diff --git a/.envrc b/.envrc index 9222bda..f5141c2 100644 --- a/.envrc +++ b/.envrc @@ -1,8 +1,8 @@ -if ! has nix_direnv_version || ! nix_direnv_version 2.4.0; then - source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.4.0/direnvrc" "sha256-XQzUAvL6pysIJnRJyR7uVpmUSZfc7LSgWQwq/4mBr1U=" +if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" fi -nix_direnv_watch_file ./flake/checks.nix -nix_direnv_watch_file ./flake/dev-shells.nix +watch_file ./flake/checks.nix +watch_file ./flake/dev-shells.nix use flake diff --git a/.woodpecker/check.yml b/.woodpecker/check.yml index aff6e84..e04cd46 100644 --- a/.woodpecker/check.yml +++ b/.woodpecker/check.yml @@ -9,15 +9,15 @@ steps: - name: notifiy image: bash - secrets: - - source: matrix_homeserver - target: address - - source: matrix_roomid - target: room - - source: matrix_username - target: user - - source: matrix_password - target: pass + environment: + ADDRESS: + from_secret: matrix_homeserver + ROOM: + from_secret: matrix_roomid + USER: + from_secret: matrix_username + PASS: + from_secret: matrix_password commands: - nix run '.#matrix-notifier' when: diff --git a/flake.lock b/flake.lock index d2f2e6d..4308e9c 100644 --- a/flake.lock +++ b/flake.lock @@ -8,14 +8,17 @@ ], "nixpkgs": [ "nixpkgs" + ], + "systems": [ + "systems" ] }, "locked": { - "lastModified": 1696775529, - "narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=", + "lastModified": 1707830867, + "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", "owner": "ryantm", "repo": "agenix", - "rev": "daf42cb35b2dc614d1551e37f96406e4c4a2d3e4", + "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", "type": "github" }, "original": { @@ -33,11 +36,11 @@ ] }, "locked": { - "lastModified": 1673295039, - "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "type": "github" }, "original": { @@ -50,11 +53,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -70,11 +73,11 @@ ] }, "locked": { - "lastModified": 1698579227, - "narHash": "sha256-KVWjFZky+gRuWennKsbo6cWyo7c/z/VgCte5pR9pEKg=", + "lastModified": 1709336216, + "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f76e870d64779109e41370848074ac4eaa1606ec", + "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", "type": "github" }, "original": { @@ -86,14 +89,16 @@ }, "futils": { "inputs": { - "systems": "systems" + "systems": [ + "systems" + ] }, "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -111,11 +116,11 @@ ] }, "locked": { - "lastModified": 1660459072, - "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", "owner": "hercules-ci", "repo": "gitignore.nix", - "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", "type": "github" }, "original": { @@ -131,11 +136,11 @@ ] }, "locked": { - "lastModified": 1698670511, - "narHash": "sha256-jQIu3UhBMPHXzVkHQO1O2gg8SVo5lqAVoC6mOaLQcLQ=", + "lastModified": 1711604890, + "narHash": "sha256-vbI/gxRTq/gHW1Q8z6D/7JG/qGNl3JTimUDX+MwnC3A=", "owner": "nix-community", "repo": "home-manager", - "rev": "8e5416b478e465985eec274bc3a018024435c106", + "rev": "3142bdcc470e1e291e1fbe942fd69e06bd00c5df", "type": "github" }, "original": { @@ -147,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1698611440, - "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", + "lastModified": 1711523803, + "narHash": "sha256-UKcYiHWHQynzj6CN/vTcix4yd1eCu1uFdsuarupdCQQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", + "rev": "2726f127c15a4cc9810843b96cad73c7eb39e443", "type": "github" }, "original": { @@ -163,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1698745553, - "narHash": "sha256-Fdip7ewCtZTjOu7ATDFUAy3OqrgcyvzDElLXhr4YmmI=", + "lastModified": 1711622043, + "narHash": "sha256-nCNcHYlmmPPIDRkDCvNoEog+AuG7jdmkhkU0fqoS82A=", "owner": "nix-community", "repo": "NUR", - "rev": "dfbf198236d40e9741db76936088f05107e19013", + "rev": "b7ff69e152caedbe4d0e40173d61732ac139a09c", "type": "github" }, "original": { @@ -192,11 +197,11 @@ ] }, "locked": { - "lastModified": 1698227354, - "narHash": "sha256-Fi5H9jbaQLmLw9qBi/mkR33CoFjNbobo5xWdX4tKz1Q=", + "lastModified": 1711519547, + "narHash": "sha256-Q7YmSCUJmDl71fJv/zD9lrOCJ1/SE/okZ2DsrmRjzhY=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "bd38df3d508dfcdff52cd243d297f218ed2257bf", + "rev": "7d47a32e5cd1ea481fab33c516356ce27c8cef4a", "type": "github" }, "original": { @@ -214,7 +219,8 @@ "home-manager": "home-manager", "nixpkgs": "nixpkgs", "nur": "nur", - "pre-commit-hooks": "pre-commit-hooks" + "pre-commit-hooks": "pre-commit-hooks", + "systems": "systems" } }, "systems": { @@ -228,6 +234,7 @@ }, "original": { "owner": "nix-systems", + "ref": "main", "repo": "default", "type": "github" } diff --git a/flake.nix b/flake.nix index 8e46ea3..9c29183 100644 --- a/flake.nix +++ b/flake.nix @@ -9,6 +9,7 @@ inputs = { home-manager.follows = "home-manager"; nixpkgs.follows = "nixpkgs"; + systems.follows = "systems"; }; }; @@ -27,6 +28,9 @@ owner = "numtide"; repo = "flake-utils"; ref = "main"; + inputs = { + systems.follows = "systems"; + }; }; home-manager = { @@ -64,6 +68,13 @@ nixpkgs-stable.follows = "nixpkgs"; }; }; + + systems = { + type = "github"; + owner = "nix-systems"; + repo = "default"; + ref = "main"; + }; }; # Can't eta-reduce a flake outputs... diff --git a/flake/default.nix b/flake/default.nix index 65102e1..5e52025 100644 --- a/flake/default.nix +++ b/flake/default.nix @@ -1,9 +1,9 @@ { flake-parts -, futils +, systems , ... } @ inputs: let - mySystems = futils.lib.defaultSystems; + mySystems = import systems; in flake-parts.lib.mkFlake { inherit inputs; } { systems = mySystems; diff --git a/flake/home-manager.nix b/flake/home-manager.nix index 61c9f6e..34af375 100644 --- a/flake/home-manager.nix +++ b/flake/home-manager.nix @@ -39,7 +39,8 @@ let }; }; - hosts = { + homes = { + "ambroisie@bazin" = "x86_64-linux"; "ambroisie@mousqueton" = "x86_64-linux"; }; in @@ -49,13 +50,13 @@ in legacyPackages = { homeConfigurations = let - filteredHosts = lib.filterAttrs (_: v: v == system) hosts; - allHosts = filteredHosts // { + filteredHomes = lib.filterAttrs (_: v: v == system) homes; + allHomes = filteredHomes // { # Default configuration ambroisie = system; }; in - lib.mapAttrs mkHome allHosts; + lib.mapAttrs mkHome allHomes; }; }; } diff --git a/flake/nixos.nix b/flake/nixos.nix index fe124d7..b48b551 100644 --- a/flake/nixos.nix +++ b/flake/nixos.nix @@ -1,7 +1,5 @@ -{ self, inputs, ... }: +{ self, inputs, lib, ... }: let - inherit (self) lib; - defaultModules = [ { # Let 'nixos-version --json' know about the Git revision @@ -23,7 +21,7 @@ let ]; specialArgs = { # Use my extended lib in NixOS configuration - inherit lib; + inherit (self) lib; # Inject inputs to use them in global registry inherit inputs; }; diff --git a/hosts/homes/ambroisie@bazin/default.nix b/hosts/homes/ambroisie@bazin/default.nix new file mode 100644 index 0000000..f52fbce --- /dev/null +++ b/hosts/homes/ambroisie@bazin/default.nix @@ -0,0 +1,43 @@ +# Google Laptop configuration +{ lib, options, pkgs, ... }: +{ + services.gpg-agent.enable = lib.mkForce false; + + my.home = { + git = { + package = pkgs.emptyDirectory; + }; + + tmux = { + # I use scripts that use the passthrough sequence often on this host + enablePassthrough = true; + + terminalFeatures = { + # HTerm uses `xterm-256color` as its `$TERM`, so use that here + xterm-256color = { }; + }; + }; + + ssh = { + mosh = { + package = pkgs.emptyDirectory; + }; + }; + + zsh = { + notify = { + enable = true; + + exclude = options.my.home.zsh.notify.exclude.default ++ [ + "adb shell$" # Only interactive shell sessions + ]; + + ssh = { + enable = true; + # `notify-send` is proxied to the ChromeOS layer + useOsc777 = false; + }; + }; + }; + }; +} diff --git a/hosts/homes/ambroisie@mousqueton/default.nix b/hosts/homes/ambroisie@mousqueton/default.nix index 8294ff4..44e62e6 100644 --- a/hosts/homes/ambroisie@mousqueton/default.nix +++ b/hosts/homes/ambroisie@mousqueton/default.nix @@ -4,26 +4,21 @@ # Google specific configuration home.homeDirectory = "/usr/local/google/home/ambroisie"; - # Some tooling (e.g: SSH) need to use this library - home.sessionVariables = { - LD_PRELOAD = "/usr/grte/v5/lib64/libnss_cache.so.2\${LD_PRELOAD:+:}$LD_PRELOAD"; - }; - - systemd.user.sessionVariables = { - LD_PRELOAD = "/usr/grte/v5/lib64/libnss_cache.so.2\${LD_PRELOAD:+:}$LD_PRELOAD"; - }; - - programs.git.package = lib.mkForce pkgs.emptyDirectory; - services.gpg-agent.enable = lib.mkForce false; my.home = { + git = { + package = pkgs.emptyDirectory; + }; + tmux = { # I use scripts that use the passthrough sequence often on this host enablePassthrough = true; - # HTerm uses `xterm-256color` as its `$TERM`, so use that here - trueColorTerminals = [ "xterm-256color" ]; + terminalFeatures = { + # HTerm uses `xterm-256color` as its `$TERM`, so use that here + xterm-256color = { }; + }; }; }; } diff --git a/hosts/nixos/aramis/hardware.nix b/hosts/nixos/aramis/hardware.nix index c66b426..99bc77e 100644 --- a/hosts/nixos/aramis/hardware.nix +++ b/hosts/nixos/aramis/hardware.nix @@ -26,6 +26,12 @@ firmware = { cpuFlavor = "intel"; }; + + graphics = { + enable = true; + + gpuFlavor = "intel"; + }; }; hardware = { diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix index 66a0892..64b63ce 100644 --- a/hosts/nixos/aramis/home.nix +++ b/hosts/nixos/aramis/home.nix @@ -2,7 +2,7 @@ { my.home = { # Use graphical pinentry - bitwarden.pinentry = "gtk2"; + bitwarden.pinentry = pkgs.pinentry-gtk2; # Ebook library calibre.enable = true; # Some amount of social life @@ -14,7 +14,7 @@ # Blue light filter gammastep.enable = true; # Use a small popup to enter passwords - gpg.pinentry = "gtk2"; + gpg.pinentry = pkgs.pinentry-gtk2; # Machine specific packages packages.additionalPackages = with pkgs; [ element-desktop # Matrix client diff --git a/hosts/nixos/porthos/boot.nix b/hosts/nixos/porthos/boot.nix index fbc5db7..461e969 100644 --- a/hosts/nixos/porthos/boot.nix +++ b/hosts/nixos/porthos/boot.nix @@ -3,15 +3,14 @@ { boot = { - # Use the GRUB 2 boot loader. - loader.grub = { - enable = true; - # Define on which hard drive you want to install Grub. - device = "/dev/disk/by-id/ata-HGST_HUS724020ALA640_PN2181P6J58M1P"; + # Use the systemd-boot EFI boot loader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; }; initrd = { - availableKernelModules = [ "uhci_hcd" "ahci" "usbhid" ]; + availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "usbhid" "sd_mod" ]; kernelModules = [ "dm-snapshot" ]; }; diff --git a/hosts/nixos/porthos/default.nix b/hosts/nixos/porthos/default.nix index 2dea899..bd1bdb1 100644 --- a/hosts/nixos/porthos/default.nix +++ b/hosts/nixos/porthos/default.nix @@ -16,11 +16,5 @@ # Set your time zone. time.timeZone = "Europe/Paris"; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "20.09"; # Did you read the comment? + system.stateVersion = "24.05"; # Did you read the comment? } diff --git a/hosts/nixos/porthos/hardware.nix b/hosts/nixos/porthos/hardware.nix index 5a6e0d7..2172c5c 100644 --- a/hosts/nixos/porthos/hardware.nix +++ b/hosts/nixos/porthos/hardware.nix @@ -1,5 +1,5 @@ # Hardware configuration -{ lib, modulesPath, ... }: +{ modulesPath, ... }: { imports = [ @@ -11,9 +11,18 @@ fsType = "ext4"; }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; + swapDevices = [ { device = "/dev/disk/by-label/swap"; } ]; - powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; + my.hardware = { + firmware = { + cpuFlavor = "intel"; + }; + }; } diff --git a/hosts/nixos/porthos/home.nix b/hosts/nixos/porthos/home.nix index 90aa0ec..c2c858b 100644 --- a/hosts/nixos/porthos/home.nix +++ b/hosts/nixos/porthos/home.nix @@ -1,11 +1,18 @@ { ... }: { my.home = { - # Allow using 24bit color when SSH-ing from various clients - tmux.trueColorTerminals = [ + nix = { + cache = { + # This server is the one serving the cache, don't try to query it + selfHosted = false; + }; + }; + + # Allow using extended features when SSH-ing from various clients + tmux.terminalFeatures = { # My usual terminal, e.g: on laptop - "alacritty" - ]; + alacritty = { }; + }; # Always start a tmux session when opening a shell session zsh.launchTmux = true; diff --git a/hosts/nixos/porthos/install.sh b/hosts/nixos/porthos/install.sh index 8edc175..e6ba0aa 100644 --- a/hosts/nixos/porthos/install.sh +++ b/hosts/nixos/porthos/install.sh @@ -3,7 +3,7 @@ SWAP_SIZE=16GiB parted /dev/sda --script -- \ - mklabel msdos \ + mklabel gpt \ mkpart primary 512MiB -$SWAP_SIZE \ mkpart primary linux-swap -$SWAP_SIZE 100% \ mkpart ESP fat32 1MiB 512MiB \ @@ -11,14 +11,24 @@ parted /dev/sda --script -- \ parted /dev/sdb --script -- \ mklabel gpt \ - mkpart primary 0MiB 100% + mkpart primary 0% 100% +parted /dev/sdc --script -- \ + mklabel gpt \ + mkpart primary 0% 100% +parted /dev/sdd --script -- \ + mklabel gpt \ + mkpart primary 0% 100% mkfs.ext4 -L media1 /dev/sda1 mkfs.ext4 -L media2 /dev/sdb1 +mkfs.ext4 -L media3 /dev/sdc1 +mkfs.ext4 -L media4 /dev/sdd1 pvcreate /dev/sda1 pvcreate /dev/sdb1 -vgcreate lvm /dev/sda1 /dev/sdb1 +pvcreate /dev/sdc1 +pvcreate /dev/sdd1 +vgcreate lvm /dev/sda1 /dev/sdb1 /dev/sdc1 /dev/sdd1 lvcreate -l 100%FREE -n media lvm mkfs.ext4 -L nixos /dev/mapper/lvm-media @@ -27,17 +37,17 @@ mkfs.fat -F 32 -n boot /dev/sda3 mount /dev/disk/by-label/nixos /mnt swapon /dev/sda2 +mkdir -p /mnt/boot +mount /dev/disk/by-label/boot /mnt/boot apt install sudo useradd -m -G sudo setupuser -# shellcheck disable=2117 -su setupuser cat << EOF # Run the following commands as setup user -curl -L https://nixos.org/nix/install | sh -. $HOME/.nix-profile/etc/profile.d/nix.sh -nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs +curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install +. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh +nix profile install nixpkgs#nixos-install-tools sudo "$(which nixos-generate-config)" --root /mnt # Change uuids to labels @@ -54,3 +64,6 @@ git crypt unlock nixos-install --root /mnt --flake '.#' EOF + +# shellcheck disable=2117 +su setupuser diff --git a/hosts/nixos/porthos/networking.nix b/hosts/nixos/porthos/networking.nix index 1e2c9cd..717652b 100644 --- a/hosts/nixos/porthos/networking.nix +++ b/hosts/nixos/porthos/networking.nix @@ -6,30 +6,17 @@ hostName = "porthos"; # Define your hostname. domain = "belanyi.fr"; # Define your domain. - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - useDHCP = false; - + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = true; interfaces = { - bond0.useDHCP = true; - bonding_masters.useDHCP = true; - dummy0.useDHCP = true; - erspan0.useDHCP = true; - eth0.useDHCP = true; - eth1.useDHCP = true; - gre0.useDHCP = true; - gretap0.useDHCP = true; - ifb0.useDHCP = true; - ifb1.useDHCP = true; - ip6tnl0.useDHCP = true; - sit0.useDHCP = true; - teql0.useDHCP = true; - tunl0.useDHCP = true; + eno1.useDHCP = true; + eno2.useDHCP = true; }; }; # Which interface is used to connect to the internet - my.hardware.networking.externalInterface = "eth0"; + my.hardware.networking.externalInterface = "eno1"; } diff --git a/hosts/nixos/porthos/secrets/acme/dns-key.age b/hosts/nixos/porthos/secrets/acme/dns-key.age index 97d397c..fce2a84 100644 --- a/hosts/nixos/porthos/secrets/acme/dns-key.age +++ b/hosts/nixos/porthos/secrets/acme/dns-key.age @@ -1,10 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg 0bz3W8QcGaulxy+kDmM717jTthQpFOCwV9HkenFJEyo -NKeh1/JkX4WAWbOjUeKLMbsyCevnDf3a70FfYUav26c --> ssh-ed25519 jPowng Q59ybJMMteOSB6hZ5m6UPP0N2p8jrDSu5vBYwPgGcRw -j420on2jSsfMsv4MDtiOTMIFjaXV7sIsrS+g4iab+68 --> z}.q-grease s2W ssh-ed25519 cKojmg bQFr9oAnbo1rI/MpUV8wQz/Xj7iZY4ZU+Swf0nSIQFw +zama2XJ0gdvUlD2GHMhmZqHSxHe+dKSfXnHoWDcSw7Y +-> ssh-ed25519 jPowng gitUwSKTNKWLSxnwa185O7x/u0ul93g8wPESdZaKRk8 +uvBIfAUkZp5sg6rfeEGvL5ZDV8m2uSEotW02kjPN3Hw +--- SZxe5f/CUZBvPQa2Sz/UBY3L68rMkIGGRuZPk7YE+Vg +r&{~v?}= +}+ SQM[]k MAtmM/Ls|ޅmCiYC}x \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/aria/rpc-token.age b/hosts/nixos/porthos/secrets/aria/rpc-token.age new file mode 100644 index 0000000..e6a42c5 --- /dev/null +++ b/hosts/nixos/porthos/secrets/aria/rpc-token.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 cKojmg fpiyZo1AR5hCfk/KtbgWCTzz+05/VOUnnaHhWgXQRwc +d2w9IX/kq/T6OwQ1zImsCmzIX2yfFD8hQDbs0IW3ZIA +-> ssh-ed25519 jPowng E9R7p9NCubUQrymjnrNfEjSNIIAXrBQLogNkWsOx8xc +MrWEE5LNtOqAjnwA6byfSa1udnbUtqBy4FhdxipuA+g +--- fKgerjgGs+brvNKnrWdpmOadl34LipMT6Msqse2g3E0 +E9flKYRL-Ƿ\EK{7oXGxT)˜6%LOT**8\@G \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/backup/credentials.age b/hosts/nixos/porthos/secrets/backup/credentials.age index b8ea008..63f0d32 100644 Binary files a/hosts/nixos/porthos/secrets/backup/credentials.age and b/hosts/nixos/porthos/secrets/backup/credentials.age differ diff --git a/hosts/nixos/porthos/secrets/backup/password.age b/hosts/nixos/porthos/secrets/backup/password.age index 3af9fbe..db3c2fa 100644 --- a/hosts/nixos/porthos/secrets/backup/password.age +++ b/hosts/nixos/porthos/secrets/backup/password.age @@ -1,8 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg dgS4bezgtDi44R1A8am+J6zh80kUVYTo1heaxJCtzX4 -F3w/62xwtqYa40NU7OvF9pnZzYz/5hACAGJfMA4e2zw --> ssh-ed25519 jPowng lx81CK3yeNp9RjHCUFJeKYZlRzxBmXuADVBvRc13zCI -P7e75t8xU+ZkYmeQ8mmMfyZZsRdG1J8yrvSUkiWzkFQ --> *z4/`-grease S/)a{e sFd";= ---- 15FVhqRTkoPFEeETRRyFQhsv4Fn19Ozlax0u8Zy9mNA -#+vS4}R%ίF4fnDJZA,_ \ No newline at end of file +-> ssh-ed25519 cKojmg O3DMSSPQP9/ehXmzs0xcCGllu7VSzhd6b4Pii8t2vWQ +Ys1nMv2384elWWGW9C8HabvwUeWu52VsQpxx9L/4/dM +-> ssh-ed25519 jPowng ft/9SX5fpG7+7gHMubaFtb+50/gfNgmaofOVq5UjRUE +xMwdFjFdkH0Li+PikaFt0WAZbFUu5daHgkfN8aQQumo +--- 7DVINvXIXdE1MRwIkeajonYsy1cp4HugCxfTeub5SXU +<<{V?fk/I"/5K"(i \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/drone/gitea.age b/hosts/nixos/porthos/secrets/drone/gitea.age index 90ff83b..6b68503 100644 Binary files a/hosts/nixos/porthos/secrets/drone/gitea.age and b/hosts/nixos/porthos/secrets/drone/gitea.age differ diff --git a/hosts/nixos/porthos/secrets/drone/secret.age b/hosts/nixos/porthos/secrets/drone/secret.age index c529200..d6e7330 100644 --- a/hosts/nixos/porthos/secrets/drone/secret.age +++ b/hosts/nixos/porthos/secrets/drone/secret.age @@ -1,9 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg 1+cLlzctgcM0FnVDwMPOAqBkvMcDBRg8SvCw4djI93Y -oV2XI4f1AvM9P591kZZ6NgJXa+SDtqGzCSgc4psOmxM --> ssh-ed25519 jPowng Ufjfh1p350XxRPg95+/DHdmnl4lC0bbzUUlaxd1Bmxc -/RHwFDSn2ov+60r1uHUigrsn99+GmmKmlk4h4T2gbA0 --> *Lc$@-grease -pzVJAHy1qRq3jUrnFV0DDO7/hwV1US4Ogf0RsrVfX0xzbr73uJ003YjieVB25LqN ---- ME7/iVevyiguyhXugbkVFGzJV0yDccyKNlWbEZa/FmY -YXjb2und;i0X]0jLPT~^kc$DrufreOո+p&wϨ \ No newline at end of file +-> ssh-ed25519 cKojmg 0J8FMcVRf78LYG+dTOFzu3luXwhOjdOg0sx4Jxdccj4 +tdrCcfcYbTZYhL18RG3goiqtyhu3NTn+fJhdIAnU5uA +-> ssh-ed25519 jPowng qlF8nkSEg5fZgai0VP5eTSlZOHyj5IcalTf+QNWITVo +O5aiZX0AJD76ixsu6i9xnnFBQANdsu3h6XzdTQ6KtKU +--- ByMQt9bnbzd8YO0Y93FIYF/lmdbYcOydkYdKxpRQujM ++ܢ6JNmq[ Eb1p)vDPL9̀z!߇'Tad5U: [dύRMpzj \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/drone/ssh/private-key.age b/hosts/nixos/porthos/secrets/drone/ssh/private-key.age index 0211701..737777d 100644 Binary files a/hosts/nixos/porthos/secrets/drone/ssh/private-key.age and b/hosts/nixos/porthos/secrets/drone/ssh/private-key.age differ diff --git a/hosts/nixos/porthos/secrets/forgejo/mail-password.age b/hosts/nixos/porthos/secrets/forgejo/mail-password.age new file mode 100644 index 0000000..67ef695 --- /dev/null +++ b/hosts/nixos/porthos/secrets/forgejo/mail-password.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 cKojmg Lhgx43wR8PtAMf5v1eJxKlUBSAoOLdOOn/QaQrwF8zA +jfUCpgNzkHCNTWCqtErDaLMmg1Oy+s9zUra1JLCi+J4 +-> ssh-ed25519 jPowng kSeQ/SmMrzd8ByVu3YHWeZyKmqFZvQSBnDunkB8e6wc +WRmnfrV5xcRXA9t0ZXx6YvbRl0sX4PTrw63VVKX4Ei4 +--- a+LLM1gP9g1AbUapbeeKaS4cEcRBmPo3MHU2DSWTAds +,F6⬘ ix̏e| + +Ϝ,{ v!z$P;TKW + qG \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/gitea/mail-password.age b/hosts/nixos/porthos/secrets/gitea/mail-password.age index 915f8e9..e2e70ac 100644 --- a/hosts/nixos/porthos/secrets/gitea/mail-password.age +++ b/hosts/nixos/porthos/secrets/gitea/mail-password.age @@ -1,9 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 jPowng BkIjie2KrwDLaZYYIguCs7TPA/wQy+YPguikuhfye0M -7viTA/EGYB/jRKQm6fFd86DMd4j+Jxsaw/xQ1T8ZKNo --> ssh-ed25519 cKojmg t1Y8bZvPccNAX8vWQLTfCyOJIBXN515vyfFrEI2EVww -bJEjpIWrKeQrA/JfY7FRdB6hpHwR/aG4Vya1ChFNBKs --> jK/-grease Oz.R ?;)G ], -AuHk9TcC9kl0dg8/L6UfHIk3e9fgGwSTJAJpVgInhok ---- 47z9lol5MtpX0IsO/0ggLDMcNVfl4lNNvoHUSwOU/18 -)gЪeu! - TYAM+GbMe@|A,&E!܆p=P=9P!Q|r \ No newline at end of file +-> ssh-ed25519 cKojmg 46BI3ItrXRWMivmd/K8bmkKlrYFSr8cbehAkmwCskig +gTjYquH1hDEZ2zWD5P7gN/ejTCH8JJb8bC/VLZ3koeg +-> ssh-ed25519 jPowng 5MqfJlasDbbqlI0dX98NZzHxmYmnnpveyBxa4z48V0o +r7Yiv4+SZiDncD0Xzp5eFSP4f2yjGBOILKxEO1iT3Os +--- l43+JtT28i1YDhNX3hE3Qb7swskOBc5ghDqiyh3rU2s ++)PnWT,.eNW YƱkF4#=)6mȵJ# \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/lohr/secret.age b/hosts/nixos/porthos/secrets/lohr/secret.age index fa310b4..1d9c5ba 100644 Binary files a/hosts/nixos/porthos/secrets/lohr/secret.age and b/hosts/nixos/porthos/secrets/lohr/secret.age differ diff --git a/hosts/nixos/porthos/secrets/lohr/ssh-key.age b/hosts/nixos/porthos/secrets/lohr/ssh-key.age index 30a5e25..477a4d1 100644 Binary files a/hosts/nixos/porthos/secrets/lohr/ssh-key.age and b/hosts/nixos/porthos/secrets/lohr/ssh-key.age differ diff --git a/hosts/nixos/porthos/secrets/matrix/mail.age b/hosts/nixos/porthos/secrets/matrix/mail.age index 1fe3a71..94ddf8c 100644 --- a/hosts/nixos/porthos/secrets/matrix/mail.age +++ b/hosts/nixos/porthos/secrets/matrix/mail.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg lmu3MinmydRHD0A/YVRRtopermfoBC8M8cTHfVanY1s -ygrtpZZJ7aeQTblNazpoP7DdifmDxHsE3DFJsIrWX5M --> ssh-ed25519 jPowng X0cihOc+fBtmtrkEivIHQngdYIobezXEF1x+pHqNzAw -/+sw9x1NWY0anZhDMpAywBPrR0F4XCHaF9e8j/Yo/kI --> 32;%1s-grease -JafjuSZty6a4NSO/y4y5wHWL8Mw ---- dwCl66vdpsL0MR5NWWvg3JUnQ2QZQBeW0Dj0l5tvOKY -oi,`#uwW%Poubڭcy8 ><FqKÂk0k/h5势F+u eb>1Q2wnWb֖Bi^xur- /ll-=7;j0I%FiA;YUd]KI0( Ag^uG:pkJ:qWSaLw!M4L/ZD-XUbvbP0f9 J`XO!s{QAcc;4Mچݹ lxH&{}zZ9ûXܓg]V0gtw \ No newline at end of file +-> ssh-ed25519 cKojmg u+5VWUy7eFq4boAIOhuKXZYD4mhczaUAcjz4+coVggA +QlBHHgz7uY3TVgex59yZA0XgsIeHi2WN2S+UleC7bMg +-> ssh-ed25519 jPowng IyeI6WUjF8wxe92xD3xY++4ZqXtY8divB39eLWfAtm8 +eGj8w5X2ydS1LJvNSmo56xzRVoUB0iAKKs2NHX968Yc +--- hsYH9lUl3wIErJmBKzlWV+gIR5v6vgPIcNDgd0hiRGc +@lQsȄףD}^{X)nYJhXhg8wӨǂwy(a.0>|PSlO|E鰀BW_)|x4\_F +Zo0=dtsj[0O+R8id8j +g$x òb흭Xg^G$UB*鲡)[tHav7jD.z+[~ 9z`s,_!^Yʯ2HSŏ*@jZ^v~غ@ \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/matrix/secret.age b/hosts/nixos/porthos/secrets/matrix/secret.age index 539c33e..2c8852d 100644 Binary files a/hosts/nixos/porthos/secrets/matrix/secret.age and b/hosts/nixos/porthos/secrets/matrix/secret.age differ diff --git a/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age b/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age index d375a35..e938cfa 100644 --- a/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age +++ b/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age @@ -1,9 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg N182xey8TWRVUWTRP16rT0zlhYZNr/pOZVR7YRnlIkk -HVqAag55z1cKLgjR3WsUj2wvaVjxm169JcDRJGRvCVU --> ssh-ed25519 jPowng Dc+aaUTxDsMTY+oOst0SC3ldq1e6zX8F5A5uBL5RHhc -JWZou6+VaFc5f2OLRIrmFFWg3Er6WSY+TloXU0mP1K8 --> |9_9Aqh%-grease $ X8Mn|5 aKnl' fl ssh-ed25519 cKojmg xRtF3XVc7yPicAV/E4U7mn0itvD0h1BWBTjwunuoe2E +OkB9sjGB3ulH4Feuyj3Ed0DBG4+mghW/Qpum9oXL/8c +-> ssh-ed25519 jPowng 1r8drqhz1yZdTq0Kvqya+ArU1C2fkN7Gg9LiWWfeUFg +cjbxntVwHvqLaJpiKs/Y8ojeb6e3/cLFcsoeuoobfFg +--- B1qA2PylJBrdZxZtCzlU2kRPvxLM+IrXTvR+ERxVtTY +"W9bg~/b4ՆI +} -NC7vWb?8=wB UpJClOșnO\ \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/mealie/mail.age b/hosts/nixos/porthos/secrets/mealie/mail.age new file mode 100644 index 0000000..b7348ae Binary files /dev/null and b/hosts/nixos/porthos/secrets/mealie/mail.age differ diff --git a/hosts/nixos/porthos/secrets/miniflux/credentials.age b/hosts/nixos/porthos/secrets/miniflux/credentials.age index 9790159..00d89a4 100644 Binary files a/hosts/nixos/porthos/secrets/miniflux/credentials.age and b/hosts/nixos/porthos/secrets/miniflux/credentials.age differ diff --git a/hosts/nixos/porthos/secrets/monitoring/password.age b/hosts/nixos/porthos/secrets/monitoring/password.age index 410536f..67c75e6 100644 --- a/hosts/nixos/porthos/secrets/monitoring/password.age +++ b/hosts/nixos/porthos/secrets/monitoring/password.age @@ -1,10 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg OdLtFHbHbc28rUn47vgsVvXxFNg9nF+9y9R6XOK390Y -yQQYUPQGjN2+xrSqqBYa7/zS618KrVjX5Amw2MFuSLg --> ssh-ed25519 jPowng NwUjiLtiXVi6XFmht5l1CxEs3gm0oN4vHYwDZyda7Q4 -di6znVjNRO6QdqteVNkeot5Ko2NwWLe6v+zVR3f+o10 --> 4Vx%\(-grease ^^Z>EC91 R 2BJ d48Wip*s -yPiBgChRF31XgxccQFLO3MzRL7+5s29sfRoF3W1yUX6Bu59MpxD4D+n/jhLcxSH/ -CxW7KaiOctNmPm5tWh6qjmgQ+V4bcAji5vo4FKs40l56cfyueEJj+Q ---- WUGF28zqK9E1AlOeeCtSHxFg6ikRy85gOoLtBd4m0y0 -.|rr>12Sɞ.hww q%i *U^)'qO2ӜmQ7m` \ No newline at end of file +-> ssh-ed25519 cKojmg l5lOlGnbvQ4D2kaSj1dd8Xr+btlNbTkT0SxSz02Vr1E +Cjy73yKL1N8LnjRXXLpxX+wIOFCa8wrG44VjXUND1lI +-> ssh-ed25519 jPowng nYHfkP9dRkxu4Fqh8MgrbdZAc8gk+VGDyxIV6RsSeEM +rKKi1NDoKMMzQ+kUs5ZX4zMqRBI0QwGY7q6K/L9+dLI +--- Umv3UCtXlApug7uuqmwbQN38i8Lx9/b0uhLgbc3OdZM +BLs?sӓs2y +R0!<f9txB7dڊ^ɇLJ&W ssh-ed25519 cKojmg zhpo89xef68JoeOFWzhdFshrj2BXXUCFPMLVJzv6EyE -fmJxJi5rmyai9qGwDo7iHg4BrObGre96KCpl+g91O6I --> ssh-ed25519 jPowng INA6EZdy4J1p3QY5mfVOQXiLdOjIDaZR+CZMP+GfkXM -8Nf5soaxY5SEzeJca5kaJkx7ByOvc4NkJVetB7wpEmo --> xjK'w-grease -f5v0cvlt4JbHlAwDOob86qOInWdlN/oohTg ---- NTGv4rr+MhJ/YeZhVHOjoS1V+zCHFf2itJYfK36R+wE -חJ d o'YFU@ -r7_N$>]hq-F۰qX?| ? \ No newline at end of file +-> ssh-ed25519 cKojmg 1hbRAuAGrTy6nmkAq+UWua8weywphZsTIGF68YQEOlQ +92Q7uIKv1EiO73wMh53jrTuEkzP6ziBmX9SWXCl4d3w +-> ssh-ed25519 jPowng aPb9v/S/mLW95Qom+swvasqY878RxpxxOkMJA2wb6nY +qu/dzcqciqKzNc28HqFMHA1XnrJy+/wWgbfM1+BrlkE +--- 8PXOozvZzNZQD2OT4a+0XuIQauzUGSvovdfDugmp+bc +x>禩_C9dT5KzЄqcZɾpใv +) \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/paperless/secret-key.age b/hosts/nixos/porthos/secrets/paperless/secret-key.age index eae5c56..70cb898 100644 --- a/hosts/nixos/porthos/secrets/paperless/secret-key.age +++ b/hosts/nixos/porthos/secrets/paperless/secret-key.age @@ -1,10 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg tZwn2usN6K62oS4vBa6boh9zEp/+cS4chP8boXG6SH4 -Fr3kV8gUDoiDqMxPYWsHyww8umYhQEKhqbVBiVw5NeI --> ssh-ed25519 jPowng wRbJl4G85obH/GluQBBsXE7MOvooEui65eqHfurvuQs -KqVZMBSyHhkayEdwI6ocmA4qhHY9zYJvg1CEKM1SOa0 --> 2E"/OFW-grease o Qp3HFe^ -bGhCNicPqt7txqxUiEWXCFs1OuQLqOqHmjHSqYQv919dqYep/xBXzi/aRf3dsdvh -TCJCTvZG31Qxvikp ---- xKJGbdVp+Z5h0vCBleSF2zYYYd2S5i0y4szNqjRwrDY -T /Ni7m4#MhiPޛ-gI%@E(i7Ygk"+㸠(]o@bާ+[Y"BCR[ >-.4db9v \ No newline at end of file +-> ssh-ed25519 cKojmg r3ZUTfSNcHc1TS2fVtk99Y2xJMMunkwkcR0dQIdiCi4 +LICSnzAaooGy6x4wt0vNM6YtQ4S17QohZNt7lfVrD6Q +-> ssh-ed25519 jPowng KLU68ws4lemr0wWHxm8H8pf1SQAoUZTN4QSPzk2PyHk +6pjH1pI956oaf9ZIHPPq8p3g/mZC5GxWhWkT54Wohf0 +--- cAQbniTwwtTftfXU/dGtA69yF/hh8iB97vHxvkIZMMo +c#=^~?5-wNT̡+!z " Z"2M!p5VjΡѡLyŹ nĊ8zQ+ة9WS0u}YÚ \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/podgrab/password.age b/hosts/nixos/porthos/secrets/podgrab/password.age index 90e2501..d50dc28 100644 --- a/hosts/nixos/porthos/secrets/podgrab/password.age +++ b/hosts/nixos/porthos/secrets/podgrab/password.age @@ -1,9 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg 8rcBI7fYHuA3jO6EzJNFaAj2niIApKDt1HQEv61AKTs -ANxkIX/CeI7t7Zqp6wmjt/D194Z+xpeiidb+qvYzoQU --> ssh-ed25519 jPowng oruewwTM9X/HjjcmOPcQVdp02rQBlgJPdzvlAffs3T0 -MrO0kaNhjgOkNHuz3NrIMWXNrXOHH9dT/Fk6hoQNKyY --> COK%H7-grease -6yfI90QurOKlM+kgpW8KZ/iBzDYD9yhNmjG1LQ ---- uArz8eHg8sLO0sdlkM6cELFh+FHiI5BrM0+iXJxxiDo -vvNb@FMMY&/%mt֓dh|ߩ8 ڽ9C/ \ No newline at end of file +-> ssh-ed25519 cKojmg bICZUDqk/C2divEZu2lxUDsrtS1inSbDbS8hxJSJfHc +FsfueyP6WCesAu5EcXIxxtvbb8RX09qNTN9GvuhYuTw +-> ssh-ed25519 jPowng Uujsu6c+QTXqCNi6c+zxk5tf0UQcG+Qm/SZF4dzSKCY +RPVNNNauz73A8kWA0VSQiMWCerUkxPoXG2MUrFly3Bc +--- 8h4hGasOwZxk+i5aQfg6AzdA1G4wROhxz2rmM9u41b8 +{Rh=42 yЙjMWQ%X ]JK]F?QK \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/pyload/credentials.age b/hosts/nixos/porthos/secrets/pyload/credentials.age new file mode 100644 index 0000000..089f962 --- /dev/null +++ b/hosts/nixos/porthos/secrets/pyload/credentials.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 cKojmg nJbOfp0/wmFOZLzcWjoGB7wEB8e56aO1NntSmn5KomU +/Vio4Z/t7IPJrdzdwUPidVH3wrouSkwRzNHP0T4z3x0 +-> ssh-ed25519 jPowng QXg/xqs7/VfkYQg3X77w4i53q64bL9oYeTxqb9NVhiQ +sMHIXlmrIxtIr+s0X4lBqev/PPd3AKD5P7AP5K4NeJg +--- gzTn+6+aa4Ptic1lsvSt+r3IEBysHrvMMIyONogMDF0 +ˮUE_ ssh-ed25519 cKojmg mP2H3PWJN6Pv3q6C2wci3KnXjtFAIiuGy0YH0sGIy2g -f43QqyUQfTYznszub47kgc2Mz95zVScTDkwnG3INi9U --> ssh-ed25519 jPowng fENbu7+FZ1mnQQHQCLm1spLHmsQGlRoJResUJtGzYkY -hX+AqCkLCca6m/aKtGCThi7/mCCz/TZQNJNOlOmlqyA --> J<-grease -n7+CPRr4oazWnE7yzpJN2ZAI4QrGsAerloP4wNeebjQDx8+IxJq1JE0g3Yi0RxzN -chDccuSPLYk45Ov+SD/qqqFZlQ ---- p81HYw3LFj+qz2kiZsDcevM4ZBfvN743P9Jdi7J9XkM -۱S7VBOlEtq_D,PVFp\"AM}g?/\;y Ӛ(SK \ No newline at end of file +-> ssh-ed25519 cKojmg Froxrdh4H2Bsj4X2xicyBXHPRlbkRJAOztoTfzxItSM +FnsLS2QYm8mJUO+c152FieLCFkALxxwQLnY4PAj8zsU +-> ssh-ed25519 jPowng pKl4p02M+U5JsiOnM2wXL5bkPwsI3IHjlTutlvez3zM +NSuOFsyV8JqtTq97lNzacJnJ3YZgWp53XxU3mjUlcMQ +--- 2TK2ViFblmDheaYdat/GF0ze1wVsla1EPLaeRdMM4Gs +ըENܞm›2u~Jubt[$T^2ji@xҸ*İg[MHX!6ezDW]<` XPޛ +q*o$< \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/vikunja/mail.age b/hosts/nixos/porthos/secrets/vikunja/mail.age index 4c83acd..864e5be 100644 Binary files a/hosts/nixos/porthos/secrets/vikunja/mail.age and b/hosts/nixos/porthos/secrets/vikunja/mail.age differ diff --git a/hosts/nixos/porthos/secrets/wireguard/private-key.age b/hosts/nixos/porthos/secrets/wireguard/private-key.age index 4abe1e5..d7e292e 100644 --- a/hosts/nixos/porthos/secrets/wireguard/private-key.age +++ b/hosts/nixos/porthos/secrets/wireguard/private-key.age @@ -1,10 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg +WwRpd2MzycutQFXyLsr2+GzSgF67Z6UuvyqYZaLd3w -sppt8HzaZP3yxnvnhzjl18Trnz8g3VyXJ6CaVBWd7jA --> ssh-ed25519 jPowng wanoqGB7T8bim/WZ4IAYViFQoGzaIZSgeoTr3YKpeTY -ihDAdGa1XVW/qQz40V1v7a7iK7tu0EHMa7ayIogpcRw --> l-grease |PIcZ NIr >0;* -4o8o0bevQZ6uDSx1WxxlDCURbFCM+yK1XPdrb9aztCSvG2a+ne78E42l5rBcoH7I -m51A8uWS4nSj36N/76v6K4kelxKzWUg ---- O6cGbTAVbDcdmPHf7UzfZiyiRtu1yfL4sBI+CkJA1qw -q$`w'SX]?6/N(BNa.H7Ioz/4:sK",7J \ No newline at end of file +-> ssh-ed25519 cKojmg KslHl4v8yCsKZn5TduLgpTfpTi1uOInC9N2e8Ow83FI +NzcJJr8kw1ykAdWRZOeWdNhx0BTgE7FwTKcge+yLJ/w +-> ssh-ed25519 jPowng YGWcOai0A9l2HDZyV0GtD8kEbY/xTUssODFBcseWAkA +nJaHXkipFSHdyektoKV5y1jQrjkvnU7pwZwAymiQm7M +--- IgWkDulol1jRa+pcx7DbEy5pvC+2nrRJHsdQVPvPur0 +Bb<Ōb!E?:=srJCKz5{4`&N057v+1 ++(d{ Q \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/woodpecker/gitea.age b/hosts/nixos/porthos/secrets/woodpecker/gitea.age index e6ede6c..11817ff 100644 Binary files a/hosts/nixos/porthos/secrets/woodpecker/gitea.age and b/hosts/nixos/porthos/secrets/woodpecker/gitea.age differ diff --git a/hosts/nixos/porthos/secrets/woodpecker/secret.age b/hosts/nixos/porthos/secrets/woodpecker/secret.age index 63a4862..89bcb6b 100644 --- a/hosts/nixos/porthos/secrets/woodpecker/secret.age +++ b/hosts/nixos/porthos/secrets/woodpecker/secret.age @@ -1,10 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 jPowng yz0I+AazPmamF7NOnwYNrPE/ArarU01jd2mVDJUPSTY -6Y/YQ7gb8cAZf3zT9SKOorvfUnU7kYff+gHh8fG2mY8 --> ssh-ed25519 cKojmg 0FZU9v8eHsVeE+EoX9Y4IgfIj/8+45waPaSnSDb961I -L6SzJoh5xqai45scoVAa6v9zslBGFYNnZY044d470uQ --> I[G-grease p -AMRQY1alSzHi/PLL80kcvnM1Z9YNfoUo9u5alWXYMyzrRsg+vXjMuBvAXg3fmnzr -wdOowTYMRV+jEG8vzkcQTsv+f7JIyo4DvOOaPyGfWMl1 ---- ih3IAFPcN1JP3FP1vcRGnPrfk91yrnIX0m/Szkbcf7Q -mWr_\)Ͱ]QxMs/݃ݪ6kYxMyJG)i2_'֜HF.g_e5#utՠ7jP'Tޥ8\IWUK1ں9 \ No newline at end of file +-> ssh-ed25519 cKojmg tAW2hbBSxsael6cdbN+vI4h1/PMNrWYct8cppCAasn0 +cex/wBTviSIXc8clNm5PGltTYa1Q5PwqlX4BGsNHiyU +-> ssh-ed25519 jPowng YxfhtpytvuhIARQAaJ0w94aOZiGNUOBR0pF+Sp80D2k +nMon/VdYUQTs6LFccDGeIKWeNYib1wwtFmEYZkDZxg0 +--- giL477X0+uZ2Ocvbixt5f5kNc1laj5P79oW8P9XsNP0 +d>cE?nbv_'2յ_6Pu:usE8ϓxuڶ̪x̧C[ .6 qJ5GK)N a -bindurl www.google.com F hint -Jbc #search div:not(.action-menu) > a +bindurl www.google.com f hint -Jc #search a +bindurl www.google.com F hint -Jbc #search a " Only hint search results on DuckDuckGo bindurl ^https://duckduckgo.com f hint -Jc [data-testid="result-title-a"] @@ -69,8 +69,6 @@ unbind " Redirections {{{ " Always redirect Reddit to the old site autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old") -" Use a better Twitter front-end -autocmd DocStart ^http(s?)://twitter.com js tri.excmds.urlmodify("-t", "twitter.com", "nitter.net") " }}} " Disabled websites {{{ diff --git a/modules/home/gdb/default.nix b/modules/home/gdb/default.nix index ab51938..fe8eb69 100644 --- a/modules/home/gdb/default.nix +++ b/modules/home/gdb/default.nix @@ -26,7 +26,14 @@ in gdb ]; - xdg.configFile."gdb/gdbinit".source = ./gdbinit; + xdg = { + configFile."gdb/gdbinit".source = ./gdbinit; + dataFile. "gdb/.keep".text = ""; + }; + + home.sessionVariables = { + GDBHISTFILE = "${config.xdg.dataHome}/gdb/gdb_history"; + }; } (lib.mkIf cfg.rr.enable { diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index 4dba01e..1bb2215 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -7,6 +7,9 @@ in { options.my.home.git = with lib; { enable = my.mkDisableOption "git configuration"; + + # I want the full experience by default + package = mkPackageOption pkgs "git" { default = [ "gitFull" ]; }; }; config.home.packages = with pkgs; lib.mkIf cfg.enable [ @@ -22,8 +25,7 @@ in userEmail = mkMailAddress "bruno" "belanyi.fr"; userName = "Bruno BELANYI"; - # I want the full experience - package = pkgs.gitFull; + inherit (cfg) package; aliases = { git = "!git"; @@ -146,6 +148,10 @@ in autoStash = true; }; + rerere = { + enabled = true; + }; + url = { "git@git.belanyi.fr:" = { insteadOf = "https://git.belanyi.fr/"; diff --git a/modules/home/gpg/default.nix b/modules/home/gpg/default.nix index 7eadf48..51c865a 100644 --- a/modules/home/gpg/default.nix +++ b/modules/home/gpg/default.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let cfg = config.my.home.gpg; in @@ -6,12 +6,7 @@ in options.my.home.gpg = with lib; { enable = my.mkDisableOption "gpg configuration"; - pinentry = mkOption { - type = types.str; - default = "tty"; - example = "gtk2"; - description = "Which pinentry interface to use"; - }; + pinentry = mkPackageOption pkgs "pinentry" { default = [ "pinentry-tty" ]; }; }; config = lib.mkIf cfg.enable { @@ -22,7 +17,7 @@ in services.gpg-agent = { enable = true; enableSshSupport = true; # One agent to rule them all - pinentryFlavor = cfg.pinentry; + pinentryPackage = cfg.pinentry; extraConfig = '' allow-loopback-pinentry ''; diff --git a/modules/home/x/keyboard/default.nix b/modules/home/keyboard/default.nix similarity index 50% rename from modules/home/x/keyboard/default.nix rename to modules/home/keyboard/default.nix index 40af800..2216a08 100644 --- a/modules/home/x/keyboard/default.nix +++ b/modules/home/keyboard/default.nix @@ -1,8 +1,12 @@ { config, lib, ... }: let - cfg = config.my.home.x; + cfg = config.my.home.keyboard; in { + options.my.home.keyboard = with lib; { + enable = my.mkDisableOption "keyboard configuration"; + }; + config = lib.mkIf cfg.enable { home.keyboard = { layout = "fr"; diff --git a/modules/home/mail/accounts/default.nix b/modules/home/mail/accounts/default.nix index e7663d8..8886139 100644 --- a/modules/home/mail/accounts/default.nix +++ b/modules/home/mail/accounts/default.nix @@ -18,8 +18,6 @@ let himalaya = { enable = cfg.himalaya.enable; # FIXME: try to actually configure it at some point - backend = "imap"; - sender = "smtp"; }; msmtp = { diff --git a/modules/home/mpv/default.nix b/modules/home/mpv/default.nix index 9aef379..8af394c 100644 --- a/modules/home/mpv/default.nix +++ b/modules/home/mpv/default.nix @@ -13,6 +13,8 @@ in scripts = [ pkgs.mpvScripts.mpris # Allow controlling using media keys + pkgs.mpvScripts.mpv-cheatsheet # Show some simple mappings on '?' + pkgs.mpvScripts.uosc # Nicer UI ]; }; }; diff --git a/modules/home/nix/default.nix b/modules/home/nix/default.nix index 9ccbdc5..0934189 100644 --- a/modules/home/nix/default.nix +++ b/modules/home/nix/default.nix @@ -12,7 +12,7 @@ let # Use pinned nixpkgs when using `nix run pkgs#` pkgs = inputs.nixpkgs; } - (lib.optionalAttrs cfg.overrideNixpkgs { + (lib.optionalAttrs cfg.inputs.overrideNixpkgs { # ... And with `nix run nixpkgs#` nixpkgs = inputs.nixpkgs; }) @@ -22,20 +22,26 @@ in options.my.home.nix = with lib; { enable = my.mkDisableOption "nix configuration"; - linkInputs = my.mkDisableOption "link inputs to `$XDG_CONFIG_HOME/nix/inputs`"; + cache = { + selfHosted = my.mkDisableOption "self-hosted cache"; + }; - addToRegistry = my.mkDisableOption "add inputs and self to registry"; + inputs = { + link = my.mkDisableOption "link inputs to `/etc/nix/inputs/`"; - addToNixPath = my.mkDisableOption "add inputs and self to nix path"; + addToRegistry = my.mkDisableOption "add inputs and self to registry"; - overrideNixpkgs = my.mkDisableOption "point nixpkgs to pinned system version"; + addToNixPath = my.mkDisableOption "add inputs and self to nix path"; + + overrideNixpkgs = my.mkDisableOption "point nixpkgs to pinned system version"; + }; }; config = lib.mkIf cfg.enable (lib.mkMerge [ { assertions = [ { - assertion = cfg.addToNixPath -> cfg.linkInputs; + assertion = cfg.inputs.addToNixPath -> cfg.inputs.link; message = '' enabling `my.home.nix.addToNixPath` needs to have `my.home.nix.linkInputs = true` @@ -54,7 +60,21 @@ in }; } - (lib.mkIf cfg.addToRegistry { + (lib.mkIf cfg.cache.selfHosted { + nix = { + settings = { + extra-substituters = [ + "https://cache.belanyi.fr/" + ]; + + extra-trusted-public-keys = [ + "cache.belanyi.fr:LPhrTqufwfxTceg1nRWueDWf7/2zSVY9K00pq2UI7tw=" + ]; + }; + }; + }) + + (lib.mkIf cfg.inputs.addToRegistry { nix.registry = let makeEntry = v: { flake = v; }; @@ -63,7 +83,7 @@ in makeEntries channels; }) - (lib.mkIf cfg.linkInputs { + (lib.mkIf cfg.inputs.link { xdg.configFile = let makeLink = n: v: { @@ -75,7 +95,7 @@ in makeLinks channels; }) - (lib.mkIf cfg.addToNixPath { + (lib.mkIf cfg.inputs.addToNixPath { home.sessionVariables.NIX_PATH = "${config.xdg.configHome}/nix/inputs\${NIX_PATH:+:$NIX_PATH}"; }) ]); diff --git a/modules/home/packages/default.nix b/modules/home/packages/default.nix index 0cfa3b3..1362a06 100644 --- a/modules/home/packages/default.nix +++ b/modules/home/packages/default.nix @@ -6,6 +6,10 @@ in options.my.home.packages = with lib; { enable = my.mkDisableOption "user packages"; + allowAliases = mkEnableOption "allow package aliases"; + + allowUnfree = my.mkDisableOption "allow unfree packages"; + additionalPackages = mkOption { type = with types; listOf package; default = [ ]; @@ -17,10 +21,15 @@ in }; }; - config.home.packages = with pkgs; lib.mkIf cfg.enable ([ - fd - file - mosh - ripgrep - ] ++ cfg.additionalPackages); + config = lib.mkIf cfg.enable { + home.packages = with pkgs; ([ + fd + file + ripgrep + ] ++ cfg.additionalPackages); + + nixpkgs.config = { + inherit (cfg) allowAliases allowUnfree; + }; + }; } diff --git a/modules/home/pager/default.nix b/modules/home/pager/default.nix index aa72587..e304097 100644 --- a/modules/home/pager/default.nix +++ b/modules/home/pager/default.nix @@ -16,6 +16,7 @@ in LESS = "-R -+X -c"; # Better XDG compliance LESSHISTFILE = "${config.xdg.dataHome}/less/history"; + LESSKEY = "${config.xdg.configHome}/less/lesskey"; }; }; } diff --git a/modules/home/ssh/default.nix b/modules/home/ssh/default.nix index 123190f..748b195 100644 --- a/modules/home/ssh/default.nix +++ b/modules/home/ssh/default.nix @@ -1,54 +1,70 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let cfg = config.my.home.ssh; in { options.my.home.ssh = with lib; { enable = my.mkDisableOption "ssh configuration"; - }; - config.programs.ssh = lib.mkIf cfg.enable { - enable = true; + mosh = { + enable = my.mkDisableOption "mosh configuration"; - includes = [ - # Local configuration, not-versioned - "config.local" - ]; - - matchBlocks = { - "github.com" = { - hostname = "github.com"; - identityFile = "~/.ssh/shared_rsa"; - user = "git"; - }; - - "gitlab.com" = { - hostname = "gitlab.com"; - identityFile = "~/.ssh/shared_rsa"; - user = "git"; - }; - - "git.sr.ht" = { - hostname = "git.sr.ht"; - identityFile = "~/.ssh/shared_rsa"; - user = "git"; - }; - - "git.belanyi.fr" = { - hostname = "git.belanyi.fr"; - identityFile = "~/.ssh/shared_rsa"; - user = "git"; - }; - - porthos = { - hostname = "91.121.177.163"; - identityFile = "~/.ssh/shared_rsa"; - user = "ambroisie"; - }; + package = mkPackageOption pkgs "mosh" { }; }; - - extraConfig = '' - AddKeysToAgent yes - ''; }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + { + programs.ssh = { + enable = true; + + includes = [ + # Local configuration, not-versioned + "config.local" + ]; + + matchBlocks = { + "github.com" = { + hostname = "github.com"; + identityFile = "~/.ssh/shared_rsa"; + user = "git"; + }; + + "gitlab.com" = { + hostname = "gitlab.com"; + identityFile = "~/.ssh/shared_rsa"; + user = "git"; + }; + + "git.sr.ht" = { + hostname = "git.sr.ht"; + identityFile = "~/.ssh/shared_rsa"; + user = "git"; + }; + + "git.belanyi.fr" = { + hostname = "git.belanyi.fr"; + identityFile = "~/.ssh/shared_rsa"; + user = "git"; + }; + + porthos = { + hostname = "37.187.146.15"; + identityFile = "~/.ssh/shared_rsa"; + user = "ambroisie"; + }; + }; + + extraConfig = '' + AddKeysToAgent yes + ''; + }; + } + + (lib.mkIf cfg.mosh.enable { + home.packages = [ + cfg.mosh.package + ]; + }) + ]); } diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 08aeb55..501b954 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -5,6 +5,14 @@ let config.my.home.x.enable (config.my.home.wm.windowManager != null) ]; + + mkTerminalFlags = opt: flag: + let + mkFlag = term: ''set -as terminal-features ",${term}:${flag}"''; + enabledTerminals = lib.filterAttrs (_: v: v.${opt}) cfg.terminalFeatures; + terminals = lib.attrNames enabledTerminals; + in + lib.concatMapStringsSep "\n" mkFlag terminals; in { options.my.home.tmux = with lib; { @@ -12,16 +20,22 @@ in enablePassthrough = mkEnableOption "tmux DCS passthrough sequence"; - trueColorTerminals = mkOption { - type = with types; listOf str; - default = lib.my.nullableToList config.my.home.terminal.program; - defaultText = '' - `[ config.my.home.terminal.program ]` if it is non-null, otherwise an - empty list. + terminalFeatures = mkOption { + type = with types; attrsOf (submodule { + options = { + hyperlinks = my.mkDisableOption "hyperlinks through OSC8"; + + trueColor = my.mkDisableOption "24-bit (RGB) color support"; + }; + }); + + default = { ${config.my.home.terminal.program} = { }; }; + defaultText = litteralExpression '' + { ''${config.my.home.terminal.program} = { }; }; ''; - example = [ "xterm-256color" ]; + example = { xterm-256color = { }; }; description = '' - $TERM values which should be considered to always support 24-bit color. + $TERM values which should be considered to have additional features. ''; }; }; @@ -32,7 +46,7 @@ in keyMode = "vi"; # Home-row keys and other niceties clock24 = true; # I'm one of those heathens escapeTime = 0; # Let vim do its thing instead - historyLimit = 50000; # Bigger buffer + historyLimit = 100000; # Bigger buffer terminal = "tmux-256color"; # I want accurate termcap info plugins = with pkgs.tmuxPlugins; [ @@ -89,13 +103,10 @@ in '' } + # Force OSC8 hyperlinks for each relevant $TERM + ${mkTerminalFlags "hyperlinks" "hyperlinks"} # Force 24-bit color for each relevant $TERM - ${ - let - mkTcFlag = term: ''set -as terminal-features ",${term}:RGB"''; - in - lib.concatMapStringsSep "\n" mkTcFlag cfg.trueColorTerminals - } + ${mkTerminalFlags "trueColor" "RGB"} ''; }; } diff --git a/modules/home/vim/after/ftplugin/gn.vim b/modules/home/vim/after/ftplugin/gn.vim new file mode 100644 index 0000000..0cec9df --- /dev/null +++ b/modules/home/vim/after/ftplugin/gn.vim @@ -0,0 +1,6 @@ +" Create the `b:undo_ftplugin` variable if it doesn't exist +call ftplugined#check_undo_ft() + +" Set comment string, as it seems that no official GN support exists upstream +setlocal commentstring=#\ %s +let b:undo_ftplugin.='|setlocal commentstring<' diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 871bf40..07711cc 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -105,7 +105,7 @@ in nixpkgs-fmt # Shell - shellcheck + nodePackages.bash-language-server shfmt ]; }; diff --git a/modules/home/vim/ftdetect/automake.lua b/modules/home/vim/ftdetect/automake.lua index cfa15d2..68a30ed 100644 --- a/modules/home/vim/ftdetect/automake.lua +++ b/modules/home/vim/ftdetect/automake.lua @@ -1,4 +1,4 @@ --- Use Automake filetype for `local.am` files, explicit `set` to force override +-- Use Automake filetype for `local.am` files vim.filetype.add({ filename = { ["local.am"] = "automake", diff --git a/modules/home/vim/ftdetect/glsl.lua b/modules/home/vim/ftdetect/glsl.lua new file mode 100644 index 0000000..2f4f1dd --- /dev/null +++ b/modules/home/vim/ftdetect/glsl.lua @@ -0,0 +1,7 @@ +-- Use GLSL filetype for common shader file extensions +vim.filetype.add({ + extension = { + frag = "glsl", + vert = "glsl", + }, +}) diff --git a/modules/home/vim/ftdetect/gn.lua b/modules/home/vim/ftdetect/gn.lua new file mode 100644 index 0000000..37d772e --- /dev/null +++ b/modules/home/vim/ftdetect/gn.lua @@ -0,0 +1,7 @@ +-- Use GN filetype for Chromium Generate Ninja files +vim.filetype.add({ + extension = { + gn = "gn", + gni = "gn", + }, +}) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index bd63d25..c94fc53 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -88,6 +88,23 @@ set background=dark " 24 bit colors set termguicolors +" Setup some overrides for gruvbox +lua << EOF +local gruvbox = require("gruvbox") +local colors = gruvbox.palette + +gruvbox.setup({ + overrides = { + -- Only URLs should be underlined + ["@string.special.path"] = { link = "GruvboxOrange" }, + -- Revert back to the better diff highlighting + DiffAdd = { fg = colors.green, bg = "NONE" }, + DiffChange = { fg = colors.aqua, bg = "NONE" }, + DiffDelete = { fg = colors.red, bg = "NONE" }, + DiffText = { fg = colors.yellow, bg = colors.bg0 }, + } +}) +EOF " Use my preferred colorscheme colorscheme gruvbox " }}} diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index 99d8dab..31a5bd1 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -51,8 +51,7 @@ M.on_attach = function(client, bufnr) local wk = require("which-key") local function list_workspace_folders() - local utils = require("ambroisie.utils") - utils.dump(vim.lsp.buf.list_workspace_folders()) + vim.print(vim.lsp.buf.list_workspace_folders()) end local function cycle_diagnostics_display() diff --git a/modules/home/vim/lua/ambroisie/utils.lua b/modules/home/vim/lua/ambroisie/utils.lua index 418e0d1..3d2dd3b 100644 --- a/modules/home/vim/lua/ambroisie/utils.lua +++ b/modules/home/vim/lua/ambroisie/utils.lua @@ -1,11 +1,5 @@ local M = {} ---- pretty print lua object ---- @param obj any object to pretty print -M.dump = function(obj) - print(vim.inspect(obj)) -end - --- checks if a given command is executable --- @param cmd string? command to check --- @return boolean executable @@ -15,7 +9,7 @@ end --- return a function that checks if a given command is executable --- @param cmd string? command to check ---- @return fun(cmd: string): boolean executable +--- @return fun(): boolean executable M.is_executable_condition = function(cmd) return function() return M.is_executable(cmd) @@ -40,11 +34,11 @@ M.is_ssh = function() return false end ---- list all active LSP clients for current buffer +--- list all active LSP clients for specific buffer, or all buffers --- @param bufnr int? buffer number --- @return table all active LSP client names M.list_lsp_clients = function(bufnr) - local clients = vim.lsp.buf_get_clients(bufnr) + local clients = vim.lsp.get_active_clients({ bufnr = bufnr }) local names = {} for _, client in ipairs(clients) do diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 794a765..628eab9 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -29,16 +29,17 @@ if utils.is_executable("clangd") then }) end --- Nix -if utils.is_executable("nil") then - lspconfig.nil_ls.setup({ +-- Haskell +if utils.is_executable("haskell-language-server-wrapper") then + lspconfig.hls.setup({ capabilities = capabilities, on_attach = lsp.on_attach, }) end -if utils.is_executable("rnix-lsp") then - lspconfig.rnix.setup({ +-- Nix +if utils.is_executable("nil") then + lspconfig.nil_ls.setup({ capabilities = capabilities, on_attach = lsp.on_attach, }) @@ -52,6 +53,13 @@ if utils.is_executable("pyright") then }) end +if utils.is_executable("ruff-lsp") then + lspconfig.ruff_lsp.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end + -- Rust if utils.is_executable("rust-analyzer") then lspconfig.rust_analyzer.setup({ @@ -59,3 +67,12 @@ if utils.is_executable("rust-analyzer") then on_attach = lsp.on_attach, }) end + +-- Shell +if utils.is_executable("bash-language-server") then + lspconfig.bashls.setup({ + filetypes = { "bash", "sh", "zsh" }, + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end diff --git a/modules/home/vim/plugin/settings/lualine.lua b/modules/home/vim/plugin/settings/lualine.lua index fdaccda..5219a95 100644 --- a/modules/home/vim/plugin/settings/lualine.lua +++ b/modules/home/vim/plugin/settings/lualine.lua @@ -10,7 +10,7 @@ local function list_spell_languages() end local function list_lsp_clients() - local client_names = utils.list_lsp_clients() + local client_names = utils.list_lsp_clients(0) if #client_names == 0 then return "" diff --git a/modules/home/vim/plugin/settings/null-ls.lua b/modules/home/vim/plugin/settings/null-ls.lua index 0eaa55c..e7265c7 100644 --- a/modules/home/vim/plugin/settings/null-ls.lua +++ b/modules/home/vim/plugin/settings/null-ls.lua @@ -28,38 +28,16 @@ null_ls.register({ }), }) --- Haskell -null_ls.register({ - null_ls.builtins.formatting.brittany.with({ - -- Only used if available - condition = utils.is_executable_condition("brittany"), - }), -}) - -- Nix null_ls.register({ null_ls.builtins.formatting.nixpkgs_fmt.with({ - -- Only used if available, but prefer rnix if available - condition = function() - return utils.is_executable("nixpkgs-fmt") - and not utils.is_executable("rnix-lsp") - and not utils.is_executable("nil") - end, + -- Only used if available + condition = utils.is_executable_condition("nixpkgs-fmt"), }), }) -- Python null_ls.register({ - null_ls.builtins.diagnostics.flake8.with({ - -- Only used if available, but prefer pflake8 if available - condition = function() - return utils.is_executable("flake8") and not utils.is_executable("pflake8") - end, - }), - null_ls.builtins.diagnostics.pyproject_flake8.with({ - -- Only used if available - condition = utils.is_executable_condition("pflake8"), - }), null_ls.builtins.diagnostics.mypy.with({ -- Only used if available condition = utils.is_executable_condition("mypy"), @@ -81,22 +59,6 @@ null_ls.register({ -- Shell (non-POSIX) null_ls.register({ - null_ls.builtins.code_actions.shellcheck.with({ - -- Restrict to bash and zsh - filetypes = { "bash", "zsh" }, - -- Only used if available - condition = utils.is_executable_condition("shellcheck"), - }), - null_ls.builtins.diagnostics.shellcheck.with({ - -- Show error code in message - diagnostics_format = "[#{c}] #{m}", - -- Require explicit empty string test, use bash dialect - extra_args = { "-s", "bash", "-o", "avoid-nullary-conditions" }, - -- Restrict to bash and zsh - filetypes = { "bash", "zsh" }, - -- Only used if available - condition = utils.is_executable_condition("shellcheck"), - }), null_ls.builtins.formatting.shfmt.with({ -- Indent with 4 spaces, simplify the code, indent switch cases, -- add space after redirection, use bash dialect @@ -110,22 +72,6 @@ null_ls.register({ -- Shell (POSIX) null_ls.register({ - null_ls.builtins.code_actions.shellcheck.with({ - -- Restrict to POSIX sh - filetypes = { "sh" }, - -- Only used if available - condition = utils.is_executable_condition("shellcheck"), - }), - null_ls.builtins.diagnostics.shellcheck.with({ - -- Show error code in message - diagnostics_format = "[#{c}] #{m}", - -- Require explicit empty string test - extra_args = { "-o", "avoid-nullary-conditions" }, - -- Restrict to POSIX sh - filetypes = { "sh" }, - -- Only used if available - condition = utils.is_executable_condition("shellcheck"), - }), null_ls.builtins.formatting.shfmt.with({ -- Indent with 4 spaces, simplify the code, indent switch cases, -- add space after redirection, use POSIX diff --git a/modules/home/vim/plugin/settings/tree-sitter.lua b/modules/home/vim/plugin/settings/tree-sitter.lua index 0d84abd..5503857 100644 --- a/modules/home/vim/plugin/settings/tree-sitter.lua +++ b/modules/home/vim/plugin/settings/tree-sitter.lua @@ -8,9 +8,6 @@ ts_config.setup({ indent = { enable = true, }, - context_commentstring = { - enable = true, - }, textobjects = { select = { enable = true, diff --git a/modules/home/wget/default.nix b/modules/home/wget/default.nix new file mode 100644 index 0000000..32c13c0 --- /dev/null +++ b/modules/home/wget/default.nix @@ -0,0 +1,26 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.my.home.wget; +in +{ + options.my.home.wget = with lib; { + enable = my.mkDisableOption "wget configuration"; + + package = mkPackageOption pkgs "wget" { }; + }; + + config = lib.mkIf cfg.enable { + home.packages = [ + cfg.package + ]; + + + home.sessionVariables = lib.mkIf cfg.enable { + WGETRC = "${config.xdg.configHome}/wgetrc"; + }; + + xdg.configFile."wgetrc".text = '' + hsts-file = ${config.xdg.dataHome}/wget-hsts + ''; + }; +} diff --git a/modules/home/wm/cursor/default.nix b/modules/home/wm/cursor/default.nix index 9426232..3b58b7b 100644 --- a/modules/home/wm/cursor/default.nix +++ b/modules/home/wm/cursor/default.nix @@ -8,7 +8,7 @@ in { config = lib.mkIf cfg.enable { home.pointerCursor = { - package = pkgs.ambroisie.vimix-cursors; + package = pkgs.vimix-cursors; name = "Vimix-cursors"; x11 = { diff --git a/modules/home/wm/default.nix b/modules/home/wm/default.nix index 6a615e5..449918a 100644 --- a/modules/home/wm/default.nix +++ b/modules/home/wm/default.nix @@ -36,6 +36,31 @@ in i3bar = { enable = mkRelatedOption "i3bar configuration" [ "i3" ]; + + vpn = { + enable = my.mkDisableOption "VPN configuration"; + + blockConfigs = mkOption { + type = with types; listOf (attrsOf str); + default = [ + { + active_format = " VPN "; + service = "wg-quick-wg"; + } + { + active_format = " VPN (LAN) "; + service = "wg-quick-lan"; + } + ]; + example = [ + { + active_format = " WORK "; + service = "some-service-name"; + } + ]; + description = "list of block configurations, merged with the defauls"; + }; + }; }; rofi = { diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix index d1dbe2c..69246f0 100644 --- a/modules/home/wm/i3/default.nix +++ b/modules/home/wm/i3/default.nix @@ -129,6 +129,7 @@ in { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; } { class = "^Pavucontrol.*$"; } { class = "^Arandr$"; } + { class = ".?blueman-manager.*$"; } ]; }; @@ -196,7 +197,7 @@ in inherit (config.my.home.bluetooth) enable; prog = lib.getExe pkgs.rofi-bluetooth; in - lib.mkIf enable "exec ${prog}"; + lib.mkIf enable "exec ${prog} -i"; }) ( # Changing container focus diff --git a/modules/home/wm/i3bar/default.nix b/modules/home/wm/i3bar/default.nix index 05b0f50..5ae0e7d 100644 --- a/modules/home/wm/i3bar/default.nix +++ b/modules/home/wm/i3bar/default.nix @@ -17,25 +17,11 @@ in top = { icons = "awesome5"; - blocks = builtins.filter (attr: attr != { }) [ + blocks = builtins.filter (attr: attr != { }) (lib.flatten [ { block = "music"; # This format seems to remove the block when not playing, somehow format = "{ $icon $combo.str(max_w:50,rot_interval:0.5) $prev $play $next |}"; - click = [ - { - button = "play"; - action = "music_play"; - } - { - button = "prev"; - action = "music_prev"; - } - { - button = "next"; - action = "music_next"; - } - ]; } (lib.optionalAttrs config.my.home.bluetooth.enable { block = "bluetooth"; @@ -73,9 +59,22 @@ in { block = "disk_space"; } + (lib.optionals cfg.vpn.enable + ( + let + defaults = { + block = "service_status"; + active_state = "Good"; + inactive_format = ""; + inactive_state = "Idle"; + }; + in + builtins.map (block: defaults // block) cfg.vpn.blockConfigs + ) + ) { block = "net"; - format = " $icon{| $ssid|} $ip{| $signal_strength|} "; + format = " $icon{| $ssid|}{| $ip|}{| $signal_strength|} "; } { block = "backlight"; @@ -106,7 +105,7 @@ in format = " $icon $timestamp.datetime(f:'%F %T') "; interval = 5; } - ]; + ]); }; }; }; diff --git a/modules/home/x/default.nix b/modules/home/x/default.nix index 0312bc4..c320e52 100644 --- a/modules/home/x/default.nix +++ b/modules/home/x/default.nix @@ -3,10 +3,6 @@ let cfg = config.my.home.x; in { - imports = [ - ./keyboard - ]; - options.my.home.x = with lib; { enable = mkEnableOption "X server configuration"; }; diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index af9ec18..fb2668c 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -39,16 +39,19 @@ in # I want a tidier home config.home.sessionVariables = with config.xdg; lib.mkIf cfg.enable { ANDROID_HOME = "${dataHome}/android"; + ANDROID_USER_HOME = "${configHome}/android"; CARGO_HOME = "${dataHome}/cargo"; DOCKER_CONFIG = "${configHome}/docker"; - GDBHISTFILE = "${dataHome}/gdb/gdb_history"; + GRADLE_USER_HOME = "${dataHome}/gradle"; HISTFILE = "${dataHome}/bash/history"; INPUTRC = "${configHome}/readline/inputrc"; - LESSHISTFILE = "${dataHome}/less/history"; - LESSKEY = "${configHome}/less/lesskey"; PSQL_HISTORY = "${dataHome}/psql_history"; - REPO_CONFIG_DIR = "${configHome}/repo"; + PYTHONPYCACHEPREFIX = "${cacheHome}/python/"; + PYTHONUSERBASE = "${dataHome}/python/"; + PYTHON_HISTORY = "${stateHome}/python/history"; REDISCLI_HISTFILE = "${dataHome}/redis/rediscli_history"; + REPO_CONFIG_DIR = "${configHome}/repo"; XCOMPOSECACHE = "${dataHome}/X11/xcompose"; + _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java"; }; } diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 4cadb57..a277366 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -15,81 +15,152 @@ in enable = my.mkDisableOption "zsh configuration"; launchTmux = mkEnableOption "auto launch tmux at shell start"; - }; - config = lib.mkIf cfg.enable { - home.packages = with pkgs; [ - zsh-completions - ]; + notify = { + enable = mkEnableOption "zsh-done notification"; - programs.zsh = { - enable = true; - dotDir = "${relativeXdgConfig}/zsh"; # Don't clutter $HOME - enableCompletion = true; - - history = { - size = 500000; - save = 500000; - extended = true; - expireDuplicatesFirst = true; - ignoreSpace = true; - ignoreDups = true; - share = false; - path = "${config.xdg.dataHome}/zsh/zsh_history"; + exclude = mkOption { + type = with types; listOf str; + default = [ + "delta" + "direnv reload" + "fg" + "git (?!push|pull|fetch)" + "htop" + "less" + "man" + "nvim" + "tail -f" + "tmux" + "vim" + ]; + example = [ "command --long-running-option" ]; + description = '' + List of exclusions which should not be create a notification. Accepts + Perl regexes (implicitly anchored with `^\s*`). + ''; }; - plugins = [ - { - name = "fast-syntax-highlighting"; - file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh"; - src = pkgs.zsh-fast-syntax-highlighting; - } - { - name = "agkozak-zsh-prompt"; - file = "share/zsh/site-functions/agkozak-zsh-prompt.plugin.zsh"; - src = pkgs.agkozak-zsh-prompt; - } - ]; + ssh = { + enable = mkEnableOption "notify through SSH/non-graphical connections"; - # Modal editing is life, but CLI benefits from emacs gymnastics - defaultKeymap = "emacs"; - - # Make those happen early to avoid doing double the work - initExtraFirst = '' - ${ - lib.optionalString cfg.launchTmux '' - # Launch tmux unless already inside one - if [ -z "$TMUX" ]; then - exec tmux new-session - fi - '' - } - ''; - - initExtra = '' - source ${./completion-styles.zsh} - source ${./extra-mappings.zsh} - source ${./options.zsh} - - # Source local configuration - if [ -f "$ZDOTDIR/zshrc.local" ]; then - source "$ZDOTDIR/zshrc.local" - fi - ''; - - localVariables = { - # I like having the full path - AGKOZAK_PROMPT_DIRTRIM = 0; - # Because I *am* from EPITA - AGKOZAK_PROMPT_CHAR = [ "42sh$" "42sh#" ":" ]; - # Easy on the eyes - AGKOZAK_COLORS_BRANCH_STATUS = "magenta"; - # I don't like moving my eyes - AGKOZAK_LEFT_PROMPT_ONLY = 1; + useOsc777 = lib.my.mkDisableOption "use OSC-777 for notifications"; }; - - # Enable VTE integration - enableVteIntegration = true; }; }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + zsh-completions + ]; + + programs.zsh = { + enable = true; + dotDir = "${relativeXdgConfig}/zsh"; # Don't clutter $HOME + enableCompletion = true; + + history = { + size = 500000; + save = 500000; + extended = true; + expireDuplicatesFirst = true; + ignoreSpace = true; + ignoreDups = true; + share = false; + path = "${config.xdg.dataHome}/zsh/zsh_history"; + }; + + plugins = [ + { + name = "fast-syntax-highlighting"; + file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh"; + src = pkgs.zsh-fast-syntax-highlighting; + } + { + name = "agkozak-zsh-prompt"; + file = "share/zsh/site-functions/agkozak-zsh-prompt.plugin.zsh"; + src = pkgs.agkozak-zsh-prompt; + } + ]; + + # Modal editing is life, but CLI benefits from emacs gymnastics + defaultKeymap = "emacs"; + + # Make those happen early to avoid doing double the work + initExtraFirst = lib.mkBefore '' + ${ + lib.optionalString cfg.launchTmux '' + # Launch tmux unless already inside one + if [ -z "$TMUX" ]; then + exec tmux new-session + fi + '' + } + ''; + + initExtra = lib.mkAfter '' + source ${./completion-styles.zsh} + source ${./extra-mappings.zsh} + source ${./options.zsh} + + # Source local configuration + if [ -f "$ZDOTDIR/zshrc.local" ]; then + source "$ZDOTDIR/zshrc.local" + fi + ''; + + localVariables = { + # I like having the full path + AGKOZAK_PROMPT_DIRTRIM = 0; + # Because I *am* from EPITA + AGKOZAK_PROMPT_CHAR = [ "42sh$" "42sh#" ":" ]; + # Easy on the eyes + AGKOZAK_COLORS_BRANCH_STATUS = "magenta"; + # I don't like moving my eyes + AGKOZAK_LEFT_PROMPT_ONLY = 1; + }; + + # Enable VTE integration + enableVteIntegration = true; + }; + } + + (lib.mkIf cfg.notify.enable { + programs.zsh = { + plugins = [ + { + name = "zsh-done"; + file = "share/zsh/site-functions/done.plugin.zsh"; + src = pkgs.ambroisie.zsh-done; + } + ]; + + # `localVariables` values don't get merged correctly due to their type, + # don't use `mkIf` + localVariables = { + DONE_EXCLUDE = + let + joined = lib.concatMapStringsSep "|" (c: "(${c})") cfg.notify.exclude; + in + ''^\s*(${joined})''; + } + # Enable `zsh-done` through SSH, if configured + // lib.optionalAttrs cfg.notify.ssh.enable { + DONE_ALLOW_NONGRAPHICAL = 1; + }; + + # Use OSC-777 to send the notification through SSH + initExtra = lib.mkIf cfg.notify.ssh.useOsc777 '' + done_send_notification() { + local exit_status="$1" + local title="$2" + local message="$3" + + ${lib.getExe pkgs.ambroisie.osc777} "$title" "$message" + } + ''; + }; + }) + ]); } diff --git a/modules/nixos/hardware/bluetooth/default.nix b/modules/nixos/hardware/bluetooth/default.nix index 2d840f9..c019b31 100644 --- a/modules/nixos/hardware/bluetooth/default.nix +++ b/modules/nixos/hardware/bluetooth/default.nix @@ -25,8 +25,8 @@ in package = pkgs.pulseaudioFull; }; - environment.etc = { - "wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = '' + services.pipewire.wireplumber.configPackages = [ + (pkgs.writeTextDir "share/wireplumber/bluetooth.lua.d/51-bluez-config.lua" '' bluez_monitor.properties = { -- SBC XQ provides better audio ["bluez5.enable-sbc-xq"] = true, @@ -40,8 +40,8 @@ in -- FIXME: Some devices may now support both hsp_ag and hfp_ag ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]" } - ''; - }; + '') + ]; }) # Support for A2DP audio profile diff --git a/modules/nixos/hardware/default.nix b/modules/nixos/hardware/default.nix index 2a686f7..8e125ca 100644 --- a/modules/nixos/hardware/default.nix +++ b/modules/nixos/hardware/default.nix @@ -6,9 +6,10 @@ ./bluetooth ./ergodox ./firmware - ./mx-ergo + ./graphics ./networking ./sound + ./trackball ./upower ]; } diff --git a/modules/nixos/hardware/graphics/default.nix b/modules/nixos/hardware/graphics/default.nix new file mode 100644 index 0000000..3baac02 --- /dev/null +++ b/modules/nixos/hardware/graphics/default.nix @@ -0,0 +1,75 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.my.hardware.graphics; +in +{ + options.my.hardware.graphics = with lib; { + enable = mkEnableOption "graphics configuration"; + + gpuFlavor = mkOption { + type = with types; nullOr (enum [ "amd" "intel" ]); + default = null; + example = "intel"; + description = "Which kind of GPU to install driver for"; + }; + + amd = { + enableKernelModule = lib.my.mkDisableOption "Kernel driver module"; + + amdvlk = lib.mkEnableOption "Use AMDVLK instead of Mesa RADV driver"; + }; + + intel = { + enableKernelModule = lib.my.mkDisableOption "Kernel driver module"; + }; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + { + hardware.opengl = { + enable = true; + }; + } + + # AMD GPU + (lib.mkIf (cfg.gpuFlavor == "amd") { + boot.initrd.kernelModules = lib.mkIf cfg.amd.enableKernelModule [ "amdgpu" ]; + + hardware.opengl = { + extraPackages = with pkgs; [ + # OpenCL + rocmPackages.clr + rocmPackages.clr.icd + ] + ++ lib.optional cfg.amd.amdvlk amdvlk + ; + + extraPackages32 = with pkgs; [ + ] + ++ lib.optional cfg.amd.amdvlk driversi686Linux.amdvlk + ; + }; + }) + + # Intel GPU + (lib.mkIf (cfg.gpuFlavor == "intel") { + boot.initrd.kernelModules = lib.mkIf cfg.intel.enableKernelModule [ "i915" ]; + + environment.variables = { + VDPAU_DRIVER = "va_gl"; + }; + + hardware.opengl = { + extraPackages = with pkgs; [ + # Open CL + intel-compute-runtime + + # VA API + intel-media-driver + intel-vaapi-driver + libvdpau-va-gl + ]; + }; + }) + ]); +} diff --git a/modules/nixos/hardware/mx-ergo/default.nix b/modules/nixos/hardware/trackball/default.nix similarity index 79% rename from modules/nixos/hardware/mx-ergo/default.nix rename to modules/nixos/hardware/trackball/default.nix index e4e55a1..7a99247 100644 --- a/modules/nixos/hardware/mx-ergo/default.nix +++ b/modules/nixos/hardware/trackball/default.nix @@ -1,11 +1,11 @@ # Hold down the `next page` button to scroll using the ball { config, lib, ... }: let - cfg = config.my.hardware.mx-ergo; + cfg = config.my.hardware.trackball; in { - options.my.hardware.mx-ergo = with lib; { - enable = mkEnableOption "MX Ergo configuration"; + options.my.hardware.trackball = with lib; { + enable = mkEnableOption "trackball configuration"; }; config = lib.mkIf cfg.enable { @@ -13,6 +13,7 @@ in # This section must be *after* the one configured by `libinput` # for the `ScrollMethod` configuration to not be overriden inputClassSections = lib.mkAfter [ + # MX Ergo '' Identifier "MX Ergo scroll button configuration" MatchProduct "MX Ergo" diff --git a/modules/nixos/profiles/devices/default.nix b/modules/nixos/profiles/devices/default.nix index 7dbd299..7a84bd2 100644 --- a/modules/nixos/profiles/devices/default.nix +++ b/modules/nixos/profiles/devices/default.nix @@ -11,7 +11,7 @@ in my.hardware = { ergodox.enable = true; - mx-ergo.enable = true; + trackball.enable = true; }; # MTP devices auto-mount via file explorers diff --git a/modules/nixos/services/aria/default.nix b/modules/nixos/services/aria/default.nix new file mode 100644 index 0000000..2d1b3e2 --- /dev/null +++ b/modules/nixos/services/aria/default.nix @@ -0,0 +1,76 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.my.services.aria; +in +{ + options.my.services.aria = with lib; { + enable = mkEnableOption ""; + + rpcSecretFile = mkOption { + type = types.str; + example = "/run/secrets/aria-secret.txt"; + description = '' + File containing the RPC secret. + ''; + }; + + rpcPort = mkOption { + type = types.port; + default = 6800; + example = 8080; + description = "RPC port"; + }; + + downloadDir = mkOption { + type = types.str; + default = "/data/downloads"; + example = "/var/lib/transmission/download"; + description = "Download directory"; + }; + }; + + config = lib.mkIf cfg.enable { + services.aria2 = { + enable = true; + + inherit (cfg) downloadDir rpcSecretFile; + + rpcListenPort = cfg.rpcPort; + openPorts = false; # I don't want to expose the RPC port + }; + + # Expose DHT ports + networking.firewall = { + # FIXME: check for overlap? + allowedUDPPortRanges = config.services.aria2.listenPortRange; + }; + + # Set-up media group + users.groups.media = { }; + + systemd.services.aria2 = { + serviceConfig = { + Group = lib.mkForce "media"; # Use 'media' group + }; + }; + + my.services.nginx.virtualHosts = { + aria = { + root = "${pkgs.ariang}/share/ariang"; + # For paranoia, don't allow anybody to use the UI unauthenticated + sso = { + enable = true; + }; + }; + aria-rpc = { + port = cfg.rpcPort; + # Proxy websockets for RPC + extraConfig = { + locations."/".proxyWebsockets = true; + }; + }; + }; + + # NOTE: unfortunately aria2 does not log connection failures for fail2ban + }; +} diff --git a/modules/nixos/services/backup/default.nix b/modules/nixos/services/backup/default.nix index ff0fc7f..8aeeae1 100644 --- a/modules/nixos/services/backup/default.nix +++ b/modules/nixos/services/backup/default.nix @@ -89,6 +89,16 @@ in }; config = lib.mkIf cfg.enable { + # Essential files which should always be backed up + my.services.backup.paths = lib.flatten [ + # Should be unique to a given host, used by some software (e.g: ZFS) + "/etc/machine-id" + # Contains the UID/GID map, and other useful state + "/var/lib/nixos" + # SSH host keys (and public keys for convenience) + (builtins.map (key: [ key.path "${key.path}.pub" ]) config.services.openssh.hostKeys) + ]; + services.restic.backups.backblaze = { # Take care of included and excluded files paths = cfg.paths; diff --git a/modules/nixos/services/blog/default.nix b/modules/nixos/services/blog/default.nix index 4b646c3..e4d2d42 100644 --- a/modules/nixos/services/blog/default.nix +++ b/modules/nixos/services/blog/default.nix @@ -5,11 +5,10 @@ let domain = config.networking.domain; makeHostInfo = subdomain: { - inherit subdomain; root = "/var/www/${subdomain}"; }; - hostsInfo = map makeHostInfo [ "cv" "dev" "key" ]; + hostsInfo = lib.flip lib.genAttrs makeHostInfo [ "cv" "dev" "key" ]; in { options.my.services.blog = { @@ -36,7 +35,7 @@ in useACMEHost = domain; default = true; - locations."/".return = "302 https://belanyi.fr$request_uri"; + locations."/".return = "302 https://${domain}$request_uri"; }; }; diff --git a/modules/nixos/services/calibre-web/default.nix b/modules/nixos/services/calibre-web/default.nix index 858851c..b7bf9df 100644 --- a/modules/nixos/services/calibre-web/default.nix +++ b/modules/nixos/services/calibre-web/default.nix @@ -40,12 +40,11 @@ in # Set-up media group users.groups.media = { }; - my.services.nginx.virtualHosts = [ - { - subdomain = "library"; + my.services.nginx.virtualHosts = { + library = { inherit (cfg) port; - } - ]; + }; + }; my.services.backup = { paths = [ diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index b27570d..3b32d06 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -3,18 +3,21 @@ { imports = [ ./adblock + ./aria ./backup ./blog ./calibre-web ./drone ./fail2ban ./flood + ./forgejo ./gitea ./grocy ./indexers ./jellyfin ./lohr ./matrix + ./mealie ./miniflux ./monitoring ./navidrome @@ -26,6 +29,7 @@ ./podgrab ./postgresql ./postgresql-backup + ./pyload ./quassel ./rss-bridge ./sabnzbd diff --git a/modules/nixos/services/drone/server/default.nix b/modules/nixos/services/drone/server/default.nix index 0f56d29..a3a1e49 100644 --- a/modules/nixos/services/drone/server/default.nix +++ b/modules/nixos/services/drone/server/default.nix @@ -41,17 +41,14 @@ in ensureDatabases = [ "drone" ]; ensureUsers = [{ name = "drone"; - ensurePermissions = { - "DATABASE drone" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; }]; }; - my.services.nginx.virtualHosts = [ - { - subdomain = "drone"; + my.services.nginx.virtualHosts = { + drone = { inherit (cfg) port; - } - ]; + }; + }; }; } diff --git a/modules/nixos/services/flood/default.nix b/modules/nixos/services/flood/default.nix index ff5d941..155e73d 100644 --- a/modules/nixos/services/flood/default.nix +++ b/modules/nixos/services/flood/default.nix @@ -40,11 +40,10 @@ in }; }; - my.services.nginx.virtualHosts = [ - { - subdomain = "flood"; + my.services.nginx.virtualHosts = { + flood = { inherit (cfg) port; - } - ]; + }; + }; }; } diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix new file mode 100644 index 0000000..0f3dfc5 --- /dev/null +++ b/modules/nixos/services/forgejo/default.nix @@ -0,0 +1,162 @@ +# A low-ressource, full-featured git forge. +{ config, lib, ... }: +let + cfg = config.my.services.forgejo; +in +{ + options.my.services.forgejo = with lib; { + enable = mkEnableOption "Forgejo"; + port = mkOption { + type = types.port; + default = 3042; + example = 8080; + description = "Internal port"; + }; + mail = { + enable = mkEnableOption { + description = "mailer configuration"; + }; + host = mkOption { + type = types.str; + example = "smtp.example.com"; + description = "Host for the mail account"; + }; + port = mkOption { + type = types.port; + default = 465; + example = 587; + description = "Port for the mail account"; + }; + user = mkOption { + type = types.str; + example = "forgejo@example.com"; + description = "User for the mail account"; + }; + passwordFile = mkOption { + type = types.str; + example = "/run/secrets/forgejo-mail-password.txt"; + description = "Password for the mail account"; + }; + protocol = mkOption { + type = types.str; + default = "smtps"; + example = "smtp"; + description = "Protocol for connection"; + }; + }; + }; + + config = lib.mkIf cfg.enable { + assertions = [ + { + assertion = cfg.enable -> !config.my.services.gitea.enable; + message = '' + `config.my.services.forgejo` is incompatible with + `config.my.services.gitea`. + ''; + } + ]; + + services.forgejo = + let + inherit (config.networking) domain; + forgejoDomain = "git.${domain}"; + in + { + enable = true; + + user = "git"; + group = "git"; + + lfs.enable = true; + + useWizard = false; + + database = { + type = "postgres"; # Automatic setup + user = "git"; # User needs to be the same as forgejo user + name = "git"; # Name must be the same as user for `ensureDBOwnership` + }; + + # NixOS module uses `forgejo dump` to backup repositories and the database, + # but it produces a single .zip file that's not very backup friendly. + # I configure my backup system manually below. + dump.enable = false; + + mailerPasswordFile = lib.mkIf cfg.mail.enable cfg.mail.passwordFile; + + settings = { + DEFAULT = { + APP_NAME = "Ambroisie's forge"; + }; + + server = { + HTTP_PORT = cfg.port; + DOMAIN = forgejoDomain; + ROOT_URL = "https://${forgejoDomain}"; + }; + + mailer = lib.mkIf cfg.mail.enable { + ENABLED = true; + SMTP_ADDR = cfg.mail.host; + SMTP_PORT = cfg.mail.port; + FROM = "Forgejo <${cfg.mail.user}>"; + USER = cfg.mail.user; + PROTOCOL = cfg.mail.protocol; + }; + + service = { + DISABLE_REGISTRATION = true; + }; + + session = { + # only send cookies via HTTPS + COOKIE_SECURE = true; + }; + }; + }; + + users.users.git = { + description = "Forgejo Service"; + home = config.services.forgejo.stateDir; + useDefaultShell = true; + group = "git"; + isSystemUser = true; + }; + users.groups.git = { }; + + my.services.nginx.virtualHosts = { + # Proxy to Forgejo + git = { + inherit (cfg) port; + }; + # Redirect `forgejo.` to actual forge subdomain + forgejo = { + redirect = config.services.forgejo.settings.server.ROOT_URL; + }; + }; + + my.services.backup = { + paths = [ + config.services.forgejo.lfs.contentDir + config.services.forgejo.repositoryRoot + ]; + }; + + services.fail2ban.jails = { + forgejo = '' + enabled = true + filter = forgejo + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/forgejo.conf".text = '' + [Definition] + failregex = ^.*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from $ + journalmatch = _SYSTEMD_UNIT=forgejo.service + ''; + }; + }; +} diff --git a/modules/nixos/services/gitea/default.nix b/modules/nixos/services/gitea/default.nix index 28a448d..212f59c 100644 --- a/modules/nixos/services/gitea/default.nix +++ b/modules/nixos/services/gitea/default.nix @@ -18,9 +18,15 @@ in }; host = mkOption { type = types.str; - example = "smtp.example.com:465"; + example = "smtp.example.com"; description = "Host for the mail account"; }; + port = mkOption { + type = types.port; + default = 465; + example = 587; + description = "Port for the mail account"; + }; user = mkOption { type = types.str; example = "gitea@example.com"; @@ -31,17 +37,11 @@ in example = "/run/secrets/gitea-mail-password.txt"; description = "Password for the mail account"; }; - type = mkOption { + protocol = mkOption { type = types.str; - default = "smtp"; + default = "smtps"; example = "smtp"; - description = "Password for the mail account"; - }; - tls = mkOption { - type = types.bool; - default = true; - example = false; - description = "Use TLS for connection"; + description = "Protocol for connection"; }; }; }; @@ -58,6 +58,8 @@ in appName = "Ambroisie's forge"; user = "git"; + group = "git"; + lfs.enable = true; useWizard = false; @@ -65,6 +67,7 @@ in database = { type = "postgres"; # Automatic setup user = "git"; # User needs to be the same as gitea user + name = "git"; # Name must be the same as user for `ensureDBOwnership` }; # NixOS module uses `gitea dump` to backup repositories and the database, @@ -83,11 +86,11 @@ in mailer = lib.mkIf cfg.mail.enable { ENABLED = true; - HOST = cfg.mail.host; - FROM = cfg.mail.user; + SMTP_ADDR = cfg.mail.host; + SMTP_PORT = cfg.mail.port; + FROM = "Gitea <${cfg.mail.user}>"; USER = cfg.mail.user; - MAILER_TYPE = cfg.mail.type; - IS_TLS_ENABLED = cfg.mail.tls; + PROTOCOL = cfg.mail.protocol; }; service = { @@ -106,27 +109,20 @@ in home = config.services.gitea.stateDir; useDefaultShell = true; group = "git"; - - # The service for gitea seems to hardcode the group as - # gitea, so, uh, just in case? - extraGroups = [ "gitea" ]; - isSystemUser = true; }; users.groups.git = { }; - my.services.nginx.virtualHosts = [ + my.services.nginx.virtualHosts = { # Proxy to Gitea - { - subdomain = "git"; + git = { inherit (cfg) port; - } + }; # Redirect `gitea.` to actual forge subdomain - { - subdomain = "gitea"; + gitea = { redirect = config.services.gitea.settings.server.ROOT_URL; - } - ]; + }; + }; my.services.backup = { paths = [ diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix index fb06a0b..8a42345 100644 --- a/modules/nixos/services/indexers/default.nix +++ b/modules/nixos/services/indexers/default.nix @@ -28,12 +28,11 @@ in }; }; - my.services.nginx.virtualHosts = [ - { - subdomain = "jackett"; + my.services.nginx.virtualHosts = { + jackett = { port = jackettPort; - } - ]; + }; + }; }) (lib.mkIf cfg.nzbhydra.enable { @@ -41,12 +40,11 @@ in enable = true; }; - my.services.nginx.virtualHosts = [ - { - subdomain = "nzbhydra"; + my.services.nginx.virtualHosts = { + nzbhydra = { port = nzbhydraPort; - } - ]; + }; + }; }) (lib.mkIf cfg.prowlarr.enable { @@ -54,12 +52,11 @@ in enable = true; }; - my.services.nginx.virtualHosts = [ - { - subdomain = "prowlarr"; + my.services.nginx.virtualHosts = { + prowlarr = { port = prowlarrPort; - } - ]; + }; + }; services.fail2ban.jails = { prowlarr = '' diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix index 2fcf51e..f5aaa99 100644 --- a/modules/nixos/services/jellyfin/default.nix +++ b/modules/nixos/services/jellyfin/default.nix @@ -17,9 +17,15 @@ in # Set-up media group users.groups.media = { }; - my.services.nginx.virtualHosts = [ - { - subdomain = "jellyfin"; + systemd.services.jellyfin = { + serviceConfig = { + # Loose umask to make Jellyfin metadata more broadly readable + UMask = lib.mkForce "0002"; + }; + }; + + my.services.nginx.virtualHosts = { + jellyfin = { port = 8096; extraConfig = { locations."/" = { @@ -33,7 +39,7 @@ in proxyWebsockets = true; }; }; - } - ]; + }; + }; }; } diff --git a/modules/nixos/services/lohr/default.nix b/modules/nixos/services/lohr/default.nix index 245567c..21ed93b 100644 --- a/modules/nixos/services/lohr/default.nix +++ b/modules/nixos/services/lohr/default.nix @@ -59,21 +59,6 @@ in "LOHR_HOME=${lohrHome}" "LOHR_CONFIG=" ]; - ExecStartPre = lib.mkIf (cfg.sshKeyFile != null) ''+${ - pkgs.writeScript "copy-ssh-key" '' - #!${pkgs.bash}/bin/bash - # Ensure the key is not there - mkdir -p '${lohrHome}/.ssh' - rm -f '${lohrHome}/.ssh/id_ed25519' - - # Move the key into place - cp ${cfg.sshKeyFile} '${lohrHome}/.ssh/id_ed25519' - - # Fix permissions - chown -R lohr:lohr '${lohrHome}/.ssh' - chmod -R 0700 '${lohrHome}/.ssh' - '' - }''; ExecStart = let configFile = settingsFormat.generate "lohr-config.yaml" cfg.setting; @@ -98,11 +83,29 @@ in }; users.groups.lohr = { }; - my.services.nginx.virtualHosts = [ - { - subdomain = "lohr"; + my.services.nginx.virtualHosts = { + lohr = { inherit (cfg) port; - } - ]; + }; + }; + + # SSH key provisioning + systemd.tmpfiles.settings."10-lohr" = lib.mkIf (cfg.sshKeyFile != null) { + "${lohrHome}/.ssh" = { + d = { + user = "lohr"; + group = "lohr"; + mode = "0700"; + }; + }; + "${lohrHome}/.ssh/id_ed25519" = { + "L+" = { + user = "lohr"; + group = "lohr"; + mode = "0700"; + argument = cfg.sshKeyFile; + }; + }; + }; }; } diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 52b60c5..b958f76 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -104,23 +104,22 @@ in extraConfigFiles = [ cfg.mailConfigFile ] ++ lib.optional (cfg.secretFile != null) cfg.secretFile; - - sliding-sync = { - enable = true; - - settings = { - SYNCV3_SERVER = "https://${matrixDomain}"; - SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.slidingSync.port}"; - }; - - environmentFile = cfg.slidingSync.secretFile; - }; }; - my.services.nginx.virtualHosts = [ + services.matrix-sliding-sync = { + enable = true; + + settings = { + SYNCV3_SERVER = "https://${matrixDomain}"; + SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.slidingSync.port}"; + }; + + environmentFile = cfg.slidingSync.secretFile; + }; + + my.services.nginx.virtualHosts = { # Element Web app deployment - { - subdomain = "chat"; + chat = { root = pkgs.element-web.override { conf = { default_server_config = { @@ -145,22 +144,19 @@ in }; }; }; - } + }; # Dummy VHosts for port collision detection - { - subdomain = "matrix-federation"; + matrix-federation = { port = federationPort.private; - } - { - subdomain = "matrix-client"; + }; + matrix-client = { port = clientPort.private; - } + }; # Sliding sync - { - subdomain = "matrix-sync"; + matrix-sync = { inherit (cfg.slidingSync) port; - } - ]; + }; + }; # Those are too complicated to use my wrapper... services.nginx.virtualHosts = { @@ -185,7 +181,7 @@ in # Sliding sync "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = { - proxyPass = "http://${config.services.matrix-synapse.sliding-sync.settings.SYNCV3_BINDADDR}"; + proxyPass = "http://${config.services.matrix-sliding-sync.settings.SYNCV3_BINDADDR}"; }; }; diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix new file mode 100644 index 0000000..55ac376 --- /dev/null +++ b/modules/nixos/services/mealie/default.nix @@ -0,0 +1,79 @@ +{ config, lib, ... }: +let + cfg = config.my.services.mealie; +in +{ + options.my.services.mealie = with lib; { + enable = mkEnableOption "Mealie service"; + + port = mkOption { + type = types.port; + default = 4537; + example = 8080; + description = "Internal port for webui"; + }; + + credentialsFile = mkOption { + type = types.str; + example = "/var/lib/mealie/credentials.env"; + description = '' + Configuration file for secrets. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + services.mealie = { + enable = true; + inherit (cfg) port credentialsFile; + + settings = { + # Basic settings + BASE_URL = "https://mealie.${config.networking.domain}"; + TZ = config.time.timeZone; + ALLOw_SIGNUP = "false"; + + # Use PostgreSQL + DB_ENGINE = "postgres"; + POSTGRES_USER = "mealie"; + POSTGRES_PASSWORD = ""; + POSTGRES_SERVER = "/run/postgresql"; + # Pydantic and/or mealie doesn't handle the URI correctly, hijack it + # with query parameters... + POSTGRES_DB = "mealie?host=/run/postgresql&dbname=mealie"; + }; + }; + + systemd.services = { + mealie = { + after = [ "postgresql.service" ]; + requires = [ "postgresql.service" ]; + }; + }; + + # Set-up database + services.postgresql = { + enable = true; + ensureDatabases = [ "mealie" ]; + ensureUsers = [ + { + name = "mealie"; + ensureDBOwnership = true; + } + ]; + }; + + my.services.nginx.virtualHosts = { + mealie = { + inherit (cfg) port; + + extraConfig = { + # Allow bulk upload of recipes for import/export + locations."/".extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + }; + }; +} diff --git a/modules/nixos/services/miniflux/default.nix b/modules/nixos/services/miniflux/default.nix index 6d9ffc8..5104c8b 100644 --- a/modules/nixos/services/miniflux/default.nix +++ b/modules/nixos/services/miniflux/default.nix @@ -43,11 +43,10 @@ in }; }; - my.services.nginx.virtualHosts = [ - { - subdomain = "reader"; + my.services.nginx.virtualHosts = { + reader = { inherit (cfg) port; - } - ]; + }; + }; }; } diff --git a/modules/nixos/services/monitoring/default.nix b/modules/nixos/services/monitoring/default.nix index 829bfe0..49919c1 100644 --- a/modules/nixos/services/monitoring/default.nix +++ b/modules/nixos/services/monitoring/default.nix @@ -125,11 +125,10 @@ in ]; }; - my.services.nginx.virtualHosts = [ - { - subdomain = "monitoring"; + my.services.nginx.virtualHosts = { + monitoring = { inherit (cfg.grafana) port; - } - ]; + }; + }; }; } diff --git a/modules/nixos/services/navidrome/default.nix b/modules/nixos/services/navidrome/default.nix index 6c001fd..944a97a 100644 --- a/modules/nixos/services/navidrome/default.nix +++ b/modules/nixos/services/navidrome/default.nix @@ -47,11 +47,10 @@ in }; }; - my.services.nginx.virtualHosts = [ - { - subdomain = "music"; + my.services.nginx.virtualHosts = { + music = { inherit (cfg) port; - } - ]; + }; + }; }; } diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index 260e73e..51195df 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -31,7 +31,7 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud27; + package = pkgs.nextcloud28; hostName = "nextcloud.${config.networking.domain}"; home = "/var/lib/nextcloud"; maxUploadSize = cfg.maxSize; @@ -41,7 +41,12 @@ in adminpassFile = cfg.passwordFile; dbtype = "pgsql"; dbhost = "/run/postgresql"; - overwriteProtocol = "https"; # Nginx only allows SSL + }; + + https = true; + + settings = { + overwriteprotocol = "https"; # Nginx only allows SSL }; notify_push = { @@ -57,7 +62,7 @@ in ensureUsers = [ { name = "nextcloud"; - ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; + ensureDBOwnership = true; } ]; }; diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index 6ca2e42..7980ad9 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -5,10 +5,11 @@ let domain = config.networking.domain; - virtualHostOption = with lib; types.submodule { + virtualHostOption = with lib; types.submodule ({ name, ... }: { options = { subdomain = mkOption { type = types.str; + default = name; example = "dev"; description = '' Which subdomain, under config.networking.domain, to use @@ -72,7 +73,7 @@ let ''; }; }; - }; + }); in { imports = [ @@ -97,20 +98,18 @@ in }; virtualHosts = mkOption { - type = types.listOf virtualHostOption; - default = [ ]; + type = types.attrsOf virtualHostOption; + default = { }; example = litteralExample '' - [ - { - subdomain = "gitea"; + { + gitea = { + subdomain = "git"; port = 8080; - } - { - subdomain = "dev"; + }; + dev = { root = "/var/www/dev"; - } - { - subdomain = "jellyfin"; + }; + jellyfin = { port = 8096; extraConfig = { locations."/socket" = { @@ -118,8 +117,8 @@ in proxyWebsockets = true; }; }; - } - ] + }; + } ''; description = '' List of virtual hosts to set-up using default settings. @@ -190,7 +189,7 @@ in config = lib.mkIf cfg.enable { assertions = [ ] - ++ (lib.flip builtins.map cfg.virtualHosts ({ subdomain, ... } @ args: + ++ (lib.flip lib.mapAttrsToList cfg.virtualHosts (_: { subdomain, ... } @ args: let conflicts = [ "port" "root" "socket" "redirect" ]; optionsNotNull = builtins.map (v: args.${v} != null) conflicts; @@ -209,7 +208,7 @@ in ports = lib.my.mapFilter (v: v != null) ({ port, ... }: port) - cfg.virtualHosts; + (lib.attrValues cfg.virtualHosts); portCounts = lib.my.countValues ports; nonUniquesCounts = lib.filterAttrs (_: v: v != 1) portCounts; nonUniques = builtins.attrNames nonUniquesCounts; @@ -221,7 +220,7 @@ in map mkAssertion nonUniques ) ++ ( let - subs = map ({ subdomain, ... }: subdomain) cfg.virtualHosts; + subs = lib.mapAttrsToList (_: { subdomain, ... }: subdomain) cfg.virtualHosts; subsCounts = lib.my.countValues subs; nonUniquesCounts = lib.filterAttrs (_: v: v != 1) subsCounts; nonUniques = builtins.attrNames nonUniquesCounts; @@ -325,7 +324,7 @@ in ]) ); in - lib.my.genAttrs' cfg.virtualHosts mkVHost; + lib.my.genAttrs' (lib.attrValues cfg.virtualHosts) mkVHost; sso = { enable = true; @@ -403,12 +402,11 @@ in }; }; - my.services.nginx.virtualHosts = [ - { - subdomain = "login"; + my.services.nginx.virtualHosts = { + ${cfg.sso.subdomain} = { inherit (cfg.sso) port; - } - ]; + }; + }; networking.firewall.allowedTCPPorts = [ 80 443 ]; diff --git a/modules/nixos/services/nix-cache/default.nix b/modules/nixos/services/nix-cache/default.nix index b3bdbf3..1ce3161 100644 --- a/modules/nixos/services/nix-cache/default.nix +++ b/modules/nixos/services/nix-cache/default.nix @@ -43,11 +43,10 @@ in signKeyPath = cfg.secretKeyFile; }; - my.services.nginx.virtualHosts = [ - { - subdomain = "cache"; + my.services.nginx.virtualHosts = { + cache = { inherit (cfg) port; - } - ]; + }; + }; }; } diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index 1ca1f66..f62879a 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let cfg = config.my.services.paperless; in @@ -52,7 +52,7 @@ in mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath; - extraConfig = + settings = let paperlessDomain = "paperless.${config.networking.domain}"; in @@ -80,6 +80,9 @@ in # Misc PAPERLESS_TIME_ZONE = config.time.timeZone; PAPERLESS_ADMIN_USER = cfg.username; + + # Fix classifier hangs + LD_LIBRARY_PATH = "${lib.getLib pkgs.mkl}/lib"; }; # Admin password @@ -131,7 +134,7 @@ in ensureUsers = [ { name = "paperless"; - ensurePermissions."DATABASE paperless" = "ALL PRIVILEGES"; + ensureDBOwnership = true; } ]; }; @@ -143,9 +146,8 @@ in extraGroups = [ "media" ]; }; - my.services.nginx.virtualHosts = [ - { - subdomain = "paperless"; + my.services.nginx.virtualHosts = { + paperless = { inherit (cfg) port; sso = { enable = true; @@ -155,8 +157,8 @@ in extraConfig = { locations."/".proxyWebsockets = true; }; - } - ]; + }; + }; my.services.backup = { paths = [ diff --git a/modules/nixos/services/pirate/default.nix b/modules/nixos/services/pirate/default.nix index 59f9794..e500b54 100644 --- a/modules/nixos/services/pirate/default.nix +++ b/modules/nixos/services/pirate/default.nix @@ -21,12 +21,11 @@ let }; mkRedirection = service: { - my.services.nginx.virtualHosts = [ - { - subdomain = service; + my.services.nginx.virtualHosts = { + ${service} = { port = ports.${service}; - } - ]; + }; + }; }; mkFail2Ban = service: lib.mkIf cfg.${service}.enable { diff --git a/modules/nixos/services/podgrab/default.nix b/modules/nixos/services/podgrab/default.nix index 9793d60..5ceebb6 100644 --- a/modules/nixos/services/podgrab/default.nix +++ b/modules/nixos/services/podgrab/default.nix @@ -31,11 +31,10 @@ in inherit (cfg) passwordFile port; }; - my.services.nginx.virtualHosts = [ - { - subdomain = "podgrab"; + my.services.nginx.virtualHosts = { + podgrab = { inherit (cfg) port; - } - ]; + }; + }; }; } diff --git a/modules/nixos/services/pyload/default.nix b/modules/nixos/services/pyload/default.nix new file mode 100644 index 0000000..88889bf --- /dev/null +++ b/modules/nixos/services/pyload/default.nix @@ -0,0 +1,58 @@ +{ config, lib, ... }: +let + cfg = config.my.services.pyload; +in +{ + options.my.services.pyload = with lib; { + enable = mkEnableOption "pyload download manager"; + + credentialsFile = mkOption { + type = types.path; + example = "/run/secrets/pyload-credentials.env"; + description = "pyload credentials"; + }; + + downloadDirectory = mkOption { + type = types.str; + default = "/data/downloads/pyload"; + example = "/var/lib/pyload/download"; + description = "Download directory"; + }; + + port = mkOption { + type = types.port; + default = 9093; + example = 8080; + description = "Internal port for webui"; + }; + }; + + config = lib.mkIf cfg.enable { + services.pyload = { + enable = true; + + # Listening on `localhost` leads to 502 with the reverse proxy... + listenAddress = "127.0.0.1"; + + inherit (cfg) + credentialsFile + downloadDirectory + port + ; + + # Use media group when downloading files + group = "media"; + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + pyload = { + inherit (cfg) port; + }; + }; + + # FIXME: fail2ban + }; +} diff --git a/modules/nixos/services/quassel/default.nix b/modules/nixos/services/quassel/default.nix index ec686e1..695f9e0 100644 --- a/modules/nixos/services/quassel/default.nix +++ b/modules/nixos/services/quassel/default.nix @@ -39,7 +39,7 @@ in ensureUsers = [ { name = "quassel"; - ensurePermissions."DATABASE quassel" = "ALL PRIVILEGES"; + ensureDBOwnership = true; } ]; # Insecure, I don't care. diff --git a/modules/nixos/services/sabnzbd/default.nix b/modules/nixos/services/sabnzbd/default.nix index 7ab145f..9e0d9c3 100644 --- a/modules/nixos/services/sabnzbd/default.nix +++ b/modules/nixos/services/sabnzbd/default.nix @@ -18,12 +18,11 @@ in # Set-up media group users.groups.media = { }; - my.services.nginx.virtualHosts = [ - { - subdomain = "sabnzbd"; + my.services.nginx.virtualHosts = { + sabnzbd = { inherit port; - } - ]; + }; + }; services.fail2ban.jails = { sabnzbd = '' diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix index 83177c8..48ad7a8 100644 --- a/modules/nixos/services/tandoor-recipes/default.nix +++ b/modules/nixos/services/tandoor-recipes/default.nix @@ -65,16 +65,22 @@ in ensureUsers = [ { name = "tandoor_recipes"; - ensurePermissions."DATABASE tandoor_recipes" = "ALL PRIVILEGES"; + ensureDBOwnership = true; } ]; }; - my.services.nginx.virtualHosts = [ - { - subdomain = "recipes"; + my.services.nginx.virtualHosts = { + recipes = { inherit (cfg) port; - } - ]; + + extraConfig = { + # Allow bulk upload of recipes for import/export + locations."/".extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + }; }; } diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index 28df477..aeb88b7 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -80,12 +80,11 @@ in # Default transmission webui, I prefer combustion but its development # seems to have stalled - my.services.nginx.virtualHosts = [ - { - subdomain = "transmission"; + my.services.nginx.virtualHosts = { + transmission = { inherit (cfg) port; - } - ]; + }; + }; networking.firewall = { allowedTCPPorts = [ cfg.peerPort ]; diff --git a/modules/nixos/services/vikunja/default.nix b/modules/nixos/services/vikunja/default.nix index 1cdef5f..6e7700f 100644 --- a/modules/nixos/services/vikunja/default.nix +++ b/modules/nixos/services/vikunja/default.nix @@ -30,8 +30,6 @@ in frontendScheme = "https"; frontendHostname = vikunjaDomain; - setupNginx = false; - database = { type = "postgres"; user = "vikunja"; @@ -59,31 +57,13 @@ in }; # This is a weird setup - my.services.nginx.virtualHosts = [ - { - inherit subdomain; - # Serve the root for the web-ui - root = config.services.vikunja.package-frontend; + my.services.nginx.virtualHosts = { + ${subdomain} = { + socket = socketPath; + }; + }; - extraConfig = { - locations = { - "/" = { - tryFiles = "try_files $uri $uri/ /"; - }; - - # Serve the API through a UNIX socket - "~* ^/(api|dav|\\.well-known)/" = { - proxyPass = "http://unix:${socketPath}"; - extraConfig = '' - client_max_body_size 20M; - ''; - }; - }; - }; - } - ]; - - systemd.services.vikunja-api = { + systemd.services.vikunja = { serviceConfig = { # Use a system user to simplify using the CLI DynamicUser = lib.mkForce false; @@ -109,7 +89,7 @@ in ensureUsers = [ { name = "vikunja"; - ensurePermissions = { "DATABASE vikunja" = "ALL PRIVILEGES"; }; + ensureDBOwnership = true; } ]; }; diff --git a/modules/nixos/services/wireguard/default.nix b/modules/nixos/services/wireguard/default.nix index fc5518d..a76e424 100644 --- a/modules/nixos/services/wireguard/default.nix +++ b/modules/nixos/services/wireguard/default.nix @@ -13,7 +13,7 @@ let porthos = { clientNum = 1; publicKey = "PLdgsizztddri0LYtjuNHr5r2E8D+yI+gM8cm5WDfHQ="; - externalIp = "91.121.177.163"; + externalIp = "37.187.146.15"; }; # "Clients" @@ -100,6 +100,8 @@ in options.my.services.wireguard = with lib; { enable = mkEnableOption "Wireguard VPN service"; + simpleManagement = my.mkDisableOption "manage units without password prompts"; + startAtBoot = mkEnableOption '' Should the VPN service be started at boot. Must be true for the server to work reliably. @@ -261,5 +263,36 @@ in (lib.mkIf (cfg.internal.enable && !cfg.internal.startAtBoot) { systemd.services."wg-quick-${cfg.internal.name}".wantedBy = lib.mkForce [ ]; }) + + # Make systemd shut down one service when starting the other + (lib.mkIf (cfg.internal.enable) { + systemd.services."wg-quick-${cfg.iface}" = { + conflicts = [ "wg-quick-${cfg.internal.name}.service" ]; + after = [ "wg-quick-${cfg.internal.name}.service" ]; + }; + systemd.services."wg-quick-${cfg.internal.name}" = { + conflicts = [ "wg-quick-${cfg.iface}.service" ]; + after = [ "wg-quick-${cfg.iface}.service" ]; + }; + }) + + # Make it possible to manage those units without using passwords, for admins + (lib.mkIf cfg.simpleManagement { + environment.etc."polkit-1/rules.d/50-wg-quick.rules".text = '' + polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.systemd1.manage-units") { + var unit = action.lookup("unit") + if (unit == "wg-quick-${cfg.iface}.service" || unit == "wg-quick-${cfg.internal.name}.service") { + var verb = action.lookup("verb"); + if (verb == "start" || verb == "stop" || verb == "restart") { + if (subject.isInGroup("wheel")) { + return polkit.Result.YES; + } + } + } + } + }); + ''; + }) ]); } diff --git a/modules/nixos/services/woodpecker/default.nix b/modules/nixos/services/woodpecker/default.nix index 34ffca6..012eaae 100644 --- a/modules/nixos/services/woodpecker/default.nix +++ b/modules/nixos/services/woodpecker/default.nix @@ -8,6 +8,12 @@ options.my.services.woodpecker = with lib; { enable = mkEnableOption "Woodpecker CI"; + forge = mkOption { + type = types.enum [ "gitea" "forgejo" ]; + default = "forgejo"; + example = "gitea"; + description = "Which Forge to connect to"; + }; runners = mkOption { type = with types; listOf (enum [ "exec" "docker" ]); default = [ ]; diff --git a/modules/nixos/services/woodpecker/server/default.nix b/modules/nixos/services/woodpecker/server/default.nix index d9f723b..adf533e 100644 --- a/modules/nixos/services/woodpecker/server/default.nix +++ b/modules/nixos/services/woodpecker/server/default.nix @@ -17,7 +17,7 @@ in WOODPECKER_GRPC_ADDR = ":${toString cfg.rpcPort}"; WOODPECKER_GITEA = "true"; - WOODPECKER_GITEA_URL = config.services.gitea.settings.server.ROOT_URL; + WOODPECKER_GITEA_URL = config.services.${cfg.forge}.settings.server.ROOT_URL; WOODPECKER_LOG_LEVEL = "debug"; }; @@ -48,22 +48,18 @@ in ensureDatabases = [ "woodpecker" ]; ensureUsers = [{ name = "woodpecker"; - ensurePermissions = { - "DATABASE woodpecker" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; }]; }; - my.services.nginx.virtualHosts = [ - { - subdomain = "woodpecker"; + my.services.nginx.virtualHosts = { + woodpecker = { inherit (cfg) port; - } + }; # I might want to be able to RPC from other hosts in the future - { - subdomain = "woodpecker-rpc"; + woodpecker-rpc = { port = cfg.rpcPort; - } - ]; + }; + }; }; } diff --git a/modules/nixos/system/default.nix b/modules/nixos/system/default.nix index e7a4dd3..e6fb25b 100644 --- a/modules/nixos/system/default.nix +++ b/modules/nixos/system/default.nix @@ -10,6 +10,7 @@ ./nix ./packages ./podman + ./polkit ./printing ./users ]; diff --git a/modules/nixos/system/nix/default.nix b/modules/nixos/system/nix/default.nix index 47d6499..ad13539 100644 --- a/modules/nixos/system/nix/default.nix +++ b/modules/nixos/system/nix/default.nix @@ -56,6 +56,8 @@ in settings = { experimental-features = [ "nix-command" "flakes" ]; + # Trusted users are equivalent to root, and might as well allow wheel + trusted-users = [ "root" "@wheel" ]; }; }; } diff --git a/modules/nixos/system/polkit/default.nix b/modules/nixos/system/polkit/default.nix new file mode 100644 index 0000000..1e5b573 --- /dev/null +++ b/modules/nixos/system/polkit/default.nix @@ -0,0 +1,16 @@ +# Polkit settings +{ config, lib, ... }: +let + cfg = config.my.system.polkit; +in +{ + options.my.system.polkit = with lib; { + enable = my.mkDisableOption "polkit configuration"; + }; + + config = lib.mkIf cfg.enable { + security.polkit = { + enable = true; + }; + }; +} diff --git a/modules/nixos/system/printing/default.nix b/modules/nixos/system/printing/default.nix index a4547ef..0dfab0f 100644 --- a/modules/nixos/system/printing/default.nix +++ b/modules/nixos/system/printing/default.nix @@ -63,7 +63,7 @@ in enable = true; openFirewall = true; # Allow resolution of '.local' addresses - nssmdns = true; + nssmdns4 = true; }; }; } diff --git a/overlays/gruvbox-nvim-better-diff/colours.patch b/overlays/gruvbox-nvim-better-diff/colours.patch deleted file mode 100644 index 5b0d61a..0000000 --- a/overlays/gruvbox-nvim-better-diff/colours.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 416b3c9c5e783d173ac0fd5310a76c1b144b92c1 Mon Sep 17 00:00:00 2001 -From: eeeXun -Date: Thu, 19 Oct 2023 02:34:12 +0800 -Subject: Use better diff colours - ---- - README.md | 3 ++- - lua/gruvbox.lua | 7 ++++--- - 2 files changed, 6 insertions(+), 4 deletions(-) - -diff --git a/lua/gruvbox.lua b/lua/gruvbox.lua -index ceba0735..a319fc6a 100644 ---- a/lua/gruvbox.lua -+++ b/lua/gruvbox.lua -@@ -360,9 +361,9 @@ local function get_groups() - PmenuSel = { fg = colors.bg2, bg = colors.blue, bold = config.bold }, - PmenuSbar = { bg = colors.bg2 }, - PmenuThumb = { bg = colors.bg4 }, -- DiffDelete = { bg = colors.dark_red }, -- DiffAdd = { bg = colors.dark_green }, -- DiffChange = { bg = colors.dark_aqua }, -- DiffText = { bg = colors.yellow, fg = colors.bg0 }, -+ DiffDelete = { fg = colors.red }, -+ DiffAdd = { fg = colors.green }, -+ DiffChange = { fg = colors.aqua }, -+ DiffText = { fg = colors.yellow, bg = colors.bg0 }, - SpellCap = { link = "GruvboxBlueUnderline" }, - SpellBad = { link = "GruvboxRedUnderline" }, diff --git a/overlays/gruvbox-nvim-better-diff/generated.nix b/overlays/gruvbox-nvim-better-diff/generated.nix deleted file mode 100644 index 50ea4ad..0000000 --- a/overlays/gruvbox-nvim-better-diff/generated.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ vimUtils, fetchFromGitHub }: - -_final: _prev: { - gruvbox-nvim = vimUtils.buildVimPlugin { - pname = "gruvbox.nvim"; - version = "2023-10-07"; - - src = fetchFromGitHub { - owner = "ellisonleao"; - repo = "gruvbox.nvim"; - rev = "477c62493c82684ed510c4f70eaf83802e398898"; - sha256 = "0250c24c6n6yri48l288irdawhqs16qna3y74rdkgjd2jvh66vdm"; - }; - - patches = [ - # Inspired by https://github.com/ellisonleao/gruvbox.nvim/pull/291 - ./colours.patch - ]; - - meta = { - homepage = "https://github.com/ellisonleao/gruvbox.nvim/"; - }; - }; -} diff --git a/overlays/gruvbox-nvim-better-diff/default.nix b/overlays/gruvbox-nvin-expose-palette/default.nix similarity index 100% rename from overlays/gruvbox-nvim-better-diff/default.nix rename to overlays/gruvbox-nvin-expose-palette/default.nix diff --git a/overlays/gruvbox-nvin-expose-palette/generated.nix b/overlays/gruvbox-nvin-expose-palette/generated.nix new file mode 100644 index 0000000..c52ad04 --- /dev/null +++ b/overlays/gruvbox-nvin-expose-palette/generated.nix @@ -0,0 +1,14 @@ +{ fetchpatch, ... }: + +_final: prev: { + gruvbox-nvim = prev.gruvbox-nvim.overrideAttrs (oa: { + patches = (oa.patches or [ ]) ++ [ + # https://github.com/ellisonleao/gruvbox.nvim/pull/319 + (fetchpatch { + name = "expose-color-palette.patch"; + url = "https://github.com/ellisonleao/gruvbox.nvim/commit/07a493ba4f8b650aab9ed9e486caa89822be0996.patch"; + hash = "sha256-iGwt8qIHe2vaiAUcpaUxyGlM472F89vobTdQ7CF/H70="; + }) + ]; + }); +} diff --git a/overlays/tandoor-recipes-bump-allauth/bump-allauth.patch b/overlays/tandoor-recipes-bump-allauth/bump-allauth.patch deleted file mode 100644 index 84dfaee..0000000 --- a/overlays/tandoor-recipes-bump-allauth/bump-allauth.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 8f66f5c3ca61751a80cc133ff4c59019d6fca406 Mon Sep 17 00:00:00 2001 -From: Bruno BELANYI -Date: Tue, 31 Oct 2023 12:15:30 +0000 -Subject: [PATCH] Bump django-allauth from 0.54.0 to 0.58.1 - -See the backwards incompatible changes [1]. - -[1]: https://docs.allauth.org/en/latest/release-notes/recent.html#id10 ---- - recipes/settings.py | 1 + - requirements.txt | 2 +- - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/recipes/settings.py b/recipes/settings.py -index df2c2b1de..b836ea656 100644 ---- a/recipes/settings.py -+++ b/recipes/settings.py -@@ -218,6 +218,7 @@ - 'django.middleware.locale.LocaleMiddleware', - 'django.middleware.clickjacking.XFrameOptionsMiddleware', - 'cookbook.helper.scope_middleware.ScopeMiddleware', -+ 'allauth.account.middleware.AccountMiddleware', - ] - - if DEBUG_TOOLBAR: -diff --git a/requirements.txt b/requirements.txt -index 26d81b471..09ed2381a 100644 ---- a/requirements.txt -+++ b/requirements.txt -@@ -29,7 +29,7 @@ microdata==0.8.0 - Jinja2==3.1.2 - django-webpack-loader==1.8.1 - git+https://github.com/BITSOLVER/django-js-reverse@071e304fd600107bc64bbde6f2491f1fe049ec82 --django-allauth==0.54.0 -+django-allauth==0.58.1 - recipe-scrapers==14.36.1 - django-scopes==2.0.0 - pytest==7.3.1 diff --git a/overlays/tandoor-recipes-bump-allauth/default.nix b/overlays/tandoor-recipes-bump-allauth/default.nix deleted file mode 100644 index dfbfec9..0000000 --- a/overlays/tandoor-recipes-bump-allauth/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -_self: prev: -{ - tandoor-recipes = prev.tandoor-recipes.overrideAttrs (oa: { - patches = (oa.patches or [ ]) ++ [ - # https://github.com/TandoorRecipes/recipes/pull/2706 - ./bump-allauth.patch - ]; - }); -} diff --git a/pkgs/bt-migrate/default.nix b/pkgs/bt-migrate/default.nix new file mode 100644 index 0000000..df99c55 --- /dev/null +++ b/pkgs/bt-migrate/default.nix @@ -0,0 +1,61 @@ +{ lib +, boost +, cmake +, cxxopts +, digestpp +, fetchFromGitHub +, fmt +, jsoncons +, pugixml +, sqlite_orm +, stdenv +}: +stdenv.mkDerivation { + pname = "bt-migrate"; + version = "0-unstable-2023-08-17"; + + src = fetchFromGitHub { + owner = "mikedld"; + repo = "bt-migrate"; + rev = "e15a489c0c76f98355586ebbee08223af4e9bf50"; + hash = "sha256-kA6yxhbIh3ThmgF8Zyoe3I79giLVmdNr9IIrw5Xx4s0="; + }; + + nativeBuildInputs = [ + cmake + ]; + + buildInputs = [ + boost + cxxopts + fmt + jsoncons + pugixml + sqlite_orm + ]; + + cmakeFlags = [ + (lib.strings.cmakeBool "USE_VCPKG" false) + # NOTE: digestpp does not have proper CMake packaging (yet?) + (lib.strings.cmakeBool "USE_FETCHCONTENT" true) + (lib.strings.cmakeFeature "FETCHCONTENT_SOURCE_DIR_DIGESTPP" "${digestpp}/include/digestpp") + ]; + + # NOTE: no install target in CMake... + installPhase = '' + runHook preInstall + + mkdir -p $out/bin + cp BtMigrate $out/bin + + runHook postInstall + ''; + + meta = with lib; { + description = "Torrent state migration tool"; + homepage = "https://github.com/mikedld/bt-migrate"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ ambroisie ]; + mainProgram = "BtMigrate"; + }; +} diff --git a/pkgs/default.nix b/pkgs/default.nix index 664b5a4..e82a90c 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,5 +1,7 @@ { pkgs }: pkgs.lib.makeScope pkgs.newScope (pkgs: { + bt-migrate = pkgs.callPackage ./bt-migrate { }; + bw-pass = pkgs.callPackage ./bw-pass { }; change-audio = pkgs.callPackage ./change-audio { }; @@ -10,14 +12,12 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: { diff-flake = pkgs.callPackage ./diff-flake { }; + digestpp = pkgs.callPackage ./digestpp { }; + dragger = pkgs.callPackage ./dragger { }; drone-rsync = pkgs.callPackage ./drone-rsync { }; - drone-scp = pkgs.callPackage ./drone-scp { }; - - ff2mpv-go = pkgs.callPackage ./ff2mpv-go { }; - i3-get-window-criteria = pkgs.callPackage ./i3-get-window-criteria { }; lohr = pkgs.callPackage ./lohr { }; @@ -30,13 +30,9 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: { rbw-pass = pkgs.callPackage ./rbw-pass { }; + sqlite_orm = pkgs.callPackage ./sqlite_orm { }; + unbound-zones-adblock = pkgs.callPackage ./unbound-zones-adblock { }; - unified-hosts-lists = pkgs.callPackage ./unified-hosts-lists { }; - - vimix-cursors = pkgs.callPackage ./vimix-cursors { }; - - wifi-qr = pkgs.callPackage ./wifi-qr { }; - zsh-done = pkgs.callPackage ./zsh-done { }; }) diff --git a/pkgs/digestpp/default.nix b/pkgs/digestpp/default.nix new file mode 100644 index 0000000..2fd90db --- /dev/null +++ b/pkgs/digestpp/default.nix @@ -0,0 +1,31 @@ +{ lib +, fetchFromGitHub +, stdenv +}: +stdenv.mkDerivation { + pname = "digestpp"; + version = "0-unstable-2023-11-07"; + + src = fetchFromGitHub { + owner = "kerukuro"; + repo = "digestpp"; + rev = "ebb699402c244e22c3aff61d2239bcb2e87b8ef8"; + hash = "sha256-9X/P7DgZB6bSYjQWRli4iAXEFjhmACOVv3EYQrXuH5c="; + }; + + installPhase = '' + runHook preInstall + + mkdir -p $out/include/digestpp + cp -r *.hpp algorithm/ detail/ $out/include/digestpp + + runHook postInstall + ''; + + meta = with lib; { + description = "C++11 header-only message digest library"; + homepage = "https://github.com/kerukuro/digestpp"; + license = licenses.unlicense; + maintainers = with maintainers; [ ambroisie ]; + }; +} diff --git a/pkgs/drone-scp/default.nix b/pkgs/drone-scp/default.nix deleted file mode 100644 index 7437b06..0000000 --- a/pkgs/drone-scp/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ lib, buildGoModule, fetchFromGitHub }: -buildGoModule rec { - pname = "drone-scp"; - version = "1.6.3"; - - src = fetchFromGitHub { - owner = "appleboy"; - repo = "drone-scp"; - rev = "v${version}"; - hash = "sha256-ELjPqoRR4O6gmc/PgthQuSXuSTQNzBZoAUT80zVVbV0="; - }; - - vendorHash = "sha256-/c103hTJ/Qdz2KTkdl/ACvAaSSTKcl1DQY3+Us6OxaI="; - - doCheck = false; # Needs a specific user... - - meta = with lib; { - description = '' - Copy files and artifacts via SSH using a binary, docker or Drone CI - ''; - homepage = "https://github.com/appleboy/drone-scp"; - license = licenses.mit; - mainProgram = "drone-scp"; - }; -} diff --git a/pkgs/lohr/default.nix b/pkgs/lohr/default.nix index a83b092..ddeac7a 100644 --- a/pkgs/lohr/default.nix +++ b/pkgs/lohr/default.nix @@ -1,16 +1,16 @@ { lib, fetchFromGitHub, rustPlatform }: rustPlatform.buildRustPackage rec { pname = "lohr"; - version = "0.4.2"; + version = "0.4.5"; src = fetchFromGitHub { owner = "alarsyo"; repo = "lohr"; rev = "v${version}"; - hash = "sha256-2pN/Me5fCdE++TzBUswPXzjuUIIB7Uck+Scp361JgE4="; + hash = "sha256-p6E/r+OxFTpxDpOKSlacOxvRLfHSKg1mHNAfTytfqDY="; }; - cargoHash = "sha256-YHg4b6rKcnVJSDoWh9/o+p40NBog65Gd2/UwIDXiUe0="; + cargoHash = "sha256-hext0S0o9D9pN9epzXtD5dwAYMPCLpBBOBT4FX0mTMk="; meta = with lib; { description = "Git mirroring daemon"; diff --git a/pkgs/matrix-notifier/default.nix b/pkgs/matrix-notifier/default.nix index a96cb61..aba093f 100644 --- a/pkgs/matrix-notifier/default.nix +++ b/pkgs/matrix-notifier/default.nix @@ -1,13 +1,13 @@ { lib, curl, jq, fetchFromGitHub, makeWrapper, pandoc, stdenvNoCC }: stdenvNoCC.mkDerivation rec { pname = "matrix-notifier"; - version = "0.3.0"; + version = "0.4.0"; src = fetchFromGitHub { owner = "ambroisie"; repo = "matrix-notifier"; rev = "v${version}"; - hash = "sha256-NE9RO0ep2ibrT9EUPGTnUE3ofdNTCHwelxnX9tCflg0="; + hash = "sha256-6KHteQx0bHodpNp7cuUIGM7uBRPaj386n2t5yz6umpY="; }; nativeBuildInputs = [ diff --git a/pkgs/sqlite_orm/default.nix b/pkgs/sqlite_orm/default.nix new file mode 100644 index 0000000..3891eee --- /dev/null +++ b/pkgs/sqlite_orm/default.nix @@ -0,0 +1,32 @@ +{ lib +, cmake +, fetchFromGitHub +, sqlite +, stdenv +}: +stdenv.mkDerivation (finalAttrs: { + pname = "sqlite_orm"; + version = "1.8.2"; + + src = fetchFromGitHub { + owner = "fnc12"; + repo = "sqlite_orm"; + rev = "v${finalAttrs.version}"; + hash = "sha256-KqphGFcnR1Y11KqL7sxODSv7lEvcURdF6kLd3cg84kc="; + }; + + nativeBuildInputs = [ + cmake + ]; + + propagatedBuildInputs = [ + sqlite + ]; + + meta = with lib; { + description = "Light header only SQLite ORM"; + homepage = "https://sqliteorm.com/"; + license = licenses.agpl3Only; # MIT license is commercial + maintainers = with maintainers; [ ambroisie ]; + }; +}) diff --git a/pkgs/unbound-zones-adblock/default.nix b/pkgs/unbound-zones-adblock/default.nix index b8392ae..642ac41 100644 --- a/pkgs/unbound-zones-adblock/default.nix +++ b/pkgs/unbound-zones-adblock/default.nix @@ -1,9 +1,9 @@ -{ lib, gawk, stdenvNoCC, unified-hosts-lists }: +{ lib, gawk, stdenvNoCC, stevenblack-blocklist }: stdenvNoCC.mkDerivation { name = "unbound-zones-adblock"; - version = unified-hosts-lists.version; + version = stevenblack-blocklist.rev; - src = unified-hosts-lists; + src = stevenblack-blocklist; dontUnpack = true; @@ -18,9 +18,11 @@ stdenvNoCC.mkDerivation { ]; in '' - mkdir -p $out - for file in $src/*; do - ${gawkCmd} $file | tr '[:upper:]' '[:lower:]' | sort -u > $out/$(basename $file) + shopt -s globstar + for file in $src/**/hosts; do + outFile="$out/''${file#$src}" + mkdir -p "$(dirname "$outFile")" + ${gawkCmd} $file | tr '[:upper:]' '[:lower:]' | sort -u > "$outFile" done ''; diff --git a/pkgs/unified-hosts-lists/default.nix b/pkgs/unified-hosts-lists/default.nix deleted file mode 100644 index 06d24ac..0000000 --- a/pkgs/unified-hosts-lists/default.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ lib, fetchFromGitHub, stdenvNoCC }: -stdenvNoCC.mkDerivation rec { - pname = "unified-hosts-lists"; - version = "3.12.15"; - - src = fetchFromGitHub { - owner = "StevenBlack"; - repo = "hosts"; - rev = version; - hash = "sha256-HoNX57lCoIr36B/7HMuazWSWeAPPfWY1oZf6dXnxYIE="; - }; - - dontUnpack = true; - - installPhase = '' - mkdir -p $out - cp -r $src/hosts $out - for file in $src/alternates/*/hosts; do - cp $file $out/$(basename $(dirname $file)) - done - ''; - - meta = with lib; { - description = "Unified host lists"; - longDescription = '' - Consolidating and extending hosts files from several well-curated sources. - Optionally pick extensions for porn, social media, and other categories. - ''; - homepage = "https://github.com/StevenBlack/hosts"; - license = licenses.mit; - maintainers = with maintainers; [ ambroisie ]; - platforms = platforms.all; - }; -} diff --git a/pkgs/vimix-cursors/default.nix b/pkgs/vimix-cursors/default.nix deleted file mode 100644 index 80424de..0000000 --- a/pkgs/vimix-cursors/default.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ lib, python3, fetchFromGitHub, inkscape, stdenvNoCC, xcursorgen }: -let - py = python3.withPackages (ps: with ps; [ cairosvg ]); -in -stdenvNoCC.mkDerivation rec { - pname = "vimix-cursors"; - version = "unstable-2020-04-28"; - - src = fetchFromGitHub { - owner = "vinceliuice"; - repo = pname; - rev = "27ebb1935944bc986bf8ae85ee3343b8351d9823"; - hash = "sha256-bIPRrKaNQ2Eo+T6zv7qeA1z7uRHXezM0yxh+uqA01Gs="; - }; - - nativeBuildInputs = [ - inkscape - py - xcursorgen - ]; - - postPatch = '' - patchShebangs . - ''; - - buildPhase = '' - HOME="$NIX_BUILD_ROOT" ./build.sh - ''; - - installPhase = '' - install -dm 755 $out/share/icons - for color in "" "-white"; do - cp -pr dist''${color}/ "$out/share/icons/Vimix''${color}-cursors" - done - ''; - - meta = with lib; { - description = "An X cursor theme inspired by Materia design"; - homepage = "https://github.com/vinceliuice/Vimix-cursors"; - license = licenses.gpl3Only; - maintainers = with maintainers; [ ambroisie ]; - platforms = platforms.linux; - }; -} diff --git a/pkgs/wifi-qr/default.nix b/pkgs/wifi-qr/default.nix deleted file mode 100644 index 88164e5..0000000 --- a/pkgs/wifi-qr/default.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ lib -, fetchFromGitHub -, gnome -, installShellFiles -, makeWrapper -, networkmanager -, qrencode -, stdenvNoCC -, xdg-utils -, zbar -}: -stdenvNoCC.mkDerivation rec { - pname = "wifi-qr"; - version = "unstable-2023-04-19"; - - outputs = [ "out" "man" ]; - - src = fetchFromGitHub { - owner = "kokoye2007"; - repo = "wifi-qr"; - rev = "b81d4a44257252f07e745464879aa5618ae3d434"; - hash = "sha256-oGTAr+raJGpK4PV4GdBxX8fIUE8gcbXw7W0SvQJAee0="; - }; - - nativeBuildInputs = [ - installShellFiles - makeWrapper - ]; - - dontBuild = true; - - dontConfigure = true; - - postPatch = '' - substituteInPlace wifi-qr.desktop \ - --replace "Exec=sh -c 'wifi-qr g'" "Exec=$out/bin/wifi-qr g" \ - --replace "Exec=sh -c 'wifi-qr q'" "Exec=$out/bin/wifi-qr q" \ - --replace "Exec=sh -c 'wifi-qr p'" "Exec=$out/bin/wifi-qr p" \ - --replace "Exec=sh -c 'wifi-qr c'" "Exec=$out/bin/wifi-qr c" \ - --replace "Icon=wifi-qr.svg" "Icon=wifi-qr" - ''; - - installPhase = '' - runHook preInstall - - install -Dm755 wifi-qr $out/bin/wifi-qr - - install -Dm644 wifi-qr.desktop $out/share/applications/wifi-qr.desktop - install -Dm644 wifi-qr.svg $out/share/icons/hicolor/scalable/apps/wifi-qr.svg - - installManPage wifi-qr.1 - - runHook postInstall - ''; - - wrapperPath = lib.makeBinPath [ - gnome.zenity - networkmanager - qrencode - xdg-utils - zbar - ]; - - fixupPhase = '' - runHook preFixup - - patchShebangs $out/bin/wifi-qr - wrapProgram $out/bin/wifi-qr --suffix PATH : "${wrapperPath}" - - runHook postFixup - ''; - - meta = with lib; { - description = "WiFi password sharing via QR codes"; - homepage = "https://github.com/kokoye2007/wifi-qr"; - license = with licenses; [ gpl3Plus ]; - mainProgram = "wifi-qr"; - maintainers = with maintainers; [ ambroisie ]; - platforms = platforms.linux; - }; -} diff --git a/pkgs/zsh-done/default.nix b/pkgs/zsh-done/default.nix index bddc6c1..8fac813 100644 --- a/pkgs/zsh-done/default.nix +++ b/pkgs/zsh-done/default.nix @@ -2,13 +2,13 @@ stdenvNoCC.mkDerivation rec { pname = "zsh-done"; - version = "0.1.0"; + version = "0.1.1"; src = fetchFromGitHub { owner = "ambroisie"; repo = "zsh-done"; rev = "v${version}"; - hash = "sha256-DC7urJDXPP9vBYABrJF5KZ4HfMbrpHIVogSmEB8PWLA="; + hash = "sha256-dyhPhoMrAfDWtrBX5TA+B3G7QZ7gBhoDGNOEqGsCBQU="; }; dontConfigure = true; @@ -26,7 +26,7 @@ stdenvNoCC.mkDerivation rec { description = '' A zsh plug-in to receive notifications when long processes finish ''; - homepage = "https://gitea.belanyi.fr/ambroisie/zsh-done"; + homepage = "https://git.belanyi.fr/ambroisie/zsh-done"; license = licenses.mit; platforms = platforms.unix; maintainers = with maintainers; [ ambroisie ]; diff --git a/templates/c++-bazel/.bazelignore b/templates/c++-bazel/.bazelignore new file mode 100644 index 0000000..6622ec1 --- /dev/null +++ b/templates/c++-bazel/.bazelignore @@ -0,0 +1,3 @@ +.pre-commit-config.yaml +result +.direnv diff --git a/templates/c++-bazel/.bazelrc b/templates/c++-bazel/.bazelrc new file mode 100644 index 0000000..0ef96ae --- /dev/null +++ b/templates/c++-bazel/.bazelrc @@ -0,0 +1,6 @@ +# rule_nixpkgs' specific configuration +build --host_platform=@io_tweag_rules_nixpkgs//nixpkgs/platforms:host +build --crosstool_top=@nixpkgs_config_cc//:toolchain + +# Use C++20 +build:linux --cxxopt=-std=c++20 diff --git a/templates/c++-bazel/.clang-format b/templates/c++-bazel/.clang-format new file mode 100644 index 0000000..19c58aa --- /dev/null +++ b/templates/c++-bazel/.clang-format @@ -0,0 +1,23 @@ +# vim: ft=yaml +--- +BasedOnStyle: LLVM +IndentWidth: 4 +--- +Language: Cpp +# Force pointers to the type for C++. +DerivePointerAlignment: false +PointerAlignment: Left + +# Short functions should not be on a single line, unless empty +AllowShortFunctionsOnASingleLine: Empty + +# Make them level +AccessModifierOffset: -4 + +# It makes more sense this way +BreakBeforeBinaryOperators: All +BreakBeforeTernaryOperators: true + +# Aesthetic +AlignOperands: AlignAfterOperator +--- diff --git a/templates/c++-bazel/.envrc b/templates/c++-bazel/.envrc new file mode 100644 index 0000000..de77fcb --- /dev/null +++ b/templates/c++-bazel/.envrc @@ -0,0 +1,5 @@ +if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" +fi + +use flake diff --git a/templates/c++-bazel/.gitignore b/templates/c++-bazel/.gitignore new file mode 100644 index 0000000..84bd7c0 --- /dev/null +++ b/templates/c++-bazel/.gitignore @@ -0,0 +1,6 @@ +# Bazel build directories +/bazel-*/ + +# Nix generated files +/.pre-commit-config.yaml +/result diff --git a/templates/c++-bazel/.woodpecker/check.yml b/templates/c++-bazel/.woodpecker/check.yml new file mode 100644 index 0000000..4ff7dba --- /dev/null +++ b/templates/c++-bazel/.woodpecker/check.yml @@ -0,0 +1,31 @@ +labels: + backend: local + +steps: +- name: pre-commit check + image: bash + commands: + - nix develop --command pre-commit run --all + +- name: nix flake check + image: bash + commands: + - nix flake check + +- name: notifiy + image: bash + environment: + ADDRESS: + from_secret: matrix_homeserver + ROOM: + from_secret: matrix_roomid + USER: + from_secret: matrix_username + PASS: + from_secret: matrix_password + commands: + - nix run github:ambroisie/matrix-notifier + when: + status: + - failure + - success diff --git a/templates/c++-bazel/BUILD b/templates/c++-bazel/BUILD new file mode 100644 index 0000000..e69de29 diff --git a/templates/c++-bazel/WORKSPACE b/templates/c++-bazel/WORKSPACE new file mode 100644 index 0000000..72d35b6 --- /dev/null +++ b/templates/c++-bazel/WORKSPACE @@ -0,0 +1,48 @@ +load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") + +http_archive( + name = "io_tweag_rules_nixpkgs", + sha256 = "980edfceef2e59e1122d9be6c52413bc298435f0a3d452532b8a48d7562ffd67", + strip_prefix = "rules_nixpkgs-0.10.0", + urls = ["https://github.com/tweag/rules_nixpkgs/releases/download/v0.10.0/rules_nixpkgs-0.10.0.tar.gz"], +) + +load("@io_tweag_rules_nixpkgs//nixpkgs:repositories.bzl", "rules_nixpkgs_dependencies") + +# load everything that rules_nixpkgs rules need to work +rules_nixpkgs_dependencies() + +load("@io_tweag_rules_nixpkgs//nixpkgs:nixpkgs.bzl", "nixpkgs_cc_configure", "nixpkgs_local_repository") + +# Define nixpkgs version using the flakes lock file. +nixpkgs_local_repository( + name = "nixpkgs", + nix_file_deps = ["//:flake.lock"], + nix_flake_lock_file = "//:flake.lock", +) + +nixpkgs_cc_configure( + name = "nixpkgs_config_cc", + repository = "@nixpkgs", +) + +# load rules_cc +http_archive( + name = "rules_cc", + sha256 = "4dccbfd22c0def164c8f47458bd50e0c7148f3d92002cdb459c2a96a68498241", + urls = ["https://github.com/bazelbuild/rules_cc/releases/download/0.0.1/rules_cc-0.0.1.tar.gz"], +) + +load("@rules_cc//cc:repositories.bzl", "rules_cc_dependencies", "rules_cc_toolchains") + +rules_cc_dependencies() + +rules_cc_toolchains() + +# Load dependencies +http_archive( + name = "com_google_googletest", + sha256 = "8ad598c73ad796e0d8280b082cebd82a630d73e73cd3c70057938a6501bba5d7", + strip_prefix = "googletest-1.14.0", + urls = ["https://github.com/google/googletest/archive/refs/tags/v1.14.0.tar.gz"], +) diff --git a/templates/c++-bazel/flake.lock b/templates/c++-bazel/flake.lock new file mode 100644 index 0000000..7440f4d --- /dev/null +++ b/templates/c++-bazel/flake.lock @@ -0,0 +1,143 @@ +{ + "nodes": { + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "futils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "ref": "main", + "repo": "flake-utils", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1660459072, + "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1698134075, + "narHash": "sha256-foCD+nuKzfh49bIoiCBur4+Fx1nozo+4C/6k8BYk4sg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8efd5d1e283604f75a808a20e6cde0ef313d07d4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1685801374, + "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c37ca420157f4abc31e26f436c1145f8951ff373", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": [ + "futils" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1698227354, + "narHash": "sha256-Fi5H9jbaQLmLw9qBi/mkR33CoFjNbobo5xWdX4tKz1Q=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "bd38df3d508dfcdff52cd243d297f218ed2257bf", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "master", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "futils": "futils", + "nixpkgs": "nixpkgs", + "pre-commit-hooks": "pre-commit-hooks" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/templates/c++-bazel/flake.nix b/templates/c++-bazel/flake.nix new file mode 100644 index 0000000..63c64d6 --- /dev/null +++ b/templates/c++-bazel/flake.nix @@ -0,0 +1,126 @@ +{ + description = "A C++ project"; + + inputs = { + futils = { + type = "github"; + owner = "numtide"; + repo = "flake-utils"; + ref = "main"; + }; + + nixpkgs = { + type = "github"; + owner = "NixOS"; + repo = "nixpkgs"; + ref = "nixos-unstable"; + }; + + pre-commit-hooks = { + type = "github"; + owner = "cachix"; + repo = "pre-commit-hooks.nix"; + ref = "master"; + inputs = { + flake-utils.follows = "futils"; + nixpkgs.follows = "nixpkgs"; + }; + }; + }; + + outputs = { self, futils, nixpkgs, pre-commit-hooks }: + { + overlays = { + default = final: _prev: { + project = with final; buildBazelPackage { + pname = "project"; + version = "0.0.0"; + + src = self; + + inherit (pkgs) bazel; + + fetchAttrs = { + # Fixed output derivation hash after bazel fetch. + # This varies per platform, probably from the JDK pulled in being part + # of the output derivation ? Is there a more robust way to do this ? + # (Hashes extracted from the ofborg build logs) + sha256 = let inherit (stdenv.hostPlatform) system; in { + x86_64-linux = "${lib.fakeHash}"; + }.${system} or (throw "No hash for system: ${system}"); + + + # Use WORKSPACE file to fetch `rule_cc` + removeRulesCC = false; + }; + + buildAttrs = { + installPhase = '' + mkdir -p "$out/bin" + + install bazel-bin/src/project "$out/bin" + ''; + }; + + doCheck = true; + + meta = with lib; { + description = "A C++ project"; + homepage = "https://gitea.belanyi.fr/ambroisie/project"; + license = licenses.mit; + maintainers = with maintainers; [ ambroisie ]; + platforms = platforms.unix; + }; + }; + }; + }; + } // futils.lib.eachDefaultSystem (system: + let + pkgs = import nixpkgs { + inherit system; + overlays = [ + self.overlays.default + ]; + }; + + pre-commit = pre-commit-hooks.lib.${system}.run { + src = self; + + hooks = { + nixpkgs-fmt = { + enable = true; + }; + + clang-format = { + enable = true; + }; + }; + }; + in + { + checks = { + inherit (self.packages.${system}) project; + + inherit pre-commit; + }; + + devShells = { + default = pkgs.mkShellNoCC { + inputsFrom = with self.packages.${system}; [ + project + ]; + + packages = with pkgs; [ + clang-tools + ]; + + inherit (pre-commit) shellHook; + }; + }; + + packages = futils.lib.flattenTree { + default = pkgs.project; + inherit (pkgs) project; + }; + }); +} diff --git a/templates/c++-bazel/src/BUILD b/templates/c++-bazel/src/BUILD new file mode 100644 index 0000000..a1b3dc9 --- /dev/null +++ b/templates/c++-bazel/src/BUILD @@ -0,0 +1,6 @@ +cc_binary( + name = "project", + srcs = [ + "main.cc", + ], +) diff --git a/templates/c++-bazel/src/main.cc b/templates/c++-bazel/src/main.cc new file mode 100644 index 0000000..5eb9e4a --- /dev/null +++ b/templates/c++-bazel/src/main.cc @@ -0,0 +1,5 @@ +#include + +int main() { + std::cout << "Hello World!\n"; +} diff --git a/templates/c++-bazel/tests/unit/BUILD b/templates/c++-bazel/tests/unit/BUILD new file mode 100644 index 0000000..63ed0e5 --- /dev/null +++ b/templates/c++-bazel/tests/unit/BUILD @@ -0,0 +1,10 @@ +cc_test( + name = "dummy_test", + size = "small", + srcs = [ + "dummy_test.cc", + ], + deps = [ + "@com_google_googletest//:gtest_main", + ], +) diff --git a/templates/c++-bazel/tests/unit/dummy_test.cc b/templates/c++-bazel/tests/unit/dummy_test.cc new file mode 100644 index 0000000..4573678 --- /dev/null +++ b/templates/c++-bazel/tests/unit/dummy_test.cc @@ -0,0 +1,5 @@ +#include + +TEST(misc, passing) { + ASSERT_EQ(1, 1); +} diff --git a/templates/c++-cmake/.envrc b/templates/c++-cmake/.envrc index ccf325e..de77fcb 100644 --- a/templates/c++-cmake/.envrc +++ b/templates/c++-cmake/.envrc @@ -1,5 +1,5 @@ -if ! has nix_direnv_version || ! nix_direnv_version 2.4.0; then - source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.4.0/direnvrc" "sha256-XQzUAvL6pysIJnRJyR7uVpmUSZfc7LSgWQwq/4mBr1U=" +if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" fi use flake diff --git a/templates/c++-cmake/.woodpecker/check.yml b/templates/c++-cmake/.woodpecker/check.yml index 628e491..4ff7dba 100644 --- a/templates/c++-cmake/.woodpecker/check.yml +++ b/templates/c++-cmake/.woodpecker/check.yml @@ -1,7 +1,12 @@ labels: - type: exec + backend: local steps: +- name: pre-commit check + image: bash + commands: + - nix develop --command pre-commit run --all + - name: nix flake check image: bash commands: @@ -9,17 +14,17 @@ steps: - name: notifiy image: bash - secrets: - - source: matrix_homeserver - target: address - - source: matrix_roomid - target: room - - source: matrix_username - target: user - - source: matrix_password - target: pass + environment: + ADDRESS: + from_secret: matrix_homeserver + ROOM: + from_secret: matrix_roomid + USER: + from_secret: matrix_username + PASS: + from_secret: matrix_password commands: - - nix run '.#matrix-notifier' + - nix run github:ambroisie/matrix-notifier when: status: - failure diff --git a/templates/c++-cmake/flake.nix b/templates/c++-cmake/flake.nix index cb468e7..db3b35c 100644 --- a/templates/c++-cmake/flake.nix +++ b/templates/c++-cmake/flake.nix @@ -52,7 +52,7 @@ meta = with lib; { description = "A C++ project"; - homepage = "https://gitea.belanyi.fr/ambroisie/project"; + homepage = "https://git.belanyi.fr/ambroisie/project"; license = licenses.mit; maintainers = with maintainers; [ ambroisie ]; platforms = platforms.unix; diff --git a/templates/c++-cmake/tests/unit/CMakeLists.txt b/templates/c++-cmake/tests/unit/CMakeLists.txt index bb94448..266e3e3 100644 --- a/templates/c++-cmake/tests/unit/CMakeLists.txt +++ b/templates/c++-cmake/tests/unit/CMakeLists.txt @@ -1,15 +1,15 @@ find_package(GTest) -if (${GTest_FOUND}) -include(GoogleTest) +if(${GTest_FOUND}) + include(GoogleTest) -add_executable(dummy_test dummy_test.cc) -target_link_libraries(dummy_test PRIVATE common_options) + add_executable(dummy_test dummy_test.cc) + target_link_libraries(dummy_test PRIVATE common_options) -target_link_libraries(dummy_test PRIVATE - GTest::gtest - GTest::gtest_main -) + target_link_libraries(dummy_test PRIVATE + GTest::gtest + GTest::gtest_main + ) -gtest_discover_tests(dummy_test) -endif (${GTest_FOUND}) + gtest_discover_tests(dummy_test) +endif() diff --git a/templates/c++-meson/.envrc b/templates/c++-meson/.envrc index ccf325e..de77fcb 100644 --- a/templates/c++-meson/.envrc +++ b/templates/c++-meson/.envrc @@ -1,5 +1,5 @@ -if ! has nix_direnv_version || ! nix_direnv_version 2.4.0; then - source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.4.0/direnvrc" "sha256-XQzUAvL6pysIJnRJyR7uVpmUSZfc7LSgWQwq/4mBr1U=" +if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" fi use flake diff --git a/templates/c++-meson/.woodpecker/check.yml b/templates/c++-meson/.woodpecker/check.yml index 628e491..4ff7dba 100644 --- a/templates/c++-meson/.woodpecker/check.yml +++ b/templates/c++-meson/.woodpecker/check.yml @@ -1,7 +1,12 @@ labels: - type: exec + backend: local steps: +- name: pre-commit check + image: bash + commands: + - nix develop --command pre-commit run --all + - name: nix flake check image: bash commands: @@ -9,17 +14,17 @@ steps: - name: notifiy image: bash - secrets: - - source: matrix_homeserver - target: address - - source: matrix_roomid - target: room - - source: matrix_username - target: user - - source: matrix_password - target: pass + environment: + ADDRESS: + from_secret: matrix_homeserver + ROOM: + from_secret: matrix_roomid + USER: + from_secret: matrix_username + PASS: + from_secret: matrix_password commands: - - nix run '.#matrix-notifier' + - nix run github:ambroisie/matrix-notifier when: status: - failure diff --git a/templates/c++-meson/flake.nix b/templates/c++-meson/flake.nix index 9cfed0d..5957c62 100644 --- a/templates/c++-meson/flake.nix +++ b/templates/c++-meson/flake.nix @@ -52,7 +52,7 @@ meta = with lib; { description = "A C++ project"; - homepage = "https://gitea.belanyi.fr/ambroisie/project"; + homepage = "https://git.belanyi.fr/ambroisie/project"; license = licenses.mit; maintainers = with maintainers; [ ambroisie ]; platforms = platforms.unix; diff --git a/templates/default.nix b/templates/default.nix index f58fd72..31c3a81 100644 --- a/templates/default.nix +++ b/templates/default.nix @@ -5,6 +5,6 @@ }; "c++-meson" = { path = ./c++-meson; - description = "A C++ project using CMake"; + description = "A C++ project using Meson"; }; }