ steps:
 
 - name: notifiy
   image: bash
-  secrets:
-  - source: matrix_homeserver
-    target: address
-  - source: matrix_roomid
-    target: room
-  - source: matrix_username
-    target: user
-  - source: matrix_password
-    target: pass
+  environment:
+    ADDRESS:
+      from_secret: matrix_homeserver
+    ROOM:
+      from_secret: matrix_roomid
+    USER:
+      from_secret: matrix_username
+    PASS:
+      from_secret: matrix_password
   commands:
   - nix run '.#matrix-notifier'
   when:
diff --git a/templates/c++-cmake/.woodpecker/check.yml b/templates/c++-cmake/.woodpecker/check.yml
index 8e71643..4ff7dba 100644
--- a/templates/c++-cmake/.woodpecker/check.yml
+++ b/templates/c++-cmake/.woodpecker/check.yml
@@ -14,15 +14,15 @@ steps:
 
 - name: notifiy
   image: bash
-  secrets:
-  - source: matrix_homeserver
-    target: address
-  - source: matrix_roomid
-    target: room
-  - source: matrix_username
-    target: user
-  - source: matrix_password
-    target: pass
+  environment:
+    ADDRESS:
+      from_secret: matrix_homeserver
+    ROOM:
+      from_secret: matrix_roomid
+    USER:
+      from_secret: matrix_username
+    PASS:
+      from_secret: matrix_password
   commands:
   - nix run github:ambroisie/matrix-notifier
   when:
diff --git a/templates/c++-meson/.woodpecker/check.yml b/templates/c++-meson/.woodpecker/check.yml
index 8e71643..4ff7dba 100644
--- a/templates/c++-meson/.woodpecker/check.yml
+++ b/templates/c++-meson/.woodpecker/check.yml
@@ -14,15 +14,15 @@ steps:
 
 - name: notifiy
   image: bash
-  secrets:
-  - source: matrix_homeserver
-    target: address
-  - source: matrix_roomid
-    target: room
-  - source: matrix_username
-    target: user
-  - source: matrix_password
-    target: pass
+  environment:
+    ADDRESS:
+      from_secret: matrix_homeserver
+    ROOM:
+      from_secret: matrix_roomid
+    USER:
+      from_secret: matrix_username
+    PASS:
+      from_secret: matrix_password
   commands:
   - nix run github:ambroisie/matrix-notifier
   when:

From 96aa934bec78ee047ba999c25b9d6836c3d576b6 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 28 Mar 2024 20:20:41 +0000
Subject: [PATCH 110/431] pkgs: zsh-done: fix homepage link

---
 pkgs/zsh-done/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/zsh-done/default.nix b/pkgs/zsh-done/default.nix
index bdb6af3..8fac813 100644
--- a/pkgs/zsh-done/default.nix
+++ b/pkgs/zsh-done/default.nix
@@ -26,7 +26,7 @@ stdenvNoCC.mkDerivation rec {
     description = ''
       A zsh plug-in to receive notifications when long processes finish
     '';
-    homepage = "https://gitea.belanyi.fr/ambroisie/zsh-done";
+    homepage = "https://git.belanyi.fr/ambroisie/zsh-done";
     license = licenses.mit;
     platforms = platforms.unix;
     maintainers = with maintainers; [ ambroisie ];

From d97da124ee39432b20ae3ebeba218f5ed6577589 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 28 Mar 2024 20:20:41 +0000
Subject: [PATCH 111/431] templates: fix homepage links

---
 templates/c++-cmake/flake.nix | 2 +-
 templates/c++-meson/flake.nix | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/c++-cmake/flake.nix b/templates/c++-cmake/flake.nix
index cb468e7..db3b35c 100644
--- a/templates/c++-cmake/flake.nix
+++ b/templates/c++-cmake/flake.nix
@@ -52,7 +52,7 @@
 
             meta = with lib; {
               description = "A C++ project";
-              homepage = "https://gitea.belanyi.fr/ambroisie/project";
+              homepage = "https://git.belanyi.fr/ambroisie/project";
               license = licenses.mit;
               maintainers = with maintainers; [ ambroisie ];
               platforms = platforms.unix;
diff --git a/templates/c++-meson/flake.nix b/templates/c++-meson/flake.nix
index 9cfed0d..5957c62 100644
--- a/templates/c++-meson/flake.nix
+++ b/templates/c++-meson/flake.nix
@@ -52,7 +52,7 @@
 
             meta = with lib; {
               description = "A C++ project";
-              homepage = "https://gitea.belanyi.fr/ambroisie/project";
+              homepage = "https://git.belanyi.fr/ambroisie/project";
               license = licenses.mit;
               maintainers = with maintainers; [ ambroisie ];
               platforms = platforms.unix;

From 8a4fdf6a56f69e9dbf6852a520ab43257c7731b1 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 28 Mar 2024 20:21:41 +0000
Subject: [PATCH 112/431] templates: fix description typo

---
 templates/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/default.nix b/templates/default.nix
index f58fd72..31c3a81 100644
--- a/templates/default.nix
+++ b/templates/default.nix
@@ -5,6 +5,6 @@
   };
   "c++-meson" = {
     path = ./c++-meson;
-    description = "A C++ project using CMake";
+    description = "A C++ project using Meson";
   };
 }

From f729f6a0980b439ed3d8143f2af82860c27bd5bd Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 2 Apr 2024 12:25:05 +0200
Subject: [PATCH 113/431] hosts: nixos: porthos: secrets: add 'lohr' owner

---
 hosts/nixos/porthos/secrets/secrets.nix | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix
index bea380c..c43376b 100644
--- a/hosts/nixos/porthos/secrets/secrets.nix
+++ b/hosts/nixos/porthos/secrets/secrets.nix
@@ -31,8 +31,14 @@ in
     publicKeys = all;
   };
 
-  "lohr/secret.age".publicKeys = all;
-  "lohr/ssh-key.age".publicKeys = all;
+  "lohr/secret.age" = {
+    owner = "lohr";
+    publicKeys = all;
+  };
+  "lohr/ssh-key.age" = {
+    owner = "lohr";
+    publicKeys = all;
+  };
 
   "matrix/mail.age" = {
     owner = "matrix-synapse";

From 8f120e2129ceb2e32945cb5eecaaf43968d8f9cf Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 2 Apr 2024 12:25:34 +0200
Subject: [PATCH 114/431] nixos: services: lohr: fix SSH key creation

In the migration to `tmpfiles.d(5)`, I used the wrong type of file.

Using `f` would write the path to the file as its content, rather than
copy it. Unfortunately `C` and `C+` do not overwrite an existing file,
so using a symlink it the correct solution here.

This means the SSH key file must have `lohr` as an owner... Perhaps I
should make it so the service can read the file itself, rather than
rely on the filesystem location, so that I don't have to contort myself
quite so much to make it work.
---
 modules/nixos/services/lohr/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/nixos/services/lohr/default.nix b/modules/nixos/services/lohr/default.nix
index 21aadba..21ed93b 100644
--- a/modules/nixos/services/lohr/default.nix
+++ b/modules/nixos/services/lohr/default.nix
@@ -99,7 +99,7 @@ in
         };
       };
       "${lohrHome}/.ssh/id_ed25519" = {
-        "f+" = {
+        "L+" = {
           user = "lohr";
           group = "lohr";
           mode = "0700";

From 10a3e684c8fa837958210610c920e3dd83bfcf55 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 7 Apr 2024 13:28:26 +0200
Subject: [PATCH 115/431] flake: bump inputs

---
 flake.lock | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/flake.lock b/flake.lock
index 4308e9c..808a777 100644
--- a/flake.lock
+++ b/flake.lock
@@ -14,11 +14,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1707830867,
-        "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",
+        "lastModified": 1712079060,
+        "narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
+        "rev": "1381a759b205dff7a6818733118d02253340fd5e",
         "type": "github"
       },
       "original": {
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709336216,
-        "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
+        "lastModified": 1712014858,
+        "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
+        "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1711604890,
-        "narHash": "sha256-vbI/gxRTq/gHW1Q8z6D/7JG/qGNl3JTimUDX+MwnC3A=",
+        "lastModified": 1712390667,
+        "narHash": "sha256-ebq+fJZfobqpsAdGDGpxNWSySbQejRwW9cdiil6krCo=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "3142bdcc470e1e291e1fbe942fd69e06bd00c5df",
+        "rev": "b787726a8413e11b074cde42704b4af32d95545c",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1711523803,
-        "narHash": "sha256-UKcYiHWHQynzj6CN/vTcix4yd1eCu1uFdsuarupdCQQ=",
+        "lastModified": 1712439257,
+        "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2726f127c15a4cc9810843b96cad73c7eb39e443",
+        "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1711622043,
-        "narHash": "sha256-nCNcHYlmmPPIDRkDCvNoEog+AuG7jdmkhkU0fqoS82A=",
+        "lastModified": 1712485930,
+        "narHash": "sha256-Gx1kXJYnYENoJKWdZpTSDj9fAbnhSzp/cTpFFIXre/M=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "b7ff69e152caedbe4d0e40173d61732ac139a09c",
+        "rev": "e4dfbd7eb86b3ac1bf5b7d5c4ca200dba5cbb5a9",
         "type": "github"
       },
       "original": {
@@ -197,11 +197,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1711519547,
-        "narHash": "sha256-Q7YmSCUJmDl71fJv/zD9lrOCJ1/SE/okZ2DsrmRjzhY=",
+        "lastModified": 1712055707,
+        "narHash": "sha256-4XLvuSIDZJGS17xEwSrNuJLL7UjDYKGJSbK1WWX2AK8=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "7d47a32e5cd1ea481fab33c516356ce27c8cef4a",
+        "rev": "e35aed5fda3cc79f88ed7f1795021e559582093a",
         "type": "github"
       },
       "original": {

From 6b51b4e2ab49dfe4a853ad5873e9d4741eafaefa Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 7 Apr 2024 13:30:40 +0200
Subject: [PATCH 116/431] nixos: services: rss-bridge: fix deprecated option

---
 modules/nixos/services/rss-bridge/default.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/nixos/services/rss-bridge/default.nix b/modules/nixos/services/rss-bridge/default.nix
index 85e37c2..52b1030 100644
--- a/modules/nixos/services/rss-bridge/default.nix
+++ b/modules/nixos/services/rss-bridge/default.nix
@@ -11,7 +11,9 @@ in
   config = lib.mkIf cfg.enable {
     services.rss-bridge = {
       enable = true;
-      whitelist = [ "*" ]; # Whitelist all
+      config = {
+        system.enabled_bridges = [ "*" ]; # Whitelist all
+      };
       virtualHost = "rss-bridge.${config.networking.domain}";
     };
 

From 6efe2c12ba7e580418ca8a17b14185422defa67e Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 8 Apr 2024 21:19:54 +0200
Subject: [PATCH 117/431] nixos: services: woodpecker: exec: fix NodeJS

I need it for Tree Sitter support...
---
 modules/nixos/services/woodpecker/agent-exec/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/nixos/services/woodpecker/agent-exec/default.nix b/modules/nixos/services/woodpecker/agent-exec/default.nix
index 7ae21c8..24161b0 100644
--- a/modules/nixos/services/woodpecker/agent-exec/default.nix
+++ b/modules/nixos/services/woodpecker/agent-exec/default.nix
@@ -44,6 +44,8 @@ in
       serviceConfig = {
         # Same option as upstream, without @setuid
         SystemCallFilter = lib.mkForce "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap";
+        # NodeJS requires RWX memory...
+        MemoryDenyWriteExecute = lib.mkForce false;
 
         BindPaths = [
           "/nix/var/nix/daemon-socket/socket"

From 3e6b9f716167eef4c6a030f4c6570f4ea28a7c44 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 12 Apr 2024 10:01:17 +0000
Subject: [PATCH 118/431] home: vim: ftdetect: add bp

Unfortunately, the `blueprint` filetype name is already taken...
---
 modules/home/vim/ftdetect/blueprint.lua | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 modules/home/vim/ftdetect/blueprint.lua

diff --git a/modules/home/vim/ftdetect/blueprint.lua b/modules/home/vim/ftdetect/blueprint.lua
new file mode 100644
index 0000000..d3fb395
--- /dev/null
+++ b/modules/home/vim/ftdetect/blueprint.lua
@@ -0,0 +1,6 @@
+-- Use `bp` filetype for Blueprint files
+vim.filetype.add({
+    extension = {
+        bp = "bp",
+    },
+})

From 95c688766f7af1bd06e22ce150aa4628167455d8 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 12 Apr 2024 10:01:17 +0000
Subject: [PATCH 119/431] home: vim: ftplugin: add bp

---
 modules/home/vim/after/ftplugin/bp.vim | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 modules/home/vim/after/ftplugin/bp.vim

diff --git a/modules/home/vim/after/ftplugin/bp.vim b/modules/home/vim/after/ftplugin/bp.vim
new file mode 100644
index 0000000..1224e7a
--- /dev/null
+++ b/modules/home/vim/after/ftplugin/bp.vim
@@ -0,0 +1,7 @@
+" Create the `b:undo_ftplugin` variable if it doesn't exist
+call ftplugined#check_undo_ft()
+
+" Add comment format
+setlocal comments=b://,s1:/*,mb:*,ex:*/
+setlocal commentstring=//\ %s
+let b:undo_ftplugin.='|setlocal comments< commentstring<'

From a4ede5f6f403a6f73d8ac34ee56892be2e1a4f4f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 10 May 2023 13:04:06 +0000
Subject: [PATCH 120/431] templates: add rust-cargo

---
 templates/default.nix                      |   4 +
 templates/rust-cargo/.envrc                |   5 +
 templates/rust-cargo/.gitignore            |   6 ++
 templates/rust-cargo/.woodpecker/check.yml |  31 ++++++
 templates/rust-cargo/Cargo.lock            |   7 ++
 templates/rust-cargo/Cargo.toml            |   8 ++
 templates/rust-cargo/flake.nix             | 112 +++++++++++++++++++++
 templates/rust-cargo/rustfmt.toml          |   0
 templates/rust-cargo/src/main.rs           |   3 +
 9 files changed, 176 insertions(+)
 create mode 100644 templates/rust-cargo/.envrc
 create mode 100644 templates/rust-cargo/.gitignore
 create mode 100644 templates/rust-cargo/.woodpecker/check.yml
 create mode 100644 templates/rust-cargo/Cargo.lock
 create mode 100644 templates/rust-cargo/Cargo.toml
 create mode 100644 templates/rust-cargo/flake.nix
 create mode 100644 templates/rust-cargo/rustfmt.toml
 create mode 100644 templates/rust-cargo/src/main.rs

diff --git a/templates/default.nix b/templates/default.nix
index 31c3a81..44db753 100644
--- a/templates/default.nix
+++ b/templates/default.nix
@@ -7,4 +7,8 @@
     path = ./c++-meson;
     description = "A C++ project using Meson";
   };
+  "rust-cargo" = {
+    path = ./rust-cargo;
+    description = "A Rust project using Cargo";
+  };
 }
diff --git a/templates/rust-cargo/.envrc b/templates/rust-cargo/.envrc
new file mode 100644
index 0000000..de77fcb
--- /dev/null
+++ b/templates/rust-cargo/.envrc
@@ -0,0 +1,5 @@
+if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then
+    source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg="
+fi
+
+use flake
diff --git a/templates/rust-cargo/.gitignore b/templates/rust-cargo/.gitignore
new file mode 100644
index 0000000..5f360ff
--- /dev/null
+++ b/templates/rust-cargo/.gitignore
@@ -0,0 +1,6 @@
+# Rust build directory
+/target
+
+# Nix generated files
+/.pre-commit-config.yaml
+/result
diff --git a/templates/rust-cargo/.woodpecker/check.yml b/templates/rust-cargo/.woodpecker/check.yml
new file mode 100644
index 0000000..4ff7dba
--- /dev/null
+++ b/templates/rust-cargo/.woodpecker/check.yml
@@ -0,0 +1,31 @@
+labels:
+  backend: local
+
+steps:
+- name: pre-commit check
+  image: bash
+  commands:
+  - nix develop --command pre-commit run --all
+
+- name: nix flake check
+  image: bash
+  commands:
+  - nix flake check
+
+- name: notifiy
+  image: bash
+  environment:
+    ADDRESS:
+      from_secret: matrix_homeserver
+    ROOM:
+      from_secret: matrix_roomid
+    USER:
+      from_secret: matrix_username
+    PASS:
+      from_secret: matrix_password
+  commands:
+  - nix run github:ambroisie/matrix-notifier
+  when:
+    status:
+    - failure
+    - success
diff --git a/templates/rust-cargo/Cargo.lock b/templates/rust-cargo/Cargo.lock
new file mode 100644
index 0000000..4f9c86e
--- /dev/null
+++ b/templates/rust-cargo/Cargo.lock
@@ -0,0 +1,7 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 3
+
+[[package]]
+name = "project"
+version = "0.0.0"
diff --git a/templates/rust-cargo/Cargo.toml b/templates/rust-cargo/Cargo.toml
new file mode 100644
index 0000000..4dfdc0b
--- /dev/null
+++ b/templates/rust-cargo/Cargo.toml
@@ -0,0 +1,8 @@
+[package]
+name = "project"
+version = "0.0.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
diff --git a/templates/rust-cargo/flake.nix b/templates/rust-cargo/flake.nix
new file mode 100644
index 0000000..6d50369
--- /dev/null
+++ b/templates/rust-cargo/flake.nix
@@ -0,0 +1,112 @@
+{
+  description = "A Rust project";
+
+  inputs = {
+    futils = {
+      type = "github";
+      owner = "numtide";
+      repo = "flake-utils";
+      ref = "main";
+    };
+
+    nixpkgs = {
+      type = "github";
+      owner = "NixOS";
+      repo = "nixpkgs";
+      ref = "nixos-unstable";
+    };
+
+    pre-commit-hooks = {
+      type = "github";
+      owner = "cachix";
+      repo = "pre-commit-hooks.nix";
+      ref = "master";
+      inputs = {
+        flake-utils.follows = "futils";
+        nixpkgs.follows = "nixpkgs";
+      };
+    };
+  };
+
+  outputs = { self, futils, nixpkgs, pre-commit-hooks }:
+    {
+      overlays = {
+        default = final: _prev: {
+          project = with final; rustPlatform.buildRustPackage {
+            pname = "project";
+            version = (final.lib.importTOML ./Cargo.toml).package.version;
+
+            src = self;
+
+            cargoLock = {
+              lockFile = "${self}/Cargo.lock";
+            };
+
+            meta = with lib; {
+              description = "A Rust project";
+              homepage = "https://git.belanyi.fr/ambroisie/project";
+              license = licenses.mit;
+              maintainers = with maintainers; [ ambroisie ];
+            };
+          };
+        };
+      };
+    } // futils.lib.eachDefaultSystem (system:
+      let
+        pkgs = import nixpkgs {
+          inherit system;
+          overlays = [
+            self.overlays.default
+          ];
+        };
+
+        pre-commit = pre-commit-hooks.lib.${system}.run {
+          src = self;
+
+          hooks = {
+            clippy = {
+              enable = true;
+              settings = {
+                denyWarnings = true;
+              };
+            };
+
+            nixpkgs-fmt = {
+              enable = true;
+            };
+
+            rustfmt = {
+              enable = true;
+            };
+          };
+        };
+      in
+      {
+        checks = {
+          inherit (self.packages.${system}) project;
+        };
+
+        devShells = {
+          default = pkgs.mkShell {
+            inputsFrom = with self.packages.${system}; [
+              project
+            ];
+
+            packages = with pkgs; [
+              clippy
+              rust-analyzer
+              rustfmt
+            ];
+
+            RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}";
+
+            inherit (pre-commit) shellHook;
+          };
+        };
+
+        packages = futils.lib.flattenTree {
+          default = pkgs.project;
+          inherit (pkgs) project;
+        };
+      });
+}
diff --git a/templates/rust-cargo/rustfmt.toml b/templates/rust-cargo/rustfmt.toml
new file mode 100644
index 0000000..e69de29
diff --git a/templates/rust-cargo/src/main.rs b/templates/rust-cargo/src/main.rs
new file mode 100644
index 0000000..e7a11a9
--- /dev/null
+++ b/templates/rust-cargo/src/main.rs
@@ -0,0 +1,3 @@
+fn main() {
+    println!("Hello, world!");
+}

From 7e0cb867deb17d2f5b23670510147bb6dc59470f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 12 Apr 2024 15:19:29 +0000
Subject: [PATCH 121/431] pkgs: remove 'digestpp'

I have packaged it upstream.
---
 pkgs/default.nix          |  2 --
 pkgs/digestpp/default.nix | 31 -------------------------------
 2 files changed, 33 deletions(-)
 delete mode 100644 pkgs/digestpp/default.nix

diff --git a/pkgs/default.nix b/pkgs/default.nix
index e82a90c..a45bd7f 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -12,8 +12,6 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: {
 
   diff-flake = pkgs.callPackage ./diff-flake { };
 
-  digestpp = pkgs.callPackage ./digestpp { };
-
   dragger = pkgs.callPackage ./dragger { };
 
   drone-rsync = pkgs.callPackage ./drone-rsync { };
diff --git a/pkgs/digestpp/default.nix b/pkgs/digestpp/default.nix
deleted file mode 100644
index 2fd90db..0000000
--- a/pkgs/digestpp/default.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ lib
-, fetchFromGitHub
-, stdenv
-}:
-stdenv.mkDerivation {
-  pname = "digestpp";
-  version = "0-unstable-2023-11-07";
-
-  src = fetchFromGitHub {
-    owner = "kerukuro";
-    repo = "digestpp";
-    rev = "ebb699402c244e22c3aff61d2239bcb2e87b8ef8";
-    hash = "sha256-9X/P7DgZB6bSYjQWRli4iAXEFjhmACOVv3EYQrXuH5c=";
-  };
-
-  installPhase = ''
-    runHook preInstall
-
-    mkdir -p $out/include/digestpp
-    cp -r *.hpp algorithm/ detail/ $out/include/digestpp
-
-    runHook postInstall
-  '';
-
-  meta = with lib; {
-    description = "C++11 header-only message digest library";
-    homepage = "https://github.com/kerukuro/digestpp";
-    license = licenses.unlicense;
-    maintainers = with maintainers; [ ambroisie ];
-  };
-}

From e43cdbfa6519753cb5fb6d674d88eeecbd03e9ab Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 12 Apr 2024 15:19:56 +0000
Subject: [PATCH 122/431] pkgs: remove 'sqlite_orm'

I have packaged it upstream.
---
 pkgs/default.nix            |  2 --
 pkgs/sqlite_orm/default.nix | 32 --------------------------------
 2 files changed, 34 deletions(-)
 delete mode 100644 pkgs/sqlite_orm/default.nix

diff --git a/pkgs/default.nix b/pkgs/default.nix
index a45bd7f..0212887 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -28,8 +28,6 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: {
 
   rbw-pass = pkgs.callPackage ./rbw-pass { };
 
-  sqlite_orm = pkgs.callPackage ./sqlite_orm { };
-
   unbound-zones-adblock = pkgs.callPackage ./unbound-zones-adblock { };
 
   zsh-done = pkgs.callPackage ./zsh-done { };
diff --git a/pkgs/sqlite_orm/default.nix b/pkgs/sqlite_orm/default.nix
deleted file mode 100644
index 3891eee..0000000
--- a/pkgs/sqlite_orm/default.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ lib
-, cmake
-, fetchFromGitHub
-, sqlite
-, stdenv
-}:
-stdenv.mkDerivation (finalAttrs: {
-  pname = "sqlite_orm";
-  version = "1.8.2";
-
-  src = fetchFromGitHub {
-    owner = "fnc12";
-    repo = "sqlite_orm";
-    rev = "v${finalAttrs.version}";
-    hash = "sha256-KqphGFcnR1Y11KqL7sxODSv7lEvcURdF6kLd3cg84kc=";
-  };
-
-  nativeBuildInputs = [
-    cmake
-  ];
-
-  propagatedBuildInputs = [
-    sqlite
-  ];
-
-  meta = with lib; {
-    description = "Light header only SQLite ORM";
-    homepage = "https://sqliteorm.com/";
-    license = licenses.agpl3Only; # MIT license is commercial
-    maintainers = with maintainers; [ ambroisie ];
-  };
-})

From 06b760e3ee7ffe73a78753295a6d4e10ef6fe98a Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 12 Apr 2024 15:20:09 +0000
Subject: [PATCH 123/431] pkgs: remove 'bt-migrate'

I have packaged it upstream.
---
 pkgs/bt-migrate/default.nix | 61 -------------------------------------
 pkgs/default.nix            |  2 --
 2 files changed, 63 deletions(-)
 delete mode 100644 pkgs/bt-migrate/default.nix

diff --git a/pkgs/bt-migrate/default.nix b/pkgs/bt-migrate/default.nix
deleted file mode 100644
index df99c55..0000000
--- a/pkgs/bt-migrate/default.nix
+++ /dev/null
@@ -1,61 +0,0 @@
-{ lib
-, boost
-, cmake
-, cxxopts
-, digestpp
-, fetchFromGitHub
-, fmt
-, jsoncons
-, pugixml
-, sqlite_orm
-, stdenv
-}:
-stdenv.mkDerivation {
-  pname = "bt-migrate";
-  version = "0-unstable-2023-08-17";
-
-  src = fetchFromGitHub {
-    owner = "mikedld";
-    repo = "bt-migrate";
-    rev = "e15a489c0c76f98355586ebbee08223af4e9bf50";
-    hash = "sha256-kA6yxhbIh3ThmgF8Zyoe3I79giLVmdNr9IIrw5Xx4s0=";
-  };
-
-  nativeBuildInputs = [
-    cmake
-  ];
-
-  buildInputs = [
-    boost
-    cxxopts
-    fmt
-    jsoncons
-    pugixml
-    sqlite_orm
-  ];
-
-  cmakeFlags = [
-    (lib.strings.cmakeBool "USE_VCPKG" false)
-    # NOTE: digestpp does not have proper CMake packaging (yet?)
-    (lib.strings.cmakeBool "USE_FETCHCONTENT" true)
-    (lib.strings.cmakeFeature "FETCHCONTENT_SOURCE_DIR_DIGESTPP" "${digestpp}/include/digestpp")
-  ];
-
-  # NOTE: no install target in CMake...
-  installPhase = ''
-    runHook preInstall
-
-    mkdir -p $out/bin
-    cp BtMigrate $out/bin
-
-    runHook postInstall
-  '';
-
-  meta = with lib; {
-    description = "Torrent state migration tool";
-    homepage = "https://github.com/mikedld/bt-migrate";
-    license = licenses.gpl3Only;
-    maintainers = with maintainers; [ ambroisie ];
-    mainProgram = "BtMigrate";
-  };
-}
diff --git a/pkgs/default.nix b/pkgs/default.nix
index 0212887..6b7fce1 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -1,7 +1,5 @@
 { pkgs }:
 pkgs.lib.makeScope pkgs.newScope (pkgs: {
-  bt-migrate = pkgs.callPackage ./bt-migrate { };
-
   bw-pass = pkgs.callPackage ./bw-pass { };
 
   change-audio = pkgs.callPackage ./change-audio { };

From 6a22a80d4203111dd77bcd4ae7594f2ae194403b Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 15 Apr 2024 14:06:21 +0000
Subject: [PATCH 124/431] home: direnv: update default flake

Now that I (usually?) override `nixpkgs` in the registry, there's not
much use in defaulting to `pkgs`.
---
 modules/home/direnv/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/home/direnv/default.nix b/modules/home/direnv/default.nix
index 93a1f3b..4f1f4b6 100644
--- a/modules/home/direnv/default.nix
+++ b/modules/home/direnv/default.nix
@@ -8,8 +8,8 @@ in
 
     defaultFlake = mkOption {
       type = types.str;
-      default = "pkgs";
-      example = "nixpkgs";
+      default = "nixpkgs";
+      example = "pkgs";
       description = ''
         Which flake from the registry should be used for
         <command>use pkgs</command> by default.

From b735eb4b98fd60f3e3f3bcdca33aec1eedc4719e Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 15 Apr 2024 14:08:00 +0000
Subject: [PATCH 125/431] home: direnv: set 'DIRENV_DEFAULT_FLAKE' as needed

---
 modules/home/direnv/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/home/direnv/default.nix b/modules/home/direnv/default.nix
index 4f1f4b6..67beb62 100644
--- a/modules/home/direnv/default.nix
+++ b/modules/home/direnv/default.nix
@@ -7,8 +7,8 @@ in
     enable = my.mkDisableOption "direnv configuration";
 
     defaultFlake = mkOption {
-      type = types.str;
-      default = "nixpkgs";
+      type = with types; nullOr str;
+      default = null;
       example = "pkgs";
       description = ''
         Which flake from the registry should be used for
@@ -39,7 +39,7 @@ in
       in
       lib.my.genAttrs' files linkLibFile;
 
-    home.sessionVariables = {
+    home.sessionVariables = lib.mkIf (cfg.defaultFlake != null) {
       DIRENV_DEFAULT_FLAKE = cfg.defaultFlake;
     };
   };

From f9db06a6d43d4fdce7595c6a5b5acfe7af84b971 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 22 Apr 2024 20:58:45 +0200
Subject: [PATCH 126/431] flake: bump inputs

---
 flake.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/flake.lock b/flake.lock
index 808a777..8ee39d7 100644
--- a/flake.lock
+++ b/flake.lock
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1712390667,
-        "narHash": "sha256-ebq+fJZfobqpsAdGDGpxNWSySbQejRwW9cdiil6krCo=",
+        "lastModified": 1713809191,
+        "narHash": "sha256-9Tb5JKcacjxNF1f7gsu/4l4Gxa2qflq9x1hhdl10iwM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "b787726a8413e11b074cde42704b4af32d95545c",
+        "rev": "e866aae5bbbcfe6798ca05d3004a4e62f1828954",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1712439257,
-        "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=",
+        "lastModified": 1713714899,
+        "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599",
+        "rev": "6143fc5eeb9c4f00163267708e26191d1e918932",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1712485930,
-        "narHash": "sha256-Gx1kXJYnYENoJKWdZpTSDj9fAbnhSzp/cTpFFIXre/M=",
+        "lastModified": 1713810384,
+        "narHash": "sha256-ze9APypWwgcNXvtc+Y/In/PCGmIzm/VefrwQKG7ge7E=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "e4dfbd7eb86b3ac1bf5b7d5c4ca200dba5cbb5a9",
+        "rev": "5d454967f1d978fe45956d25ed7ee15b9910da18",
         "type": "github"
       },
       "original": {
@@ -197,11 +197,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1712055707,
-        "narHash": "sha256-4XLvuSIDZJGS17xEwSrNuJLL7UjDYKGJSbK1WWX2AK8=",
+        "lastModified": 1713775815,
+        "narHash": "sha256-Wu9cdYTnGQQwtT20QQMg7jzkANKQjwBD9iccfGKkfls=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "e35aed5fda3cc79f88ed7f1795021e559582093a",
+        "rev": "2ac4dcbf55ed43f3be0bae15e181f08a57af24a4",
         "type": "github"
       },
       "original": {

From c18054cad72c92a347a87ddaa63bf1b0ffa2a023 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 21 Mar 2024 20:30:25 +0100
Subject: [PATCH 127/431] nixos: services: podgrab: use 'media' group

---
 modules/nixos/services/podgrab/default.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/nixos/services/podgrab/default.nix b/modules/nixos/services/podgrab/default.nix
index 5ceebb6..f1a8eb2 100644
--- a/modules/nixos/services/podgrab/default.nix
+++ b/modules/nixos/services/podgrab/default.nix
@@ -29,8 +29,13 @@ in
     services.podgrab = {
       enable = true;
       inherit (cfg) passwordFile port;
+
+      group = "media";
     };
 
+    # Set-up media group
+    users.groups.media = { };
+
     my.services.nginx.virtualHosts = {
       podgrab = {
         inherit (cfg) port;

From 5df0574f41017e67462fcc7809fd117f2f7944be Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 21 Mar 2024 20:30:25 +0100
Subject: [PATCH 128/431] nixos: services: podgrab: add 'dataDir'

---
 modules/nixos/services/podgrab/default.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/modules/nixos/services/podgrab/default.nix b/modules/nixos/services/podgrab/default.nix
index f1a8eb2..ea89e4e 100644
--- a/modules/nixos/services/podgrab/default.nix
+++ b/modules/nixos/services/podgrab/default.nix
@@ -17,6 +17,15 @@ in
       '';
     };
 
+    dataDir = mkOption {
+      type = with types; nullOr str;
+      default = null;
+      example = "/mnt/podgrab";
+      description = ''
+        Path to the directory to store the podcasts. Use default if null
+      '';
+    };
+
     port = mkOption {
       type = types.port;
       default = 8080;
@@ -31,6 +40,7 @@ in
       inherit (cfg) passwordFile port;
 
       group = "media";
+      dataDirectory = lib.mkIf (cfg.dataDir != null) cfg.dataDir;
     };
 
     # Set-up media group

From 7ebbb10568f12929b54308d6aa96defad93c9d82 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 21 Mar 2024 20:32:05 +0100
Subject: [PATCH 129/431] hosts: nixos: porthos: migrate podgrab 'dataDir'

I want to share it with `audiobookshelf`, so putting it in `/data/media`
makes it easier.
---
 hosts/nixos/porthos/services.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index a67ae3b..d84c2fa 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -134,6 +134,7 @@ in
     podgrab = {
       enable = true;
       passwordFile = secrets."podgrab/password".path;
+      dataDir = "/data/media/podcasts";
       port = 9598;
     };
     # Regular backups

From 2dedb41a47e83aa3a86b4ad8062d7348fa7a35c9 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 21 Mar 2024 19:59:34 +0100
Subject: [PATCH 130/431] nixos: services: add audiobookshelf

---
 .../nixos/services/audiobookshelf/default.nix | 39 +++++++++++++++++++
 modules/nixos/services/default.nix            |  1 +
 2 files changed, 40 insertions(+)
 create mode 100644 modules/nixos/services/audiobookshelf/default.nix

diff --git a/modules/nixos/services/audiobookshelf/default.nix b/modules/nixos/services/audiobookshelf/default.nix
new file mode 100644
index 0000000..8c9719d
--- /dev/null
+++ b/modules/nixos/services/audiobookshelf/default.nix
@@ -0,0 +1,39 @@
+# Audiobook and podcast library
+{ config, lib, ... }:
+let
+  cfg = config.my.services.audiobookshelf;
+in
+{
+  options.my.services.audiobookshelf = with lib; {
+    enable = mkEnableOption "Audiobookshelf, a self-hosted podcast manager";
+
+    port = mkOption {
+      type = types.port;
+      default = 8000;
+      example = 4242;
+      description = "The port on which Audiobookshelf will listen for incoming HTTP traffic.";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.audiobookshelf = {
+      enable = true;
+      inherit (cfg) port;
+
+      group = "media";
+    };
+
+    # Set-up media group
+    users.groups.media = { };
+
+    my.services.nginx.virtualHosts = {
+      audiobookshelf = {
+        inherit (cfg) port;
+        # Proxy websockets for RPC
+        extraConfig = {
+          locations."/".proxyWebsockets = true;
+        };
+      };
+    };
+  };
+}
diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix
index 3b32d06..60b2478 100644
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@@ -4,6 +4,7 @@
   imports = [
     ./adblock
     ./aria
+    ./audiobookshelf
     ./backup
     ./blog
     ./calibre-web

From 929c8ea9b0322339429113318440336e2931fbe2 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 21 Mar 2024 20:00:17 +0100
Subject: [PATCH 131/431] hosts: nixos: porthos: services: audiobookshelf

---
 hosts/nixos/porthos/services.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index d84c2fa..23901f7 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -10,6 +10,11 @@ in
     adblock = {
       enable = true;
     };
+    # Audiobook and podcast library
+    audiobookshelf = {
+      enable = true;
+      port = 9599;
+    };
     # Backblaze B2 backup
     backup = {
       enable = true;

From df79f36c873d08fabe18ec8bfcb87ff6f5eb4edd Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 4 May 2024 16:06:14 +0200
Subject: [PATCH 132/431] flake: bump inputs

---
 flake.lock | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/flake.lock b/flake.lock
index 8ee39d7..c1084e9 100644
--- a/flake.lock
+++ b/flake.lock
@@ -14,11 +14,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1712079060,
-        "narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=",
+        "lastModified": 1714136352,
+        "narHash": "sha256-BtWQ2Th/jamO1SlD+2ASSW5Jaf7JhA/JLpQHk0Goqpg=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "1381a759b205dff7a6818733118d02253340fd5e",
+        "rev": "24a7ea390564ccd5b39b7884f597cfc8d7f6f44e",
         "type": "github"
       },
       "original": {
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1712014858,
-        "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
+        "lastModified": 1714641030,
+        "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
+        "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1713809191,
-        "narHash": "sha256-9Tb5JKcacjxNF1f7gsu/4l4Gxa2qflq9x1hhdl10iwM=",
+        "lastModified": 1714679908,
+        "narHash": "sha256-KzcXzDvDJjX34en8f3Zimm396x6idbt+cu4tWDVS2FI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "e866aae5bbbcfe6798ca05d3004a4e62f1828954",
+        "rev": "9036fe9ef8e15a819fa76f47a8b1f287903fb848",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1713714899,
-        "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=",
+        "lastModified": 1714635257,
+        "narHash": "sha256-4cPymbty65RvF1DWQfc+Bc8B233A1BWxJnNULJKQ1EY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "6143fc5eeb9c4f00163267708e26191d1e918932",
+        "rev": "63c3a29ca82437c87573e4c6919b09a24ea61b0f",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1713810384,
-        "narHash": "sha256-ze9APypWwgcNXvtc+Y/In/PCGmIzm/VefrwQKG7ge7E=",
+        "lastModified": 1714825428,
+        "narHash": "sha256-6U4cppyR0u6sqSSVr3GMrnIXhP2YGR0knfgrUGtr/1Y=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "5d454967f1d978fe45956d25ed7ee15b9910da18",
+        "rev": "5847f3365c16afafc10c56994beadd4cdc8552ee",
         "type": "github"
       },
       "original": {
@@ -197,11 +197,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1713775815,
-        "narHash": "sha256-Wu9cdYTnGQQwtT20QQMg7jzkANKQjwBD9iccfGKkfls=",
+        "lastModified": 1714478972,
+        "narHash": "sha256-q//cgb52vv81uOuwz1LaXElp3XAe1TqrABXODAEF6Sk=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "2ac4dcbf55ed43f3be0bae15e181f08a57af24a4",
+        "rev": "2849da033884f54822af194400f8dff435ada242",
         "type": "github"
       },
       "original": {

From 8d2cf7f2c0a133e718f147222db9ae04d68c1155 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 4 May 2024 16:06:24 +0200
Subject: [PATCH 133/431] nixos: profiles: laptop: fix renamed option

---
 modules/nixos/profiles/laptop/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/nixos/profiles/laptop/default.nix b/modules/nixos/profiles/laptop/default.nix
index 20a29d7..68c65b8 100644
--- a/modules/nixos/profiles/laptop/default.nix
+++ b/modules/nixos/profiles/laptop/default.nix
@@ -9,7 +9,7 @@ in
 
   config = lib.mkIf cfg.enable {
     # Enable touchpad support
-    services.xserver.libinput.enable = true;
+    services.libinput.enable = true;
 
     # Enable TLP power management
     my.services.tlp.enable = true;

From 6162f4f4d52fc3bd2bcac2659ce6fc836a959345 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 4 May 2024 22:51:11 +0200
Subject: [PATCH 134/431] modules: services: nextcloud: bump to 29

---
 modules/nixos/services/nextcloud/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix
index 51195df..bb3169a 100644
--- a/modules/nixos/services/nextcloud/default.nix
+++ b/modules/nixos/services/nextcloud/default.nix
@@ -31,7 +31,7 @@ in
   config = lib.mkIf cfg.enable {
     services.nextcloud = {
       enable = true;
-      package = pkgs.nextcloud28;
+      package = pkgs.nextcloud29;
       hostName = "nextcloud.${config.networking.domain}";
       home = "/var/lib/nextcloud";
       maxUploadSize = cfg.maxSize;

From 48beb9f1fe7cba2554da18727a2c0a2b34393d17 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 7 May 2024 11:10:29 +0000
Subject: [PATCH 135/431] nixos: services: postgres: simplify update script

---
 modules/nixos/services/postgresql/default.nix | 27 ++++++++++++-------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/modules/nixos/services/postgresql/default.nix b/modules/nixos/services/postgresql/default.nix
index 6f51f3e..1c06736 100644
--- a/modules/nixos/services/postgresql/default.nix
+++ b/modules/nixos/services/postgresql/default.nix
@@ -27,17 +27,26 @@ in
 
       environment.systemPackages =
         let
-          newpg = config.containers.temp-pg.config.services.postgresql;
+          pgCfg = config.services.postgresql;
+          newPackage' = pkgs.postgresql_13;
+
+          oldPackage = if pgCfg.enableJIT then pgCfg.package.withJIT else pgCfg.package;
+          oldData = pgCfg.dataDir;
+          oldBin = "${if pgCfg.extraPlugins == [] then oldPackage else oldPackage.withPackages pgCfg.extraPlugins}/bin";
+
+          newPackage = if pgCfg.enableJIT then newPackage'.withJIT else newPackage';
+          newData = "/var/lib/postgresql/${newPackage.psqlSchema}";
+          newBin = "${if pgCfg.extraPlugins == [] then newPackage else newPackage.withPackages pgCfg.extraPlugins}/bin";
         in
         [
           (pkgs.writeScriptBin "upgrade-pg-cluster" ''
             #!/usr/bin/env bash
 
-            set -x
-            export OLDDATA="${config.services.postgresql.dataDir}"
-            export NEWDATA="${newpg.dataDir}"
-            export OLDBIN="${config.services.postgresql.package}/bin"
-            export NEWBIN="${newpg.package}/bin"
+            set -eux
+            export OLDDATA="${oldData}"
+            export NEWDATA="${newData}"
+            export OLDBIN="${oldBin}"
+            export NEWBIN="${newBin}"
 
             if [ "$OLDDATA" -ef "$NEWDATA" ]; then
               echo "Cannot migrate to same data directory" >&2
@@ -46,13 +55,13 @@ in
 
             install -d -m 0700 -o postgres -g postgres "$NEWDATA"
             cd "$NEWDATA"
-            sudo -u postgres $NEWBIN/initdb -D "$NEWDATA"
+            sudo -u postgres "$NEWBIN/initdb" -D "$NEWDATA"
 
             systemctl stop postgresql    # old one
 
-            sudo -u postgres $NEWBIN/pg_upgrade \
+            sudo -u postgres "$NEWBIN/pg_upgrade" \
               --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
-              --old-bindir $OLDBIN --new-bindir $NEWBIN \
+              --old-bindir "$OLDBIN" --new-bindir "$NEWBIN" \
               "$@"
           '')
         ];

From 0745e450b9a28041b875012eb935b224b3a05862 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 7 May 2024 11:40:03 +0000
Subject: [PATCH 136/431] nixos: services: postgres: remove unused container

---
 modules/nixos/services/postgresql/default.nix | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/modules/nixos/services/postgresql/default.nix b/modules/nixos/services/postgresql/default.nix
index 1c06736..7559bb6 100644
--- a/modules/nixos/services/postgresql/default.nix
+++ b/modules/nixos/services/postgresql/default.nix
@@ -20,11 +20,6 @@ in
 
     # Taken from the manual
     (lib.mkIf cfg.upgradeScript {
-      containers.temp-pg.config.services.postgresql = {
-        enable = true;
-        package = pkgs.postgresql_13;
-      };
-
       environment.systemPackages =
         let
           pgCfg = config.services.postgresql;

From f6c476a07f2e7d1e8671cfe01a749d7ca5a0e4a2 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 7 May 2024 11:20:40 +0000
Subject: [PATCH 137/431] nixos: services: postgres: add post-upgrade advice

---
 modules/nixos/services/postgresql/default.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/nixos/services/postgresql/default.nix b/modules/nixos/services/postgresql/default.nix
index 7559bb6..bbe46d4 100644
--- a/modules/nixos/services/postgresql/default.nix
+++ b/modules/nixos/services/postgresql/default.nix
@@ -58,6 +58,13 @@ in
               --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
               --old-bindir "$OLDBIN" --new-bindir "$NEWBIN" \
               "$@"
+
+            cat << EOF
+              Run the following commands after setting:
+              services.postgresql.package = pkgs.postgresql_${lib.versions.major newPackage.version}
+                  sudo -u postgres vacuumdb --all --analyze-in-stages
+                  ${newData}/delete_old_cluster.sh
+            EOF
           '')
         ];
     })

From 811a9f44c59545ca6944328e54138dca9ead2896 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 10 May 2024 09:35:47 +0000
Subject: [PATCH 138/431] home: vim: ftplugin: add json

---
 modules/home/vim/after/ftplugin/json.vim | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 modules/home/vim/after/ftplugin/json.vim

diff --git a/modules/home/vim/after/ftplugin/json.vim b/modules/home/vim/after/ftplugin/json.vim
new file mode 100644
index 0000000..3f7b09d
--- /dev/null
+++ b/modules/home/vim/after/ftplugin/json.vim
@@ -0,0 +1,6 @@
+" Create the `b:undo_ftplugin` variable if it doesn't exist
+call ftplugined#check_undo_ft()
+
+" Use a small indentation value on JSON files
+setlocal shiftwidth=2
+let b:undo_ftplugin.='|setlocal shiftwidth<'

From 1cba7b609daacf7ef6c5c3ff0f8b3f3c865c92dc Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 13 May 2024 14:28:45 +0000
Subject: [PATCH 139/431] home: vim: null-ls: remove 'clang-format'

I should be relying on `clangd` instead, which should always be
available whenever `clang-format` was.
---
 modules/home/vim/plugin/settings/null-ls.lua | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/modules/home/vim/plugin/settings/null-ls.lua b/modules/home/vim/plugin/settings/null-ls.lua
index e7265c7..eadf16a 100644
--- a/modules/home/vim/plugin/settings/null-ls.lua
+++ b/modules/home/vim/plugin/settings/null-ls.lua
@@ -18,16 +18,6 @@ null_ls.register({
     }),
 })
 
--- C, C++
-null_ls.register({
-    null_ls.builtins.formatting.clang_format.with({
-        -- Only used if available, but prefer clangd formatting if available
-        condition = function()
-            return utils.is_executable("clang-format") and not utils.is_executable("clangd")
-        end,
-    }),
-})
-
 -- Nix
 null_ls.register({
     null_ls.builtins.formatting.nixpkgs_fmt.with({

From 9e89b4dd36b3b98430a8460e7c53f1e6185f116d Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 19 May 2024 22:32:54 +0200
Subject: [PATCH 140/431] flake: bump inputs

---
 flake.lock | 39 ++++++++++++++++++---------------------
 flake.nix  |  1 -
 2 files changed, 18 insertions(+), 22 deletions(-)

diff --git a/flake.lock b/flake.lock
index c1084e9..5fa4910 100644
--- a/flake.lock
+++ b/flake.lock
@@ -14,11 +14,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1714136352,
-        "narHash": "sha256-BtWQ2Th/jamO1SlD+2ASSW5Jaf7JhA/JLpQHk0Goqpg=",
+        "lastModified": 1715290355,
+        "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "24a7ea390564ccd5b39b7884f597cfc8d7f6f44e",
+        "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0",
         "type": "github"
       },
       "original": {
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1714641030,
-        "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=",
+        "lastModified": 1715865404,
+        "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e",
+        "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1714679908,
-        "narHash": "sha256-KzcXzDvDJjX34en8f3Zimm396x6idbt+cu4tWDVS2FI=",
+        "lastModified": 1715930644,
+        "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "9036fe9ef8e15a819fa76f47a8b1f287903fb848",
+        "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1714635257,
-        "narHash": "sha256-4cPymbty65RvF1DWQfc+Bc8B233A1BWxJnNULJKQ1EY=",
+        "lastModified": 1715961556,
+        "narHash": "sha256-+NpbZRCRisUHKQJZF3CT+xn14ZZQO+KjxIIanH3Pvn4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "63c3a29ca82437c87573e4c6919b09a24ea61b0f",
+        "rev": "4a6b83b05df1a8bd7d99095ec4b4d271f2956b64",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1714825428,
-        "narHash": "sha256-6U4cppyR0u6sqSSVr3GMrnIXhP2YGR0knfgrUGtr/1Y=",
+        "lastModified": 1716149933,
+        "narHash": "sha256-0Ui2HmmKvSqxXfT5kCzTu2EO+kqYxavPZHROxQLsI14=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "5847f3365c16afafc10c56994beadd4cdc8552ee",
+        "rev": "0d0e224fe23a49977d871ae2fe2f14c84b03322a",
         "type": "github"
       },
       "original": {
@@ -185,9 +185,6 @@
     "pre-commit-hooks": {
       "inputs": {
         "flake-compat": "flake-compat",
-        "flake-utils": [
-          "futils"
-        ],
         "gitignore": "gitignore",
         "nixpkgs": [
           "nixpkgs"
@@ -197,11 +194,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1714478972,
-        "narHash": "sha256-q//cgb52vv81uOuwz1LaXElp3XAe1TqrABXODAEF6Sk=",
+        "lastModified": 1715870890,
+        "narHash": "sha256-nacSOeXtUEM77Gn0G4bTdEOeFIrkCBXiyyFZtdGwuH0=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "2849da033884f54822af194400f8dff435ada242",
+        "rev": "fa606cccd7b0ccebe2880051208e4a0f61bfc8c1",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 9c29183..a07ee15 100644
--- a/flake.nix
+++ b/flake.nix
@@ -63,7 +63,6 @@
       repo = "pre-commit-hooks.nix";
       ref = "master";
       inputs = {
-        flake-utils.follows = "futils";
         nixpkgs.follows = "nixpkgs";
         nixpkgs-stable.follows = "nixpkgs";
       };

From ccab4d09528edc84a5759a4106b18c3d3fef556d Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 20 May 2024 15:12:45 +0000
Subject: [PATCH 141/431] overlays: add 'gruvbox-nvim-delimiters'

To fix [1] and [2] until the plug-in gets bumped.

[1]: https://github.com/ellisonleao/gruvbox.nvim/issues/335
[2]: https://github.com/ellisonleao/gruvbox.nvim/issues/340
---
 overlays/gruvbox-nvim-delimiters/default.nix   |  4 ++++
 overlays/gruvbox-nvim-delimiters/generated.nix | 14 ++++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 overlays/gruvbox-nvim-delimiters/default.nix
 create mode 100644 overlays/gruvbox-nvim-delimiters/generated.nix

diff --git a/overlays/gruvbox-nvim-delimiters/default.nix b/overlays/gruvbox-nvim-delimiters/default.nix
new file mode 100644
index 0000000..832e71d
--- /dev/null
+++ b/overlays/gruvbox-nvim-delimiters/default.nix
@@ -0,0 +1,4 @@
+self: prev:
+{
+  vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { });
+}
diff --git a/overlays/gruvbox-nvim-delimiters/generated.nix b/overlays/gruvbox-nvim-delimiters/generated.nix
new file mode 100644
index 0000000..7a27a3d
--- /dev/null
+++ b/overlays/gruvbox-nvim-delimiters/generated.nix
@@ -0,0 +1,14 @@
+{ fetchpatch, ... }:
+
+_final: prev: {
+  gruvbox-nvim = prev.gruvbox-nvim.overrideAttrs (oa: {
+    patches = (oa.patches or [ ]) ++ [
+      # https://github.com/ellisonleao/gruvbox.nvim/pull/319
+      (fetchpatch {
+        name = "add-Delimiter-highlight-group.patch";
+        url = "https://github.com/ellisonleao/gruvbox.nvim/commit/20f90039564b293330bf97acc36dda8dd9e721a0.patch";
+        hash = "sha256-it4SbgK/2iDVyvtXBfVW2YN9DqELfKsMkuCaunERGcE=";
+      })
+    ];
+  });
+}

From 89056e3d5d7b5be3ee630430e36c919d4ef3cb0f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 23 May 2024 11:27:48 +0000
Subject: [PATCH 142/431] home: vim: lspconfig: migrate to 'ruff'

This replaces and enhances the experience from the old `ruff-lsp`
wrapper.
---
 modules/home/vim/plugin/settings/lspconfig.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua
index 628eab9..b3f8954 100644
--- a/modules/home/vim/plugin/settings/lspconfig.lua
+++ b/modules/home/vim/plugin/settings/lspconfig.lua
@@ -53,8 +53,8 @@ if utils.is_executable("pyright") then
     })
 end
 
-if utils.is_executable("ruff-lsp") then
-    lspconfig.ruff_lsp.setup({
+if utils.is_executable("ruff") then
+    lspconfig.ruff.setup({
         capabilities = capabilities,
         on_attach = lsp.on_attach,
     })

From 201fabbc147e59ba49f8743ceef3fe0ce84e5056 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 20 May 2024 20:18:05 +0100
Subject: [PATCH 143/431] home: vim: remove redundant ftdetect files

These have been added upstream and made redundant as part of the update
to v0.10.
---
 modules/home/vim/ftdetect/blueprint.lua | 6 ------
 modules/home/vim/ftdetect/gn.lua        | 7 -------
 modules/home/vim/ftdetect/kbuild.lua    | 6 ------
 modules/home/vim/ftdetect/tikz.lua      | 6 ------
 4 files changed, 25 deletions(-)
 delete mode 100644 modules/home/vim/ftdetect/blueprint.lua
 delete mode 100644 modules/home/vim/ftdetect/gn.lua
 delete mode 100644 modules/home/vim/ftdetect/kbuild.lua
 delete mode 100644 modules/home/vim/ftdetect/tikz.lua

diff --git a/modules/home/vim/ftdetect/blueprint.lua b/modules/home/vim/ftdetect/blueprint.lua
deleted file mode 100644
index d3fb395..0000000
--- a/modules/home/vim/ftdetect/blueprint.lua
+++ /dev/null
@@ -1,6 +0,0 @@
--- Use `bp` filetype for Blueprint files
-vim.filetype.add({
-    extension = {
-        bp = "bp",
-    },
-})
diff --git a/modules/home/vim/ftdetect/gn.lua b/modules/home/vim/ftdetect/gn.lua
deleted file mode 100644
index 37d772e..0000000
--- a/modules/home/vim/ftdetect/gn.lua
+++ /dev/null
@@ -1,7 +0,0 @@
--- Use GN filetype for Chromium Generate Ninja files
-vim.filetype.add({
-    extension = {
-        gn = "gn",
-        gni = "gn",
-    },
-})
diff --git a/modules/home/vim/ftdetect/kbuild.lua b/modules/home/vim/ftdetect/kbuild.lua
deleted file mode 100644
index 799570e..0000000
--- a/modules/home/vim/ftdetect/kbuild.lua
+++ /dev/null
@@ -1,6 +0,0 @@
--- Kbuild is just a Makefile under a different name
-vim.filetype.add({
-    filename = {
-        ["Kbuild"] = "make",
-    },
-})
diff --git a/modules/home/vim/ftdetect/tikz.lua b/modules/home/vim/ftdetect/tikz.lua
deleted file mode 100644
index 93b7db0..0000000
--- a/modules/home/vim/ftdetect/tikz.lua
+++ /dev/null
@@ -1,6 +0,0 @@
--- Use LaTeX filetype for TikZ files
-vim.filetype.add({
-    extension = {
-        tikz = "tex",
-    },
-})

From a60287f8cf85e1f0bc0ddf40b110b4744244dee0 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 20 May 2024 20:26:12 +0100
Subject: [PATCH 144/431] home: vim: remove 'nvim-osc52'

OSC52 supports has been added upstream, and is set up automatically when
`SSH_TTY` is set (and a few other conditions) in v0.10.
---
 modules/home/vim/default.nix             |  1 -
 modules/home/vim/plugin/settings/ssh.lua | 17 -----------------
 2 files changed, 18 deletions(-)
 delete mode 100644 modules/home/vim/plugin/settings/ssh.lua

diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix
index 07711cc..2e85ba3 100644
--- a/modules/home/vim/default.nix
+++ b/modules/home/vim/default.nix
@@ -58,7 +58,6 @@ in
 
       # General enhancements
       vim-qf # Better quick-fix list
-      nvim-osc52 # Send clipboard data through terminal escape for SSH
 
       # Other wrappers
       git-messenger-vim # A simple blame window
diff --git a/modules/home/vim/plugin/settings/ssh.lua b/modules/home/vim/plugin/settings/ssh.lua
deleted file mode 100644
index 992a707..0000000
--- a/modules/home/vim/plugin/settings/ssh.lua
+++ /dev/null
@@ -1,17 +0,0 @@
-if not require("ambroisie.utils").is_ssh() then
-    return
-end
-
-local function copy(lines, _)
-    require("osc52").copy(table.concat(lines, "\n"))
-end
-
-local function paste()
-    return { vim.fn.split(vim.fn.getreg(""), "\n"), vim.fn.getregtype("") }
-end
-
-vim.g.clipboard = {
-    name = "osc52",
-    copy = { ["+"] = copy, ["*"] = copy },
-    paste = { ["+"] = paste, ["*"] = paste },
-}

From cc82d7575f370f44d4ab0f12b339bee8869fc894 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 20 May 2024 20:27:39 +0100
Subject: [PATCH 145/431] home: vim: do not set 'termguicolors' explicitly

Rely on the new behaviour from v0.10 which detects it more
intelligently.
---
 modules/home/vim/init.vim | 2 --
 1 file changed, 2 deletions(-)

diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim
index c94fc53..3a74c4f 100644
--- a/modules/home/vim/init.vim
+++ b/modules/home/vim/init.vim
@@ -86,8 +86,6 @@ set mouse=
 " Set dark mode by default
 set background=dark
 
-" 24 bit colors
-set termguicolors
 " Setup some overrides for gruvbox
 lua << EOF
 local gruvbox = require("gruvbox")

From 212f280d921e035b5f9c015be50564240eddb074 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 20 May 2024 20:33:02 +0100
Subject: [PATCH 146/431] home: vim: remove commenting plug-ins

Rely on the new built-in support which was added upstream as part of
v0.10.

Crucially, upstream supports using tree-sitter aware comment strings by default.
---
 modules/home/vim/after/plugin/mappings/commentary.lua | 10 ----------
 modules/home/vim/default.nix                          |  2 --
 2 files changed, 12 deletions(-)
 delete mode 100644 modules/home/vim/after/plugin/mappings/commentary.lua

diff --git a/modules/home/vim/after/plugin/mappings/commentary.lua b/modules/home/vim/after/plugin/mappings/commentary.lua
deleted file mode 100644
index 6ed3b89..0000000
--- a/modules/home/vim/after/plugin/mappings/commentary.lua
+++ /dev/null
@@ -1,10 +0,0 @@
-local wk = require("which-key")
-
-local keys = {
-    name = "Comment/uncomment",
-    c = "Current line",
-    u = "Uncomment the current and adjacent commented lines",
-    ["gc"] = "Uncomment the current and adjacent commented lines",
-}
-
-wk.register(keys, { prefix = "gc" })
diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix
index 2e85ba3..509ae58 100644
--- a/modules/home/vim/default.nix
+++ b/modules/home/vim/default.nix
@@ -40,7 +40,6 @@ in
       lualine-lsp-progress # Show progress for LSP servers
 
       # tpope essentials
-      vim-commentary # Easy comments
       vim-eunuch # UNIX integrations
       vim-fugitive # A 'git' wrapper
       vim-git # Sane git syntax files
@@ -69,7 +68,6 @@ in
       none-ls-nvim # LSP integration for linters and formatters
       nvim-treesitter.withAllGrammars # Better highlighting
       nvim-treesitter-textobjects # More textobjects
-      nvim-ts-context-commentstring # Comment string in nested language blocks
       plenary-nvim # 'null-ls', 'telescope' dependency
 
       # Completion

From e0b66e89f9cd85abccad9307b4d3863955cd4818 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 20 May 2024 20:39:08 +0100
Subject: [PATCH 147/431] home: vim: ftplugin: remove bp

It's now part of the upstream runtime as of v0.10, so this file is
redundant and can be removed.
---
 modules/home/vim/after/ftplugin/bp.vim | 7 -------
 1 file changed, 7 deletions(-)
 delete mode 100644 modules/home/vim/after/ftplugin/bp.vim

diff --git a/modules/home/vim/after/ftplugin/bp.vim b/modules/home/vim/after/ftplugin/bp.vim
deleted file mode 100644
index 1224e7a..0000000
--- a/modules/home/vim/after/ftplugin/bp.vim
+++ /dev/null
@@ -1,7 +0,0 @@
-" Create the `b:undo_ftplugin` variable if it doesn't exist
-call ftplugined#check_undo_ft()
-
-" Add comment format
-setlocal comments=b://,s1:/*,mb:*,ex:*/
-setlocal commentstring=//\ %s
-let b:undo_ftplugin.='|setlocal comments< commentstring<'

From b90da603b1a67ebaa01b9b8ebcffc0f64ab452fe Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 24 May 2024 14:08:10 +0000
Subject: [PATCH 148/431] home: nix: fix typo

---
 modules/home/nix/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/nix/default.nix b/modules/home/nix/default.nix
index 0934189..f8d65ce 100644
--- a/modules/home/nix/default.nix
+++ b/modules/home/nix/default.nix
@@ -27,7 +27,7 @@ in
     };
 
     inputs = {
-      link = my.mkDisableOption "link inputs to `/etc/nix/inputs/`";
+      link = my.mkDisableOption "link inputs to `$XDG_CONFIG_HOME/nix/inputs/`";
 
       addToRegistry = my.mkDisableOption "add inputs and self to registry";
 

From 442d267ca244dc92b6177fa795e308c361eb73f5 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 28 May 2024 13:48:54 +0000
Subject: [PATCH 149/431] home: vim: lsp: add missing type hint

---
 modules/home/vim/lua/ambroisie/lsp.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua
index 31a5bd1..dc47366 100644
--- a/modules/home/vim/lua/ambroisie/lsp.lua
+++ b/modules/home/vim/lua/ambroisie/lsp.lua
@@ -5,7 +5,7 @@ local lsp_format = require("lsp-format")
 
 --- Move to the next/previous diagnostic, automatically showing the diagnostics
 --- float if necessary.
---- @param forward whether to go forward or backwards
+--- @param forward bool whether to go forward or backwards
 local function goto_diagnostic(forward)
     vim.validate({
         forward = { forward, "boolean" },

From 5af0230c5883000d5c1570dc958e42320e8bc517 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 29 May 2024 11:13:30 +0000
Subject: [PATCH 150/431] flake: bump inputs

And undo the overlay for `gruvbox-nvim`.

This reverts commit ccab4d09528edc84a5759a4106b18c3d3fef556d.
---
 flake.lock                                    | 30 +++++++++----------
 overlays/gruvbox-nvim-delimiters/default.nix  |  4 ---
 .../gruvbox-nvim-delimiters/generated.nix     | 14 ---------
 3 files changed, 15 insertions(+), 33 deletions(-)
 delete mode 100644 overlays/gruvbox-nvim-delimiters/default.nix
 delete mode 100644 overlays/gruvbox-nvim-delimiters/generated.nix

diff --git a/flake.lock b/flake.lock
index 5fa4910..5191e9f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -14,11 +14,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1715290355,
-        "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=",
+        "lastModified": 1716561646,
+        "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0",
+        "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1715930644,
-        "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
+        "lastModified": 1716930911,
+        "narHash": "sha256-t4HT5j3Jy7skRB5PINnxcEBCkgE89rGBpwTI7YS4Ffo=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
+        "rev": "a9b36cbe9292a649222b89fdb9ae9907e9c74086",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1715961556,
-        "narHash": "sha256-+NpbZRCRisUHKQJZF3CT+xn14ZZQO+KjxIIanH3Pvn4=",
+        "lastModified": 1716769173,
+        "narHash": "sha256-7EXDb5WBw+d004Agt+JHC/Oyh/KTUglOaQ4MNjBbo5w=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4a6b83b05df1a8bd7d99095ec4b4d271f2956b64",
+        "rev": "9ca3f649614213b2aaf5f1e16ec06952fe4c2632",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1716149933,
-        "narHash": "sha256-0Ui2HmmKvSqxXfT5kCzTu2EO+kqYxavPZHROxQLsI14=",
+        "lastModified": 1716972321,
+        "narHash": "sha256-iB8kNkc+p/9NwmrXgnChB6JFcUtSBSdGESRVliiTCMI=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "0d0e224fe23a49977d871ae2fe2f14c84b03322a",
+        "rev": "3ced449a2fdd845ffde002790691bedf6958f00c",
         "type": "github"
       },
       "original": {
@@ -194,11 +194,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1715870890,
-        "narHash": "sha256-nacSOeXtUEM77Gn0G4bTdEOeFIrkCBXiyyFZtdGwuH0=",
+        "lastModified": 1716213921,
+        "narHash": "sha256-xrsYFST8ij4QWaV6HEokCUNIZLjjLP1bYC60K8XiBVA=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "fa606cccd7b0ccebe2880051208e4a0f61bfc8c1",
+        "rev": "0e8fcc54b842ad8428c9e705cb5994eaf05c26a0",
         "type": "github"
       },
       "original": {
diff --git a/overlays/gruvbox-nvim-delimiters/default.nix b/overlays/gruvbox-nvim-delimiters/default.nix
deleted file mode 100644
index 832e71d..0000000
--- a/overlays/gruvbox-nvim-delimiters/default.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-self: prev:
-{
-  vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { });
-}
diff --git a/overlays/gruvbox-nvim-delimiters/generated.nix b/overlays/gruvbox-nvim-delimiters/generated.nix
deleted file mode 100644
index 7a27a3d..0000000
--- a/overlays/gruvbox-nvim-delimiters/generated.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ fetchpatch, ... }:
-
-_final: prev: {
-  gruvbox-nvim = prev.gruvbox-nvim.overrideAttrs (oa: {
-    patches = (oa.patches or [ ]) ++ [
-      # https://github.com/ellisonleao/gruvbox.nvim/pull/319
-      (fetchpatch {
-        name = "add-Delimiter-highlight-group.patch";
-        url = "https://github.com/ellisonleao/gruvbox.nvim/commit/20f90039564b293330bf97acc36dda8dd9e721a0.patch";
-        hash = "sha256-it4SbgK/2iDVyvtXBfVW2YN9DqELfKsMkuCaunERGcE=";
-      })
-    ];
-  });
-}

From 82a0c65901f3209c47359db9bcdd1bc32e68e3a2 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 4 Jun 2024 22:49:10 +0100
Subject: [PATCH 151/431] home: firefox: tridactyl: add LWN comment toggle

Ideally, I would instead be targeting the `::before` pseudo-element,
which is the _actual_ button, but it doesn't work...
---
 modules/home/firefox/tridactyl/tridactylrc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/home/firefox/tridactyl/tridactylrc b/modules/home/firefox/tridactyl/tridactylrc
index 4dc53cf..5a8ef06 100644
--- a/modules/home/firefox/tridactyl/tridactylrc
+++ b/modules/home/firefox/tridactyl/tridactylrc
@@ -15,8 +15,8 @@ bind --mode=input <C-i> editor_rm
 
 " Binds {{{
 " Reddit et al. {{{
-" Toggle comments on Reddit, Hacker News, Lobste.rs
-bind ;c hint -Jc [class*="expand"],[class*="togg"],[class="comment_folder"]
+" Toggle comments on Reddit, Hacker News, Lobste.rs, LWN
+bind ;c hint -Jc [class*="expand"],[class*="togg"],[class="comment_folder"],[class="CommentTitle"]
 
 " Make `gu` take me back to subreddit from comments
 bindurl reddit.com gu urlparent 3

From c08c8c79d38b36270140b43a2885abe11318bf04 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 10 Jun 2024 12:53:13 +0000
Subject: [PATCH 152/431] home: firefox: tridactyl: fix DDG mapping

---
 modules/home/firefox/tridactyl/tridactylrc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/home/firefox/tridactyl/tridactylrc b/modules/home/firefox/tridactyl/tridactylrc
index 5a8ef06..36bd59d 100644
--- a/modules/home/firefox/tridactyl/tridactylrc
+++ b/modules/home/firefox/tridactyl/tridactylrc
@@ -26,8 +26,8 @@ bindurl www.google.com f hint -Jc #search a
 bindurl www.google.com F hint -Jbc #search a
 
 " Only hint search results on DuckDuckGo
-bindurl ^https://duckduckgo.com f hint -Jc [data-testid="result-title-a"]
-bindurl ^https://duckduckgo.com F hint -Jbc [data-testid="result-title-a"]
+bindurl ^https://duckduckgo.com f hint -Jc [data-testid="result"]
+bindurl ^https://duckduckgo.com F hint -Jbc [data-testid="result"]
 
 " Only hint item pages on Hacker News
 bindurl news.ycombinator.com ;f hint -Jc .age > a

From 7ea10f7823c3e8d5a66fb7bec6df4c2fd2c8055c Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 12 Jun 2024 10:06:31 +0000
Subject: [PATCH 153/431] flake: bump inputs

---
 flake.lock | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/flake.lock b/flake.lock
index 5191e9f..8ad503c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1715865404,
-        "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
+        "lastModified": 1717285511,
+        "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
+        "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1716930911,
-        "narHash": "sha256-t4HT5j3Jy7skRB5PINnxcEBCkgE89rGBpwTI7YS4Ffo=",
+        "lastModified": 1718141734,
+        "narHash": "sha256-cA+6l8ZCZ7MXGijVuY/1f55+wF/RT4PlTR9+g4bx86w=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "a9b36cbe9292a649222b89fdb9ae9907e9c74086",
+        "rev": "892f76bd0aa09a0f7f73eb41834b8a904b6d0fad",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1716769173,
-        "narHash": "sha256-7EXDb5WBw+d004Agt+JHC/Oyh/KTUglOaQ4MNjBbo5w=",
+        "lastModified": 1717974879,
+        "narHash": "sha256-GTO3C88+5DX171F/gVS3Qga/hOs/eRMxPFpiHq2t+D8=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "9ca3f649614213b2aaf5f1e16ec06952fe4c2632",
+        "rev": "c7b821ba2e1e635ba5a76d299af62821cbcb09f3",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1716972321,
-        "narHash": "sha256-iB8kNkc+p/9NwmrXgnChB6JFcUtSBSdGESRVliiTCMI=",
+        "lastModified": 1718184302,
+        "narHash": "sha256-opRL7+wsIxy+r0zP4BkrKUEiljIXhXdboIylH04ggOg=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "3ced449a2fdd845ffde002790691bedf6958f00c",
+        "rev": "4b71c3c633d0a1784960a2350012dbb809bb4dac",
         "type": "github"
       },
       "original": {
@@ -194,11 +194,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1716213921,
-        "narHash": "sha256-xrsYFST8ij4QWaV6HEokCUNIZLjjLP1bYC60K8XiBVA=",
+        "lastModified": 1717664902,
+        "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "0e8fcc54b842ad8428c9e705cb5994eaf05c26a0",
+        "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1",
         "type": "github"
       },
       "original": {

From 10a7111f1c8a0857f9ce06869e1b9f8923025da7 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 12 Jun 2024 21:26:57 +0200
Subject: [PATCH 154/431] nixos: services: mealie: fix DB auth

Turns out the package update [1] was because someone couldn't make it
work on the previous version, and added a new setting to configure it
more easily :-).

[1]: https://github.com/NixOS/nixpkgs/pull/314294
---
 modules/nixos/services/mealie/default.nix | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix
index 55ac376..96b9e14 100644
--- a/modules/nixos/services/mealie/default.nix
+++ b/modules/nixos/services/mealie/default.nix
@@ -35,12 +35,8 @@ in
 
         # Use PostgreSQL
         DB_ENGINE = "postgres";
-        POSTGRES_USER = "mealie";
-        POSTGRES_PASSWORD = "";
-        POSTGRES_SERVER = "/run/postgresql";
-        # Pydantic and/or mealie doesn't handle the URI correctly, hijack it
-        # with query parameters...
-        POSTGRES_DB = "mealie?host=/run/postgresql&dbname=mealie";
+        # Make it work with socket auth
+        POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql";
       };
     };
 

From d37c767a2f0999fbe10e7c2b6a969c1bf39137f3 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 12 Jun 2024 21:29:19 +0200
Subject: [PATCH 155/431] nixos: services: forgejo: fix deprecated config

---
 modules/nixos/services/forgejo/default.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix
index 0f3dfc5..18538be 100644
--- a/modules/nixos/services/forgejo/default.nix
+++ b/modules/nixos/services/forgejo/default.nix
@@ -83,7 +83,11 @@ in
         # I configure my backup system manually below.
         dump.enable = false;
 
-        mailerPasswordFile = lib.mkIf cfg.mail.enable cfg.mail.passwordFile;
+        secrets = {
+          mailer = lib.mkIf cfg.mail.enable {
+            PASSWD = cfg.mail.passwordFile;
+          };
+        };
 
         settings = {
           DEFAULT = {

From 6a9ac77b0c366819a9f10110850c56a311a03cab Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 14 Jun 2024 21:17:21 +0100
Subject: [PATCH 156/431] nixos: hardware: bluetooth: remove pipewire conf

Turns out the wireplumber configuration I was setting up is redundant
with the upstream default (which work better, becomes they use a quirks
database...).

It was also out-of-date due to the update to v0.5, which changed the
configuration format...
---
 modules/nixos/hardware/bluetooth/default.nix | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/modules/nixos/hardware/bluetooth/default.nix b/modules/nixos/hardware/bluetooth/default.nix
index c019b31..e9b1991 100644
--- a/modules/nixos/hardware/bluetooth/default.nix
+++ b/modules/nixos/hardware/bluetooth/default.nix
@@ -24,24 +24,6 @@ in
         extraModules = [ pkgs.pulseaudio-modules-bt ];
         package = pkgs.pulseaudioFull;
       };
-
-      services.pipewire.wireplumber.configPackages = [
-        (pkgs.writeTextDir "share/wireplumber/bluetooth.lua.d/51-bluez-config.lua" ''
-          bluez_monitor.properties = {
-            -- SBC XQ provides better audio
-            ["bluez5.enable-sbc-xq"] = true,
-
-            -- mSBC provides better audio + microphone
-            ["bluez5.enable-msbc"] = true,
-
-            -- Synchronize volume with bluetooth device
-            ["bluez5.enable-hw-volume"] = true,
-
-            -- FIXME: Some devices may now support both hsp_ag and hfp_ag
-            ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
-          }
-        '')
-      ];
     })
 
     # Support for A2DP audio profile

From 64331981d0015e04c45267fcff5087092f1db9fa Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 17 Jun 2024 10:11:50 +0000
Subject: [PATCH 157/431] flake: bump inputs

---
 flake.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/flake.lock b/flake.lock
index 8ad503c..084af23 100644
--- a/flake.lock
+++ b/flake.lock
@@ -14,11 +14,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1716561646,
-        "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=",
+        "lastModified": 1718371084,
+        "narHash": "sha256-abpBi61mg0g+lFFU0zY4C6oP6fBwPzbHPKBGw676xsA=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
+        "rev": "3a56735779db467538fb2e577eda28a9daacaca6",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1718141734,
-        "narHash": "sha256-cA+6l8ZCZ7MXGijVuY/1f55+wF/RT4PlTR9+g4bx86w=",
+        "lastModified": 1718526747,
+        "narHash": "sha256-sKrD/utGvmtQALvuDj4j0CT3AJXP1idOAq2p+27TpeE=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "892f76bd0aa09a0f7f73eb41834b8a904b6d0fad",
+        "rev": "0a7ffb28e5df5844d0e8039c9833d7075cdee792",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1717974879,
-        "narHash": "sha256-GTO3C88+5DX171F/gVS3Qga/hOs/eRMxPFpiHq2t+D8=",
+        "lastModified": 1718318537,
+        "narHash": "sha256-4Zu0RYRcAY/VWuu6awwq4opuiD//ahpc2aFHg2CWqFY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c7b821ba2e1e635ba5a76d299af62821cbcb09f3",
+        "rev": "e9ee548d90ff586a6471b4ae80ae9cfcbceb3420",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1718184302,
-        "narHash": "sha256-opRL7+wsIxy+r0zP4BkrKUEiljIXhXdboIylH04ggOg=",
+        "lastModified": 1718606072,
+        "narHash": "sha256-+BKOI7p2YoNwNQgfdIldS0hmihEjBBLWPOek624sgeg=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "4b71c3c633d0a1784960a2350012dbb809bb4dac",
+        "rev": "6af362f6660ce325faacb9e180e3c2e8d2af3fdd",
         "type": "github"
       },
       "original": {

From 7c61d6dffc119069db44361dedc075ffc036f87d Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 13 Jun 2024 11:17:22 +0000
Subject: [PATCH 158/431] nixos: hardware: graphics: use AMDVLK options

---
 modules/nixos/hardware/graphics/default.nix | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/modules/nixos/hardware/graphics/default.nix b/modules/nixos/hardware/graphics/default.nix
index 3baac02..51ac445 100644
--- a/modules/nixos/hardware/graphics/default.nix
+++ b/modules/nixos/hardware/graphics/default.nix
@@ -35,19 +35,22 @@ in
     (lib.mkIf (cfg.gpuFlavor == "amd") {
       boot.initrd.kernelModules = lib.mkIf cfg.amd.enableKernelModule [ "amdgpu" ];
 
+      hardware.amdgpu = {
+        # Vulkan
+        amdvlk = lib.mkIf cfg.amd.amdvlk {
+          enable = true;
+          support32Bit = {
+            enable = true;
+          };
+        };
+      };
+
       hardware.opengl = {
         extraPackages = with pkgs; [
           # OpenCL
           rocmPackages.clr
           rocmPackages.clr.icd
-        ]
-        ++ lib.optional cfg.amd.amdvlk amdvlk
-        ;
-
-        extraPackages32 = with pkgs; [
-        ]
-        ++ lib.optional cfg.amd.amdvlk driversi686Linux.amdvlk
-        ;
+        ];
       };
     })
 

From 9ab49e06f9abf377b34c86a3e52ea1ba0225f189 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 13 Jun 2024 12:15:41 +0000
Subject: [PATCH 159/431] nixos: hardware: graphics: add 32bit Intel drivers

---
 modules/nixos/hardware/graphics/default.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/nixos/hardware/graphics/default.nix b/modules/nixos/hardware/graphics/default.nix
index 51ac445..65f1056 100644
--- a/modules/nixos/hardware/graphics/default.nix
+++ b/modules/nixos/hardware/graphics/default.nix
@@ -72,6 +72,13 @@ in
           intel-vaapi-driver
           libvdpau-va-gl
         ];
+
+        extraPackages32 = with pkgs.driversi686Linux; [
+          # VA API
+          intel-media-driver
+          intel-vaapi-driver
+          libvdpau-va-gl
+        ];
       };
     })
   ]);

From eb94fca939189fb8f761ffda549d6fc6c4ff3943 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 18 Jun 2024 09:21:42 +0000
Subject: [PATCH 160/431] home: nix: use 'nix.nixPath'

Freshly merged upstream, I've only been waiting ~1 year for it.
---
 modules/home/nix/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/nix/default.nix b/modules/home/nix/default.nix
index f8d65ce..c0bbcc8 100644
--- a/modules/home/nix/default.nix
+++ b/modules/home/nix/default.nix
@@ -96,7 +96,7 @@ in
     })
 
     (lib.mkIf cfg.inputs.addToNixPath {
-      home.sessionVariables.NIX_PATH = "${config.xdg.configHome}/nix/inputs\${NIX_PATH:+:$NIX_PATH}";
+      nix.nixPath = [ "${config.xdg.configHome}/nix/inputs" ];
     })
   ]);
 }

From 468eaa9ed47f3c5077a1e176d3a53e7dc3087fcc Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 18 Jun 2024 13:13:42 +0000
Subject: [PATCH 161/431] home: nixpkgs: use 'escapeShellArg'

---
 modules/home/nixpkgs/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/home/nixpkgs/default.nix b/modules/home/nixpkgs/default.nix
index 720fc9b..a4946db 100644
--- a/modules/home/nixpkgs/default.nix
+++ b/modules/home/nixpkgs/default.nix
@@ -13,8 +13,8 @@ in
     ];
 
     home.sessionVariables = {
-      GITHUB_TOKEN = ''$(cat "${config.age.secrets."github/token".path}")'';
-      GITHUB_API_TOKEN = ''$(cat "${config.age.secrets."github/token".path}")'';
+      GITHUB_TOKEN = ''$(cat ${lib.escapeShellArg config.age.secrets."github/token".path})'';
+      GITHUB_API_TOKEN = ''$(cat ${lib.escapeShellArg config.age.secrets."github/token".path})'';
     };
   };
 }

From c2362795d80946805f613a9351ab934a4b33d38d Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 21 Jun 2024 15:38:12 +0000
Subject: [PATCH 162/431] flake: bump inputs

Fixup `bash-language-server` which has been migrated out of `nodePackages`.
---
 flake.lock                   | 24 ++++++++++++------------
 modules/home/vim/default.nix |  2 +-
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/flake.lock b/flake.lock
index 084af23..9a9275f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1718526747,
-        "narHash": "sha256-sKrD/utGvmtQALvuDj4j0CT3AJXP1idOAq2p+27TpeE=",
+        "lastModified": 1718788307,
+        "narHash": "sha256-SqiOz0sljM0GjyQEVinPXQxaGcbOXw5OgpCWGPgh/vo=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "0a7ffb28e5df5844d0e8039c9833d7075cdee792",
+        "rev": "d7830d05421d0ced83a0f007900898bdcaf2a2ca",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1718318537,
-        "narHash": "sha256-4Zu0RYRcAY/VWuu6awwq4opuiD//ahpc2aFHg2CWqFY=",
+        "lastModified": 1718895438,
+        "narHash": "sha256-k3JqJrkdoYwE3fHE6xGDY676AYmyh4U2Zw+0Bwe5DLU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e9ee548d90ff586a6471b4ae80ae9cfcbceb3420",
+        "rev": "d603719ec6e294f034936c0d0dc06f689d91b6c3",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1718606072,
-        "narHash": "sha256-+BKOI7p2YoNwNQgfdIldS0hmihEjBBLWPOek624sgeg=",
+        "lastModified": 1718980488,
+        "narHash": "sha256-cULCoFNaBcyB9TUMmL6oDKu2FygaZbfn6I5mYwRC4G8=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "6af362f6660ce325faacb9e180e3c2e8d2af3fdd",
+        "rev": "ef74ae1e19df0d2118a4f27d6127f1153469a25e",
         "type": "github"
       },
       "original": {
@@ -194,11 +194,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1717664902,
-        "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=",
+        "lastModified": 1718879355,
+        "narHash": "sha256-RTyqP4fBX2MdhNuMP+fnR3lIwbdtXhyj7w7fwtvgspc=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1",
+        "rev": "8cd35b9496d21a6c55164d8547d9d5280162b07a",
         "type": "github"
       },
       "original": {
diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix
index 509ae58..d7280fb 100644
--- a/modules/home/vim/default.nix
+++ b/modules/home/vim/default.nix
@@ -102,7 +102,7 @@ in
       nixpkgs-fmt
 
       # Shell
-      nodePackages.bash-language-server
+      bash-language-server
       shfmt
     ];
   };

From b73f6af5e018a337aceb72295aa0d3c7b74bbea7 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 21 Jun 2024 15:38:32 +0000
Subject: [PATCH 163/431] nixos: services: flood: use upstream module

---
 modules/nixos/services/flood/default.nix | 26 ++++--------------------
 1 file changed, 4 insertions(+), 22 deletions(-)

diff --git a/modules/nixos/services/flood/default.nix b/modules/nixos/services/flood/default.nix
index 155e73d..b95bac5 100644
--- a/modules/nixos/services/flood/default.nix
+++ b/modules/nixos/services/flood/default.nix
@@ -1,5 +1,5 @@
 # A nice UI for various torrent clients
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
 let
   cfg = config.my.services.flood;
 in
@@ -13,31 +13,13 @@ in
       example = 3000;
       description = "Internal port for Flood UI";
     };
-
-    stateDir = mkOption {
-      type = types.str;
-      default = "flood";
-      example = "floodUI";
-      description = "Directory under `/var/run` for storing Flood's files";
-    };
   };
 
   config = lib.mkIf cfg.enable {
-    systemd.services.flood = {
-      description = "Flood torrent UI";
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
+    services.flood = {
+      enable = true;
 
-      serviceConfig = {
-        ExecStart = lib.concatStringsSep " " [
-          (lib.getExe pkgs.flood)
-          "--port ${builtins.toString cfg.port}"
-          "--rundir /var/lib/${cfg.stateDir}"
-        ];
-        DynamicUser = true;
-        StateDirectory = cfg.stateDir;
-        ReadWritePaths = "";
-      };
+      inherit (cfg) port;
     };
 
     my.services.nginx.virtualHosts = {

From 105e0fbfd0c5d6177490486468098c5634508b5b Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 19 Jun 2024 19:51:53 +0100
Subject: [PATCH 164/431] ci: fix typo

---
 .woodpecker/check.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.woodpecker/check.yml b/.woodpecker/check.yml
index e04cd46..9e885aa 100644
--- a/.woodpecker/check.yml
+++ b/.woodpecker/check.yml
@@ -7,7 +7,7 @@ steps:
   commands:
   - nix flake check
 
-- name: notifiy
+- name: notify
   image: bash
   environment:
     ADDRESS:

From a15f7ec270ed7b2da17f1d7fc8ccf148f5a0cfe4 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 19 Jun 2024 19:52:10 +0100
Subject: [PATCH 165/431] templates: fix typo

---
 templates/c++-cmake/.woodpecker/check.yml  | 2 +-
 templates/c++-meson/.woodpecker/check.yml  | 2 +-
 templates/rust-cargo/.woodpecker/check.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/templates/c++-cmake/.woodpecker/check.yml b/templates/c++-cmake/.woodpecker/check.yml
index 4ff7dba..272c0e4 100644
--- a/templates/c++-cmake/.woodpecker/check.yml
+++ b/templates/c++-cmake/.woodpecker/check.yml
@@ -12,7 +12,7 @@ steps:
   commands:
   - nix flake check
 
-- name: notifiy
+- name: notify
   image: bash
   environment:
     ADDRESS:
diff --git a/templates/c++-meson/.woodpecker/check.yml b/templates/c++-meson/.woodpecker/check.yml
index 4ff7dba..272c0e4 100644
--- a/templates/c++-meson/.woodpecker/check.yml
+++ b/templates/c++-meson/.woodpecker/check.yml
@@ -12,7 +12,7 @@ steps:
   commands:
   - nix flake check
 
-- name: notifiy
+- name: notify
   image: bash
   environment:
     ADDRESS:
diff --git a/templates/rust-cargo/.woodpecker/check.yml b/templates/rust-cargo/.woodpecker/check.yml
index 4ff7dba..272c0e4 100644
--- a/templates/rust-cargo/.woodpecker/check.yml
+++ b/templates/rust-cargo/.woodpecker/check.yml
@@ -12,7 +12,7 @@ steps:
   commands:
   - nix flake check
 
-- name: notifiy
+- name: notify
   image: bash
   environment:
     ADDRESS:

From fc5cb1a47d2a7046dd0d9eef5b5b8cf21c5736bf Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 28 Jun 2024 09:54:50 +0000
Subject: [PATCH 166/431] flake: bump inputs

---
 flake.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/flake.lock b/flake.lock
index 9a9275f..83ccfd7 100644
--- a/flake.lock
+++ b/flake.lock
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1718788307,
-        "narHash": "sha256-SqiOz0sljM0GjyQEVinPXQxaGcbOXw5OgpCWGPgh/vo=",
+        "lastModified": 1719438532,
+        "narHash": "sha256-/Vmso2ZMoFE3M7d1MRsQ2K5sR8CVKnrM6t1ys9Xjpz4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "d7830d05421d0ced83a0f007900898bdcaf2a2ca",
+        "rev": "1a4f12ae0bda877ec4099b429cf439aad897d7e9",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1718895438,
-        "narHash": "sha256-k3JqJrkdoYwE3fHE6xGDY676AYmyh4U2Zw+0Bwe5DLU=",
+        "lastModified": 1719254875,
+        "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d603719ec6e294f034936c0d0dc06f689d91b6c3",
+        "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1718980488,
-        "narHash": "sha256-cULCoFNaBcyB9TUMmL6oDKu2FygaZbfn6I5mYwRC4G8=",
+        "lastModified": 1719564461,
+        "narHash": "sha256-wCFs1sf1tPoV3nCG5N5KaakAKm88FyzN6pRdOsOqNZg=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "ef74ae1e19df0d2118a4f27d6127f1153469a25e",
+        "rev": "7369862c4a8f293f6fde79044369dad7dfc04798",
         "type": "github"
       },
       "original": {
@@ -194,11 +194,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1718879355,
-        "narHash": "sha256-RTyqP4fBX2MdhNuMP+fnR3lIwbdtXhyj7w7fwtvgspc=",
+        "lastModified": 1719259945,
+        "narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "8cd35b9496d21a6c55164d8547d9d5280162b07a",
+        "rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07",
         "type": "github"
       },
       "original": {

From b8952655378f033a484b98f6c748c7beef8740ae Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 28 Jun 2024 18:10:26 +0100
Subject: [PATCH 167/431] nixos: hardware: graphics: fix renamed option

---
 modules/nixos/hardware/graphics/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/nixos/hardware/graphics/default.nix b/modules/nixos/hardware/graphics/default.nix
index 65f1056..89bb1cd 100644
--- a/modules/nixos/hardware/graphics/default.nix
+++ b/modules/nixos/hardware/graphics/default.nix
@@ -26,7 +26,7 @@ in
 
   config = lib.mkIf cfg.enable (lib.mkMerge [
     {
-      hardware.opengl = {
+      hardware.graphics = {
         enable = true;
       };
     }
@@ -45,7 +45,7 @@ in
         };
       };
 
-      hardware.opengl = {
+      hardware.graphics = {
         extraPackages = with pkgs; [
           # OpenCL
           rocmPackages.clr
@@ -62,7 +62,7 @@ in
         VDPAU_DRIVER = "va_gl";
       };
 
-      hardware.opengl = {
+      hardware.graphics = {
         extraPackages = with pkgs; [
           # Open CL
           intel-compute-runtime

From dc90e14e60f755cbe5d0b2ccdceed92221b53ffa Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 1 Jul 2024 09:59:14 +0000
Subject: [PATCH 168/431] home: vim: lspconfig: add 'starpls'

---
 modules/home/vim/plugin/settings/lspconfig.lua | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua
index b3f8954..2f355f4 100644
--- a/modules/home/vim/plugin/settings/lspconfig.lua
+++ b/modules/home/vim/plugin/settings/lspconfig.lua
@@ -76,3 +76,11 @@ if utils.is_executable("bash-language-server") then
         on_attach = lsp.on_attach,
     })
 end
+
+-- Starlark
+if utils.is_executable("starpls") then
+    lspconfig.starpls.setup({
+        capabilities = capabilities,
+        on_attach = lsp.on_attach,
+    })
+end

From f11cdb367514db86063f9c2342a7e29d21dac473 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 8 Jul 2024 13:10:07 +0000
Subject: [PATCH 169/431] home: gdb: use 'mkPackageOption'

---
 modules/home/gdb/default.nix | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/modules/home/gdb/default.nix b/modules/home/gdb/default.nix
index fe8eb69..9e7d81f 100644
--- a/modules/home/gdb/default.nix
+++ b/modules/home/gdb/default.nix
@@ -9,14 +9,7 @@ in
     rr = {
       enable = my.mkDisableOption "rr configuration";
 
-      package = mkOption {
-        type = types.package;
-        default = pkgs.rr;
-        defaultText = literalExample "pkgs.rr";
-        description = ''
-          Package providing rr
-        '';
-      };
+      package = mkPackageOption pkgs "rr" { };
     };
   };
 

From 4943df69ef8015ee0f36ef3997fb60a52d6e7903 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 8 Jul 2024 13:12:21 +0000
Subject: [PATCH 170/431] home: gdb: add 'package' option

---
 modules/home/gdb/default.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/home/gdb/default.nix b/modules/home/gdb/default.nix
index 9e7d81f..efb49e2 100644
--- a/modules/home/gdb/default.nix
+++ b/modules/home/gdb/default.nix
@@ -6,6 +6,8 @@ in
   options.my.home.gdb = with lib; {
     enable = my.mkDisableOption "gdb configuration";
 
+    package = mkPackageOption pkgs "gdb" { };
+
     rr = {
       enable = my.mkDisableOption "rr configuration";
 
@@ -16,7 +18,7 @@ in
   config = lib.mkIf cfg.enable (lib.mkMerge [
     {
       home.packages = with pkgs; [
-        gdb
+        cfg.package
       ];
 
       xdg = {

From abb78d63e24dadbe6c76af753a9433b44d62d323 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 8 Jul 2024 13:10:28 +0000
Subject: [PATCH 171/431] home: calibre: add 'package' option

---
 modules/home/calibre/default.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/home/calibre/default.nix b/modules/home/calibre/default.nix
index 6edf654..de7c126 100644
--- a/modules/home/calibre/default.nix
+++ b/modules/home/calibre/default.nix
@@ -5,11 +5,13 @@ in
 {
   options.my.home.calibre = with lib; {
     enable = mkEnableOption "calibre configuration";
+
+    package = mkPackageOption pkgs "calibre" { };
   };
 
   config = lib.mkIf cfg.enable {
     home.packages = with pkgs; [
-      calibre
+      cfg.package
     ];
   };
 }

From 1644e952435590c2f263624c7e649e91248eae63 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 8 Jul 2024 13:11:30 +0000
Subject: [PATCH 172/431] home: discord: add 'package' option

---
 modules/home/discord/default.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/home/discord/default.nix b/modules/home/discord/default.nix
index 7348bb4..bfa5d40 100644
--- a/modules/home/discord/default.nix
+++ b/modules/home/discord/default.nix
@@ -7,11 +7,13 @@ in
 {
   options.my.home.discord = with lib; {
     enable = mkEnableOption "discord configuration";
+
+    package = mkPackageOption pkgs "discord" { };
   };
 
   config = lib.mkIf cfg.enable {
     home.packages = with pkgs; [
-      discord
+      cfg.package
     ];
 
     xdg.configFile."discord/settings.json".source =

From 04de570926161cf47201322fae92168a7f07aa34 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 8 Jul 2024 13:27:30 +0000
Subject: [PATCH 173/431] home: atuin: add 'package' option

---
 modules/home/atuin/default.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/modules/home/atuin/default.nix b/modules/home/atuin/default.nix
index b8973cc..3f06263 100644
--- a/modules/home/atuin/default.nix
+++ b/modules/home/atuin/default.nix
@@ -1,15 +1,19 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 let
   cfg = config.my.home.atuin;
 in
 {
   options.my.home.atuin = with lib; {
     enable = my.mkDisableOption "atuin configuration";
+
+    # I want the full experience by default
+    package = mkPackageOption pkgs "atuin" { };
   };
 
   config = lib.mkIf cfg.enable {
     programs.atuin = {
       enable = true;
+      inherit (cfg) package;
 
       flags = [
         # I *despise* this hijacking of the up key, even though I use Ctrl-p

From 6a6f3aed63cb2cf04f42a17d5329bfeed3c4f62f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 10 Jul 2024 21:40:36 +0100
Subject: [PATCH 174/431] home: vim: migrate to 'oil.nvim'

---
 modules/home/vim/after/ftplugin/netrw.vim |  6 ------
 modules/home/vim/default.nix              |  2 +-
 modules/home/vim/plugin/settings/oil.lua  | 19 +++++++++++++++++++
 3 files changed, 20 insertions(+), 7 deletions(-)
 delete mode 100644 modules/home/vim/after/ftplugin/netrw.vim
 create mode 100644 modules/home/vim/plugin/settings/oil.lua

diff --git a/modules/home/vim/after/ftplugin/netrw.vim b/modules/home/vim/after/ftplugin/netrw.vim
deleted file mode 100644
index e3689f8..0000000
--- a/modules/home/vim/after/ftplugin/netrw.vim
+++ /dev/null
@@ -1,6 +0,0 @@
-" Create the `b:undo_ftplugin` variable if it doesn't exist
-call ftplugined#check_undo_ft()
-
-" Don't show Netrw in buffer list
-setlocal bufhidden=delete
-let b:undo_ftplugin='|setlocal bufhidden<'
diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix
index d7280fb..e2c3504 100644
--- a/modules/home/vim/default.nix
+++ b/modules/home/vim/default.nix
@@ -46,7 +46,6 @@ in
       vim-repeat # Enanche '.' for plugins
       vim-rsi # Readline mappings
       vim-unimpaired # Some ex command mappings
-      vim-vinegar # Better netrw
 
       # Languages
       rust-vim
@@ -85,6 +84,7 @@ in
       dressing-nvim # Integrate native UI hooks with Telescope etc...
       gitsigns-nvim # Fast git UI integration
       nvim-surround # Deal with pairs, now in Lua
+      oil-nvim # Better alternative to NetrW
       telescope-fzf-native-nvim # Use 'fzf' fuzzy matching algorithm
       telescope-lsp-handlers-nvim # Use 'telescope' for various LSP actions
       telescope-nvim # Fuzzy finder interface
diff --git a/modules/home/vim/plugin/settings/oil.lua b/modules/home/vim/plugin/settings/oil.lua
new file mode 100644
index 0000000..451345d
--- /dev/null
+++ b/modules/home/vim/plugin/settings/oil.lua
@@ -0,0 +1,19 @@
+local oil = require("oil")
+local wk = require("which-key")
+
+oil.setup({
+    view_options = {
+        -- Show files and directories that start with "." by default
+        show_hidden = true,
+        -- But never '..'
+        is_always_hidden = function(name, bufnr)
+            return name == ".."
+        end,
+    },
+})
+
+local keys = {
+    ["-"] = { oil.open, "Open parent directory" },
+}
+
+wk.register(keys)

From 452399ee4c036663e2aef0a802120445591931a6 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 10 Jul 2024 22:16:51 +0100
Subject: [PATCH 175/431] home: vim: oil: add detail view toggle mapping

---
 modules/home/vim/plugin/settings/oil.lua | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/modules/home/vim/plugin/settings/oil.lua b/modules/home/vim/plugin/settings/oil.lua
index 451345d..e4a6716 100644
--- a/modules/home/vim/plugin/settings/oil.lua
+++ b/modules/home/vim/plugin/settings/oil.lua
@@ -1,6 +1,8 @@
 local oil = require("oil")
 local wk = require("which-key")
 
+local detail = false
+
 oil.setup({
     view_options = {
         -- Show files and directories that start with "." by default
@@ -10,6 +12,19 @@ oil.setup({
             return name == ".."
         end,
     },
+    keymaps = {
+        ["gd"] = {
+            desc = "Toggle file detail view",
+            callback = function()
+                detail = not detail
+                if detail then
+                    oil.set_columns({ "icon", "permissions", "size", "mtime" })
+                else
+                    oil.set_columns({ "icon" })
+                end
+            end,
+        },
+    },
 })
 
 local keys = {

From 0de9966127b4177ad0c0760c72e9849c383a0a5f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 10 Jul 2024 22:45:48 +0100
Subject: [PATCH 176/431] home: vim: remove redundant 'nobackup'

It's already the default.
---
 modules/home/vim/init.vim | 2 --
 1 file changed, 2 deletions(-)

diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim
index 3a74c4f..eba0c25 100644
--- a/modules/home/vim/init.vim
+++ b/modules/home/vim/init.vim
@@ -38,8 +38,6 @@ set tabstop=8
 
 " File parameters {{{
 """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
-" Disable backups, we have source control for that
-set nobackup
 " Disable swapfiles too
 set noswapfile
 " }}}

From 16d68022ebfaf8108ab73a99c54a84bbc811511d Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 10 Jul 2024 22:47:14 +0100
Subject: [PATCH 177/431] home: vim: enable swap and undo files

Trying it on for size, since NeoVim does use XDG directories for those.
---
 modules/home/vim/init.vim | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim
index eba0c25..a5a06f4 100644
--- a/modules/home/vim/init.vim
+++ b/modules/home/vim/init.vim
@@ -38,8 +38,10 @@ set tabstop=8
 
 " File parameters {{{
 """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
-" Disable swapfiles too
-set noswapfile
+" Enable swap files
+set swapfile
+" And undo files
+set undofile
 " }}}
 
 " UI and UX parameters {{{

From 88e4d72366955f31f6dcae0caeffb78cdb7b810a Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 12 Jul 2024 19:52:03 +0100
Subject: [PATCH 178/431] home: vim: git: use lua in visual mappings

I thought the partial staging feature had broken, but it looks to be
unrelated [1].

[1]: https://github.com/lewis6991/gitsigns.nvim/issues/1088
---
 modules/home/vim/plugin/settings/git.lua | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua
index 4dbebca..5ae03e1 100644
--- a/modules/home/vim/plugin/settings/git.lua
+++ b/modules/home/vim/plugin/settings/git.lua
@@ -1,6 +1,15 @@
 local gitsigns = require("gitsigns")
 local wk = require("which-key")
 
+--- Transform `f` into a function which acts on the current visual selection
+local function make_visual(f)
+    return function()
+        local first = vim.fn.line("v")
+        local last = vim.fn.line(".")
+        f({ first, last })
+    end
+end
+
 gitsigns.setup({
     current_line_blame_opts = {
         -- Show the blame quickly
@@ -43,13 +52,12 @@ local objects = {
 local visual = {
     ["ih"] = { gitsigns.select_hunk, "Git hunk" },
 
-    -- Only the actual command can make use of the visual selection...
     ["<leader>g"] = {
         name = "Git",
-        p = { ":Gitsigns preview_hunk<CR>", "Preview selection" },
-        r = { ":Gitsigns reset_hunk<CR>", "Restore selection" },
-        s = { ":Gitsigns stage_hunk<CR>", "Stage selection" },
-        u = { ":Gitsigns undo_stage_hunk<CR>", "Undo stage selection" },
+        p = { gitsigns.preview_hunk, "Preview selection" },
+        r = { make_visual(gitsigns.reset_hunk), "Restore selection" },
+        s = { make_visual(gitsigns.stage_hunk), "Stage selection" },
+        u = { gitsigns.undo_stage_hunk, "Undo stage selection" },
     },
 }
 

From 966934a8bc1475b20fe03b2749916fb769d36051 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 12 Jul 2024 20:11:51 +0100
Subject: [PATCH 179/431] home: vim: git: use lua in hunk mappings

---
 modules/home/vim/plugin/settings/git.lua | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua
index 5ae03e1..0ef647e 100644
--- a/modules/home/vim/plugin/settings/git.lua
+++ b/modules/home/vim/plugin/settings/git.lua
@@ -10,6 +10,20 @@ local function make_visual(f)
     end
 end
 
+local function nav_hunk(dir)
+    return function()
+        if vim.wo.diff then
+            local map = {
+                prev = "[c",
+                next = "]c",
+            }
+            vim.cmd.normal({ map[dir], bang = true })
+        else
+            gitsigns.nav_hunk(dir)
+        end
+    end
+end
+
 gitsigns.setup({
     current_line_blame_opts = {
         -- Show the blame quickly
@@ -19,8 +33,8 @@ gitsigns.setup({
 
 local keys = {
     -- Navigation
-    ["[c"] = { "&diff ? '[c' : '<cmd>Gitsigns prev_hunk<CR>'", "Previous hunk/diff", expr = true },
-    ["]c"] = { "&diff ? ']c' : '<cmd>Gitsigns next_hunk<CR>'", "Next hunk/diff", expr = true },
+    ["[c"] = { nav_hunk("prev"), "Previous hunk/diff" },
+    ["]c"] = { nav_hunk("next"), "Next hunk/diff" },
 
     -- Commands
     ["<leader>g"] = {

From bcd9a31bb8f61d6355f4c9ee4a6e777087889b09 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 12 Jul 2024 20:34:51 +0100
Subject: [PATCH 180/431] home: vim: lua: utils: add 'partial'

Love me some functional goodness.

This was taken from [1].

[1]: https://reddit.com/r/lua/comments/fh2go5
---
 modules/home/vim/lua/ambroisie/utils.lua | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/modules/home/vim/lua/ambroisie/utils.lua b/modules/home/vim/lua/ambroisie/utils.lua
index 3d2dd3b..c9e9292 100644
--- a/modules/home/vim/lua/ambroisie/utils.lua
+++ b/modules/home/vim/lua/ambroisie/utils.lua
@@ -48,4 +48,22 @@ M.list_lsp_clients = function(bufnr)
     return names
 end
 
+--- partially apply a function with given arguments
+M.partial = function(f, ...)
+    local a = { ... }
+    local a_len = select("#", ...)
+
+    return function(...)
+        local tmp = { ... }
+        local tmp_len = select("#", ...)
+
+        -- Merge arg lists
+        for i = 1, tmp_len do
+            a[a_len + i] = tmp[i]
+        end
+
+        return f(unpack(a, 1, a_len + tmp_len))
+    end
+end
+
 return M

From 5592a120a4f0c9c40d7f3228d2b989f8d3d8c149 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 12 Jul 2024 20:38:40 +0100
Subject: [PATCH 181/431] home: vim: git: use 'partial'

---
 modules/home/vim/plugin/settings/git.lua | 26 +++++++++++-------------
 1 file changed, 12 insertions(+), 14 deletions(-)

diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua
index 0ef647e..de5bb69 100644
--- a/modules/home/vim/plugin/settings/git.lua
+++ b/modules/home/vim/plugin/settings/git.lua
@@ -1,4 +1,5 @@
 local gitsigns = require("gitsigns")
+local utils = require("ambroisie.utils")
 local wk = require("which-key")
 
 --- Transform `f` into a function which acts on the current visual selection
@@ -11,16 +12,14 @@ local function make_visual(f)
 end
 
 local function nav_hunk(dir)
-    return function()
-        if vim.wo.diff then
-            local map = {
-                prev = "[c",
-                next = "]c",
-            }
-            vim.cmd.normal({ map[dir], bang = true })
-        else
-            gitsigns.nav_hunk(dir)
-        end
+    if vim.wo.diff then
+        local map = {
+            prev = "[c",
+            next = "]c",
+        }
+        vim.cmd.normal({ map[dir], bang = true })
+    else
+        gitsigns.nav_hunk(dir)
     end
 end
 
@@ -33,8 +32,8 @@ gitsigns.setup({
 
 local keys = {
     -- Navigation
-    ["[c"] = { nav_hunk("prev"), "Previous hunk/diff" },
-    ["]c"] = { nav_hunk("next"), "Next hunk/diff" },
+    ["[c"] = { utils.partial(nav_hunk, "prev"), "Previous hunk/diff" },
+    ["]c"] = { utils.partial(nav_hunk, "next"), "Next hunk/diff" },
 
     -- Commands
     ["<leader>g"] = {
@@ -42,8 +41,7 @@ local keys = {
         -- Actions
         b = { gitsigns.toggle_current_line_blame, "Toggle blame virtual text" },
         d = { gitsigns.diffthis, "Diff buffer" },
-        -- stylua: ignore
-        D = { function() gitsigns.diffthis("~") end, "Diff buffer against last commit" },
+        D = { utils.partial(gitsigns.diffthis, "~"), "Diff buffer against last commit" },
         g = { "<cmd>Git<CR>", "Git status" },
         h = { gitsigns.toggle_deleted, "Show deleted hunks" },
         L = { "<cmd>:sp<CR><C-w>T:Gllog --follow -- %:p<CR>", "Current buffer log" },

From 5ffe2653c0499afda8b2c9b933b2ef9554c23510 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 12 Jul 2024 20:59:58 +0100
Subject: [PATCH 182/431] home: vim: git: work around partial staging issue

See [1].

[1]: https://github.com/lewis6991/gitsigns.nvim/issues/929
---
 modules/home/vim/plugin/settings/git.lua | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua
index de5bb69..404abfc 100644
--- a/modules/home/vim/plugin/settings/git.lua
+++ b/modules/home/vim/plugin/settings/git.lua
@@ -28,6 +28,8 @@ gitsigns.setup({
         -- Show the blame quickly
         delay = 100,
     },
+    -- Work-around for https://github.com/lewis6991/gitsigns.nvim/issues/929
+    signs_staged_enable = false,
 })
 
 local keys = {

From 280829b54f55760119c37b15c2d68e6e6535001d Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 15 Jul 2024 20:34:09 +0100
Subject: [PATCH 183/431] home: vim: signtoggle: fix toggling

Don't know how I missed this for so long...
---
 modules/home/vim/plugin/signtoggle.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/vim/plugin/signtoggle.lua b/modules/home/vim/plugin/signtoggle.lua
index d6a26e2..60f6a65 100644
--- a/modules/home/vim/plugin/signtoggle.lua
+++ b/modules/home/vim/plugin/signtoggle.lua
@@ -9,7 +9,7 @@ vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "WinEnter" }, {
 vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "WinLeave" }, {
     pattern = "*",
     group = signtoggle,
-    command = "setlocal signcolumn=yes",
+    command = "setlocal signcolumn=no",
 })
 
 -- Never show the sign column in a terminal buffer

From a7c542784c2ceb2ad4bbe605b8362794a69f0193 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 15 Jul 2024 20:40:37 +0100
Subject: [PATCH 184/431] home: vim: numbertoggle: use lua callbacks

Use `vim.opt` because those are local options (i.e: similar to `set` it
defaults to setting it locally, `vim.opt_local` is not necessary).
---
 modules/home/vim/plugin/numbertoggle.lua | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/modules/home/vim/plugin/numbertoggle.lua b/modules/home/vim/plugin/numbertoggle.lua
index 1f97fc8..8042710 100644
--- a/modules/home/vim/plugin/numbertoggle.lua
+++ b/modules/home/vim/plugin/numbertoggle.lua
@@ -7,17 +7,28 @@ local numbertoggle = vim.api.nvim_create_augroup("numbertoggle", { clear = true
 vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "InsertLeave", "WinEnter" }, {
     pattern = "*",
     group = numbertoggle,
-    command = "if &nu | setlocal rnu | endif",
+    callback = function()
+        if vim.opt.number:get() then
+            vim.opt.relativenumber = true
+        end
+    end,
 })
 vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "InsertEnter", "WinLeave" }, {
     pattern = "*",
     group = numbertoggle,
-    command = "if &nu | setlocal nornu | endif",
+    callback = function()
+        if vim.opt.number:get() then
+            vim.opt.relativenumber = false
+        end
+    end,
 })
 
 -- Never show the sign column in a terminal buffer
 vim.api.nvim_create_autocmd({ "TermOpen" }, {
     pattern = "*",
     group = numbertoggle,
-    command = "setlocal nonu nornu",
+    callback = function()
+        vim.opt.number = false
+        vim.opt.relativenumber = false
+    end,
 })

From 5918a0b9e6b246f69607c78d2dd68192849d724c Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 15 Jul 2024 20:40:59 +0100
Subject: [PATCH 185/431] home: vim: signtoggle: use lua callbacks

Use `vim.opt` because this is a local option (i.e: similar to `set` it
defaults to setting it locally, `vim.opt_local` is not necessary).
---
 modules/home/vim/plugin/signtoggle.lua | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/modules/home/vim/plugin/signtoggle.lua b/modules/home/vim/plugin/signtoggle.lua
index 60f6a65..9765a81 100644
--- a/modules/home/vim/plugin/signtoggle.lua
+++ b/modules/home/vim/plugin/signtoggle.lua
@@ -4,17 +4,23 @@ local signtoggle = vim.api.nvim_create_augroup("signtoggle", { clear = true })
 vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "WinEnter" }, {
     pattern = "*",
     group = signtoggle,
-    command = "setlocal signcolumn=yes",
+    callback = function()
+        vim.opt.signcolumn = "yes"
+    end,
 })
 vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "WinLeave" }, {
     pattern = "*",
     group = signtoggle,
-    command = "setlocal signcolumn=no",
+    callback = function()
+        vim.opt.signcolumn = "no"
+    end,
 })
 
 -- Never show the sign column in a terminal buffer
 vim.api.nvim_create_autocmd({ "TermOpen" }, {
     pattern = "*",
     group = signtoggle,
-    command = "setlocal signcolumn=no",
+    callback = function()
+        vim.opt.signcolumn = "no"
+    end,
 })

From 82f49f1389591f04440471422e542608edb6a326 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 19 Jul 2024 11:10:49 +0000
Subject: [PATCH 186/431] home: vim: telescope: move mappings from 'after'

---
 .../home/vim/after/plugin/mappings/telescope.lua  | 15 ---------------
 modules/home/vim/plugin/settings/telescope.lua    | 15 +++++++++++++++
 2 files changed, 15 insertions(+), 15 deletions(-)
 delete mode 100644 modules/home/vim/after/plugin/mappings/telescope.lua

diff --git a/modules/home/vim/after/plugin/mappings/telescope.lua b/modules/home/vim/after/plugin/mappings/telescope.lua
deleted file mode 100644
index 0867b36..0000000
--- a/modules/home/vim/after/plugin/mappings/telescope.lua
+++ /dev/null
@@ -1,15 +0,0 @@
-local wk = require("which-key")
-local telescope_builtin = require("telescope.builtin")
-
-local keys = {
-    f = {
-        name = "Fuzzy finder",
-        b = { telescope_builtin.buffers, "Open buffers" },
-        f = { telescope_builtin.git_files, "Git tracked files" },
-        F = { telescope_builtin.find_files, "Files" },
-        g = { telescope_builtin.live_grep, "Grep string" },
-        G = { telescope_builtin.grep_string, "Grep string under cursor" },
-    },
-}
-
-wk.register(keys, { prefix = "<leader>" })
diff --git a/modules/home/vim/plugin/settings/telescope.lua b/modules/home/vim/plugin/settings/telescope.lua
index 4548ec5..64cc298 100644
--- a/modules/home/vim/plugin/settings/telescope.lua
+++ b/modules/home/vim/plugin/settings/telescope.lua
@@ -1,4 +1,6 @@
 local telescope = require("telescope")
+local telescope_builtin = require("telescope.builtin")
+local wk = require("which-key")
 
 telescope.setup({
     defaults = {
@@ -22,3 +24,16 @@ telescope.setup({
 
 telescope.load_extension("fzf")
 telescope.load_extension("lsp_handlers")
+
+local keys = {
+    f = {
+        name = "Fuzzy finder",
+        b = { telescope_builtin.buffers, "Open buffers" },
+        f = { telescope_builtin.git_files, "Git tracked files" },
+        F = { telescope_builtin.find_files, "Files" },
+        g = { telescope_builtin.live_grep, "Grep string" },
+        G = { telescope_builtin.grep_string, "Grep string under cursor" },
+    },
+}
+
+wk.register(keys, { prefix = "<leader>" })

From 3438290e32adb1dfcc3e69b86f83effa279a7c27 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 19 Jul 2024 11:13:11 +0000
Subject: [PATCH 187/431] home: vim: tree-sitter: move mappings from 'after'

---
 .../mappings/tree-sitter-textobjects.lua      | 30 ------------------
 .../home/vim/plugin/settings/tree-sitter.lua  | 31 +++++++++++++++++++
 2 files changed, 31 insertions(+), 30 deletions(-)
 delete mode 100644 modules/home/vim/after/plugin/mappings/tree-sitter-textobjects.lua

diff --git a/modules/home/vim/after/plugin/mappings/tree-sitter-textobjects.lua b/modules/home/vim/after/plugin/mappings/tree-sitter-textobjects.lua
deleted file mode 100644
index 631731c..0000000
--- a/modules/home/vim/after/plugin/mappings/tree-sitter-textobjects.lua
+++ /dev/null
@@ -1,30 +0,0 @@
-local wk = require("which-key")
-
-local motions = {
-    ["]m"] = "Next method start",
-    ["]M"] = "Next method end",
-    ["]S"] = "Next statement start",
-    ["]]"] = "Next class start",
-    ["]["] = "Next class end",
-    ["[m"] = "Previous method start",
-    ["[M"] = "Previous method end",
-    ["[S"] = "Previous statement start",
-    ["[["] = "Previous class start",
-    ["[]"] = "Previous class end",
-}
-
-local objects = {
-    ["aa"] = "a parameter",
-    ["ia"] = "inner parameter",
-    ["ab"] = "a block",
-    ["ib"] = "inner block",
-    ["ac"] = "a class",
-    ["ic"] = "inner class",
-    ["af"] = "a function",
-    ["if"] = "inner function",
-    ["ak"] = "a comment",
-    ["aS"] = "a statement",
-}
-
-wk.register(motions, { mode = "n" })
-wk.register(objects, { mode = "o" })
diff --git a/modules/home/vim/plugin/settings/tree-sitter.lua b/modules/home/vim/plugin/settings/tree-sitter.lua
index 5503857..4584c85 100644
--- a/modules/home/vim/plugin/settings/tree-sitter.lua
+++ b/modules/home/vim/plugin/settings/tree-sitter.lua
@@ -1,4 +1,6 @@
 local ts_config = require("nvim-treesitter.configs")
+local wk = require("which-key")
+
 ts_config.setup({
     highlight = {
         enable = true,
@@ -51,3 +53,32 @@ ts_config.setup({
         },
     },
 })
+
+local motions = {
+    ["]m"] = "Next method start",
+    ["]M"] = "Next method end",
+    ["]S"] = "Next statement start",
+    ["]]"] = "Next class start",
+    ["]["] = "Next class end",
+    ["[m"] = "Previous method start",
+    ["[M"] = "Previous method end",
+    ["[S"] = "Previous statement start",
+    ["[["] = "Previous class start",
+    ["[]"] = "Previous class end",
+}
+
+local objects = {
+    ["aa"] = "a parameter",
+    ["ia"] = "inner parameter",
+    ["ab"] = "a block",
+    ["ib"] = "inner block",
+    ["ac"] = "a class",
+    ["ic"] = "inner class",
+    ["af"] = "a function",
+    ["if"] = "inner function",
+    ["ak"] = "a comment",
+    ["aS"] = "a statement",
+}
+
+wk.register(motions, { mode = "n" })
+wk.register(objects, { mode = "o" })

From c6735f3912041595610b64f4b2231ca836b39ebe Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 19 Jul 2024 11:32:10 +0000
Subject: [PATCH 188/431] home: vime: tree-sitter: remove 'which-key'

The plug-in now has support for setting mapping descriptions by itself.
---
 .../home/vim/plugin/settings/tree-sitter.lua  | 70 ++++++-------------
 1 file changed, 20 insertions(+), 50 deletions(-)

diff --git a/modules/home/vim/plugin/settings/tree-sitter.lua b/modules/home/vim/plugin/settings/tree-sitter.lua
index 4584c85..d5fff46 100644
--- a/modules/home/vim/plugin/settings/tree-sitter.lua
+++ b/modules/home/vim/plugin/settings/tree-sitter.lua
@@ -1,5 +1,4 @@
 local ts_config = require("nvim-treesitter.configs")
-local wk = require("which-key")
 
 ts_config.setup({
     highlight = {
@@ -16,16 +15,16 @@ ts_config.setup({
             -- Jump to matching text objects
             lookahead = true,
             keymaps = {
-                ["aa"] = "@parameter.outer",
-                ["ia"] = "@parameter.inner",
-                ["ab"] = "@block.outer",
-                ["ib"] = "@block.inner",
-                ["ac"] = "@class.outer",
-                ["ic"] = "@class.inner",
-                ["af"] = "@function.outer",
-                ["if"] = "@function.inner",
-                ["ak"] = "@comment.outer",
-                ["aS"] = "@statement.outer",
+                ["aa"] = { query = "@parameter.outer", desc = "a parameter" },
+                ["ia"] = { query = "@parameter.inner", desc = "inner parameter" },
+                ["ab"] = { query = "@block.outer", desc = "a block" },
+                ["ib"] = { query = "@block.inner", desc = "inner block" },
+                ["ac"] = { query = "@class.outer", desc = "a class" },
+                ["ic"] = { query = "@class.inner", desc = "inner class" },
+                ["af"] = { query = "@function.outer", desc = "a function" },
+                ["if"] = { query = "@function.inner", desc = "inner function" },
+                ["ak"] = { query = "@comment.outer", desc = "a comment" },
+                ["aS"] = { query = "@statement.outer", desc = "a statement" },
             },
         },
         move = {
@@ -33,52 +32,23 @@ ts_config.setup({
             -- Add to jump list
             set_jumps = true,
             goto_next_start = {
-                ["]m"] = "@function.outer",
-                ["]S"] = "@statement.outer",
-                ["]]"] = "@class.outer",
+                ["]m"] = { query = "@function.outer", desc = "Next method start" },
+                ["]S"] = { query = "@statement.outer", desc = "Next statement start" },
+                ["]]"] = { query = "@class.outer", desc = "Next class start" },
             },
             goto_next_end = {
-                ["]M"] = "@function.outer",
-                ["]["] = "@class.outer",
+                ["]M"] = { query = "@function.outer", desc = "Next method end" },
+                ["]["] = { query = "@class.outer", desc = "Next class end" },
             },
             goto_previous_start = {
-                ["[m"] = "@function.outer",
-                ["[S"] = "@statement.outer",
-                ["[["] = "@class.outer",
+                ["[m"] = { query = "@function.outer", desc = "Previous method start" },
+                ["[S"] = { query = "@statement.outer", desc = "Previous statement start" },
+                ["[["] = { query = "@class.outer", desc = "Previous class start" },
             },
             goto_previous_end = {
-                ["[M"] = "@function.outer",
-                ["[]"] = "@class.outer",
+                ["[M"] = { query = "@function.outer", desc = "Previous method end" },
+                ["[]"] = { query = "@class.outer", desc = "Previous class end" },
             },
         },
     },
 })
-
-local motions = {
-    ["]m"] = "Next method start",
-    ["]M"] = "Next method end",
-    ["]S"] = "Next statement start",
-    ["]]"] = "Next class start",
-    ["]["] = "Next class end",
-    ["[m"] = "Previous method start",
-    ["[M"] = "Previous method end",
-    ["[S"] = "Previous statement start",
-    ["[["] = "Previous class start",
-    ["[]"] = "Previous class end",
-}
-
-local objects = {
-    ["aa"] = "a parameter",
-    ["ia"] = "inner parameter",
-    ["ab"] = "a block",
-    ["ib"] = "inner block",
-    ["ac"] = "a class",
-    ["ic"] = "inner class",
-    ["af"] = "a function",
-    ["if"] = "inner function",
-    ["ak"] = "a comment",
-    ["aS"] = "a statement",
-}
-
-wk.register(motions, { mode = "n" })
-wk.register(objects, { mode = "o" })

From abaa7119e7ba773045e66be0884796b323919346 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 20 Jul 2024 11:34:42 +0100
Subject: [PATCH 189/431] home: vim: consistent 'unimpaired' mapping names

---
 modules/home/vim/after/plugin/mappings/unimpaired.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/home/vim/after/plugin/mappings/unimpaired.lua b/modules/home/vim/after/plugin/mappings/unimpaired.lua
index f502056..e171d8f 100644
--- a/modules/home/vim/after/plugin/mappings/unimpaired.lua
+++ b/modules/home/vim/after/plugin/mappings/unimpaired.lua
@@ -86,7 +86,7 @@ local keys = {
         z = "Spell checking",
     },
     ["]o"] = {
-        name = "Option off",
+        name = "Disable option",
         b = "Light background",
         c = "Cursor line",
         d = "Diff",
@@ -105,7 +105,7 @@ local keys = {
         z = "Spell checking",
     },
     ["yo"] = {
-        name = "Option toggle",
+        name = "Toggle option",
         b = "Light background",
         c = "Cursor line",
         d = "Diff",

From 326f9d039a2811531e48dacb6b30590fe6172e6a Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 22 Jul 2024 16:05:54 +0000
Subject: [PATCH 190/431] home: vim: disable 'swapfile'

As before, I still dislike this option and find its downsides worse than
its upsides.
---
 modules/home/vim/init.vim | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim
index a5a06f4..0186614 100644
--- a/modules/home/vim/init.vim
+++ b/modules/home/vim/init.vim
@@ -38,9 +38,9 @@ set tabstop=8
 
 " File parameters {{{
 """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
-" Enable swap files
-set swapfile
-" And undo files
+" Disable swap files
+set noswapfile
+" Enable undo files
 set undofile
 " }}}
 

From 997f208d305cbedfbfbd9f6e93d3caf95225775a Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 24 Jul 2024 16:33:09 +0000
Subject: [PATCH 191/431] home: vim: remove irrelevant filetype plugins

I don't make use of their non-upstreamed functionality.
---
 modules/home/vim/default.nix | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix
index e2c3504..a063483 100644
--- a/modules/home/vim/default.nix
+++ b/modules/home/vim/default.nix
@@ -48,11 +48,7 @@ in
       vim-unimpaired # Some ex command mappings
 
       # Languages
-      rust-vim
       vim-beancount
-      vim-jsonnet
-      vim-nix
-      vim-toml
 
       # General enhancements
       vim-qf # Better quick-fix list

From 442eef04826277d1eb562665b49b3215e59b445e Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 25 Jul 2024 09:39:38 +0000
Subject: [PATCH 192/431] home: vim: git: fix deprecated functions

---
 modules/home/vim/plugin/settings/git.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua
index 404abfc..0e3bc5e 100644
--- a/modules/home/vim/plugin/settings/git.lua
+++ b/modules/home/vim/plugin/settings/git.lua
@@ -54,8 +54,8 @@ local keys = {
         s = { gitsigns.stage_hunk, "Stage hunk" },
         S = { gitsigns.stage_buffer, "Stage buffer" },
         u = { gitsigns.undo_stage_hunk, "Undo stage hunk" },
-        ["["] = { gitsigns.prev_hunk, "Previous hunk" },
-        ["]"] = { gitsigns.next_hunk, "Next hunk" },
+        ["["] = { utils.partial(gitsigns.nav_hunk, "prev"), "Previous hunk" },
+        ["]"] = { utils.partial(gitsigns.nav_hunk, "next"), "Next hunk" },
     },
 }
 

From b5216a6a50de84bed2de995e623e82f91bce35a9 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 25 Jul 2024 20:28:04 +0200
Subject: [PATCH 193/431] pkgs: unbound-zones-adblock: fix version

---
 pkgs/unbound-zones-adblock/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/unbound-zones-adblock/default.nix b/pkgs/unbound-zones-adblock/default.nix
index 642ac41..2a6d4b7 100644
--- a/pkgs/unbound-zones-adblock/default.nix
+++ b/pkgs/unbound-zones-adblock/default.nix
@@ -1,7 +1,7 @@
 { lib, gawk, stdenvNoCC, stevenblack-blocklist }:
 stdenvNoCC.mkDerivation {
   name = "unbound-zones-adblock";
-  version = stevenblack-blocklist.rev;
+  inherit (stevenblack-blocklist) version;
 
   src = stevenblack-blocklist;
 

From d04de7d21307a24e2bdefd98bca02194e1931f96 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 20 Jul 2024 22:41:42 +0100
Subject: [PATCH 194/431] flake: bump inputs

And fix renamed packages.
---
 flake.lock                   | 36 ++++++++++++++++++------------------
 modules/home/gtk/default.nix |  4 ++--
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/flake.lock b/flake.lock
index 83ccfd7..6b84846 100644
--- a/flake.lock
+++ b/flake.lock
@@ -14,11 +14,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1718371084,
-        "narHash": "sha256-abpBi61mg0g+lFFU0zY4C6oP6fBwPzbHPKBGw676xsA=",
+        "lastModified": 1720546205,
+        "narHash": "sha256-boCXsjYVxDviyzoEyAk624600f3ZBo/DKtUdvMTpbGY=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "3a56735779db467538fb2e577eda28a9daacaca6",
+        "rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6",
         "type": "github"
       },
       "original": {
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1717285511,
-        "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
+        "lastModified": 1719994518,
+        "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
+        "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1719438532,
-        "narHash": "sha256-/Vmso2ZMoFE3M7d1MRsQ2K5sR8CVKnrM6t1ys9Xjpz4=",
+        "lastModified": 1721852138,
+        "narHash": "sha256-JH8N5uoqoVA6erV4O40VtKKHsnfmhvMGbxMNDLtim5o=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "1a4f12ae0bda877ec4099b429cf439aad897d7e9",
+        "rev": "304a011325b7ac7b8c9950333cd215a7aa146b0e",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1719254875,
-        "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=",
+        "lastModified": 1721743106,
+        "narHash": "sha256-adRZhFpBTnHiK3XIELA3IBaApz70HwCYfv7xNrHjebA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60",
+        "rev": "dc14ed91132ee3a26255d01d8fd0c1f5bff27b2f",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1719564461,
-        "narHash": "sha256-wCFs1sf1tPoV3nCG5N5KaakAKm88FyzN6pRdOsOqNZg=",
+        "lastModified": 1721930286,
+        "narHash": "sha256-IUr/laHRe52MkPlOSflG1GThgQo+ECmAP7O51RxLduI=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "7369862c4a8f293f6fde79044369dad7dfc04798",
+        "rev": "3ea857d2abb7f3825976cefc50894d35ca55f8c4",
         "type": "github"
       },
       "original": {
@@ -194,11 +194,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1719259945,
-        "narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=",
+        "lastModified": 1721042469,
+        "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07",
+        "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd",
         "type": "github"
       },
       "original": {
diff --git a/modules/home/gtk/default.nix b/modules/home/gtk/default.nix
index 62d3f81..f10087d 100644
--- a/modules/home/gtk/default.nix
+++ b/modules/home/gtk/default.nix
@@ -21,12 +21,12 @@ in
     };
 
     iconTheme = {
-      package = pkgs.gnome.gnome-themes-extra;
+      package = pkgs.gnome-themes-extra;
       name = "Adwaita";
     };
 
     theme = {
-      package = pkgs.gnome.gnome-themes-extra;
+      package = pkgs.gnome-themes-extra;
       name = "Adwaita";
     };
   };

From 4de788695034d7b5f4847fb23dad1a9431e51593 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 20 Jul 2024 22:57:28 +0100
Subject: [PATCH 195/431] nixos: system: packages: fix deprecated config

---
 modules/nixos/system/packages/default.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/modules/nixos/system/packages/default.nix b/modules/nixos/system/packages/default.nix
index 5c29aa0..ebea06f 100644
--- a/modules/nixos/system/packages/default.nix
+++ b/modules/nixos/system/packages/default.nix
@@ -14,12 +14,14 @@ in
 
   config = lib.mkIf cfg.enable {
     environment.systemPackages = with pkgs; [
-      vim
       wget
     ];
 
     programs = {
-      vim.defaultEditor = true; # Modal editing is life
+      vim = {
+        enable = true;
+        defaultEditor = true; # Modal editing is life
+      };
 
       zsh = {
         enable = true; # Use integrations

From 58760280be64aa68500573111564ee7cf37dae6c Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 20 Jul 2024 22:43:19 +0100
Subject: [PATCH 196/431] home: vim: update for 'which-key' v3

It complains quite loudly about the legacy mapping syntax.
---
 .../home/vim/after/plugin/mappings/misc.lua   |   4 +-
 .../vim/after/plugin/mappings/unimpaired.lua  | 238 +++++++++---------
 modules/home/vim/lua/ambroisie/lsp.lua        |  45 ++--
 modules/home/vim/plugin/settings/git.lua      |  67 +++--
 modules/home/vim/plugin/settings/oil.lua      |   4 +-
 .../home/vim/plugin/settings/telescope.lua    |  16 +-
 .../home/vim/plugin/settings/which-key.lua    |  27 +-
 7 files changed, 208 insertions(+), 193 deletions(-)

diff --git a/modules/home/vim/after/plugin/mappings/misc.lua b/modules/home/vim/after/plugin/mappings/misc.lua
index 6aa25a2..12dbffc 100644
--- a/modules/home/vim/after/plugin/mappings/misc.lua
+++ b/modules/home/vim/after/plugin/mappings/misc.lua
@@ -1,7 +1,7 @@
 local wk = require("which-key")
 
 local keys = {
-    ["<leader>"] = { "<cmd>nohls<CR>", "Clear search highlight" },
+    { "<leader><leader>", "<cmd>nohls<CR>", desc = "Clear search highlight" },
 }
 
-wk.register(keys, { prefix = "<leader>" })
+wk.add(keys)
diff --git a/modules/home/vim/after/plugin/mappings/unimpaired.lua b/modules/home/vim/after/plugin/mappings/unimpaired.lua
index e171d8f..a0336d1 100644
--- a/modules/home/vim/after/plugin/mappings/unimpaired.lua
+++ b/modules/home/vim/after/plugin/mappings/unimpaired.lua
@@ -3,126 +3,124 @@ local wk = require("which-key")
 local lsp = require("ambroisie.lsp")
 
 local keys = {
-    -- Edition and navigation mappins
-    ["["] = {
-        name = "Previous",
-        ["<space>"] = "Insert blank line above",
-        ["<C-L>"] = "Previous location list file",
-        ["<C-Q>"] = "Previous quickfix list file",
-        ["<C-T>"] = "Previous tag in preview window",
-        a = "Previous argument",
-        A = "First argument",
-        b = "Previous buffer",
-        B = "First buffer",
-        e = "Exchange previous line",
-        f = "Previous file in directory",
-        l = "Previous location list entry",
-        L = "First Location list entry",
-        n = "Previous conflict marker/diff hunk",
-        p = "Paste line above",
-        P = "Paste line above",
-        q = "Previous quickfix list entry",
-        Q = "First quickfix list entry",
-        t = "Previous matching tag",
-        T = "First matching tag",
-        z = "Previous fold",
-        -- Encoding
-        C = "C string encode",
-        u = "URL encode",
-        x = "XML encode",
-        y = "C string encode",
-        -- Custom
-        d = { lsp.goto_prev_diagnostic, "Previous diagnostic" },
-    },
-    ["]"] = {
-        name = "Next",
-        ["<space>"] = "Insert blank line below",
-        ["<C-L>"] = "Next location list file",
-        ["<C-Q>"] = "Next quickfix list file",
-        ["<C-T>"] = "Next tag in preview window",
-        a = "Next argument",
-        A = "Last argument",
-        b = "Next buffer",
-        B = "Last buffer",
-        e = "Exchange next line",
-        f = "Next file in directory",
-        l = "Next location list entry",
-        L = "Last Location list entry",
-        n = "Next conflict marker/diff hunk",
-        p = "Paste line below",
-        P = "Paste line below",
-        q = "Next quickfix list entry",
-        Q = "Last quickfix list entry",
-        t = "Next matching tag",
-        T = "Last matching tag",
-        z = "Next fold",
-        -- Decoding
-        C = "C string decode",
-        u = "URL decode",
-        x = "XML decode",
-        y = "C string decode",
-        -- Custom
-        d = { lsp.goto_next_diagnostic, "Next diagnostic" },
-    },
+    -- Previous
+    { "[", group = "Previous" },
+    -- Edition and navigation mappings
+    { "[<space>", desc = "Insert blank line above" },
+    { "[<C-L>", desc = "Previous location list file" },
+    { "[<C-Q>", desc = "Previous quickfix list file" },
+    { "[<C-T>", desc = "Previous tag in preview window" },
+    { "[a", desc = "Previous argument" },
+    { "[A", desc = "First argument" },
+    { "[b", desc = "Previous buffer" },
+    { "[B", desc = "First buffer" },
+    { "[e", desc = "Exchange previous line" },
+    { "[f", desc = "Previous file in directory" },
+    { "[l", desc = "Previous location list entry" },
+    { "[L", desc = "First Location list entry" },
+    { "[n", desc = "Previous conflict marker/diff hunk" },
+    { "[p", desc = "Paste line above" },
+    { "[P", desc = "Paste line above" },
+    { "[q", desc = "Previous quickfix list entry" },
+    { "[Q", desc = "First quickfix list entry" },
+    { "[t", desc = "Previous matching tag" },
+    { "[T", desc = "First matching tag" },
+    { "[z", desc = "Previous fold" },
+    -- Encoding
+    { "[C", desc = "C string encode" },
+    { "[u", desc = "URL encode" },
+    { "[x", desc = "XML encode" },
+    { "[y", desc = "C string encode" },
+    -- Custom
+    { "[d", lsp.goto_prev_diagnostic, desc = "Previous diagnostic" },
 
-    -- Option mappings
-    ["[o"] = {
-        name = "Enable option",
-        b = "Light background",
-        c = "Cursor line",
-        d = "Diff",
-        f = { "<cmd>FormatEnable<CR>", "LSP Formatting" },
-        h = "Search high-lighting",
-        i = "Case insensitive search",
-        l = "List mode",
-        n = "Line numbers",
-        r = "Relative line numbers",
-        p = { "<cmd>lwindow<CR>", "Location list" },
-        q = { "<cmd>cwindow<CR>", "Quickfix list" },
-        u = "Cursor column",
-        v = "Virtual editing",
-        w = "Text wrapping",
-        x = "Cursor line and column",
-        z = "Spell checking",
-    },
-    ["]o"] = {
-        name = "Disable option",
-        b = "Light background",
-        c = "Cursor line",
-        d = "Diff",
-        f = { "<cmd>FormatDisable<CR>", "LSP Formatting" },
-        h = "Search high-lighting",
-        i = "Case insensitive search",
-        l = "List mode",
-        n = "Line numbers",
-        p = { "<cmd>lclose<CR>", "Location list" },
-        q = { "<cmd>cclose<CR>", "Quickfix list" },
-        r = "Relative line numbers",
-        u = "Cursor column",
-        v = "Virtual editing",
-        w = "Text wrapping",
-        x = "Cursor line and column",
-        z = "Spell checking",
-    },
-    ["yo"] = {
-        name = "Toggle option",
-        b = "Light background",
-        c = "Cursor line",
-        d = "Diff",
-        f = { "<cmd>FormatToggle<CR>", "LSP Formatting" },
-        h = "Search high-lighting",
-        i = "Case insensitive search",
-        l = "List mode",
-        n = "Line numbers",
-        p = { "<Plug>(qf_loc_toggle)", "Location list" },
-        q = { "<Plug>(qf_qf_toggle)", "Quickfix list" },
-        r = "Relative line numbers",
-        u = "Cursor column",
-        v = "Virtual editing",
-        w = "Text wrapping",
-        x = "Cursor line and column",
-        z = "Spell checking",
-    },
+    -- Next
+    { "]", group = "Next" },
+    -- Edition and navigation mappings
+    { "]<space>", desc = "Insert blank line below" },
+    { "]<C-L>", desc = "Next location list file" },
+    { "]<C-Q>", desc = "Next quickfix list file" },
+    { "]<C-T>", desc = "Next tag in preview window" },
+    { "]a", desc = "Next argument" },
+    { "]A", desc = "Last argument" },
+    { "]b", desc = "Next buffer" },
+    { "]B", desc = "Last buffer" },
+    { "]e", desc = "Exchange next line" },
+    { "]f", desc = "Next file in directory" },
+    { "]l", desc = "Next location list entry" },
+    { "]L", desc = "Last Location list entry" },
+    { "]n", desc = "Next conflict marker/diff hunk" },
+    { "]p", desc = "Paste line below" },
+    { "]P", desc = "Paste line below" },
+    { "]q", desc = "Next quickfix list entry" },
+    { "]Q", desc = "Last quickfix list entry" },
+    { "]t", desc = "Next matching tag" },
+    { "]T", desc = "Last matching tag" },
+    { "]z", desc = "Next fold" },
+    -- Decoding
+    { "]C", desc = "C string decode" },
+    { "]u", desc = "URL decode" },
+    { "]x", desc = "XML decode" },
+    { "]y", desc = "C string decode" },
+    -- Custom
+    { "]d", lsp.goto_next_diagnostic, desc = "Next diagnostic" },
+
+    -- Enable option
+    { "[o", desc = "Enable option" },
+    { "[ob", desc = "Light background" },
+    { "[oc", desc = "Cursor line" },
+    { "[od", desc = "Diff" },
+    { "[of", "<cmd>FormatEnable<CR>", desc = "LSP Formatting" },
+    { "[oh", desc = "Search high-lighting" },
+    { "[oi", desc = "Case insensitive search" },
+    { "[ol", desc = "List mode" },
+    { "[on", desc = "Line numbers" },
+    { "[or", desc = "Relative line numbers" },
+    { "[op", "<cmd>lwindow<CR>", desc = "Location list" },
+    { "[oq", "<cmd>cwindow<CR>", desc = "Quickfix list" },
+    { "[ou", desc = "Cursor column" },
+    { "[ov", desc = "Virtual editing" },
+    { "[ow", desc = "Text wrapping" },
+    { "[ox", desc = "Cursor line and column" },
+    { "[oz", desc = "Spell checking" },
+
+    -- Disable option
+    { "]o", desc = "Disable option" },
+    { "]ob", desc = "Light background" },
+    { "]oc", desc = "Cursor line" },
+    { "]od", desc = "Diff" },
+    { "]of", "<cmd>FormatDisable<CR>", desc = "LSP Formatting" },
+    { "]oh", desc = "Search high-lighting" },
+    { "]oi", desc = "Case insensitive search" },
+    { "]ol", desc = "List mode" },
+    { "]on", desc = "Line numbers" },
+    { "]op", "<cmd>lclose<CR>", desc = "Location list" },
+    { "]oq", "<cmd>cclose<CR>", desc = "Quickfix list" },
+    { "]or", desc = "Relative line numbers" },
+    { "]ou", desc = "Cursor column" },
+    { "]ov", desc = "Virtual editing" },
+    { "]ow", desc = "Text wrapping" },
+    { "]ox", desc = "Cursor line and column" },
+    { "]oz", desc = "Spell checking" },
+
+    -- Toggle option
+    { "yo", group = "Toggle option" },
+    { "yob", desc = "Light background" },
+    { "yoc", desc = "Cursor line" },
+    { "yod", desc = "Diff" },
+    { "yof", "<cmd>FormatToggle<CR>", desc = "LSP Formatting" },
+    { "yoh", desc = "Search high-lighting" },
+    { "yoi", desc = "Case insensitive search" },
+    { "yol", desc = "List mode" },
+    { "yon", desc = "Line numbers" },
+    { "yop", "<Plug>(qf_loc_toggle)", desc = "Location list" },
+    { "yoq", "<Plug>(qf_qf_toggle)", desc = "Quickfix list" },
+    { "yor", desc = "Relative line numbers" },
+    { "you", desc = "Cursor column" },
+    { "yov", desc = "Virtual editing" },
+    { "yow", desc = "Text wrapping" },
+    { "yox", desc = "Cursor line and column" },
+    { "yoz", desc = "Spell checking" },
 }
 
-wk.register(keys)
+wk.add(keys)
diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua
index dc47366..1912623 100644
--- a/modules/home/vim/lua/ambroisie/lsp.lua
+++ b/modules/home/vim/lua/ambroisie/lsp.lua
@@ -87,31 +87,30 @@ M.on_attach = function(client, bufnr)
     end
 
     local keys = {
-        K = { vim.lsp.buf.hover, "Show symbol information" },
-        ["<C-k>"] = { vim.lsp.buf.signature_help, "Show signature information" },
-        ["gd"] = { vim.lsp.buf.definition, "Go to definition" },
-        ["gD"] = { vim.lsp.buf.declaration, "Go to declaration" },
-        ["gi"] = { vim.lsp.buf.implementation, "Go to implementation" },
-        ["gr"] = { vim.lsp.buf.references, "List all references" },
-
-        ["<leader>c"] = {
-            name = "Code",
-            a = { vim.lsp.buf.code_action, "Code actions" },
-            d = { cycle_diagnostics_display, "Cycle diagnostics display" },
-            D = { show_buffer_diagnostics, "Show buffer diagnostics" },
-            r = { vim.lsp.buf.rename, "Rename symbol" },
-            s = { vim.lsp.buf.signature_help, "Show signature" },
-            t = { vim.lsp.buf.type_definition, "Go to type definition" },
-            w = {
-                name = "Workspace",
-                a = { vim.lsp.buf.add_workspace_folder, "Add folder to workspace" },
-                l = { list_workspace_folders, "List folders in workspace" },
-                r = { vim.lsp.buf.remove_workspace_folder, "Remove folder from workspace" },
-            },
-        },
+        buffer = bufnr,
+        -- LSP navigation
+        { "K", vim.lsp.buf.hover, desc = "Show symbol information" },
+        { "<C-k>", vim.lsp.buf.signature_help, desc = "Show signature information" },
+        { "gd", vim.lsp.buf.definition, desc = "Go to definition" },
+        { "gD", vim.lsp.buf.declaration, desc = "Go to declaration" },
+        { "gi", vim.lsp.buf.implementation, desc = "Go to implementation" },
+        { "gr", vim.lsp.buf.references, desc = "List all references" },
+        -- Code
+        { "<leader>c", group = "Code" },
+        { "<leader>ca", vim.lsp.buf.code_action, desc = "Code actions" },
+        { "<leader>cd", cycle_diagnostics_display, desc = "Cycle diagnostics display" },
+        { "<leader>cD", show_buffer_diagnostics, desc = "Show buffer diagnostics" },
+        { "<leader>cr", vim.lsp.buf.rename, desc = "Rename symbol" },
+        { "<leader>cs", vim.lsp.buf.signature_help, desc = "Show signature" },
+        { "<leader>ct", vim.lsp.buf.type_definition, desc = "Go to type definition" },
+        -- Workspace
+        { "<leader>cw", group = "Workspace" },
+        { "<leader>cwa", vim.lsp.buf.add_workspace_folder, desc = "Add folder to workspace" },
+        { "<leader>cwl", list_workspace_folders, desc = "List folders in workspace" },
+        { "<leader>cwr", vim.lsp.buf.remove_workspace_folder, desc = "Remove folder from workspace" },
     }
 
-    wk.register(keys, { buffer = bufnr })
+    wk.add(keys)
 end
 
 return M
diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua
index 0e3bc5e..b9b92a6 100644
--- a/modules/home/vim/plugin/settings/git.lua
+++ b/modules/home/vim/plugin/settings/git.lua
@@ -34,47 +34,42 @@ gitsigns.setup({
 
 local keys = {
     -- Navigation
-    ["[c"] = { utils.partial(nav_hunk, "prev"), "Previous hunk/diff" },
-    ["]c"] = { utils.partial(nav_hunk, "next"), "Next hunk/diff" },
-
+    { "[c", utils.partial(nav_hunk, "prev"), desc = "Previous hunk/diff" },
+    { "]c", utils.partial(nav_hunk, "next"), desc = "Next hunk/diff" },
     -- Commands
-    ["<leader>g"] = {
-        name = "Git",
-        -- Actions
-        b = { gitsigns.toggle_current_line_blame, "Toggle blame virtual text" },
-        d = { gitsigns.diffthis, "Diff buffer" },
-        D = { utils.partial(gitsigns.diffthis, "~"), "Diff buffer against last commit" },
-        g = { "<cmd>Git<CR>", "Git status" },
-        h = { gitsigns.toggle_deleted, "Show deleted hunks" },
-        L = { "<cmd>:sp<CR><C-w>T:Gllog --follow -- %:p<CR>", "Current buffer log" },
-        m = { "<Plug>(git-messenger)", "Current line blame" },
-        p = { gitsigns.preview_hunk, "Preview hunk" },
-        r = { gitsigns.reset_hunk, "Restore hunk" },
-        R = { gitsigns.reset_buffer, "Restore buffer" },
-        s = { gitsigns.stage_hunk, "Stage hunk" },
-        S = { gitsigns.stage_buffer, "Stage buffer" },
-        u = { gitsigns.undo_stage_hunk, "Undo stage hunk" },
-        ["["] = { utils.partial(gitsigns.nav_hunk, "prev"), "Previous hunk" },
-        ["]"] = { utils.partial(gitsigns.nav_hunk, "next"), "Next hunk" },
-    },
+    { "<leader>g", group = "Git" },
+    { "<leader>gb", gitsigns.toggle_current_line_blame, desc = "Toggle blame virtual text" },
+    { "<leader>gd", gitsigns.diffthis, desc = "Diff buffer" },
+    { "<leader>gD", utils.partial(gitsigns.diffthis, "~"), desc = "Diff buffer against last commit" },
+    { "<leader>gg", "<cmd>Git<CR>", desc = "Git status" },
+    { "<leader>gh", gitsigns.toggle_deleted, desc = "Show deleted hunks" },
+    { "<leader>gL", "<cmd>:sp<CR><C-w>T:Gllog --follow -- %:p<CR>", desc = "Current buffer log" },
+    { "<leader>gm", "<Plug>(git-messenger)", desc = "Current line blame" },
+    { "<leader>gp", gitsigns.preview_hunk, desc = "Preview hunk" },
+    { "<leader>gr", gitsigns.reset_hunk, desc = "Restore hunk" },
+    { "<leader>gR", gitsigns.reset_buffer, desc = "Restore buffer" },
+    { "<leader>gs", gitsigns.stage_hunk, desc = "Stage hunk" },
+    { "<leader>gS", gitsigns.stage_buffer, desc = "Stage buffer" },
+    { "<leader>gu", gitsigns.undo_stage_hunk, desc = "Undo stage hunk" },
+    { "<leader>g[", utils.partial(gitsigns.nav_hunk, "prev"), desc = "Previous hunk" },
+    { "<leader>g]", utils.partial(gitsigns.nav_hunk, "next"), desc = "Next hunk" },
 }
 
 local objects = {
-    ["ih"] = { gitsigns.select_hunk, "Git hunk" },
+    mode = "o",
+    { "ih", gitsigns.select_hunk, desc = "Git hunk" },
 }
-
+-- Visual
 local visual = {
-    ["ih"] = { gitsigns.select_hunk, "Git hunk" },
-
-    ["<leader>g"] = {
-        name = "Git",
-        p = { gitsigns.preview_hunk, "Preview selection" },
-        r = { make_visual(gitsigns.reset_hunk), "Restore selection" },
-        s = { make_visual(gitsigns.stage_hunk), "Stage selection" },
-        u = { gitsigns.undo_stage_hunk, "Undo stage selection" },
-    },
+    mode = { "x" },
+    { "ih", gitsigns.select_hunk, desc = "Git hunk" },
+    { "<leader>g", group = "Git" },
+    { "<leader>gp", gitsigns.preview_hunk, desc = "Preview selection" },
+    { "<leader>gr", make_visual(gitsigns.reset_hunk), desc = "Restore selection" },
+    { "<leader>gs", make_visual(gitsigns.stage_hunk), desc = "Stage selection" },
+    { "<leader>gu", gitsigns.undo_stage_hunk, desc = "Undo stage selection" },
 }
 
-wk.register(keys, { buffer = bufnr })
-wk.register(objects, { buffer = bufnr, mode = "o" })
-wk.register(visual, { buffer = bufnr, mode = "x" })
+wk.add(keys)
+wk.add(objects)
+wk.add(visual)
diff --git a/modules/home/vim/plugin/settings/oil.lua b/modules/home/vim/plugin/settings/oil.lua
index e4a6716..a160725 100644
--- a/modules/home/vim/plugin/settings/oil.lua
+++ b/modules/home/vim/plugin/settings/oil.lua
@@ -28,7 +28,7 @@ oil.setup({
 })
 
 local keys = {
-    ["-"] = { oil.open, "Open parent directory" },
+    { "-", oil.open, desc = "Open parent directory" },
 }
 
-wk.register(keys)
+wk.add(keys)
diff --git a/modules/home/vim/plugin/settings/telescope.lua b/modules/home/vim/plugin/settings/telescope.lua
index 64cc298..1a23928 100644
--- a/modules/home/vim/plugin/settings/telescope.lua
+++ b/modules/home/vim/plugin/settings/telescope.lua
@@ -26,14 +26,12 @@ telescope.load_extension("fzf")
 telescope.load_extension("lsp_handlers")
 
 local keys = {
-    f = {
-        name = "Fuzzy finder",
-        b = { telescope_builtin.buffers, "Open buffers" },
-        f = { telescope_builtin.git_files, "Git tracked files" },
-        F = { telescope_builtin.find_files, "Files" },
-        g = { telescope_builtin.live_grep, "Grep string" },
-        G = { telescope_builtin.grep_string, "Grep string under cursor" },
-    },
+    { "<leader>f", group = "Fuzzy finder" },
+    { "<leader>fb", telescope_builtin.buffers, desc = "Open buffers" },
+    { "<leader>ff", telescope_builtin.git_files, desc = "Git tracked files" },
+    { "<leader>fF", telescope_builtin.find_files, desc = "Files" },
+    { "<leader>fg", telescope_builtin.live_grep, desc = "Grep string" },
+    { "<leader>fG", telescope_builtin.grep_string, desc = "Grep string under cursor" },
 }
 
-wk.register(keys, { prefix = "<leader>" })
+wk.add(keys)
diff --git a/modules/home/vim/plugin/settings/which-key.lua b/modules/home/vim/plugin/settings/which-key.lua
index 2edfd70..81f398f 100644
--- a/modules/home/vim/plugin/settings/which-key.lua
+++ b/modules/home/vim/plugin/settings/which-key.lua
@@ -1,2 +1,27 @@
 local wk = require("which-key")
-wk.setup()
+wk.setup({
+    icons = {
+        -- I don't like icons
+        mappings = false,
+        breadcrumb = "»",
+        separator = "➜",
+        group = "+",
+        ellipsis = "…",
+        keys = {
+            Up = " ",
+            Down = " ",
+            Left = " ",
+            Right = " ",
+            C = "<C>",
+            M = "<M>",
+            D = "<D>",
+            S = "<S>",
+            CR = "<CR>",
+            Esc = "<Esc> ",
+            NL = "<NL>",
+            BS = "<BS>",
+            Space = "<space>",
+            Tab = "<Tab> ",
+        },
+    },
+})

From 6b7510cfd943763ca09b91ea83bc2510bf0f6c86 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 25 Jul 2024 20:17:50 +0100
Subject: [PATCH 197/431] home: vim: show directories in blue

Blue is much more readable when the night filter kicks in.
---
 modules/home/vim/init.vim | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim
index 0186614..93eb133 100644
--- a/modules/home/vim/init.vim
+++ b/modules/home/vim/init.vim
@@ -100,6 +100,8 @@ gruvbox.setup({
         DiffChange = { fg = colors.aqua, bg = "NONE" },
         DiffDelete = { fg = colors.red, bg = "NONE" },
         DiffText = { fg = colors.yellow, bg = colors.bg0 },
+        -- Directories "pop" better in blue
+        Directory = { link = "GruvboxBlueBold" },
     }
 })
 EOF

From ace266b02c3a45ce717ca457d9f79b49513e71cf Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 26 Jul 2024 10:06:02 +0000
Subject: [PATCH 198/431] overlays: add 'none-ls-root-bug'

Will be removed when the plug-in gets its next bump.
---
 overlays/none-ls-root-bug/default.nix   |  4 ++++
 overlays/none-ls-root-bug/generated.nix | 14 ++++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 overlays/none-ls-root-bug/default.nix
 create mode 100644 overlays/none-ls-root-bug/generated.nix

diff --git a/overlays/none-ls-root-bug/default.nix b/overlays/none-ls-root-bug/default.nix
new file mode 100644
index 0000000..832e71d
--- /dev/null
+++ b/overlays/none-ls-root-bug/default.nix
@@ -0,0 +1,4 @@
+self: prev:
+{
+  vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { });
+}
diff --git a/overlays/none-ls-root-bug/generated.nix b/overlays/none-ls-root-bug/generated.nix
new file mode 100644
index 0000000..16d3b25
--- /dev/null
+++ b/overlays/none-ls-root-bug/generated.nix
@@ -0,0 +1,14 @@
+{ fetchpatch, ... }:
+
+_final: prev: {
+  none-ls-nvim = prev.none-ls-nvim.overrideAttrs (oa: {
+    patches = (oa.patches or [ ]) ++ [
+      # https://github.com/nvimtools/none-ls.nvim/pull/163
+      (fetchpatch {
+        name = "fix-get-root-directory.patch";
+        url = "https://github.com/nvimtools/none-ls.nvim/commit/2cde745aadc2c36f6860a77a556494870675771a.patch";
+        hash = "sha256-BtIjrT6ME2mR/5Ez9h+6r+fy0jYkBkw6/A9NConKRVs=";
+      })
+    ];
+  });
+}

From 0d820cc2f41074564984ea0a2ba72c63bc08ef70 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 26 Jul 2024 11:52:17 +0000
Subject: [PATCH 199/431] home: vim: move 'nohls' to 'which-key'

---
 modules/home/vim/after/plugin/mappings/misc.lua | 7 -------
 modules/home/vim/plugin/settings/which-key.lua  | 6 ++++++
 2 files changed, 6 insertions(+), 7 deletions(-)
 delete mode 100644 modules/home/vim/after/plugin/mappings/misc.lua

diff --git a/modules/home/vim/after/plugin/mappings/misc.lua b/modules/home/vim/after/plugin/mappings/misc.lua
deleted file mode 100644
index 12dbffc..0000000
--- a/modules/home/vim/after/plugin/mappings/misc.lua
+++ /dev/null
@@ -1,7 +0,0 @@
-local wk = require("which-key")
-
-local keys = {
-    { "<leader><leader>", "<cmd>nohls<CR>", desc = "Clear search highlight" },
-}
-
-wk.add(keys)
diff --git a/modules/home/vim/plugin/settings/which-key.lua b/modules/home/vim/plugin/settings/which-key.lua
index 81f398f..76a2117 100644
--- a/modules/home/vim/plugin/settings/which-key.lua
+++ b/modules/home/vim/plugin/settings/which-key.lua
@@ -25,3 +25,9 @@ wk.setup({
         },
     },
 })
+
+local keys = {
+    { "<leader><leader>", "<cmd>nohls<CR>", desc = "Clear search highlight" },
+}
+
+wk.add(keys)

From 9ed2dcefdeef07a3359985c2859b5ec1c02a8386 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 26 Jul 2024 11:54:11 +0000
Subject: [PATCH 200/431] home: vim: which-key: use lua callbacks

---
 modules/home/vim/plugin/settings/which-key.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/vim/plugin/settings/which-key.lua b/modules/home/vim/plugin/settings/which-key.lua
index 76a2117..3dc260a 100644
--- a/modules/home/vim/plugin/settings/which-key.lua
+++ b/modules/home/vim/plugin/settings/which-key.lua
@@ -27,7 +27,7 @@ wk.setup({
 })
 
 local keys = {
-    { "<leader><leader>", "<cmd>nohls<CR>", desc = "Clear search highlight" },
+    { "<leader><leader>", vim.cmd.nohlsearch, desc = "Clear search highlight" },
 }
 
 wk.add(keys)

From 1e2872c5c7ce6c07abdd4850bd100706606993f2 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 27 Jul 2024 15:09:52 +0100
Subject: [PATCH 201/431] home: vim: fix '+'/'-' highlighting in diffs

I'm not a big fan of the new highlighting [1].

[1]: https://github.com/nvim-treesitter/nvim-treesitter/pull/6619
---
 modules/home/vim/after/queries/diff/highlights.scm | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 modules/home/vim/after/queries/diff/highlights.scm

diff --git a/modules/home/vim/after/queries/diff/highlights.scm b/modules/home/vim/after/queries/diff/highlights.scm
new file mode 100644
index 0000000..c998725
--- /dev/null
+++ b/modules/home/vim/after/queries/diff/highlights.scm
@@ -0,0 +1,5 @@
+; extends
+
+; I want to the line added/removed markers to be the correct color
+"+" @diff.plus
+"-" @diff.minus

From 93dfe0411493683dab491f632f3f27286bf59a19 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 4 Aug 2024 11:37:33 +0100
Subject: [PATCH 202/431] hosts: nixos: aramis: home: use 'pinentry-rofi'

---
 hosts/nixos/aramis/home.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix
index 64b63ce..abf472a 100644
--- a/hosts/nixos/aramis/home.nix
+++ b/hosts/nixos/aramis/home.nix
@@ -2,7 +2,7 @@
 {
   my.home = {
     # Use graphical pinentry
-    bitwarden.pinentry = pkgs.pinentry-gtk2;
+    bitwarden.pinentry = pkgs.pinentry-rofi;
     # Ebook library
     calibre.enable = true;
     # Some amount of social life
@@ -14,7 +14,7 @@
     # Blue light filter
     gammastep.enable = true;
     # Use a small popup to enter passwords
-    gpg.pinentry = pkgs.pinentry-gtk2;
+    gpg.pinentry = pkgs.pinentry-rofi;
     # Machine specific packages
     packages.additionalPackages = with pkgs; [
       element-desktop # Matrix client

From f240730c4f6fd32738b944b5ef836768da10adf2 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 7 Aug 2024 14:15:12 +0000
Subject: [PATCH 203/431] flake: bump inputs

And remove the overlay for `none-ls`, which has been fixed.

This reverts commit ace266b02c3a45ce717ca457d9f79b49513e71cf.
---
 flake.lock                              | 36 ++++++++++++-------------
 overlays/none-ls-root-bug/default.nix   |  4 ---
 overlays/none-ls-root-bug/generated.nix | 14 ----------
 3 files changed, 18 insertions(+), 36 deletions(-)
 delete mode 100644 overlays/none-ls-root-bug/default.nix
 delete mode 100644 overlays/none-ls-root-bug/generated.nix

diff --git a/flake.lock b/flake.lock
index 6b84846..751e70c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -14,11 +14,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1720546205,
-        "narHash": "sha256-boCXsjYVxDviyzoEyAk624600f3ZBo/DKtUdvMTpbGY=",
+        "lastModified": 1722339003,
+        "narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6",
+        "rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7",
         "type": "github"
       },
       "original": {
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1719994518,
-        "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
+        "lastModified": 1722555600,
+        "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
+        "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1721852138,
-        "narHash": "sha256-JH8N5uoqoVA6erV4O40VtKKHsnfmhvMGbxMNDLtim5o=",
+        "lastModified": 1723015306,
+        "narHash": "sha256-jQnFEtH20/OsDPpx71ntZzGdRlpXhUENSQCGTjn//NA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "304a011325b7ac7b8c9950333cd215a7aa146b0e",
+        "rev": "b3d5ea65d88d67d4ec578ed11d4d2d51e3de525e",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1721743106,
-        "narHash": "sha256-adRZhFpBTnHiK3XIELA3IBaApz70HwCYfv7xNrHjebA=",
+        "lastModified": 1722813957,
+        "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "dc14ed91132ee3a26255d01d8fd0c1f5bff27b2f",
+        "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1721930286,
-        "narHash": "sha256-IUr/laHRe52MkPlOSflG1GThgQo+ECmAP7O51RxLduI=",
+        "lastModified": 1723036652,
+        "narHash": "sha256-YIKo7vD/wkItzqIzg7u9bxYPhPwKhJbRbFcENuT0p68=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "3ea857d2abb7f3825976cefc50894d35ca55f8c4",
+        "rev": "2ee33d83d919b2375ebeeee175fab2af02dff92f",
         "type": "github"
       },
       "original": {
@@ -194,11 +194,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1721042469,
-        "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=",
+        "lastModified": 1722857853,
+        "narHash": "sha256-3Zx53oz/MSIyevuWO/SumxABkrIvojnB7g9cimxkhiE=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd",
+        "rev": "06939f6b7ec4d4f465bf3132a05367cccbbf64da",
         "type": "github"
       },
       "original": {
diff --git a/overlays/none-ls-root-bug/default.nix b/overlays/none-ls-root-bug/default.nix
deleted file mode 100644
index 832e71d..0000000
--- a/overlays/none-ls-root-bug/default.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-self: prev:
-{
-  vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { });
-}
diff --git a/overlays/none-ls-root-bug/generated.nix b/overlays/none-ls-root-bug/generated.nix
deleted file mode 100644
index 16d3b25..0000000
--- a/overlays/none-ls-root-bug/generated.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ fetchpatch, ... }:
-
-_final: prev: {
-  none-ls-nvim = prev.none-ls-nvim.overrideAttrs (oa: {
-    patches = (oa.patches or [ ]) ++ [
-      # https://github.com/nvimtools/none-ls.nvim/pull/163
-      (fetchpatch {
-        name = "fix-get-root-directory.patch";
-        url = "https://github.com/nvimtools/none-ls.nvim/commit/2cde745aadc2c36f6860a77a556494870675771a.patch";
-        hash = "sha256-BtIjrT6ME2mR/5Ez9h+6r+fy0jYkBkw6/A9NConKRVs=";
-      })
-    ];
-  });
-}

From 8ed69de4be87e5f558216df84d6563a5d3727778 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 10 Aug 2024 12:09:02 +0100
Subject: [PATCH 204/431] hosts: nixos: aramis: home: remove 'pinentry-rofi'

I'm not sure why, but it's messing with my `gpg-agent`... But I didn't
get any issues with `rbw`.

I'll try and figure out why.

This reverts commit 93dfe0411493683dab491f632f3f27286bf59a19.
---
 hosts/nixos/aramis/home.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix
index abf472a..64b63ce 100644
--- a/hosts/nixos/aramis/home.nix
+++ b/hosts/nixos/aramis/home.nix
@@ -2,7 +2,7 @@
 {
   my.home = {
     # Use graphical pinentry
-    bitwarden.pinentry = pkgs.pinentry-rofi;
+    bitwarden.pinentry = pkgs.pinentry-gtk2;
     # Ebook library
     calibre.enable = true;
     # Some amount of social life
@@ -14,7 +14,7 @@
     # Blue light filter
     gammastep.enable = true;
     # Use a small popup to enter passwords
-    gpg.pinentry = pkgs.pinentry-rofi;
+    gpg.pinentry = pkgs.pinentry-gtk2;
     # Machine specific packages
     packages.additionalPackages = with pkgs; [
       element-desktop # Matrix client

From 483c5d23e0b6fe8b9379c4245a79876d1a1fc585 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 14 Aug 2024 12:50:20 +0000
Subject: [PATCH 205/431] flake: bump inputs

---
 flake.lock | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/flake.lock b/flake.lock
index 751e70c..9c8bb14 100644
--- a/flake.lock
+++ b/flake.lock
@@ -14,11 +14,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722339003,
-        "narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=",
+        "lastModified": 1723293904,
+        "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7",
+        "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1723015306,
-        "narHash": "sha256-jQnFEtH20/OsDPpx71ntZzGdRlpXhUENSQCGTjn//NA=",
+        "lastModified": 1723399884,
+        "narHash": "sha256-97wn0ihhGqfMb8WcUgzzkM/TuAxce2Gd20A8oiruju4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "b3d5ea65d88d67d4ec578ed11d4d2d51e3de525e",
+        "rev": "086f619dd991a4d355c07837448244029fc2d9ab",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1722813957,
-        "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=",
+        "lastModified": 1723362943,
+        "narHash": "sha256-dFZRVSgmJkyM0bkPpaYRtG/kRMRTorUIDj8BxoOt1T4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa",
+        "rev": "a58bc8ad779655e790115244571758e8de055e3d",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1723036652,
-        "narHash": "sha256-YIKo7vD/wkItzqIzg7u9bxYPhPwKhJbRbFcENuT0p68=",
+        "lastModified": 1723632306,
+        "narHash": "sha256-WzILwMkbQ4S1ks1g5AzeHNTIWj5AcJ6PwQDUnHNWmM8=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "2ee33d83d919b2375ebeeee175fab2af02dff92f",
+        "rev": "dc6d7986f1d0a0d03f1a270e22352181f074e70a",
         "type": "github"
       },
       "original": {
@@ -194,11 +194,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722857853,
-        "narHash": "sha256-3Zx53oz/MSIyevuWO/SumxABkrIvojnB7g9cimxkhiE=",
+        "lastModified": 1723202784,
+        "narHash": "sha256-qbhjc/NEGaDbyy0ucycubq4N3//gDFFH3DOmp1D3u1Q=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "06939f6b7ec4d4f465bf3132a05367cccbbf64da",
+        "rev": "c7012d0c18567c889b948781bc74a501e92275d1",
         "type": "github"
       },
       "original": {

From e94bdef69050914da09e280d97b8022254adc600 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 28 Jul 2024 11:53:10 +0200
Subject: [PATCH 206/431] hosts: nixos: porthos: secrets: fix SSO owner

---
 hosts/nixos/porthos/secrets/secrets.nix | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix
index c43376b..a9b9c51 100644
--- a/hosts/nixos/porthos/secrets/secrets.nix
+++ b/hosts/nixos/porthos/secrets/secrets.nix
@@ -81,9 +81,18 @@ in
 
   "pyload/credentials.age".publicKeys = all;
 
-  "sso/auth-key.age".publicKeys = all;
-  "sso/ambroisie/password-hash.age".publicKeys = all;
-  "sso/ambroisie/totp-secret.age".publicKeys = all;
+  "sso/auth-key.age" = {
+    owner = "nginx-sso";
+    publicKeys = all;
+  };
+  "sso/ambroisie/password-hash.age" = {
+    owner = "nginx-sso";
+    publicKeys = all;
+  };
+  "sso/ambroisie/totp-secret.age" = {
+    owner = "nginx-sso";
+    publicKeys = all;
+  };
 
   "tandoor-recipes/secret-key.age".publicKeys = all;
 

From 44c11fc431b4b349dfa350f6cf9b3a1f83fd3a0d Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 4 Sep 2024 12:07:33 +0200
Subject: [PATCH 207/431] pkgs: lohr: 0.4.5 -> 0.4.6

---
 pkgs/lohr/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/lohr/default.nix b/pkgs/lohr/default.nix
index ddeac7a..b89ccff 100644
--- a/pkgs/lohr/default.nix
+++ b/pkgs/lohr/default.nix
@@ -1,16 +1,16 @@
 { lib, fetchFromGitHub, rustPlatform }:
 rustPlatform.buildRustPackage rec {
   pname = "lohr";
-  version = "0.4.5";
+  version = "0.4.6";
 
   src = fetchFromGitHub {
     owner = "alarsyo";
     repo = "lohr";
     rev = "v${version}";
-    hash = "sha256-p6E/r+OxFTpxDpOKSlacOxvRLfHSKg1mHNAfTytfqDY=";
+    hash = "sha256-dunQgtap+XCK5LoSyOqIY/6p6HizBeiyPWNuCffwjDU=";
   };
 
-  cargoHash = "sha256-hext0S0o9D9pN9epzXtD5dwAYMPCLpBBOBT4FX0mTMk=";
+  cargoHash = "sha256-EUhyrhPe+mUgMmm4o+bxRIiSNReJRfw+/O1fPr8r7lo=";
 
   meta = with lib; {
     description = "Git mirroring daemon";

From 10727f9eea517935c8b968540d7a9ff0cf6c4b4f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 26 Aug 2024 22:40:46 +0200
Subject: [PATCH 208/431] flake: bump inputs

---
 flake.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/flake.lock b/flake.lock
index 9c8bb14..ee428c0 100644
--- a/flake.lock
+++ b/flake.lock
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1723399884,
-        "narHash": "sha256-97wn0ihhGqfMb8WcUgzzkM/TuAxce2Gd20A8oiruju4=",
+        "lastModified": 1724435763,
+        "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "086f619dd991a4d355c07837448244029fc2d9ab",
+        "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1723362943,
-        "narHash": "sha256-dFZRVSgmJkyM0bkPpaYRtG/kRMRTorUIDj8BxoOt1T4=",
+        "lastModified": 1724479785,
+        "narHash": "sha256-pP3Azj5d6M5nmG68Fu4JqZmdGt4S4vqI5f8te+E/FTw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a58bc8ad779655e790115244571758e8de055e3d",
+        "rev": "d0e1602ddde669d5beb01aec49d71a51937ed7be",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1723632306,
-        "narHash": "sha256-WzILwMkbQ4S1ks1g5AzeHNTIWj5AcJ6PwQDUnHNWmM8=",
+        "lastModified": 1724704503,
+        "narHash": "sha256-QcZKCI9d5UNuQt6UFQSNhQwzXnXDF8jgCy7julsbnvg=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "dc6d7986f1d0a0d03f1a270e22352181f074e70a",
+        "rev": "6b1fa8a8dec17eb73962a0eac8e04f2df1439448",
         "type": "github"
       },
       "original": {
@@ -194,11 +194,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1723202784,
-        "narHash": "sha256-qbhjc/NEGaDbyy0ucycubq4N3//gDFFH3DOmp1D3u1Q=",
+        "lastModified": 1724440431,
+        "narHash": "sha256-9etXEOUtzeMgqg1u0wp+EdwG7RpmrAZ2yX516bMj2aE=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "c7012d0c18567c889b948781bc74a501e92275d1",
+        "rev": "c8a54057aae480c56e28ef3e14e4960628ac495b",
         "type": "github"
       },
       "original": {

From 445cb43cb42270065d312ded3d69160e2603833c Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 4 Sep 2024 10:34:37 +0000
Subject: [PATCH 209/431] nixos: services: nix-cache: fix deprecated config

---
 modules/nixos/services/nix-cache/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/nixos/services/nix-cache/default.nix b/modules/nixos/services/nix-cache/default.nix
index 1ce3161..f3a29aa 100644
--- a/modules/nixos/services/nix-cache/default.nix
+++ b/modules/nixos/services/nix-cache/default.nix
@@ -40,7 +40,7 @@ in
         inherit (cfg) priority;
       };
 
-      signKeyPath = cfg.secretKeyFile;
+      signKeyPaths = [ cfg.secretKeyFile ];
     };
 
     my.services.nginx.virtualHosts = {

From fb4047b2b303f2dbdf91a862ee4ab543594c21dd Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 4 Sep 2024 12:07:33 +0200
Subject: [PATCH 210/431] nixos: services: nginx: sso: align with upstream

This aligns with the PR I opened on nixpkgs [1].

[1]: https://github.com/NixOS/nixpkgs/pull/325838
---
 modules/nixos/services/nginx/sso/default.nix | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/modules/nixos/services/nginx/sso/default.nix b/modules/nixos/services/nginx/sso/default.nix
index 4a78282..d60e31b 100644
--- a/modules/nixos/services/nginx/sso/default.nix
+++ b/modules/nixos/services/nginx/sso/default.nix
@@ -59,15 +59,10 @@ in
         StateDirectory = "nginx-sso";
         WorkingDirectory = "/var/lib/nginx-sso";
         # The files to be merged might not have the correct permissions
-        ExecStartPre = ''+${pkgs.writeShellScript "merge-nginx-sso-config" ''
+        ExecStartPre = pkgs.writeShellScript "merge-nginx-sso-config" ''
           rm -f '${confPath}'
           ${utils.genJqSecretsReplacementSnippet cfg.configuration confPath}
-
-          # Fix permissions
-          chown nginx-sso:nginx-sso ${confPath}
-          chmod 0600 ${confPath}
-        ''
-        }'';
+        '';
         ExecStart = lib.mkForce ''
           ${lib.getExe pkg} \
             --config ${confPath} \

From 52197a4f965dab7fe16bfc2fe6f301da8bc184a4 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 4 Sep 2024 12:07:33 +0200
Subject: [PATCH 211/431] nixos: services: pirate: add readarr

---
 modules/nixos/services/pirate/default.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/modules/nixos/services/pirate/default.nix b/modules/nixos/services/pirate/default.nix
index e500b54..822a8aa 100644
--- a/modules/nixos/services/pirate/default.nix
+++ b/modules/nixos/services/pirate/default.nix
@@ -10,6 +10,7 @@ let
     bazarr = 6767;
     lidarr = 8686;
     radarr = 7878;
+    readarr = 8787;
     sonarr = 8989;
   };
 
@@ -67,6 +68,10 @@ in
       enable = lib.my.mkDisableOption "Radarr";
     };
 
+    readarr = {
+      enable = lib.my.mkDisableOption "Readarr";
+    };
+
     sonarr = {
       enable = lib.my.mkDisableOption "Sonarr";
     };
@@ -85,6 +90,9 @@ in
     # Radarr for movies
     (mkFullConfig "radarr")
     (mkFail2Ban "radarr")
+    # Readarr for books
+    (mkFullConfig "readarr")
+    (mkFail2Ban "readarr")
     # Sonarr for shows
     (mkFullConfig "sonarr")
     (mkFail2Ban "sonarr")

From 6f00036b7963ac6674a40c5d2bc8fe8a25fe79cf Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 4 Sep 2024 12:07:33 +0200
Subject: [PATCH 212/431] overlays: add 'downgrade-transmission'

The 4.0.6 release is buggy and widely blacklisted.
---
 overlays/downgrade-transmission/default.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 overlays/downgrade-transmission/default.nix

diff --git a/overlays/downgrade-transmission/default.nix b/overlays/downgrade-transmission/default.nix
new file mode 100644
index 0000000..9d3fc8a
--- /dev/null
+++ b/overlays/downgrade-transmission/default.nix
@@ -0,0 +1,14 @@
+self: prev:
+{
+  transmission_4 = prev.transmission_4.overrideAttrs (_: {
+    version = "4.0.5";
+
+    src = self.fetchFromGitHub {
+      owner = "transmission";
+      repo = "transmission";
+      rev = "4.0.5";
+      hash = "sha256-gd1LGAhMuSyC/19wxkoE2mqVozjGPfupIPGojKY0Hn4=";
+      fetchSubmodules = true;
+    };
+  });
+}

From 0d2b9c969940e403a48af210dd856c2d086d360a Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 5 Sep 2024 10:39:01 +0000
Subject: [PATCH 213/431] nixos: services: rename 'servarr'

---
 hosts/nixos/porthos/services.nix                 | 16 ++++++++--------
 modules/nixos/services/default.nix               |  2 +-
 .../services/{pirate => servarr}/default.nix     |  4 ++--
 3 files changed, 11 insertions(+), 11 deletions(-)
 rename modules/nixos/services/{pirate => servarr}/default.nix (96%)

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index 23901f7..38e827b 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -127,14 +127,6 @@ in
       passwordFile = secrets."paperless/password".path;
       secretKeyFile = secrets."paperless/secret-key".path;
     };
-    # The whole *arr software suite
-    pirate = {
-      enable = true;
-      # ... But not Lidarr because I don't care for music that much
-      lidarr = {
-        enable = false;
-      };
-    };
     # Podcast automatic downloader
     podgrab = {
       enable = true;
@@ -152,6 +144,14 @@ in
     rss-bridge.enable = true;
     # Usenet client
     sabnzbd.enable = true;
+    # The whole *arr software suite
+    servarr = {
+      enable = true;
+      # ... But not Lidarr because I don't care for music that much
+      lidarr = {
+        enable = false;
+      };
+    };
     # Because I stilll need to play sysadmin
     ssh-server.enable = true;
     # Recipe manager
diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix
index 60b2478..e877c8f 100644
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@@ -26,7 +26,6 @@
     ./nginx
     ./nix-cache
     ./paperless
-    ./pirate
     ./podgrab
     ./postgresql
     ./postgresql-backup
@@ -34,6 +33,7 @@
     ./quassel
     ./rss-bridge
     ./sabnzbd
+    ./servarr
     ./ssh-server
     ./tandoor-recipes
     ./tlp
diff --git a/modules/nixos/services/pirate/default.nix b/modules/nixos/services/servarr/default.nix
similarity index 96%
rename from modules/nixos/services/pirate/default.nix
rename to modules/nixos/services/servarr/default.nix
index 822a8aa..e25d9cf 100644
--- a/modules/nixos/services/pirate/default.nix
+++ b/modules/nixos/services/servarr/default.nix
@@ -4,7 +4,7 @@
 # [1]: https://youtu.be/I26Ql-uX6AM
 { config, lib, ... }:
 let
-  cfg = config.my.services.pirate;
+  cfg = config.my.services.servarr;
 
   ports = {
     bazarr = 6767;
@@ -53,7 +53,7 @@ let
   ]);
 in
 {
-  options.my.services.pirate = {
+  options.my.services.servarr = {
     enable = lib.mkEnableOption "Media automation";
 
     bazarr = {

From 9b7bab8e8306e8138b5559929f28f46ac4333768 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 5 Sep 2024 18:09:50 +0200
Subject: [PATCH 214/431] flake: bump inputs

---
 flake.lock | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/flake.lock b/flake.lock
index ee428c0..0c1b965 100644
--- a/flake.lock
+++ b/flake.lock
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722555600,
-        "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
+        "lastModified": 1725234343,
+        "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
+        "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1724435763,
-        "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=",
+        "lastModified": 1725180166,
+        "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be",
+        "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1724479785,
-        "narHash": "sha256-pP3Azj5d6M5nmG68Fu4JqZmdGt4S4vqI5f8te+E/FTw=",
+        "lastModified": 1725432240,
+        "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d0e1602ddde669d5beb01aec49d71a51937ed7be",
+        "rev": "ad416d066ca1222956472ab7d0555a6946746a80",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1724704503,
-        "narHash": "sha256-QcZKCI9d5UNuQt6UFQSNhQwzXnXDF8jgCy7julsbnvg=",
+        "lastModified": 1725551138,
+        "narHash": "sha256-4tSFz+wu2NvB41MLF68PDLM3gu8lg1hjgtgikbRq6Zo=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "6b1fa8a8dec17eb73962a0eac8e04f2df1439448",
+        "rev": "06bc57134f691188397ebeffa9b88552cc8090d3",
         "type": "github"
       },
       "original": {
@@ -194,11 +194,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1724440431,
-        "narHash": "sha256-9etXEOUtzeMgqg1u0wp+EdwG7RpmrAZ2yX516bMj2aE=",
+        "lastModified": 1725513492,
+        "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "c8a54057aae480c56e28ef3e14e4960628ac495b",
+        "rev": "7570de7b9b504cfe92025dd1be797bf546f66528",
         "type": "github"
       },
       "original": {

From a713913eefd3a201f971c456c648099d5ca1e3e1 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 22 Aug 2024 23:44:40 +0200
Subject: [PATCH 215/431] nixos: services: add pdf-edit

---
 modules/nixos/services/default.nix          |  1 +
 modules/nixos/services/pdf-edit/default.nix | 73 +++++++++++++++++++++
 2 files changed, 74 insertions(+)
 create mode 100644 modules/nixos/services/pdf-edit/default.nix

diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix
index e877c8f..1211ee6 100644
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@@ -26,6 +26,7 @@
     ./nginx
     ./nix-cache
     ./paperless
+    ./pdf-edit
     ./podgrab
     ./postgresql
     ./postgresql-backup
diff --git a/modules/nixos/services/pdf-edit/default.nix b/modules/nixos/services/pdf-edit/default.nix
new file mode 100644
index 0000000..d59507b
--- /dev/null
+++ b/modules/nixos/services/pdf-edit/default.nix
@@ -0,0 +1,73 @@
+{ config, lib, ... }:
+let
+  cfg = config.my.services.pdf-edit;
+in
+{
+  options.my.services.pdf-edit = with lib; {
+    enable = mkEnableOption "PDF edition service";
+
+    port = mkOption {
+      type = types.port;
+      default = 8089;
+      example = 8080;
+      description = "Internal port for webui";
+    };
+
+    loginFile = mkOption {
+      type = types.str;
+      example = "/run/secrets/pdf-edit/login.env";
+      description = ''
+        `SECURITY_INITIALLOGIN_USERNAME` and `SECURITY_INITIALLOGIN_PASSWORD`
+        defined in the format of 'EnvironmentFile' (see `systemd.exec(5)`).
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.stirling-pdf = lib.mkIf cfg.enable {
+      enable = true;
+
+      environment = {
+        SERVER_PORT = cfg.port;
+        SECURITY_CSRFDISABLED = "false";
+
+        SYSTEM_SHOWUPDATE = "false"; # We don't care about update notifications
+        INSTALL_BOOK_AND_ADVANCED_HTML_OPS = "true"; # Installed by the module
+
+        SECURITY_ENABLELOGIN = "true";
+        SECURITY_LOGINATTEMPTCOUNT = "-1"; # Rely on fail2ban instead
+      };
+
+      environmentFiles = [ cfg.loginFile ];
+    };
+
+    my.services.nginx.virtualHosts = {
+      pdf-edit = {
+        inherit (cfg) port;
+
+        extraConfig = {
+          # Allow upload of PDF files up to 1G
+          locations."/".extraConfig = ''
+            client_max_body_size 1G;
+          '';
+        };
+      };
+    };
+
+    services.fail2ban.jails = {
+      stirling-pdf = ''
+        enabled = true
+        filter = stirling-pdf
+        port = http,https
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/stirling-pdf.conf".text = ''
+        [Definition]
+        failregex = ^.*Failed login attempt from IP: <HOST>$
+        journalmatch = _SYSTEMD_UNIT=stirling-pdf.service
+      '';
+    };
+  };
+}

From 90dcf3a1641aa93a4ce14cc8a9c49ba3efec8108 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 22 Aug 2024 23:45:16 +0200
Subject: [PATCH 216/431] hosts: nixos: porthos: secrets: add pdf-edit

---
 hosts/nixos/porthos/secrets/pdf-edit/login.age | 8 ++++++++
 hosts/nixos/porthos/secrets/secrets.nix        | 2 ++
 2 files changed, 10 insertions(+)
 create mode 100644 hosts/nixos/porthos/secrets/pdf-edit/login.age

diff --git a/hosts/nixos/porthos/secrets/pdf-edit/login.age b/hosts/nixos/porthos/secrets/pdf-edit/login.age
new file mode 100644
index 0000000..7f13f88
--- /dev/null
+++ b/hosts/nixos/porthos/secrets/pdf-edit/login.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 cKojmg VYlHgHSLpfKb5bn1XA3aCpfX7M23DgbraLxxOfo9PDk
+Rj+mDvAsWX3WwpuhTrOubmo17j/aud5+P87df5bosBA
+-> ssh-ed25519 jPowng o9ZFaYrITZ6DjWw07Vk/+TkuU187/ytlEK4sw7G32G4
+zmxlpDvDDEgQFqBVARXeX1ABhvfJ4uAHfa6mIxXzjAY
+--- k/d9FWW8/OSo8EllwOBV74pZyX918u54jEljGk3ATUc
+�4+�2{�hE7!ҭGA`ׁ_@�ߗ��R_��6J��L4v,�6%���#^�	���B��O�F�|�7ܽ�L]��jR�
+B��۾�a�s]xS��	pb�o#�J1Q�=t}5�>O�{+�.M"7e�y���
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix
index a9b9c51..a8a9819 100644
--- a/hosts/nixos/porthos/secrets/secrets.nix
+++ b/hosts/nixos/porthos/secrets/secrets.nix
@@ -77,6 +77,8 @@ in
   "paperless/password.age".publicKeys = all;
   "paperless/secret-key.age".publicKeys = all;
 
+  "pdf-edit/login.age".publicKeys = all;
+
   "podgrab/password.age".publicKeys = all;
 
   "pyload/credentials.age".publicKeys = all;

From f91286d13b9e111355f11d0e54da897444207471 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 6 Sep 2024 20:52:26 +0100
Subject: [PATCH 217/431] flake: bump inputs

---
 flake.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/flake.lock b/flake.lock
index 0c1b965..88fda1a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1725180166,
-        "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=",
+        "lastModified": 1725628988,
+        "narHash": "sha256-Y6TBMTGu4bddUwszGjlcOuN0soVc1Gv43hp+1sT/GNI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb",
+        "rev": "127ccc3eb7e36fa75e8c3fbd8a343154f66cc1c6",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1725551138,
-        "narHash": "sha256-4tSFz+wu2NvB41MLF68PDLM3gu8lg1hjgtgikbRq6Zo=",
+        "lastModified": 1725647621,
+        "narHash": "sha256-GzILohiffZJQYq0dTg6PW36S0N0jV4rhcUmNbKxP+p8=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "06bc57134f691188397ebeffa9b88552cc8090d3",
+        "rev": "fa9112b06f678299e8c85dade3654cf8c5d7e1b4",
         "type": "github"
       },
       "original": {

From fbd3b70d61bd733af033545d4cfe4809fbb068a3 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 29 Aug 2024 10:10:26 +0000
Subject: [PATCH 218/431] home: use 'XDG_STATE_HOME' for history files

It's specified as the place to put them, so let's make use of it I
guess.
---
 modules/home/gdb/default.nix   | 4 ++--
 modules/home/pager/default.nix | 2 +-
 modules/home/wget/default.nix  | 2 +-
 modules/home/xdg/default.nix   | 9 ++++++---
 modules/home/zsh/default.nix   | 2 +-
 5 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/modules/home/gdb/default.nix b/modules/home/gdb/default.nix
index efb49e2..1ffc6bd 100644
--- a/modules/home/gdb/default.nix
+++ b/modules/home/gdb/default.nix
@@ -23,11 +23,11 @@ in
 
       xdg = {
         configFile."gdb/gdbinit".source = ./gdbinit;
-        dataFile. "gdb/.keep".text = "";
+        stateFile."gdb/.keep".text = "";
       };
 
       home.sessionVariables = {
-        GDBHISTFILE = "${config.xdg.dataHome}/gdb/gdb_history";
+        GDBHISTFILE = "${config.xdg.stateHome}/gdb/gdb_history";
       };
     }
 
diff --git a/modules/home/pager/default.nix b/modules/home/pager/default.nix
index e304097..1119440 100644
--- a/modules/home/pager/default.nix
+++ b/modules/home/pager/default.nix
@@ -15,7 +15,7 @@ in
       # Clear the screen on start and exit
       LESS = "-R -+X -c";
       # Better XDG compliance
-      LESSHISTFILE = "${config.xdg.dataHome}/less/history";
+      LESSHISTFILE = "${config.xdg.stateHome}/less/history";
       LESSKEY = "${config.xdg.configHome}/less/lesskey";
     };
   };
diff --git a/modules/home/wget/default.nix b/modules/home/wget/default.nix
index 32c13c0..1be5397 100644
--- a/modules/home/wget/default.nix
+++ b/modules/home/wget/default.nix
@@ -20,7 +20,7 @@ in
     };
 
     xdg.configFile."wgetrc".text = ''
-      hsts-file = ${config.xdg.dataHome}/wget-hsts
+      hsts-file = ${config.xdg.stateHome}/wget-hsts
     '';
   };
 }
diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix
index fb2668c..e180f27 100644
--- a/modules/home/xdg/default.nix
+++ b/modules/home/xdg/default.nix
@@ -34,6 +34,9 @@ in
       "gdb/.keep".text = "";
       "tig/.keep".text = "";
     };
+    stateFile = {
+      "python/.keep".text = "";
+    };
   };
 
   # I want a tidier home
@@ -43,13 +46,13 @@ in
     CARGO_HOME = "${dataHome}/cargo";
     DOCKER_CONFIG = "${configHome}/docker";
     GRADLE_USER_HOME = "${dataHome}/gradle";
-    HISTFILE = "${dataHome}/bash/history";
+    HISTFILE = "${stateHome}/bash/history";
     INPUTRC = "${configHome}/readline/inputrc";
-    PSQL_HISTORY = "${dataHome}/psql_history";
+    PSQL_HISTORY = "${stateHome}/psql_history";
     PYTHONPYCACHEPREFIX = "${cacheHome}/python/";
     PYTHONUSERBASE = "${dataHome}/python/";
     PYTHON_HISTORY = "${stateHome}/python/history";
-    REDISCLI_HISTFILE = "${dataHome}/redis/rediscli_history";
+    REDISCLI_HISTFILE = "${stateHome}/redis/rediscli_history";
     REPO_CONFIG_DIR = "${configHome}/repo";
     XCOMPOSECACHE = "${dataHome}/X11/xcompose";
     _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java";
diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix
index a277366..11b6cb2 100644
--- a/modules/home/zsh/default.nix
+++ b/modules/home/zsh/default.nix
@@ -68,7 +68,7 @@ in
           ignoreSpace = true;
           ignoreDups = true;
           share = false;
-          path = "${config.xdg.dataHome}/zsh/zsh_history";
+          path = "${config.xdg.stateHome}/zsh/zsh_history";
         };
 
         plugins = [

From e67b055a7bde91d1ee9d601a2ce71e0965459490 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 9 Sep 2024 15:27:51 +0000
Subject: [PATCH 219/431] home: vim: fix unimpaired mapping groups

---
 modules/home/vim/after/plugin/mappings/unimpaired.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/home/vim/after/plugin/mappings/unimpaired.lua b/modules/home/vim/after/plugin/mappings/unimpaired.lua
index a0336d1..82aab05 100644
--- a/modules/home/vim/after/plugin/mappings/unimpaired.lua
+++ b/modules/home/vim/after/plugin/mappings/unimpaired.lua
@@ -66,7 +66,7 @@ local keys = {
     { "]d", lsp.goto_next_diagnostic, desc = "Next diagnostic" },
 
     -- Enable option
-    { "[o", desc = "Enable option" },
+    { "[o", group = "Enable option" },
     { "[ob", desc = "Light background" },
     { "[oc", desc = "Cursor line" },
     { "[od", desc = "Diff" },
@@ -85,7 +85,7 @@ local keys = {
     { "[oz", desc = "Spell checking" },
 
     -- Disable option
-    { "]o", desc = "Disable option" },
+    { "]o", group = "Disable option" },
     { "]ob", desc = "Light background" },
     { "]oc", desc = "Cursor line" },
     { "]od", desc = "Diff" },

From 6529bea6bb1af7cc082cad514321bb694a297ed8 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 11 Sep 2024 10:28:32 +0000
Subject: [PATCH 220/431] home: nixpkgs: don't use 'escapeShellArg'

I don't know what I was thinking exactly when I wrote this, but I
clearly hadn't tested it. We can't use `escapeShellArg` as we need to
expand the `$XDG_RUNTIME_DIR` variable used in those paths...

This reverts commit 468eaa9ed47f3c5077a1e176d3a53e7dc3087fcc.
---
 modules/home/nixpkgs/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/home/nixpkgs/default.nix b/modules/home/nixpkgs/default.nix
index a4946db..720fc9b 100644
--- a/modules/home/nixpkgs/default.nix
+++ b/modules/home/nixpkgs/default.nix
@@ -13,8 +13,8 @@ in
     ];
 
     home.sessionVariables = {
-      GITHUB_TOKEN = ''$(cat ${lib.escapeShellArg config.age.secrets."github/token".path})'';
-      GITHUB_API_TOKEN = ''$(cat ${lib.escapeShellArg config.age.secrets."github/token".path})'';
+      GITHUB_TOKEN = ''$(cat "${config.age.secrets."github/token".path}")'';
+      GITHUB_API_TOKEN = ''$(cat "${config.age.secrets."github/token".path}")'';
     };
   };
 }

From 4f73945e283a15a4cd03178d27bd957fd30a066e Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 12 Sep 2024 12:07:22 +0000
Subject: [PATCH 221/431] home: direnv: silence 'layout_poetry'

---
 modules/home/direnv/lib/python.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh
index 15a273f..650115d 100644
--- a/modules/home/direnv/lib/python.sh
+++ b/modules/home/direnv/lib/python.sh
@@ -14,7 +14,7 @@ layout_poetry() {
     fi
 
     # create venv if it doesn't exist
-    poetry run true
+    poetry run -q -- true
 
     # shellcheck disable=2155
     export VIRTUAL_ENV=$(poetry env info --path)

From 8a6af0e5b73c4e1a87e8da95aa339526a909495f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 12 Sep 2024 12:08:50 +0000
Subject: [PATCH 222/431] home: direnv: only mention 'poetry init'

`poetry new` creates a new directory, which isn't really what we're
interested in here.
---
 modules/home/direnv/lib/python.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh
index 650115d..eae6d26 100644
--- a/modules/home/direnv/lib/python.sh
+++ b/modules/home/direnv/lib/python.sh
@@ -9,7 +9,7 @@ layout_poetry() {
 
     if [[ ! -f pyproject.toml ]]; then
         # shellcheck disable=2016
-        log_error 'layout_poetry: no pyproject.toml found. Use `poetry new` or `poetry init` to create one first'
+        log_error 'layout_poetry: no pyproject.toml found. Use `poetry init` to create one first'
         return 1
     fi
 

From 8d344b5d5104aa550cf1e2388f5b9bf2573dec41 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 12 Sep 2024 13:23:19 +0000
Subject: [PATCH 223/431] home: direnv: add 'layout_uv'

I haven't really played with it yet, but from my small experiments this
should be good enough for my (future) purposes.
---
 modules/home/direnv/lib/python.sh | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh
index eae6d26..d1e67a2 100644
--- a/modules/home/direnv/lib/python.sh
+++ b/modules/home/direnv/lib/python.sh
@@ -23,3 +23,34 @@ layout_poetry() {
     watch_file pyproject.toml
     watch_file poetry.lock
 }
+
+layout_uv() {
+    if ! has uv; then
+        # shellcheck disable=2016
+        log_error 'layout_uv: `uv` is not in PATH'
+        return 1
+    fi
+
+    if [[ ! -f pyproject.toml ]]; then
+        # shellcheck disable=2016
+        log_error 'layout_uv: no pyproject.toml found. Use `uv init` to create one first'
+        return 1
+    fi
+
+    local default_venv="$PWD/.venv"
+    : "${VIRTUAL_ENV:=$default_venv}"
+
+    # Use non-default venv path if required
+    if [ "$VIRTUAL_ENV" != "$default_venv" ]; then
+        export UV_PROJECT_ENVIRONMENT="$VIRTUAL_ENV"
+    fi
+
+    # create venv if it doesn't exist
+    uv venv -q
+
+    export VIRTUAL_ENV
+    export UV_ACTIVE=1
+    PATH_add "$VIRTUAL_ENV/bin"
+    watch_file pyproject.toml
+    watch_file uv.lock
+}

From 4a38757db92d2b621812558c219479cc2872ce33 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 19 Sep 2024 11:58:55 +0000
Subject: [PATCH 224/431] flake: bump inputs

---
 flake.lock | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/flake.lock b/flake.lock
index 88fda1a..393a824 100644
--- a/flake.lock
+++ b/flake.lock
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1725234343,
-        "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=",
+        "lastModified": 1726153070,
+        "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6",
+        "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a",
         "type": "github"
       },
       "original": {
@@ -94,11 +94,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1710146030,
-        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "lastModified": 1726560853,
+        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1725628988,
-        "narHash": "sha256-Y6TBMTGu4bddUwszGjlcOuN0soVc1Gv43hp+1sT/GNI=",
+        "lastModified": 1726611255,
+        "narHash": "sha256-/bxaYvIK6/d3zqpW26QFS0rqfd0cO4qreSNWvYLTl/w=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "127ccc3eb7e36fa75e8c3fbd8a343154f66cc1c6",
+        "rev": "d2493de5cd1da06b6a4c3e97f4e7d5dd791df457",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1725432240,
-        "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=",
+        "lastModified": 1726463316,
+        "narHash": "sha256-gI9kkaH0ZjakJOKrdjaI/VbaMEo9qBbSUl93DnU7f4c=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ad416d066ca1222956472ab7d0555a6946746a80",
+        "rev": "99dc8785f6a0adac95f5e2ab05cc2e1bf666d172",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1725647621,
-        "narHash": "sha256-GzILohiffZJQYq0dTg6PW36S0N0jV4rhcUmNbKxP+p8=",
+        "lastModified": 1726739127,
+        "narHash": "sha256-eI3C3B30nSiobx/Ld3n7ZL38Omn2zEIAwCgtgwCQaQc=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "fa9112b06f678299e8c85dade3654cf8c5d7e1b4",
+        "rev": "cb39c55630fd1660784dc5f60eb48adaeb9e950e",
         "type": "github"
       },
       "original": {

From c1eab0edeef61911777341fb8f4f4e7f19c51a21 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 20 Sep 2024 14:39:53 +0000
Subject: [PATCH 225/431] nixos: services: jellyfin: add fail2ban jail

The upstream documentation adds quotes around the IP, but I don't see
them in my logs. Let's split the difference by making them optional.
---
 modules/nixos/services/jellyfin/default.nix | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix
index f5aaa99..e8910a5 100644
--- a/modules/nixos/services/jellyfin/default.nix
+++ b/modules/nixos/services/jellyfin/default.nix
@@ -41,5 +41,21 @@ in
         };
       };
     };
+
+    services.fail2ban.jails = {
+      jellyfin = ''
+        enabled = true
+        filter = jellyfin
+        port = http,https
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/jellyfin.conf".text = ''
+        [Definition]
+        failregex = ^.*Authentication request for .* has been denied \(IP: "?<ADDR>"?\)\.
+        journalmatch = _SYSTEMD_UNIT=jellyfin.service
+      '';
+    };
   };
 }

From 129d4b3a5a6e5ad1dbd80b3a04f3ff5bc32cf6e4 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 22 Aug 2024 23:46:25 +0200
Subject: [PATCH 226/431] hosts: nixos: porthos: services: enable pdf-edit

---
 hosts/nixos/porthos/services.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index 38e827b..5792be3 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -127,6 +127,11 @@ in
       passwordFile = secrets."paperless/password".path;
       secretKeyFile = secrets."paperless/secret-key".path;
     };
+    # Sometimes, editing PDFs is useful
+    pdf-edit = {
+      enable = true;
+      loginFile = secrets."pdf-edit/login".path;
+    };
     # Podcast automatic downloader
     podgrab = {
       enable = true;

From cedac6bbf46605fffd52859dc7d5ffdb55e78cec Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 22 Sep 2024 00:43:17 +0200
Subject: [PATCH 227/431] nixos: services: mealie: add fail2ban jail

---
 modules/nixos/services/mealie/default.nix | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix
index 96b9e14..664d5ba 100644
--- a/modules/nixos/services/mealie/default.nix
+++ b/modules/nixos/services/mealie/default.nix
@@ -71,5 +71,21 @@ in
         };
       };
     };
+
+    services.fail2ban.jails = {
+      mealie = ''
+        enabled = true
+        filter = mealie
+        port = http,https
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/mealie.conf".text = ''
+        [Definition]
+        failregex = ^.*ERROR.*Incorrect username or password from <HOST>
+        journalmatch = _SYSTEMD_UNIT=mealie.service
+      '';
+    };
   };
 }

From f24cf2e16d7d25c387851a888e6615768d24b47d Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 22 Sep 2024 01:10:52 +0200
Subject: [PATCH 228/431] nixos: services: audiobookshelf: add fail2ban jail

---
 .../nixos/services/audiobookshelf/default.nix    | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/modules/nixos/services/audiobookshelf/default.nix b/modules/nixos/services/audiobookshelf/default.nix
index 8c9719d..da9ec55 100644
--- a/modules/nixos/services/audiobookshelf/default.nix
+++ b/modules/nixos/services/audiobookshelf/default.nix
@@ -35,5 +35,21 @@ in
         };
       };
     };
+
+    services.fail2ban.jails = {
+      audiobookshelf = ''
+        enabled = true
+        filter = audiobookshelf
+        port = http,https
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/audiobookshelf.conf".text = ''
+        [Definition]
+        failregex = ^.*ERROR: \[Auth\] Failed login attempt for username ".*" from ip <ADDR>
+        journalmatch = _SYSTEMD_UNIT=audiobookshelf.service
+      '';
+    };
   };
 }

From 96e1a54638c98d64a3a38fd193844d6d5c3e66da Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 22 Sep 2024 01:26:06 +0200
Subject: [PATCH 229/431] nixos: services: nextcloud: add fail2ban jail

---
 modules/nixos/services/nextcloud/default.nix | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix
index bb3169a..d173fc0 100644
--- a/modules/nixos/services/nextcloud/default.nix
+++ b/modules/nixos/services/nextcloud/default.nix
@@ -87,5 +87,25 @@ in
         "${config.services.nextcloud.home}/data/appdata_*/preview"
       ];
     };
+
+    services.fail2ban.jails = {
+      nextcloud = ''
+        enabled = true
+        filter = nextcloud
+        port = http,https
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/nextcloud.conf".text = ''
+        [Definition]
+        _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
+        datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
+        failregex = ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
+                    ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
+                    ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Two-factor challenge failed:
+        journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service
+      '';
+    };
   };
 }

From a059828a587eb271d42656d8e315c083ff47b921 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 22 Sep 2024 01:58:56 +0200
Subject: [PATCH 230/431] nixos: services: miniflux: add fail2ban jail

---
 modules/nixos/services/miniflux/default.nix | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/modules/nixos/services/miniflux/default.nix b/modules/nixos/services/miniflux/default.nix
index 5104c8b..400ae00 100644
--- a/modules/nixos/services/miniflux/default.nix
+++ b/modules/nixos/services/miniflux/default.nix
@@ -48,5 +48,21 @@ in
         inherit (cfg) port;
       };
     };
+
+    services.fail2ban.jails = {
+      miniflux = ''
+        enabled = true
+        filter = miniflux
+        port = http,https
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/miniflux.conf".text = ''
+        [Definition]
+        failregex = ^.*msg="[^"]*(Incorrect|Invalid) username or password[^"]*".*client_ip=<ADDR>
+        journalmatch = _SYSTEMD_UNIT=miniflux.service
+      '';
+    };
   };
 }

From 1aa3385e137f81cb05975829dedb90e89f1c0e6d Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 22 Sep 2024 02:12:48 +0200
Subject: [PATCH 231/431] nixos: services: navidrome: add fail2ban jail

---
 modules/nixos/services/navidrome/default.nix | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/modules/nixos/services/navidrome/default.nix b/modules/nixos/services/navidrome/default.nix
index 944a97a..c513b91 100644
--- a/modules/nixos/services/navidrome/default.nix
+++ b/modules/nixos/services/navidrome/default.nix
@@ -52,5 +52,21 @@ in
         inherit (cfg) port;
       };
     };
+
+    services.fail2ban.jails = {
+      navidrome = ''
+        enabled = true
+        filter = navidrome
+        port = http,https
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/navidrome.conf".text = ''
+        [Definition]
+        failregex = ^.*msg="Unsuccessful login".*X-Real-Ip:\[<HOST>\]
+        journalmatch = _SYSTEMD_UNIT=navidrome.service
+      '';
+    };
   };
 }

From 2b64a00dc98535f71859f66986b416d941aa0291 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 22 Sep 2024 02:13:30 +0200
Subject: [PATCH 232/431] nixos: services: flood: add fail2ban note

---
 modules/nixos/services/flood/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/nixos/services/flood/default.nix b/modules/nixos/services/flood/default.nix
index b95bac5..f3fe90b 100644
--- a/modules/nixos/services/flood/default.nix
+++ b/modules/nixos/services/flood/default.nix
@@ -27,5 +27,7 @@ in
         inherit (cfg) port;
       };
     };
+
+    # NOTE: unfortunately flood does not log connection failures for fail2ban
   };
 }

From 1f40ac4a9f09743a13e234e493eb7e9345c6d03d Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 22 Sep 2024 02:21:01 +0200
Subject: [PATCH 233/431] nixos: services: grocy: add fail2ban note

---
 modules/nixos/services/grocy/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/nixos/services/grocy/default.nix b/modules/nixos/services/grocy/default.nix
index 87927d6..9045b03 100644
--- a/modules/nixos/services/grocy/default.nix
+++ b/modules/nixos/services/grocy/default.nix
@@ -36,5 +36,7 @@ in
       forceSSL = true;
       useACMEHost = config.networking.domain;
     };
+
+    # NOTE: unfortunately grocy does not log connection failures for fail2ban
   };
 }

From 0f3c5d1d63b2fbe8a08382af1e28c571a2620b64 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 24 Sep 2024 10:43:50 +0000
Subject: [PATCH 234/431] nixos: services: transmission: add fail2ban note

---
 modules/nixos/services/transmission/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix
index aeb88b7..ac8b24d 100644
--- a/modules/nixos/services/transmission/default.nix
+++ b/modules/nixos/services/transmission/default.nix
@@ -90,5 +90,7 @@ in
       allowedTCPPorts = [ cfg.peerPort ];
       allowedUDPPorts = [ cfg.peerPort ];
     };
+
+    # NOTE: unfortunately transmission does not log connection failures for fail2ban
   };
 }

From b6279108e090c620d5d9a7fdbb4ccb556212cfb0 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 24 Sep 2024 10:44:09 +0000
Subject: [PATCH 235/431] nixos: services: vikunja: add fail2ban note

---
 modules/nixos/services/vikunja/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/nixos/services/vikunja/default.nix b/modules/nixos/services/vikunja/default.nix
index 6e7700f..7838a79 100644
--- a/modules/nixos/services/vikunja/default.nix
+++ b/modules/nixos/services/vikunja/default.nix
@@ -99,5 +99,7 @@ in
         config.services.vikunja.settings.files.basepath
       ];
     };
+
+    # NOTE: unfortunately vikunja does not log connection failures for fail2ban
   };
 }

From 3aab65d9eac7d06a987f8f92de792da400845210 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 24 Sep 2024 13:13:15 +0000
Subject: [PATCH 236/431] nixos: services: tandoor-recipes: add fail2ban note

---
 modules/nixos/services/tandoor-recipes/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix
index 48ad7a8..3447bee 100644
--- a/modules/nixos/services/tandoor-recipes/default.nix
+++ b/modules/nixos/services/tandoor-recipes/default.nix
@@ -82,5 +82,7 @@ in
         };
       };
     };
+
+    # NOTE: unfortunately tandoor-recipes does not log connection failures for fail2ban
   };
 }

From b0029448c6d5ddbfa46f2b7c4785ca82787e4fcb Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 25 Sep 2024 14:10:34 +0000
Subject: [PATCH 237/431] flake: bump inputs

---
 flake.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/flake.lock b/flake.lock
index 393a824..7112362 100644
--- a/flake.lock
+++ b/flake.lock
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1726611255,
-        "narHash": "sha256-/bxaYvIK6/d3zqpW26QFS0rqfd0cO4qreSNWvYLTl/w=",
+        "lastModified": 1727246346,
+        "narHash": "sha256-TcUaKtya339Asu+g6KTJ8h7KiKcKXKp2V+At+7tksyY=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "d2493de5cd1da06b6a4c3e97f4e7d5dd791df457",
+        "rev": "1e22ef1518fb175d762006f9cae7f6312b8caedb",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1726463316,
-        "narHash": "sha256-gI9kkaH0ZjakJOKrdjaI/VbaMEo9qBbSUl93DnU7f4c=",
+        "lastModified": 1726937504,
+        "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "99dc8785f6a0adac95f5e2ab05cc2e1bf666d172",
+        "rev": "9357f4f23713673f310988025d9dc261c20e70c6",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1726739127,
-        "narHash": "sha256-eI3C3B30nSiobx/Ld3n7ZL38Omn2zEIAwCgtgwCQaQc=",
+        "lastModified": 1727272134,
+        "narHash": "sha256-q8xoi2eO23zhOmgBtJTj0QlcABoMeVB0CAWufTR3wyw=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "cb39c55630fd1660784dc5f60eb48adaeb9e950e",
+        "rev": "8dbbe7f3575d0ff0998f92f811fb8bf4e3f0d3b1",
         "type": "github"
       },
       "original": {
@@ -194,11 +194,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1725513492,
-        "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=",
+        "lastModified": 1726745158,
+        "narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "7570de7b9b504cfe92025dd1be797bf546f66528",
+        "rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74",
         "type": "github"
       },
       "original": {

From 20db71996c678e75c999d733a713805691fa9991 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 25 Sep 2024 16:25:40 +0000
Subject: [PATCH 238/431] pkgs: add 'cgt-calc'

---
 pkgs/cgt-calc/default.nix | 47 +++++++++++++++++++++++++++++++++++++++
 pkgs/default.nix          |  2 ++
 2 files changed, 49 insertions(+)
 create mode 100644 pkgs/cgt-calc/default.nix

diff --git a/pkgs/cgt-calc/default.nix b/pkgs/cgt-calc/default.nix
new file mode 100644
index 0000000..9966944
--- /dev/null
+++ b/pkgs/cgt-calc/default.nix
@@ -0,0 +1,47 @@
+{ lib
+, fetchFromGitHub
+, python3Packages
+, withTeXLive ? true
+, texliveSmall
+}:
+python3Packages.buildPythonApplication rec {
+  pname = "cgt-calc";
+  version = "1.13.0";
+  pyproject = true;
+
+  src = fetchFromGitHub {
+    owner = "KapJI";
+    repo = "capital-gains-calculator";
+    rev = "v${version}";
+    hash = "sha256-y/Y05wG89nccXyxfjqazyPJhd8dOkfwRJre+Rzx97Hw=";
+  };
+
+  build-system = with python3Packages; [
+    poetry-core
+  ];
+
+  dependencies = with python3Packages; [
+    defusedxml
+    jinja2
+    pandas
+    requests
+    types-requests
+    yfinance
+  ];
+
+  makeWrapperArgs = lib.optionals withTeXLive [
+    "--prefix"
+    "PATH"
+    ":"
+    "${lib.getBin texliveSmall}/bin"
+  ];
+
+  meta = with lib; {
+    description = "UK capital gains tax calculator";
+    homepage = "https://github.com/KapJI/capital-gains-calculator";
+    license = with licenses; [ mit ];
+    mainProgram = "cgt-calc";
+    maintainers = with maintainers; [ ambroisie ];
+    platforms = platforms.unix;
+  };
+}
diff --git a/pkgs/default.nix b/pkgs/default.nix
index 6b7fce1..949bcf7 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -2,6 +2,8 @@
 pkgs.lib.makeScope pkgs.newScope (pkgs: {
   bw-pass = pkgs.callPackage ./bw-pass { };
 
+  cgt-calc = pkgs.callPackage ./cgt-calc { };
+
   change-audio = pkgs.callPackage ./change-audio { };
 
   change-backlight = pkgs.callPackage ./change-backlight { };

From cbba752b54825e09245088d42b0e1d0e0910f33f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 27 Sep 2024 13:44:23 +0000
Subject: [PATCH 239/431] nixos: services: nginx: remove 'literalExample'

Those examples do not use functions or any other "difficult to render"
expression.
---
 modules/nixos/services/nginx/default.nix | 72 +++++++++++-------------
 1 file changed, 32 insertions(+), 40 deletions(-)

diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix
index 7980ad9..e305b29 100644
--- a/modules/nixos/services/nginx/default.nix
+++ b/modules/nixos/services/nginx/default.nix
@@ -59,14 +59,12 @@ let
 
       extraConfig = mkOption {
         type = types.attrs; # FIXME: forward type of virtualHosts
-        example = litteralExample ''
-          {
-            locations."/socket" = {
-              proxyPass = "http://127.0.0.1:8096/";
-              proxyWebsockets = true;
-            };
-          }
-        '';
+        example = {
+          locations."/socket" = {
+            proxyPass = "http://127.0.0.1:8096/";
+            proxyWebsockets = true;
+          };
+        };
         default = { };
         description = ''
           Any extra configuration that should be applied to this virtual host.
@@ -100,26 +98,24 @@ in
     virtualHosts = mkOption {
       type = types.attrsOf virtualHostOption;
       default = { };
-      example = litteralExample ''
-        {
-          gitea = {
-            subdomain = "git";
-            port = 8080;
-          };
-          dev = {
-            root = "/var/www/dev";
-          };
-          jellyfin = {
-            port = 8096;
-            extraConfig = {
-              locations."/socket" = {
-                proxyPass = "http://127.0.0.1:8096/";
-                proxyWebsockets = true;
-              };
+      example = {
+        gitea = {
+          subdomain = "git";
+          port = 8080;
+        };
+        dev = {
+          root = "/var/www/dev";
+        };
+        jellyfin = {
+          port = 8096;
+          extraConfig = {
+            locations."/socket" = {
+              proxyPass = "http://127.0.0.1:8096/";
+              proxyWebsockets = true;
             };
           };
-        }
-      '';
+        };
+      };
       description = ''
         List of virtual hosts to set-up using default settings.
       '';
@@ -163,25 +159,21 @@ in
             };
           };
         });
-        example = litteralExample ''
-          {
-            alice = {
-              passwordHashFile = "/var/lib/nginx-sso/alice/password-hash.txt";
-              totpSecretFile = "/var/lib/nginx-sso/alice/totp-secret.txt";
-            };
-          }
-        '';
+        example = {
+          alice = {
+            passwordHashFile = "/var/lib/nginx-sso/alice/password-hash.txt";
+            totpSecretFile = "/var/lib/nginx-sso/alice/totp-secret.txt";
+          };
+        };
         description = "Definition of users";
       };
 
       groups = mkOption {
         type = with types; attrsOf (listOf str);
-        example = litteralExample ''
-          {
-            root = [ "alice" ];
-            users = [ "alice" "bob" ];
-          }
-        '';
+        example = {
+          root = [ "alice" ];
+          users = [ "alice" "bob" ];
+        };
         description = "Groups of users";
       };
     };

From 898523d079c724e16ad4f1f4b6e8f110e6d96e8f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 27 Sep 2024 13:48:26 +0000
Subject: [PATCH 240/431] treewide: fix typos

---
 hosts/nixos/porthos/services.nix             | 2 +-
 modules/home/firefox/tridactyl/tridactylrc   | 2 +-
 modules/home/mail/accounts/default.nix       | 4 ++--
 modules/home/tmux/default.nix                | 2 +-
 modules/home/vim/init.vim                    | 2 +-
 modules/home/vim/lua/ambroisie/lsp.lua       | 2 +-
 modules/home/wm/default.nix                  | 2 +-
 modules/home/wm/screen-lock/default.nix      | 4 ++--
 modules/home/xdg/default.nix                 | 2 +-
 modules/home/zsh/options.zsh                 | 2 +-
 modules/nixos/hardware/trackball/default.nix | 2 +-
 modules/nixos/profiles/default.nix           | 2 +-
 modules/nixos/services/forgejo/default.nix   | 2 +-
 modules/nixos/services/gitea/default.nix     | 2 +-
 modules/nixos/services/podgrab/default.nix   | 2 +-
 modules/nixos/services/vikunja/default.nix   | 2 +-
 modules/nixos/services/wireguard/default.nix | 2 +-
 pkgs/unbound-zones-adblock/default.nix       | 2 +-
 18 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index 5792be3..7a38cea 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -157,7 +157,7 @@ in
         enable = false;
       };
     };
-    # Because I stilll need to play sysadmin
+    # Because I still need to play sysadmin
     ssh-server.enable = true;
     # Recipe manager
     tandoor-recipes = {
diff --git a/modules/home/firefox/tridactyl/tridactylrc b/modules/home/firefox/tridactyl/tridactylrc
index 36bd59d..775719c 100644
--- a/modules/home/firefox/tridactyl/tridactylrc
+++ b/modules/home/firefox/tridactyl/tridactylrc
@@ -4,7 +4,7 @@
 " Use dark color scheme
 colorscheme dark
 
-" Make tridactyl open Vim in my prefered terminal
+" Make tridactyl open Vim in my preferred terminal
 set editorcmd @editorcmd@
 
 " Remove editor file after use
diff --git a/modules/home/mail/accounts/default.nix b/modules/home/mail/accounts/default.nix
index 8886139..202b9bc 100644
--- a/modules/home/mail/accounts/default.nix
+++ b/modules/home/mail/accounts/default.nix
@@ -58,7 +58,7 @@ in
 {
   config.accounts.email.accounts = {
     personal = lib.mkMerge [
-      # Common configuraton
+      # Common configuration
       (mkConfig {
         domain = "belanyi.fr";
         address = "bruno";
@@ -70,7 +70,7 @@ in
     ];
 
     gmail = lib.mkMerge [
-      # Common configuraton
+      # Common configuration
       (mkConfig {
         domain = "gmail.com";
         address = "brunobelanyi";
diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix
index 501b954..71ce4ca 100644
--- a/modules/home/tmux/default.nix
+++ b/modules/home/tmux/default.nix
@@ -30,7 +30,7 @@ in
       });
 
       default = { ${config.my.home.terminal.program} = { }; };
-      defaultText = litteralExpression ''
+      defaultText = literalExpression ''
         { ''${config.my.home.terminal.program} = { }; };
       '';
       example = { xterm-256color = { }; };
diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim
index 93eb133..8202cad 100644
--- a/modules/home/vim/init.vim
+++ b/modules/home/vim/init.vim
@@ -1,4 +1,4 @@
-" Basic configuraion {{{
+" Basic configuration {{{
 """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 " Use UTF-8
 set encoding=utf-8
diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua
index 1912623..eb53da6 100644
--- a/modules/home/vim/lua/ambroisie/lsp.lua
+++ b/modules/home/vim/lua/ambroisie/lsp.lua
@@ -42,7 +42,7 @@ end
 
 --- shared LSP configuration callback
 --- @param client native client configuration
---- @param bufnr int? buffer number of the attched client
+--- @param bufnr int? buffer number of the attached client
 M.on_attach = function(client, bufnr)
     -- Format on save
     lsp_format.on_attach(client, bufnr)
diff --git a/modules/home/wm/default.nix b/modules/home/wm/default.nix
index 449918a..ae1e136 100644
--- a/modules/home/wm/default.nix
+++ b/modules/home/wm/default.nix
@@ -58,7 +58,7 @@ in
               service = "some-service-name";
             }
           ];
-          description = "list of block configurations, merged with the defauls";
+          description = "list of block configurations, merged with the defaults";
         };
       };
     };
diff --git a/modules/home/wm/screen-lock/default.nix b/modules/home/wm/screen-lock/default.nix
index 3b2ead6..5e6874e 100644
--- a/modules/home/wm/screen-lock/default.nix
+++ b/modules/home/wm/screen-lock/default.nix
@@ -2,7 +2,7 @@
 let
   cfg = config.my.home.wm.screen-lock;
 
-  notficationCmd =
+  notificationCmd =
     let
       duration = toString (cfg.notify.delay * 1000);
       notifyCmd = "${lib.getExe pkgs.libnotify} -u critical -t ${duration}";
@@ -48,7 +48,7 @@ in
           "-notify"
           "${toString cfg.notify.delay}"
           "-notifier"
-          notficationCmd
+          notificationCmd
         ];
       };
     };
diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix
index e180f27..270200e 100644
--- a/modules/home/xdg/default.nix
+++ b/modules/home/xdg/default.nix
@@ -11,7 +11,7 @@ in
     enable = true;
     # File types
     mime.enable = true;
-    # File associatons
+    # File associations
     mimeApps = {
       enable = true;
     };
diff --git a/modules/home/zsh/options.zsh b/modules/home/zsh/options.zsh
index 32da8d8..7bcad03 100644
--- a/modules/home/zsh/options.zsh
+++ b/modules/home/zsh/options.zsh
@@ -12,7 +12,7 @@ setopt rc_quotes
 setopt auto_resume
 # Show history expansion before running a command
 setopt hist_verify
-# Append commands to history as they are exectuted
+# Append commands to history as they are executed
 setopt inc_append_history_time
 # Remove useless whitespace from commands
 setopt hist_reduce_blanks
diff --git a/modules/nixos/hardware/trackball/default.nix b/modules/nixos/hardware/trackball/default.nix
index 7a99247..a9b24e3 100644
--- a/modules/nixos/hardware/trackball/default.nix
+++ b/modules/nixos/hardware/trackball/default.nix
@@ -11,7 +11,7 @@ in
   config = lib.mkIf cfg.enable {
     services.xserver = {
       # This section must be *after* the one configured by `libinput`
-      # for the `ScrollMethod` configuration to not be overriden
+      # for the `ScrollMethod` configuration to not be overridden
       inputClassSections = lib.mkAfter [
         # MX Ergo
         ''
diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix
index 43d5a84..dbd4be3 100644
--- a/modules/nixos/profiles/default.nix
+++ b/modules/nixos/profiles/default.nix
@@ -1,4 +1,4 @@
-# Configuration that spans accross system and home, or are almagations of modules
+# Configuration that spans across system and home, or are almagations of modules
 { ... }:
 {
   imports = [
diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix
index 18538be..511724b 100644
--- a/modules/nixos/services/forgejo/default.nix
+++ b/modules/nixos/services/forgejo/default.nix
@@ -1,4 +1,4 @@
-# A low-ressource, full-featured git forge.
+# A low-resource, full-featured git forge.
 { config, lib, ... }:
 let
   cfg = config.my.services.forgejo;
diff --git a/modules/nixos/services/gitea/default.nix b/modules/nixos/services/gitea/default.nix
index 212f59c..95bdf42 100644
--- a/modules/nixos/services/gitea/default.nix
+++ b/modules/nixos/services/gitea/default.nix
@@ -1,4 +1,4 @@
-# A low-ressource, full-featured git forge.
+# A low-resource, full-featured git forge.
 { config, lib, ... }:
 let
   cfg = config.my.services.gitea;
diff --git a/modules/nixos/services/podgrab/default.nix b/modules/nixos/services/podgrab/default.nix
index ea89e4e..3ced8d3 100644
--- a/modules/nixos/services/podgrab/default.nix
+++ b/modules/nixos/services/podgrab/default.nix
@@ -13,7 +13,7 @@ in
       example = "/run/secrets/password.env";
       description = ''
         The path to a file containing the PASSWORD environment variable
-        definition for Podgrab's authentification.
+        definition for Podgrab's authentication.
       '';
     };
 
diff --git a/modules/nixos/services/vikunja/default.nix b/modules/nixos/services/vikunja/default.nix
index 7838a79..2753da3 100644
--- a/modules/nixos/services/vikunja/default.nix
+++ b/modules/nixos/services/vikunja/default.nix
@@ -41,7 +41,7 @@ in
         service = {
           # Only allow registration of users through the CLI
           enableregistration = false;
-          # Ues the host's timezone
+          # Use the host's timezone
           timezone = config.time.timeZone;
           # Use UNIX socket for serving the API
           unixsocket = socketPath;
diff --git a/modules/nixos/services/wireguard/default.nix b/modules/nixos/services/wireguard/default.nix
index a76e424..840ac33 100644
--- a/modules/nixos/services/wireguard/default.nix
+++ b/modules/nixos/services/wireguard/default.nix
@@ -206,7 +206,7 @@ in
       ];
     }
 
-    # Additional inteface is only used to get access to "LAN" from wireguard
+    # Additional interface is only used to get access to "LAN" from wireguard
     (lib.mkIf cfg.internal.enable {
       networking.wg-quick.interfaces."${cfg.internal.name}" = mkInterface [
         "${cfg.net.v4.subnet}.0/${toString cfg.net.v4.mask}"
diff --git a/pkgs/unbound-zones-adblock/default.nix b/pkgs/unbound-zones-adblock/default.nix
index 2a6d4b7..11a6c90 100644
--- a/pkgs/unbound-zones-adblock/default.nix
+++ b/pkgs/unbound-zones-adblock/default.nix
@@ -30,7 +30,7 @@ stdenvNoCC.mkDerivation {
     description = "Unified host lists, ready to be used by unbound";
     longDescription = ''
       This is a simple derivation based on StevenBlack's unified hosts list.
-      The files have been modified for easy use wih unbound.
+      The files have been modified for easy use with unbound.
     '';
     homepage = "https://github.com/StevenBlack/hosts";
     license = licenses.mit;

From 38f3ac0ce5883f6aee526b91240bca153019584b Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 27 Sep 2024 14:11:03 +0000
Subject: [PATCH 241/431] home: vim: lspconfig: add 'typos-lsp'

---
 modules/home/vim/default.nix                   | 3 +++
 modules/home/vim/plugin/settings/lspconfig.lua | 8 ++++++++
 2 files changed, 11 insertions(+)

diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix
index a063483..8e6bd5c 100644
--- a/modules/home/vim/default.nix
+++ b/modules/home/vim/default.nix
@@ -100,6 +100,9 @@ in
       # Shell
       bash-language-server
       shfmt
+
+      # Generic
+      typos-lsp
     ];
   };
 
diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua
index 2f355f4..9e9425c 100644
--- a/modules/home/vim/plugin/settings/lspconfig.lua
+++ b/modules/home/vim/plugin/settings/lspconfig.lua
@@ -84,3 +84,11 @@ if utils.is_executable("starpls") then
         on_attach = lsp.on_attach,
     })
 end
+
+-- Generic
+if utils.is_executable("typos-lsp") then
+    lspconfig.typos_lsp.setup({
+        capabilities = capabilities,
+        on_attach = lsp.on_attach,
+    })
+end

From 79f08ea5a1a8060db0074d3eb9576283f27ca29f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 30 Sep 2024 13:47:26 +0000
Subject: [PATCH 242/431] flake: bump inputs

---
 flake.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/flake.lock b/flake.lock
index 7112362..5c355bf 100644
--- a/flake.lock
+++ b/flake.lock
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1727246346,
-        "narHash": "sha256-TcUaKtya339Asu+g6KTJ8h7KiKcKXKp2V+At+7tksyY=",
+        "lastModified": 1727383923,
+        "narHash": "sha256-4/vacp3CwdGoPf8U4e/N8OsGYtO09WTcQK5FqYfJbKs=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "1e22ef1518fb175d762006f9cae7f6312b8caedb",
+        "rev": "ffe2d07e771580a005e675108212597e5b367d2d",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1726937504,
-        "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=",
+        "lastModified": 1727348695,
+        "narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "9357f4f23713673f310988025d9dc261c20e70c6",
+        "rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1727272134,
-        "narHash": "sha256-q8xoi2eO23zhOmgBtJTj0QlcABoMeVB0CAWufTR3wyw=",
+        "lastModified": 1727701468,
+        "narHash": "sha256-C7Trw/LSFXDpN6RcDqoH8oaXDIQsCbI7aVwOT68ElUs=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "8dbbe7f3575d0ff0998f92f811fb8bf4e3f0d3b1",
+        "rev": "a885f104ba4ef8431d0fbe7ecbabac024779afb1",
         "type": "github"
       },
       "original": {
@@ -194,11 +194,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1726745158,
-        "narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=",
+        "lastModified": 1727514110,
+        "narHash": "sha256-0YRcOxJG12VGDFH8iS8pJ0aYQQUAgo/r3ZAL+cSh9nk=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74",
+        "rev": "85f7a7177c678de68224af3402ab8ee1bcee25c8",
         "type": "github"
       },
       "original": {

From 09f763bc164946c6e548b933fad626b0a7bf689e Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 30 Sep 2024 22:10:38 +0200
Subject: [PATCH 243/431] nixos: services: add komga

---
 modules/nixos/services/default.nix       |  1 +
 modules/nixos/services/komga/default.nix | 55 ++++++++++++++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 modules/nixos/services/komga/default.nix

diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix
index 1211ee6..651f3f8 100644
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@@ -16,6 +16,7 @@
     ./grocy
     ./indexers
     ./jellyfin
+    ./komga
     ./lohr
     ./matrix
     ./mealie
diff --git a/modules/nixos/services/komga/default.nix b/modules/nixos/services/komga/default.nix
new file mode 100644
index 0000000..e1dc780
--- /dev/null
+++ b/modules/nixos/services/komga/default.nix
@@ -0,0 +1,55 @@
+# A Comics/Manga media server
+{ config, lib, ... }:
+let
+  cfg = config.my.services.komga;
+in
+{
+  options.my.services.komga = with lib; {
+    enable = mkEnableOption "Komga comics server";
+
+    port = mkOption {
+      type = types.port;
+      default = 4584;
+      example = 8080;
+      description = "Internal port for webui";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.komga = {
+      enable = true;
+      inherit (cfg) port;
+
+      group = "media";
+    };
+
+    systemd.services.komga.environment = {
+      LOGGING_LEVEL_ORG_GOTSON_KOMGA = "DEBUG"; # Needed for fail2ban
+    };
+
+    # Set-up media group
+    users.groups.media = { };
+
+    my.services.nginx.virtualHosts = {
+      komga = {
+        inherit (cfg) port;
+      };
+    };
+
+    services.fail2ban.jails = {
+      komga = ''
+        enabled = true
+        filter = komga
+        port = http,https
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/komga.conf".text = ''
+        [Definition]
+        failregex = ^.* ip=<HOST>,.*Bad credentials.*$
+        journalmatch = _SYSTEMD_UNIT=komga.service
+      '';
+    };
+  };
+}

From eec65dc6b31b02fec85b5c65e30079fad1f9227a Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 1 Oct 2024 16:54:44 +0200
Subject: [PATCH 244/431] hosts: nixos: porthos: services: remove podgrab

Podgrab is unmaintained...

I'll rely on Audiobookshelf to both download and play podcasts.
---
 hosts/nixos/porthos/services.nix | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index 7a38cea..ec3db67 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -132,13 +132,6 @@ in
       enable = true;
       loginFile = secrets."pdf-edit/login".path;
     };
-    # Podcast automatic downloader
-    podgrab = {
-      enable = true;
-      passwordFile = secrets."podgrab/password".path;
-      dataDir = "/data/media/podcasts";
-      port = 9598;
-    };
     # Regular backups
     postgresql-backup.enable = true;
     pyload = {

From b10d936c0a98aef3b4c078b7f7886e2db39758da Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 8 Oct 2024 11:35:11 +0000
Subject: [PATCH 245/431] flake: bump inputs

---
 flake.lock | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/flake.lock b/flake.lock
index 5c355bf..752a214 100644
--- a/flake.lock
+++ b/flake.lock
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1726153070,
-        "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=",
+        "lastModified": 1727826117,
+        "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a",
+        "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1727383923,
-        "narHash": "sha256-4/vacp3CwdGoPf8U4e/N8OsGYtO09WTcQK5FqYfJbKs=",
+        "lastModified": 1728337164,
+        "narHash": "sha256-VdRTjJFyq4Q9U7Z/UoC2Q5jK8vSo6E86lHc2OanXtvc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "ffe2d07e771580a005e675108212597e5b367d2d",
+        "rev": "038630363e7de57c36c417fd2f5d7c14773403e4",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1727348695,
-        "narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=",
+        "lastModified": 1728241625,
+        "narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784",
+        "rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1727701468,
-        "narHash": "sha256-C7Trw/LSFXDpN6RcDqoH8oaXDIQsCbI7aVwOT68ElUs=",
+        "lastModified": 1728385750,
+        "narHash": "sha256-M2Qgz4Opif8uN9/I/dWRtyZRcuHRv+02B1+FgJk6LyY=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "a885f104ba4ef8431d0fbe7ecbabac024779afb1",
+        "rev": "7fc13fc5ea634482f96525f06132646d5aa01f7f",
         "type": "github"
       },
       "original": {
@@ -194,11 +194,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1727514110,
-        "narHash": "sha256-0YRcOxJG12VGDFH8iS8pJ0aYQQUAgo/r3ZAL+cSh9nk=",
+        "lastModified": 1728092656,
+        "narHash": "sha256-eMeCTJZ5xBeQ0f9Os7K8DThNVSo9gy4umZLDfF5q6OM=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "85f7a7177c678de68224af3402ab8ee1bcee25c8",
+        "rev": "1211305a5b237771e13fcca0c51e60ad47326a9a",
         "type": "github"
       },
       "original": {

From 8e81d148bdda429cad565fc1cf6b327ba7eec29a Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 10 Oct 2024 13:53:19 +0000
Subject: [PATCH 246/431] home: direnv: warn on non-existent version

---
 modules/home/direnv/lib/android.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/modules/home/direnv/lib/android.sh b/modules/home/direnv/lib/android.sh
index fa2f856..64321e1 100644
--- a/modules/home/direnv/lib/android.sh
+++ b/modules/home/direnv/lib/android.sh
@@ -32,10 +32,16 @@ use_android() {
             -b|--build-tools)
                 build_tools_version="$2"
                 shift 2
+                if ! [ -e "$ANDROID_HOME/build-tools/$build_tools_version" ]; then
+                    log_error "use_android: build-tools version '$build_tools_version' does not exist"
+                fi
                 ;;
             -n|--ndk)
                 ndk_version="$2"
                 shift 2
+                if ! [ -e "$ANDROID_HOME/ndk/$ndk_version" ]; then
+                    log_error "use_android: NDK version '$ndk_version' does not exist"
+                fi
                 ;;
             --)
                 shift

From 0547ebc33c8d8891bbbeea44d31d50bc6b5dd01f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 16 Oct 2024 10:43:52 +0000
Subject: [PATCH 247/431] home: wm: i3: remove 'FIXME'

Add a clearer message about why I don't use the `startup` section.
---
 modules/home/wm/i3/default.nix | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix
index 69246f0..c432864 100644
--- a/modules/home/wm/i3/default.nix
+++ b/modules/home/wm/i3/default.nix
@@ -371,8 +371,7 @@ in
           };
 
         startup = [
-          # FIXME
-          # { commdand; always; notification; }
+          # NOTE: rely on systemd user services instead...
         ];
 
         window = {

From a09cef76c5b13c052eeed4b52531516204bd8839 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 17 Oct 2024 15:26:17 +0200
Subject: [PATCH 248/431] nixos: services: nextcloud: bump to 30

---
 modules/nixos/services/nextcloud/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix
index d173fc0..e2c4746 100644
--- a/modules/nixos/services/nextcloud/default.nix
+++ b/modules/nixos/services/nextcloud/default.nix
@@ -31,7 +31,7 @@ in
   config = lib.mkIf cfg.enable {
     services.nextcloud = {
       enable = true;
-      package = pkgs.nextcloud29;
+      package = pkgs.nextcloud30;
       hostName = "nextcloud.${config.networking.domain}";
       home = "/var/lib/nextcloud";
       maxUploadSize = cfg.maxSize;

From cf1aeaf0884d2420ed7c55d94a859ffe527f3cbf Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 23 Oct 2024 13:49:19 +0000
Subject: [PATCH 249/431] flake: bump inputs

---
 flake.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/flake.lock b/flake.lock
index 752a214..fb392a4 100644
--- a/flake.lock
+++ b/flake.lock
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1728337164,
-        "narHash": "sha256-VdRTjJFyq4Q9U7Z/UoC2Q5jK8vSo6E86lHc2OanXtvc=",
+        "lastModified": 1729551526,
+        "narHash": "sha256-7LAGY32Xl14OVQp3y6M43/0AtHYYvV6pdyBcp3eoz0s=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "038630363e7de57c36c417fd2f5d7c14773403e4",
+        "rev": "5ec753a1fc4454df9285d8b3ec0809234defb975",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1728241625,
-        "narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=",
+        "lastModified": 1729413321,
+        "narHash": "sha256-I4tuhRpZFa6Fu6dcH9Dlo5LlH17peT79vx1y1SpeKt0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1",
+        "rev": "1997e4aa514312c1af7e2bda7fad1644e778ff26",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1728385750,
-        "narHash": "sha256-M2Qgz4Opif8uN9/I/dWRtyZRcuHRv+02B1+FgJk6LyY=",
+        "lastModified": 1729688743,
+        "narHash": "sha256-Oe1PRxUAXSwRUcRIH+saPgMsIEEm7PfL81+M5IDCqvg=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "7fc13fc5ea634482f96525f06132646d5aa01f7f",
+        "rev": "2680c1d6af171ee32198c8f2f5dc07ce1d5bd2ea",
         "type": "github"
       },
       "original": {
@@ -194,11 +194,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1728092656,
-        "narHash": "sha256-eMeCTJZ5xBeQ0f9Os7K8DThNVSo9gy4umZLDfF5q6OM=",
+        "lastModified": 1729104314,
+        "narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "1211305a5b237771e13fcca0c51e60ad47326a9a",
+        "rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6",
         "type": "github"
       },
       "original": {

From 46df8b5b5b38be165849382e4c3ecc7c9e4b4201 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 21 Oct 2024 14:24:42 +0000
Subject: [PATCH 250/431] home: direnv: lib: fix shellcheck directive

I like it better with a space in it.
---
 modules/home/direnv/lib/android.sh  | 2 +-
 modules/home/direnv/lib/nix.sh      | 2 +-
 modules/home/direnv/lib/postgres.sh | 2 +-
 modules/home/direnv/lib/python.sh   | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/home/direnv/lib/android.sh b/modules/home/direnv/lib/android.sh
index 64321e1..9344aea 100644
--- a/modules/home/direnv/lib/android.sh
+++ b/modules/home/direnv/lib/android.sh
@@ -1,4 +1,4 @@
-#shellcheck shell=bash
+# shellcheck shell=bash
 
 # shellcheck disable=2155
 use_android() {
diff --git a/modules/home/direnv/lib/nix.sh b/modules/home/direnv/lib/nix.sh
index a65eb31..4b6c547 100644
--- a/modules/home/direnv/lib/nix.sh
+++ b/modules/home/direnv/lib/nix.sh
@@ -1,4 +1,4 @@
-#shellcheck shell=bash
+# shellcheck shell=bash
 
 use_pkgs() {
     if ! has nix; then
diff --git a/modules/home/direnv/lib/postgres.sh b/modules/home/direnv/lib/postgres.sh
index c2e6a8f..46e171d 100644
--- a/modules/home/direnv/lib/postgres.sh
+++ b/modules/home/direnv/lib/postgres.sh
@@ -1,4 +1,4 @@
-#shellcheck shell=bash
+# shellcheck shell=bash
 
 layout_postgres() {
     if ! has postgres || ! has initdb; then
diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh
index d1e67a2..780fbe6 100644
--- a/modules/home/direnv/lib/python.sh
+++ b/modules/home/direnv/lib/python.sh
@@ -1,4 +1,4 @@
-#shellcheck shell=bash
+# shellcheck shell=bash
 
 layout_poetry() {
     if ! has poetry; then

From 6d2ac0c473561aa75156788c26b0b7e6b442d241 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 28 Oct 2024 10:38:40 +0000
Subject: [PATCH 251/431] modules: services: matrix: remove sliding sync

The functionality has been folded into `synapse` itself, and the module
has been removed from the unstable branch.

This reverts commit b4c2cc581b6b79db1961e0aa840fad6d17ee6652.
---
 hosts/nixos/porthos/services.nix          |  3 --
 modules/nixos/services/matrix/default.nix | 39 -----------------------
 2 files changed, 42 deletions(-)

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index ec3db67..a2339f4 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -69,9 +69,6 @@ in
       mailConfigFile = secrets."matrix/mail".path;
       # Only necessary when doing the initial registration
       secretFile = secrets."matrix/secret".path;
-      slidingSync = {
-        secretFile = secrets."matrix/sliding-sync-secret".path;
-      };
     };
     mealie = {
       enable = true;
diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix
index b958f76..f423834 100644
--- a/modules/nixos/services/matrix/default.nix
+++ b/modules/nixos/services/matrix/default.nix
@@ -26,21 +26,6 @@ in
       description = "Shared secret to register users";
     };
 
-    slidingSync = {
-      port = mkOption {
-        type = types.port;
-        default = 8009;
-        example = 8084;
-        description = "Port used by sliding sync server";
-      };
-
-      secretFile = mkOption {
-        type = types.str;
-        example = "/var/lib/matrix/sliding-sync-secret-file.env";
-        description = "Secret file which contains SYNCV3_SECRET definition";
-      };
-    };
-
     mailConfigFile = mkOption {
       type = types.str;
       example = "/var/lib/matrix/email-config.yaml";
@@ -106,17 +91,6 @@ in
       ] ++ lib.optional (cfg.secretFile != null) cfg.secretFile;
     };
 
-    services.matrix-sliding-sync = {
-      enable = true;
-
-      settings = {
-        SYNCV3_SERVER = "https://${matrixDomain}";
-        SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.slidingSync.port}";
-      };
-
-      environmentFile = cfg.slidingSync.secretFile;
-    };
-
     my.services.nginx.virtualHosts = {
       # Element Web app deployment
       chat = {
@@ -130,9 +104,6 @@ in
               "m.identity_server" = {
                 "base_url" = "https://vector.im";
               };
-              "org.matrix.msc3575.proxy" = {
-                "url" = "https://matrix-sync.${domain}";
-              };
             };
             showLabsSettings = true;
             defaultCountryCode = "FR"; # cocorico
@@ -152,10 +123,6 @@ in
       matrix-client = {
         port = clientPort.private;
       };
-      # Sliding sync
-      matrix-sync = {
-        inherit (cfg.slidingSync) port;
-      };
     };
 
     # Those are too complicated to use my wrapper...
@@ -178,11 +145,6 @@ in
 
             "/_matrix" = proxyToClientPort;
             "/_synapse/client" = proxyToClientPort;
-
-            # Sliding sync
-            "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
-              proxyPass = "http://${config.services.matrix-sliding-sync.settings.SYNCV3_BINDADDR}";
-            };
           };
 
         listen = [
@@ -228,7 +190,6 @@ in
             client = {
               "m.homeserver" = { "base_url" = "https://${matrixDomain}"; };
               "m.identity_server" = { "base_url" = "https://vector.im"; };
-              "org.matrix.msc3575.proxy" = { "url" = "https://matrix-sync.${domain}"; };
             };
             # ACAO required to allow element-web on any URL to request this json file
           in

From 67eb7bdd4bfe4b78c476a3e2ef3ef09727fb992b Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 28 Oct 2024 10:43:54 +0000
Subject: [PATCH 252/431] hosts: nixos: porthos: secrets: remove matrix sync

Remove the secret, as it not used anymore.

This reverts commit 52413dcaf7d937a69002be661b8a6c26443e162c.
---
 .../nixos/porthos/secrets/matrix/sliding-sync-secret.age  | 8 --------
 hosts/nixos/porthos/secrets/secrets.nix                   | 3 ---
 2 files changed, 11 deletions(-)
 delete mode 100644 hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age

diff --git a/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age b/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age
deleted file mode 100644
index e938cfa..0000000
--- a/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age
+++ /dev/null
@@ -1,8 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 cKojmg xRtF3XVc7yPicAV/E4U7mn0itvD0h1BWBTjwunuoe2E
-OkB9sjGB3ulH4Feuyj3Ed0DBG4+mghW/Qpum9oXL/8c
--> ssh-ed25519 jPowng 1r8drqhz1yZdTq0Kvqya+ArU1C2fkN7Gg9LiWWfeUFg
-cjbxntVwHvqLaJpiKs/Y8ojeb6e3/cLFcsoeuoobfFg
---- B1qA2PylJBrdZxZtCzlU2kRPvxLM+IrXTvR+ERxVtTY
-"W9��bg��~�/��b4�Ն����I�
-�}�����-���N��C7vW�b��?�8=��w�B�UpJCl�Oș��nO�\
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix
index a8a9819..68e90f2 100644
--- a/hosts/nixos/porthos/secrets/secrets.nix
+++ b/hosts/nixos/porthos/secrets/secrets.nix
@@ -48,9 +48,6 @@ in
     owner = "matrix-synapse";
     publicKeys = all;
   };
-  "matrix/sliding-sync-secret.age" = {
-    publicKeys = all;
-  };
 
   "mealie/mail.age" = {
     publicKeys = all;

From 5b66145be378013d673db5b31514437c76991c02 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 28 Oct 2024 10:32:19 +0000
Subject: [PATCH 253/431] flake: bump inputs

---
 flake.lock | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/flake.lock b/flake.lock
index fb392a4..249cddd 100644
--- a/flake.lock
+++ b/flake.lock
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1729551526,
-        "narHash": "sha256-7LAGY32Xl14OVQp3y6M43/0AtHYYvV6pdyBcp3eoz0s=",
+        "lastModified": 1729864948,
+        "narHash": "sha256-CeGSqbN6S8JmzYJX/HqZjr7dMGlvHLLnJJarwB45lPs=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "5ec753a1fc4454df9285d8b3ec0809234defb975",
+        "rev": "0c0268a3c80d30b989d0aadbd65f38d4fa27a9a0",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1729413321,
-        "narHash": "sha256-I4tuhRpZFa6Fu6dcH9Dlo5LlH17peT79vx1y1SpeKt0=",
+        "lastModified": 1729665710,
+        "narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "1997e4aa514312c1af7e2bda7fad1644e778ff26",
+        "rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1729688743,
-        "narHash": "sha256-Oe1PRxUAXSwRUcRIH+saPgMsIEEm7PfL81+M5IDCqvg=",
+        "lastModified": 1729868220,
+        "narHash": "sha256-OxHE1U+FIIaQ50nZpt/VxLH0bokiqsEqAshehlHhOFs=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "2680c1d6af171ee32198c8f2f5dc07ce1d5bd2ea",
+        "rev": "70b30d23d33ca2acfb267430b08ddf82ff7116b2",
         "type": "github"
       },
       "original": {

From 07552f30705ac3b268cf4f2301d9b28a9ba7089d Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 21 Oct 2024 10:06:48 +0000
Subject: [PATCH 254/431] nixos: system: nix: configure GC

---
 modules/nixos/system/nix/default.nix | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/modules/nixos/system/nix/default.nix b/modules/nixos/system/nix/default.nix
index ad13539..12a395e 100644
--- a/modules/nixos/system/nix/default.nix
+++ b/modules/nixos/system/nix/default.nix
@@ -22,6 +22,10 @@ in
   options.my.system.nix = with lib; {
     enable = my.mkDisableOption "nix configuration";
 
+    gc = {
+      enable = my.mkDisableOption "nix GC configuration";
+    };
+
     cache = {
       selfHosted = my.mkDisableOption "self-hosted cache";
     };
@@ -62,6 +66,22 @@ in
       };
     }
 
+    (lib.mkIf cfg.gc.enable {
+      nix.gc = {
+        automatic = true;
+
+        # Every week, with some wiggle room
+        dates = "weekly";
+        randomizedDelaySec = "10min";
+
+        # Use a persistent timer for e.g: laptops
+        persistent = true;
+
+        # Delete old profiles automatically after 15 days
+        options = "--delete-older-than 15d";
+      };
+    })
+
     (lib.mkIf cfg.cache.selfHosted {
       nix = {
         settings = {

From 8475d92314d9e6e522910e1d96263cfa396881e4 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 21 Oct 2024 10:07:21 +0000
Subject: [PATCH 255/431] home: nix: configure GC

---
 modules/home/nix/default.nix | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/modules/home/nix/default.nix b/modules/home/nix/default.nix
index c0bbcc8..c67cc6a 100644
--- a/modules/home/nix/default.nix
+++ b/modules/home/nix/default.nix
@@ -22,6 +22,10 @@ in
   options.my.home.nix = with lib; {
     enable = my.mkDisableOption "nix configuration";
 
+    gc = {
+      enable = my.mkDisableOption "nix GC configuration";
+    };
+
     cache = {
       selfHosted = my.mkDisableOption "self-hosted cache";
     };
@@ -60,6 +64,22 @@ in
       };
     }
 
+    (lib.mkIf cfg.gc.enable {
+      nix.gc = {
+        automatic = true;
+
+        # Every week, with some wiggle room
+        frequency = "weekly";
+        randomizedDelaySec = "10min";
+
+        # Use a persistent timer for e.g: laptops
+        persistent = true;
+
+        # Delete old profiles automatically after 15 days
+        options = "--delete-older-than 15d";
+      };
+    })
+
     (lib.mkIf cfg.cache.selfHosted {
       nix = {
         settings = {

From 62de2772a40744cd5045a54c3191c373ad849332 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 4 Nov 2024 11:02:35 +0000
Subject: [PATCH 256/431] home: vim: do not italicize comments

---
 modules/home/vim/init.vim | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim
index 8202cad..0b54676 100644
--- a/modules/home/vim/init.vim
+++ b/modules/home/vim/init.vim
@@ -102,7 +102,11 @@ gruvbox.setup({
         DiffText = { fg = colors.yellow, bg = colors.bg0 },
         -- Directories "pop" better in blue
         Directory = { link = "GruvboxBlueBold" },
-    }
+    },
+    italic = {
+        -- Comments should not be italic, for e.g: box drawing
+        comments = false,
+    },
 })
 EOF
 " Use my preferred colorscheme

From 46bd23ff077063827304b9d1555a1a4f267f0c1f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 6 Nov 2024 10:53:58 +0000
Subject: [PATCH 257/431] flake: bump inputs

---
 flake.lock | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/flake.lock b/flake.lock
index 249cddd..af4cbfa 100644
--- a/flake.lock
+++ b/flake.lock
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1727826117,
-        "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
+        "lastModified": 1730504689,
+        "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
+        "rev": "506278e768c2a08bec68eb62932193e341f55c90",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1729864948,
-        "narHash": "sha256-CeGSqbN6S8JmzYJX/HqZjr7dMGlvHLLnJJarwB45lPs=",
+        "lastModified": 1730837930,
+        "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "0c0268a3c80d30b989d0aadbd65f38d4fa27a9a0",
+        "rev": "2f607e07f3ac7e53541120536708e824acccfaa8",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1729665710,
-        "narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=",
+        "lastModified": 1730785428,
+        "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d",
+        "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1729868220,
-        "narHash": "sha256-OxHE1U+FIIaQ50nZpt/VxLH0bokiqsEqAshehlHhOFs=",
+        "lastModified": 1730885145,
+        "narHash": "sha256-UPrBEY0No1O3ULb67xYjRh2r3u7MnZovfo1oYSPCIxI=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "70b30d23d33ca2acfb267430b08ddf82ff7116b2",
+        "rev": "c0d8828600ef47d475e6ec33513bf9af6eb6b991",
         "type": "github"
       },
       "original": {
@@ -194,11 +194,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1729104314,
-        "narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=",
+        "lastModified": 1730814269,
+        "narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6",
+        "rev": "d70155fdc00df4628446352fc58adc640cd705c2",
         "type": "github"
       },
       "original": {

From 7b42368e2f144cab111d8856928cfc1d21bf0489 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 11 Nov 2024 11:45:11 +0000
Subject: [PATCH 258/431] hosts: nixos: porthos: services: remove tandoor

I fully transitioned to using Mealie instead.

This reverts commit 493636decb178a23e85c593bd38cbcb1982df8cc.
---
 hosts/nixos/porthos/services.nix | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index a2339f4..109b4e5 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -149,11 +149,6 @@ in
     };
     # Because I still need to play sysadmin
     ssh-server.enable = true;
-    # Recipe manager
-    tandoor-recipes = {
-      enable = true;
-      secretKeyFile = secrets."tandoor-recipes/secret-key".path;
-    };
     # Torrent client and webui
     transmission = {
       enable = true;

From ab8a5daefe9773dbb69fce4667910819f748cb94 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 14 Nov 2024 20:05:06 +0000
Subject: [PATCH 259/431] hosts: porthos: secrets: acme: use OVH API

I switched registrar, as OVH was ~4x cheaper.

This needs a small change to the module to both refer to OVH instead of
Gandi in the documentation, and make use of the correct API.

I also needed to disable the propagation check, as it looks like OVH is
slower than Gandi, and leads to spurious errors...
---
 hosts/nixos/porthos/secrets/acme/dns-key.age | 15 ++++++++-------
 modules/nixos/services/nginx/default.nix     |  6 ++++--
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/hosts/nixos/porthos/secrets/acme/dns-key.age b/hosts/nixos/porthos/secrets/acme/dns-key.age
index fce2a84..d7f159e 100644
--- a/hosts/nixos/porthos/secrets/acme/dns-key.age
+++ b/hosts/nixos/porthos/secrets/acme/dns-key.age
@@ -1,8 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg bQFr9oAnbo1rI/MpUV8wQz/Xj7iZY4ZU+Swf0nSIQFw
-zama2XJ0gdvUlD2GHMhmZqHSxHe+dKSfXnHoWDcSw7Y
--> ssh-ed25519 jPowng gitUwSKTNKWLSxnwa185O7x/u0ul93g8wPESdZaKRk8
-uvBIfAUkZp5sg6rfeEGvL5ZDV8m2uSEotW02kjPN3Hw
---- SZxe5f/CUZBvPQa2Sz/UBY3L68rMkIGGRuZPk7YE+Vg
-�r��&���{~v?�}=�
-}+�SQ�M[�]��kM�A�t��mM�/��Ls�|ޅm�C��iYC}����x��
\ No newline at end of file
+-> ssh-ed25519 cKojmg Ec0xt1uJTva8MxUdoTVX5m3uWaIiRlodf345FEM7Uzs
+aJIneWFJPB5HVeoUGp57agXih9YeZ6xMEbyQ+zJtWQY
+-> ssh-ed25519 jPowng B5XotRgv7s/FUegGhceBj7EoukewNUOIFl4TFRQf1EQ
+PgGCBd/Pqwp7ayqi7okHBGF1SfFpwT4KlHJ/np6p2uQ
+--- AeLgwGz6k3OABb53cXNaCU/sgI4FlU1s6p8PhAaFOlg
+1��CԹ�ULfI1�Hm���b}m�� �š�g��0����`X�G>\>�8r�z+��Y���`�ʢ.JBU�!z¸Z50�*��ٟ�����I���]����I
+ĵ���o�۰�g�������¿�t��n���cz[�{
+j��&���N�N�o{����-eP�=L��6�.SP:�e��
\ No newline at end of file
diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix
index e305b29..e5a87de 100644
--- a/modules/nixos/services/nginx/default.nix
+++ b/modules/nixos/services/nginx/default.nix
@@ -86,7 +86,7 @@ in
         type = types.str;
         example = "/var/lib/acme/creds.env";
         description = ''
-          Gandi API key file as an 'EnvironmentFile' (see `systemd.exec(5)`)
+          OVH API key file as an 'EnvironmentFile' (see `systemd.exec(5)`)
         '';
       };
     };
@@ -281,6 +281,7 @@ in
 
                 locations."/" = {
                   extraConfig =
+                    # FIXME: check that X-User is dropped otherwise
                     (args.extraConfig.locations."/".extraConfig or "") + ''
                       # Use SSO
                       auth_request /sso-auth;
@@ -414,7 +415,8 @@ in
         {
           "${domain}" = {
             extraDomainNames = [ "*.${domain}" ];
-            dnsProvider = "gandiv5";
+            dnsProvider = "ovh";
+            dnsPropagationCheck = false; # OVH is slow
             inherit (cfg.acme) credentialsFile;
           };
         };

From 138d4d2bd9d7460dbe2bb48c1473c5bf9a07522e Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 15 Nov 2024 21:36:11 +0100
Subject: [PATCH 260/431] nixos: services: nextcloud: add collabora

This needs to be configured through the "Nextcloud Office" app,
specifically the WOPI setting is important for security (I put both the
external IP, as well as `::1` and `127.0.0.1`).
---
 .../nixos/services/nextcloud/collabora.nix    | 58 +++++++++++++++++++
 modules/nixos/services/nextcloud/default.nix  |  4 ++
 2 files changed, 62 insertions(+)
 create mode 100644 modules/nixos/services/nextcloud/collabora.nix

diff --git a/modules/nixos/services/nextcloud/collabora.nix b/modules/nixos/services/nextcloud/collabora.nix
new file mode 100644
index 0000000..d62181f
--- /dev/null
+++ b/modules/nixos/services/nextcloud/collabora.nix
@@ -0,0 +1,58 @@
+# Document editor with Nextcloud
+{ config, lib, ... }:
+let
+  cfg = config.my.services.nextcloud.collabora;
+in
+{
+  options.my.services.nextcloud.collabora = with lib; {
+    enable = mkEnableOption "Collabora integration";
+
+    port = mkOption {
+      type = types.port;
+      default = 9980;
+      example = 8080;
+      description = "Internal port for API";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.collabora-online = {
+      enable = true;
+      inherit (cfg) port;
+
+      aliasGroups = [
+        {
+          host = "https://collabora.${config.networking.domain}";
+          # Allow using from nextcloud
+          aliases = [ "https://${config.services.nextcloud.hostName}" ];
+        }
+      ];
+
+      settings = {
+        # Rely on reverse proxy for SSL
+        ssl = {
+          enable = false;
+          termination = true;
+        };
+      };
+    };
+
+    my.services.nginx.virtualHosts = {
+      collabora = {
+        inherit (cfg) port;
+
+        extraConfig = {
+          # Too bad for the repetition...
+          locations."~ ^/cool/(.*)/ws$" = {
+            proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}";
+            proxyWebsockets = true;
+          };
+          locations."^~ /cool/adminws" = {
+            proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}";
+            proxyWebsockets = true;
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix
index e2c4746..fe94177 100644
--- a/modules/nixos/services/nextcloud/default.nix
+++ b/modules/nixos/services/nextcloud/default.nix
@@ -4,6 +4,10 @@ let
   cfg = config.my.services.nextcloud;
 in
 {
+  imports = [
+    ./collabora.nix
+  ];
+
   options.my.services.nextcloud = with lib; {
     enable = mkEnableOption "Nextcloud";
     maxSize = mkOption {

From ae230b5df7b17e222e5cebe8fc055c01d0361f24 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 15 Nov 2024 21:38:16 +0100
Subject: [PATCH 261/431] hosts: porthos: services: enable collabora

---
 hosts/nixos/porthos/services.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index 109b4e5..ffd150a 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -95,6 +95,9 @@ in
     nextcloud = {
       enable = true;
       passwordFile = secrets."nextcloud/password".path;
+      collabora = {
+        enable = true;
+      };
     };
     nix-cache = {
       enable = true;

From e9d96138d5b5c6c678e2298618a3faa444bd37a9 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 19 Nov 2024 15:46:31 +0000
Subject: [PATCH 262/431] nixos: services: nginx: add 'websocketsLocations'

This accounts for the overwhelming majority of my usage of
`extraConfig`.
---
 modules/nixos/services/nginx/default.nix | 44 ++++++++++++++++++------
 1 file changed, 34 insertions(+), 10 deletions(-)

diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix
index e5a87de..5a372ed 100644
--- a/modules/nixos/services/nginx/default.nix
+++ b/modules/nixos/services/nginx/default.nix
@@ -17,6 +17,16 @@ let
         '';
       };
 
+      websocketsLocations = mkOption {
+        type = with types; listOf str;
+        default = [ ];
+        example = [ "/socket" ];
+        description = ''
+          Which locations on this virtual host should be configured for
+          websockets.
+        '';
+      };
+
       port = mkOption {
         type = with types; nullOr port;
         default = null;
@@ -108,12 +118,7 @@ in
         };
         jellyfin = {
           port = 8096;
-          extraConfig = {
-            locations."/socket" = {
-              proxyPass = "http://127.0.0.1:8096/";
-              proxyWebsockets = true;
-            };
-          };
+          websocketsLocations = [ "/socket" ];
         };
       };
       description = ''
@@ -195,6 +200,19 @@ in
           } configured.
         '';
       }))
+      ++ (lib.flip lib.mapAttrsToList cfg.virtualHosts (_: { subdomain, ... } @ args:
+      let
+        proxyPass = [ "port" "socket" ];
+        proxyPassUsed = lib.any (v: args.${v} != null) proxyPass;
+      in
+      {
+        assertion = args.websocketsLocations != [ ] -> proxyPassUsed;
+        message = ''
+          Subdomain '${subdomain}' can only use 'websocketsLocations' with one of ${
+            lib.concatStringsSep ", " (builtins.map (v: "'${v}'") proxyPass)
+          }.
+        '';
+      }))
       ++ (
       let
         ports = lib.my.mapFilter
@@ -241,6 +259,14 @@ in
       virtualHosts =
         let
           domain = config.networking.domain;
+          mkProxyPass = { websocketsLocations, ... }: proxyPass:
+            let
+              websockets = lib.genAttrs websocketsLocations (_: {
+                inherit proxyPass;
+                proxyWebsockets = true;
+              });
+            in
+            { "/" = { inherit proxyPass; }; } // websockets;
           mkVHost = ({ subdomain, ... } @ args: lib.nameValuePair
             "${subdomain}.${domain}"
             (lib.my.recursiveMerge [
@@ -251,8 +277,7 @@ in
               }
               # Proxy to port
               (lib.optionalAttrs (args.port != null) {
-                locations."/".proxyPass =
-                  "http://127.0.0.1:${toString args.port}";
+                locations = mkProxyPass args "http://127.0.0.1:${toString args.port}";
               })
               # Serve filesystem content
               (lib.optionalAttrs (args.root != null) {
@@ -260,8 +285,7 @@ in
               })
               # Serve to UNIX socket
               (lib.optionalAttrs (args.socket != null) {
-                locations."/".proxyPass =
-                  "http://unix:${args.socket}";
+                locations = mkProxyPass args "http://unix:${args.socket}";
               })
               # Redirect to a different domain
               (lib.optionalAttrs (args.redirect != null) {

From 6a1a35a3840bc40cc095a6e98702b705e67aa43f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 19 Nov 2024 15:49:31 +0000
Subject: [PATCH 263/431] nixos: services: migrate to 'websocketsLocations'

---
 modules/nixos/services/aria/default.nix          |  4 +---
 .../nixos/services/audiobookshelf/default.nix    |  4 +---
 modules/nixos/services/jellyfin/default.nix      |  6 +-----
 modules/nixos/services/nextcloud/collabora.nix   | 16 ++++------------
 modules/nixos/services/paperless/default.nix     |  6 +-----
 5 files changed, 8 insertions(+), 28 deletions(-)

diff --git a/modules/nixos/services/aria/default.nix b/modules/nixos/services/aria/default.nix
index 2d1b3e2..acbf0b7 100644
--- a/modules/nixos/services/aria/default.nix
+++ b/modules/nixos/services/aria/default.nix
@@ -65,9 +65,7 @@ in
       aria-rpc = {
         port = cfg.rpcPort;
         # Proxy websockets for RPC
-        extraConfig = {
-          locations."/".proxyWebsockets = true;
-        };
+        websocketsLocations = [ "/" ];
       };
     };
 
diff --git a/modules/nixos/services/audiobookshelf/default.nix b/modules/nixos/services/audiobookshelf/default.nix
index da9ec55..04ec8b9 100644
--- a/modules/nixos/services/audiobookshelf/default.nix
+++ b/modules/nixos/services/audiobookshelf/default.nix
@@ -30,9 +30,7 @@ in
       audiobookshelf = {
         inherit (cfg) port;
         # Proxy websockets for RPC
-        extraConfig = {
-          locations."/".proxyWebsockets = true;
-        };
+        websocketsLocations = [ "/" ];
       };
     };
 
diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix
index e8910a5..6edeb67 100644
--- a/modules/nixos/services/jellyfin/default.nix
+++ b/modules/nixos/services/jellyfin/default.nix
@@ -27,17 +27,13 @@ in
     my.services.nginx.virtualHosts = {
       jellyfin = {
         port = 8096;
+        websocketsLocations = [ "/socket" ];
         extraConfig = {
           locations."/" = {
             extraConfig = ''
               proxy_buffering off;
             '';
           };
-          # Too bad for the repetition...
-          locations."/socket" = {
-            proxyPass = "http://127.0.0.1:8096/";
-            proxyWebsockets = true;
-          };
         };
       };
     };
diff --git a/modules/nixos/services/nextcloud/collabora.nix b/modules/nixos/services/nextcloud/collabora.nix
index d62181f..f8f42a7 100644
--- a/modules/nixos/services/nextcloud/collabora.nix
+++ b/modules/nixos/services/nextcloud/collabora.nix
@@ -40,18 +40,10 @@ in
     my.services.nginx.virtualHosts = {
       collabora = {
         inherit (cfg) port;
-
-        extraConfig = {
-          # Too bad for the repetition...
-          locations."~ ^/cool/(.*)/ws$" = {
-            proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}";
-            proxyWebsockets = true;
-          };
-          locations."^~ /cool/adminws" = {
-            proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}";
-            proxyWebsockets = true;
-          };
-        };
+        websocketsLocations = [
+          "~ ^/cool/(.*)/ws$"
+          "^~ /cool/adminws"
+        ];
       };
     };
   };
diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix
index f62879a..eceae1c 100644
--- a/modules/nixos/services/paperless/default.nix
+++ b/modules/nixos/services/paperless/default.nix
@@ -152,11 +152,7 @@ in
         sso = {
           enable = true;
         };
-
-        # Enable websockets on root
-        extraConfig = {
-          locations."/".proxyWebsockets = true;
-        };
+        websocketsLocations = [ "/" ];
       };
     };
 

From 60050113bc6a167449a56f0a17f2820e776f97bf Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 19 Nov 2024 15:53:19 +0000
Subject: [PATCH 264/431] nixos: services: nginx: modify example

Now that `websocketLocations` exists, it makes little sense to use
`proxyWebsockets` in an example, so use a different one.
---
 modules/nixos/services/nginx/default.nix | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix
index 5a372ed..3bba9f4 100644
--- a/modules/nixos/services/nginx/default.nix
+++ b/modules/nixos/services/nginx/default.nix
@@ -70,10 +70,13 @@ let
       extraConfig = mkOption {
         type = types.attrs; # FIXME: forward type of virtualHosts
         example = {
-          locations."/socket" = {
-            proxyPass = "http://127.0.0.1:8096/";
-            proxyWebsockets = true;
-          };
+          extraConfig = ''
+            add_header X-Clacks-Overhead "GNU Terry Pratchett";
+          '';
+
+          locations."/".extraConfig = ''
+            client_max_body_size 1G;
+          '';
         };
         default = { };
         description = ''

From 2ffbc13513088245c5bdfa680a34eeb40468fbf1 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 20 Nov 2024 21:05:16 +0100
Subject: [PATCH 265/431] flake: bump inputs

---
 flake.lock | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/flake.lock b/flake.lock
index af4cbfa..fd8354f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -94,11 +94,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1726560853,
-        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1730837930,
-        "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=",
+        "lastModified": 1732025103,
+        "narHash": "sha256-qjEI64RKvDxRyEarY0jTzrZMa8ebezh2DEZmJJrpVdo=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2f607e07f3ac7e53541120536708e824acccfaa8",
+        "rev": "a46e702093a5c46e192243edbd977d5749e7f294",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1730785428,
-        "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=",
+        "lastModified": 1732014248,
+        "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7",
+        "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1730885145,
-        "narHash": "sha256-UPrBEY0No1O3ULb67xYjRh2r3u7MnZovfo1oYSPCIxI=",
+        "lastModified": 1732131502,
+        "narHash": "sha256-kWc3mjgEUh+2xzaluNxLMvEHRkfJ37pRBtXcwekKefM=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "c0d8828600ef47d475e6ec33513bf9af6eb6b991",
+        "rev": "13b44543c4e5d20bb2976ddde846c7341e4c41dd",
         "type": "github"
       },
       "original": {
@@ -194,11 +194,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1730814269,
-        "narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=",
+        "lastModified": 1732021966,
+        "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "d70155fdc00df4628446352fc58adc640cd705c2",
+        "rev": "3308484d1a443fc5bc92012435d79e80458fe43c",
         "type": "github"
       },
       "original": {

From 7f0cd6612eccf07046df860650f2f95ad85fea95 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 14 Nov 2024 21:29:24 +0100
Subject: [PATCH 266/431] nixos: services: paperless: remove MKL work-around

Instead, rely on the upstream service's work-around [1].

This will reduce the amount of package builds I need to do when updating
my server...

[1]: https://github.com/NixOS/nixpkgs/pull/299008

This reverts commit e2ec4d3032ee3d3dc3be935b0e2af9ad7ff0c511.
---
 modules/nixos/services/paperless/default.nix | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix
index eceae1c..321dfa3 100644
--- a/modules/nixos/services/paperless/default.nix
+++ b/modules/nixos/services/paperless/default.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
 let
   cfg = config.my.services.paperless;
 in
@@ -80,9 +80,6 @@ in
           # Misc
           PAPERLESS_TIME_ZONE = config.time.timeZone;
           PAPERLESS_ADMIN_USER = cfg.username;
-
-          # Fix classifier hangs
-          LD_LIBRARY_PATH = "${lib.getLib pkgs.mkl}/lib";
         };
 
       # Admin password

From 6a5c4a627aa9b26a7aeb7e324ae9b3b533f9a04f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 18 Nov 2024 13:31:08 +0100
Subject: [PATCH 267/431] nixos: services: pyload: add fail2ban jail

---
 modules/nixos/services/pyload/default.nix | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/modules/nixos/services/pyload/default.nix b/modules/nixos/services/pyload/default.nix
index 88889bf..7257d0f 100644
--- a/modules/nixos/services/pyload/default.nix
+++ b/modules/nixos/services/pyload/default.nix
@@ -53,6 +53,20 @@ in
       };
     };
 
-    # FIXME: fail2ban
+    services.fail2ban.jails = {
+      pyload = ''
+        enabled = true
+        filter = pyload
+        port = http,https
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/pyload.conf".text = ''
+        [Definition]
+        failregex = ^.*Login failed for user '<F-USER>.*</F-USER>' \[CLIENT: <HOST>\]$
+        journalmatch = _SYSTEMD_UNIT=pyload.service
+      '';
+    };
   };
 }

From fe49e470269f9f8a2445e7ce6f219a4fd6d18561 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 27 Nov 2024 12:02:29 +0000
Subject: [PATCH 268/431] flake: bump inputs

---
 flake.lock | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/flake.lock b/flake.lock
index fd8354f..cd3f50c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1732025103,
-        "narHash": "sha256-qjEI64RKvDxRyEarY0jTzrZMa8ebezh2DEZmJJrpVdo=",
+        "lastModified": 1732482255,
+        "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "a46e702093a5c46e192243edbd977d5749e7f294",
+        "rev": "a9953635d7f34e7358d5189751110f87e3ac17da",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1732014248,
-        "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
+        "lastModified": 1732521221,
+        "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
+        "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1732131502,
-        "narHash": "sha256-kWc3mjgEUh+2xzaluNxLMvEHRkfJ37pRBtXcwekKefM=",
+        "lastModified": 1732704680,
+        "narHash": "sha256-x3NlO2qzuobU9BrynzydX7X9oskJpysv7BI7DJ5cVSE=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "13b44543c4e5d20bb2976ddde846c7341e4c41dd",
+        "rev": "31a30f0862fd8b5f88a6597382bb09197356b19e",
         "type": "github"
       },
       "original": {

From e39fef275c2eee50708080e932ae48bb1845c997 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 27 Nov 2024 12:05:41 +0000
Subject: [PATCH 269/431] nixos: services: paperless: use 'environmentFile'

That way I don't have to configure all services to make use of it.

Someday I'll find the will to add the `postgresql.service` dependency
upstream, truly removing the need to configure any service at all.
---
 modules/nixos/services/paperless/default.nix | 19 +++----------------
 1 file changed, 3 insertions(+), 16 deletions(-)

diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix
index 321dfa3..c8967e1 100644
--- a/modules/nixos/services/paperless/default.nix
+++ b/modules/nixos/services/paperless/default.nix
@@ -84,43 +84,30 @@ in
 
       # Admin password
       passwordFile = cfg.passwordFile;
+
+      # Secret key
+      environmentFile = cfg.secretKeyFile;
     };
 
     systemd.services = {
       paperless-scheduler = {
         requires = [ "postgresql.service" ];
         after = [ "postgresql.service" ];
-
-        serviceConfig = {
-          EnvironmentFile = cfg.secretKeyFile;
-        };
       };
 
       paperless-consumer = {
         requires = [ "postgresql.service" ];
         after = [ "postgresql.service" ];
-
-        serviceConfig = {
-          EnvironmentFile = cfg.secretKeyFile;
-        };
       };
 
       paperless-web = {
         requires = [ "postgresql.service" ];
         after = [ "postgresql.service" ];
-
-        serviceConfig = {
-          EnvironmentFile = cfg.secretKeyFile;
-        };
       };
 
       paperless-task-queue = {
         requires = [ "postgresql.service" ];
         after = [ "postgresql.service" ];
-
-        serviceConfig = {
-          EnvironmentFile = cfg.secretKeyFile;
-        };
       };
     };
 

From f2168378fc1b658eeb24ec364953c4160de041f7 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 27 Nov 2024 15:12:10 +0000
Subject: [PATCH 270/431] home: direnv: lib: also watch '.python-version'

It's used by `uv` as a kind of configuration file, so watch it as well.
---
 modules/home/direnv/lib/python.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh
index 780fbe6..b4b2bce 100644
--- a/modules/home/direnv/lib/python.sh
+++ b/modules/home/direnv/lib/python.sh
@@ -53,4 +53,5 @@ layout_uv() {
     PATH_add "$VIRTUAL_ENV/bin"
     watch_file pyproject.toml
     watch_file uv.lock
+    watch_file .python-version
 }

From 83da7ba9c8c8d54b8fd7585ee009505e9a36dafa Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 28 Nov 2024 11:24:30 +0000
Subject: [PATCH 271/431] home: tmux: explicitly disable mouse support

It's disabled by default, but make it explicit :-).
---
 modules/home/tmux/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix
index 71ce4ca..dc7fed1 100644
--- a/modules/home/tmux/default.nix
+++ b/modules/home/tmux/default.nix
@@ -47,6 +47,7 @@ in
     clock24 = true; # I'm one of those heathens
     escapeTime = 0; # Let vim do its thing instead
     historyLimit = 100000; # Bigger buffer
+    mouse = false; # I dislike mouse support
     terminal = "tmux-256color"; # I want accurate termcap info
 
     plugins = with pkgs.tmuxPlugins; [

From e8a41187e75b84cee2aae14663bb4fd5229e256d Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 28 Nov 2024 12:05:45 +0000
Subject: [PATCH 272/431] home: xdg: create 'HISTFILE' parent directory

In fbd3b70d61bd733af033545d4cfe4809fbb068a3, I forgot to modify the
`.keep` file to be created in `$XDG_STATE_HOME/bash/`.
---
 modules/home/xdg/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix
index 270200e..e4c1887 100644
--- a/modules/home/xdg/default.nix
+++ b/modules/home/xdg/default.nix
@@ -30,11 +30,11 @@ in
     };
     # A tidy home is a tidy mind
     dataFile = {
-      "bash/.keep".text = "";
       "gdb/.keep".text = "";
       "tig/.keep".text = "";
     };
     stateFile = {
+      "bash/.keep".text = "";
       "python/.keep".text = "";
     };
   };

From 8b61af1ac3cff8450234534b29420a51aa4b9de5 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 28 Nov 2024 12:07:07 +0000
Subject: [PATCH 273/431] home: xdg: remove 'gdb' directory

I have an actual module to configure `gdb`, and it uses
`$XDG_STATE_HOME` anyway...
---
 modules/home/xdg/default.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix
index e4c1887..479ba1e 100644
--- a/modules/home/xdg/default.nix
+++ b/modules/home/xdg/default.nix
@@ -30,7 +30,6 @@ in
     };
     # A tidy home is a tidy mind
     dataFile = {
-      "gdb/.keep".text = "";
       "tig/.keep".text = "";
     };
     stateFile = {

From da3c29bbafe60b2e30172a6c5da452b2efeb8a34 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 28 Nov 2024 12:07:50 +0000
Subject: [PATCH 274/431] home: xdg: add comment about 'tig'

To explain why I didn't modify it as part of my `$XDG_STATE_HOME`
migration in fbd3b70d61bd733af033545d4cfe4809fbb068a3.
---
 modules/home/xdg/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix
index 479ba1e..803167f 100644
--- a/modules/home/xdg/default.nix
+++ b/modules/home/xdg/default.nix
@@ -30,7 +30,7 @@ in
     };
     # A tidy home is a tidy mind
     dataFile = {
-      "tig/.keep".text = "";
+      "tig/.keep".text = ""; # `tig` uses `XDG_DATA_HOME` specifically...
     };
     stateFile = {
       "bash/.keep".text = "";

From b38658405ad50a54876c5c7537e6f1815542c83c Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 28 Nov 2024 12:17:31 +0000
Subject: [PATCH 275/431] home: tmux: add binding to refresh configuration

Don't rely on `tmux-sensible` to set it up.
---
 modules/home/tmux/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix
index dc7fed1..23dff05 100644
--- a/modules/home/tmux/default.nix
+++ b/modules/home/tmux/default.nix
@@ -81,6 +81,9 @@ in
     ];
 
     extraConfig = ''
+      # Refresh configuration
+      bind-key -N "Source tmux.conf" R source-file ${config.xdg.configHome}/tmux/tmux.conf \; display-message "Sourced tmux.conf!"
+
       # Better vim mode
       bind-key -T copy-mode-vi 'v' send -X begin-selection
       ${

From 98c90d77c51b74dc5888c7e0647fdd9f35511964 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 28 Nov 2024 12:50:29 +0000
Subject: [PATCH 276/431] home: tmux: add sloppy window switching bindings

Another set of bindings which were setup by `tmux-sensible`, that I want
to enable explicitly to avoid issues when it is disabled by default.
---
 modules/home/tmux/default.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix
index 23dff05..bb23b44 100644
--- a/modules/home/tmux/default.nix
+++ b/modules/home/tmux/default.nix
@@ -84,6 +84,10 @@ in
       # Refresh configuration
       bind-key -N "Source tmux.conf" R source-file ${config.xdg.configHome}/tmux/tmux.conf \; display-message "Sourced tmux.conf!"
 
+      # Accept sloppy Ctrl key when switching windows, on top of default mapping
+      bind-key -N "Select the previous window" C-p previous-window
+      bind-key -N "Select the next window" C-n next-window
+
       # Better vim mode
       bind-key -T copy-mode-vi 'v' send -X begin-selection
       ${

From c74acda957fb2fb86560e7507390b482b2705ebf Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 28 Nov 2024 19:58:50 +0000
Subject: [PATCH 277/431] nixos: system: packages: remove 'wget'

---
 modules/nixos/system/packages/default.nix | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/modules/nixos/system/packages/default.nix b/modules/nixos/system/packages/default.nix
index ebea06f..6a78ff6 100644
--- a/modules/nixos/system/packages/default.nix
+++ b/modules/nixos/system/packages/default.nix
@@ -1,5 +1,5 @@
 # Common packages
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
 let
   cfg = config.my.system.packages;
 in
@@ -13,10 +13,6 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    environment.systemPackages = with pkgs; [
-      wget
-    ];
-
     programs = {
       vim = {
         enable = true;

From 3ac85b87623fb4d64c93c996d21ffac7fd832979 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 29 Nov 2024 14:29:32 +0000
Subject: [PATCH 278/431] home: packages: add 'tree'

---
 modules/home/packages/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/home/packages/default.nix b/modules/home/packages/default.nix
index 1362a06..b0f8d67 100644
--- a/modules/home/packages/default.nix
+++ b/modules/home/packages/default.nix
@@ -26,6 +26,7 @@ in
       fd
       file
       ripgrep
+      tree
     ] ++ cfg.additionalPackages);
 
     nixpkgs.config = {

From baa853477d78bfd63cbed78c1d9e703a4d8c3d9d Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 2 Dec 2024 20:36:37 +0000
Subject: [PATCH 279/431] nixos: hardware: sound: remove ALSA

`sound.enable` was removed from the latest release, and is unnecessary
with PulseAudio.
---
 modules/nixos/hardware/sound/default.nix | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/modules/nixos/hardware/sound/default.nix b/modules/nixos/hardware/sound/default.nix
index e8ba7f7..1cf12cb 100644
--- a/modules/nixos/hardware/sound/default.nix
+++ b/modules/nixos/hardware/sound/default.nix
@@ -54,9 +54,6 @@ in
 
     # Pulseaudio setup
     (lib.mkIf cfg.pulse.enable {
-      # ALSA
-      sound.enable = true;
-
       hardware.pulseaudio.enable = true;
     })
   ]);

From ad1cfbd6f03e0b38f690d8563af02c1c04d8b731 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 3 Dec 2024 10:43:09 +0000
Subject: [PATCH 280/431] flake: bump inputs

Allow-list the build inputs for `sonarr` until the package is fixed
upstream [1].

[1]: https://github.com/NixOS/nixpkgs/issues/360592
---
 flake.lock                                 | 18 +++++++++---------
 modules/nixos/services/servarr/default.nix | 10 ++++++++++
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/flake.lock b/flake.lock
index cd3f50c..0aeab37 100644
--- a/flake.lock
+++ b/flake.lock
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1732482255,
-        "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=",
+        "lastModified": 1733175814,
+        "narHash": "sha256-zFOtOaqjzZfPMsm1mwu98syv3y+jziAq5DfWygaMtLg=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "a9953635d7f34e7358d5189751110f87e3ac17da",
+        "rev": "bf23fe41082aa0289c209169302afd3397092f22",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1732521221,
-        "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=",
+        "lastModified": 1733015953,
+        "narHash": "sha256-t4BBVpwG9B4hLgc6GUBuj3cjU7lP/PJfpTHuSqE+crk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d",
+        "rev": "ac35b104800bff9028425fec3b6e8a41de2bbfff",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1732704680,
-        "narHash": "sha256-x3NlO2qzuobU9BrynzydX7X9oskJpysv7BI7DJ5cVSE=",
+        "lastModified": 1733215745,
+        "narHash": "sha256-RIlhnKlObJ1sEdzBP6Nuy4jLUiQnmWWXVsRHRbv6SzY=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "31a30f0862fd8b5f88a6597382bb09197356b19e",
+        "rev": "251d756a74e67bda25d89327b01a3da19dddabae",
         "type": "github"
       },
       "original": {
diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix
index e25d9cf..4aa0de7 100644
--- a/modules/nixos/services/servarr/default.nix
+++ b/modules/nixos/services/servarr/default.nix
@@ -96,5 +96,15 @@ in
     # Sonarr for shows
     (mkFullConfig "sonarr")
     (mkFail2Ban "sonarr")
+
+    # HACK: until https://github.com/NixOS/nixpkgs/issues/360592 is resolved
+    (lib.mkIf cfg.sonarr.enable {
+      nixpkgs.config.permittedInsecurePackages = [
+        "aspnetcore-runtime-6.0.36"
+        "aspnetcore-runtime-wrapped-6.0.36"
+        "dotnet-sdk-6.0.428"
+        "dotnet-sdk-wrapped-6.0.428"
+      ];
+    })
   ]);
 }

From 35c547a090afdf77a1fb42125170649ef1247ab8 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 3 Dec 2024 10:43:33 +0000
Subject: [PATCH 281/431] home: tmux: enable focus events

Since `tmux-sensible` was disabled by default, we should enable this
explicitly now.
---
 modules/home/tmux/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix
index bb23b44..ae8b8f0 100644
--- a/modules/home/tmux/default.nix
+++ b/modules/home/tmux/default.nix
@@ -48,6 +48,7 @@ in
     escapeTime = 0; # Let vim do its thing instead
     historyLimit = 100000; # Bigger buffer
     mouse = false; # I dislike mouse support
+    focusEvents = true; # Report focus events
     terminal = "tmux-256color"; # I want accurate termcap info
 
     plugins = with pkgs.tmuxPlugins; [

From 19120bca2943d5a03d9116bc547f89197059694b Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 8 Dec 2024 16:08:48 -0500
Subject: [PATCH 282/431] nixos: hardware: graphics: use 'initrd' option

---
 modules/nixos/hardware/graphics/default.nix | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/modules/nixos/hardware/graphics/default.nix b/modules/nixos/hardware/graphics/default.nix
index 89bb1cd..7d8b359 100644
--- a/modules/nixos/hardware/graphics/default.nix
+++ b/modules/nixos/hardware/graphics/default.nix
@@ -33,9 +33,8 @@ in
 
     # AMD GPU
     (lib.mkIf (cfg.gpuFlavor == "amd") {
-      boot.initrd.kernelModules = lib.mkIf cfg.amd.enableKernelModule [ "amdgpu" ];
-
       hardware.amdgpu = {
+        initrd.enable = cfg.amd.enableKernelModule;
         # Vulkan
         amdvlk = lib.mkIf cfg.amd.amdvlk {
           enable = true;

From cb5eb68d35ce1a70c8d7b8560b23586f065c79e1 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 11 Dec 2024 00:46:47 +0100
Subject: [PATCH 283/431] flake: bump inputs

And fix deprecated NUR overlay attribute.
---
 flake.lock             | 60 +++++++++++++++++++++++++++++++-----------
 flake.nix              |  4 +++
 flake/home-manager.nix |  2 +-
 flake/nixos.nix        |  2 +-
 4 files changed, 51 insertions(+), 17 deletions(-)

diff --git a/flake.lock b/flake.lock
index 0aeab37..0db428a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1730504689,
-        "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
+        "lastModified": 1733312601,
+        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "506278e768c2a08bec68eb62932193e341f55c90",
+        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1733175814,
-        "narHash": "sha256-zFOtOaqjzZfPMsm1mwu98syv3y+jziAq5DfWygaMtLg=",
+        "lastModified": 1733873195,
+        "narHash": "sha256-dTosiZ3sZ/NKoLKQ++v8nZdEHya0eTNEsaizNp+MUPM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "bf23fe41082aa0289c209169302afd3397092f22",
+        "rev": "f26aa4b76fb7606127032d33ac73d7d507d82758",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1733015953,
-        "narHash": "sha256-t4BBVpwG9B4hLgc6GUBuj3cjU7lP/PJfpTHuSqE+crk=",
+        "lastModified": 1733759999,
+        "narHash": "sha256-463SNPWmz46iLzJKRzO3Q2b0Aurff3U1n0nYItxq7jU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ac35b104800bff9028425fec3b6e8a41de2bbfff",
+        "rev": "a73246e2eef4c6ed172979932bc80e1404ba2d56",
         "type": "github"
       },
       "original": {
@@ -167,12 +167,21 @@
       }
     },
     "nur": {
+      "inputs": {
+        "flake-parts": [
+          "flake-parts"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "treefmt-nix": "treefmt-nix"
+      },
       "locked": {
-        "lastModified": 1733215745,
-        "narHash": "sha256-RIlhnKlObJ1sEdzBP6Nuy4jLUiQnmWWXVsRHRbv6SzY=",
+        "lastModified": 1733873876,
+        "narHash": "sha256-6YHWh0+E74hBiH0N+LeZPSWRvbmudF6mtEtFpRo3LWc=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "251d756a74e67bda25d89327b01a3da19dddabae",
+        "rev": "77c8486c65517272727884ca62b9322092f4f643",
         "type": "github"
       },
       "original": {
@@ -194,11 +203,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1732021966,
-        "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=",
+        "lastModified": 1733665616,
+        "narHash": "sha256-+XTFXYlFJBxohhMGLDpYdEnhUNdxN8dyTA8WAd+lh2A=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "3308484d1a443fc5bc92012435d79e80458fe43c",
+        "rev": "d8c02f0ffef0ef39f6063731fc539d8c71eb463a",
         "type": "github"
       },
       "original": {
@@ -235,6 +244,27 @@
         "repo": "default",
         "type": "github"
       }
+    },
+    "treefmt-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nur",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1733222881,
+        "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "49717b5af6f80172275d47a418c9719a31a78b53",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
     }
   },
   "root": "root",
diff --git a/flake.nix b/flake.nix
index a07ee15..f0bb79c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -55,6 +55,10 @@
       owner = "nix-community";
       repo = "NUR";
       ref = "master";
+      inputs = {
+        flake-parts.follows = "flake-parts";
+        nixpkgs.follows = "nixpkgs";
+      };
     };
 
     pre-commit-hooks = {
diff --git a/flake/home-manager.nix b/flake/home-manager.nix
index 34af375..add889e 100644
--- a/flake/home-manager.nix
+++ b/flake/home-manager.nix
@@ -25,7 +25,7 @@ let
       inherit system;
 
       overlays = (lib.attrValues self.overlays) ++ [
-        inputs.nur.overlay
+        inputs.nur.overlays.default
       ];
     };
 
diff --git a/flake/nixos.nix b/flake/nixos.nix
index b48b551..fa656dc 100644
--- a/flake/nixos.nix
+++ b/flake/nixos.nix
@@ -7,7 +7,7 @@ let
     }
     {
       nixpkgs.overlays = (lib.attrValues self.overlays) ++ [
-        inputs.nur.overlay
+        inputs.nur.overlays.default
       ];
     }
     # Include generic settings

From c5a375d1657cac9ed2b2aa449c9380298a390ad7 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 11 Dec 2024 00:48:54 +0100
Subject: [PATCH 284/431] nixos: services: paperless: use automatic DB setup

That way I don't have to worry about the `postgresql.service` dependency
anymore :-).
---
 modules/nixos/services/paperless/default.nix | 40 ++------------------
 1 file changed, 3 insertions(+), 37 deletions(-)

diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix
index c8967e1..63f456b 100644
--- a/modules/nixos/services/paperless/default.nix
+++ b/modules/nixos/services/paperless/default.nix
@@ -61,11 +61,6 @@ in
           PAPERLESS_ENABLE_HTTP_REMOTE_USER = true;
           PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER";
 
-          # Use PostgreSQL
-          PAPERLESS_DBHOST = "/run/postgresql";
-          PAPERLESS_DBUSER = "paperless";
-          PAPERLESS_DBNAME = "paperless";
-
           # Security settings
           PAPERLESS_ALLOWED_HOSTS = paperlessDomain;
           PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}";
@@ -87,40 +82,11 @@ in
 
       # Secret key
       environmentFile = cfg.secretKeyFile;
-    };
 
-    systemd.services = {
-      paperless-scheduler = {
-        requires = [ "postgresql.service" ];
-        after = [ "postgresql.service" ];
+      # Automatic PostgreSQL provisioning
+      database = {
+        createLocally = true;
       };
-
-      paperless-consumer = {
-        requires = [ "postgresql.service" ];
-        after = [ "postgresql.service" ];
-      };
-
-      paperless-web = {
-        requires = [ "postgresql.service" ];
-        after = [ "postgresql.service" ];
-      };
-
-      paperless-task-queue = {
-        requires = [ "postgresql.service" ];
-        after = [ "postgresql.service" ];
-      };
-    };
-
-    # Set-up database
-    services.postgresql = {
-      enable = true;
-      ensureDatabases = [ "paperless" ];
-      ensureUsers = [
-        {
-          name = "paperless";
-          ensureDBOwnership = true;
-        }
-      ];
     };
 
     # Set-up media group

From b2d2ff179840437f5659102c03356a112c2c24df Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 16 Dec 2024 00:19:31 +0100
Subject: [PATCH 285/431] nixos: services: postgres: fix renamed option

---
 modules/nixos/services/postgresql/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/nixos/services/postgresql/default.nix b/modules/nixos/services/postgresql/default.nix
index bbe46d4..3dcf6d1 100644
--- a/modules/nixos/services/postgresql/default.nix
+++ b/modules/nixos/services/postgresql/default.nix
@@ -27,11 +27,11 @@ in
 
           oldPackage = if pgCfg.enableJIT then pgCfg.package.withJIT else pgCfg.package;
           oldData = pgCfg.dataDir;
-          oldBin = "${if pgCfg.extraPlugins == [] then oldPackage else oldPackage.withPackages pgCfg.extraPlugins}/bin";
+          oldBin = "${if pgCfg.extensions == [] then oldPackage else oldPackage.withPackages pgCfg.extensions}/bin";
 
           newPackage = if pgCfg.enableJIT then newPackage'.withJIT else newPackage';
           newData = "/var/lib/postgresql/${newPackage.psqlSchema}";
-          newBin = "${if pgCfg.extraPlugins == [] then newPackage else newPackage.withPackages pgCfg.extraPlugins}/bin";
+          newBin = "${if pgCfg.extensions == [] then newPackage else newPackage.withPackages pgCfg.extensions}/bin";
         in
         [
           (pkgs.writeScriptBin "upgrade-pg-cluster" ''

From dec5dabf02ed6a901f9f9feb97ffcd8973e54237 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 16 Dec 2024 00:20:18 +0100
Subject: [PATCH 286/431] modules: services: postgres: upgrade version

---
 modules/nixos/services/postgresql/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/nixos/services/postgresql/default.nix b/modules/nixos/services/postgresql/default.nix
index 3dcf6d1..1dca164 100644
--- a/modules/nixos/services/postgresql/default.nix
+++ b/modules/nixos/services/postgresql/default.nix
@@ -14,7 +14,7 @@ in
     # Let other services enable postgres when they need it
     (lib.mkIf cfg.enable {
       services.postgresql = {
-        package = pkgs.postgresql_13;
+        package = pkgs.postgresql_17;
       };
     })
 
@@ -23,7 +23,7 @@ in
       environment.systemPackages =
         let
           pgCfg = config.services.postgresql;
-          newPackage' = pkgs.postgresql_13;
+          newPackage' = pkgs.postgresql_17;
 
           oldPackage = if pgCfg.enableJIT then pgCfg.package.withJIT else pgCfg.package;
           oldData = pgCfg.dataDir;

From 747b344b766e22ac7bb3ba4152db60de49cd12be Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 15 Dec 2024 17:50:43 -0500
Subject: [PATCH 287/431] pkgs: remove 'cgt-calc'

It's been merged upstream.
---
 pkgs/cgt-calc/default.nix | 47 ---------------------------------------
 pkgs/default.nix          |  2 --
 2 files changed, 49 deletions(-)
 delete mode 100644 pkgs/cgt-calc/default.nix

diff --git a/pkgs/cgt-calc/default.nix b/pkgs/cgt-calc/default.nix
deleted file mode 100644
index 9966944..0000000
--- a/pkgs/cgt-calc/default.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{ lib
-, fetchFromGitHub
-, python3Packages
-, withTeXLive ? true
-, texliveSmall
-}:
-python3Packages.buildPythonApplication rec {
-  pname = "cgt-calc";
-  version = "1.13.0";
-  pyproject = true;
-
-  src = fetchFromGitHub {
-    owner = "KapJI";
-    repo = "capital-gains-calculator";
-    rev = "v${version}";
-    hash = "sha256-y/Y05wG89nccXyxfjqazyPJhd8dOkfwRJre+Rzx97Hw=";
-  };
-
-  build-system = with python3Packages; [
-    poetry-core
-  ];
-
-  dependencies = with python3Packages; [
-    defusedxml
-    jinja2
-    pandas
-    requests
-    types-requests
-    yfinance
-  ];
-
-  makeWrapperArgs = lib.optionals withTeXLive [
-    "--prefix"
-    "PATH"
-    ":"
-    "${lib.getBin texliveSmall}/bin"
-  ];
-
-  meta = with lib; {
-    description = "UK capital gains tax calculator";
-    homepage = "https://github.com/KapJI/capital-gains-calculator";
-    license = with licenses; [ mit ];
-    mainProgram = "cgt-calc";
-    maintainers = with maintainers; [ ambroisie ];
-    platforms = platforms.unix;
-  };
-}
diff --git a/pkgs/default.nix b/pkgs/default.nix
index 949bcf7..6b7fce1 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -2,8 +2,6 @@
 pkgs.lib.makeScope pkgs.newScope (pkgs: {
   bw-pass = pkgs.callPackage ./bw-pass { };
 
-  cgt-calc = pkgs.callPackage ./cgt-calc { };
-
   change-audio = pkgs.callPackage ./change-audio { };
 
   change-backlight = pkgs.callPackage ./change-backlight { };

From 92e5fbe7df0c74a33baccfdb9fc82859217e0b3a Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 18 Dec 2024 20:12:46 -0500
Subject: [PATCH 288/431] overlays: add 'lsp-format-nvim-indentation'

To fix the issue I reported upstream [1].

[1]: https://github.com/lukas-reineke/lsp-format.nvim/issues/94
---
 overlays/lsp-format-nvim-indentation/default.nix   |  4 ++++
 overlays/lsp-format-nvim-indentation/generated.nix | 14 ++++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 overlays/lsp-format-nvim-indentation/default.nix
 create mode 100644 overlays/lsp-format-nvim-indentation/generated.nix

diff --git a/overlays/lsp-format-nvim-indentation/default.nix b/overlays/lsp-format-nvim-indentation/default.nix
new file mode 100644
index 0000000..832e71d
--- /dev/null
+++ b/overlays/lsp-format-nvim-indentation/default.nix
@@ -0,0 +1,4 @@
+self: prev:
+{
+  vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { });
+}
diff --git a/overlays/lsp-format-nvim-indentation/generated.nix b/overlays/lsp-format-nvim-indentation/generated.nix
new file mode 100644
index 0000000..1902207
--- /dev/null
+++ b/overlays/lsp-format-nvim-indentation/generated.nix
@@ -0,0 +1,14 @@
+{ fetchpatch, ... }:
+
+_final: prev: {
+  lsp-format-nvim = prev.lsp-format-nvim.overrideAttrs (oa: {
+    patches = (oa.patches or [ ]) ++ [
+      # https://github.com/lukas-reineke/lsp-format.nvim/issues/94
+      (fetchpatch {
+        name = "use-effective-indentation";
+        url = "https://github.com/liskin/lsp-format.nvim/commit/3757ac443bdf5bd166673833794553229ee8d939.patch";
+        hash = "sha256-Dv+TvXrU/IrrPxz2MSPbLmRxch+qkHbI3AyFMj/ssDk=";
+      })
+    ];
+  });
+}

From 322fbc970b12c187eb32a3c6ea57fe81cb4625db Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 18 Dec 2024 20:14:16 -0500
Subject: [PATCH 289/431] home: vim: lsp: rely on 'bashls' formatting

I finally figured out why I was getting the wrong indentation, turns out
it was an issue in `lsp-format.nvim`. With that fixed/worked around, I
can now rely completely on `bash-language-server` for formatting.

I'll also rely on `shfmt` automatically detecting the type of file, as
(Neo)Vim cannot be made to reliably set `ft=bash` for Bash scripts and
`ft=sh` for POSIX shell.

Finally, I removed spaces after redirections, I've now come around to
liking the default (no spaces) better.
---
 .../home/vim/plugin/settings/lspconfig.lua    | 10 +++++++
 modules/home/vim/plugin/settings/null-ls.lua  | 26 -------------------
 2 files changed, 10 insertions(+), 26 deletions(-)

diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua
index 9e9425c..1f9abfd 100644
--- a/modules/home/vim/plugin/settings/lspconfig.lua
+++ b/modules/home/vim/plugin/settings/lspconfig.lua
@@ -74,6 +74,16 @@ if utils.is_executable("bash-language-server") then
         filetypes = { "bash", "sh", "zsh" },
         capabilities = capabilities,
         on_attach = lsp.on_attach,
+        settings = {
+            bashIde = {
+                shfmt = {
+                    -- Simplify the code
+                    simplifyCode = true,
+                    -- Indent switch cases
+                    caseIndent = true,
+                },
+            },
+        },
     })
 end
 
diff --git a/modules/home/vim/plugin/settings/null-ls.lua b/modules/home/vim/plugin/settings/null-ls.lua
index eadf16a..258a209 100644
--- a/modules/home/vim/plugin/settings/null-ls.lua
+++ b/modules/home/vim/plugin/settings/null-ls.lua
@@ -46,29 +46,3 @@ null_ls.register({
         condition = utils.is_executable_condition("isort"),
     }),
 })
-
--- Shell (non-POSIX)
-null_ls.register({
-    null_ls.builtins.formatting.shfmt.with({
-        -- Indent with 4 spaces, simplify the code, indent switch cases,
-        -- add space after redirection, use bash dialect
-        extra_args = { "-i", "4", "-s", "-ci", "-sr", "-ln", "bash" },
-        -- Restrict to bash and zsh
-        filetypes = { "bash", "zsh" },
-        -- Only used if available
-        condition = utils.is_executable_condition("shfmt"),
-    }),
-})
-
--- Shell (POSIX)
-null_ls.register({
-    null_ls.builtins.formatting.shfmt.with({
-        -- Indent with 4 spaces, simplify the code, indent switch cases,
-        -- add space after redirection, use POSIX
-        extra_args = { "-i", "4", "-s", "-ci", "-sr", "-ln", "posix" },
-        -- Restrict to POSIX sh
-        filetypes = { "sh" },
-        -- Only used if available
-        condition = utils.is_executable_condition("shfmt"),
-    }),
-})

From f4f1aad1c08bc232908cb8ce3e3ee2a0b6c38645 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 18 Dec 2024 20:33:22 -0500
Subject: [PATCH 290/431] pkgs: fix shell formatting

Ran `shfmt --write --indent 4 --simplify --case-indent`, in accordance
with my editor settings.
---
 pkgs/bw-pass/bw-pass           |  2 +-
 pkgs/change-audio/change-audio |  2 +-
 pkgs/diff-flake/diff-flake     | 14 +++++++-------
 pkgs/osc52/osc52               |  2 +-
 pkgs/osc777/osc777             |  2 +-
 5 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/pkgs/bw-pass/bw-pass b/pkgs/bw-pass/bw-pass
index 124714a..0e974b7 100755
--- a/pkgs/bw-pass/bw-pass
+++ b/pkgs/bw-pass/bw-pass
@@ -66,7 +66,7 @@ query_password() {
     printf '%s\n' "$PASSWORD"
 }
 
-if [ $# -lt 1  ] || [ $# -gt 2 ]; then
+if [ $# -lt 1 ] || [ $# -gt 2 ]; then
     usage
     exit 1
 fi
diff --git a/pkgs/change-audio/change-audio b/pkgs/change-audio/change-audio
index 612fecf..5a1fb9c 100755
--- a/pkgs/change-audio/change-audio
+++ b/pkgs/change-audio/change-audio
@@ -62,7 +62,7 @@ do_toggle() {
 }
 
 case "$1" in
-    up|down)
+    up | down)
         do_change_volume "$@"
         ;;
     toggle)
diff --git a/pkgs/diff-flake/diff-flake b/pkgs/diff-flake/diff-flake
index 0572b4e..a2a3513 100755
--- a/pkgs/diff-flake/diff-flake
+++ b/pkgs/diff-flake/diff-flake
@@ -81,23 +81,23 @@ parse_args() {
         shift
 
         case "$opt" in
-            -h|--help)
+            -h | --help)
                 usage
                 exit
                 ;;
-            -f|--flake-output)
+            -f | --flake-output)
                 FLAKE_OUTPUTS+=("$1")
                 shift
                 ;;
-            -o|--output)
+            -o | --output)
                 OUTPUT_FILE="$1"
                 shift
                 ;;
-            -n|--new-rev)
+            -n | --new-rev)
                 NEW_REV="$(git rev-parse "$1")"
                 shift
                 ;;
-            -p|--previous-rev)
+            -p | --previous-rev)
                 PREVIOUS_REV="$(git rev-parse "$1")"
                 shift
                 ;;
@@ -157,7 +157,7 @@ list_dev_shells() {
 }
 
 diff_output() {
-    local PREV NEW;
+    local PREV NEW
     PREV="$(mktemp --dry-run)"
     NEW="$(mktemp --dry-run)"
 
@@ -169,7 +169,7 @@ diff_output() {
         printf 'Closure diff for `%s`:\n```\n' "$1"
         nix store diff-closures "$PREV" "$NEW" | sanitize_output
         printf '```\n\n'
-    } >> "$OUTPUT_FILE"
+    } >>"$OUTPUT_FILE"
 }
 
 parse_args "$@"
diff --git a/pkgs/osc52/osc52 b/pkgs/osc52/osc52
index f64ccb6..de3a982 100755
--- a/pkgs/osc52/osc52
+++ b/pkgs/osc52/osc52
@@ -15,7 +15,7 @@ usage() {
         exec 1>&2
     fi
 
-    cat << EOF
+    cat <<EOF
 Usage: $0 [options] [string]
 Send an arbitrary string to the terminal clipboard using the OSC 52 escape
 sequence as specified in xterm:
diff --git a/pkgs/osc777/osc777 b/pkgs/osc777/osc777
index 83d066f..9bcac03 100755
--- a/pkgs/osc777/osc777
+++ b/pkgs/osc777/osc777
@@ -13,7 +13,7 @@ usage() {
         exec 1>&2
     fi
 
-    cat << EOF
+    cat <<EOF
 Usage: $0 [options] <title> <message>
 Send a notification (title and message) to the host system using the OSC 777
 escape sequence:

From c75a307c58f3280fa326f764a1517a04e37898ec Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 18 Dec 2024 20:39:15 -0500
Subject: [PATCH 291/431] home: wm: i3: fix 'pavucontrol' float

---
 modules/home/wm/i3/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix
index c432864..ec4f87f 100644
--- a/modules/home/wm/i3/default.nix
+++ b/modules/home/wm/i3/default.nix
@@ -127,7 +127,7 @@ in
             { class = "^Blueman-.*$"; }
             { title = "^htop$"; }
             { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; }
-            { class = "^Pavucontrol.*$"; }
+            { class = "^pavucontrol.*$"; }
             { class = "^Arandr$"; }
             { class = ".?blueman-manager.*$"; }
           ];

From ead8101b8d94e88dd648a694d117bc8f4f10fcd7 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 18 Dec 2024 20:45:52 -0500
Subject: [PATCH 292/431] home: wm: i3: match 'blueman' float explicitly

This is more of a work-around due to the wrapper in nixpkgs' packaging
of that application, so might as well make that explicit and narrow.
---
 modules/home/wm/i3/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix
index ec4f87f..92d1381 100644
--- a/modules/home/wm/i3/default.nix
+++ b/modules/home/wm/i3/default.nix
@@ -129,7 +129,7 @@ in
             { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; }
             { class = "^pavucontrol.*$"; }
             { class = "^Arandr$"; }
-            { class = ".?blueman-manager.*$"; }
+            { class = "^\\.blueman-manager-wrapped$"; }
           ];
         };
 

From b7b6705391fccf00ca277f57bb8b730fc0e78bf1 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 18 Dec 2024 20:47:24 -0500
Subject: [PATCH 293/431] home: wm: i3: make 'arandr' float

Another work-around due to a wrapper in nixpkgs.
---
 modules/home/wm/i3/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix
index 92d1381..029a14b 100644
--- a/modules/home/wm/i3/default.nix
+++ b/modules/home/wm/i3/default.nix
@@ -130,6 +130,7 @@ in
             { class = "^pavucontrol.*$"; }
             { class = "^Arandr$"; }
             { class = "^\\.blueman-manager-wrapped$"; }
+            { class = "^\\.arandr-wrapped$"; }
           ];
         };
 

From 5cae5632d31be145211fb927eed6af24216db3b8 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 21 Dec 2024 17:06:37 -0500
Subject: [PATCH 294/431] flake: bump inputs

---
 flake.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/flake.lock b/flake.lock
index 0db428a..bc1d34b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1733873195,
-        "narHash": "sha256-dTosiZ3sZ/NKoLKQ++v8nZdEHya0eTNEsaizNp+MUPM=",
+        "lastModified": 1734808199,
+        "narHash": "sha256-MxlUcLjE8xLbrI1SJ2B2jftlg4wdutEILa3fgqwA98I=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "f26aa4b76fb7606127032d33ac73d7d507d82758",
+        "rev": "f342df3ad938f205a913973b832f52c12546aac6",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1733759999,
-        "narHash": "sha256-463SNPWmz46iLzJKRzO3Q2b0Aurff3U1n0nYItxq7jU=",
+        "lastModified": 1734424634,
+        "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a73246e2eef4c6ed172979932bc80e1404ba2d56",
+        "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33",
         "type": "github"
       },
       "original": {
@@ -177,11 +177,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1733873876,
-        "narHash": "sha256-6YHWh0+E74hBiH0N+LeZPSWRvbmudF6mtEtFpRo3LWc=",
+        "lastModified": 1734810357,
+        "narHash": "sha256-Oa6d+y1/PVaPrZ/GYwvmTK9kSrc5Qx/8D3DFN2TzpVA=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "77c8486c65517272727884ca62b9322092f4f643",
+        "rev": "e7b7b92a7c97a91f1465ab433bbdf6d00df1db8e",
         "type": "github"
       },
       "original": {
@@ -203,11 +203,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1733665616,
-        "narHash": "sha256-+XTFXYlFJBxohhMGLDpYdEnhUNdxN8dyTA8WAd+lh2A=",
+        "lastModified": 1734797603,
+        "narHash": "sha256-ulZN7ps8nBV31SE+dwkDvKIzvN6hroRY8sYOT0w+E28=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "d8c02f0ffef0ef39f6063731fc539d8c71eb463a",
+        "rev": "f0f0dc4920a903c3e08f5bdb9246bb572fcae498",
         "type": "github"
       },
       "original": {

From e65b3ed1fc7977b9214c5bdbe1369c3decc96454 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 23 Dec 2024 22:42:42 -0500
Subject: [PATCH 295/431] home: vim: ftplugin: add query

---
 modules/home/vim/after/ftplugin/query.vim | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 modules/home/vim/after/ftplugin/query.vim

diff --git a/modules/home/vim/after/ftplugin/query.vim b/modules/home/vim/after/ftplugin/query.vim
new file mode 100644
index 0000000..fd2ac73
--- /dev/null
+++ b/modules/home/vim/after/ftplugin/query.vim
@@ -0,0 +1,6 @@
+" Create the `b:undo_ftplugin` variable if it doesn't exist
+call ftplugined#check_undo_ft()
+
+" Use a small indentation value on query files
+setlocal shiftwidth=2
+let b:undo_ftplugin.='|setlocal shiftwidth<'

From 2996481327151763beece5cc24acb7913c2a5399 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 28 Dec 2024 13:24:21 -0500
Subject: [PATCH 296/431] flake: bump inputs

---
 flake.lock | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/flake.lock b/flake.lock
index bc1d34b..a1385ba 100644
--- a/flake.lock
+++ b/flake.lock
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1734808199,
-        "narHash": "sha256-MxlUcLjE8xLbrI1SJ2B2jftlg4wdutEILa3fgqwA98I=",
+        "lastModified": 1735381016,
+        "narHash": "sha256-CyCZFhMUkuYbSD6bxB/r43EdmDE7hYeZZPTCv0GudO4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "f342df3ad938f205a913973b832f52c12546aac6",
+        "rev": "10e99c43cdf4a0713b4e81d90691d22c6a58bdf2",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1734424634,
-        "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=",
+        "lastModified": 1735291276,
+        "narHash": "sha256-NYVcA06+blsLG6wpAbSPTCyLvxD/92Hy4vlY9WxFI1M=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33",
+        "rev": "634fd46801442d760e09493a794c4f15db2d0cbb",
         "type": "github"
       },
       "original": {
@@ -177,11 +177,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1734810357,
-        "narHash": "sha256-Oa6d+y1/PVaPrZ/GYwvmTK9kSrc5Qx/8D3DFN2TzpVA=",
+        "lastModified": 1735408823,
+        "narHash": "sha256-1VjQeMQer5nXNYtw+BG+s78ucaEoxO5oqj+yRmM8MMs=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "e7b7b92a7c97a91f1465ab433bbdf6d00df1db8e",
+        "rev": "8283ea92deac8cdb6fd63ff04049ac9e879bf5eb",
         "type": "github"
       },
       "original": {

From 9c50691ede84ad83e1d7fa4dc3334f38cee08630 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 28 Dec 2024 13:28:03 -0500
Subject: [PATCH 297/431] nixos: services: nginx: sso: use upstream module

It's finally been merged, so let's get rid of this module.
---
 modules/nixos/services/nginx/default.nix     |  4 -
 modules/nixos/services/nginx/sso/default.nix | 84 --------------------
 2 files changed, 88 deletions(-)
 delete mode 100644 modules/nixos/services/nginx/sso/default.nix

diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix
index 3bba9f4..cb27604 100644
--- a/modules/nixos/services/nginx/default.nix
+++ b/modules/nixos/services/nginx/default.nix
@@ -87,10 +87,6 @@ let
   });
 in
 {
-  imports = [
-    ./sso
-  ];
-
   options.my.services.nginx = with lib; {
     enable = mkEnableOption "Nginx";
 
diff --git a/modules/nixos/services/nginx/sso/default.nix b/modules/nixos/services/nginx/sso/default.nix
deleted file mode 100644
index d60e31b..0000000
--- a/modules/nixos/services/nginx/sso/default.nix
+++ /dev/null
@@ -1,84 +0,0 @@
-# I must override the module to allow having runtime secrets
-{ config, lib, pkgs, utils, ... }:
-let
-  cfg = config.services.nginx.sso;
-  pkg = lib.getBin cfg.package;
-  confPath = "/var/lib/nginx-sso/config.json";
-in
-{
-  disabledModules = [ "services/security/nginx-sso.nix" ];
-
-
-  options.services.nginx.sso = with lib; {
-    enable = mkEnableOption "nginx-sso service";
-
-    package = mkOption {
-      type = types.package;
-      default = pkgs.nginx-sso;
-      defaultText = "pkgs.nginx-sso";
-      description = ''
-        The nginx-sso package that should be used.
-      '';
-    };
-
-    configuration = mkOption {
-      type = types.attrsOf types.unspecified;
-      default = { };
-      example = literalExample ''
-        {
-          listen = { addr = "127.0.0.1"; port = 8080; };
-
-          providers.token.tokens = {
-            myuser = "MyToken";
-          };
-
-          acl = {
-            rule_sets = [
-              {
-                rules = [ { field = "x-application"; equals = "MyApp"; } ];
-                allow = [ "myuser" ];
-              }
-            ];
-          };
-        }
-      '';
-      description = ''
-        nginx-sso configuration
-        (<link xlink:href="https://github.com/Luzifer/nginx-sso/wiki/Main-Configuration">documentation</link>)
-        as a Nix attribute set.
-      '';
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    systemd.services.nginx-sso = {
-      description = "Nginx SSO Backend";
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
-      serviceConfig = {
-        StateDirectory = "nginx-sso";
-        WorkingDirectory = "/var/lib/nginx-sso";
-        # The files to be merged might not have the correct permissions
-        ExecStartPre = pkgs.writeShellScript "merge-nginx-sso-config" ''
-          rm -f '${confPath}'
-          ${utils.genJqSecretsReplacementSnippet cfg.configuration confPath}
-        '';
-        ExecStart = lib.mkForce ''
-          ${lib.getExe pkg} \
-            --config ${confPath} \
-            --frontend-dir ${pkg}/share/frontend
-        '';
-        Restart = "always";
-        User = "nginx-sso";
-        Group = "nginx-sso";
-      };
-    };
-
-    users.users.nginx-sso = {
-      isSystemUser = true;
-      group = "nginx-sso";
-    };
-
-    users.groups.nginx-sso = { };
-  };
-}

From debf061dd2f03d166b543da5a182b2645d90a6b5 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 13 Jan 2025 17:35:20 +0000
Subject: [PATCH 298/431] treewide: add 'shell=bash' for '.envrc' files

Looks like the `shellcheck` pre-commit hook starting running on those
files as well.
---
 .envrc                      | 1 +
 templates/c++-cmake/.envrc  | 1 +
 templates/c++-meson/.envrc  | 1 +
 templates/rust-cargo/.envrc | 1 +
 4 files changed, 4 insertions(+)
 mode change 100644 => 100755 templates/c++-cmake/.envrc

diff --git a/.envrc b/.envrc
index f5141c2..a6b1f81 100644
--- a/.envrc
+++ b/.envrc
@@ -1,3 +1,4 @@
+# shellcheck shell=bash
 if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then
     source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg="
 fi
diff --git a/templates/c++-cmake/.envrc b/templates/c++-cmake/.envrc
old mode 100644
new mode 100755
index de77fcb..390d06d
--- a/templates/c++-cmake/.envrc
+++ b/templates/c++-cmake/.envrc
@@ -1,3 +1,4 @@
+# shellcheck shell=bash
 if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then
     source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg="
 fi
diff --git a/templates/c++-meson/.envrc b/templates/c++-meson/.envrc
index de77fcb..390d06d 100644
--- a/templates/c++-meson/.envrc
+++ b/templates/c++-meson/.envrc
@@ -1,3 +1,4 @@
+# shellcheck shell=bash
 if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then
     source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg="
 fi
diff --git a/templates/rust-cargo/.envrc b/templates/rust-cargo/.envrc
index de77fcb..390d06d 100644
--- a/templates/rust-cargo/.envrc
+++ b/templates/rust-cargo/.envrc
@@ -1,3 +1,4 @@
+# shellcheck shell=bash
 if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then
     source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg="
 fi

From 2cf14c92d33bf47db9856932e9cb4a6ce92ad4fc Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 13 Jan 2025 17:37:07 +0000
Subject: [PATCH 299/431] flake: bump inputs

---
 flake.lock | 33 +++++++++++++++------------------
 flake.nix  |  1 -
 2 files changed, 15 insertions(+), 19 deletions(-)

diff --git a/flake.lock b/flake.lock
index a1385ba..a95fb34 100644
--- a/flake.lock
+++ b/flake.lock
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1733312601,
-        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+        "lastModified": 1736143030,
+        "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+        "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1735381016,
-        "narHash": "sha256-CyCZFhMUkuYbSD6bxB/r43EdmDE7hYeZZPTCv0GudO4=",
+        "lastModified": 1736785676,
+        "narHash": "sha256-TY0jUwR3EW0fnS0X5wXMAVy6h4Z7Y6a3m+Yq++C9AyE=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "10e99c43cdf4a0713b4e81d90691d22c6a58bdf2",
+        "rev": "fc52a210b60f2f52c74eac41a8647c1573d2071d",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1735291276,
-        "narHash": "sha256-NYVcA06+blsLG6wpAbSPTCyLvxD/92Hy4vlY9WxFI1M=",
+        "lastModified": 1736701207,
+        "narHash": "sha256-jG/+MvjVY7SlTakzZ2fJ5dC3V1PrKKrUEOEE30jrOKA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "634fd46801442d760e09493a794c4f15db2d0cbb",
+        "rev": "ed4a395ea001367c1f13d34b1e01aa10290f67d6",
         "type": "github"
       },
       "original": {
@@ -177,11 +177,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1735408823,
-        "narHash": "sha256-1VjQeMQer5nXNYtw+BG+s78ucaEoxO5oqj+yRmM8MMs=",
+        "lastModified": 1736786866,
+        "narHash": "sha256-JaWZU7wFWsI4rGAemVciyhTxadaZyubJpLqupKLZUtI=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "8283ea92deac8cdb6fd63ff04049ac9e879bf5eb",
+        "rev": "16ff3063cb4a4cf6fb5f48ca7dc55c27f2ea4891",
         "type": "github"
       },
       "original": {
@@ -197,17 +197,14 @@
         "gitignore": "gitignore",
         "nixpkgs": [
           "nixpkgs"
-        ],
-        "nixpkgs-stable": [
-          "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1734797603,
-        "narHash": "sha256-ulZN7ps8nBV31SE+dwkDvKIzvN6hroRY8sYOT0w+E28=",
+        "lastModified": 1735882644,
+        "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "f0f0dc4920a903c3e08f5bdb9246bb572fcae498",
+        "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index f0bb79c..afd3c80 100644
--- a/flake.nix
+++ b/flake.nix
@@ -68,7 +68,6 @@
       ref = "master";
       inputs = {
         nixpkgs.follows = "nixpkgs";
-        nixpkgs-stable.follows = "nixpkgs";
       };
     };
 

From 9f2ed2ae5a5348cd2c97acc95be795a24d0bbe14 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 13 Jan 2025 17:37:41 +0000
Subject: [PATCH 300/431] nixos: hardware: fix renamed 'pulseaudio' config

---
 modules/nixos/hardware/bluetooth/default.nix | 2 +-
 modules/nixos/hardware/sound/default.nix     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/nixos/hardware/bluetooth/default.nix b/modules/nixos/hardware/bluetooth/default.nix
index e9b1991..b14ac21 100644
--- a/modules/nixos/hardware/bluetooth/default.nix
+++ b/modules/nixos/hardware/bluetooth/default.nix
@@ -20,7 +20,7 @@ in
 
     # Support for additional bluetooth codecs
     (lib.mkIf cfg.loadExtraCodecs {
-      hardware.pulseaudio = {
+      services.pulseaudio = {
         extraModules = [ pkgs.pulseaudio-modules-bt ];
         package = pkgs.pulseaudioFull;
       };
diff --git a/modules/nixos/hardware/sound/default.nix b/modules/nixos/hardware/sound/default.nix
index 1cf12cb..cd453de 100644
--- a/modules/nixos/hardware/sound/default.nix
+++ b/modules/nixos/hardware/sound/default.nix
@@ -54,7 +54,7 @@ in
 
     # Pulseaudio setup
     (lib.mkIf cfg.pulse.enable {
-      hardware.pulseaudio.enable = true;
+      services.pulseaudio.enable = true;
     })
   ]);
 }

From c99b5b2532cc1654a38bca9cd2ad7460f35aa278 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 13 Jan 2025 17:38:05 +0000
Subject: [PATCH 301/431] nixos: services: komga: use 'settings'

---
 modules/nixos/services/komga/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/nixos/services/komga/default.nix b/modules/nixos/services/komga/default.nix
index e1dc780..160d6ce 100644
--- a/modules/nixos/services/komga/default.nix
+++ b/modules/nixos/services/komga/default.nix
@@ -21,10 +21,10 @@ in
       inherit (cfg) port;
 
       group = "media";
-    };
 
-    systemd.services.komga.environment = {
-      LOGGING_LEVEL_ORG_GOTSON_KOMGA = "DEBUG"; # Needed for fail2ban
+      settings = {
+        logging.level.org.gotson.komga = "DEBUG"; # Needed for fail2ban
+      };
     };
 
     # Set-up media group

From f08787625b73ce88487303814e13e7355721dddd Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 28 Jan 2025 12:34:20 +0000
Subject: [PATCH 302/431] flake: bump inputs

---
 flake.lock | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/flake.lock b/flake.lock
index a95fb34..8884f79 100644
--- a/flake.lock
+++ b/flake.lock
@@ -14,11 +14,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1723293904,
-        "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
+        "lastModified": 1736955230,
+        "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
+        "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1736785676,
-        "narHash": "sha256-TY0jUwR3EW0fnS0X5wXMAVy6h4Z7Y6a3m+Yq++C9AyE=",
+        "lastModified": 1737968762,
+        "narHash": "sha256-xiPARGKwocaMtv+U/rgi+h2g56CZZEmrcl7ldRaslq8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "fc52a210b60f2f52c74eac41a8647c1573d2071d",
+        "rev": "e1ae908bcc30af792b0bb0a52e53b03d2577255e",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1736701207,
-        "narHash": "sha256-jG/+MvjVY7SlTakzZ2fJ5dC3V1PrKKrUEOEE30jrOKA=",
+        "lastModified": 1737885589,
+        "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ed4a395ea001367c1f13d34b1e01aa10290f67d6",
+        "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
         "type": "github"
       },
       "original": {
@@ -177,11 +177,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1736786866,
-        "narHash": "sha256-JaWZU7wFWsI4rGAemVciyhTxadaZyubJpLqupKLZUtI=",
+        "lastModified": 1738059992,
+        "narHash": "sha256-VeNLLucQTlED2cqD3uofh968tm7u7UgwCdY5+jo/BSc=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "16ff3063cb4a4cf6fb5f48ca7dc55c27f2ea4891",
+        "rev": "c46c836963685acbd2430439f859b60f230b3643",
         "type": "github"
       },
       "original": {
@@ -200,11 +200,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1735882644,
-        "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=",
+        "lastModified": 1737465171,
+        "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656",
+        "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17",
         "type": "github"
       },
       "original": {

From 1540483955f38bb57af7706c7e458378028e36f4 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 30 Jan 2025 13:06:49 +0100
Subject: [PATCH 303/431] nixos: services: komga: fix deprecated option

---
 modules/nixos/services/komga/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/nixos/services/komga/default.nix b/modules/nixos/services/komga/default.nix
index 160d6ce..9af3cd1 100644
--- a/modules/nixos/services/komga/default.nix
+++ b/modules/nixos/services/komga/default.nix
@@ -18,11 +18,11 @@ in
   config = lib.mkIf cfg.enable {
     services.komga = {
       enable = true;
-      inherit (cfg) port;
 
       group = "media";
 
       settings = {
+        server.port = cfg.port;
         logging.level.org.gotson.komga = "DEBUG"; # Needed for fail2ban
       };
     };

From 533e3b9a9f198d1a8168060db694f3a6ae6464b0 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 29 Jan 2025 19:14:54 +0100
Subject: [PATCH 304/431] nixos: services: add homebox

---
 modules/nixos/services/default.nix         |  1 +
 modules/nixos/services/homebox/default.nix | 42 ++++++++++++++++++++++
 2 files changed, 43 insertions(+)
 create mode 100644 modules/nixos/services/homebox/default.nix

diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix
index 651f3f8..3992385 100644
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@@ -14,6 +14,7 @@
     ./forgejo
     ./gitea
     ./grocy
+    ./homebox
     ./indexers
     ./jellyfin
     ./komga
diff --git a/modules/nixos/services/homebox/default.nix b/modules/nixos/services/homebox/default.nix
new file mode 100644
index 0000000..d79e331
--- /dev/null
+++ b/modules/nixos/services/homebox/default.nix
@@ -0,0 +1,42 @@
+# Home inventory made easy
+{ config, lib, ... }:
+let
+  cfg = config.my.services.homebox;
+in
+{
+  options.my.services.homebox = with lib; {
+    enable = mkEnableOption "Homebox home inventory";
+
+    port = mkOption {
+      type = types.port;
+      default = 7745;
+      example = 8080;
+      description = "Internal port for webui";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.homebox = {
+      enable = true;
+
+      settings = {
+        # FIXME: mailer?
+        HBOX_WEB_PORT = toString cfg.port;
+      };
+    };
+
+    my.services.nginx.virtualHosts = {
+      homebox = {
+        inherit (cfg) port;
+      };
+    };
+
+    my.services.backup = {
+      paths = [
+        config.services.homebox.settings.HBOX_STORAGE_DATA
+      ];
+    };
+
+    # NOTE: unfortunately homebox does not log connection failures for fail2ban
+  };
+}

From 2cbcbb7b3a6819a66c7e2fb84a623e6bea087d35 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 4 Feb 2025 15:15:28 +0000
Subject: [PATCH 305/431] home: secrets: fix path to 'keys'

---
 modules/home/secrets/secrets.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/secrets/secrets.nix b/modules/home/secrets/secrets.nix
index f474342..27cdb4e 100644
--- a/modules/home/secrets/secrets.nix
+++ b/modules/home/secrets/secrets.nix
@@ -1,6 +1,6 @@
 # Common secrets
 let
-  keys = import ../../keys;
+  keys = import ../../../keys;
 
   all = builtins.attrValues keys.users;
 in

From 9c4d853037aaca039709c7bd013738b5528e31fe Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 6 Feb 2025 11:28:27 +0000
Subject: [PATCH 306/431] home: secrets: github: update token

---
 modules/home/secrets/github/token.age | Bin 369 -> 253 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/modules/home/secrets/github/token.age b/modules/home/secrets/github/token.age
index 1d36ccdc3cc89a5b9c5bd9df4e8b62445fe4b3b0..3e8bb5a8329daf21e005a46c76ade14a887d5952 100644
GIT binary patch
delta 217
zcmey!^p|mhPJO9wfw_@)QdN0wwn1o$iD_`MPquGrqD5eZwnt=ogkNHcrDcY;t7THQ
zFPCqzYm`%&fs3WThev@yg-ft$REC*}p?+?0MMZ`|NL5LoS5$JTS4Mt*B$uwPu7YEx
zn{i%RYEYhwWnN@KRgR^PTUbV9eoC5aZlYO=SypmIL{Mdjxk-U@peGk^#jIn8)9!jl
zD=c=X^7Ym#tkv=mzIfc}u-Q)8ry`Fp%Cxecmb~(l>&(K)4JmrZW=LuO*_m_GTgBny
T^33`v>=u2U1}$?cyY#C8DZ^1=

delta 334
zcmey%_>pOXPJKpUxwlJVUanhtPOxD_rb)S{n?Y5MNuIlpb6#+2q@jyRm`hSpfk|>j
zHdkbDP*spmzGYHXj+s|Usb`6&V`;9Zk%g0aqCr(^rJJdfn`KtEr&FO(AeXM4LSaf-
zS!Ax6ZhBE_VsWa1l7Y2?k)=YQf`7gaSGGyITe5p{czu#dXhEP~Mq*BgV{u|?QfgkF
zxrd{3RAgkKv42^KQCMlYSxI3*uz{0fq?fOYiFU3*sE12RMm|?YcxsMch*_$8VS#^C
zYCup?KslGLuC9W4R$57(b9hQrj-gR;L~==XRc=LYv9?c%r+c<jh`(E<k$XsDNqLoD
znE{stulrHA!@MRZV+CwQcP%jg5p?j~XF<CSLZ2qxf4}efiqb3V(`*k&RNhIGSWw5`
h(p}m8O)=@}z7rEo<&RFQkYQkL;9SJ|<kZcoUI1JWdPM*L


From b6d58a274abaa3dd77fb339b729ef5936f387bc7 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 12 Feb 2025 14:26:07 +0000
Subject: [PATCH 307/431] pkgs: lohr: use 'useFetchCargoVendor'

The previous fetcher is in the process of being deprecated.
---
 pkgs/lohr/default.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkgs/lohr/default.nix b/pkgs/lohr/default.nix
index b89ccff..aeb13b1 100644
--- a/pkgs/lohr/default.nix
+++ b/pkgs/lohr/default.nix
@@ -10,7 +10,8 @@ rustPlatform.buildRustPackage rec {
     hash = "sha256-dunQgtap+XCK5LoSyOqIY/6p6HizBeiyPWNuCffwjDU=";
   };
 
-  cargoHash = "sha256-EUhyrhPe+mUgMmm4o+bxRIiSNReJRfw+/O1fPr8r7lo=";
+  useFetchCargoVendor = true;
+  cargoHash = "sha256-R3/N/43+bGx6acE/rhBcrk6kS5zQu8NJ1sVvKJJkK9w=";
 
   meta = with lib; {
     description = "Git mirroring daemon";

From 40a841031fe465b7225927d1d493627e547cab59 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 12 Feb 2025 14:27:15 +0000
Subject: [PATCH 308/431] flake: bump inputs

---
 flake.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/flake.lock b/flake.lock
index 8884f79..b7ca708 100644
--- a/flake.lock
+++ b/flake.lock
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1736143030,
-        "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
+        "lastModified": 1738453229,
+        "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
+        "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737968762,
-        "narHash": "sha256-xiPARGKwocaMtv+U/rgi+h2g56CZZEmrcl7ldRaslq8=",
+        "lastModified": 1739314552,
+        "narHash": "sha256-ggVf2BclyIW3jexc/uvgsgJH4e2cuG6Nyg54NeXgbFI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "e1ae908bcc30af792b0bb0a52e53b03d2577255e",
+        "rev": "83bd3a26ac0526ae04fa74df46738bb44b89dcdd",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1737885589,
-        "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
+        "lastModified": 1739214665,
+        "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
+        "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a",
         "type": "github"
       },
       "original": {
@@ -177,11 +177,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1738059992,
-        "narHash": "sha256-VeNLLucQTlED2cqD3uofh968tm7u7UgwCdY5+jo/BSc=",
+        "lastModified": 1739229047,
+        "narHash": "sha256-sSTgA86wdk8d544c2+gzrfvVPHQF4mbsomvLOW2thn0=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "c46c836963685acbd2430439f859b60f230b3643",
+        "rev": "8348d89f30598a73fee7efb4b5d34c3de201e71b",
         "type": "github"
       },
       "original": {

From 374886a63f01f2f736ce4502e61ba017403a77fc Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 12 Feb 2025 14:30:00 +0000
Subject: [PATCH 309/431] nixos: services: servarr: remove build work-around

It's been fixed upstream.

This partially reverts commit ad1cfbd6f03e0b38f690d8563af02c1c04d8b731.
---
 modules/nixos/services/servarr/default.nix | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix
index 4aa0de7..e25d9cf 100644
--- a/modules/nixos/services/servarr/default.nix
+++ b/modules/nixos/services/servarr/default.nix
@@ -96,15 +96,5 @@ in
     # Sonarr for shows
     (mkFullConfig "sonarr")
     (mkFail2Ban "sonarr")
-
-    # HACK: until https://github.com/NixOS/nixpkgs/issues/360592 is resolved
-    (lib.mkIf cfg.sonarr.enable {
-      nixpkgs.config.permittedInsecurePackages = [
-        "aspnetcore-runtime-6.0.36"
-        "aspnetcore-runtime-wrapped-6.0.36"
-        "dotnet-sdk-6.0.428"
-        "dotnet-sdk-wrapped-6.0.428"
-      ];
-    })
   ]);
 }

From 80b4c9ffcd8e610e39e473a6425001e9e939386f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 12 Feb 2025 14:31:20 +0000
Subject: [PATCH 310/431] home: mail: accounts: use 'migadu' flavor

---
 modules/home/mail/accounts/default.nix | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/modules/home/mail/accounts/default.nix b/modules/home/mail/accounts/default.nix
index 202b9bc..5216ad5 100644
--- a/modules/home/mail/accounts/default.nix
+++ b/modules/home/mail/accounts/default.nix
@@ -26,20 +26,7 @@ let
   };
 
   migaduConfig = {
-    imap = {
-      host = "imap.migadu.com";
-      port = 993;
-      tls = {
-        enable = true;
-      };
-    };
-    smtp = {
-      host = "smtp.migadu.com";
-      port = 465;
-      tls = {
-        enable = true;
-      };
-    };
+    flavor = "migadu.com";
   };
 
   gmailConfig = {

From f474c033d5d89d9cf84bbc18f878eb1bb9fed4d3 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 13 Feb 2025 14:40:39 +0000
Subject: [PATCH 311/431] nixos: services: nginx: remove zstd compression

The zstd module is unmaintained and buggy, remove it preventively.

The option itself will probably be removed soon [1].

[1]: https://github.com/NixOS/nixpkgs/pull/381678
---
 modules/nixos/services/nginx/default.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix
index cb27604..1e9e38a 100644
--- a/modules/nixos/services/nginx/default.nix
+++ b/modules/nixos/services/nginx/default.nix
@@ -253,7 +253,6 @@ in
       recommendedOptimisation = true;
       recommendedProxySettings = true;
       recommendedTlsSettings = true;
-      recommendedZstdSettings = true;
 
       virtualHosts =
         let

From 8f5be69a4e297c8289399ae09b805090042ebfcc Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 17 Feb 2025 15:33:40 +0100
Subject: [PATCH 312/431] flake: bump inputs

---
 flake.lock | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/flake.lock b/flake.lock
index b7ca708..c4ae7ba 100644
--- a/flake.lock
+++ b/flake.lock
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1739314552,
-        "narHash": "sha256-ggVf2BclyIW3jexc/uvgsgJH4e2cuG6Nyg54NeXgbFI=",
+        "lastModified": 1739790043,
+        "narHash": "sha256-4gK4zdNDQ4PyGFs7B6zp9iPIBy9E+bVJiZ0XAmncvgQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "83bd3a26ac0526ae04fa74df46738bb44b89dcdd",
+        "rev": "c1ea92cdfb85bd7b0995b550581d9fd1c3370bf9",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1739214665,
-        "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=",
+        "lastModified": 1739580444,
+        "narHash": "sha256-+/bSz4EAVbqz8/HsIGLroF8aNaO8bLRL7WfACN+24g4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a",
+        "rev": "8bb37161a0488b89830168b81c48aed11569cb93",
         "type": "github"
       },
       "original": {
@@ -177,11 +177,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1739229047,
-        "narHash": "sha256-sSTgA86wdk8d544c2+gzrfvVPHQF4mbsomvLOW2thn0=",
+        "lastModified": 1739796551,
+        "narHash": "sha256-XcTK29rOc0WxcSJDHUK8JQege9CzSVVAcjHdswOVFPA=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "8348d89f30598a73fee7efb4b5d34c3de201e71b",
+        "rev": "827aa6eeaf92cc085f84947f6c32002792b67497",
         "type": "github"
       },
       "original": {

From 1237ef41742323d88d639877d38cd6ec05d9cf91 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 21 Feb 2025 16:22:00 +0000
Subject: [PATCH 313/431] home: git: include local configuration properly

Using `includes` ensures that the local configuration is included at the
end of the configuration file.
---
 modules/home/git/default.nix | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix
index 1bb2215..8791cb2 100644
--- a/modules/home/git/default.nix
+++ b/modules/home/git/default.nix
@@ -123,11 +123,6 @@ in
         defaultBranch = "main";
       };
 
-      # Local configuration, not-versioned
-      include = {
-        path = "config.local";
-      };
-
       merge = {
         conflictStyle = "zdiff3";
       };
@@ -167,8 +162,8 @@ in
       };
     };
 
-    # Multiple identities
     includes = [
+      # Multiple identities
       {
         condition = "gitdir:~/git/EPITA/";
         contents = {
@@ -187,6 +182,10 @@ in
           };
         };
       }
+      # Local configuration, not-versioned
+      {
+        path = "config.local";
+      }
     ];
 
     ignores =

From 337d7309c61e39bd77db6537acde9a301dade42f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 21 Feb 2025 16:41:54 +0000
Subject: [PATCH 314/431] home: git: use 'mkAfter' for config includes

This should ensure that they will be included at the very end of the
configuration, even if other modules add more includes.

Notably, this ensures that the local configuration can override any
other setting.
---
 modules/home/git/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix
index 8791cb2..c88008f 100644
--- a/modules/home/git/default.nix
+++ b/modules/home/git/default.nix
@@ -162,7 +162,7 @@ in
       };
     };
 
-    includes = [
+    includes = lib.mkAfter [
       # Multiple identities
       {
         condition = "gitdir:~/git/EPITA/";

From d3a953247c270ca2e771bac5343123c4239c0da3 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 24 Feb 2025 14:15:01 +0000
Subject: [PATCH 315/431] home: packages: disable on 'useGlobalPkgs'

It doesn't do anything when `useGlobalPkgs` is set, and has started
warning about its upcoming deprecation.
---
 modules/home/packages/default.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/modules/home/packages/default.nix b/modules/home/packages/default.nix
index b0f8d67..43f7111 100644
--- a/modules/home/packages/default.nix
+++ b/modules/home/packages/default.nix
@@ -1,6 +1,7 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, osConfig, ... }:
 let
   cfg = config.my.home.packages;
+  useGlobalPkgs = osConfig.home-manager.useGlobalPkgs or false;
 in
 {
   options.my.home.packages = with lib; {
@@ -29,7 +30,7 @@ in
       tree
     ] ++ cfg.additionalPackages);
 
-    nixpkgs.config = {
+    nixpkgs.config = lib.mkIf (!useGlobalPkgs) {
       inherit (cfg) allowAliases allowUnfree;
     };
   };

From 852696409a4319a9767814c4483072d4bb9cbd61 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 24 Feb 2025 17:07:43 +0000
Subject: [PATCH 316/431] home: pager: remove 'LESSKEY'

It should do the lookup in `$XDG_CONFIG_HOME/lesskey` automatically now.
---
 modules/home/pager/default.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/modules/home/pager/default.nix b/modules/home/pager/default.nix
index 1119440..a35da2c 100644
--- a/modules/home/pager/default.nix
+++ b/modules/home/pager/default.nix
@@ -16,7 +16,6 @@ in
       LESS = "-R -+X -c";
       # Better XDG compliance
       LESSHISTFILE = "${config.xdg.stateHome}/less/history";
-      LESSKEY = "${config.xdg.configHome}/less/lesskey";
     };
   };
 }

From e43570fe5bfa8a6258d11c3eb8f7738cb045a5ce Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 24 Feb 2025 17:04:21 +0000
Subject: [PATCH 317/431] home: pager: allow quitting without screen clear

---
 modules/home/pager/default.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/home/pager/default.nix b/modules/home/pager/default.nix
index a35da2c..e84dcb7 100644
--- a/modules/home/pager/default.nix
+++ b/modules/home/pager/default.nix
@@ -17,5 +17,10 @@ in
       # Better XDG compliance
       LESSHISTFILE = "${config.xdg.stateHome}/less/history";
     };
+
+    xdg.configFile."lesskey".text = ''
+      # Quit without clearing the screen on `Q`
+      Q toggle-option -!^Predraw-on-quit\nq
+    '';
   };
 }

From 84f1186b6c6888ed3ebc1fb6072a259e509b3271 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 25 Feb 2025 13:38:07 +0000
Subject: [PATCH 318/431] home: tmux: add 'enableResurrect'

To be used on the cloudtop with its frequent reboots.
---
 modules/home/tmux/default.nix | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix
index ae8b8f0..5371643 100644
--- a/modules/home/tmux/default.nix
+++ b/modules/home/tmux/default.nix
@@ -20,6 +20,8 @@ in
 
     enablePassthrough = mkEnableOption "tmux DCS passthrough sequence";
 
+    enableResurrect = mkEnableOption "tmux-resurrect plugin";
+
     terminalFeatures = mkOption {
       type = with types; attrsOf (submodule {
         options = {
@@ -51,7 +53,7 @@ in
     focusEvents = true; # Report focus events
     terminal = "tmux-256color"; # I want accurate termcap info
 
-    plugins = with pkgs.tmuxPlugins; [
+    plugins = with pkgs.tmuxPlugins; builtins.filter (attr: attr != { }) [
       # Open high-lighted files in copy mode
       open
       # Better pane management
@@ -79,6 +81,13 @@ in
           set -g status-right '#{prefix_highlight} %a %Y-%m-%d %H:%M'
         '';
       }
+      # Resurrect sessions
+      (lib.optionalAttrs cfg.enableResurrect {
+        plugin = resurrect;
+        extraConfig = ''
+          set -g @resurrect-dir '${config.xdg.stateHome}/tmux/resurrect'
+        '';
+      })
     ];
 
     extraConfig = ''

From 105bcbd53a30d349bb68276249a77793ec5f2d19 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 25 Feb 2025 13:39:46 +0000
Subject: [PATCH 319/431] hosts: home: mousqueton: enable 'tmux-resurrect'

---
 hosts/homes/ambroisie@mousqueton/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hosts/homes/ambroisie@mousqueton/default.nix b/hosts/homes/ambroisie@mousqueton/default.nix
index 44e62e6..37884d7 100644
--- a/hosts/homes/ambroisie@mousqueton/default.nix
+++ b/hosts/homes/ambroisie@mousqueton/default.nix
@@ -15,6 +15,9 @@
       # I use scripts that use the passthrough sequence often on this host
       enablePassthrough = true;
 
+      # Frequent reboots mean that session persistence can be handy
+      enableResurrect = true;
+
       terminalFeatures = {
         # HTerm uses `xterm-256color` as its `$TERM`, so use that here
         xterm-256color = { };

From edeb67238bc24dc982075bb5f6787d8035b578b3 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 25 Feb 2025 13:58:02 +0000
Subject: [PATCH 320/431] home: tmux: enable aggressive resize

Generally useful, rarely gets in the way, I'd rather have it enabled by
default.
---
 modules/home/tmux/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix
index 5371643..08b9202 100644
--- a/modules/home/tmux/default.nix
+++ b/modules/home/tmux/default.nix
@@ -52,6 +52,7 @@ in
     mouse = false; # I dislike mouse support
     focusEvents = true; # Report focus events
     terminal = "tmux-256color"; # I want accurate termcap info
+    aggressiveResize = true; # Automatic resize when switching client size
 
     plugins = with pkgs.tmuxPlugins; builtins.filter (attr: attr != { }) [
       # Open high-lighted files in copy mode

From 0dc8ac443313724285d54447330311f3b2e0856b Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 27 Feb 2025 12:36:10 +0000
Subject: [PATCH 321/431] flake: bump inputs

---
 flake.lock | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/flake.lock b/flake.lock
index c4ae7ba..bd5cf0a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1739790043,
-        "narHash": "sha256-4gK4zdNDQ4PyGFs7B6zp9iPIBy9E+bVJiZ0XAmncvgQ=",
+        "lastModified": 1740624780,
+        "narHash": "sha256-8TP61AI3QBQsjzVUQFIV8NoB5nbYfJB3iHczhBikDkU=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "c1ea92cdfb85bd7b0995b550581d9fd1c3370bf9",
+        "rev": "b8869e4ead721bbd4f0d6b927e8395705d4f16e6",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1739580444,
-        "narHash": "sha256-+/bSz4EAVbqz8/HsIGLroF8aNaO8bLRL7WfACN+24g4=",
+        "lastModified": 1740560979,
+        "narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8bb37161a0488b89830168b81c48aed11569cb93",
+        "rev": "5135c59491985879812717f4c9fea69604e7f26f",
         "type": "github"
       },
       "original": {
@@ -177,11 +177,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1739796551,
-        "narHash": "sha256-XcTK29rOc0WxcSJDHUK8JQege9CzSVVAcjHdswOVFPA=",
+        "lastModified": 1740655932,
+        "narHash": "sha256-BSTcgL2C74x0TgVdVEWfIz2SHkwIFMN0Dvv1lCoOhCA=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "827aa6eeaf92cc085f84947f6c32002792b67497",
+        "rev": "1ca8ff37f33a560c4a292ed83774434854f0b39a",
         "type": "github"
       },
       "original": {

From 88c00bb83d7d83d9af480f9de8027175bdd32ec7 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 27 Feb 2025 12:44:10 +0000
Subject: [PATCH 322/431] home: firefox: fix deprecated option

---
 modules/home/firefox/default.nix | 28 +++++++++++++++-------------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/modules/home/firefox/default.nix b/modules/home/firefox/default.nix
index 02c74f2..6346dc9 100644
--- a/modules/home/firefox/default.nix
+++ b/modules/home/firefox/default.nix
@@ -61,19 +61,21 @@ in
           "ui.systemUsesDarkTheme" = true; # Dark mode
         };
 
-        extensions = with pkgs.nur.repos.rycee.firefox-addons; ([
-          bitwarden
-          consent-o-matic
-          form-history-control
-          reddit-comment-collapser
-          reddit-enhancement-suite
-          refined-github
-          sponsorblock
-          ublock-origin
-        ]
-        ++ lib.optional (cfg.tridactyl.enable) tridactyl
-        ++ lib.optional (cfg.ff2mpv.enable) ff2mpv
-        );
+        extensions = {
+          packages = with pkgs.nur.repos.rycee.firefox-addons; ([
+            bitwarden
+            consent-o-matic
+            form-history-control
+            reddit-comment-collapser
+            reddit-enhancement-suite
+            refined-github
+            sponsorblock
+            ublock-origin
+          ]
+          ++ lib.optional (cfg.tridactyl.enable) tridactyl
+          ++ lib.optional (cfg.ff2mpv.enable) ff2mpv
+          );
+        };
       };
     };
   };

From ca618b53ccef400567eef305c634854ca16529fb Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 27 Feb 2025 16:59:15 +0000
Subject: [PATCH 323/431] home: vim: oil: explicitly remove icons

They started appearing on the latest bump, it looks like my
configuration started including `nvim-web-devicons` (see [1]).

I'll probably remove this configuration on the next nixpkgs bump (it's a
good canary to check that I *never* include icons in the future).

[1]: https://github.com/NixOS/nixpkgs/pull/382668
---
 modules/home/vim/plugin/settings/oil.lua | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/home/vim/plugin/settings/oil.lua b/modules/home/vim/plugin/settings/oil.lua
index a160725..74d5007 100644
--- a/modules/home/vim/plugin/settings/oil.lua
+++ b/modules/home/vim/plugin/settings/oil.lua
@@ -4,6 +4,8 @@ local wk = require("which-key")
 local detail = false
 
 oil.setup({
+    -- Don't show icons
+    columns = {},
     view_options = {
         -- Show files and directories that start with "." by default
         show_hidden = true,

From dc4221fc17fc3d36e75f4d47b6e1a552969ab29f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 17 Mar 2025 13:02:02 +0000
Subject: [PATCH 324/431] flake: bump inputs

And remove the overlay for `lsp-format.nvim`, which has been fixed.

This reverts commit 92e5fbe7df0c74a33baccfdb9fc82859217e0b3a.
---
 flake.lock                                    | 30 +++++++++----------
 .../lsp-format-nvim-indentation/default.nix   |  4 ---
 .../lsp-format-nvim-indentation/generated.nix | 14 ---------
 3 files changed, 15 insertions(+), 33 deletions(-)
 delete mode 100644 overlays/lsp-format-nvim-indentation/default.nix
 delete mode 100644 overlays/lsp-format-nvim-indentation/generated.nix

diff --git a/flake.lock b/flake.lock
index bd5cf0a..6db188a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1738453229,
-        "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
+        "lastModified": 1741352980,
+        "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
+        "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1740624780,
-        "narHash": "sha256-8TP61AI3QBQsjzVUQFIV8NoB5nbYfJB3iHczhBikDkU=",
+        "lastModified": 1741955947,
+        "narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "b8869e4ead721bbd4f0d6b927e8395705d4f16e6",
+        "rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1740560979,
-        "narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=",
+        "lastModified": 1742069588,
+        "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5135c59491985879812717f4c9fea69604e7f26f",
+        "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5",
         "type": "github"
       },
       "original": {
@@ -177,11 +177,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1740655932,
-        "narHash": "sha256-BSTcgL2C74x0TgVdVEWfIz2SHkwIFMN0Dvv1lCoOhCA=",
+        "lastModified": 1741294988,
+        "narHash": "sha256-3408u6q615kVTb23WtDriHRmCBBpwX7iau6rvfipcu4=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "1ca8ff37f33a560c4a292ed83774434854f0b39a",
+        "rev": "b30c245e2c44c7352a27485bfd5bc483df660f0e",
         "type": "github"
       },
       "original": {
@@ -200,11 +200,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737465171,
-        "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=",
+        "lastModified": 1742058297,
+        "narHash": "sha256-b4SZc6TkKw8WQQssbN5O2DaCEzmFfvSTPYHlx/SFW9Y=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17",
+        "rev": "59f17850021620cd348ad2e9c0c64f4e6325ce2a",
         "type": "github"
       },
       "original": {
diff --git a/overlays/lsp-format-nvim-indentation/default.nix b/overlays/lsp-format-nvim-indentation/default.nix
deleted file mode 100644
index 832e71d..0000000
--- a/overlays/lsp-format-nvim-indentation/default.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-self: prev:
-{
-  vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { });
-}
diff --git a/overlays/lsp-format-nvim-indentation/generated.nix b/overlays/lsp-format-nvim-indentation/generated.nix
deleted file mode 100644
index 1902207..0000000
--- a/overlays/lsp-format-nvim-indentation/generated.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ fetchpatch, ... }:
-
-_final: prev: {
-  lsp-format-nvim = prev.lsp-format-nvim.overrideAttrs (oa: {
-    patches = (oa.patches or [ ]) ++ [
-      # https://github.com/lukas-reineke/lsp-format.nvim/issues/94
-      (fetchpatch {
-        name = "use-effective-indentation";
-        url = "https://github.com/liskin/lsp-format.nvim/commit/3757ac443bdf5bd166673833794553229ee8d939.patch";
-        hash = "sha256-Dv+TvXrU/IrrPxz2MSPbLmRxch+qkHbI3AyFMj/ssDk=";
-      })
-    ];
-  });
-}

From 5ae2eacd49042d3c00e3d2e666c355bcb89e10d1 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 19 Mar 2025 11:45:07 +0000
Subject: [PATCH 325/431] home: git: add 'ignoreRevsFile'

I'm surprised I hadn't configured it already.

`.git-blame-ignore-revs` is the usual name, as most forges automatically
detect and use it.
---
 modules/home/git/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix
index c88008f..bd085b8 100644
--- a/modules/home/git/default.nix
+++ b/modules/home/git/default.nix
@@ -75,6 +75,7 @@ in
       # Makes it a bit more readable
       blame = {
         coloring = "repeatedLines";
+        ignoreRevsFile = ".git-blame-ignore-revs";
         markIgnoredLines = true;
         markUnblamables = true;
       };

From 9156a8211d6388e274698e834d010710d727d425 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 24 Mar 2025 11:47:59 +0000
Subject: [PATCH 326/431] flake: bump inputs

---
 flake.lock | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/flake.lock b/flake.lock
index 6db188a..2eff24a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1741955947,
-        "narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=",
+        "lastModified": 1742771635,
+        "narHash": "sha256-HQHzQPrg+g22tb3/K/4tgJjPzM+/5jbaujCZd8s2Mls=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4",
+        "rev": "ad0614a1ec9cce3b13169e20ceb7e55dfaf2a818",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1742069588,
-        "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=",
+        "lastModified": 1742669843,
+        "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5",
+        "rev": "1e5b653dff12029333a6546c11e108ede13052eb",
         "type": "github"
       },
       "original": {
@@ -200,11 +200,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742058297,
-        "narHash": "sha256-b4SZc6TkKw8WQQssbN5O2DaCEzmFfvSTPYHlx/SFW9Y=",
+        "lastModified": 1742649964,
+        "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "59f17850021620cd348ad2e9c0c64f4e6325ce2a",
+        "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
         "type": "github"
       },
       "original": {

From 6fc81e45e98bcb4190641c53aad62a28cb782367 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 24 Mar 2025 11:58:56 +0000
Subject: [PATCH 327/431] home: zsh: migrate to 'initContent'

This also fixes a small ordering issue: my alias definitions used to be
defined at the very end of the file, they're now slotted _before_ the
`zshrc.local` import.
---
 modules/home/zsh/default.nix | 40 +++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 21 deletions(-)

diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix
index 11b6cb2..f4092d8 100644
--- a/modules/home/zsh/default.nix
+++ b/modules/home/zsh/default.nix
@@ -87,28 +87,26 @@ in
         # Modal editing is life, but CLI benefits from emacs gymnastics
         defaultKeymap = "emacs";
 
-        # Make those happen early to avoid doing double the work
-        initExtraFirst = lib.mkBefore ''
-          ${
-            lib.optionalString cfg.launchTmux ''
-              # Launch tmux unless already inside one
-              if [ -z "$TMUX" ]; then
-                exec tmux new-session
-              fi
-            ''
-          }
-        '';
+        initContent = lib.mkMerge [
+          # Make those happen early to avoid doing double the work
+          (lib.mkBefore (lib.optionalString cfg.launchTmux ''
+            # Launch tmux unless already inside one
+            if [ -z "$TMUX" ]; then
+              exec tmux new-session
+            fi
+          ''))
 
-        initExtra = lib.mkAfter ''
-          source ${./completion-styles.zsh}
-          source ${./extra-mappings.zsh}
-          source ${./options.zsh}
+          (lib.mkAfter ''
+            source ${./completion-styles.zsh}
+            source ${./extra-mappings.zsh}
+            source ${./options.zsh}
 
-          # Source local configuration
-          if [ -f "$ZDOTDIR/zshrc.local" ]; then
-            source "$ZDOTDIR/zshrc.local"
-          fi
-        '';
+            # Source local configuration
+            if [ -f "$ZDOTDIR/zshrc.local" ]; then
+              source "$ZDOTDIR/zshrc.local"
+            fi
+          '')
+        ];
 
         localVariables = {
           # I like having the full path
@@ -151,7 +149,7 @@ in
         };
 
         # Use OSC-777 to send the notification through SSH
-        initExtra = lib.mkIf cfg.notify.ssh.useOsc777 ''
+        initContent = lib.mkIf cfg.notify.ssh.useOsc777 ''
           done_send_notification() {
             local exit_status="$1"
             local title="$2"

From b2758839e8a0fe5cb613542172d6bfd36ba088ee Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 24 Mar 2025 16:51:45 +0000
Subject: [PATCH 328/431] home: vim: lspconfig: add 'harper'

Support for more languages is upcoming, I also need to check how to
handle custom words/dictionaries.
---
 modules/home/vim/plugin/settings/lspconfig.lua | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua
index 1f9abfd..f8e65d8 100644
--- a/modules/home/vim/plugin/settings/lspconfig.lua
+++ b/modules/home/vim/plugin/settings/lspconfig.lua
@@ -96,6 +96,13 @@ if utils.is_executable("starpls") then
 end
 
 -- Generic
+if utils.is_executable("harper-ls") then
+    lspconfig.harper_ls.setup({
+        capabilities = capabilities,
+        on_attach = lsp.on_attach,
+    })
+end
+
 if utils.is_executable("typos-lsp") then
     lspconfig.typos_lsp.setup({
         capabilities = capabilities,

From abec0dd226d765a54976be0a07442c4ce45b3cdb Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 25 Mar 2025 14:30:07 +0000
Subject: [PATCH 329/431] home: git: remove 'ignoreRevsFile'

I remember why I didn't set it globally now, it's because `git blame`
complains and errors out, rather than silently ignoring the setting,
when the file doesn't exist in a repo...

This reverts commit 5ae2eacd49042d3c00e3d2e666c355bcb89e10d1.
---
 modules/home/git/default.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix
index bd085b8..c88008f 100644
--- a/modules/home/git/default.nix
+++ b/modules/home/git/default.nix
@@ -75,7 +75,6 @@ in
       # Makes it a bit more readable
       blame = {
         coloring = "repeatedLines";
-        ignoreRevsFile = ".git-blame-ignore-revs";
         markIgnoredLines = true;
         markUnblamables = true;
       };

From 458ea144c447cb15ed07351992f9cbe8f74489db Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 25 Mar 2025 16:52:58 +0000
Subject: [PATCH 330/431] home: vim: remove 'fastfold' configuration

I missed it in the original commit that removed the plug-in from my
configuration...
---
 modules/home/vim/plugin/settings/fastfold.lua | 5 -----
 1 file changed, 5 deletions(-)
 delete mode 100644 modules/home/vim/plugin/settings/fastfold.lua

diff --git a/modules/home/vim/plugin/settings/fastfold.lua b/modules/home/vim/plugin/settings/fastfold.lua
deleted file mode 100644
index 78ee937..0000000
--- a/modules/home/vim/plugin/settings/fastfold.lua
+++ /dev/null
@@ -1,5 +0,0 @@
--- Intercept all fold commands
--- stylua: ignore
-vim.g.fastfold_fold_command_suffixes = {
-    "x", "X", "a", "A", "o", "O", "c", "C", "r", "R", "m", "M", "i", "n", "N",
-}

From 1841ff391d13eb31b3ff670b9c9f4563ecc7140b Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 28 Mar 2025 15:27:21 +0000
Subject: [PATCH 331/431] flake: dev-shells: remove redundant 'pre-commit'

It's already being installed by the shell hook.
---
 flake/dev-shells.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/flake/dev-shells.nix b/flake/dev-shells.nix
index d5f5989..87464a4 100644
--- a/flake/dev-shells.nix
+++ b/flake/dev-shells.nix
@@ -6,7 +6,6 @@
         name = "NixOS-config";
 
         nativeBuildInputs = with pkgs; [
-          gitAndTools.pre-commit
           nixpkgs-fmt
         ];
 

From 37e88c2707072bc4cc244669c084dccb74b52ab3 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 29 Mar 2025 14:41:21 +0000
Subject: [PATCH 332/431] flake: bump inputs

And fix the small `jq` breakage.
---
 flake.lock                  | 18 +++++++++---------
 modules/home/jq/default.nix |  1 +
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/flake.lock b/flake.lock
index 2eff24a..a2d931a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1741352980,
-        "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
+        "lastModified": 1743550720,
+        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
+        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742771635,
-        "narHash": "sha256-HQHzQPrg+g22tb3/K/4tgJjPzM+/5jbaujCZd8s2Mls=",
+        "lastModified": 1743607567,
+        "narHash": "sha256-kTzKPDFmNzwO1cK4fiJgPB/iSw7HgBAmknRTeAPJAeI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "ad0614a1ec9cce3b13169e20ceb7e55dfaf2a818",
+        "rev": "49748c74cdbae03d70381f150b810f92617f23aa",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1742669843,
-        "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=",
+        "lastModified": 1743448293,
+        "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "1e5b653dff12029333a6546c11e108ede13052eb",
+        "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3",
         "type": "github"
       },
       "original": {
diff --git a/modules/home/jq/default.nix b/modules/home/jq/default.nix
index 57e266f..53e5986 100644
--- a/modules/home/jq/default.nix
+++ b/modules/home/jq/default.nix
@@ -17,6 +17,7 @@ in
       strings = "0;32";
       arrays = "1;39";
       objects = "1;39";
+      objectKeys = "1;34";
     };
   };
 }

From dfb3c353ecc6e2152dfc2440544db2ffbd99a20b Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 29 Mar 2025 16:15:04 +0000
Subject: [PATCH 333/431] home: vim: remove 'lsp_lines'

It's been upstreamed!
---
 modules/home/vim/default.nix                   | 1 -
 modules/home/vim/plugin/settings/lsp-lines.lua | 3 ---
 2 files changed, 4 deletions(-)
 delete mode 100644 modules/home/vim/plugin/settings/lsp-lines.lua

diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix
index 8e6bd5c..b65e935 100644
--- a/modules/home/vim/default.nix
+++ b/modules/home/vim/default.nix
@@ -59,7 +59,6 @@ in
       # LSP and linting
       nvim-lspconfig # Easy LSP configuration
       lsp-format-nvim # Simplified formatting configuration
-      lsp_lines-nvim # Show diagnostics *over* regions
       none-ls-nvim # LSP integration for linters and formatters
       nvim-treesitter.withAllGrammars # Better highlighting
       nvim-treesitter-textobjects # More textobjects
diff --git a/modules/home/vim/plugin/settings/lsp-lines.lua b/modules/home/vim/plugin/settings/lsp-lines.lua
deleted file mode 100644
index 9c79818..0000000
--- a/modules/home/vim/plugin/settings/lsp-lines.lua
+++ /dev/null
@@ -1,3 +0,0 @@
-local lsp_lines = require("lsp_lines")
-
-lsp_lines.setup()

From 274d143031cbc350673c8bed520fa0f2522319c0 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 29 Mar 2025 16:17:59 +0000
Subject: [PATCH 334/431] home: vim: fix deprecated calls

---
 modules/home/vim/lua/ambroisie/lsp.lua   | 17 +++++++----------
 modules/home/vim/lua/ambroisie/utils.lua |  2 +-
 2 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua
index eb53da6..3989202 100644
--- a/modules/home/vim/lua/ambroisie/lsp.lua
+++ b/modules/home/vim/lua/ambroisie/lsp.lua
@@ -5,14 +5,15 @@ local lsp_format = require("lsp-format")
 
 --- Move to the next/previous diagnostic, automatically showing the diagnostics
 --- float if necessary.
---- @param forward bool whether to go forward or backwards
-local function goto_diagnostic(forward)
+--- @param count number whether to go count or backwards
+local function goto_diagnostic(count)
     vim.validate({
-        forward = { forward, "boolean" },
+        count = { count, "number" },
     })
 
     local opts = {
         float = false,
+        count = count,
     }
 
     -- Only show floating diagnostics if they are otherwise not displayed
@@ -21,23 +22,19 @@ local function goto_diagnostic(forward)
         opts.float = true
     end
 
-    if forward then
-        vim.diagnostic.goto_next(opts)
-    else
-        vim.diagnostic.goto_prev(opts)
-    end
+    vim.diagnostic.jump(opts)
 end
 
 --- Move to the next diagnostic, automatically showing the diagnostics float if
 --- necessary.
 M.goto_next_diagnostic = function()
-    goto_diagnostic(true)
+    goto_diagnostic(1)
 end
 
 --- Move to the previous diagnostic, automatically showing the diagnostics float
 --- if necessary.
 M.goto_prev_diagnostic = function()
-    goto_diagnostic(false)
+    goto_diagnostic(-1)
 end
 
 --- shared LSP configuration callback
diff --git a/modules/home/vim/lua/ambroisie/utils.lua b/modules/home/vim/lua/ambroisie/utils.lua
index c9e9292..0ee7c83 100644
--- a/modules/home/vim/lua/ambroisie/utils.lua
+++ b/modules/home/vim/lua/ambroisie/utils.lua
@@ -38,7 +38,7 @@ end
 --- @param bufnr int? buffer number
 --- @return table all active LSP client names
 M.list_lsp_clients = function(bufnr)
-    local clients = vim.lsp.get_active_clients({ bufnr = bufnr })
+    local clients = vim.lsp.get_clients({ bufnr = bufnr })
     local names = {}
 
     for _, client in ipairs(clients) do

From 4ef1b08f4ee444ab9dcb1513421cf78a79449242 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 29 Mar 2025 16:55:00 +0000
Subject: [PATCH 335/431] home: vim: lualine: use built-in 'branch'

It now supports worktrees correctly (or at least I can't figure out
which issue I used to have with it...).

As a bonus, it also supports showing the correct branch for an `oil`
buffer.

This reverts commit 481d5f6f53e1e6ff1d8f29d3ac996af723be2381.
---
 modules/home/vim/plugin/settings/lualine.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/vim/plugin/settings/lualine.lua b/modules/home/vim/plugin/settings/lualine.lua
index 5219a95..31ad3c4 100644
--- a/modules/home/vim/plugin/settings/lualine.lua
+++ b/modules/home/vim/plugin/settings/lualine.lua
@@ -30,7 +30,7 @@ lualine.setup({
             { "mode" },
         },
         lualine_b = {
-            { "FugitiveHead" },
+            { "branch" },
             { "filename", symbols = { readonly = "🔒" } },
         },
         lualine_c = {

From c1efc4316d7fe2bedd222d02e148e9ec8f7f6707 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 29 Mar 2025 16:44:00 +0000
Subject: [PATCH 336/431] home: vim: lualine: add custom 'oil' extension

I don't like the built-in one.
---
 modules/home/vim/plugin/settings/lualine.lua | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/modules/home/vim/plugin/settings/lualine.lua b/modules/home/vim/plugin/settings/lualine.lua
index 31ad3c4..bbe4647 100644
--- a/modules/home/vim/plugin/settings/lualine.lua
+++ b/modules/home/vim/plugin/settings/lualine.lua
@@ -1,4 +1,5 @@
 local lualine = require("lualine")
+local oil = require("oil")
 local utils = require("ambroisie.utils")
 
 local function list_spell_languages()
@@ -57,5 +58,21 @@ lualine.setup({
     extensions = {
         "fugitive",
         "quickfix",
+        {
+            sections = {
+                lualine_a = {
+                    { "mode" },
+                },
+                lualine_b = {
+                    { "branch" },
+                },
+                lualine_c = {
+                    function()
+                        return vim.fn.fnamemodify(oil.get_current_dir(), ":~")
+                    end,
+                },
+            },
+            filetypes = { "oil" },
+        },
     },
 })

From 262dc48425c2b62305b5202abad20f71cf92aaed Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 2 Apr 2025 20:02:33 +0100
Subject: [PATCH 337/431] home: vim: use default 'diffopt:linematch'

It's now been defaulted to `linematch:40` on v0.11.
---
 modules/home/vim/init.vim | 2 --
 1 file changed, 2 deletions(-)

diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim
index 0b54676..39ef32e 100644
--- a/modules/home/vim/init.vim
+++ b/modules/home/vim/init.vim
@@ -68,8 +68,6 @@ set listchars=tab:>─,trail:·,nbsp:¤
 
 " Use patience diff
 set diffopt+=algorithm:patience
-" Align similar lines in each hunk
-set diffopt+=linematch:50
 
 " Don't redraw when executing macros
 set lazyredraw

From 2583cc6c12817a9f1012ba24bfe32aeb4b7794a3 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 3 Apr 2025 21:16:58 +0100
Subject: [PATCH 338/431] home: vim: lua: lsp: add count to diagnostic maps

---
 modules/home/vim/lua/ambroisie/lsp.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua
index 3989202..e57bdaf 100644
--- a/modules/home/vim/lua/ambroisie/lsp.lua
+++ b/modules/home/vim/lua/ambroisie/lsp.lua
@@ -28,13 +28,13 @@ end
 --- Move to the next diagnostic, automatically showing the diagnostics float if
 --- necessary.
 M.goto_next_diagnostic = function()
-    goto_diagnostic(1)
+    goto_diagnostic(vim.v.count1)
 end
 
 --- Move to the previous diagnostic, automatically showing the diagnostics float
 --- if necessary.
 M.goto_prev_diagnostic = function()
-    goto_diagnostic(-1)
+    goto_diagnostic(-vim.v.count1)
 end
 
 --- shared LSP configuration callback

From 36aa641ec0d861b7abffc8204b6538b7dc0367a2 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 3 Apr 2025 21:23:30 +0100
Subject: [PATCH 339/431] home: vim: rely on built-in diagnostic jump config

This reduces the surface area of my configuration.
---
 .../vim/after/plugin/mappings/unimpaired.lua  |  4 --
 modules/home/vim/lua/ambroisie/lsp.lua        | 38 ++-----------------
 .../home/vim/plugin/settings/lspconfig.lua    |  4 ++
 3 files changed, 8 insertions(+), 38 deletions(-)

diff --git a/modules/home/vim/after/plugin/mappings/unimpaired.lua b/modules/home/vim/after/plugin/mappings/unimpaired.lua
index 82aab05..765b6b1 100644
--- a/modules/home/vim/after/plugin/mappings/unimpaired.lua
+++ b/modules/home/vim/after/plugin/mappings/unimpaired.lua
@@ -31,8 +31,6 @@ local keys = {
     { "[u", desc = "URL encode" },
     { "[x", desc = "XML encode" },
     { "[y", desc = "C string encode" },
-    -- Custom
-    { "[d", lsp.goto_prev_diagnostic, desc = "Previous diagnostic" },
 
     -- Next
     { "]", group = "Next" },
@@ -62,8 +60,6 @@ local keys = {
     { "]u", desc = "URL decode" },
     { "]x", desc = "XML decode" },
     { "]y", desc = "C string decode" },
-    -- Custom
-    { "]d", lsp.goto_next_diagnostic, desc = "Next diagnostic" },
 
     -- Enable option
     { "[o", group = "Enable option" },
diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua
index e57bdaf..e48de12 100644
--- a/modules/home/vim/lua/ambroisie/lsp.lua
+++ b/modules/home/vim/lua/ambroisie/lsp.lua
@@ -3,40 +3,6 @@ local M = {}
 -- Simplified LSP formatting configuration
 local lsp_format = require("lsp-format")
 
---- Move to the next/previous diagnostic, automatically showing the diagnostics
---- float if necessary.
---- @param count number whether to go count or backwards
-local function goto_diagnostic(count)
-    vim.validate({
-        count = { count, "number" },
-    })
-
-    local opts = {
-        float = false,
-        count = count,
-    }
-
-    -- Only show floating diagnostics if they are otherwise not displayed
-    local config = vim.diagnostic.config()
-    if not (config.virtual_text or config.virtual_lines) then
-        opts.float = true
-    end
-
-    vim.diagnostic.jump(opts)
-end
-
---- Move to the next diagnostic, automatically showing the diagnostics float if
---- necessary.
-M.goto_next_diagnostic = function()
-    goto_diagnostic(vim.v.count1)
-end
-
---- Move to the previous diagnostic, automatically showing the diagnostics float
---- if necessary.
-M.goto_prev_diagnostic = function()
-    goto_diagnostic(-vim.v.count1)
-end
-
 --- shared LSP configuration callback
 --- @param client native client configuration
 --- @param bufnr int? buffer number of the attached client
@@ -76,6 +42,10 @@ M.on_attach = function(client, bufnr)
         vim.diagnostic.config({
             virtual_text = text,
             virtual_lines = lines,
+            jump = {
+                -- Show float on jump if no diagnostic text is otherwise shown
+                float = not (text or lines),
+            },
         })
     end
 
diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua
index f8e65d8..7817d4c 100644
--- a/modules/home/vim/plugin/settings/lspconfig.lua
+++ b/modules/home/vim/plugin/settings/lspconfig.lua
@@ -16,6 +16,10 @@ vim.diagnostic.config({
     update_in_insert = false,
     -- Show highest severity first
     severity_sort = true,
+    jump = {
+        -- Show float on diagnostic jumps
+        float = true,
+    },
 })
 
 -- Inform servers we are able to do completion, snippets, etc...

From d48d5c45e04b67e7642ac5f36c5fd1c81f7cd19d Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 4 Apr 2025 15:24:43 +0000
Subject: [PATCH 340/431] home: vim: remove 'friendly-snippets'

I never use them...
---
 modules/home/vim/default.nix                 | 1 -
 modules/home/vim/plugin/settings/luasnip.lua | 1 -
 2 files changed, 2 deletions(-)
 delete mode 100644 modules/home/vim/plugin/settings/luasnip.lua

diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix
index b65e935..20a74ff 100644
--- a/modules/home/vim/default.nix
+++ b/modules/home/vim/default.nix
@@ -66,7 +66,6 @@ in
 
       # Completion
       luasnip # Snippet manager compatible with LSP
-      friendly-snippets # LSP snippets collection
       nvim-cmp # Completion engine
       cmp-async-path # More responsive path completion
       cmp-buffer # Words from open buffers
diff --git a/modules/home/vim/plugin/settings/luasnip.lua b/modules/home/vim/plugin/settings/luasnip.lua
deleted file mode 100644
index 80309d7..0000000
--- a/modules/home/vim/plugin/settings/luasnip.lua
+++ /dev/null
@@ -1 +0,0 @@
-require("luasnip.loaders.from_vscode").lazy_load()

From 53569f17a6850d00856ad4788516ff947f8907ad Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 5 Apr 2025 18:27:04 +0100
Subject: [PATCH 341/431] treewide: pre-commit-hooks.nix renaming

---
 flake.lock                     | 50 +++++++++++++++++-----------------
 flake.nix                      |  4 +--
 flake/checks.nix               |  2 +-
 templates/c++-cmake/flake.nix  |  8 +++---
 templates/c++-meson/flake.nix  |  8 +++---
 templates/rust-cargo/flake.nix |  8 +++---
 6 files changed, 40 insertions(+), 40 deletions(-)

diff --git a/flake.lock b/flake.lock
index a2d931a..353a392 100644
--- a/flake.lock
+++ b/flake.lock
@@ -108,10 +108,33 @@
         "type": "github"
       }
     },
+    "git-hooks": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1742649964,
+        "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "ref": "master",
+        "repo": "git-hooks.nix",
+        "type": "github"
+      }
+    },
     "gitignore": {
       "inputs": {
         "nixpkgs": [
-          "pre-commit-hooks",
+          "git-hooks",
           "nixpkgs"
         ]
       },
@@ -191,38 +214,15 @@
         "type": "github"
       }
     },
-    "pre-commit-hooks": {
-      "inputs": {
-        "flake-compat": "flake-compat",
-        "gitignore": "gitignore",
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1742649964,
-        "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
-        "owner": "cachix",
-        "repo": "pre-commit-hooks.nix",
-        "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "ref": "master",
-        "repo": "pre-commit-hooks.nix",
-        "type": "github"
-      }
-    },
     "root": {
       "inputs": {
         "agenix": "agenix",
         "flake-parts": "flake-parts",
         "futils": "futils",
+        "git-hooks": "git-hooks",
         "home-manager": "home-manager",
         "nixpkgs": "nixpkgs",
         "nur": "nur",
-        "pre-commit-hooks": "pre-commit-hooks",
         "systems": "systems"
       }
     },
diff --git a/flake.nix b/flake.nix
index afd3c80..5076729 100644
--- a/flake.nix
+++ b/flake.nix
@@ -61,10 +61,10 @@
       };
     };
 
-    pre-commit-hooks = {
+    git-hooks = {
       type = "github";
       owner = "cachix";
-      repo = "pre-commit-hooks.nix";
+      repo = "git-hooks.nix";
       ref = "master";
       inputs = {
         nixpkgs.follows = "nixpkgs";
diff --git a/flake/checks.nix b/flake/checks.nix
index 98e49bd..73e64d5 100644
--- a/flake/checks.nix
+++ b/flake/checks.nix
@@ -1,7 +1,7 @@
 { inputs, ... }:
 {
   imports = [
-    inputs.pre-commit-hooks.flakeModule
+    inputs.git-hooks.flakeModule
   ];
 
   perSystem = { ... }: {
diff --git a/templates/c++-cmake/flake.nix b/templates/c++-cmake/flake.nix
index db3b35c..36fd5ad 100644
--- a/templates/c++-cmake/flake.nix
+++ b/templates/c++-cmake/flake.nix
@@ -16,10 +16,10 @@
       ref = "nixos-unstable";
     };
 
-    pre-commit-hooks = {
+    git-hooks = {
       type = "github";
       owner = "cachix";
-      repo = "pre-commit-hooks.nix";
+      repo = "git-hooks.nix";
       ref = "master";
       inputs = {
         flake-utils.follows = "futils";
@@ -28,7 +28,7 @@
     };
   };
 
-  outputs = { self, futils, nixpkgs, pre-commit-hooks }:
+  outputs = { self, futils, nixpkgs, git-hooks }:
     {
       overlays = {
         default = final: _prev: {
@@ -69,7 +69,7 @@
           ];
         };
 
-        pre-commit = pre-commit-hooks.lib.${system}.run {
+        pre-commit = git-hooks.lib.${system}.run {
           src = self;
 
           hooks = {
diff --git a/templates/c++-meson/flake.nix b/templates/c++-meson/flake.nix
index 5957c62..961ba1f 100644
--- a/templates/c++-meson/flake.nix
+++ b/templates/c++-meson/flake.nix
@@ -16,10 +16,10 @@
       ref = "nixos-unstable";
     };
 
-    pre-commit-hooks = {
+    git-hooks = {
       type = "github";
       owner = "cachix";
-      repo = "pre-commit-hooks.nix";
+      repo = "git-hooks.nix";
       ref = "master";
       inputs = {
         flake-utils.follows = "futils";
@@ -28,7 +28,7 @@
     };
   };
 
-  outputs = { self, futils, nixpkgs, pre-commit-hooks }:
+  outputs = { self, futils, nixpkgs, git-hooks }:
     {
       overlays = {
         default = final: _prev: {
@@ -69,7 +69,7 @@
           ];
         };
 
-        pre-commit = pre-commit-hooks.lib.${system}.run {
+        pre-commit = git-hooks.lib.${system}.run {
           src = self;
 
           hooks = {
diff --git a/templates/rust-cargo/flake.nix b/templates/rust-cargo/flake.nix
index 6d50369..b9031d9 100644
--- a/templates/rust-cargo/flake.nix
+++ b/templates/rust-cargo/flake.nix
@@ -16,10 +16,10 @@
       ref = "nixos-unstable";
     };
 
-    pre-commit-hooks = {
+    git-hooks = {
       type = "github";
       owner = "cachix";
-      repo = "pre-commit-hooks.nix";
+      repo = "git-hooks.nix";
       ref = "master";
       inputs = {
         flake-utils.follows = "futils";
@@ -28,7 +28,7 @@
     };
   };
 
-  outputs = { self, futils, nixpkgs, pre-commit-hooks }:
+  outputs = { self, futils, nixpkgs, git-hooks }:
     {
       overlays = {
         default = final: _prev: {
@@ -60,7 +60,7 @@
           ];
         };
 
-        pre-commit = pre-commit-hooks.lib.${system}.run {
+        pre-commit = git-hooks.lib.${system}.run {
           src = self;
 
           hooks = {

From 418494004b3479f0e523d3f72eb995aab8dddf41 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 5 Apr 2025 18:29:51 +0100
Subject: [PATCH 342/431] templates: use 'pre-commit.enabledPackages'

---
 templates/c++-cmake/flake.nix  | 6 +++---
 templates/c++-meson/flake.nix  | 6 +++---
 templates/rust-cargo/flake.nix | 7 +++----
 3 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/templates/c++-cmake/flake.nix b/templates/c++-cmake/flake.nix
index 36fd5ad..eecb007 100644
--- a/templates/c++-cmake/flake.nix
+++ b/templates/c++-cmake/flake.nix
@@ -92,12 +92,12 @@
 
         devShells = {
           default = pkgs.mkShell {
-            inputsFrom = with self.packages.${system}; [
-              project
+            inputsFrom = [
+              self.packages.${system}.project
             ];
 
             packages = with pkgs; [
-              clang-tools
+              self.checks.${system}.pre-commit.enabledPackages
             ];
 
             inherit (pre-commit) shellHook;
diff --git a/templates/c++-meson/flake.nix b/templates/c++-meson/flake.nix
index 961ba1f..a435777 100644
--- a/templates/c++-meson/flake.nix
+++ b/templates/c++-meson/flake.nix
@@ -92,12 +92,12 @@
 
         devShells = {
           default = pkgs.mkShell {
-            inputsFrom = with self.packages.${system}; [
-              project
+            inputsFrom = [
+              self.packages.${system}.project
             ];
 
             packages = with pkgs; [
-              clang-tools
+              self.checks.${system}.pre-commit.enabledPackages
             ];
 
             inherit (pre-commit) shellHook;
diff --git a/templates/rust-cargo/flake.nix b/templates/rust-cargo/flake.nix
index b9031d9..502d902 100644
--- a/templates/rust-cargo/flake.nix
+++ b/templates/rust-cargo/flake.nix
@@ -88,14 +88,13 @@
 
         devShells = {
           default = pkgs.mkShell {
-            inputsFrom = with self.packages.${system}; [
-              project
+            inputsFrom = [
+              self.packages.${system}.project
             ];
 
             packages = with pkgs; [
-              clippy
               rust-analyzer
-              rustfmt
+              self.checks.${system}.pre-commit.enabledPackages
             ];
 
             RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}";

From 62ddec5c2346959e395b42775fbd82284bc8886f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 5 Apr 2025 18:46:14 +0100
Subject: [PATCH 343/431] templates: remove unused 'follows'

---
 templates/c++-cmake/flake.nix  | 1 -
 templates/c++-meson/flake.nix  | 1 -
 templates/rust-cargo/flake.nix | 1 -
 3 files changed, 3 deletions(-)

diff --git a/templates/c++-cmake/flake.nix b/templates/c++-cmake/flake.nix
index eecb007..7796f5e 100644
--- a/templates/c++-cmake/flake.nix
+++ b/templates/c++-cmake/flake.nix
@@ -22,7 +22,6 @@
       repo = "git-hooks.nix";
       ref = "master";
       inputs = {
-        flake-utils.follows = "futils";
         nixpkgs.follows = "nixpkgs";
       };
     };
diff --git a/templates/c++-meson/flake.nix b/templates/c++-meson/flake.nix
index a435777..cb14eb5 100644
--- a/templates/c++-meson/flake.nix
+++ b/templates/c++-meson/flake.nix
@@ -22,7 +22,6 @@
       repo = "git-hooks.nix";
       ref = "master";
       inputs = {
-        flake-utils.follows = "futils";
         nixpkgs.follows = "nixpkgs";
       };
     };
diff --git a/templates/rust-cargo/flake.nix b/templates/rust-cargo/flake.nix
index 502d902..efd8358 100644
--- a/templates/rust-cargo/flake.nix
+++ b/templates/rust-cargo/flake.nix
@@ -22,7 +22,6 @@
       repo = "git-hooks.nix";
       ref = "master";
       inputs = {
-        flake-utils.follows = "futils";
         nixpkgs.follows = "nixpkgs";
       };
     };

From ca98b8367c2ae384acd56271696f9a57de7f82f8 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 5 Apr 2025 18:18:06 +0100
Subject: [PATCH 344/431] templates: add python-uv

---
 templates/default.nix                       |   4 +
 templates/python-uv/.envrc                  |   6 ++
 templates/python-uv/.gitignore              |   6 ++
 templates/python-uv/.woodpecker/check.yml   |  31 ++++++
 templates/python-uv/flake.nix               | 112 ++++++++++++++++++++
 templates/python-uv/pyproject.toml          |  17 +++
 templates/python-uv/src/project/__init__.py |   2 +
 7 files changed, 178 insertions(+)
 create mode 100644 templates/python-uv/.envrc
 create mode 100644 templates/python-uv/.gitignore
 create mode 100644 templates/python-uv/.woodpecker/check.yml
 create mode 100644 templates/python-uv/flake.nix
 create mode 100644 templates/python-uv/pyproject.toml
 create mode 100644 templates/python-uv/src/project/__init__.py

diff --git a/templates/default.nix b/templates/default.nix
index 44db753..51864cd 100644
--- a/templates/default.nix
+++ b/templates/default.nix
@@ -7,6 +7,10 @@
     path = ./c++-meson;
     description = "A C++ project using Meson";
   };
+  "python-uv" = {
+    path = ./python-uv;
+    description = "A Python project using uv";
+  };
   "rust-cargo" = {
     path = ./rust-cargo;
     description = "A Rust project using Cargo";
diff --git a/templates/python-uv/.envrc b/templates/python-uv/.envrc
new file mode 100644
index 0000000..390d06d
--- /dev/null
+++ b/templates/python-uv/.envrc
@@ -0,0 +1,6 @@
+# shellcheck shell=bash
+if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then
+    source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg="
+fi
+
+use flake
diff --git a/templates/python-uv/.gitignore b/templates/python-uv/.gitignore
new file mode 100644
index 0000000..c79d1e8
--- /dev/null
+++ b/templates/python-uv/.gitignore
@@ -0,0 +1,6 @@
+# Virtual environments
+.venv
+
+# Nix generated files
+/.pre-commit-config.yaml
+/result
diff --git a/templates/python-uv/.woodpecker/check.yml b/templates/python-uv/.woodpecker/check.yml
new file mode 100644
index 0000000..272c0e4
--- /dev/null
+++ b/templates/python-uv/.woodpecker/check.yml
@@ -0,0 +1,31 @@
+labels:
+  backend: local
+
+steps:
+- name: pre-commit check
+  image: bash
+  commands:
+  - nix develop --command pre-commit run --all
+
+- name: nix flake check
+  image: bash
+  commands:
+  - nix flake check
+
+- name: notify
+  image: bash
+  environment:
+    ADDRESS:
+      from_secret: matrix_homeserver
+    ROOM:
+      from_secret: matrix_roomid
+    USER:
+      from_secret: matrix_username
+    PASS:
+      from_secret: matrix_password
+  commands:
+  - nix run github:ambroisie/matrix-notifier
+  when:
+    status:
+    - failure
+    - success
diff --git a/templates/python-uv/flake.nix b/templates/python-uv/flake.nix
new file mode 100644
index 0000000..5059e64
--- /dev/null
+++ b/templates/python-uv/flake.nix
@@ -0,0 +1,112 @@
+{
+  description = "A Python project";
+
+  inputs = {
+    futils = {
+      type = "github";
+      owner = "numtide";
+      repo = "flake-utils";
+      ref = "main";
+    };
+
+    nixpkgs = {
+      type = "github";
+      owner = "NixOS";
+      repo = "nixpkgs";
+      ref = "nixos-unstable";
+    };
+
+    git-hooks = {
+      type = "github";
+      owner = "cachix";
+      repo = "git-hooks.nix";
+      ref = "master";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+      };
+    };
+  };
+
+  outputs = { self, futils, nixpkgs, git-hooks }:
+    {
+      overlays = {
+        default = final: _prev: {
+          project = with final; python3.pkgs.buildPythonApplication {
+            pname = "project";
+            version = (final.lib.importTOML ./pyproject.toml).project.version;
+            pyproject = true;
+
+            src = self;
+
+            build-system = with python3.pkgs; [ setuptools ];
+
+            pythonImportsCheck = [ "project" ];
+
+            meta = with lib; {
+              description = "A Python project";
+              homepage = "https://git.belanyi.fr/ambroisie/project";
+              license = licenses.mit;
+              maintainers = with maintainers; [ ambroisie ];
+            };
+          };
+        };
+      };
+    } // futils.lib.eachDefaultSystem (system:
+      let
+        pkgs = import nixpkgs {
+          inherit system;
+          overlays = [
+            self.overlays.default
+          ];
+        };
+
+        pre-commit = git-hooks.lib.${system}.run {
+          src = self;
+
+          hooks = {
+            mypy = {
+              enable = true;
+            };
+
+            nixpkgs-fmt = {
+              enable = true;
+            };
+
+            ruff = {
+              enable = true;
+            };
+
+            ruff-format = {
+              enable = true;
+            };
+          };
+        };
+      in
+      {
+        checks = {
+          inherit (self.packages.${system}) project;
+
+          inherit pre-commit;
+        };
+
+        devShells = {
+          default = pkgs.mkShell {
+            inputsFrom = [
+              self.packages.${system}.project
+            ];
+
+            packages = with pkgs; [
+              uv
+              self.checks.${system}.pre-commit.enabledPackages
+            ];
+
+            inherit (pre-commit) shellHook;
+          };
+        };
+
+        packages = futils.lib.flattenTree {
+          default = pkgs.project;
+          inherit (pkgs) project;
+        };
+      });
+}
diff --git a/templates/python-uv/pyproject.toml b/templates/python-uv/pyproject.toml
new file mode 100644
index 0000000..7b2d896
--- /dev/null
+++ b/templates/python-uv/pyproject.toml
@@ -0,0 +1,17 @@
+[build-system]
+requires = ["setuptools"]
+build-backend = "setuptools.build_meta"
+
+
+[project]
+name = "project"
+version = "0.0.0"
+description = "project description"
+requires-python = ">=3.12"
+dependencies = []
+
+[project.scripts]
+project = "project:main"
+
+[dependency-groups]
+dev = []
diff --git a/templates/python-uv/src/project/__init__.py b/templates/python-uv/src/project/__init__.py
new file mode 100644
index 0000000..b06117d
--- /dev/null
+++ b/templates/python-uv/src/project/__init__.py
@@ -0,0 +1,2 @@
+def main() -> None:
+    print("Hello, world!")

From 7791ad09073529a8b01e534928fc0c61da139d53 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 31 Mar 2025 11:00:10 +0000
Subject: [PATCH 345/431] nixos: services: servarr: fix 'enableAll' logic

I renamed the option and refactored how it worked to make it more
explicit that it enables the entire suite by default, with explicit
opt-out of individual components (or fine-grained opt-in as an
alternative).
---
 hosts/nixos/porthos/services.nix           |  2 +-
 modules/nixos/services/servarr/default.nix | 20 +++++++++-----------
 2 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index ffd150a..021a6ae 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -144,7 +144,7 @@ in
     sabnzbd.enable = true;
     # The whole *arr software suite
     servarr = {
-      enable = true;
+      enableAll = true;
       # ... But not Lidarr because I don't care for music that much
       lidarr = {
         enable = false;
diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix
index e25d9cf..65c409a 100644
--- a/modules/nixos/services/servarr/default.nix
+++ b/modules/nixos/services/servarr/default.nix
@@ -19,6 +19,8 @@ let
       enable = true;
       group = "media";
     };
+    # Set-up media group
+    users.groups.media = { };
   };
 
   mkRedirection = service: {
@@ -54,34 +56,30 @@ let
 in
 {
   options.my.services.servarr = {
-    enable = lib.mkEnableOption "Media automation";
+    enableAll = lib.mkEnableOption "media automation suite";
 
     bazarr = {
-      enable = lib.my.mkDisableOption "Bazarr";
+      enable = lib.mkEnableOption "Bazarr" // { default = cfg.enableAll; };;
     };
 
     lidarr = {
-      enable = lib.my.mkDisableOption "Lidarr";
+      enable = lib.mkEnableOption "Lidarr" // { default = cfg.enableAll; };
     };
 
     radarr = {
-      enable = lib.my.mkDisableOption "Radarr";
+      enable = lib.mkEnableOption "Radarr" // { default = cfg.enableAll; };
     };
 
     readarr = {
-      enable = lib.my.mkDisableOption "Readarr";
+      enable = lib.mkEnableOption "Readarr" // { default = cfg.enableAll; };
     };
 
     sonarr = {
-      enable = lib.my.mkDisableOption "Sonarr";
+      enable = lib.mkEnableOption "Sonarr" // { default = cfg.enableAll; };
     };
   };
 
-  config = lib.mkIf cfg.enable (lib.mkMerge [
-    {
-      # Set-up media group
-      users.groups.media = { };
-    }
+  config = (lib.mkMerge [
     # Bazarr does not log authentication failures...
     (mkFullConfig "bazarr")
     # Lidarr for music

From 860c13ab1f456bc37ef092453c75c09ee08fc950 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 31 Mar 2025 10:51:21 +0000
Subject: [PATCH 346/431] nixos: services: servarr: extract bazarr

It's not an actual *arr package, but closely related to them. Extract
its configuration to a sub-module.
---
 modules/nixos/services/servarr/bazarr.nix  | 29 ++++++++++++++++++++++
 modules/nixos/services/servarr/default.nix | 11 +++-----
 2 files changed, 33 insertions(+), 7 deletions(-)
 create mode 100644 modules/nixos/services/servarr/bazarr.nix

diff --git a/modules/nixos/services/servarr/bazarr.nix b/modules/nixos/services/servarr/bazarr.nix
new file mode 100644
index 0000000..2d27c95
--- /dev/null
+++ b/modules/nixos/services/servarr/bazarr.nix
@@ -0,0 +1,29 @@
+{ config, lib, ... }:
+let
+  cfg = config.my.services.servarr.bazarr;
+in
+{
+  options.my.services.servarr.bazarr = with lib; {
+    enable = lib.mkEnableOption "Bazarr" // {
+      default = config.my.services.servarr.enableAll;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.bazarr = {
+      enable = true;
+      group = "media";
+    };
+
+    # Set-up media group
+    users.groups.media = { };
+
+    my.services.nginx.virtualHosts = {
+      bazarr = {
+        port = 6767;
+      };
+    };
+
+    # Bazarr does not log authentication failures...
+  };
+}
diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix
index 65c409a..53fd14b 100644
--- a/modules/nixos/services/servarr/default.nix
+++ b/modules/nixos/services/servarr/default.nix
@@ -7,7 +7,6 @@ let
   cfg = config.my.services.servarr;
 
   ports = {
-    bazarr = 6767;
     lidarr = 8686;
     radarr = 7878;
     readarr = 8787;
@@ -55,13 +54,13 @@ let
   ]);
 in
 {
+  imports = [
+    ./bazarr.nix
+  ];
+
   options.my.services.servarr = {
     enableAll = lib.mkEnableOption "media automation suite";
 
-    bazarr = {
-      enable = lib.mkEnableOption "Bazarr" // { default = cfg.enableAll; };;
-    };
-
     lidarr = {
       enable = lib.mkEnableOption "Lidarr" // { default = cfg.enableAll; };
     };
@@ -80,8 +79,6 @@ in
   };
 
   config = (lib.mkMerge [
-    # Bazarr does not log authentication failures...
-    (mkFullConfig "bazarr")
     # Lidarr for music
     (mkFullConfig "lidarr")
     (mkFail2Ban "lidarr")

From 1f876d3e214081aa3bd006a9b78fe5772473c382 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 31 Mar 2025 10:53:32 +0000
Subject: [PATCH 347/431] nixos: services: servarr: bazarr: add 'port'

---
 modules/nixos/services/servarr/bazarr.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/modules/nixos/services/servarr/bazarr.nix b/modules/nixos/services/servarr/bazarr.nix
index 2d27c95..637da0c 100644
--- a/modules/nixos/services/servarr/bazarr.nix
+++ b/modules/nixos/services/servarr/bazarr.nix
@@ -7,12 +7,20 @@ in
     enable = lib.mkEnableOption "Bazarr" // {
       default = config.my.services.servarr.enableAll;
     };
+
+    port = mkOption {
+      type = types.port;
+      default = 6767;
+      example = 8080;
+      description = "Internal port for webui";
+    };
   };
 
   config = lib.mkIf cfg.enable {
     services.bazarr = {
       enable = true;
       group = "media";
+      listenPort = cfg.port;
     };
 
     # Set-up media group
@@ -20,7 +28,7 @@ in
 
     my.services.nginx.virtualHosts = {
       bazarr = {
-        port = 6767;
+        inherit (cfg) port;
       };
     };
 

From 8e6be43817d1337df7a5169bf62ae7d05e5689fb Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 31 Mar 2025 11:07:21 +0000
Subject: [PATCH 348/431] nixox: services: servarr: refactor starr config

Makes it slightly DRY-er and more readable.
---
 modules/nixos/services/servarr/default.nix | 87 ++--------------------
 modules/nixos/services/servarr/starr.nix   | 51 +++++++++++++
 2 files changed, 56 insertions(+), 82 deletions(-)
 create mode 100644 modules/nixos/services/servarr/starr.nix

diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix
index 53fd14b..398461b 100644
--- a/modules/nixos/services/servarr/default.nix
+++ b/modules/nixos/services/servarr/default.nix
@@ -2,94 +2,17 @@
 # Relevant link [1].
 #
 # [1]: https://youtu.be/I26Ql-uX6AM
-{ config, lib, ... }:
-let
-  cfg = config.my.services.servarr;
-
-  ports = {
-    lidarr = 8686;
-    radarr = 7878;
-    readarr = 8787;
-    sonarr = 8989;
-  };
-
-  mkService = service: {
-    services.${service} = {
-      enable = true;
-      group = "media";
-    };
-    # Set-up media group
-    users.groups.media = { };
-  };
-
-  mkRedirection = service: {
-    my.services.nginx.virtualHosts = {
-      ${service} = {
-        port = ports.${service};
-      };
-    };
-  };
-
-  mkFail2Ban = service: lib.mkIf cfg.${service}.enable {
-    services.fail2ban.jails = {
-      ${service} = ''
-        enabled = true
-        filter = ${service}
-        action = iptables-allports
-      '';
-    };
-
-    environment.etc = {
-      "fail2ban/filter.d/${service}.conf".text = ''
-        [Definition]
-        failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
-        journalmatch = _SYSTEMD_UNIT=${service}.service
-      '';
-    };
-  };
-
-  mkFullConfig = service: lib.mkIf cfg.${service}.enable (lib.mkMerge [
-    (mkService service)
-    (mkRedirection service)
-  ]);
-in
+{ lib, ... }:
 {
   imports = [
     ./bazarr.nix
+    (import ./starr.nix "lidarr")
+    (import ./starr.nix "radarr")
+    (import ./starr.nix "readarr")
+    (import ./starr.nix "sonarr")
   ];
 
   options.my.services.servarr = {
     enableAll = lib.mkEnableOption "media automation suite";
-
-    lidarr = {
-      enable = lib.mkEnableOption "Lidarr" // { default = cfg.enableAll; };
-    };
-
-    radarr = {
-      enable = lib.mkEnableOption "Radarr" // { default = cfg.enableAll; };
-    };
-
-    readarr = {
-      enable = lib.mkEnableOption "Readarr" // { default = cfg.enableAll; };
-    };
-
-    sonarr = {
-      enable = lib.mkEnableOption "Sonarr" // { default = cfg.enableAll; };
-    };
   };
-
-  config = (lib.mkMerge [
-    # Lidarr for music
-    (mkFullConfig "lidarr")
-    (mkFail2Ban "lidarr")
-    # Radarr for movies
-    (mkFullConfig "radarr")
-    (mkFail2Ban "radarr")
-    # Readarr for books
-    (mkFullConfig "readarr")
-    (mkFail2Ban "readarr")
-    # Sonarr for shows
-    (mkFullConfig "sonarr")
-    (mkFail2Ban "sonarr")
-  ]);
 }
diff --git a/modules/nixos/services/servarr/starr.nix b/modules/nixos/services/servarr/starr.nix
new file mode 100644
index 0000000..e9c84f9
--- /dev/null
+++ b/modules/nixos/services/servarr/starr.nix
@@ -0,0 +1,51 @@
+# Templated *arr configuration
+starr:
+{ config, lib, ... }:
+let
+  cfg = config.my.services.servarr.${starr};
+  ports = {
+    lidarr = 8686;
+    radarr = 7878;
+    readarr = 8787;
+    sonarr = 8989;
+  };
+in
+{
+  options.my.services.servarr.${starr} = with lib; {
+    enable = lib.mkEnableOption (lib.toSentenceCase starr) // {
+      default = config.my.services.servarr.enableAll;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.${starr} = {
+      enable = true;
+      group = "media";
+    };
+
+    # Set-up media group
+    users.groups.media = { };
+
+    my.services.nginx.virtualHosts = {
+      ${starr} = {
+        port = ports.${starr};
+      };
+    };
+
+    services.fail2ban.jails = {
+      ${starr} = ''
+        enabled = true
+        filter = ${starr}
+        action = iptables-allports
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/${starr}.conf".text = ''
+        [Definition]
+        failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
+        journalmatch = _SYSTEMD_UNIT=${starr}.service
+      '';
+    };
+  };
+}

From d783b5f5ee598ddd82e585c12d8e397c55a1e3b1 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 31 Mar 2025 11:12:16 +0000
Subject: [PATCH 349/431] nixos: services: servarr: starr: add 'port'

Now that declarative configurations are supported for those
applications.
---
 modules/nixos/services/servarr/starr.nix | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/modules/nixos/services/servarr/starr.nix b/modules/nixos/services/servarr/starr.nix
index e9c84f9..2bf7c11 100644
--- a/modules/nixos/services/servarr/starr.nix
+++ b/modules/nixos/services/servarr/starr.nix
@@ -15,12 +15,25 @@ in
     enable = lib.mkEnableOption (lib.toSentenceCase starr) // {
       default = config.my.services.servarr.enableAll;
     };
+
+    port = mkOption {
+      type = types.port;
+      default = ports.${starr};
+      example = 8080;
+      description = "Internal port for webui";
+    };
   };
 
   config = lib.mkIf cfg.enable {
     services.${starr} = {
       enable = true;
       group = "media";
+
+      settings = {
+        server = {
+          port = cfg.port;
+        };
+      };
     };
 
     # Set-up media group
@@ -28,7 +41,7 @@ in
 
     my.services.nginx.virtualHosts = {
       ${starr} = {
-        port = ports.${starr};
+        port = cfg.port;
       };
     };
 

From f825d047b5f17cdff8cd096660abf48ed79e7f72 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 31 Mar 2025 11:21:24 +0000
Subject: [PATCH 350/431] nixos: services: servarr: migrate prowlarr

The configuration doesn't have `group`, so it's a slightly different
configuration to the rest of the *arr services.

I also want to move the other two indexer modules under `servarr`, as
they are all closely related.
---
 hosts/nixos/porthos/services.nix            |  4 --
 modules/nixos/services/indexers/default.nix | 30 ------------
 modules/nixos/services/servarr/default.nix  |  1 +
 modules/nixos/services/servarr/prowlarr.nix | 53 +++++++++++++++++++++
 4 files changed, 54 insertions(+), 34 deletions(-)
 create mode 100644 modules/nixos/services/servarr/prowlarr.nix

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index 021a6ae..9017894 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -51,10 +51,6 @@ in
         passwordFile = secrets."forgejo/mail-password".path;
       };
     };
-    # Meta-indexers
-    indexers = {
-      prowlarr.enable = true;
-    };
     # Jellyfin media server
     jellyfin.enable = true;
     # Gitea mirrorig service
diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix
index 8a42345..00bf316 100644
--- a/modules/nixos/services/indexers/default.nix
+++ b/modules/nixos/services/indexers/default.nix
@@ -5,13 +5,11 @@ let
 
   jackettPort = 9117;
   nzbhydraPort = 5076;
-  prowlarrPort = 9696;
 in
 {
   options.my.services.indexers = with lib; {
     jackett.enable = mkEnableOption "Jackett torrent meta-indexer";
     nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer";
-    prowlarr.enable = mkEnableOption "Prowlarr torrent & usenet meta-indexer";
   };
 
   config = lib.mkMerge [
@@ -46,33 +44,5 @@ in
         };
       };
     })
-
-    (lib.mkIf cfg.prowlarr.enable {
-      services.prowlarr = {
-        enable = true;
-      };
-
-      my.services.nginx.virtualHosts = {
-        prowlarr = {
-          port = prowlarrPort;
-        };
-      };
-
-      services.fail2ban.jails = {
-        prowlarr = ''
-          enabled = true
-          filter = prowlarr
-          action = iptables-allports
-        '';
-      };
-
-      environment.etc = {
-        "fail2ban/filter.d/prowlarr.conf".text = ''
-          [Definition]
-          failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
-          journalmatch = _SYSTEMD_UNIT=prowlarr.service
-        '';
-      };
-    })
   ];
 }
diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix
index 398461b..1bca773 100644
--- a/modules/nixos/services/servarr/default.nix
+++ b/modules/nixos/services/servarr/default.nix
@@ -6,6 +6,7 @@
 {
   imports = [
     ./bazarr.nix
+    ./prowlarr.nix
     (import ./starr.nix "lidarr")
     (import ./starr.nix "radarr")
     (import ./starr.nix "readarr")
diff --git a/modules/nixos/services/servarr/prowlarr.nix b/modules/nixos/services/servarr/prowlarr.nix
new file mode 100644
index 0000000..ce044c6
--- /dev/null
+++ b/modules/nixos/services/servarr/prowlarr.nix
@@ -0,0 +1,53 @@
+# Torrent and NZB indexer
+{ config, lib, ... }:
+let
+  cfg = config.my.services.servarr.prowlarr;
+in
+{
+  options.my.services.servarr.prowlarr = with lib; {
+    enable = lib.mkEnableOption "Prowlarr" // {
+      default = config.my.services.servarr.enableAll;
+    };
+
+    port = mkOption {
+      type = types.port;
+      default = 9696;
+      example = 8080;
+      description = "Internal port for webui";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.prowlarr = {
+      enable = true;
+
+      settings = {
+        server = {
+          port = cfg.port;
+        };
+      };
+    };
+
+    my.services.nginx.virtualHosts = {
+      prowlarr = {
+        inherit (cfg) port;
+      };
+    };
+
+    services.fail2ban.jails = {
+      prowlarr = ''
+        enabled = true
+        filter = prowlarr
+        action = iptables-allports
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/prowlarr.conf".text = ''
+        [Definition]
+        failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
+        journalmatch = _SYSTEMD_UNIT=prowlarr.service
+      '';
+    };
+  };
+}

From 950cf4dd059e74d87084747b25e70138753b82d5 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 31 Mar 2025 11:27:18 +0000
Subject: [PATCH 351/431] nixos: services: servarr: migrate jackett

---
 hosts/nixos/porthos/services.nix            |  4 +++
 modules/nixos/services/indexers/default.nix | 22 --------------
 modules/nixos/services/servarr/default.nix  |  1 +
 modules/nixos/services/servarr/jackett.nix  | 33 +++++++++++++++++++++
 4 files changed, 38 insertions(+), 22 deletions(-)
 create mode 100644 modules/nixos/services/servarr/jackett.nix

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index 9017894..d45846a 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -145,6 +145,10 @@ in
       lidarr = {
         enable = false;
       };
+      # I only use Prowlarr nowadays
+      jackett = {
+        enable = false;
+      };
     };
     # Because I still need to play sysadmin
     ssh-server.enable = true;
diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix
index 00bf316..5d81079 100644
--- a/modules/nixos/services/indexers/default.nix
+++ b/modules/nixos/services/indexers/default.nix
@@ -3,36 +3,14 @@
 let
   cfg = config.my.services.indexers;
 
-  jackettPort = 9117;
   nzbhydraPort = 5076;
 in
 {
   options.my.services.indexers = with lib; {
-    jackett.enable = mkEnableOption "Jackett torrent meta-indexer";
     nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer";
   };
 
   config = lib.mkMerge [
-    (lib.mkIf cfg.jackett.enable {
-      services.jackett = {
-        enable = true;
-      };
-
-      # Jackett wants to eat *all* my RAM if left to its own devices
-      systemd.services.jackett = {
-        serviceConfig = {
-          MemoryHigh = "15%";
-          MemoryMax = "25%";
-        };
-      };
-
-      my.services.nginx.virtualHosts = {
-        jackett = {
-          port = jackettPort;
-        };
-      };
-    })
-
     (lib.mkIf cfg.nzbhydra.enable {
       services.nzbhydra2 = {
         enable = true;
diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix
index 1bca773..06a1cef 100644
--- a/modules/nixos/services/servarr/default.nix
+++ b/modules/nixos/services/servarr/default.nix
@@ -6,6 +6,7 @@
 {
   imports = [
     ./bazarr.nix
+    ./jackett.nix
     ./prowlarr.nix
     (import ./starr.nix "lidarr")
     (import ./starr.nix "radarr")
diff --git a/modules/nixos/services/servarr/jackett.nix b/modules/nixos/services/servarr/jackett.nix
new file mode 100644
index 0000000..756df9b
--- /dev/null
+++ b/modules/nixos/services/servarr/jackett.nix
@@ -0,0 +1,33 @@
+{ config, lib, ... }:
+let
+  cfg = config.my.services.servarr.jackett;
+in
+{
+  options.my.services.servarr.jackett = with lib; {
+    enable = lib.mkEnableOption "Jackett" // {
+      default = config.my.services.servarr.enableAll;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.jackett = {
+      enable = true;
+    };
+
+    # Jackett wants to eat *all* my RAM if left to its own devices
+    systemd.services.jackett = {
+      serviceConfig = {
+        MemoryHigh = "15%";
+        MemoryMax = "25%";
+      };
+    };
+
+    my.services.nginx.virtualHosts = {
+      jackett = {
+        port = 9117;
+      };
+    };
+
+    # Jackett does not log authentication failures...
+  };
+}

From c823edf58415c1f07eebd03a21617c09447cafbb Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 31 Mar 2025 11:28:04 +0000
Subject: [PATCH 352/431] nixos: services: servarr: jackett: add 'port'

---
 modules/nixos/services/servarr/jackett.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/modules/nixos/services/servarr/jackett.nix b/modules/nixos/services/servarr/jackett.nix
index 756df9b..481cd3d 100644
--- a/modules/nixos/services/servarr/jackett.nix
+++ b/modules/nixos/services/servarr/jackett.nix
@@ -7,11 +7,19 @@ in
     enable = lib.mkEnableOption "Jackett" // {
       default = config.my.services.servarr.enableAll;
     };
+
+    port = mkOption {
+      type = types.port;
+      default = 9117;
+      example = 8080;
+      description = "Internal port for webui";
+    };
   };
 
   config = lib.mkIf cfg.enable {
     services.jackett = {
       enable = true;
+      inherit (cfg) port;
     };
 
     # Jackett wants to eat *all* my RAM if left to its own devices
@@ -24,7 +32,7 @@ in
 
     my.services.nginx.virtualHosts = {
       jackett = {
-        port = 9117;
+        inherit (cfg) port;
       };
     };
 

From b1ade723837cbffcfc8a1ac24fa96566392e5e3d Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 31 Mar 2025 11:32:39 +0000
Subject: [PATCH 353/431] nixos: services: servarr: migrate nzbhydra

---
 hosts/nixos/porthos/services.nix            |  3 +++
 modules/nixos/services/default.nix          |  1 -
 modules/nixos/services/indexers/default.nix | 26 ---------------------
 modules/nixos/services/servarr/default.nix  |  1 +
 modules/nixos/services/servarr/nzbhydra.nix | 25 ++++++++++++++++++++
 5 files changed, 29 insertions(+), 27 deletions(-)
 delete mode 100644 modules/nixos/services/indexers/default.nix
 create mode 100644 modules/nixos/services/servarr/nzbhydra.nix

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index d45846a..7efddfa 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -149,6 +149,9 @@ in
       jackett = {
         enable = false;
       };
+      nzbhydra = {
+        enable = false;
+      };
     };
     # Because I still need to play sysadmin
     ssh-server.enable = true;
diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix
index 3992385..27f8765 100644
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@@ -15,7 +15,6 @@
     ./gitea
     ./grocy
     ./homebox
-    ./indexers
     ./jellyfin
     ./komga
     ./lohr
diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix
deleted file mode 100644
index 5d81079..0000000
--- a/modules/nixos/services/indexers/default.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-# Torrent and usenet meta-indexers
-{ config, lib, ... }:
-let
-  cfg = config.my.services.indexers;
-
-  nzbhydraPort = 5076;
-in
-{
-  options.my.services.indexers = with lib; {
-    nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer";
-  };
-
-  config = lib.mkMerge [
-    (lib.mkIf cfg.nzbhydra.enable {
-      services.nzbhydra2 = {
-        enable = true;
-      };
-
-      my.services.nginx.virtualHosts = {
-        nzbhydra = {
-          port = nzbhydraPort;
-        };
-      };
-    })
-  ];
-}
diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix
index 06a1cef..23838fd 100644
--- a/modules/nixos/services/servarr/default.nix
+++ b/modules/nixos/services/servarr/default.nix
@@ -7,6 +7,7 @@
   imports = [
     ./bazarr.nix
     ./jackett.nix
+    ./nzbhydra.nix
     ./prowlarr.nix
     (import ./starr.nix "lidarr")
     (import ./starr.nix "radarr")
diff --git a/modules/nixos/services/servarr/nzbhydra.nix b/modules/nixos/services/servarr/nzbhydra.nix
new file mode 100644
index 0000000..4112c30
--- /dev/null
+++ b/modules/nixos/services/servarr/nzbhydra.nix
@@ -0,0 +1,25 @@
+{ config, lib, ... }:
+let
+  cfg = config.my.services.servarr.nzbhydra;
+in
+{
+  options.my.services.servarr.nzbhydra = with lib; {
+    enable = lib.mkEnableOption "NZBHydra2" // {
+      default = config.my.services.servarr.enableAll;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.nzbhydra2 = {
+      enable = true;
+    };
+
+    my.services.nginx.virtualHosts = {
+      nzbhydra = {
+        port = 5076;
+      };
+    };
+
+    # NZBHydra2 does not log authentication failures...
+  };
+}

From ec965800e4a1cd0d8a26f7e2ba50d31e85aaf9b9 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 31 Mar 2025 11:34:25 +0000
Subject: [PATCH 354/431] nixos: services: servarr: nzbhydra: fix websockets

From what I could read, NZBHydra2 *might* require proxying websockets in
new versions (better safe than sorry).
---
 modules/nixos/services/servarr/nzbhydra.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/nixos/services/servarr/nzbhydra.nix b/modules/nixos/services/servarr/nzbhydra.nix
index 4112c30..7b63986 100644
--- a/modules/nixos/services/servarr/nzbhydra.nix
+++ b/modules/nixos/services/servarr/nzbhydra.nix
@@ -17,6 +17,7 @@ in
     my.services.nginx.virtualHosts = {
       nzbhydra = {
         port = 5076;
+        websocketsLocations = [ "/" ];
       };
     };
 

From 351026418678281890d469c7d183516f34bba445 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 31 Mar 2025 22:49:11 +0200
Subject: [PATCH 355/431] flake: bump inputs

---
 flake.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/flake.lock b/flake.lock
index 353a392..d86d6b5 100644
--- a/flake.lock
+++ b/flake.lock
@@ -159,11 +159,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1743607567,
-        "narHash": "sha256-kTzKPDFmNzwO1cK4fiJgPB/iSw7HgBAmknRTeAPJAeI=",
+        "lastModified": 1743869639,
+        "narHash": "sha256-Xhe3whfRW/Ay05z9m1EZ1/AkbV1yo0tm1CbgjtCi4rQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "49748c74cdbae03d70381f150b810f92617f23aa",
+        "rev": "d094c6763c6ddb860580e7d3b4201f8f496a6836",
         "type": "github"
       },
       "original": {
@@ -175,11 +175,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1743448293,
-        "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=",
+        "lastModified": 1743689281,
+        "narHash": "sha256-y7Hg5lwWhEOgflEHRfzSH96BOt26LaYfrYWzZ+VoVdg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3",
+        "rev": "2bfc080955153be0be56724be6fa5477b4eefabb",
         "type": "github"
       },
       "original": {

From 215eb4c91ac722b8da4bb38c6791695021c3b516 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 13 Feb 2025 22:59:51 +0100
Subject: [PATCH 356/431] nixos: services: servarr: add autobrr

---
 hosts/nixos/porthos/services.nix           |  3 ++
 modules/nixos/services/servarr/autobrr.nix | 62 ++++++++++++++++++++++
 modules/nixos/services/servarr/default.nix |  1 +
 3 files changed, 66 insertions(+)
 create mode 100644 modules/nixos/services/servarr/autobrr.nix

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index 7efddfa..cb77fbe 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -141,6 +141,9 @@ in
     # The whole *arr software suite
     servarr = {
       enableAll = true;
+      autobrr = {
+        enable = false;
+      };
       # ... But not Lidarr because I don't care for music that much
       lidarr = {
         enable = false;
diff --git a/modules/nixos/services/servarr/autobrr.nix b/modules/nixos/services/servarr/autobrr.nix
new file mode 100644
index 0000000..afb07f4
--- /dev/null
+++ b/modules/nixos/services/servarr/autobrr.nix
@@ -0,0 +1,62 @@
+# IRC-based
+{ config, lib, ... }:
+let
+  cfg = config.my.services.servarr.autobrr;
+in
+{
+  options.my.services.servarr.autobrr = with lib; {
+    enable = mkEnableOption "autobrr IRC announce tracker" // {
+      default = config.my.services.servarr.enableAll;
+    };
+
+    port = mkOption {
+      type = types.port;
+      default = 7474;
+      example = 8080;
+      description = "Internal port for webui";
+    };
+
+    sessionSecretFile = mkOption {
+      type = types.str;
+      example = "/run/secrets/autobrr-secret.txt";
+      description = ''
+        File containing the session secret.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.autobrr = {
+      enable = true;
+
+      settings = {
+        inherit (cfg) port;
+        checkForUpdates = false;
+      };
+
+      secretFile = cfg.sessionSecretFile;
+    };
+
+    my.services.nginx.virtualHosts = {
+      autobrr = {
+        inherit (cfg) port;
+      };
+    };
+
+    services.fail2ban.jails = {
+      autobrr = ''
+        enabled = true
+        filter = autobrr
+        action = iptables-allports
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/autobrr.conf".text = ''
+        [Definition]
+        failregex = ^.*Auth: invalid login \[.*\] from: <HOST>$
+        journalmatch = _SYSTEMD_UNIT=autobrr.service
+      '';
+    };
+  };
+}
diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix
index 23838fd..409fcdc 100644
--- a/modules/nixos/services/servarr/default.nix
+++ b/modules/nixos/services/servarr/default.nix
@@ -5,6 +5,7 @@
 { lib, ... }:
 {
   imports = [
+    ./autobrr.nix
     ./bazarr.nix
     ./jackett.nix
     ./nzbhydra.nix

From 979814e9dea51880a2ed2c3f37033b994160441d Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 13 Feb 2025 21:58:19 +0000
Subject: [PATCH 357/431] hosts: nixos: porthos: secrets: add autobrr

---
 hosts/nixos/porthos/secrets/secrets.nix                    | 2 ++
 .../porthos/secrets/servarr/autobrr/session-secret.age     | 7 +++++++
 2 files changed, 9 insertions(+)
 create mode 100644 hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age

diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix
index 68e90f2..425756c 100644
--- a/hosts/nixos/porthos/secrets/secrets.nix
+++ b/hosts/nixos/porthos/secrets/secrets.nix
@@ -80,6 +80,8 @@ in
 
   "pyload/credentials.age".publicKeys = all;
 
+  "servarr/autobrr/session-secret.age".publicKeys = all;
+
   "sso/auth-key.age" = {
     owner = "nginx-sso";
     publicKeys = all;
diff --git a/hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age b/hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age
new file mode 100644
index 0000000..e98b94a
--- /dev/null
+++ b/hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 cKojmg bu09lB+fjaPP31cUQZP6EqSPuseucgNK7k9vAS08iS0
++NGL+b2QD/qGo6hqHvosAXzHZtDvfodmPdcgnrKlD1o
+-> ssh-ed25519 jPowng QDCdRBGWhtdvvMCiDH52cZHz1/W7aomhTatZ4+9IKwI
+Ou3jjV/O55G1CPgGS33l3eWhhYWrVdwVNPSiE14d5rE
+--- q0ssmpG50OX1WaNSInc2hbtH3DbTwQGDU74VGEoMh94
+��mC���Ƒ'hK.��/�Xu(����g$�'��M{fK��!�MZ�oR�����՝͟�;yb
\ No newline at end of file

From b8c649d5bff68813cb8589c776cf39a17cef91ea Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 30 Mar 2025 20:22:01 +0200
Subject: [PATCH 358/431] hosts: nixos: porthos: services: enable autobrr

---
 hosts/nixos/porthos/services.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index cb77fbe..784eb31 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -142,7 +142,7 @@ in
     servarr = {
       enableAll = true;
       autobrr = {
-        enable = false;
+        sessionSecretFile = secrets."servarr/autobrr/session-secret".path;
       };
       # ... But not Lidarr because I don't care for music that much
       lidarr = {

From 08f7c2bd7912696047e815adbb92adf89f4e47c7 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 5 Apr 2025 20:24:21 +0200
Subject: [PATCH 359/431] nixos: services: nextcloud: bump to 31

---
 modules/nixos/services/nextcloud/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix
index fe94177..cf1b876 100644
--- a/modules/nixos/services/nextcloud/default.nix
+++ b/modules/nixos/services/nextcloud/default.nix
@@ -35,7 +35,7 @@ in
   config = lib.mkIf cfg.enable {
     services.nextcloud = {
       enable = true;
-      package = pkgs.nextcloud30;
+      package = pkgs.nextcloud31;
       hostName = "nextcloud.${config.networking.domain}";
       home = "/var/lib/nextcloud";
       maxUploadSize = cfg.maxSize;

From 01529075369d01274302efaaa8df55aac77b1a21 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 7 Apr 2025 10:19:30 +0000
Subject: [PATCH 360/431] flake: nixos: use 'self.dirtyRev' if available

---
 flake/nixos.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/flake/nixos.nix b/flake/nixos.nix
index fa656dc..bf9eac8 100644
--- a/flake/nixos.nix
+++ b/flake/nixos.nix
@@ -3,7 +3,7 @@ let
   defaultModules = [
     {
       # Let 'nixos-version --json' know about the Git revision
-      system.configurationRevision = self.rev or "dirty";
+      system.configurationRevision = self.rev or self.dirtyRev or "dirty";
     }
     {
       nixpkgs.overlays = (lib.attrValues self.overlays) ++ [

From a1cab7f60649123658bb8df098c5eff934d0364b Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 7 Apr 2025 15:50:22 +0000
Subject: [PATCH 361/431] flake: home-manager: set overlays in module

I need to inherit `lib` to make sure it picks up my version, not the one
from `pkgs`.

I can't use `extraSpecialArgs` like NixOS, due to it missing from
upstream [1].

[1]: https://github.com/nix-community/home-manager/pull/3969
---
 flake/home-manager.nix | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/flake/home-manager.nix b/flake/home-manager.nix
index add889e..093ae8c 100644
--- a/flake/home-manager.nix
+++ b/flake/home-manager.nix
@@ -3,6 +3,11 @@ let
   defaultModules = [
     # Include generic settings
     "${self}/modules/home"
+    {
+      nixpkgs.overlays = (lib.attrValues self.overlays) ++ [
+        inputs.nur.overlays.default
+      ];
+    }
     {
       # Basic user information defaults
       home.username = lib.mkDefault "ambroisie";
@@ -21,18 +26,15 @@ let
     # * not letting me set `lib` as an extraSpecialArgs
     # * not respecting `nixpkgs.overlays` [1]
     # [1]: https://github.com/nix-community/home-manager/issues/2954
-    pkgs = import inputs.nixpkgs {
-      inherit system;
-
-      overlays = (lib.attrValues self.overlays) ++ [
-        inputs.nur.overlays.default
-      ];
-    };
+    pkgs = inputs.nixpkgs.legacyPackages.${system};
 
     modules = defaultModules ++ [
       "${self}/hosts/homes/${name}"
     ];
 
+    # Use my extended lib in NixOS configuration
+    inherit (self) lib;
+
     extraSpecialArgs = {
       # Inject inputs to use them in global registry
       inherit inputs;

From e5bf5a3ba1ce7c6d2aa09658303dcabf72bb09b9 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 9 Apr 2025 11:41:07 +0200
Subject: [PATCH 362/431] flake: bump inputs

---
 flake.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/flake.lock b/flake.lock
index d86d6b5..9e61219 100644
--- a/flake.lock
+++ b/flake.lock
@@ -175,11 +175,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1743689281,
-        "narHash": "sha256-y7Hg5lwWhEOgflEHRfzSH96BOt26LaYfrYWzZ+VoVdg=",
+        "lastModified": 1744174375,
+        "narHash": "sha256-oxI9TLgnQbQ/WL0tIwVSIooLbXq4PW1QUhf5aQmXFgk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2bfc080955153be0be56724be6fa5477b4eefabb",
+        "rev": "ef3a956f697525883b77192cbe208233ea0f8f79",
         "type": "github"
       },
       "original": {

From 439a6bc930ea7eabb372824c71d4a9174d4588b5 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 9 Apr 2025 12:26:04 +0200
Subject: [PATCH 363/431] nixos: services: homebox: use postgres

---
 modules/nixos/services/homebox/default.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/nixos/services/homebox/default.nix b/modules/nixos/services/homebox/default.nix
index d79e331..bde59e6 100644
--- a/modules/nixos/services/homebox/default.nix
+++ b/modules/nixos/services/homebox/default.nix
@@ -19,6 +19,11 @@ in
     services.homebox = {
       enable = true;
 
+      # Automatic PostgreSQL provisioning
+      database = {
+        createLocally = true;
+      };
+
       settings = {
         # FIXME: mailer?
         HBOX_WEB_PORT = toString cfg.port;

From 1dd1dbb917b17da7864a4ac20a977869ff752ac2 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 9 Apr 2025 12:26:42 +0200
Subject: [PATCH 364/431] nixos: services: homebox: proxy websockets

Should avoid a bunch of error logs, and ensure that e.g: adding a label
does not require a refresh to show it in a list.
---
 modules/nixos/services/homebox/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/nixos/services/homebox/default.nix b/modules/nixos/services/homebox/default.nix
index bde59e6..8ed5d77 100644
--- a/modules/nixos/services/homebox/default.nix
+++ b/modules/nixos/services/homebox/default.nix
@@ -33,6 +33,7 @@ in
     my.services.nginx.virtualHosts = {
       homebox = {
         inherit (cfg) port;
+        websocketsLocations = [ "/api" ];
       };
     };
 

From bd55ecc016eb49eca60b98ab0d2a22eca49a95ce Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 9 Apr 2025 12:27:51 +0200
Subject: [PATCH 365/431] hosts: nixos: porthos: services: enable homebox

---
 hosts/nixos/porthos/services.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index 784eb31..561da27 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -51,6 +51,10 @@ in
         passwordFile = secrets."forgejo/mail-password".path;
       };
     };
+    # Home inventory
+    homebox = {
+      enable = true;
+    };
     # Jellyfin media server
     jellyfin.enable = true;
     # Gitea mirrorig service

From a28295da27b96301bba49cd68cb6ae017be4be76 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 11 Apr 2025 19:01:08 +0200
Subject: [PATCH 366/431] nixos: services: servarr: autobrr: fix comment

---
 modules/nixos/services/servarr/autobrr.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/nixos/services/servarr/autobrr.nix b/modules/nixos/services/servarr/autobrr.nix
index afb07f4..4465a78 100644
--- a/modules/nixos/services/servarr/autobrr.nix
+++ b/modules/nixos/services/servarr/autobrr.nix
@@ -1,4 +1,4 @@
-# IRC-based
+# IRC-based indexer
 { config, lib, ... }:
 let
   cfg = config.my.services.servarr.autobrr;

From a0473a5c6cd191ea649c250dc7e8f6094e74adba Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 12 Apr 2025 11:27:47 +0200
Subject: [PATCH 367/431] nixos: services: servarr: autobrr: fix fail2ban

The log line for authentication failures has been updated since the
original PR.

It also happens to be logged in JSON, and I'm a bit too lazy to match it
more properly than this.
---
 modules/nixos/services/servarr/autobrr.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/nixos/services/servarr/autobrr.nix b/modules/nixos/services/servarr/autobrr.nix
index 4465a78..398e878 100644
--- a/modules/nixos/services/servarr/autobrr.nix
+++ b/modules/nixos/services/servarr/autobrr.nix
@@ -54,7 +54,7 @@ in
     environment.etc = {
       "fail2ban/filter.d/autobrr.conf".text = ''
         [Definition]
-        failregex = ^.*Auth: invalid login \[.*\] from: <HOST>$
+        failregex = "message":"Auth: Failed login attempt username: \[.*\] ip: <HOST>"
         journalmatch = _SYSTEMD_UNIT=autobrr.service
       '';
     };

From e82ae4a2192191e2894969fe3107fdbcd36c8c92 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 14 Apr 2025 10:19:57 +0000
Subject: [PATCH 368/431] home: vim: numbertoggle: remove 'TermOpen' event

It's now part of upstream's default setup.
---
 modules/home/vim/plugin/numbertoggle.lua | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/modules/home/vim/plugin/numbertoggle.lua b/modules/home/vim/plugin/numbertoggle.lua
index 8042710..b1e3df2 100644
--- a/modules/home/vim/plugin/numbertoggle.lua
+++ b/modules/home/vim/plugin/numbertoggle.lua
@@ -22,13 +22,3 @@ vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "InsertEnter", "WinLeave"
         end
     end,
 })
-
--- Never show the sign column in a terminal buffer
-vim.api.nvim_create_autocmd({ "TermOpen" }, {
-    pattern = "*",
-    group = numbertoggle,
-    callback = function()
-        vim.opt.number = false
-        vim.opt.relativenumber = false
-    end,
-})

From 67936af4c73f8664448efc80b072f40c568517c6 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 14 Apr 2025 10:19:57 +0000
Subject: [PATCH 369/431] home: vim: signtoggle: remove 'TermOpen' event

It's now part of upstream's default setup.
---
 modules/home/vim/plugin/signtoggle.lua | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/modules/home/vim/plugin/signtoggle.lua b/modules/home/vim/plugin/signtoggle.lua
index 9765a81..6a7640c 100644
--- a/modules/home/vim/plugin/signtoggle.lua
+++ b/modules/home/vim/plugin/signtoggle.lua
@@ -15,12 +15,3 @@ vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "WinLeave" }, {
         vim.opt.signcolumn = "no"
     end,
 })
-
--- Never show the sign column in a terminal buffer
-vim.api.nvim_create_autocmd({ "TermOpen" }, {
-    pattern = "*",
-    group = signtoggle,
-    callback = function()
-        vim.opt.signcolumn = "no"
-    end,
-})

From 6f5ac4e55f644a5e5a473e9fda752fbebdec7455 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 14 Apr 2025 10:24:30 +0000
Subject: [PATCH 370/431] home: vim: signtoggle: only show signs if 'number'

If a buffer doesn't show a number column, I probably also don't want a
sign column to be toggled on/off in there.
---
 modules/home/vim/plugin/signtoggle.lua | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/modules/home/vim/plugin/signtoggle.lua b/modules/home/vim/plugin/signtoggle.lua
index 6a7640c..3deca34 100644
--- a/modules/home/vim/plugin/signtoggle.lua
+++ b/modules/home/vim/plugin/signtoggle.lua
@@ -1,17 +1,21 @@
 local signtoggle = vim.api.nvim_create_augroup("signtoggle", { clear = true })
 
--- Only show sign column for the currently focused buffer
+-- Only show sign column for the currently focused buffer, if it has a number column
 vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "WinEnter" }, {
     pattern = "*",
     group = signtoggle,
     callback = function()
-        vim.opt.signcolumn = "yes"
+        if vim.opt.number:get() then
+            vim.opt.signcolumn = "yes"
+        end
     end,
 })
 vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "WinLeave" }, {
     pattern = "*",
     group = signtoggle,
     callback = function()
-        vim.opt.signcolumn = "no"
+        if vim.opt.number:get() then
+            vim.opt.signcolumn = "no"
+        end
     end,
 })

From 26ee59ef6e4f28ccbdbcf87eb28bb4074a87c840 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 14 Apr 2025 13:54:52 +0000
Subject: [PATCH 371/431] home: atuin: use 'uk' dialect for dates

This should be for date *parsing*, from my looking at the code.

Unlikely to be relevant, but might as well set it to the saner of the
two options.
---
 modules/home/atuin/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/home/atuin/default.nix b/modules/home/atuin/default.nix
index 3f06263..8c02e69 100644
--- a/modules/home/atuin/default.nix
+++ b/modules/home/atuin/default.nix
@@ -21,6 +21,8 @@ in
       ];
 
       settings = {
+        # Reasonable date format
+        dialect = "uk";
         # The package is managed by Nix
         update_check = false;
         # I don't care for the fancy display

From c69aaa7adb604593d20d38d0037caaf24cb41f3e Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 16 Apr 2025 15:25:18 +0200
Subject: [PATCH 372/431] nixos: services: servarr: autobrr: fix websockets

I found some logs complaining about websockets before enabling this.
---
 modules/nixos/services/servarr/autobrr.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/nixos/services/servarr/autobrr.nix b/modules/nixos/services/servarr/autobrr.nix
index 398e878..c3370cb 100644
--- a/modules/nixos/services/servarr/autobrr.nix
+++ b/modules/nixos/services/servarr/autobrr.nix
@@ -40,6 +40,7 @@ in
     my.services.nginx.virtualHosts = {
       autobrr = {
         inherit (cfg) port;
+        websocketsLocations = [ "/api" ];
       };
     };
 

From e4bc0444bfe7fdc7a43afcbda1ec7379f8286301 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 16 Apr 2025 15:29:10 +0200
Subject: [PATCH 373/431] nixos: services: transmission: fix umask

I want downloads to be readable by the `media` group. The permissions
weren't correctly applied without `umask`.
---
 modules/nixos/services/transmission/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix
index ac8b24d..16d51e3 100644
--- a/modules/nixos/services/transmission/default.nix
+++ b/modules/nixos/services/transmission/default.nix
@@ -65,6 +65,8 @@ in
         # Proxied behind Nginx.
         rpc-whitelist-enabled = true;
         rpc-whitelist = "127.0.0.1";
+
+        umask = "002"; # To go with `downloadDirPermissions`
       };
     };
 

From 1b6a48d6c27a88c98c6c99cbe642ee681c362cbd Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 16 Apr 2025 17:07:23 +0200
Subject: [PATCH 374/431] flake: bump inputs

---
 flake.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/flake.lock b/flake.lock
index 9e61219..65b8f04 100644
--- a/flake.lock
+++ b/flake.lock
@@ -175,11 +175,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1744174375,
-        "narHash": "sha256-oxI9TLgnQbQ/WL0tIwVSIooLbXq4PW1QUhf5aQmXFgk=",
+        "lastModified": 1744777043,
+        "narHash": "sha256-O6jgTxz9BKUiaJl03JsVHvSjtCOC8gHfDvC2UCfcLMc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ef3a956f697525883b77192cbe208233ea0f8f79",
+        "rev": "7a6f7f4c1c69eee05641beaa40e7f85da8e69fb0",
         "type": "github"
       },
       "original": {

From c40090d17607efbec1d58cefa95f0745ab0806b7 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 12 Apr 2025 14:51:46 +0200
Subject: [PATCH 375/431] nixos: services: servarr: add cross-seed

---
 hosts/nixos/porthos/services.nix              |  3 +
 modules/nixos/services/servarr/cross-seed.nix | 96 +++++++++++++++++++
 modules/nixos/services/servarr/default.nix    |  1 +
 3 files changed, 100 insertions(+)
 create mode 100644 modules/nixos/services/servarr/cross-seed.nix

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index 561da27..a95840a 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -148,6 +148,9 @@ in
       autobrr = {
         sessionSecretFile = secrets."servarr/autobrr/session-secret".path;
       };
+      cross-seed = {
+        enable = false;
+      };
       # ... But not Lidarr because I don't care for music that much
       lidarr = {
         enable = false;
diff --git a/modules/nixos/services/servarr/cross-seed.nix b/modules/nixos/services/servarr/cross-seed.nix
new file mode 100644
index 0000000..74f216a
--- /dev/null
+++ b/modules/nixos/services/servarr/cross-seed.nix
@@ -0,0 +1,96 @@
+# Automatic cross-seeding for video media
+{ config, lib, ... }:
+let
+  cfg = config.my.services.servarr.cross-seed;
+in
+{
+  options.my.services.servarr.cross-seed = with lib; {
+    enable = mkEnableOption "cross-seed daemon" // {
+      default = config.my.services.servarr.enableAll;
+    };
+
+    port = mkOption {
+      type = types.port;
+      default = 2468;
+      example = 8080;
+      description = "Internal port for daemon";
+    };
+
+    linkDirectory = mkOption {
+      type = types.str;
+      default = "/data/downloads/complete/links";
+      example = "/var/lib/cross-seed/links";
+      description = "Link directory";
+    };
+
+    secretSettingsFile = mkOption {
+      type = types.str;
+      example = "/run/secrets/cross-seed-secrets.json";
+      description = ''
+        File containing secret settings.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.cross-seed = {
+      enable = true;
+      group = "media";
+
+      # Rely on recommended defaults for tracker snatches etc...
+      useGenConfigDefaults = true;
+
+      settings = {
+        inherit (cfg) port;
+        host = "127.0.0.1";
+
+        # Inject torrents to client directly
+        action = "inject";
+        # Query the client for torrents to match
+        useClientTorrents = true;
+        # Use hardlinks
+        linkType = "hardlink";
+        # Use configured link directory
+        linkDirs = [ cfg.linkDirectory ];
+        # Match as many torrents as possible
+        matchMode = "partial";
+        # Cross-seed full season if at least 50% of episodes are already downloaded
+        seasonFromEpisodes = 0.5;
+      };
+
+      settingsFile = cfg.secretSettingsFile;
+    };
+
+    systemd.services.cross-seed = {
+      serviceConfig = {
+        # Loose umask to make cross-seed links readable by `media`
+        UMask = "0002";
+      };
+    };
+
+    # Set-up media group
+    users.groups.media = { };
+
+    my.services.nginx.virtualHosts = {
+      cross-seed = {
+        inherit (cfg) port;
+      };
+    };
+
+    services.fail2ban.jails = {
+      cross-seed = ''
+        enabled = true
+        filter = cross-seed
+        action = iptables-allports
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/cross-seed.conf".text = ''
+        [Definition]
+        failregex = ^.*Unauthorized API access attempt to .* from <HOST>$
+        journalmatch = _SYSTEMD_UNIT=cross-seed.service
+      '';
+    };
+  };
+}
diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix
index 409fcdc..dca57cf 100644
--- a/modules/nixos/services/servarr/default.nix
+++ b/modules/nixos/services/servarr/default.nix
@@ -7,6 +7,7 @@
   imports = [
     ./autobrr.nix
     ./bazarr.nix
+    ./cross-seed.nix
     ./jackett.nix
     ./nzbhydra.nix
     ./prowlarr.nix

From 058096079eadcf5fb488f00156dcd6d3a5489256 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 12 Apr 2025 14:52:10 +0200
Subject: [PATCH 376/431] hosts: nixos: porthos: secrets: add cross-seed

---
 hosts/nixos/porthos/secrets/secrets.nix          |   1 +
 .../servarr/cross-seed/configuration.json.age    | Bin 0 -> 1282 bytes
 2 files changed, 1 insertion(+)
 create mode 100644 hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age

diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix
index 425756c..b3812b4 100644
--- a/hosts/nixos/porthos/secrets/secrets.nix
+++ b/hosts/nixos/porthos/secrets/secrets.nix
@@ -81,6 +81,7 @@ in
   "pyload/credentials.age".publicKeys = all;
 
   "servarr/autobrr/session-secret.age".publicKeys = all;
+  "servarr/cross-seed/configuration.json.age".publicKeys = all;
 
   "sso/auth-key.age" = {
     owner = "nginx-sso";
diff --git a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age
new file mode 100644
index 0000000000000000000000000000000000000000..e9af03f472da8411b7106cf733ba1d389201263a
GIT binary patch
literal 1282
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSn_Ri1BO;^Y%D)lpW
z_Vox$^UBlD_YJRfEOs*TaI7%TamjG@@%MBN_6+q4%rlBG4CFEk(T)lZswgWlj0|@T
zOfI%GGIq@J$u08_b}~sxN^>zZ3kh=Z)~^WiGeNg4D<Ho-FI~aW$uz>R)FdraKP<?}
z&oC;dGRM6vGSbhZ($vq~ys#{{FfrAzxWv@OF`FyAJVV<&z_ZZL*f2k+B)7;vJR(0o
zGSMO+)7{b6!Ywq%tiaeguf)G3!+=XyS69I@s;r<i$W%Mg+cLx_GQiC=Eg;b;RJ%As
z+uStKLp!lJBsVS3B*`n-(Sl3Nv-?a><MIrl(x*{bjP<sxbE2Gdw_Xrkr(%C|ap?a?
z*4ol~;-*5+owM{z@1FYk<B)aL#?(CrYK<rES!w6U|JNmJcZJJWvHUZpzudiRmYMJU
zvp@Rwq`);#<fot8G4;-;Rr@krUpfAHTx*peDK>>Q?&_key4;IpeNQjT-<rU%qA}a9
z=KuZtXr<E~f%(t>={NB3)O=pQ;MLzxPQS!o<z^}Phwwg0S}|{K;nl;E=W9&wHm}iL
z)mCHqK6R<uu@>Ib3v^1Sri)Zs9eVB=lXAmyUEuZlJ%3cK^Gi!u7w2uv-`dOQZ$FXe
z3*(03pW)Xgwfh=0Gjk-(y5bwTz)`wS;CJZJWp^yK``2&nXpHTb_<S?N*Za?kW@F7s
zUYt+9PK)ADsY+r9nt1F+c6qz+^ot3yn+uJbG#<=glIrDWdn(ypVeb=L%dfEEv`fH$
z`G9PmYcINQdsYPYh)r*1H~z=SKEF{geYM<cmx5_mOA8Wat@_LSQ1<aM+h@hUUMByO
zzP11G-z`hKxeg!scK>IM9_Qkgn(YnF5BSA*H`bfRnLD#;ukQR_DQvniFx=(b?Qj2!
zjwJcLmRIPtk}o>ACGkbuS&frT;XOMSX2r>6bGA<`5MKBvH)cmpdxG$^g=^xroJ_lW
zj8(z<=7Gg4?T`5IWK_04n)k`A_^6Ro?}Rfup7}iebiiEhj^WR)BYmZDuN1^h=f3NB
z6c#wu{Eyn<b<1T{j^!xdSfYPcp3Pl#ON5p0xkilzIRgJGuYB>*Tra+3;%3F&h3x;{
z^$9+GF!jix1q_uog>SvI7|Yxv)Rh!9ZmoJe^Hct_oFjD>yg&T+$mUMnl<roY`rz_q
zOZy@{>CH0>@~5aB{o`yCkb0pdG)BVZ)G22c?)L5Mi!54$;;YvkVqAOw@6QYkJHc+T
zNuQ?QSKG(kYxG~eg5$-Dk9TiY9FCcs7awN$Li4RTlb1v|*GGSr=bP_ytXh#jaoPRb
zwqIJFxK>UPFfTilIA`aV#ZKF@6J~T=_+H2N?wKE_+oI|3g2V15M&`b+lZ*TGd$II~
zp4Y!@)U{7*rY!nfB+ayF=43{`-Tk2xT8jLvukPx;c-d-lXH&IZ+b@X|F$b9DSJ}w?
zn|)=Ec)*@~w|7Ctwy8c>9*bKP8$9m~Z2lAQOWRa0DSvOJ^E$QZQ65=0Z<x<8`6e-`
zNK9;5b<Yf`!w;husPgHzeN+^7^;&v&re@*wPP>a0753*7ZutHTFF1He;Ff2n;b$@S
zO@^oRdHR_y1$Hbr^txewUfIF>X6zzqJWZZTPgB_3-hUQrYkHDkaX$G8Gn2mmfp2fO
a3$3o2qvJ8ZJ$CJ3_b3jI6I)+s@Bjd%=|BMh

literal 0
HcmV?d00001


From ee1139713c908ab43cd86b86fc984f1824395ca2 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 12 Apr 2025 14:52:38 +0200
Subject: [PATCH 377/431] hosts: nixos: porthos: services: enable cross-seed

---
 hosts/nixos/porthos/services.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index a95840a..96f15d3 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -149,7 +149,7 @@ in
         sessionSecretFile = secrets."servarr/autobrr/session-secret".path;
       };
       cross-seed = {
-        enable = false;
+        secretSettingsFile = secrets."servarr/cross-seed/configuration.json".path;
       };
       # ... But not Lidarr because I don't care for music that much
       lidarr = {

From 135cef25365c25a1efaa912489c960a5fe839663 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 16 Apr 2025 16:04:52 +0000
Subject: [PATCH 378/431] home: atuin: add daemon

Enabled by default, I probably won't have a reason *not* to use it.
---
 modules/home/atuin/default.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/modules/home/atuin/default.nix b/modules/home/atuin/default.nix
index 8c02e69..dbd9690 100644
--- a/modules/home/atuin/default.nix
+++ b/modules/home/atuin/default.nix
@@ -8,6 +8,10 @@ in
 
     # I want the full experience by default
     package = mkPackageOption pkgs "atuin" { };
+
+    daemon = {
+      enable = my.mkDisableOption "atuin daemon";
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -15,6 +19,10 @@ in
       enable = true;
       inherit (cfg) package;
 
+      daemon = lib.mkIf cfg.daemon.enable {
+        enable = true;
+      };
+
       flags = [
         # I *despise* this hijacking of the up key, even though I use Ctrl-p
         "--disable-up-arrow"

From 29b47d7f84c67428d44ccc1f385161f187702661 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 22 Apr 2025 13:04:36 +0000
Subject: [PATCH 379/431] home: tmux: rename 'mkTerminalFeature'

This is a more accurate name to describe what the function is doing.
---
 modules/home/tmux/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix
index 08b9202..82ceb3a 100644
--- a/modules/home/tmux/default.nix
+++ b/modules/home/tmux/default.nix
@@ -6,7 +6,7 @@ let
     (config.my.home.wm.windowManager != null)
   ];
 
-  mkTerminalFlags = opt: flag:
+  mkTerminalFeature = opt: flag:
     let
       mkFlag = term: ''set -as terminal-features ",${term}:${flag}"'';
       enabledTerminals = lib.filterAttrs (_: v: v.${opt}) cfg.terminalFeatures;
@@ -123,9 +123,9 @@ in
       }
 
       # Force OSC8 hyperlinks for each relevant $TERM
-      ${mkTerminalFlags "hyperlinks" "hyperlinks"}
+      ${mkTerminalFeature "hyperlinks" "hyperlinks"}
       # Force 24-bit color for each relevant $TERM
-      ${mkTerminalFlags "trueColor" "RGB"}
+      ${mkTerminalFeature "trueColor" "RGB"}
     '';
   };
 }

From ec1c94676a727ee7b6e20c377ad0f7d05af9d69e Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 22 Apr 2025 13:15:04 +0000
Subject: [PATCH 380/431] home: vim: highlight over-extended commit subjects

---
 modules/home/vim/after/queries/gitcommit/highlights.scm | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 modules/home/vim/after/queries/gitcommit/highlights.scm

diff --git a/modules/home/vim/after/queries/gitcommit/highlights.scm b/modules/home/vim/after/queries/gitcommit/highlights.scm
new file mode 100644
index 0000000..05162c9
--- /dev/null
+++ b/modules/home/vim/after/queries/gitcommit/highlights.scm
@@ -0,0 +1,6 @@
+; extends
+
+; Highlight over-extended subject lines (rely on wrapping for message body)
+((subject) @comment.error
+  (#vim-match? @comment.error ".\{50,}")
+  (#offset! @comment.error 0 50 0 0))

From 946eab9ec00bfba393d1ed292a28f0f692048096 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 21 Feb 2025 16:26:39 +0000
Subject: [PATCH 381/431] home: git: extract 'delta' configuration

I want to be able to re-use it between different source control systems
(e.g: `jj`).

As a first step, extract it to a proper module so that I can have it
live in a single space.
---
 modules/home/default.nix       |  1 +
 modules/home/delta/default.nix | 61 ++++++++++++++++++++++++++++++++++
 modules/home/git/default.nix   | 28 ----------------
 3 files changed, 62 insertions(+), 28 deletions(-)
 create mode 100644 modules/home/delta/default.nix

diff --git a/modules/home/default.nix b/modules/home/default.nix
index c8183cf..e642e87 100644
--- a/modules/home/default.nix
+++ b/modules/home/default.nix
@@ -8,6 +8,7 @@
     ./bluetooth
     ./calibre
     ./comma
+    ./delta
     ./dircolors
     ./direnv
     ./discord
diff --git a/modules/home/delta/default.nix b/modules/home/delta/default.nix
new file mode 100644
index 0000000..e9350bb
--- /dev/null
+++ b/modules/home/delta/default.nix
@@ -0,0 +1,61 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.my.home.delta;
+in
+{
+  options.my.home.delta = with lib; {
+    enable = my.mkDisableOption "delta configuration";
+
+    package = mkPackageOption pkgs "delta" { };
+
+    git = {
+      enable = my.mkDisableOption "git integration";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        # For its configuration
+        assertion = cfg.enable -> cfg.git.enable;
+        message = ''
+          `config.my.home.delta` must enable `config.my.home.delta.git` to be
+          properly configured.
+        '';
+      }
+    ];
+
+    home.packages = [ cfg.package ];
+
+    programs.git = lib.mkIf cfg.git.enable {
+      delta = {
+        enable = true;
+        inherit (cfg) package;
+
+        options = {
+          features = "diff-highlight decorations";
+
+          # Less jarring style for `diff-highlight` emulation
+          diff-highlight = {
+            minus-style = "red";
+            minus-non-emph-style = "red";
+            minus-emph-style = "bold red 52";
+
+            plus-style = "green";
+            plus-non-emph-style = "green";
+            plus-emph-style = "bold green 22";
+
+            whitespace-error-style = "reverse red";
+          };
+
+          # Personal preference for easier reading
+          decorations = {
+            commit-style = "raw"; # Do not recolor meta information
+            keep-plus-minus-markers = true;
+            paging = "always";
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix
index c88008f..ca59a5f 100644
--- a/modules/home/git/default.nix
+++ b/modules/home/git/default.nix
@@ -42,34 +42,6 @@ in
 
     lfs.enable = true;
 
-    delta = {
-      enable = true;
-
-      options = {
-        features = "diff-highlight decorations";
-
-        # Less jarring style for `diff-highlight` emulation
-        diff-highlight = {
-          minus-style = "red";
-          minus-non-emph-style = "red";
-          minus-emph-style = "bold red 52";
-
-          plus-style = "green";
-          plus-non-emph-style = "green";
-          plus-emph-style = "bold green 22";
-
-          whitespace-error-style = "reverse red";
-        };
-
-        # Personal preference for easier reading
-        decorations = {
-          commit-style = "raw"; # Do not recolor meta information
-          keep-plus-minus-markers = true;
-          paging = "always";
-        };
-      };
-    };
-
     # There's more
     extraConfig = {
       # Makes it a bit more readable

From 2eb2a83dca68ffd2ff5380300fbaec23e8038e6a Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 24 Apr 2025 09:29:37 +0000
Subject: [PATCH 382/431] flake: bump inputs

---
 flake.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/flake.lock b/flake.lock
index 65b8f04..6bd45a8 100644
--- a/flake.lock
+++ b/flake.lock
@@ -159,11 +159,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1743869639,
-        "narHash": "sha256-Xhe3whfRW/Ay05z9m1EZ1/AkbV1yo0tm1CbgjtCi4rQ=",
+        "lastModified": 1745439012,
+        "narHash": "sha256-TwbdiH28QK7Da2JQTqFHdb+UCJq6QbF2mtf+RxHVzEA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "d094c6763c6ddb860580e7d3b4201f8f496a6836",
+        "rev": "d31710fb2cd536b1966fee2af74e99a0816a61a8",
         "type": "github"
       },
       "original": {
@@ -175,11 +175,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1744777043,
-        "narHash": "sha256-O6jgTxz9BKUiaJl03JsVHvSjtCOC8gHfDvC2UCfcLMc=",
+        "lastModified": 1745469902,
+        "narHash": "sha256-+kHgeD+3+WZZcOaIsS6XwQWb+qbYYWYXzoEjdmdW6OY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "7a6f7f4c1c69eee05641beaa40e7f85da8e69fb0",
+        "rev": "4975ac49a527b505803958595fcb191c9e889f60",
         "type": "github"
       },
       "original": {

From 89bc60609f07b4f3cff4cb4e0610f1b8243a9ad3 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 24 Apr 2025 12:46:24 +0200
Subject: [PATCH 383/431] home: firefox: tridactyl: use 'replaceVars'

---
 modules/home/firefox/tridactyl/default.nix | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/modules/home/firefox/tridactyl/default.nix b/modules/home/firefox/tridactyl/default.nix
index 35b58c2..26ddfad 100644
--- a/modules/home/firefox/tridactyl/default.nix
+++ b/modules/home/firefox/tridactyl/default.nix
@@ -12,9 +12,7 @@ let
 in
 {
   config = lib.mkIf cfg.enable {
-    xdg.configFile."tridactyl/tridactylrc".source = pkgs.substituteAll {
-      src = ./tridactylrc;
-
+    xdg.configFile."tridactyl/tridactylrc".source = pkgs.replaceVars ./tridactylrc {
       editorcmd = lib.concatStringsSep " " [
         # Use my configured terminal
         term

From bfda64288ead8796e1f3c8a5980fabb228f2e844 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 30 Apr 2025 21:05:22 +0100
Subject: [PATCH 384/431] nix: bump inputs

---
 flake.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/flake.lock b/flake.lock
index 6bd45a8..584d942 100644
--- a/flake.lock
+++ b/flake.lock
@@ -14,11 +14,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1736955230,
-        "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
+        "lastModified": 1745630506,
+        "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
+        "rev": "96e078c646b711aee04b82ba01aefbff87004ded",
         "type": "github"
       },
       "original": {
@@ -36,11 +36,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1700795494,
-        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
+        "lastModified": 1744478979,
+        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
+        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
         "type": "github"
       },
       "original": {
@@ -159,11 +159,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1745439012,
-        "narHash": "sha256-TwbdiH28QK7Da2JQTqFHdb+UCJq6QbF2mtf+RxHVzEA=",
+        "lastModified": 1746040799,
+        "narHash": "sha256-osgPX/SzIpkR50vev/rqoTEAVkEcOWXoQXmbzsaI4KU=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "d31710fb2cd536b1966fee2af74e99a0816a61a8",
+        "rev": "5f217e5a319f6c186283b530f8c975e66c028433",
         "type": "github"
       },
       "original": {
@@ -175,11 +175,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1745469902,
-        "narHash": "sha256-+kHgeD+3+WZZcOaIsS6XwQWb+qbYYWYXzoEjdmdW6OY=",
+        "lastModified": 1745930157,
+        "narHash": "sha256-y3h3NLnzRSiUkYpnfvnS669zWZLoqqI6NprtLQ+5dck=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4975ac49a527b505803958595fcb191c9e889f60",
+        "rev": "46e634be05ce9dc6d4db8e664515ba10b78151ae",
         "type": "github"
       },
       "original": {

From c5be292dfca50b740acf130bb0c3138fb4261a26 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 30 Apr 2025 21:34:11 +0100
Subject: [PATCH 385/431] nixos: profiles: wm: fix i3lock PAM service

This was announced as a breaking change, and would lock me out if not
set.

I wish the transition went a bit slower, by first introducing the
option for each PAM service, and *then* toggling it. Oh well.
---
 modules/nixos/profiles/wm/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/nixos/profiles/wm/default.nix b/modules/nixos/profiles/wm/default.nix
index c227328..bca4d70 100644
--- a/modules/nixos/profiles/wm/default.nix
+++ b/modules/nixos/profiles/wm/default.nix
@@ -24,6 +24,8 @@ in
       my.home.udiskie.enable = true;
       # udiskie fails if it can't find this dbus service
       services.udisks2.enable = true;
+      # Ensure i3lock can actually unlock the session
+      security.pam.services.i3lock.enable = true;
     })
   ];
 }

From 4b6f62b25ab9bccf84aa994ac8e8b79a42632e00 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 30 Apr 2025 21:36:50 +0100
Subject: [PATCH 386/431] home: gpg: fix deprecated config

---
 modules/home/gpg/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/gpg/default.nix b/modules/home/gpg/default.nix
index 51c865a..2a00baf 100644
--- a/modules/home/gpg/default.nix
+++ b/modules/home/gpg/default.nix
@@ -17,7 +17,7 @@ in
     services.gpg-agent = {
       enable = true;
       enableSshSupport = true; # One agent to rule them all
-      pinentryPackage = cfg.pinentry;
+      pinentry.package = cfg.pinentry;
       extraConfig = ''
         allow-loopback-pinentry
       '';

From e3243ebe80d7c3e55337227d1e4177022d78ca05 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 2 May 2025 17:59:03 +0100
Subject: [PATCH 387/431] nixos: services: nextcloud: simplify DB handling

I *think* the option didn't exist when I originally used this module.
---
 modules/nixos/services/nextcloud/default.nix | 22 +++++---------------
 1 file changed, 5 insertions(+), 17 deletions(-)

diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix
index cf1b876..d8d4fce 100644
--- a/modules/nixos/services/nextcloud/default.nix
+++ b/modules/nixos/services/nextcloud/default.nix
@@ -44,11 +44,15 @@ in
         adminuser = cfg.admin;
         adminpassFile = cfg.passwordFile;
         dbtype = "pgsql";
-        dbhost = "/run/postgresql";
       };
 
       https = true;
 
+      # Automatic PostgreSQL provisioning
+      database = {
+        createLocally = true;
+      };
+
       settings = {
         overwriteprotocol = "https"; # Nginx only allows SSL
       };
@@ -60,22 +64,6 @@ in
       };
     };
 
-    services.postgresql = {
-      enable = true;
-      ensureDatabases = [ "nextcloud" ];
-      ensureUsers = [
-        {
-          name = "nextcloud";
-          ensureDBOwnership = true;
-        }
-      ];
-    };
-
-    systemd.services."nextcloud-setup" = {
-      requires = [ "postgresql.service" ];
-      after = [ "postgresql.service" ];
-    };
-
     # The service above configures the domain, no need for my wrapper
     services.nginx.virtualHosts."nextcloud.${config.networking.domain}" = {
       forceSSL = true;

From 921d604ebea0d265815c76c60a85efa0929bc1ce Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 2 May 2025 22:35:33 +0100
Subject: [PATCH 388/431] hosts: nixos: porthos: secrets: update cross-seed

---
 .../servarr/cross-seed/configuration.json.age | Bin 1282 -> 1364 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age
index e9af03f472da8411b7106cf733ba1d389201263a..1499a56c21c9911f5a7111177b3458e418cb4b1c 100644
GIT binary patch
delta 1337
zcmZqTy23R<r{2dsGAl1R&CsVf!`Ro~tfEpsDzP{tveLK6H?_bqBQV>~+#=N{Kdj6(
zkju?CG(W`1q_`?PSKrs8&^6REIMFhosHDiCI6uQN-`^~&Dk-2MG@~>spG((Hp}06h
zH#Nn`)YQ;YAuAxiJTF}#B-zj1%rDG1C(EQFDzM7fuRbiR%*Qjgytq`~%%sfKHQ2B)
zIV&p6FxSX}%Pci3(7?>gG(SDeGd#u5&&15d(>chkDl^|Zr8Lzd-Q6ravLGxV#oR5D
zOIKG{A*d>)D4@V8C#1Y6B-7Nm(juua&p*OE*Uccf#3SF)#LqI&&)hxRB`~p^Yxyd>
zj1~K?AFEe4*c%Y58#y;-`z!&8)Tv=jGo`~r_eAP+vgUnQnY4O$&c(W!cUcYk)~Byu
z7Vzw@$d$U!zGgcb()tRwY`S*Zy*t7{bAo+2mn5_5`<;szWvw3^-gZ;4wr6wbV}m{m
zd#2gfbYzy8RB#p=DDJkBTcaa%;L*aG_3u~ATWG{_FFEEz{e{%6|2DLE)+t6^YG6z`
z{A5PL1Fns#@q)XPE=n6m+~kVqJ@igxBk!iS4|MwPt~j;Y#z<rpf6y@v8|P)GXUg*H
zPV83caLTFw)#u%JoJsY2<R1IKi2+~Umb6!!>|+*+yi>9=iQDHGtMxmlmx_$beugPX
zC;Bt}=|BBkD}!4icUS!ciOom#Ivr*InYoqZI92{v^Vwc!8_chE_cKSY;`RSeWPFul
z&X?ET`*duvY47@lcRoKh`e8Y7LgQ1NNpr*|*IP3%T(3NrlaO?fgQuS3;l0yGIg|F?
z{!}L(zr@krBgDYT>E`5BUmn_sn!7X~3~^2tpJcLOcJqtK2^lfZ3r}Bjtbg}%_5#Dc
zqDk?V!FnzapA{-pnoWw@EXX9*aZ2FU?%n@uHofl(KhksITjrT*E{~sAZ&>ZykP>k@
zhBG{FR`T)SXCGh595Gz;>=&N`r=!=ejvIe@x_`g<75JTLv5v#rE1e3rcP=`!Rz?4m
zgj1iKWZ`x@qp2_DpQWy0WNDJ-Z8<-u{`0#QS+Dv2GkAP<MX&HpG~QUe^<~-iuY7Ig
z>mM8Ix=voUBj3W$k#l{*-0QbL{ZE-J+QnJC>Fo*gsol04UVk^a``q54u_trU9f8|D
zo0jM{s5;GNSTlFCVb7OefzKNq*{bHwf6q{&cXOiI)9pXkwKE>R=Mp=o=s-YT;TDy5
z^KNdbFDf}(SvHYtZ5jXevMiA!!7o^w**8>XUjFyP_wgz2<%gCmICJvImNvx*|6_Sc
ztKTo5bYT83`FY!TEDjyWR=HIko%HP2pJ^whY?PS)`5ONVx_xf*(=~mX3m+^yw_&OO
zPnYN248r+y*$z+f+OWn`%%DuxQ`vk+S&!fq$Jt+Zm?w4Bx4zE1EjJ_2EP26Uj$>}E
zf99q5{9E+3{kYq<)s=;t{-jy0yYsvL)+|#|)k_`I)&<@vSC=ThFPfPa+kXGa|C?3&
zyXVAA<7!)|wXdxFcrr(Oit`Rm|2HR}Z#wv<O7_V&*K>8p3Vh4tLYSxJDgG{VwPHIo
zeaf^J!vop2KROTB)y=Hm{d)H6ef$D;Onn{)&aNpaKY#K<lKnNO-Ps9mqUN=BF5g|X
ze|g(U4{7cw-`zzk-`6czc>9d)G5+8AQE#OR7#0Z4=(_&r^bDJ`Uv34fERD`MG{=0+
zDWQe(h2f6cGk8CDwcdR7)oJG4PdmRPvwmBt)u|BJa&&H(RXdxa_pF@k=V?Y+|39{5
zpRZXh*QprkDgDa!?(xIv(!ZNuYX=;<!?^yMSJ#Q<vF;|SaaSxB^<1j_bD1Fo00>`p
A&j0`b

delta 1254
zcmcb@)x<SHr#`2s)X&`6*CQ;=D^EY)H@woZ*vZJlvBEsZCBxar-_tqRGt@6I&nUt$
zkjpGYJ1RJ+qO8O)GTb#Vx!BUk*fGl|x6D7-$s{Ey&Bf3xB*?{Ezaq%bgiF^>p}06h
zH#Nn`)YQ;YAuAxiJTG0r(aAKzuhb+hQ$H-o$<Ht<r@k`By(}`)&!f`R&)mGQEVnQ*
z)v&n4)WtEIE4(~I+dROt(9hT~Kd2<P$Ui(HKR+_jA|TV<(bvK)G{>yK*g3Dnza+ze
zOIKG{!7{3>pft!-JJH)R#3wSq%``0_(J55BI78dqG|@vlu{b0*Ezcy$E7;M3OU$$T
zOi$zTjC!Hcr%_pq^|q{YqMUTMUJzZUVt;dS=>JF7+R}RBrb5r1v-C{wp8EOYkag9@
z)IA4kjVJC|Y3IoQ*ClIrh09m5{4=J%+`Vg-neY9xKl=8hz%@_gr=Qy~_0FeN`!ZZ#
zIsSQEYn31=Hib3r>Y}T<+>2#>PcO^gn!vE4G25=@|NZ>vdZp7Hf%(t>={NB3)O=pQ
z;MLzxPQS!o<z^}Phwwg0S}|{K;nl;E=W9&wHm}iL)mCHqK6R<uu@>Ib3v^1Sri)Zs
z9eVB=lXAmyUEuZlJ%3cK^Gi!u7w2uv-`dOQZ$FXe3*(03pW)Xgwfh=0Gjk-(y5bwT
zz)`wS;CJZJWp^yK``6cR?P!ecm-u`$!`J)Iie_WYNnV^!zD|qcP^n5{2%328Ms|6-
z@AQiavYQKyn=~HGV3O+PXL~ByUSaPOTg$Jo;j~M@fBArHo@+0<Z+lh*_J~byW;g!F
z$UeVOFnzV$YnOs)S4#^LX07_m{80AsGTUdxzg{N)lfJe8@ZT*<ySWY@ssDEWXN?}`
z;+C524bBhv#dkN>o5q<tvudyI{9Y++x-l@^<=pLW|BH?!`Ms7`=(UnBI=ChAMcY}8
zlTG10I~Qif$z^l4Pb?5#_$N1JM^1Z!@U(?%;<lVjyL*gP!TRQb#VhTP`0!*@wm+Kp
z$*uUPkyP)5GdrI7JpFXQT<(tH&#oi&eWh`)6vR#EzUz1t7C6=XkJ{mN%VkxL<tX1+
zqJLJN&0Td%gq82PMvVnI0{<$neDTp-FTP{qX2sow?El{N2|j%=^~j+G43##8Z@sh_
z%iJT>l@v8@t$IB3Q~tA@BXt(MKm7N|=1$#|?pB@p;PPcl`yxH*%`*$~r>GtM<7^X<
zdZE50G)BVZ)G22c?)L5Mi!54$;;YvkVqAOw@6QYkJHc+TNuQ?QSKG(kYxG~eg5$-D
zk9TiY9FCcs7awN$Li4RTlb1v|*GGSr=bP_ytXh#jaoPRbwqIJFxK>UPFfTilIA`aV
z#ZKF@6J~T=_+H2N?wKE_+oI|3g2V15M&`b+lZ*TGyMD3sho0BJY}B<+Yo;vvTO`f2
zXy#-_zTN$y6IzP=tgr6szIfSca%WSuUE42-6EO#v=2zLs{F{Ack9feIe7AQ&#<r<G
zS00O76dOG64Q&1s@JriNFDZX-rSm$q=}{h8H*c8FF!?4isYpz0S#{40slyMW7pU^-
zw|!I;cJ*3%ccx~1;q^|tixn02=M!%D{tPcTcu3%uXQ$z3G4@S{r}TOHnJxu(EI9PK
zVSZlO!TV<HB56ELo=Q(s*xcTK7HeyIl3;N@`3W<VzW;%5Z?_Aru9~CcF~2=_?P2#Q
M4vrIBUuf_E0F5*_k^lez


From 22f97b4ac7d6e0285935f5236686c789e712ff04 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 3 May 2025 13:56:12 +0100
Subject: [PATCH 389/431] home: vim: lua: lsp: configure inlay hints

---
 modules/home/vim/lua/ambroisie/lsp.lua | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua
index e48de12..fef0487 100644
--- a/modules/home/vim/lua/ambroisie/lsp.lua
+++ b/modules/home/vim/lua/ambroisie/lsp.lua
@@ -53,6 +53,10 @@ M.on_attach = function(client, bufnr)
         vim.diagnostic.open_float(nil, { scope = "buffer" })
     end
 
+    local function toggle_inlay_hints()
+        vim.lsp.inlay_hint.enable(not vim.lsp.inlay_hint.is_enabled())
+    end
+
     local keys = {
         buffer = bufnr,
         -- LSP navigation
@@ -67,6 +71,7 @@ M.on_attach = function(client, bufnr)
         { "<leader>ca", vim.lsp.buf.code_action, desc = "Code actions" },
         { "<leader>cd", cycle_diagnostics_display, desc = "Cycle diagnostics display" },
         { "<leader>cD", show_buffer_diagnostics, desc = "Show buffer diagnostics" },
+        { "<leader>ch", toggle_inlay_hints, desc = "Toggle inlay hints" },
         { "<leader>cr", vim.lsp.buf.rename, desc = "Rename symbol" },
         { "<leader>cs", vim.lsp.buf.signature_help, desc = "Show signature" },
         { "<leader>ct", vim.lsp.buf.type_definition, desc = "Go to type definition" },

From d2a8894eb298a2fbdee409b20995c51d6dcbaf4e Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 5 May 2025 18:06:41 +0100
Subject: [PATCH 390/431] home: wm: i3: make 'firefox' history float

---
 modules/home/wm/i3/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix
index 029a14b..5f22bbe 100644
--- a/modules/home/wm/i3/default.nix
+++ b/modules/home/wm/i3/default.nix
@@ -127,6 +127,7 @@ in
             { class = "^Blueman-.*$"; }
             { title = "^htop$"; }
             { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; }
+            { class = "^firefox$"; instance = "Places"; window_role = "Organizer"; }
             { class = "^pavucontrol.*$"; }
             { class = "^Arandr$"; }
             { class = "^\\.blueman-manager-wrapped$"; }

From a9ba93f834db067e9d791c4299ceab483c8ef6f8 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 7 May 2025 11:27:12 +0000
Subject: [PATCH 391/431] home: delta: assert git is enabled

---
 modules/home/delta/default.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/home/delta/default.nix b/modules/home/delta/default.nix
index e9350bb..58ee031 100644
--- a/modules/home/delta/default.nix
+++ b/modules/home/delta/default.nix
@@ -23,6 +23,13 @@ in
           properly configured.
         '';
       }
+      {
+        assertion = cfg.enable -> config.programs.git.enable;
+        message = ''
+          `config.my.home.delta` relies on `config.programs.git` to be
+          enabled.
+        '';
+      }
     ];
 
     home.packages = [ cfg.package ];

From 07d8f5a03fbc5a1e36e6425953ad30f2c7037287 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 7 May 2025 17:25:28 +0200
Subject: [PATCH 392/431] flake: nixos: use 'nixpkgs.hostPlatform'

This is the proper way to set `system` nowadays.
---
 flake/nixos.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/flake/nixos.nix b/flake/nixos.nix
index bf9eac8..0fbd3a6 100644
--- a/flake/nixos.nix
+++ b/flake/nixos.nix
@@ -15,8 +15,10 @@ let
   ];
 
   buildHost = name: system: lib.nixosSystem {
-    inherit system;
     modules = defaultModules ++ [
+      {
+        nixpkgs.hostPlatform = system;
+      }
       "${self}/hosts/nixos/${name}"
     ];
     specialArgs = {

From 8a8e4f93a513ad3aaafdbeced14a61d5f961ff1d Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 7 May 2025 17:16:44 +0000
Subject: [PATCH 393/431] flake: home-manager: remove obsolete comment

---
 flake/home-manager.nix | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/flake/home-manager.nix b/flake/home-manager.nix
index 093ae8c..88a74e8 100644
--- a/flake/home-manager.nix
+++ b/flake/home-manager.nix
@@ -22,10 +22,6 @@ let
   ];
 
   mkHome = name: system: inputs.home-manager.lib.homeManagerConfiguration {
-    # Work-around for home-manager
-    # * not letting me set `lib` as an extraSpecialArgs
-    # * not respecting `nixpkgs.overlays` [1]
-    # [1]: https://github.com/nix-community/home-manager/issues/2954
     pkgs = inputs.nixpkgs.legacyPackages.${system};
 
     modules = defaultModules ++ [

From 77839ab2ef3003c38324cade0810b41d1c84cc8c Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 8 May 2025 13:29:35 +0000
Subject: [PATCH 394/431] flake: bump inputs

---
 flake.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/flake.lock b/flake.lock
index 584d942..ef7aba8 100644
--- a/flake.lock
+++ b/flake.lock
@@ -175,11 +175,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1745930157,
-        "narHash": "sha256-y3h3NLnzRSiUkYpnfvnS669zWZLoqqI6NprtLQ+5dck=",
+        "lastModified": 1746683680,
+        "narHash": "sha256-+5zk+UbG0+GQlKt+gIKm+OhlYvHmkAHFXvf7hl1HDeM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "46e634be05ce9dc6d4db8e664515ba10b78151ae",
+        "rev": "16762245d811fdd74b417cc922223dc8eb741e8b",
         "type": "github"
       },
       "original": {

From 0c5836bc56e9048e27db4081595ff7cb566f9c31 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 8 May 2025 23:22:11 +0200
Subject: [PATCH 395/431] nixos: services: paperless: use 'PAPERLESS_URL'

---
 modules/nixos/services/paperless/default.nix | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix
index 63f456b..9cdac38 100644
--- a/modules/nixos/services/paperless/default.nix
+++ b/modules/nixos/services/paperless/default.nix
@@ -53,17 +53,13 @@ in
       mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath;
 
       settings =
-        let
-          paperlessDomain = "paperless.${config.networking.domain}";
-        in
         {
           # Use SSO
           PAPERLESS_ENABLE_HTTP_REMOTE_USER = true;
           PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER";
 
           # Security settings
-          PAPERLESS_ALLOWED_HOSTS = paperlessDomain;
-          PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}";
+          PAPERLESS_URL = "https://paperless.${config.networking.domain}";
 
           # OCR settings
           PAPERLESS_OCR_LANGUAGE = "fra+eng";

From a997d36964830a96b13c99175c51165614686edf Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 8 May 2025 23:22:35 +0200
Subject: [PATCH 396/431] nixos: services: paperless: fix formatting

---
 modules/nixos/services/paperless/default.nix | 32 ++++++++++----------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix
index 9cdac38..f345e8a 100644
--- a/modules/nixos/services/paperless/default.nix
+++ b/modules/nixos/services/paperless/default.nix
@@ -52,26 +52,26 @@ in
 
       mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath;
 
-      settings =
-        {
-          # Use SSO
-          PAPERLESS_ENABLE_HTTP_REMOTE_USER = true;
-          PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER";
+      settings = {
+        # Use SSO
+        PAPERLESS_ENABLE_HTTP_REMOTE_USER = true;
+        PAPERLESS_ENABLE_HTTP_REMOTE_USER_API = true;
+        PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER";
 
-          # Security settings
-          PAPERLESS_URL = "https://paperless.${config.networking.domain}";
+        # Security settings
+        PAPERLESS_URL = "https://paperless.${config.networking.domain}";
 
-          # OCR settings
-          PAPERLESS_OCR_LANGUAGE = "fra+eng";
+        # OCR settings
+        PAPERLESS_OCR_LANGUAGE = "fra+eng";
 
-          # Workers
-          PAPERLESS_TASK_WORKERS = 3;
-          PAPERLESS_THREADS_PER_WORKER = 4;
+        # Workers
+        PAPERLESS_TASK_WORKERS = 3;
+        PAPERLESS_THREADS_PER_WORKER = 4;
 
-          # Misc
-          PAPERLESS_TIME_ZONE = config.time.timeZone;
-          PAPERLESS_ADMIN_USER = cfg.username;
-        };
+        # Misc
+        PAPERLESS_TIME_ZONE = config.time.timeZone;
+        PAPERLESS_ADMIN_USER = cfg.username;
+      };
 
       # Admin password
       passwordFile = cfg.passwordFile;

From 1dc65a37e7dc8041ee639dac882c5e2503708170 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 8 May 2025 23:29:30 +0200
Subject: [PATCH 397/431] nixos: services: paperless: set proxy settings

---
 modules/nixos/services/paperless/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix
index f345e8a..b6965ca 100644
--- a/modules/nixos/services/paperless/default.nix
+++ b/modules/nixos/services/paperless/default.nix
@@ -60,6 +60,8 @@ in
 
         # Security settings
         PAPERLESS_URL = "https://paperless.${config.networking.domain}";
+        PAPERLESS_USE_X_FORWARD_HOST = true;
+        PAPERLESS_PROXY_SSL_HEADER = ''["HTTP_X_FORWARDED_PROTO", "https"]'';
 
         # OCR settings
         PAPERLESS_OCR_LANGUAGE = "fra+eng";

From 5b545a28f10c90d07f0442fb8c5823b1cb53f2f3 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 9 May 2025 00:02:07 +0200
Subject: [PATCH 398/431] nixos: services: mealie: use automatic DB setup

---
 modules/nixos/services/mealie/default.nix | 20 +++-----------------
 1 file changed, 3 insertions(+), 17 deletions(-)

diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix
index 664d5ba..3b4d4f7 100644
--- a/modules/nixos/services/mealie/default.nix
+++ b/modules/nixos/services/mealie/default.nix
@@ -38,27 +38,13 @@ in
         # Make it work with socket auth
         POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql";
       };
-    };
 
-    systemd.services = {
-      mealie = {
-        after = [ "postgresql.service" ];
-        requires = [ "postgresql.service" ];
+      # Automatic PostgreSQL provisioning
+      database = {
+        createLocally = true;
       };
     };
 
-    # Set-up database
-    services.postgresql = {
-      enable = true;
-      ensureDatabases = [ "mealie" ];
-      ensureUsers = [
-        {
-          name = "mealie";
-          ensureDBOwnership = true;
-        }
-      ];
-    };
-
     my.services.nginx.virtualHosts = {
       mealie = {
         inherit (cfg) port;

From f14f5c7f8aa3e87cb025e04b3f8cac2b1315d596 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 14 May 2025 18:51:12 +0000
Subject: [PATCH 399/431] flake: bump inputs

---
 flake.lock | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/flake.lock b/flake.lock
index ef7aba8..b90b54a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -117,11 +117,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742649964,
-        "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
+        "lastModified": 1746537231,
+        "narHash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
+        "rev": "fa466640195d38ec97cf0493d6d6882bc4d14969",
         "type": "github"
       },
       "original": {
@@ -159,11 +159,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1746040799,
-        "narHash": "sha256-osgPX/SzIpkR50vev/rqoTEAVkEcOWXoQXmbzsaI4KU=",
+        "lastModified": 1747225851,
+        "narHash": "sha256-4IbmZrNOdXP143kZEUzxBS5SqyxUlaSHLgdpeJfP2ZU=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "5f217e5a319f6c186283b530f8c975e66c028433",
+        "rev": "6bf057fc8326e83bda05a669fc08d106547679fb",
         "type": "github"
       },
       "original": {
@@ -175,11 +175,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1746683680,
-        "narHash": "sha256-+5zk+UbG0+GQlKt+gIKm+OhlYvHmkAHFXvf7hl1HDeM=",
+        "lastModified": 1746904237,
+        "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "16762245d811fdd74b417cc922223dc8eb741e8b",
+        "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956",
         "type": "github"
       },
       "original": {

From 97bcc5f34ed0b7154829f4bd0a43b485f16205b7 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 18 May 2025 02:14:36 +0200
Subject: [PATCH 400/431] hosts: nixos: porthos: secrets: update cross-seed

---
 .../servarr/cross-seed/configuration.json.age | Bin 1364 -> 1528 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age
index 1499a56c21c9911f5a7111177b3458e418cb4b1c..e319f3a823c4eb4c84b15f6630ea5fbf42f9092b 100644
GIT binary patch
delta 1502
zcmcb@^@DqYPJM)-VR?CgkBPZawo9aGMoCdYRk>4OQGumFMo6W5x^rP=Mt)AETV`3V
z1(#E4QAJ@+N^qv5r>~)BvQubgdVynQWKwEazOiRuRf$n@d4RJ~l2Kr;1(&X!LUD11
zZfc5=si~o*LRLV2d0x7LTcA^FQMP_+ScYYkbCiF2Kz*uLx|y4Yvy+>npMhItskXmS
zqIsZaWtO7}muXf=R=J;Zl8HxhR8p98WpSjBN1#htPF{*xP+m@HvU6p4X<2GTMrw)$
zm#(g^f>}hNuTxT<rJrknPiDHQrITAksefgfzl%X`c#>JMdzPPBsB^Mmo>ycf*D2@n
z37;fCdeuv+?>w+R<0Yeo{}QfuMmN)!+&k=0a;^TSYwE4IY0U~Q?{9Yfw0X#~C0&SF
zX}+aS((K$VJ-bblR?1ZG`JdIke`#ik!jg~Af1G*t+V950$FnqoQUr|mohx^EF@65T
z!^>7rb@N!fc}v>LkM#>r%T@8aynXUz(Vrc1N_9sTE>E4Nw7mX$h0l{u+OqtM1bTj@
z{(q8F`{LD`c_O|u&izgQ`QeY>?OCTZ*t+M1PUGCN>2JW}-2Va(cQ3Qqb*%S#`^L*J
zG+q`LyViT9Zd*R-NA%IVo*yc{RKzX66}P)FtGzy)v4%Z9f!XkKo!$0ChYdC^i?TxQ
zn;!e4|M;`7(CJ-Ed03yy+^*NF)SaH%BJzKE^2OXKtanWAHZ%#J&b~Tv%d`CgUAeXM
zmqgG0v{sNa#44C8s9yZV?WjFxZhl>tDqUQvv?~1K4ePy1>-d}J>u|1KJ8x&IqfYo+
zv*Wuy^8DMJ_IAY~9#8ikC1JDBo^u^VY~lYmh;NKyxvQY*wpb@t-T7Qi$XnlQ^#W44
zZ`SP8{vYOUcPhZZFKDgXN`tTQ-^=Rxdu|@>URiWR^t<<$J0G5AKAz@imKnqS{_7*H
z#FFImH@qBwus*nwkZR2-_kL^j^KWZC&P&xjDY@4u!1R1$kMd!|Dd)3Oj?a-1@bQuJ
zGhz?e+$&-I#Jc~q!JT&{OXn-=ZTu><_0+@qFGA5bx1N1jc_%AC@a99t6+hbVFjPD*
zlbM&YU~#<HhQo6+o;?&u+xum^-K1^PgFjAe4B_1D@NSQ&{W90JbDsQpcYP0QQSZMp
zgHKZ~ZBxAO8zV90SM6^8ttTd_RIgWCCwhll*=`-<TfV6`&3|4}sE%lGiu#*h*6n^c
z+CuKeq1UGM^Vgc_zdMvJ_^x}`v~!CTZkZ(?NIe_&!1TJ^mAA#5@6T`KUObD{C%ao9
zsQB~7!<(6IU(H{#H9Dqx_vb*lm0fSPuw86^tHkj8n|=t}hjgx6>mT=C-yyD6{*CAU
zbAcA213k_z6ZG$z|4<gzztNDix8}QS@5kQvK89TL_b%#HTPs=LcBIEBULelv^W8&N
z3UUv6)c=&d^rzzFmB-iSRD8F!tv$bSuk>sdxvnDiormsueVi3I=hEAwk9|GFUKP*(
zmVCWq#*6=IN3OVUo_;VjW9z5BgI6P(MYo&%yc#j-Pdb0amK!C$A9UOt4%p@|(ERo=
zklTIkm2$WJ$%@ynyzZJ(QCwgD<iX4brkhtNe>r_KO<~sq1K!1b7eBA@YG1o_ZS9v8
z<^gMpl?pxQNNIoN50~D4D9GRL(1pc$?pxUA*sb!4%qx!Ga!2Fh)W#z7ZdRxIg}XfB
zp55k34$-Wbeo<fMjXQIsWI1P8O_Y-U&Tk=W418)C{k67PNq8RS$XLIIb8kt-z54j|
z8F^vPbc6T2QdN5Tnjw0@g`*Dlk^}bl-S~C==Zl}QeqwXOe8mja>Q+va{*q&I@m&wc
zd^er?vXJvLKbtK3YbrlQ;`sKm-4o}XlD+TIschDg_~GD{&rUZ^itg#_SzfzD;_Y=d
zZS&;ktru!-w(1*&1`97TayHfcbHvdhOU!CRc)|p!BKv182~T_$y*_L?x3<D%(x<;U
zwa=8wx2}p(n4MXm=J5G*WLemfRV#O2deXk`w~dnbt|g4MjmEM@N&hzMKJN<n$g*GV
UK&(_lF5l0Z#GsIGl7St<0Qrd6V*mgE

delta 1337
zcmeyteT8d+PQ8zNWL92snxRi|hOw`|Sw*FORAO;PWTkJBZ)$;KMqsv|xkai^eps1n
zAeWnOXnu&1NpV$puD-8Fp=+pTaH3^EQAv?OaejtlzQ0*kRZ>7jXhvyNK9{bYLUD11
zZfc5=si~o*LRLV2d0x6gNV1>1nO~T3PL@eURA7~{Uwv3snU7~~d2y+}nMs+eYp`Kq
za#mEBVXlz{msx67pn;i}X?}W`XLyRApNW}^r*n{7Rc5|-N@=P^y1Q9;WI<R!in&`P
zm#(g^LQqvoQ9yxHPDpuCNT#WArA1O<o_~aSuA4z{iATPpiJxVlpSgRsOJHI-*YZ_%
z87uZ(KUS}9us0x9H*#*w_E`cFsZ+z6W=e;L?updtWX=1qGHLbhoQric@3I>7txsRS
zEa2H)kt=ndea&_>r1ceU*>vr+dv}C^<^=n4E=gw9_d6Fc%341-yzQo7ZO`V=#|C{C
z_Dr*{>BuZGso*R$P~2@Lw?;?kz@vpV>))@Kx6p{=UUJNb`U|OB|7~dTtW%7-)WDc>
z_{off2V5If;{|soU6eMCxXBgId+43YM&3<tAL#VoU2$r)jgiPI{-9$THqOgV&y?lY
zo!G6?;gnPVtIxadIFsu4$UXLd69c}yEorYd*~cstd8cG$61UGWR_k|8FBKV={R~r(
zPV{H`(|`K8RtC33?ymX?5}S|ebvnxaGjl7+ajN{U=Ci%dHke=S?q`l(#q0l{$oMM9
zoG-7v_vzST)86$9?|go2^uu!EgvO^jljev`uD51jxL$cKCn4z|2Twi6!+WQXawhG&
z{i#koeu<;KM~H!w)6L1NzC5%MHFs$~7~-5PKFMUm?B*Ad6Eb3+7oNW6SpV+j>;;B>
zMU&z!gY{e<J}XqHG@BH)S&&Jr<CMUy-MjzSY<k}nex&EZx6CusTpmBK-mu!YAtmB+
z3}<-UtmNat&py7AIbyix*)Ki?PDig_9XI~+bpL+yEATthVjYLKS2`7L?_6|dt&09B
z38y|e$-?b+MpIwPKTBQ1$kHUu+j4$R{pWWrvR?E3XYly!ieBNHXuPp_>&vq3U-{a~
z*FQGab)CFyN4|xhBj@^rxz}%h`kyjcw2QNN)7ul~Q@d?9y#8)-_qn}8V^8LyI|8?R
zHZ9R@P<5Kkux9RN!=5j{0-rZJvQ^EU|DK^l@8(3ar`vz7YiB%s&n0$F(Sd-x!YwNA
z=H1*<UsQ6ovTP#P+A{v_WmzIef?u#Uvu~)(y!`Kn@8eV4%MUGCaOUKZEp3Vs{>So?
zR=;09>A?J7^7FRwSR6W#t#Ye8I_cT3KhsW1*(fpp^ELh#bo<=qr)&B&7d}{aZo^Xl
zpDxe48HDravK^k{wPB5?m_eDWr?UBuvL3-Jj<dh+Fi+~LZ+)G2TW&_4S@MFz9LL;R
z|IADA`M2n6`*F8zt1AmP{YkT0cjtHgty!j`s+T&ZtqZ(Ut}ao0Uo<l<w*CH-|2M1l
zch8BL#?`h^YhPLU@nnwn6z3hB{%=k`-*oUzmF$ymuIK8G75J9Pg)mRcQ~X`#YQ=VF
z`jlxch6l23e{>$MtD9NB`}OSC`}hUynEE^poLy5;e*WZzB>QVlyR#GCM9pjMT)w+%
z|MIqz9@5-VzPpQ7zOP%b@b($oWBkAKquxptFf0(7(RKaL=@~X>zuXE|SsI;jXpZ@s
zQ$h>n3&S0?XYhXRYQ6dDtJBQ8pLTvpX8pEOt5YGc<>=fnt9CX;?^!w7&(n;u{(o%A
zK3}t1u2V76Q~H(d-Q$PTrGGcS)($vyhjINiudWlzW8F<u<E~gN>bX?;=Q2YG0CoF!
AMgRZ+


From c1e2114c57e9e0027b3e17b7fbf48253b22fb651 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 23 May 2025 22:56:19 +0100
Subject: [PATCH 401/431] flake: bump inputs

---
 flake.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/flake.lock b/flake.lock
index b90b54a..e0456b8 100644
--- a/flake.lock
+++ b/flake.lock
@@ -14,11 +14,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1745630506,
-        "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=",
+        "lastModified": 1747575206,
+        "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "96e078c646b711aee04b82ba01aefbff87004ded",
+        "rev": "4835b1dc898959d8547a871ef484930675cb47f1",
         "type": "github"
       },
       "original": {
@@ -117,11 +117,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1746537231,
-        "narHash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=",
+        "lastModified": 1747372754,
+        "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "fa466640195d38ec97cf0493d6d6882bc4d14969",
+        "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
         "type": "github"
       },
       "original": {
@@ -159,11 +159,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1747225851,
-        "narHash": "sha256-4IbmZrNOdXP143kZEUzxBS5SqyxUlaSHLgdpeJfP2ZU=",
+        "lastModified": 1747978958,
+        "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "6bf057fc8326e83bda05a669fc08d106547679fb",
+        "rev": "7419250703fd5eb50e99bdfb07a86671939103ea",
         "type": "github"
       },
       "original": {
@@ -175,11 +175,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1746904237,
-        "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=",
+        "lastModified": 1747744144,
+        "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956",
+        "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f",
         "type": "github"
       },
       "original": {

From 24407448d498d637b94d04d9b06816f432c9197b Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 27 May 2025 11:16:46 +0000
Subject: [PATCH 402/431] hosts: homes: mousqueton: disable 'atuin' package

The system-provided package is built without its sync functionality.

To ensure the module works as written, I can't use `pkgs.emptyDirectory`
for this unfortunately...
---
 hosts/homes/ambroisie@mousqueton/default.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/hosts/homes/ambroisie@mousqueton/default.nix b/hosts/homes/ambroisie@mousqueton/default.nix
index 37884d7..1383618 100644
--- a/hosts/homes/ambroisie@mousqueton/default.nix
+++ b/hosts/homes/ambroisie@mousqueton/default.nix
@@ -7,6 +7,20 @@
   services.gpg-agent.enable = lib.mkForce false;
 
   my.home = {
+    atuin = {
+      package = pkgs.stdenv.mkDerivation {
+        pname = "atuin";
+        version = "18.4.0";
+
+        buildCommand = ''
+          mkdir -p $out/bin
+          ln -s /usr/bin/atuin $out/bin/atuin
+        '';
+
+        meta.mainProgram = "atuin";
+      };
+    };
+
     git = {
       package = pkgs.emptyDirectory;
     };

From 9751fdb888d0d72801bff0c0381b057e0431f2a8 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 27 May 2025 11:39:15 +0000
Subject: [PATCH 403/431] hosts: homes: bazin: disable 'atuin' package

Same as on `mousqueton`.
---
 hosts/homes/ambroisie@bazin/default.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/hosts/homes/ambroisie@bazin/default.nix b/hosts/homes/ambroisie@bazin/default.nix
index f52fbce..365b70d 100644
--- a/hosts/homes/ambroisie@bazin/default.nix
+++ b/hosts/homes/ambroisie@bazin/default.nix
@@ -4,6 +4,20 @@
   services.gpg-agent.enable = lib.mkForce false;
 
   my.home = {
+    atuin = {
+      package = pkgs.stdenv.mkDerivation {
+        pname = "atuin";
+        version = "18.4.0";
+
+        buildCommand = ''
+          mkdir -p $out/bin
+          ln -s /usr/bin/atuin $out/bin/atuin
+        '';
+
+        meta.mainProgram = "atuin";
+      };
+    };
+
     git = {
       package = pkgs.emptyDirectory;
     };

From a67a54bda27092c9f89e60bf3ce75839e914f9b4 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 24 May 2025 22:33:21 +0200
Subject: [PATCH 404/431] nixos: services: paperless: use structured setting

The module should stringify it to JSON automatically, so might as well
use the more readable option.
---
 modules/nixos/services/paperless/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix
index b6965ca..1195977 100644
--- a/modules/nixos/services/paperless/default.nix
+++ b/modules/nixos/services/paperless/default.nix
@@ -61,7 +61,7 @@ in
         # Security settings
         PAPERLESS_URL = "https://paperless.${config.networking.domain}";
         PAPERLESS_USE_X_FORWARD_HOST = true;
-        PAPERLESS_PROXY_SSL_HEADER = ''["HTTP_X_FORWARDED_PROTO", "https"]'';
+        PAPERLESS_PROXY_SSL_HEADER = [ "HTTP_X_FORWARDED_PROTO" "https" ];
 
         # OCR settings
         PAPERLESS_OCR_LANGUAGE = "fra+eng";

From 98d39717e2aa0306865982191afa200b5914426b Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 31 May 2025 22:37:21 +0100
Subject: [PATCH 405/431] home: direnv: lib: don't erase pre-existing venv

Turns out `uv venv` isn't idempotent, it removes the existing virtual
environment by default.

Thankfully, there's a flag to fix it.
---
 modules/home/direnv/lib/python.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh
index b4b2bce..b1be8a9 100644
--- a/modules/home/direnv/lib/python.sh
+++ b/modules/home/direnv/lib/python.sh
@@ -46,7 +46,7 @@ layout_uv() {
     fi
 
     # create venv if it doesn't exist
-    uv venv -q
+    uv venv -q --allow-existing
 
     export VIRTUAL_ENV
     export UV_ACTIVE=1

From 151570cccaf8511688769ee0665868340054ba30 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 9 Jun 2025 10:36:33 +0000
Subject: [PATCH 406/431] flake: bump inputs

---
 flake.lock | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/flake.lock b/flake.lock
index e0456b8..219d87d 100644
--- a/flake.lock
+++ b/flake.lock
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1743550720,
-        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
+        "lastModified": 1749398372,
+        "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
+        "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
         "type": "github"
       },
       "original": {
@@ -159,11 +159,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1747978958,
-        "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=",
+        "lastModified": 1749400020,
+        "narHash": "sha256-0nTmHO8AYgRYk5v6zw5oZ3x9nh+feb+Isn7WNe318M0=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "7419250703fd5eb50e99bdfb07a86671939103ea",
+        "rev": "2835e8ba0ad99ba86d4a5e497a962ec9fa35e48f",
         "type": "github"
       },
       "original": {
@@ -175,11 +175,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1747744144,
-        "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=",
+        "lastModified": 1749285348,
+        "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f",
+        "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f",
         "type": "github"
       },
       "original": {

From 971f90581397286a3ffb424970cb5c1e9471a203 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 9 Jun 2025 13:52:29 +0200
Subject: [PATCH 407/431] nixos: services: mealie: remove DB settings

Looks like I missed them in the original commit to migrate to
`database.createLocally`.
---
 modules/nixos/services/mealie/default.nix | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix
index 3b4d4f7..8c02398 100644
--- a/modules/nixos/services/mealie/default.nix
+++ b/modules/nixos/services/mealie/default.nix
@@ -32,11 +32,6 @@ in
         BASE_URL = "https://mealie.${config.networking.domain}";
         TZ = config.time.timeZone;
         ALLOw_SIGNUP = "false";
-
-        # Use PostgreSQL
-        DB_ENGINE = "postgres";
-        # Make it work with socket auth
-        POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql";
       };
 
       # Automatic PostgreSQL provisioning

From 1b275e1a8a8291b3ed9789d25c2592ba52b8d9ec Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 17 Jun 2025 09:29:24 +0000
Subject: [PATCH 408/431] flake: bump inputs

---
 flake.lock | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/flake.lock b/flake.lock
index 219d87d..94ab916 100644
--- a/flake.lock
+++ b/flake.lock
@@ -117,11 +117,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1747372754,
-        "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
+        "lastModified": 1749636823,
+        "narHash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
+        "rev": "623c56286de5a3193aa38891a6991b28f9bab056",
         "type": "github"
       },
       "original": {
@@ -159,11 +159,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1749400020,
-        "narHash": "sha256-0nTmHO8AYgRYk5v6zw5oZ3x9nh+feb+Isn7WNe318M0=",
+        "lastModified": 1750127463,
+        "narHash": "sha256-K2xFtlD3PcKAZriOE3LaBLYmVfGQu+rIF4Jr1RFYR0Q=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2835e8ba0ad99ba86d4a5e497a962ec9fa35e48f",
+        "rev": "28eef8722d1af18ca13e687dbf485e1c653a0402",
         "type": "github"
       },
       "original": {
@@ -175,11 +175,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1749285348,
-        "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=",
+        "lastModified": 1749794982,
+        "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f",
+        "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81",
         "type": "github"
       },
       "original": {

From 112e3403615f65807dfcc28929b2b8a19656859e Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 17 Jun 2025 09:26:09 +0000
Subject: [PATCH 409/431] home: do not hard-code username

The flake module already sets it with `mkDefault`, making it easier to
override it for a specific host.
---
 modules/home/default.nix | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/modules/home/default.nix b/modules/home/default.nix
index e642e87..1c40377 100644
--- a/modules/home/default.nix
+++ b/modules/home/default.nix
@@ -51,9 +51,6 @@
   # First sane reproducible version
   home.stateVersion = "20.09";
 
-  # Who am I?
-  home.username = "ambroisie";
-
   # Start services automatically
   systemd.user.startServices = "sd-switch";
 }

From 03bb62777079b4a8ecc755570cc04a45095ca013 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 2 Jul 2025 13:23:34 +0200
Subject: [PATCH 410/431] flake: bump inputs

---
 flake.lock | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/flake.lock b/flake.lock
index 94ab916..a4da84d 100644
--- a/flake.lock
+++ b/flake.lock
@@ -14,11 +14,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1747575206,
-        "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=",
+        "lastModified": 1750173260,
+        "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "4835b1dc898959d8547a871ef484930675cb47f1",
+        "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
         "type": "github"
       },
       "original": {
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1749398372,
-        "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
+        "lastModified": 1751413152,
+        "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
+        "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5",
         "type": "github"
       },
       "original": {
@@ -117,11 +117,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1749636823,
-        "narHash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4=",
+        "lastModified": 1750779888,
+        "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "623c56286de5a3193aa38891a6991b28f9bab056",
+        "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
         "type": "github"
       },
       "original": {
@@ -159,11 +159,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1750127463,
-        "narHash": "sha256-K2xFtlD3PcKAZriOE3LaBLYmVfGQu+rIF4Jr1RFYR0Q=",
+        "lastModified": 1751429452,
+        "narHash": "sha256-4s5vRtaqdNhVBnbOWOzBNKrRa0ShQTLoEPjJp3joeNI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "28eef8722d1af18ca13e687dbf485e1c653a0402",
+        "rev": "df12269039dcf752600b1bcc176bacf2786ec384",
         "type": "github"
       },
       "original": {
@@ -175,11 +175,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1749794982,
-        "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=",
+        "lastModified": 1751271578,
+        "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81",
+        "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df",
         "type": "github"
       },
       "original": {

From d61840651698e3ad05325039e9aa2a6cf9ad6aa2 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 2 Jul 2025 13:24:16 +0200
Subject: [PATCH 411/431] nixos: services: use 'postgresql.target'

This is now the more correct dependency to use in service definitions,
to guarantee read-write access with users and permissions.
---
 modules/nixos/services/drone/server/default.nix      | 4 ++--
 modules/nixos/services/tandoor-recipes/default.nix   | 4 ++--
 modules/nixos/services/woodpecker/server/default.nix | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/modules/nixos/services/drone/server/default.nix b/modules/nixos/services/drone/server/default.nix
index a3a1e49..d6148f4 100644
--- a/modules/nixos/services/drone/server/default.nix
+++ b/modules/nixos/services/drone/server/default.nix
@@ -6,8 +6,8 @@ in
   config = lib.mkIf cfg.enable {
     systemd.services.drone-server = {
       wantedBy = [ "multi-user.target" ];
-      after = [ "postgresql.service" ];
-      requires = [ "postgresql.service" ];
+      after = [ "postgresql.target" ];
+      requires = [ "postgresql.target" ];
       serviceConfig = {
         EnvironmentFile = [
           cfg.secretFile
diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix
index 3447bee..169eec8 100644
--- a/modules/nixos/services/tandoor-recipes/default.nix
+++ b/modules/nixos/services/tandoor-recipes/default.nix
@@ -49,8 +49,8 @@ in
 
     systemd.services = {
       tandoor-recipes = {
-        after = [ "postgresql.service" ];
-        requires = [ "postgresql.service" ];
+        after = [ "postgresql.target" ];
+        requires = [ "postgresql.target" ];
 
         serviceConfig = {
           EnvironmentFile = cfg.secretKeyFile;
diff --git a/modules/nixos/services/woodpecker/server/default.nix b/modules/nixos/services/woodpecker/server/default.nix
index adf533e..caf0179 100644
--- a/modules/nixos/services/woodpecker/server/default.nix
+++ b/modules/nixos/services/woodpecker/server/default.nix
@@ -24,8 +24,8 @@ in
     };
 
     systemd.services.woodpecker-server = {
-      after = [ "postgresql.service" ];
-      requires = [ "postgresql.service" ];
+      after = [ "postgresql.target" ];
+      requires = [ "postgresql.target" ];
 
       serviceConfig = {
         # Set username for DB access

From 5d8722397010e1c1ddbc4d59abe53b7a6bd55584 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 2 Jul 2025 13:26:22 +0200
Subject: [PATCH 412/431] nixos: services: transmission: use 'trgui-ng'

I like it much better than the built-in UI.
---
 modules/nixos/services/transmission/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix
index 16d51e3..ddd77d4 100644
--- a/modules/nixos/services/transmission/default.nix
+++ b/modules/nixos/services/transmission/default.nix
@@ -47,6 +47,7 @@ in
       enable = true;
       package = pkgs.transmission_4;
       group = "media";
+      webHome = pkgs.trgui-ng-web;
 
       downloadDirPermissions = "775";
 

From 66ec807dc6729a8aabd7cb5f42797e246f36befa Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 2 Jul 2025 14:01:15 +0200
Subject: [PATCH 413/431] hosts: nixos: aramis: home: use 'trgui-ng'

It looks and works much better than the old one.

Unfortunately, it's a Tauri app.
---
 hosts/nixos/aramis/home.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix
index 64b63ce..221b1ea 100644
--- a/hosts/nixos/aramis/home.nix
+++ b/hosts/nixos/aramis/home.nix
@@ -20,7 +20,7 @@
       element-desktop # Matrix client
       jellyfin-media-player # Wraps the webui and mpv together
       pavucontrol # Audio mixer GUI
-      transgui # Transmission remote
+      trgui-ng # Transmission remote
     ];
     # Minimal video player
     mpv.enable = true;

From 19c3c0d835bebbcd357b6ebbc4b8f4b01f408e8d Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 3 Jan 2024 16:49:19 +0000
Subject: [PATCH 414/431] modules: add common

This should define modules that are identical, or very similar.

The driving force is to be able to use `my.profiles` on home-manager and NixOS
without repeating myself.

In the future I might migrate other modules, such as `nixos/system/nix`...
---
 modules/common/default.nix | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 modules/common/default.nix

diff --git a/modules/common/default.nix b/modules/common/default.nix
new file mode 100644
index 0000000..ce6840c
--- /dev/null
+++ b/modules/common/default.nix
@@ -0,0 +1,31 @@
+# Modules that are common to various module systems
+# Usually with very small differences, if any, between them.
+{ lib, _class, ... }:
+let
+  allowedClass = [
+    "darwin"
+    "home"
+    "nixos"
+  ];
+
+  allowedClassString = lib.concatStringSep ", " (builtins.map lib.escapeNixString allowedClass);
+in
+{
+  config = {
+    assertions = [
+      {
+        assertion = type != null;
+        message = ''
+          You must provide `type` as part of specialArgs to use the common modules.
+          It must be one of ${allowedClassString}.
+        '';
+      }
+      {
+        assertion = type != null -> builtins.elem type allowedClass;
+        message = ''
+          `type` specialArgs must be one of ${allowedClassString}.
+        '';
+      }
+    ];
+  };
+}

From 82af30ef081683198f3cacfdfdea30a0bbf3e1c9 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 3 Jan 2024 16:50:05 +0000
Subject: [PATCH 415/431] nixos: home: import common modules

---
 modules/nixos/home/default.nix | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/modules/nixos/home/default.nix b/modules/nixos/home/default.nix
index fe00704..fb120f2 100644
--- a/modules/nixos/home/default.nix
+++ b/modules/nixos/home/default.nix
@@ -13,8 +13,13 @@ in
 
   config = lib.mkIf cfg.enable {
     home-manager = {
-      # Not a fan of out-of-directory imports, but this is a good exception
-      users.${config.my.user.name} = import "${inputs.self}/modules/home";
+      users.${config.my.user.name} = {
+        # Not a fan of out-of-directory imports, but this is a good exception
+        imports = [
+          "${inputs.self}/modules/common"
+          "${inputs.self}/modules/home"
+        ];
+      };
 
       # Nix Flakes compatibility
       useGlobalPkgs = true;

From 298935eb2f05996754b6c1faf3152aa5c922e1de Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 3 Jan 2024 16:50:16 +0000
Subject: [PATCH 416/431] flake: home-manager: import common modules

---
 flake/home-manager.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/flake/home-manager.nix b/flake/home-manager.nix
index 88a74e8..69cd484 100644
--- a/flake/home-manager.nix
+++ b/flake/home-manager.nix
@@ -19,6 +19,8 @@ let
       # Enable home-manager
       programs.home-manager.enable = true;
     }
+    # Import common modules
+    "${self}/modules/common"
   ];
 
   mkHome = name: system: inputs.home-manager.lib.homeManagerConfiguration {

From 15f5a81ef6e884801c9bd81ec3a61da76acfef78 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 3 Jan 2024 16:50:22 +0000
Subject: [PATCH 417/431] flake: nixos: import common modules

---
 flake/nixos.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/flake/nixos.nix b/flake/nixos.nix
index 0fbd3a6..4777967 100644
--- a/flake/nixos.nix
+++ b/flake/nixos.nix
@@ -12,6 +12,8 @@ let
     }
     # Include generic settings
     "${self}/modules/nixos"
+    # Import common modules
+    "${self}/modules/common"
   ];
 
   buildHost = name: system: lib.nixosSystem {

From cea609adf6346988b3d73d180d607ad8bedc5e50 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 3 Jan 2024 16:51:34 +0000
Subject: [PATCH 418/431] common: add profiles

I will be migrating each sub-module one by one.
---
 modules/common/default.nix          | 4 ++++
 modules/common/profiles/default.nix | 7 +++++++
 2 files changed, 11 insertions(+)
 create mode 100644 modules/common/profiles/default.nix

diff --git a/modules/common/default.nix b/modules/common/default.nix
index ce6840c..4fe6dc9 100644
--- a/modules/common/default.nix
+++ b/modules/common/default.nix
@@ -11,6 +11,10 @@ let
   allowedClassString = lib.concatStringSep ", " (builtins.map lib.escapeNixString allowedClass);
 in
 {
+  imports = [
+    ./profiles
+  ];
+
   config = {
     assertions = [
       {
diff --git a/modules/common/profiles/default.nix b/modules/common/profiles/default.nix
new file mode 100644
index 0000000..06511ac
--- /dev/null
+++ b/modules/common/profiles/default.nix
@@ -0,0 +1,7 @@
+# Configuration that spans accross system and home, or are almagations of modules
+{ ... }:
+{
+  imports = [
+    # FIXME: empty
+  ];
+}

From db052a1171bc171177d139028d7360eca4215e24 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 3 Jan 2024 16:51:34 +0000
Subject: [PATCH 419/431] common: profiles: migrate bluetooth

---
 modules/common/profiles/bluetooth/default.nix | 19 +++++++++++++++++++
 modules/common/profiles/default.nix           |  2 +-
 modules/nixos/profiles/bluetooth/default.nix  | 15 ---------------
 modules/nixos/profiles/default.nix            |  1 -
 4 files changed, 20 insertions(+), 17 deletions(-)
 create mode 100644 modules/common/profiles/bluetooth/default.nix
 delete mode 100644 modules/nixos/profiles/bluetooth/default.nix

diff --git a/modules/common/profiles/bluetooth/default.nix b/modules/common/profiles/bluetooth/default.nix
new file mode 100644
index 0000000..744864e
--- /dev/null
+++ b/modules/common/profiles/bluetooth/default.nix
@@ -0,0 +1,19 @@
+{ config, lib, _class, ... }:
+let
+  cfg = config.my.profiles.bluetooth;
+in
+{
+  options.my.profiles.bluetooth = with lib; {
+    enable = mkEnableOption "bluetooth profile";
+  };
+
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    (lib.optionalAttrs (_class == "home") {
+      my.home.bluetooth.enable = true;
+    })
+
+    (lib.optionalAttrs (_class == "nixos") {
+      my.hardware.bluetooth.enable = true;
+    })
+  ]);
+}
diff --git a/modules/common/profiles/default.nix b/modules/common/profiles/default.nix
index 06511ac..a71f3be 100644
--- a/modules/common/profiles/default.nix
+++ b/modules/common/profiles/default.nix
@@ -2,6 +2,6 @@
 { ... }:
 {
   imports = [
-    # FIXME: empty
+    ./bluetooth
   ];
 }
diff --git a/modules/nixos/profiles/bluetooth/default.nix b/modules/nixos/profiles/bluetooth/default.nix
deleted file mode 100644
index 292d0d1..0000000
--- a/modules/nixos/profiles/bluetooth/default.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.my.profiles.bluetooth;
-in
-{
-  options.my.profiles.bluetooth = with lib; {
-    enable = mkEnableOption "bluetooth profile";
-  };
-
-  config = lib.mkIf cfg.enable {
-    my.hardware.bluetooth.enable = true;
-
-    my.home.bluetooth.enable = true;
-  };
-}
diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix
index dbd4be3..112decd 100644
--- a/modules/nixos/profiles/default.nix
+++ b/modules/nixos/profiles/default.nix
@@ -2,7 +2,6 @@
 { ... }:
 {
   imports = [
-    ./bluetooth
     ./devices
     ./gtk
     ./laptop

From cf8a1e90e35b3e4c384a169f5c9ee61bf2a4eae0 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 3 Jan 2024 17:03:09 +0000
Subject: [PATCH 420/431] common: profiles: migrate devices

---
 modules/common/profiles/default.nix         |  1 +
 modules/common/profiles/devices/default.nix | 22 +++++++++++++++++++++
 modules/nixos/profiles/default.nix          |  1 -
 modules/nixos/profiles/devices/default.nix  | 20 -------------------
 4 files changed, 23 insertions(+), 21 deletions(-)
 create mode 100644 modules/common/profiles/devices/default.nix
 delete mode 100644 modules/nixos/profiles/devices/default.nix

diff --git a/modules/common/profiles/default.nix b/modules/common/profiles/default.nix
index a71f3be..447e906 100644
--- a/modules/common/profiles/default.nix
+++ b/modules/common/profiles/default.nix
@@ -3,5 +3,6 @@
 {
   imports = [
     ./bluetooth
+    ./devices
   ];
 }
diff --git a/modules/common/profiles/devices/default.nix b/modules/common/profiles/devices/default.nix
new file mode 100644
index 0000000..224004a
--- /dev/null
+++ b/modules/common/profiles/devices/default.nix
@@ -0,0 +1,22 @@
+{ config, lib, _class, ... }:
+let
+  cfg = config.my.profiles.devices;
+in
+{
+  options.my.profiles.devices = with lib; {
+    enable = mkEnableOption "devices profile";
+  };
+
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    (lib.optionalAttrs (_class == "nixos") {
+      my.hardware = {
+        ergodox.enable = true;
+
+        trackball.enable = true;
+      };
+
+      # MTP devices auto-mount via file explorers
+      services.gvfs.enable = true;
+    })
+  ]);
+}
diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix
index 112decd..fc3a7f5 100644
--- a/modules/nixos/profiles/default.nix
+++ b/modules/nixos/profiles/default.nix
@@ -2,7 +2,6 @@
 { ... }:
 {
   imports = [
-    ./devices
     ./gtk
     ./laptop
     ./wm
diff --git a/modules/nixos/profiles/devices/default.nix b/modules/nixos/profiles/devices/default.nix
deleted file mode 100644
index 7a84bd2..0000000
--- a/modules/nixos/profiles/devices/default.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.my.profiles.devices;
-in
-{
-  options.my.profiles.devices = with lib; {
-    enable = mkEnableOption "devices profile";
-  };
-
-  config = lib.mkIf cfg.enable {
-    my.hardware = {
-      ergodox.enable = true;
-
-      trackball.enable = true;
-    };
-
-    # MTP devices auto-mount via file explorers
-    services.gvfs.enable = true;
-  };
-}

From 21118b73d497c0e0d1a0c41dce6ecd9a9e5509cc Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 3 Jan 2024 17:03:47 +0000
Subject: [PATCH 421/431] common: profiles: migrate gtk

---
 modules/common/profiles/default.nix     |  1 +
 modules/common/profiles/gtk/default.nix | 21 +++++++++++++++++++++
 modules/nixos/profiles/default.nix      |  1 -
 modules/nixos/profiles/gtk/default.nix  | 17 -----------------
 4 files changed, 22 insertions(+), 18 deletions(-)
 create mode 100644 modules/common/profiles/gtk/default.nix
 delete mode 100644 modules/nixos/profiles/gtk/default.nix

diff --git a/modules/common/profiles/default.nix b/modules/common/profiles/default.nix
index 447e906..30c1f29 100644
--- a/modules/common/profiles/default.nix
+++ b/modules/common/profiles/default.nix
@@ -4,5 +4,6 @@
   imports = [
     ./bluetooth
     ./devices
+    ./gtk
   ];
 }
diff --git a/modules/common/profiles/gtk/default.nix b/modules/common/profiles/gtk/default.nix
new file mode 100644
index 0000000..e312417
--- /dev/null
+++ b/modules/common/profiles/gtk/default.nix
@@ -0,0 +1,21 @@
+{ config, lib, _class, ... }:
+let
+  cfg = config.my.profiles.gtk;
+in
+{
+  options.my.profiles.gtk = with lib; {
+    enable = mkEnableOption "gtk profile";
+  };
+
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    (lib.optionalAttrs (_class == "home") {
+      # GTK theme configuration
+      my.home.gtk.enable = true;
+    })
+
+    (lib.optionalAttrs (_class == "nixos") {
+      # Allow setting GTK configuration using home-manager
+      programs.dconf.enable = true;
+    })
+  ]);
+}
diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix
index fc3a7f5..c6c74a0 100644
--- a/modules/nixos/profiles/default.nix
+++ b/modules/nixos/profiles/default.nix
@@ -2,7 +2,6 @@
 { ... }:
 {
   imports = [
-    ./gtk
     ./laptop
     ./wm
     ./x
diff --git a/modules/nixos/profiles/gtk/default.nix b/modules/nixos/profiles/gtk/default.nix
deleted file mode 100644
index a8d6d9a..0000000
--- a/modules/nixos/profiles/gtk/default.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.my.profiles.gtk;
-in
-{
-  options.my.profiles.gtk = with lib; {
-    enable = mkEnableOption "gtk profile";
-  };
-
-  config = lib.mkIf cfg.enable {
-    # Allow setting GTK configuration using home-manager
-    programs.dconf.enable = true;
-
-    # GTK theme configuration
-    my.home.gtk.enable = true;
-  };
-}

From f85ecf2d9b4a86ad386b2abee3de29e4b34bd157 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 3 Jan 2024 17:05:16 +0000
Subject: [PATCH 422/431] common: profiles: migrate laptop

---
 modules/common/profiles/default.nix        |  1 +
 modules/common/profiles/laptop/default.nix | 27 ++++++++++++++++++++++
 modules/nixos/profiles/default.nix         |  1 -
 modules/nixos/profiles/laptop/default.nix  | 23 ------------------
 4 files changed, 28 insertions(+), 24 deletions(-)
 create mode 100644 modules/common/profiles/laptop/default.nix
 delete mode 100644 modules/nixos/profiles/laptop/default.nix

diff --git a/modules/common/profiles/default.nix b/modules/common/profiles/default.nix
index 30c1f29..712e20b 100644
--- a/modules/common/profiles/default.nix
+++ b/modules/common/profiles/default.nix
@@ -5,5 +5,6 @@
     ./bluetooth
     ./devices
     ./gtk
+    ./laptop
   ];
 }
diff --git a/modules/common/profiles/laptop/default.nix b/modules/common/profiles/laptop/default.nix
new file mode 100644
index 0000000..a469f0e
--- /dev/null
+++ b/modules/common/profiles/laptop/default.nix
@@ -0,0 +1,27 @@
+{ config, lib, _class, ... }:
+let
+  cfg = config.my.profiles.laptop;
+in
+{
+  options.my.profiles.laptop = with lib; {
+    enable = mkEnableOption "laptop profile";
+  };
+
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    (lib.optionalAttrs (_class == "home") {
+      # Enable battery notifications
+      my.home.power-alert.enable = true;
+    })
+
+    (lib.optionalAttrs (_class == "nixos") {
+      # Enable touchpad support
+      services.libinput.enable = true;
+
+      # Enable TLP power management
+      my.services.tlp.enable = true;
+
+      # Enable upower power management
+      my.hardware.upower.enable = true;
+    })
+  ]);
+}
diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix
index c6c74a0..fc12361 100644
--- a/modules/nixos/profiles/default.nix
+++ b/modules/nixos/profiles/default.nix
@@ -2,7 +2,6 @@
 { ... }:
 {
   imports = [
-    ./laptop
     ./wm
     ./x
   ];
diff --git a/modules/nixos/profiles/laptop/default.nix b/modules/nixos/profiles/laptop/default.nix
deleted file mode 100644
index 68c65b8..0000000
--- a/modules/nixos/profiles/laptop/default.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.my.profiles.laptop;
-in
-{
-  options.my.profiles.laptop = with lib; {
-    enable = mkEnableOption "laptop profile";
-  };
-
-  config = lib.mkIf cfg.enable {
-    # Enable touchpad support
-    services.libinput.enable = true;
-
-    # Enable TLP power management
-    my.services.tlp.enable = true;
-
-    # Enable upower power management
-    my.hardware.upower.enable = true;
-
-    # Enable battery notifications
-    my.home.power-alert.enable = true;
-  };
-}

From 76a4ece3a9d5065b9f6aa611d785640edd90bb78 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 3 Jan 2024 17:05:37 +0000
Subject: [PATCH 423/431] common: profiles: migrate wm

---
 modules/common/profiles/default.nix    |  1 +
 modules/common/profiles/wm/default.nix | 38 ++++++++++++++++++++++++++
 modules/nixos/profiles/default.nix     |  1 -
 modules/nixos/profiles/wm/default.nix  | 31 ---------------------
 4 files changed, 39 insertions(+), 32 deletions(-)
 create mode 100644 modules/common/profiles/wm/default.nix
 delete mode 100644 modules/nixos/profiles/wm/default.nix

diff --git a/modules/common/profiles/default.nix b/modules/common/profiles/default.nix
index 712e20b..034d993 100644
--- a/modules/common/profiles/default.nix
+++ b/modules/common/profiles/default.nix
@@ -6,5 +6,6 @@
     ./devices
     ./gtk
     ./laptop
+    ./wm
   ];
 }
diff --git a/modules/common/profiles/wm/default.nix b/modules/common/profiles/wm/default.nix
new file mode 100644
index 0000000..4fd81b9
--- /dev/null
+++ b/modules/common/profiles/wm/default.nix
@@ -0,0 +1,38 @@
+{ config, lib, _class, ... }:
+let
+  cfg = config.my.profiles.wm;
+
+  applyWm = wm: configs: lib.mkIf (cfg.windowManager == wm) (lib.my.merge configs);
+in
+{
+  options.my.profiles.wm = with lib; {
+    windowManager = mkOption {
+      type = with types; nullOr (enum [ "i3" ]);
+      default = null;
+      example = "i3";
+      description = "Which window manager to use";
+    };
+  };
+
+  config = lib.mkMerge [
+    (applyWm "i3" [
+      (lib.optionalAttrs (_class == "home") {
+        # i3 settings
+        my.home.wm.windowManager = "i3";
+        # Screenshot tool
+        my.home.flameshot.enable = true;
+        # Auto disk mounter
+        my.home.udiskie.enable = true;
+      })
+
+      (lib.optionalAttrs (_class == "nixos") {
+        # Enable i3
+        services.xserver.windowManager.i3.enable = true;
+        # udiskie fails if it can't find this dbus service
+        services.udisks2.enable = true;
+        # Ensure i3lock can actually unlock the session
+        security.pam.services.i3lock.enable = true;
+      })
+    ])
+  ];
+}
diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix
index fc12361..aec95b1 100644
--- a/modules/nixos/profiles/default.nix
+++ b/modules/nixos/profiles/default.nix
@@ -2,7 +2,6 @@
 { ... }:
 {
   imports = [
-    ./wm
     ./x
   ];
 }
diff --git a/modules/nixos/profiles/wm/default.nix b/modules/nixos/profiles/wm/default.nix
deleted file mode 100644
index bca4d70..0000000
--- a/modules/nixos/profiles/wm/default.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.my.profiles.wm;
-in
-{
-  options.my.profiles.wm = with lib; {
-    windowManager = mkOption {
-      type = with types; nullOr (enum [ "i3" ]);
-      default = null;
-      example = "i3";
-      description = "Which window manager to use";
-    };
-  };
-
-  config = lib.mkMerge [
-    (lib.mkIf (cfg.windowManager == "i3") {
-      # Enable i3
-      services.xserver.windowManager.i3.enable = true;
-      # i3 settings
-      my.home.wm.windowManager = "i3";
-      # Screenshot tool
-      my.home.flameshot.enable = true;
-      # Auto disk mounter
-      my.home.udiskie.enable = true;
-      # udiskie fails if it can't find this dbus service
-      services.udisks2.enable = true;
-      # Ensure i3lock can actually unlock the session
-      security.pam.services.i3lock.enable = true;
-    })
-  ];
-}

From 9e6bbc2d648c4c4ad1f372fef2fcc707b69e8070 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 3 Jan 2024 17:05:54 +0000
Subject: [PATCH 424/431] common: profiles: migrate X

---
 modules/common/profiles/default.nix   |  1 +
 modules/common/profiles/x/default.nix | 27 +++++++++++++++++++++++++++
 modules/nixos/default.nix             |  1 -
 modules/nixos/profiles/default.nix    |  7 -------
 modules/nixos/profiles/x/default.nix  | 23 -----------------------
 5 files changed, 28 insertions(+), 31 deletions(-)
 create mode 100644 modules/common/profiles/x/default.nix
 delete mode 100644 modules/nixos/profiles/default.nix
 delete mode 100644 modules/nixos/profiles/x/default.nix

diff --git a/modules/common/profiles/default.nix b/modules/common/profiles/default.nix
index 034d993..43d5a84 100644
--- a/modules/common/profiles/default.nix
+++ b/modules/common/profiles/default.nix
@@ -7,5 +7,6 @@
     ./gtk
     ./laptop
     ./wm
+    ./x
   ];
 }
diff --git a/modules/common/profiles/x/default.nix b/modules/common/profiles/x/default.nix
new file mode 100644
index 0000000..3f32edc
--- /dev/null
+++ b/modules/common/profiles/x/default.nix
@@ -0,0 +1,27 @@
+{ config, lib, pkgs, _class, ... }:
+let
+  cfg = config.my.profiles.x;
+in
+{
+  options.my.profiles.x = with lib; {
+    enable = mkEnableOption "X profile";
+  };
+
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    (lib.optionalAttrs (_class == "home") {
+      # X configuration
+      my.home.x.enable = true;
+    })
+
+    (lib.optionalAttrs (_class == "nixos") {
+      # Enable the X11 windowing system.
+      services.xserver.enable = true;
+      # Nice wallpaper
+      services.xserver.displayManager.lightdm.background =
+        let
+          wallpapers = "${pkgs.plasma5Packages.plasma-workspace-wallpapers}/share/wallpapers";
+        in
+        "${wallpapers}/summer_1am/contents/images/2560x1600.jpg";
+    })
+  ]);
+}
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index 3648631..2eaa2e6 100644
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -5,7 +5,6 @@
   imports = [
     ./hardware
     ./home
-    ./profiles
     ./programs
     ./secrets
     ./services
diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix
deleted file mode 100644
index aec95b1..0000000
--- a/modules/nixos/profiles/default.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-# Configuration that spans across system and home, or are almagations of modules
-{ ... }:
-{
-  imports = [
-    ./x
-  ];
-}
diff --git a/modules/nixos/profiles/x/default.nix b/modules/nixos/profiles/x/default.nix
deleted file mode 100644
index ea77939..0000000
--- a/modules/nixos/profiles/x/default.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  cfg = config.my.profiles.x;
-in
-{
-  options.my.profiles.x = with lib; {
-    enable = mkEnableOption "X profile";
-  };
-
-  config = lib.mkIf cfg.enable {
-    # Enable the X11 windowing system.
-    services.xserver.enable = true;
-    # Nice wallpaper
-    services.xserver.displayManager.lightdm.background =
-      let
-        wallpapers = "${pkgs.plasma5Packages.plasma-workspace-wallpapers}/share/wallpapers";
-      in
-      "${wallpapers}/summer_1am/contents/images/2560x1600.jpg";
-
-    # X configuration
-    my.home.x.enable = true;
-  };
-}

From 9828579eb90f40dac69d5e73a648e1141a9baa37 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 3 Jan 2024 16:51:34 +0000
Subject: [PATCH 425/431] common: profiles: forward profiles to home-manager

We can only do this now that every profile has been migrated, otherwise
we would get errors about undeclared modules... It's not perfect, but
it's good enough.
---
 modules/common/profiles/default.nix | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/modules/common/profiles/default.nix b/modules/common/profiles/default.nix
index 43d5a84..0421dde 100644
--- a/modules/common/profiles/default.nix
+++ b/modules/common/profiles/default.nix
@@ -1,5 +1,5 @@
-# Configuration that spans accross system and home, or are almagations of modules
-{ ... }:
+# Configuration that spans across system and home, or are almagations of modules
+{ config, lib, type, ... }:
 {
   imports = [
     ./bluetooth
@@ -9,4 +9,17 @@
     ./wm
     ./x
   ];
+
+  config = lib.mkMerge [
+    # Transparently enable home-manager profiles as well
+    (lib.optionalAttrs (type != "home") {
+      home-manager.users.${config.my.user.name} = {
+        config = {
+          my = {
+            inherit (config.my) profiles;
+          };
+        };
+      };
+    })
+  ];
 }

From 9651ab09661044173f9236fa6eb4ad066acf1881 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 3 Jan 2024 17:55:14 +0000
Subject: [PATCH 426/431] hosts: nixos: porthos: add profiles

---
 hosts/nixos/porthos/default.nix  | 1 +
 hosts/nixos/porthos/profiles.nix | 4 ++++
 2 files changed, 5 insertions(+)
 create mode 100644 hosts/nixos/porthos/profiles.nix

diff --git a/hosts/nixos/porthos/default.nix b/hosts/nixos/porthos/default.nix
index bd1bdb1..e69bccf 100644
--- a/hosts/nixos/porthos/default.nix
+++ b/hosts/nixos/porthos/default.nix
@@ -7,6 +7,7 @@
     ./hardware.nix
     ./home.nix
     ./networking.nix
+    ./profiles.nix
     ./secrets
     ./services.nix
     ./system.nix
diff --git a/hosts/nixos/porthos/profiles.nix b/hosts/nixos/porthos/profiles.nix
new file mode 100644
index 0000000..3ec736c
--- /dev/null
+++ b/hosts/nixos/porthos/profiles.nix
@@ -0,0 +1,4 @@
+{ ... }:
+{
+  # Nothing
+}

From 0b43019968d028482e72c004062658f19e5488cc Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 7 Dec 2023 21:31:46 +0000
Subject: [PATCH 427/431] flake: add hosts

This will allow other modules to cross-reference which hosts exist on
which system.

My main use-case is to automatically declare home-manager configuration
for the home configuration of NixOS hosts.

I also include Darwin in case I ever want to use that in the future,
though that is unlikely for the moment.
---
 flake/default.nix |  1 +
 flake/hosts.nix   | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 flake/hosts.nix

diff --git a/flake/default.nix b/flake/default.nix
index 5e52025..6f1d4ac 100644
--- a/flake/default.nix
+++ b/flake/default.nix
@@ -13,6 +13,7 @@ flake-parts.lib.mkFlake { inherit inputs; } {
     ./checks.nix
     ./dev-shells.nix
     ./home-manager.nix
+    ./hosts.nix
     ./lib.nix
     ./nixos.nix
     ./overlays.nix
diff --git a/flake/hosts.nix b/flake/hosts.nix
new file mode 100644
index 0000000..7d95fdc
--- /dev/null
+++ b/flake/hosts.nix
@@ -0,0 +1,21 @@
+# Define `hosts.{darwin,home,nixos}` options for consumption in other modules
+{ lib, ... }:
+let
+  mkHostsOption = description: lib.mkOption {
+    inherit description;
+    type = with lib.types; attrsOf str;
+    default = { };
+    example = { name = "x86_64-linux"; };
+  };
+in
+{
+  options = {
+    hosts = {
+      darwin = mkHostsOption "Darwin hosts";
+
+      homes = mkHostsOption "Home Manager hosts";
+
+      nixos = mkHostsOption "NixOS hosts";
+    };
+  };
+}

From 23265d9122e8adee8976ba0586652225f92d73b9 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 7 Dec 2023 21:33:10 +0000
Subject: [PATCH 428/431] flake: nixos: use 'hosts' option

---
 flake/nixos.nix | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/flake/nixos.nix b/flake/nixos.nix
index 4777967..9a6d5bc 100644
--- a/flake/nixos.nix
+++ b/flake/nixos.nix
@@ -1,4 +1,4 @@
-{ self, inputs, lib, ... }:
+{ self, config, inputs, lib, ... }:
 let
   defaultModules = [
     {
@@ -32,8 +32,12 @@ let
   };
 in
 {
-  flake.nixosConfigurations = lib.mapAttrs buildHost {
-    aramis = "x86_64-linux";
-    porthos = "x86_64-linux";
+  config = {
+    hosts.nixos = {
+      aramis = "x86_64-linux";
+      porthos = "x86_64-linux";
+    };
+
+    flake.nixosConfigurations = lib.mapAttrs buildHost config.hosts.nixos;
   };
 }

From 8c44cc9ab88822a6e0f4ecdee30c5c794abaed41 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 7 Dec 2023 21:41:05 +0000
Subject: [PATCH 429/431] flake: home-manager: use 'hosts' option

---
 flake/home-manager.nix | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/flake/home-manager.nix b/flake/home-manager.nix
index 69cd484..4a42757 100644
--- a/flake/home-manager.nix
+++ b/flake/home-manager.nix
@@ -1,5 +1,7 @@
-{ self, inputs, lib, ... }:
+{ self, config, inputs, lib, ... }:
 let
+  inherit (config) hosts;
+
   defaultModules = [
     # Include generic settings
     "${self}/modules/home"
@@ -39,18 +41,19 @@ let
     };
   };
 
-  homes = {
+in
+{
+  hosts.homes = {
     "ambroisie@bazin" = "x86_64-linux";
     "ambroisie@mousqueton" = "x86_64-linux";
   };
-in
-{
+
   perSystem = { system, ... }: {
     # Work-around for https://github.com/nix-community/home-manager/issues/3075
     legacyPackages = {
       homeConfigurations =
         let
-          filteredHomes = lib.filterAttrs (_: v: v == system) homes;
+          filteredHomes = lib.filterAttrs (_: v: v == system) hosts.homes;
           allHomes = filteredHomes // {
             # Default configuration
             ambroisie = system;

From ad97f6d007cfc27a32da867932f36cb6250dd82e Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 7 Dec 2023 21:44:01 +0000
Subject: [PATCH 430/431] flake: home-manager: refactor 'mkHome'

This will allow making a similar function for NixOS homes.
---
 flake/home-manager.nix | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/flake/home-manager.nix b/flake/home-manager.nix
index 4a42757..25dab9b 100644
--- a/flake/home-manager.nix
+++ b/flake/home-manager.nix
@@ -25,12 +25,10 @@ let
     "${self}/modules/common"
   ];
 
-  mkHome = name: system: inputs.home-manager.lib.homeManagerConfiguration {
+  mkHomeCommon = mainModules: system: inputs.home-manager.lib.homeManagerConfiguration {
     pkgs = inputs.nixpkgs.legacyPackages.${system};
 
-    modules = defaultModules ++ [
-      "${self}/hosts/homes/${name}"
-    ];
+    modules = defaultModules ++ mainModules;
 
     # Use my extended lib in NixOS configuration
     inherit (self) lib;
@@ -41,6 +39,7 @@ let
     };
   };
 
+  mkHome = name: mkHomeCommon [ "${self}/hosts/homes/${name}" ];
 in
 {
   hosts.homes = {

From 63a58f3bfbb8804639348a141452d8b91f5477a7 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 7 Dec 2023 21:56:25 +0000
Subject: [PATCH 431/431] flake: home-manager: export NixOS homes

And here is what the last few commits were building up to.

This is neat, but won't be useful *very* often.
---
 flake/home-manager.nix | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/flake/home-manager.nix b/flake/home-manager.nix
index 25dab9b..d4d14fc 100644
--- a/flake/home-manager.nix
+++ b/flake/home-manager.nix
@@ -40,6 +40,11 @@ let
   };
 
   mkHome = name: mkHomeCommon [ "${self}/hosts/homes/${name}" ];
+
+  mkNixosHome = name: mkHomeCommon [
+    "${self}/hosts/nixos/${name}/home.nix"
+    "${self}/hosts/nixos/${name}/profiles.nix"
+  ];
 in
 {
   hosts.homes = {
@@ -57,8 +62,18 @@ in
             # Default configuration
             ambroisie = system;
           };
+          homeManagerHomes = lib.mapAttrs mkHome allHomes;
+
+          filteredNixosHosts = lib.filterAttrs (_: v: v == system) hosts.nixos;
+          nixosHomes' = lib.mapAttrs mkNixosHome filteredNixosHosts;
+          nixosHomeUsername = (host: self.nixosConfigurations.${host}.config.my.user.name);
+          nixosHomes = lib.mapAttrs' (host: lib.nameValuePair "${nixosHomeUsername host}@${host}") nixosHomes';
         in
-        lib.mapAttrs mkHome allHomes;
+        lib.foldl' lib.mergeAttrs { }
+          [
+            homeManagerHomes
+            nixosHomes
+          ];
     };
   };
 }