ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: ambroisie:f5a1181267e38b3fef5a90c96318c244b5819809
Branches Tags
ambroisie:main
ambroisie:add-jj
ambroisie:xdg-mime-apps
ambroisie:tmux-undercurls
ambroisie:add-nixgl
ambroisie:export-nixos-homes
ambroisie:native-vim-snippets
ambroisie:add-impermanence
ambroisie:add-typos-hook
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix
...
compare: ambroisie:77845244ea07adf0665ad7f7c54fd4ee97a1f949
Branches Tags
ambroisie:add-jj
ambroisie:main
ambroisie:xdg-mime-apps
ambroisie:tmux-undercurls
ambroisie:add-nixgl
ambroisie:export-nixos-homes
ambroisie:native-vim-snippets
ambroisie:add-impermanence
ambroisie:add-typos-hook
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix

109 commits
f5a1181267 ... 77845244ea

Author SHA1 Message Date
Bruno BELANYI
77845244ea WIP: nixgl wrappers
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-07 16:15:16 +00:00
Bruno BELANYI
2d3a9ed75e home: add 'nix-gl' 2025-04-07 16:04:00 +00:00
Bruno BELANYI
4f567d060a flake: add 'nixgl' 
There's now a home-manager module for it, let's try it out.
 2025-04-07 16:00:26 +00:00
Bruno BELANYI
05a643eb95 flake: home-manager: set overlays in module 
I need to inherit `lib` to make sure it picks up my version, not the one
from `pkgs`.

I can't use `extraSpecialArgs` like NixOS, due to it missing from
upstream [1].

[1]: https://github.com/nix-community/home-manager/pull/3969
 2025-04-07 15:55:03 +00:00
Bruno BELANYI
0152907536 flake: nixos: use 'self.dirtyRev' if available
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-07 10:19:30 +00:00
Bruno BELANYI
08f7c2bd79 nixos: services: nextcloud: bump to 31
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-05 20:24:21 +02:00
Bruno BELANYI
b8c649d5bf hosts: nixos: porthos: services: enable autobrr
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-05 20:22:27 +02:00
Bruno BELANYI
979814e9de hosts: nixos: porthos: secrets: add autobrr 2025-04-05 20:22:27 +02:00
Bruno BELANYI
215eb4c91a nixos: services: servarr: add autobrr 2025-04-05 20:22:27 +02:00
Bruno BELANYI
3510264186 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-05 20:11:43 +02:00
Bruno BELANYI
ec965800e4 nixos: services: servarr: nzbhydra: fix websockets 
From what I could read, NZBHydra2 *might* require proxying websockets in
new versions (better safe than sorry).
 2025-04-05 20:07:47 +02:00
Bruno BELANYI
b1ade72383 nixos: services: servarr: migrate nzbhydra 2025-04-05 20:07:47 +02:00
Bruno BELANYI
c823edf584 nixos: services: servarr: jackett: add 'port' 2025-04-05 20:07:47 +02:00
Bruno BELANYI
950cf4dd05 nixos: services: servarr: migrate jackett 2025-04-05 20:07:47 +02:00
Bruno BELANYI
f825d047b5 nixos: services: servarr: migrate prowlarr 
The configuration doesn't have `group`, so it's a slightly different
configuration to the rest of the *arr services.

I also want to move the other two indexer modules under `servarr`, as
they are all closely related.
 2025-04-05 20:07:47 +02:00
Bruno BELANYI
d783b5f5ee nixos: services: servarr: starr: add 'port' 
Now that declarative configurations are supported for those
applications.
 2025-04-05 20:07:47 +02:00
Bruno BELANYI
8e6be43817 nixox: services: servarr: refactor starr config 
Makes it slightly DRY-er and more readable.
 2025-04-05 20:07:47 +02:00
Bruno BELANYI
1f876d3e21 nixos: services: servarr: bazarr: add 'port' 2025-04-05 20:07:46 +02:00
Bruno BELANYI
860c13ab1f nixos: services: servarr: extract bazarr 
It's not an actual *arr package, but closely related to them. Extract
its configuration to a sub-module.
 2025-04-05 20:07:46 +02:00
Bruno BELANYI
7791ad0907 nixos: services: servarr: fix 'enableAll' logic 
I renamed the option and refactored how it worked to make it more
explicit that it enables the entire suite by default, with explicit
opt-out of individual components (or fine-grained opt-in as an
alternative).
 2025-04-05 20:07:46 +02:00
Bruno BELANYI
ca98b8367c templates: add python-uv 2025-04-05 19:00:10 +01:00
Bruno BELANYI
62ddec5c23 templates: remove unused 'follows' 2025-04-05 18:57:18 +01:00
Bruno BELANYI
418494004b templates: use 'pre-commit.enabledPackages' 2025-04-05 18:57:18 +01:00
Bruno BELANYI
53569f17a6 treewide: pre-commit-hooks.nix renaming 2025-04-05 18:33:37 +01:00
Bruno BELANYI
d48d5c45e0 home: vim: remove 'friendly-snippets' 
I never use them...
 2025-04-04 19:06:19 +01:00
Bruno BELANYI
36aa641ec0 home: vim: rely on built-in diagnostic jump config 
This reduces the surface area of my configuration.
 2025-04-03 22:04:44 +01:00
Bruno BELANYI
2583cc6c12 home: vim: lua: lsp: add count to diagnostic maps 2025-04-03 22:04:44 +01:00
Bruno BELANYI
262dc48425 home: vim: use default 'diffopt:linematch' 
It's now been defaulted to `linematch:40` on v0.11.
 2025-04-03 22:04:44 +01:00
Bruno BELANYI
c1efc4316d home: vim: lualine: add custom 'oil' extension 
I don't like the built-in one.
 2025-04-03 22:04:44 +01:00
Bruno BELANYI
4ef1b08f4e home: vim: lualine: use built-in 'branch' 
It now supports worktrees correctly (or at least I can't figure out
which issue I used to have with it...).

As a bonus, it also supports showing the correct branch for an `oil`
buffer.

This reverts commit 481d5f6f53.
 2025-04-03 22:04:44 +01:00
Bruno BELANYI
274d143031 home: vim: fix deprecated calls 2025-04-03 22:04:44 +01:00
Bruno BELANYI
dfb3c353ec home: vim: remove 'lsp_lines' 
It's been upstreamed!
 2025-04-03 22:04:44 +01:00
Bruno BELANYI
37e88c2707 flake: bump inputs 
And fix the small `jq` breakage.
 2025-04-03 22:04:44 +01:00
Bruno BELANYI
1841ff391d flake: dev-shells: remove redundant 'pre-commit'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
It's already being installed by the shell hook.
 2025-04-02 20:42:40 +01:00
Bruno BELANYI
458ea144c4 home: vim: remove 'fastfold' configuration 
I missed it in the original commit that removed the plug-in from my
configuration...
 2025-04-02 20:42:40 +01:00
Bruno BELANYI
abec0dd226 home: git: remove 'ignoreRevsFile' 
I remember why I didn't set it globally now, it's because `git blame`
complains and errors out, rather than silently ignoring the setting,
when the file doesn't exist in a repo...

This reverts commit 5ae2eacd49.
 2025-04-02 20:42:40 +01:00
Bruno BELANYI
b2758839e8 home: vim: lspconfig: add 'harper'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
Support for more languages is upcoming, I also need to check how to
handle custom words/dictionaries.
 2025-03-24 16:51:52 +00:00
Bruno BELANYI
6fc81e45e9 home: zsh: migrate to 'initContent'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
This also fixes a small ordering issue: my alias definitions used to be
defined at the very end of the file, they're now slotted _before_ the
`zshrc.local` import.
 2025-03-24 11:58:59 +00:00
Bruno BELANYI
9156a8211d flake: bump inputs 2025-03-24 11:47:59 +00:00
Bruno BELANYI
5ae2eacd49 home: git: add 'ignoreRevsFile'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
I'm surprised I hadn't configured it already.

`.git-blame-ignore-revs` is the usual name, as most forges automatically
detect and use it.
 2025-03-19 11:45:07 +00:00
Bruno BELANYI
dc4221fc17 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
And remove the overlay for `lsp-format.nvim`, which has been fixed.

This reverts commit 92e5fbe7df.
 2025-03-17 13:02:26 +00:00
Bruno BELANYI
ca618b53cc home: vim: oil: explicitly remove icons
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
They started appearing on the latest bump, it looks like my
configuration started including `nvim-web-devicons` (see [1]).

I'll probably remove this configuration on the next nixpkgs bump (it's a
good canary to check that I *never* include icons in the future).

[1]: https://github.com/NixOS/nixpkgs/pull/382668
 2025-02-28 11:00:12 +00:00
Bruno BELANYI
88c00bb83d home: firefox: fix deprecated option
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-02-27 12:44:10 +00:00
Bruno BELANYI
0dc8ac4433 flake: bump inputs 2025-02-27 12:36:10 +00:00
Bruno BELANYI
edeb67238b home: tmux: enable aggressive resize
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
Generally useful, rarely gets in the way, I'd rather have it enabled by
default.
 2025-02-26 14:28:10 +00:00
Bruno BELANYI
105bcbd53a hosts: home: mousqueton: enable 'tmux-resurrect' 2025-02-26 14:28:10 +00:00
Bruno BELANYI
84f1186b6c home: tmux: add 'enableResurrect' 
To be used on the cloudtop with its frequent reboots.
 2025-02-26 14:28:10 +00:00
Bruno BELANYI
e43570fe5b home: pager: allow quitting without screen clear
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-02-24 17:09:11 +00:00
Bruno BELANYI
852696409a home: pager: remove 'LESSKEY' 
It should do the lookup in `$XDG_CONFIG_HOME/lesskey` automatically now.
 2025-02-24 17:09:11 +00:00
Bruno BELANYI
d3a953247c home: packages: disable on 'useGlobalPkgs'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
It doesn't do anything when `useGlobalPkgs` is set, and has started
warning about its upcoming deprecation.
 2025-02-24 14:15:04 +00:00
Bruno BELANYI
337d7309c6 home: git: use 'mkAfter' for config includes
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
This should ensure that they will be included at the very end of the
configuration, even if other modules add more includes.

Notably, this ensures that the local configuration can override any
other setting.
 2025-02-24 14:02:06 +00:00
Bruno BELANYI
1237ef4174 home: git: include local configuration properly
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
Using `includes` ensures that the local configuration is included at the
end of the configuration file.
 2025-02-21 16:22:44 +00:00
Bruno BELANYI
8f5be69a4e flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-02-17 15:33:53 +01:00
Bruno BELANYI
f474c033d5 nixos: services: nginx: remove zstd compression
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
The zstd module is unmaintained and buggy, remove it preventively.

The option itself will probably be removed soon [1].

[1]: https://github.com/NixOS/nixpkgs/pull/381678
 2025-02-13 22:55:25 +01:00
Bruno BELANYI
80b4c9ffcd home: mail: accounts: use 'migadu' flavor 2025-02-13 22:55:25 +01:00
Bruno BELANYI
374886a63f nixos: services: servarr: remove build work-around 
It's been fixed upstream.

This partially reverts commit ad1cfbd6f0.
 2025-02-13 22:55:25 +01:00
Bruno BELANYI
40a841031f flake: bump inputs 2025-02-13 22:55:25 +01:00
Bruno BELANYI
b6d58a274a pkgs: lohr: use 'useFetchCargoVendor' 
The previous fetcher is in the process of being deprecated.
 2025-02-13 22:55:25 +01:00
Bruno BELANYI
9c4d853037 home: secrets: github: update token 2025-02-13 22:55:25 +01:00
Bruno BELANYI
2cbcbb7b3a home: secrets: fix path to 'keys' 2025-02-13 22:55:25 +01:00
Bruno BELANYI
533e3b9a9f nixos: services: add homebox 2025-02-13 22:55:25 +01:00
Bruno BELANYI
1540483955 nixos: services: komga: fix deprecated option 2025-01-30 13:17:24 +01:00
Bruno BELANYI
f08787625b flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-01-28 12:34:20 +00:00
Bruno BELANYI
c99b5b2532 nixos: services: komga: use 'settings'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-01-15 20:42:52 +00:00
Bruno BELANYI
9f2ed2ae5a nixos: hardware: fix renamed 'pulseaudio' config 2025-01-15 20:42:52 +00:00
Bruno BELANYI
2cf14c92d3 flake: bump inputs 2025-01-15 20:42:52 +00:00
Bruno BELANYI
debf061dd2 treewide: add 'shell=bash' for '.envrc' files 
Looks like the `shellcheck` pre-commit hook starting running on those
files as well.
 2025-01-13 17:35:38 +00:00
Bruno BELANYI
9c50691ede nixos: services: nginx: sso: use upstream module
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
It's finally been merged, so let's get rid of this module.
 2024-12-28 13:28:03 -05:00
Bruno BELANYI
2996481327 flake: bump inputs 2024-12-28 13:24:21 -05:00
Bruno BELANYI
e65b3ed1fc home: vim: ftplugin: add query
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2024-12-23 22:42:42 -05:00
Bruno BELANYI
5cae5632d3 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2024-12-21 17:06:37 -05:00
Bruno BELANYI
b7b6705391 home: wm: i3: make 'arandr' float
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
Another work-around due to a wrapper in nixpkgs.
 2024-12-18 20:48:09 -05:00
Bruno BELANYI
ead8101b8d home: wm: i3: match 'blueman' float explicitly 
This is more of a work-around due to the wrapper in nixpkgs' packaging
of that application, so might as well make that explicit and narrow.
 2024-12-18 20:48:09 -05:00
Bruno BELANYI
c75a307c58 home: wm: i3: fix 'pavucontrol' float
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2024-12-18 20:39:15 -05:00
Bruno BELANYI
f4f1aad1c0 pkgs: fix shell formatting
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
Ran `shfmt --write --indent 4 --simplify --case-indent`, in accordance
with my editor settings.
 2024-12-18 20:35:34 -05:00
Bruno BELANYI
322fbc970b home: vim: lsp: rely on 'bashls' formatting
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
I finally figured out why I was getting the wrong indentation, turns out
it was an issue in `lsp-format.nvim`. With that fixed/worked around, I
can now rely completely on `bash-language-server` for formatting.

I'll also rely on `shfmt` automatically detecting the type of file, as
(Neo)Vim cannot be made to reliably set `ft=bash` for Bash scripts and
`ft=sh` for POSIX shell.

Finally, I removed spaces after redirections, I've now come around to
liking the default (no spaces) better.
 2024-12-18 20:20:28 -05:00
Bruno BELANYI
92e5fbe7df overlays: add 'lsp-format-nvim-indentation' 
To fix the issue I reported upstream [1].

[1]: https://github.com/lukas-reineke/lsp-format.nvim/issues/94
 2024-12-18 20:13:03 -05:00
Bruno BELANYI
747b344b76 pkgs: remove 'cgt-calc'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
It's been merged upstream.
 2024-12-15 18:39:27 -05:00
Bruno BELANYI
dec5dabf02 modules: services: postgres: upgrade version
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2024-12-16 00:20:18 +01:00
Bruno BELANYI
b2d2ff1798 nixos: services: postgres: fix renamed option 2024-12-16 00:19:31 +01:00
Bruno BELANYI
c5a375d165 nixos: services: paperless: use automatic DB setup 
That way I don't have to worry about the `postgresql.service` dependency
anymore :-).
 2024-12-11 01:40:14 +01:00
Bruno BELANYI
cb5eb68d35 flake: bump inputs 
And fix deprecated NUR overlay attribute.
 2024-12-11 01:40:10 +01:00
Bruno BELANYI
19120bca29 nixos: hardware: graphics: use 'initrd' option
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2024-12-08 16:08:48 -05:00
Bruno BELANYI
35c547a090 home: tmux: enable focus events
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
Since `tmux-sensible` was disabled by default, we should enable this
explicitly now.
 2024-12-08 10:44:26 -05:00
Bruno BELANYI
ad1cfbd6f0 flake: bump inputs 
Allow-list the build inputs for `sonarr` until the package is fixed
upstream [1].

[1]: https://github.com/NixOS/nixpkgs/issues/360592
 2024-12-08 10:44:26 -05:00
Bruno BELANYI
baa853477d nixos: hardware: sound: remove ALSA 
`sound.enable` was removed from the latest release, and is unnecessary
with PulseAudio.
 2024-12-08 10:44:26 -05:00
Bruno BELANYI
3ac85b8762 home: packages: add 'tree' 2024-12-08 10:44:26 -05:00
Bruno BELANYI
c74acda957 nixos: system: packages: remove 'wget' 2024-12-08 10:44:26 -05:00
Bruno BELANYI
98c90d77c5 home: tmux: add sloppy window switching bindings 
Another set of bindings which were setup by `tmux-sensible`, that I want
to enable explicitly to avoid issues when it is disabled by default.
 2024-12-08 10:44:26 -05:00
Bruno BELANYI
b38658405a home: tmux: add binding to refresh configuration 
Don't rely on `tmux-sensible` to set it up.
 2024-11-28 18:39:09 +00:00
Bruno BELANYI
da3c29bbaf home: xdg: add comment about 'tig' 
To explain why I didn't modify it as part of my `$XDG_STATE_HOME`
migration in fbd3b70d61.
 2024-11-28 12:07:52 +00:00
Bruno BELANYI
8b61af1ac3 home: xdg: remove 'gdb' directory 
I have an actual module to configure `gdb`, and it uses
`$XDG_STATE_HOME` anyway...
 2024-11-28 12:07:12 +00:00
Bruno BELANYI
e8a41187e7 home: xdg: create 'HISTFILE' parent directory 
In fbd3b70d61, I forgot to modify the
`.keep` file to be created in `$XDG_STATE_HOME/bash/`.
 2024-11-28 12:06:03 +00:00
Bruno BELANYI
83da7ba9c8 home: tmux: explicitly disable mouse support
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
It's disabled by default, but make it explicit :-).
 2024-11-28 11:24:34 +00:00
Bruno BELANYI
f2168378fc home: direnv: lib: also watch '.python-version'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
It's used by `uv` as a kind of configuration file, so watch it as well.
 2024-11-27 15:12:10 +00:00
Bruno BELANYI
e39fef275c nixos: services: paperless: use 'environmentFile'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
That way I don't have to configure all services to make use of it.

Someday I'll find the will to add the `postgresql.service` dependency
upstream, truly removing the need to configure any service at all.
 2024-11-27 12:05:41 +00:00
Bruno BELANYI
fe49e47026 flake: bump inputs 2024-11-27 12:02:29 +00:00
Bruno BELANYI
6a5c4a627a nixos: services: pyload: add fail2ban jail
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2024-11-20 21:06:17 +01:00
Bruno BELANYI
7f0cd6612e nixos: services: paperless: remove MKL work-around 
Instead, rely on the upstream service's work-around [1].

This will reduce the amount of package builds I need to do when updating
my server...

[1]: https://github.com/NixOS/nixpkgs/pull/299008

This reverts commit e2ec4d3032.
 2024-11-20 21:06:17 +01:00
Bruno BELANYI
2ffbc13513 flake: bump inputs 2024-11-20 21:06:17 +01:00
Bruno BELANYI
60050113bc nixos: services: nginx: modify example
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
Now that `websocketLocations` exists, it makes little sense to use
`proxyWebsockets` in an example, so use a different one.
 2024-11-19 16:03:38 +00:00
Bruno BELANYI
6a1a35a384 nixos: services: migrate to 'websocketsLocations' 2024-11-19 16:03:38 +00:00
Bruno BELANYI
e9d96138d5 nixos: services: nginx: add 'websocketsLocations' 
This accounts for the overwhelming majority of my usage of
`extraConfig`.
 2024-11-19 16:03:38 +00:00
Bruno BELANYI
ae230b5df7 hosts: porthos: services: enable collabora
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2024-11-19 15:58:48 +01:00
Bruno BELANYI
138d4d2bd9 nixos: services: nextcloud: add collabora 
This needs to be configured through the "Nextcloud Office" app,
specifically the WOPI setting is important for security (I put both the
external IP, as well as `::1` and `127.0.0.1`).
 2024-11-19 15:58:48 +01:00
Bruno BELANYI
ab8a5daefe hosts: porthos: secrets: acme: use OVH API
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
I switched registrar, as OVH was ~4x cheaper.

This needs a small change to the module to both refer to OVH instead of
Gandi in the documentation, and make use of the correct API.

I also needed to disable the propagation check, as it looks like OVH is
slower than Gandi, and leads to spurious errors...
 2024-11-14 22:19:35 +01:00
Bruno BELANYI
7b42368e2f hosts: nixos: porthos: services: remove tandoor
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
I fully transitioned to using Mealie instead.

This reverts commit 493636decb.
 2024-11-11 11:45:11 +00:00
Bruno BELANYI
46bd23ff07 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2024-11-06 10:53:58 +00:00
Bruno BELANYI
62de2772a4 home: vim: do not italicize comments
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2024-11-05 15:54:18 +00:00
86 changed files with 1010 additions and 680 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.envrc
View file

@ -1,3 +1,4 @@
# shellcheck shell=bash
if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then
source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg="
fi fi

142
flake.lock generated
View file

@ -14,11 +14,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1723293904, "lastModified": 1736955230,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -73,11 +73,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1727826117, "lastModified": 1743550720,
"narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", "rev": "c621e8422220273271f52058f618c94e405bb0f5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -94,11 +94,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1726560853, "lastModified": 1731533236,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -108,10 +108,33 @@
"type": "github" "type": "github"
} }
}, },
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1742649964,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "master",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"pre-commit-hooks", "git-hooks",
"nixpkgs" "nixpkgs"
] ]
}, },
@ -136,11 +159,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1729864948, "lastModified": 1743869639,
"narHash": "sha256-CeGSqbN6S8JmzYJX/HqZjr7dMGlvHLLnJJarwB45lPs=", "narHash": "sha256-Xhe3whfRW/Ay05z9m1EZ1/AkbV1yo0tm1CbgjtCi4rQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "0c0268a3c80d30b989d0aadbd65f38d4fa27a9a0", "rev": "d094c6763c6ddb860580e7d3b4201f8f496a6836",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -150,13 +173,37 @@
"type": "github" "type": "github"
} }
}, },
"nixgl": {
"inputs": {
"flake-utils": [
"futils"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1713543440,
"narHash": "sha256-lnzZQYG0+EXl/6NkGpyIz+FEOc/DSEG57AP1VsdeNrM=",
"owner": "nix-community",
"repo": "nixGL",
"rev": "310f8e49a149e4c9ea52f1adf70cdc768ec53f8a",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "main",
"repo": "nixGL",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1729665710, "lastModified": 1743689281,
"narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=", "narHash": "sha256-y7Hg5lwWhEOgflEHRfzSH96BOt26LaYfrYWzZ+VoVdg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d", "rev": "2bfc080955153be0be56724be6fa5477b4eefabb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -167,44 +214,27 @@
} }
}, },
"nur": { "nur": {
"locked": {
"lastModified": 1729868220,
"narHash": "sha256-OxHE1U+FIIaQ50nZpt/VxLH0bokiqsEqAshehlHhOFs=",
"owner": "nix-community",
"repo": "NUR",
"rev": "70b30d23d33ca2acfb267430b08ddf82ff7116b2",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "NUR",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-parts": [
"gitignore": "gitignore", "flake-parts"
],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": [ "treefmt-nix": "treefmt-nix"
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1729104314, "lastModified": 1741294988,
"narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=", "narHash": "sha256-3408u6q615kVTb23WtDriHRmCBBpwX7iau6rvfipcu4=",
"owner": "cachix", "owner": "nix-community",
"repo": "pre-commit-hooks.nix", "repo": "NUR",
"rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6", "rev": "b30c245e2c44c7352a27485bfd5bc483df660f0e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "cachix", "owner": "nix-community",
"ref": "master", "ref": "master",
"repo": "pre-commit-hooks.nix", "repo": "NUR",
"type": "github" "type": "github"
} }
}, },
@ -213,10 +243,11 @@
"agenix": "agenix", "agenix": "agenix",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"futils": "futils", "futils": "futils",
"git-hooks": "git-hooks",
"home-manager": "home-manager", "home-manager": "home-manager",
"nixgl": "nixgl",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nur": "nur", "nur": "nur",
"pre-commit-hooks": "pre-commit-hooks",
"systems": "systems" "systems": "systems"
} }
}, },
@ -235,6 +266,27 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733222881,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

20
flake.nix
View file

@ -43,6 +43,17 @@
}; };
}; };
nixgl = {
type = "github";
owner = "nix-community";
repo = "nixGL";
ref = "main";
inputs = {
flake-utils.follows = "futils";
nixpkgs.follows = "nixpkgs";
};
};
nixpkgs = { nixpkgs = {
type = "github"; type = "github";
owner = "NixOS"; owner = "NixOS";
@ -55,16 +66,19 @@
owner = "nix-community"; owner = "nix-community";
repo = "NUR"; repo = "NUR";
ref = "master"; ref = "master";
inputs = {
flake-parts.follows = "flake-parts";
nixpkgs.follows = "nixpkgs";
};
}; };
pre-commit-hooks = { git-hooks = {
type = "github"; type = "github";
owner = "cachix"; owner = "cachix";
repo = "pre-commit-hooks.nix"; repo = "git-hooks.nix";
ref = "master"; ref = "master";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs";
}; };
}; };

2
flake/checks.nix
View file

@ -1,7 +1,7 @@
{ inputs, ... }: { inputs, ... }:
{ {
imports = [ imports = [
inputs.pre-commit-hooks.flakeModule inputs.git-hooks.flakeModule
]; ];
perSystem = { ... }: { perSystem = { ... }: {

1
flake/dev-shells.nix
View file

@ -6,7 +6,6 @@
name = "NixOS-config"; name = "NixOS-config";
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [
gitAndTools.pre-commit
nixpkgs-fmt nixpkgs-fmt
]; ];

16
flake/home-manager.nix
View file

@ -3,6 +3,11 @@ let
defaultModules = [ defaultModules = [
# Include generic settings # Include generic settings
"${self}/modules/home" "${self}/modules/home"
{
nixpkgs.overlays = (lib.attrValues self.overlays) ++ [
inputs.nur.overlays.default
];
}
{ {
# Basic user information defaults # Basic user information defaults
home.username = lib.mkDefault "ambroisie"; home.username = lib.mkDefault "ambroisie";
@ -21,18 +26,15 @@ let
# * not letting me set `lib` as an extraSpecialArgs # * not letting me set `lib` as an extraSpecialArgs
# * not respecting `nixpkgs.overlays` [1] # * not respecting `nixpkgs.overlays` [1]
# [1]: https://github.com/nix-community/home-manager/issues/2954 # [1]: https://github.com/nix-community/home-manager/issues/2954
pkgs = import inputs.nixpkgs { pkgs = inputs.nixpkgs.legacyPackages.${system};
inherit system;
overlays = (lib.attrValues self.overlays) ++ [
inputs.nur.overlay
];
};
modules = defaultModules ++ [ modules = defaultModules ++ [
"${self}/hosts/homes/${name}" "${self}/hosts/homes/${name}"
]; ];
# Use my extended lib in NixOS configuration
inherit (self) lib;
extraSpecialArgs = { extraSpecialArgs = {
# Inject inputs to use them in global registry # Inject inputs to use them in global registry
inherit inputs; inherit inputs;

4
flake/nixos.nix
View file

@ -3,11 +3,11 @@ let
defaultModules = [ defaultModules = [
{ {
# Let 'nixos-version --json' know about the Git revision # Let 'nixos-version --json' know about the Git revision
system.configurationRevision = self.rev or "dirty"; system.configurationRevision = self.rev or self.dirtyRev or "dirty";
} }
{ {
nixpkgs.overlays = (lib.attrValues self.overlays) ++ [ nixpkgs.overlays = (lib.attrValues self.overlays) ++ [
inputs.nur.overlay inputs.nur.overlays.default
]; ];
} }
# Include generic settings # Include generic settings

3
hosts/homes/ambroisie@mousqueton/default.nix
View file

@ -15,6 +15,9 @@
# I use scripts that use the passthrough sequence often on this host # I use scripts that use the passthrough sequence often on this host
enablePassthrough = true; enablePassthrough = true;
# Frequent reboots mean that session persistence can be handy
enableResurrect = true;
terminalFeatures = { terminalFeatures = {
# HTerm uses `xterm-256color` as its `$TERM`, so use that here # HTerm uses `xterm-256color` as its `$TERM`, so use that here
xterm-256color = { }; xterm-256color = { };

15
hosts/nixos/porthos/secrets/acme/dns-key.age
View file

@ -1,8 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 cKojmg bQFr9oAnbo1rI/MpUV8wQz/Xj7iZY4ZU+Swf0nSIQFw -> ssh-ed25519 cKojmg Ec0xt1uJTva8MxUdoTVX5m3uWaIiRlodf345FEM7Uzs
zama2XJ0gdvUlD2GHMhmZqHSxHe+dKSfXnHoWDcSw7Y aJIneWFJPB5HVeoUGp57agXih9YeZ6xMEbyQ+zJtWQY
-> ssh-ed25519 jPowng gitUwSKTNKWLSxnwa185O7x/u0ul93g8wPESdZaKRk8 -> ssh-ed25519 jPowng B5XotRgv7s/FUegGhceBj7EoukewNUOIFl4TFRQf1EQ
uvBIfAUkZp5sg6rfeEGvL5ZDV8m2uSEotW02kjPN3Hw PgGCBd/Pqwp7ayqi7okHBGF1SfFpwT4KlHJ/np6p2uQ
--- SZxe5f/CUZBvPQa2Sz/UBY3L68rMkIGGRuZPk7YE+Vg --- AeLgwGz6k3OABb53cXNaCU/sgI4FlU1s6p8PhAaFOlg
¾r ú&…¥‹{~v?¨}=Ä 1ÌÉCÔ¹ð¤ŽULfI1¸Hm»Ûòb}m” ÁÅ¡ìg•ß0¦¢–¤`X<16>G>\>¹8rŽz+ŠY ™¼`—Ê¢.JBUÏ!z¸Z50ú*õ¡ÙŸ¤×ÖÇ®I<C2AE>ôÔ]¹Ïå I
}+ ¿SQM[²]Œ±k MÒAàtŒÃmMë/£µLsü|Þ…m©CÀñiYC}ƒŽ‡çxŽ€ ĵ<18>¿oÒÛ°…g„®„ÒêÁ³Â¿Ÿt©nƒºãcz[»{
jçå&ÁõõNæ°Nÿo{õš½‚ -eP¾=L‰™ 6¦.SP:»e¶

2
hosts/nixos/porthos/secrets/secrets.nix
View file

@ -80,6 +80,8 @@ in
"pyload/credentials.age".publicKeys = all; "pyload/credentials.age".publicKeys = all;
"servarr/autobrr/session-secret.age".publicKeys = all;
"sso/auth-key.age" = { "sso/auth-key.age" = {
owner = "nginx-sso"; owner = "nginx-sso";
publicKeys = all; publicKeys = all;

7
hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 cKojmg bu09lB+fjaPP31cUQZP6EqSPuseucgNK7k9vAS08iS0
+NGL+b2QD/qGo6hqHvosAXzHZtDvfodmPdcgnrKlD1o
-> ssh-ed25519 jPowng QDCdRBGWhtdvvMCiDH52cZHz1/W7aomhTatZ4+9IKwI
Ou3jjV/O55G1CPgGS33l3eWhhYWrVdwVNPSiE14d5rE
--- q0ssmpG50OX1WaNSInc2hbtH3DbTwQGDU74VGEoMh94
 ¯mCùº<C3B9>Æ'hK.Ðì/™Xu(€«Õ×g$½'¼šM{fK˜ !ÛMZ²oR÷®ˆüÎÕ<C38E>ÍŸö;yb

24
hosts/nixos/porthos/services.nix
View file

@ -51,10 +51,6 @@ in
passwordFile = secrets."forgejo/mail-password".path; passwordFile = secrets."forgejo/mail-password".path;
}; };
}; };
# Meta-indexers
indexers = {
prowlarr.enable = true;
};
# Jellyfin media server # Jellyfin media server
jellyfin.enable = true; jellyfin.enable = true;
# Gitea mirrorig service # Gitea mirrorig service
@ -95,6 +91,9 @@ in
nextcloud = { nextcloud = {
enable = true; enable = true;
passwordFile = secrets."nextcloud/password".path; passwordFile = secrets."nextcloud/password".path;
collabora = {
enable = true;
};
}; };
nix-cache = { nix-cache = {
enable = true; enable = true;
@ -141,19 +140,24 @@ in
sabnzbd.enable = true; sabnzbd.enable = true;
# The whole *arr software suite # The whole *arr software suite
servarr = { servarr = {
enable = true; enableAll = true;
autobrr = {
sessionSecretFile = secrets."servarr/autobrr/session-secret".path;
};
# ... But not Lidarr because I don't care for music that much # ... But not Lidarr because I don't care for music that much
lidarr = { lidarr = {
enable = false; enable = false;
}; };
# I only use Prowlarr nowadays
jackett = {
enable = false;
};
nzbhydra = {
enable = false;
};
}; };
# Because I still need to play sysadmin # Because I still need to play sysadmin
ssh-server.enable = true; ssh-server.enable = true;
# Recipe manager
tandoor-recipes = {
enable = true;
secretKeyFile = secrets."tandoor-recipes/secret-key".path;
};
# Torrent client and webui # Torrent client and webui
transmission = { transmission = {
enable = true; enable = true;

1
modules/home/default.nix
View file

@ -27,6 +27,7 @@
./mail ./mail
./mpv ./mpv
./nix ./nix
./nix-gl
./nix-index ./nix-index
./nixpkgs ./nixpkgs
./nm-applet ./nm-applet

1
modules/home/direnv/lib/python.sh
View file

@ -53,4 +53,5 @@ layout_uv() {
PATH_add "$VIRTUAL_ENV/bin" PATH_add "$VIRTUAL_ENV/bin"
watch_file pyproject.toml watch_file pyproject.toml
watch_file uv.lock watch_file uv.lock
watch_file .python-version
} }

28
modules/home/firefox/default.nix
View file

@ -61,19 +61,21 @@ in
"ui.systemUsesDarkTheme" = true; # Dark mode "ui.systemUsesDarkTheme" = true; # Dark mode
}; };
extensions = with pkgs.nur.repos.rycee.firefox-addons; ([ extensions = {
bitwarden packages = with pkgs.nur.repos.rycee.firefox-addons; ([
consent-o-matic bitwarden
form-history-control consent-o-matic
reddit-comment-collapser form-history-control
reddit-enhancement-suite reddit-comment-collapser
refined-github reddit-enhancement-suite
sponsorblock refined-github
ublock-origin sponsorblock
] ublock-origin
++ lib.optional (cfg.tridactyl.enable) tridactyl ]
++ lib.optional (cfg.ff2mpv.enable) ff2mpv ++ lib.optional (cfg.tridactyl.enable) tridactyl
); ++ lib.optional (cfg.ff2mpv.enable) ff2mpv
);
};
}; };
}; };
}; };

13
modules/home/git/default.nix
View file

@ -123,11 +123,6 @@ in
defaultBranch = "main"; defaultBranch = "main";
}; };
# Local configuration, not-versioned
include = {
path = "config.local";
};
merge = { merge = {
conflictStyle = "zdiff3"; conflictStyle = "zdiff3";
}; };
@ -167,8 +162,8 @@ in
}; };
}; };
# Multiple identities includes = lib.mkAfter [
includes = [ # Multiple identities
{ {
condition = "gitdir:~/git/EPITA/"; condition = "gitdir:~/git/EPITA/";
contents = { contents = {
@ -187,6 +182,10 @@ in
}; };
}; };
} }
# Local configuration, not-versioned
{
path = "config.local";
}
]; ];
ignores = ignores =

1
modules/home/jq/default.nix
View file

@ -17,6 +17,7 @@ in
strings = "0;32"; strings = "0;32";
arrays = "1;39"; arrays = "1;39";
objects = "1;39"; objects = "1;39";
objectKeys = "1;34";
}; };
}; };
} }

15
modules/home/mail/accounts/default.nix
View file

@ -26,20 +26,7 @@ let
}; };
migaduConfig = { migaduConfig = {
imap = { flavor = "migadu.com";
host = "imap.migadu.com";
port = 993;
tls = {
enable = true;
};
};
smtp = {
host = "smtp.migadu.com";
port = 465;
tls = {
enable = true;
};
};
}; };
gmailConfig = { gmailConfig = {

21
modules/home/nix-gl/default.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, inputs, lib, ... }:
let
cfg = config.my.home.nix-gl;
in
{
options.my.home.nix-gl = with lib; {
enable = mkEnableOption "nixGL configuration";
};
config = lib.mkIf cfg.enable (lib.mkMerge [
{
nixGL = {
inherit (inputs.nixgl) packages;
defaultWrapper = "mesa";
installScripts = [ "mesa" ];
};
}
]);
}

6
modules/home/packages/default.nix
View file

@ -1,6 +1,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, osConfig, ... }:
let let
cfg = config.my.home.packages; cfg = config.my.home.packages;
useGlobalPkgs = osConfig.home-manager.useGlobalPkgs or false;
in in
{ {
options.my.home.packages = with lib; { options.my.home.packages = with lib; {
@ -26,9 +27,10 @@ in
fd fd
file file
ripgrep ripgrep
tree
] ++ cfg.additionalPackages); ] ++ cfg.additionalPackages);
nixpkgs.config = { nixpkgs.config = lib.mkIf (!useGlobalPkgs) {
inherit (cfg) allowAliases allowUnfree; inherit (cfg) allowAliases allowUnfree;
}; };
}; };

6
modules/home/pager/default.nix
View file

@ -16,7 +16,11 @@ in
LESS = "-R -+X -c"; LESS = "-R -+X -c";
# Better XDG compliance # Better XDG compliance
LESSHISTFILE = "${config.xdg.stateHome}/less/history"; LESSHISTFILE = "${config.xdg.stateHome}/less/history";
LESSKEY = "${config.xdg.configHome}/less/lesskey";
}; };
xdg.configFile."lesskey".text = ''
# Quit without clearing the screen on `Q`
Q toggle-option -!^Predraw-on-quit\nq
'';
}; };
} }

BIN
modules/home/secrets/github/token.age
View file

Binary file not shown.

2
modules/home/secrets/secrets.nix
View file

@ -1,6 +1,6 @@
# Common secrets # Common secrets
let let
keys = import ../../keys; keys = import ../../../keys;
all = builtins.attrValues keys.users; all = builtins.attrValues keys.users;
in in

21
modules/home/tmux/default.nix
View file

@ -20,6 +20,8 @@ in
enablePassthrough = mkEnableOption "tmux DCS passthrough sequence"; enablePassthrough = mkEnableOption "tmux DCS passthrough sequence";
enableResurrect = mkEnableOption "tmux-resurrect plugin";
terminalFeatures = mkOption { terminalFeatures = mkOption {
type = with types; attrsOf (submodule { type = with types; attrsOf (submodule {
options = { options = {
@ -47,9 +49,12 @@ in
clock24 = true; # I'm one of those heathens clock24 = true; # I'm one of those heathens
escapeTime = 0; # Let vim do its thing instead escapeTime = 0; # Let vim do its thing instead
historyLimit = 100000; # Bigger buffer historyLimit = 100000; # Bigger buffer
mouse = false; # I dislike mouse support
focusEvents = true; # Report focus events
terminal = "tmux-256color"; # I want accurate termcap info terminal = "tmux-256color"; # I want accurate termcap info
aggressiveResize = true; # Automatic resize when switching client size
plugins = with pkgs.tmuxPlugins; [ plugins = with pkgs.tmuxPlugins; builtins.filter (attr: attr != { }) [
# Open high-lighted files in copy mode # Open high-lighted files in copy mode
open open
# Better pane management # Better pane management
@ -77,9 +82,23 @@ in
set -g status-right '#{prefix_highlight} %a %Y-%m-%d %H:%M' set -g status-right '#{prefix_highlight} %a %Y-%m-%d %H:%M'
''; '';
} }
# Resurrect sessions
(lib.optionalAttrs cfg.enableResurrect {
plugin = resurrect;
extraConfig = ''
set -g @resurrect-dir '${config.xdg.stateHome}/tmux/resurrect'
'';
})
]; ];
extraConfig = '' extraConfig = ''
# Refresh configuration
bind-key -N "Source tmux.conf" R source-file ${config.xdg.configHome}/tmux/tmux.conf \; display-message "Sourced tmux.conf!"
# Accept sloppy Ctrl key when switching windows, on top of default mapping
bind-key -N "Select the previous window" C-p previous-window
bind-key -N "Select the next window" C-n next-window
# Better vim mode # Better vim mode
bind-key -T copy-mode-vi 'v' send -X begin-selection bind-key -T copy-mode-vi 'v' send -X begin-selection
${ ${

6
modules/home/vim/after/ftplugin/query.vim Normal file
View file

@ -0,0 +1,6 @@
" Create the `b:undo_ftplugin` variable if it doesn't exist
call ftplugined#check_undo_ft()
" Use a small indentation value on query files
setlocal shiftwidth=2
let b:undo_ftplugin.='|setlocal shiftwidth<'

4
modules/home/vim/after/plugin/mappings/unimpaired.lua
View file

@ -31,8 +31,6 @@ local keys = {
{ "[u", desc = "URL encode" }, { "[u", desc = "URL encode" },
{ "[x", desc = "XML encode" }, { "[x", desc = "XML encode" },
{ "[y", desc = "C string encode" }, { "[y", desc = "C string encode" },
-- Custom
{ "[d", lsp.goto_prev_diagnostic, desc = "Previous diagnostic" },
-- Next -- Next
{ "]", group = "Next" }, { "]", group = "Next" },
@ -62,8 +60,6 @@ local keys = {
{ "]u", desc = "URL decode" }, { "]u", desc = "URL decode" },
{ "]x", desc = "XML decode" }, { "]x", desc = "XML decode" },
{ "]y", desc = "C string decode" }, { "]y", desc = "C string decode" },
-- Custom
{ "]d", lsp.goto_next_diagnostic, desc = "Next diagnostic" },
-- Enable option -- Enable option
{ "[o", group = "Enable option" }, { "[o", group = "Enable option" },

2
modules/home/vim/default.nix
View file

@ -59,7 +59,6 @@ in
# LSP and linting # LSP and linting
nvim-lspconfig # Easy LSP configuration nvim-lspconfig # Easy LSP configuration
lsp-format-nvim # Simplified formatting configuration lsp-format-nvim # Simplified formatting configuration
lsp_lines-nvim # Show diagnostics *over* regions
none-ls-nvim # LSP integration for linters and formatters none-ls-nvim # LSP integration for linters and formatters
nvim-treesitter.withAllGrammars # Better highlighting nvim-treesitter.withAllGrammars # Better highlighting
nvim-treesitter-textobjects # More textobjects nvim-treesitter-textobjects # More textobjects
@ -67,7 +66,6 @@ in
# Completion # Completion
luasnip # Snippet manager compatible with LSP luasnip # Snippet manager compatible with LSP
friendly-snippets # LSP snippets collection
nvim-cmp # Completion engine nvim-cmp # Completion engine
cmp-async-path # More responsive path completion cmp-async-path # More responsive path completion
cmp-buffer # Words from open buffers cmp-buffer # Words from open buffers

8
modules/home/vim/init.vim
View file

@ -68,8 +68,6 @@ set listchars=tab:>─,trail:·,nbsp:¤
" Use patience diff " Use patience diff
set diffopt+=algorithm:patience set diffopt+=algorithm:patience
" Align similar lines in each hunk
set diffopt+=linematch:50
" Don't redraw when executing macros " Don't redraw when executing macros
set lazyredraw set lazyredraw
@ -102,7 +100,11 @@ gruvbox.setup({
DiffText = { fg = colors.yellow, bg = colors.bg0 }, DiffText = { fg = colors.yellow, bg = colors.bg0 },
-- Directories "pop" better in blue -- Directories "pop" better in blue
Directory = { link = "GruvboxBlueBold" }, Directory = { link = "GruvboxBlueBold" },
} },
italic = {
-- Comments should not be italic, for e.g: box drawing
comments = false,
},
}) })
EOF EOF
" Use my preferred colorscheme " Use my preferred colorscheme

41
modules/home/vim/lua/ambroisie/lsp.lua
View file

@ -3,43 +3,6 @@ local M = {}
-- Simplified LSP formatting configuration -- Simplified LSP formatting configuration
local lsp_format = require("lsp-format") local lsp_format = require("lsp-format")
--- Move to the next/previous diagnostic, automatically showing the diagnostics
--- float if necessary.
--- @param forward bool whether to go forward or backwards
local function goto_diagnostic(forward)
vim.validate({
forward = { forward, "boolean" },
})
local opts = {
float = false,
}
-- Only show floating diagnostics if they are otherwise not displayed
local config = vim.diagnostic.config()
if not (config.virtual_text or config.virtual_lines) then
opts.float = true
end
if forward then
vim.diagnostic.goto_next(opts)
else
vim.diagnostic.goto_prev(opts)
end
end
--- Move to the next diagnostic, automatically showing the diagnostics float if
--- necessary.
M.goto_next_diagnostic = function()
goto_diagnostic(true)
end
--- Move to the previous diagnostic, automatically showing the diagnostics float
--- if necessary.
M.goto_prev_diagnostic = function()
goto_diagnostic(false)
end
--- shared LSP configuration callback --- shared LSP configuration callback
--- @param client native client configuration --- @param client native client configuration
--- @param bufnr int? buffer number of the attached client --- @param bufnr int? buffer number of the attached client
@ -79,6 +42,10 @@ M.on_attach = function(client, bufnr)
vim.diagnostic.config({ vim.diagnostic.config({
virtual_text = text, virtual_text = text,
virtual_lines = lines, virtual_lines = lines,
jump = {
-- Show float on jump if no diagnostic text is otherwise shown
float = not (text or lines),
},
}) })
end end

2
modules/home/vim/lua/ambroisie/utils.lua
View file

@ -38,7 +38,7 @@ end
--- @param bufnr int? buffer number --- @param bufnr int? buffer number
--- @return table all active LSP client names --- @return table all active LSP client names
M.list_lsp_clients = function(bufnr) M.list_lsp_clients = function(bufnr)
local clients = vim.lsp.get_active_clients({ bufnr = bufnr }) local clients = vim.lsp.get_clients({ bufnr = bufnr })
local names = {} local names = {}
for _, client in ipairs(clients) do for _, client in ipairs(clients) do

5
modules/home/vim/plugin/settings/fastfold.lua
View file

@ -1,5 +0,0 @@
-- Intercept all fold commands
-- stylua: ignore
vim.g.fastfold_fold_command_suffixes = {
"x", "X", "a", "A", "o", "O", "c", "C", "r", "R", "m", "M", "i", "n", "N",
}

3
modules/home/vim/plugin/settings/lsp-lines.lua
View file

@ -1,3 +0,0 @@
local lsp_lines = require("lsp_lines")
lsp_lines.setup()

21
modules/home/vim/plugin/settings/lspconfig.lua
View file

@ -16,6 +16,10 @@ vim.diagnostic.config({
update_in_insert = false, update_in_insert = false,
-- Show highest severity first -- Show highest severity first
severity_sort = true, severity_sort = true,
jump = {
-- Show float on diagnostic jumps
float = true,
},
}) })
-- Inform servers we are able to do completion, snippets, etc... -- Inform servers we are able to do completion, snippets, etc...
@ -74,6 +78,16 @@ if utils.is_executable("bash-language-server") then
filetypes = { "bash", "sh", "zsh" }, filetypes = { "bash", "sh", "zsh" },
capabilities = capabilities, capabilities = capabilities,
on_attach = lsp.on_attach, on_attach = lsp.on_attach,
settings = {
bashIde = {
shfmt = {
-- Simplify the code
simplifyCode = true,
-- Indent switch cases
caseIndent = true,
},
},
},
}) })
end end
@ -86,6 +100,13 @@ if utils.is_executable("starpls") then
end end
-- Generic -- Generic
if utils.is_executable("harper-ls") then
lspconfig.harper_ls.setup({
capabilities = capabilities,
on_attach = lsp.on_attach,
})
end
if utils.is_executable("typos-lsp") then if utils.is_executable("typos-lsp") then
lspconfig.typos_lsp.setup({ lspconfig.typos_lsp.setup({
capabilities = capabilities, capabilities = capabilities,

19
modules/home/vim/plugin/settings/lualine.lua
View file

@ -1,4 +1,5 @@
local lualine = require("lualine") local lualine = require("lualine")
local oil = require("oil")
local utils = require("ambroisie.utils") local utils = require("ambroisie.utils")
local function list_spell_languages() local function list_spell_languages()
@ -30,7 +31,7 @@ lualine.setup({
{ "mode" }, { "mode" },
}, },
lualine_b = { lualine_b = {
{ "FugitiveHead" }, { "branch" },
{ "filename", symbols = { readonly = "🔒" } }, { "filename", symbols = { readonly = "🔒" } },
}, },
lualine_c = { lualine_c = {
@ -57,5 +58,21 @@ lualine.setup({
extensions = { extensions = {
"fugitive", "fugitive",
"quickfix", "quickfix",
{
sections = {
lualine_a = {
{ "mode" },
},
lualine_b = {
{ "branch" },
},
lualine_c = {
function()
return vim.fn.fnamemodify(oil.get_current_dir(), ":~")
end,
},
},
filetypes = { "oil" },
},
}, },
}) })

1
modules/home/vim/plugin/settings/luasnip.lua
View file

@ -1 +0,0 @@
require("luasnip.loaders.from_vscode").lazy_load()

26
modules/home/vim/plugin/settings/null-ls.lua
View file

@ -46,29 +46,3 @@ null_ls.register({
condition = utils.is_executable_condition("isort"), condition = utils.is_executable_condition("isort"),
}), }),
}) })
-- Shell (non-POSIX)
null_ls.register({
null_ls.builtins.formatting.shfmt.with({
-- Indent with 4 spaces, simplify the code, indent switch cases,
-- add space after redirection, use bash dialect
extra_args = { "-i", "4", "-s", "-ci", "-sr", "-ln", "bash" },
-- Restrict to bash and zsh
filetypes = { "bash", "zsh" },
-- Only used if available
condition = utils.is_executable_condition("shfmt"),
}),
})
-- Shell (POSIX)
null_ls.register({
null_ls.builtins.formatting.shfmt.with({
-- Indent with 4 spaces, simplify the code, indent switch cases,
-- add space after redirection, use POSIX
extra_args = { "-i", "4", "-s", "-ci", "-sr", "-ln", "posix" },
-- Restrict to POSIX sh
filetypes = { "sh" },
-- Only used if available
condition = utils.is_executable_condition("shfmt"),
}),
})

2
modules/home/vim/plugin/settings/oil.lua
View file

@ -4,6 +4,8 @@ local wk = require("which-key")
local detail = false local detail = false
oil.setup({ oil.setup({
-- Don't show icons
columns = {},
view_options = { view_options = {
-- Show files and directories that start with "." by default -- Show files and directories that start with "." by default
show_hidden = true, show_hidden = true,

5
modules/home/wm/i3/default.nix
View file

@ -127,9 +127,10 @@ in
{ class = "^Blueman-.*$"; } { class = "^Blueman-.*$"; }
{ title = "^htop$"; } { title = "^htop$"; }
{ class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; } { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; }
{ class = "^Pavucontrol.*$"; } { class = "^pavucontrol.*$"; }
{ class = "^Arandr$"; } { class = "^Arandr$"; }
{ class = ".?blueman-manager.*$"; } { class = "^\\.blueman-manager-wrapped$"; }
{ class = "^\\.arandr-wrapped$"; }
]; ];
}; };

5
modules/home/xdg/default.nix
View file

@ -30,11 +30,10 @@ in
}; };
# A tidy home is a tidy mind # A tidy home is a tidy mind
dataFile = { dataFile = {
"bash/.keep".text = ""; "tig/.keep".text = ""; # `tig` uses `XDG_DATA_HOME` specifically...
"gdb/.keep".text = "";
"tig/.keep".text = "";
}; };
stateFile = { stateFile = {
"bash/.keep".text = "";
"python/.keep".text = ""; "python/.keep".text = "";
}; };
}; };

40
modules/home/zsh/default.nix
View file

@ -87,28 +87,26 @@ in
# Modal editing is life, but CLI benefits from emacs gymnastics # Modal editing is life, but CLI benefits from emacs gymnastics
defaultKeymap = "emacs"; defaultKeymap = "emacs";
# Make those happen early to avoid doing double the work initContent = lib.mkMerge [
initExtraFirst = lib.mkBefore '' # Make those happen early to avoid doing double the work
${ (lib.mkBefore (lib.optionalString cfg.launchTmux ''
lib.optionalString cfg.launchTmux '' # Launch tmux unless already inside one
# Launch tmux unless already inside one if [ -z "$TMUX" ]; then
if [ -z "$TMUX" ]; then exec tmux new-session
exec tmux new-session fi
fi ''))
''
}
'';
initExtra = lib.mkAfter '' (lib.mkAfter ''
source ${./completion-styles.zsh} source ${./completion-styles.zsh}
source ${./extra-mappings.zsh} source ${./extra-mappings.zsh}
source ${./options.zsh} source ${./options.zsh}
# Source local configuration # Source local configuration
if [ -f "$ZDOTDIR/zshrc.local" ]; then if [ -f "$ZDOTDIR/zshrc.local" ]; then
source "$ZDOTDIR/zshrc.local" source "$ZDOTDIR/zshrc.local"
fi fi
''; '')
];
localVariables = { localVariables = {
# I like having the full path # I like having the full path
@ -151,7 +149,7 @@ in
}; };
# Use OSC-777 to send the notification through SSH # Use OSC-777 to send the notification through SSH
initExtra = lib.mkIf cfg.notify.ssh.useOsc777 '' initContent = lib.mkIf cfg.notify.ssh.useOsc777 ''
done_send_notification() { done_send_notification() {
local exit_status="$1" local exit_status="$1"
local title="$2" local title="$2"

2
modules/nixos/hardware/bluetooth/default.nix
View file

@ -20,7 +20,7 @@ in
# Support for additional bluetooth codecs # Support for additional bluetooth codecs
(lib.mkIf cfg.loadExtraCodecs { (lib.mkIf cfg.loadExtraCodecs {
hardware.pulseaudio = { services.pulseaudio = {
extraModules = [ pkgs.pulseaudio-modules-bt ]; extraModules = [ pkgs.pulseaudio-modules-bt ];
package = pkgs.pulseaudioFull; package = pkgs.pulseaudioFull;
}; };

3
modules/nixos/hardware/graphics/default.nix
View file

@ -33,9 +33,8 @@ in
# AMD GPU # AMD GPU
(lib.mkIf (cfg.gpuFlavor == "amd") { (lib.mkIf (cfg.gpuFlavor == "amd") {
boot.initrd.kernelModules = lib.mkIf cfg.amd.enableKernelModule [ "amdgpu" ];
hardware.amdgpu = { hardware.amdgpu = {
initrd.enable = cfg.amd.enableKernelModule;
# Vulkan # Vulkan
amdvlk = lib.mkIf cfg.amd.amdvlk { amdvlk = lib.mkIf cfg.amd.amdvlk {
enable = true; enable = true;

5
modules/nixos/hardware/sound/default.nix
View file

@ -54,10 +54,7 @@ in
# Pulseaudio setup # Pulseaudio setup
(lib.mkIf cfg.pulse.enable { (lib.mkIf cfg.pulse.enable {
# ALSA services.pulseaudio.enable = true;
sound.enable = true;
hardware.pulseaudio.enable = true;
}) })
]); ]);
} }

4
modules/nixos/services/aria/default.nix
View file

@ -65,9 +65,7 @@ in
aria-rpc = { aria-rpc = {
port = cfg.rpcPort; port = cfg.rpcPort;
# Proxy websockets for RPC # Proxy websockets for RPC
extraConfig = { websocketsLocations = [ "/" ];
locations."/".proxyWebsockets = true;
};
}; };
}; };

4
modules/nixos/services/audiobookshelf/default.nix
View file

@ -30,9 +30,7 @@ in
audiobookshelf = { audiobookshelf = {
inherit (cfg) port; inherit (cfg) port;
# Proxy websockets for RPC # Proxy websockets for RPC
extraConfig = { websocketsLocations = [ "/" ];
locations."/".proxyWebsockets = true;
};
}; };
}; };

2
modules/nixos/services/default.nix
View file

@ -14,7 +14,7 @@
./forgejo ./forgejo
./gitea ./gitea
./grocy ./grocy
./indexers ./homebox
./jellyfin ./jellyfin
./komga ./komga
./lohr ./lohr

42
modules/nixos/services/homebox/default.nix Normal file
View file

@ -0,0 +1,42 @@
# Home inventory made easy
{ config, lib, ... }:
let
cfg = config.my.services.homebox;
in
{
options.my.services.homebox = with lib; {
enable = mkEnableOption "Homebox home inventory";
port = mkOption {
type = types.port;
default = 7745;
example = 8080;
description = "Internal port for webui";
};
};
config = lib.mkIf cfg.enable {
services.homebox = {
enable = true;
settings = {
# FIXME: mailer?
HBOX_WEB_PORT = toString cfg.port;
};
};
my.services.nginx.virtualHosts = {
homebox = {
inherit (cfg) port;
};
};
my.services.backup = {
paths = [
config.services.homebox.settings.HBOX_STORAGE_DATA
];
};
# NOTE: unfortunately homebox does not log connection failures for fail2ban
};
}

78
modules/nixos/services/indexers/default.nix
View file

@ -1,78 +0,0 @@
# Torrent and usenet meta-indexers
{ config, lib, ... }:
let
cfg = config.my.services.indexers;
jackettPort = 9117;
nzbhydraPort = 5076;
prowlarrPort = 9696;
in
{
options.my.services.indexers = with lib; {
jackett.enable = mkEnableOption "Jackett torrent meta-indexer";
nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer";
prowlarr.enable = mkEnableOption "Prowlarr torrent & usenet meta-indexer";
};
config = lib.mkMerge [
(lib.mkIf cfg.jackett.enable {
services.jackett = {
enable = true;
};
# Jackett wants to eat *all* my RAM if left to its own devices
systemd.services.jackett = {
serviceConfig = {
MemoryHigh = "15%";
MemoryMax = "25%";
};
};
my.services.nginx.virtualHosts = {
jackett = {
port = jackettPort;
};
};
})
(lib.mkIf cfg.nzbhydra.enable {
services.nzbhydra2 = {
enable = true;
};
my.services.nginx.virtualHosts = {
nzbhydra = {
port = nzbhydraPort;
};
};
})
(lib.mkIf cfg.prowlarr.enable {
services.prowlarr = {
enable = true;
};
my.services.nginx.virtualHosts = {
prowlarr = {
port = prowlarrPort;
};
};
services.fail2ban.jails = {
prowlarr = ''
enabled = true
filter = prowlarr
action = iptables-allports
'';
};
environment.etc = {
"fail2ban/filter.d/prowlarr.conf".text = ''
[Definition]
failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
journalmatch = _SYSTEMD_UNIT=prowlarr.service
'';
};
})
];
}

6
modules/nixos/services/jellyfin/default.nix
View file

@ -27,17 +27,13 @@ in
my.services.nginx.virtualHosts = { my.services.nginx.virtualHosts = {
jellyfin = { jellyfin = {
port = 8096; port = 8096;
websocketsLocations = [ "/socket" ];
extraConfig = { extraConfig = {
locations."/" = { locations."/" = {
extraConfig = '' extraConfig = ''
proxy_buffering off; proxy_buffering off;
''; '';
}; };
# Too bad for the repetition...
locations."/socket" = {
proxyPass = "http://127.0.0.1:8096/";
proxyWebsockets = true;
};
}; };
}; };
}; };

8
modules/nixos/services/komga/default.nix
View file

@ -18,13 +18,13 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.komga = { services.komga = {
enable = true; enable = true;
inherit (cfg) port;
group = "media"; group = "media";
};
systemd.services.komga.environment = { settings = {
LOGGING_LEVEL_ORG_GOTSON_KOMGA = "DEBUG"; # Needed for fail2ban server.port = cfg.port;
logging.level.org.gotson.komga = "DEBUG"; # Needed for fail2ban
};
}; };
# Set-up media group # Set-up media group

50
modules/nixos/services/nextcloud/collabora.nix Normal file
View file

@ -0,0 +1,50 @@
# Document editor with Nextcloud
{ config, lib, ... }:
let
cfg = config.my.services.nextcloud.collabora;
in
{
options.my.services.nextcloud.collabora = with lib; {
enable = mkEnableOption "Collabora integration";
port = mkOption {
type = types.port;
default = 9980;
example = 8080;
description = "Internal port for API";
};
};
config = lib.mkIf cfg.enable {
services.collabora-online = {
enable = true;
inherit (cfg) port;
aliasGroups = [
{
host = "https://collabora.${config.networking.domain}";
# Allow using from nextcloud
aliases = [ "https://${config.services.nextcloud.hostName}" ];
}
];
settings = {
# Rely on reverse proxy for SSL
ssl = {
enable = false;
termination = true;
};
};
};
my.services.nginx.virtualHosts = {
collabora = {
inherit (cfg) port;
websocketsLocations = [
"~ ^/cool/(.*)/ws$"
"^~ /cool/adminws"
];
};
};
};
}

6
modules/nixos/services/nextcloud/default.nix
View file

@ -4,6 +4,10 @@ let
cfg = config.my.services.nextcloud; cfg = config.my.services.nextcloud;
in in
{ {
imports = [
./collabora.nix
];
options.my.services.nextcloud = with lib; { options.my.services.nextcloud = with lib; {
enable = mkEnableOption "Nextcloud"; enable = mkEnableOption "Nextcloud";
maxSize = mkOption { maxSize = mkOption {
@ -31,7 +35,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud30; package = pkgs.nextcloud31;
hostName = "nextcloud.${config.networking.domain}"; hostName = "nextcloud.${config.networking.domain}";
home = "/var/lib/nextcloud"; home = "/var/lib/nextcloud";
maxUploadSize = cfg.maxSize; maxUploadSize = cfg.maxSize;

66
modules/nixos/services/nginx/default.nix
View file

@ -17,6 +17,16 @@ let
''; '';
}; };
websocketsLocations = mkOption {
type = with types; listOf str;
default = [ ];
example = [ "/socket" ];
description = ''
Which locations on this virtual host should be configured for
websockets.
'';
};
port = mkOption { port = mkOption {
type = with types; nullOr port; type = with types; nullOr port;
default = null; default = null;
@ -60,10 +70,13 @@ let
extraConfig = mkOption { extraConfig = mkOption {
type = types.attrs; # FIXME: forward type of virtualHosts type = types.attrs; # FIXME: forward type of virtualHosts
example = { example = {
locations."/socket" = { extraConfig = ''
proxyPass = "http://127.0.0.1:8096/"; add_header X-Clacks-Overhead "GNU Terry Pratchett";
proxyWebsockets = true; '';
};
locations."/".extraConfig = ''
client_max_body_size 1G;
'';
}; };
default = { }; default = { };
description = '' description = ''
@ -74,10 +87,6 @@ let
}); });
in in
{ {
imports = [
./sso
];
options.my.services.nginx = with lib; { options.my.services.nginx = with lib; {
enable = mkEnableOption "Nginx"; enable = mkEnableOption "Nginx";
@ -86,7 +95,7 @@ in
type = types.str; type = types.str;
example = "/var/lib/acme/creds.env"; example = "/var/lib/acme/creds.env";
description = '' description = ''
Gandi API key file as an 'EnvironmentFile' (see `systemd.exec(5)`) OVH API key file as an 'EnvironmentFile' (see `systemd.exec(5)`)
''; '';
}; };
}; };
@ -108,12 +117,7 @@ in
}; };
jellyfin = { jellyfin = {
port = 8096; port = 8096;
extraConfig = { websocketsLocations = [ "/socket" ];
locations."/socket" = {
proxyPass = "http://127.0.0.1:8096/";
proxyWebsockets = true;
};
};
}; };
}; };
description = '' description = ''
@ -195,6 +199,19 @@ in
} configured. } configured.
''; '';
})) }))
++ (lib.flip lib.mapAttrsToList cfg.virtualHosts (_: { subdomain, ... } @ args:
let
proxyPass = [ "port" "socket" ];
proxyPassUsed = lib.any (v: args.${v} != null) proxyPass;
in
{
assertion = args.websocketsLocations != [ ] -> proxyPassUsed;
message = ''
Subdomain '${subdomain}' can only use 'websocketsLocations' with one of ${
lib.concatStringsSep ", " (builtins.map (v: "'${v}'") proxyPass)
}.
'';
}))
++ ( ++ (
let let
ports = lib.my.mapFilter ports = lib.my.mapFilter
@ -236,11 +253,18 @@ in
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedZstdSettings = true;
virtualHosts = virtualHosts =
let let
domain = config.networking.domain; domain = config.networking.domain;
mkProxyPass = { websocketsLocations, ... }: proxyPass:
let
websockets = lib.genAttrs websocketsLocations (_: {
inherit proxyPass;
proxyWebsockets = true;
});
in
{ "/" = { inherit proxyPass; }; } // websockets;
mkVHost = ({ subdomain, ... } @ args: lib.nameValuePair mkVHost = ({ subdomain, ... } @ args: lib.nameValuePair
"${subdomain}.${domain}" "${subdomain}.${domain}"
(lib.my.recursiveMerge [ (lib.my.recursiveMerge [
@ -251,8 +275,7 @@ in
} }
# Proxy to port # Proxy to port
(lib.optionalAttrs (args.port != null) { (lib.optionalAttrs (args.port != null) {
locations."/".proxyPass = locations = mkProxyPass args "http://127.0.0.1:${toString args.port}";
"http://127.0.0.1:${toString args.port}";
}) })
# Serve filesystem content # Serve filesystem content
(lib.optionalAttrs (args.root != null) { (lib.optionalAttrs (args.root != null) {
@ -260,8 +283,7 @@ in
}) })
# Serve to UNIX socket # Serve to UNIX socket
(lib.optionalAttrs (args.socket != null) { (lib.optionalAttrs (args.socket != null) {
locations."/".proxyPass = locations = mkProxyPass args "http://unix:${args.socket}";
"http://unix:${args.socket}";
}) })
# Redirect to a different domain # Redirect to a different domain
(lib.optionalAttrs (args.redirect != null) { (lib.optionalAttrs (args.redirect != null) {
@ -281,6 +303,7 @@ in
locations."/" = { locations."/" = {
extraConfig = extraConfig =
# FIXME: check that X-User is dropped otherwise
(args.extraConfig.locations."/".extraConfig or "") + '' (args.extraConfig.locations."/".extraConfig or "") + ''
# Use SSO # Use SSO
auth_request /sso-auth; auth_request /sso-auth;
@ -414,7 +437,8 @@ in
{ {
"${domain}" = { "${domain}" = {
extraDomainNames = [ "*.${domain}" ]; extraDomainNames = [ "*.${domain}" ];
dnsProvider = "gandiv5"; dnsProvider = "ovh";
dnsPropagationCheck = false; # OVH is slow
inherit (cfg.acme) credentialsFile; inherit (cfg.acme) credentialsFile;
}; };
}; };

84
modules/nixos/services/nginx/sso/default.nix
View file

@ -1,84 +0,0 @@
# I must override the module to allow having runtime secrets
{ config, lib, pkgs, utils, ... }:
let
cfg = config.services.nginx.sso;
pkg = lib.getBin cfg.package;
confPath = "/var/lib/nginx-sso/config.json";
in
{
disabledModules = [ "services/security/nginx-sso.nix" ];
options.services.nginx.sso = with lib; {
enable = mkEnableOption "nginx-sso service";
package = mkOption {
type = types.package;
default = pkgs.nginx-sso;
defaultText = "pkgs.nginx-sso";
description = ''
The nginx-sso package that should be used.
'';
};
configuration = mkOption {
type = types.attrsOf types.unspecified;
default = { };
example = literalExample ''
{
listen = { addr = "127.0.0.1"; port = 8080; };
providers.token.tokens = {
myuser = "MyToken";
};
acl = {
rule_sets = [
{
rules = [ { field = "x-application"; equals = "MyApp"; } ];
allow = [ "myuser" ];
}
];
};
}
'';
description = ''
nginx-sso configuration
(<link xlink:href="https://github.com/Luzifer/nginx-sso/wiki/Main-Configuration">documentation</link>)
as a Nix attribute set.
'';
};
};
config = lib.mkIf cfg.enable {
systemd.services.nginx-sso = {
description = "Nginx SSO Backend";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
StateDirectory = "nginx-sso";
WorkingDirectory = "/var/lib/nginx-sso";
# The files to be merged might not have the correct permissions
ExecStartPre = pkgs.writeShellScript "merge-nginx-sso-config" ''
rm -f '${confPath}'
${utils.genJqSecretsReplacementSnippet cfg.configuration confPath}
'';
ExecStart = lib.mkForce ''
${lib.getExe pkg} \
--config ${confPath} \
--frontend-dir ${pkg}/share/frontend
'';
Restart = "always";
User = "nginx-sso";
Group = "nginx-sso";
};
};
users.users.nginx-sso = {
isSystemUser = true;
group = "nginx-sso";
};
users.groups.nginx-sso = { };
};
}

68
modules/nixos/services/paperless/default.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, ... }:
let let
cfg = config.my.services.paperless; cfg = config.my.services.paperless;
in in
@ -61,11 +61,6 @@ in
PAPERLESS_ENABLE_HTTP_REMOTE_USER = true; PAPERLESS_ENABLE_HTTP_REMOTE_USER = true;
PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER"; PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER";
# Use PostgreSQL
PAPERLESS_DBHOST = "/run/postgresql";
PAPERLESS_DBUSER = "paperless";
PAPERLESS_DBNAME = "paperless";
# Security settings # Security settings
PAPERLESS_ALLOWED_HOSTS = paperlessDomain; PAPERLESS_ALLOWED_HOSTS = paperlessDomain;
PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}"; PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}";
@ -80,63 +75,18 @@ in
# Misc # Misc
PAPERLESS_TIME_ZONE = config.time.timeZone; PAPERLESS_TIME_ZONE = config.time.timeZone;
PAPERLESS_ADMIN_USER = cfg.username; PAPERLESS_ADMIN_USER = cfg.username;
# Fix classifier hangs
LD_LIBRARY_PATH = "${lib.getLib pkgs.mkl}/lib";
}; };
# Admin password # Admin password
passwordFile = cfg.passwordFile; passwordFile = cfg.passwordFile;
};
systemd.services = { # Secret key
paperless-scheduler = { environmentFile = cfg.secretKeyFile;
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
serviceConfig = { # Automatic PostgreSQL provisioning
EnvironmentFile = cfg.secretKeyFile; database = {
}; createLocally = true;
}; };
paperless-consumer = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
serviceConfig = {
EnvironmentFile = cfg.secretKeyFile;
};
};
paperless-web = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
serviceConfig = {
EnvironmentFile = cfg.secretKeyFile;
};
};
paperless-task-queue = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
serviceConfig = {
EnvironmentFile = cfg.secretKeyFile;
};
};
};
# Set-up database
services.postgresql = {
enable = true;
ensureDatabases = [ "paperless" ];
ensureUsers = [
{
name = "paperless";
ensureDBOwnership = true;
}
];
}; };
# Set-up media group # Set-up media group
@ -152,11 +102,7 @@ in
sso = { sso = {
enable = true; enable = true;
}; };
websocketsLocations = [ "/" ];
# Enable websockets on root
extraConfig = {
locations."/".proxyWebsockets = true;
};
}; };
}; };

8
modules/nixos/services/postgresql/default.nix
View file

@ -14,7 +14,7 @@ in
# Let other services enable postgres when they need it # Let other services enable postgres when they need it
(lib.mkIf cfg.enable { (lib.mkIf cfg.enable {
services.postgresql = { services.postgresql = {
package = pkgs.postgresql_13; package = pkgs.postgresql_17;
}; };
}) })
@ -23,15 +23,15 @@ in
environment.systemPackages = environment.systemPackages =
let let
pgCfg = config.services.postgresql; pgCfg = config.services.postgresql;
newPackage' = pkgs.postgresql_13; newPackage' = pkgs.postgresql_17;
oldPackage = if pgCfg.enableJIT then pgCfg.package.withJIT else pgCfg.package; oldPackage = if pgCfg.enableJIT then pgCfg.package.withJIT else pgCfg.package;
oldData = pgCfg.dataDir; oldData = pgCfg.dataDir;
oldBin = "${if pgCfg.extraPlugins == [] then oldPackage else oldPackage.withPackages pgCfg.extraPlugins}/bin"; oldBin = "${if pgCfg.extensions == [] then oldPackage else oldPackage.withPackages pgCfg.extensions}/bin";
newPackage = if pgCfg.enableJIT then newPackage'.withJIT else newPackage'; newPackage = if pgCfg.enableJIT then newPackage'.withJIT else newPackage';
newData = "/var/lib/postgresql/${newPackage.psqlSchema}"; newData = "/var/lib/postgresql/${newPackage.psqlSchema}";
newBin = "${if pgCfg.extraPlugins == [] then newPackage else newPackage.withPackages pgCfg.extraPlugins}/bin"; newBin = "${if pgCfg.extensions == [] then newPackage else newPackage.withPackages pgCfg.extensions}/bin";
in in
[ [
(pkgs.writeScriptBin "upgrade-pg-cluster" '' (pkgs.writeScriptBin "upgrade-pg-cluster" ''

16
modules/nixos/services/pyload/default.nix
View file

@ -53,6 +53,20 @@ in
}; };
}; };
# FIXME: fail2ban services.fail2ban.jails = {
pyload = ''
enabled = true
filter = pyload
port = http,https
'';
};
environment.etc = {
"fail2ban/filter.d/pyload.conf".text = ''
[Definition]
failregex = ^.*Login failed for user '<F-USER>.*</F-USER>' \[CLIENT: <HOST>\]$
journalmatch = _SYSTEMD_UNIT=pyload.service
'';
};
}; };
} }

62
modules/nixos/services/servarr/autobrr.nix Normal file
View file

@ -0,0 +1,62 @@
# IRC-based
{ config, lib, ... }:
let
cfg = config.my.services.servarr.autobrr;
in
{
options.my.services.servarr.autobrr = with lib; {
enable = mkEnableOption "autobrr IRC announce tracker" // {
default = config.my.services.servarr.enableAll;
};
port = mkOption {
type = types.port;
default = 7474;
example = 8080;
description = "Internal port for webui";
};
sessionSecretFile = mkOption {
type = types.str;
example = "/run/secrets/autobrr-secret.txt";
description = ''
File containing the session secret.
'';
};
};
config = lib.mkIf cfg.enable {
services.autobrr = {
enable = true;
settings = {
inherit (cfg) port;
checkForUpdates = false;
};
secretFile = cfg.sessionSecretFile;
};
my.services.nginx.virtualHosts = {
autobrr = {
inherit (cfg) port;
};
};
services.fail2ban.jails = {
autobrr = ''
enabled = true
filter = autobrr
action = iptables-allports
'';
};
environment.etc = {
"fail2ban/filter.d/autobrr.conf".text = ''
[Definition]
failregex = ^.*Auth: invalid login \[.*\] from: <HOST>$
journalmatch = _SYSTEMD_UNIT=autobrr.service
'';
};
};
}

37
modules/nixos/services/servarr/bazarr.nix Normal file
View file

@ -0,0 +1,37 @@
{ config, lib, ... }:
let
cfg = config.my.services.servarr.bazarr;
in
{
options.my.services.servarr.bazarr = with lib; {
enable = lib.mkEnableOption "Bazarr" // {
default = config.my.services.servarr.enableAll;
};
port = mkOption {
type = types.port;
default = 6767;
example = 8080;
description = "Internal port for webui";
};
};
config = lib.mkIf cfg.enable {
services.bazarr = {
enable = true;
group = "media";
listenPort = cfg.port;
};
# Set-up media group
users.groups.media = { };
my.services.nginx.virtualHosts = {
bazarr = {
inherit (cfg) port;
};
};
# Bazarr does not log authentication failures...
};
}

106
modules/nixos/services/servarr/default.nix
View file

@ -2,99 +2,21 @@
# Relevant link [1]. # Relevant link [1].
# #
# [1]: https://youtu.be/I26Ql-uX6AM # [1]: https://youtu.be/I26Ql-uX6AM
{ config, lib, ... }: { lib, ... }:
let
cfg = config.my.services.servarr;
ports = {
bazarr = 6767;
lidarr = 8686;
radarr = 7878;
readarr = 8787;
sonarr = 8989;
};
mkService = service: {
services.${service} = {
enable = true;
group = "media";
};
};
mkRedirection = service: {
my.services.nginx.virtualHosts = {
${service} = {
port = ports.${service};
};
};
};
mkFail2Ban = service: lib.mkIf cfg.${service}.enable {
services.fail2ban.jails = {
${service} = ''
enabled = true
filter = ${service}
action = iptables-allports
'';
};
environment.etc = {
"fail2ban/filter.d/${service}.conf".text = ''
[Definition]
failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
journalmatch = _SYSTEMD_UNIT=${service}.service
'';
};
};
mkFullConfig = service: lib.mkIf cfg.${service}.enable (lib.mkMerge [
(mkService service)
(mkRedirection service)
]);
in
{ {
imports = [
./autobrr.nix
./bazarr.nix
./jackett.nix
./nzbhydra.nix
./prowlarr.nix
(import ./starr.nix "lidarr")
(import ./starr.nix "radarr")
(import ./starr.nix "readarr")
(import ./starr.nix "sonarr")
];
options.my.services.servarr = { options.my.services.servarr = {
enable = lib.mkEnableOption "Media automation"; enableAll = lib.mkEnableOption "media automation suite";
bazarr = {
enable = lib.my.mkDisableOption "Bazarr";
};
lidarr = {
enable = lib.my.mkDisableOption "Lidarr";
};
radarr = {
enable = lib.my.mkDisableOption "Radarr";
};
readarr = {
enable = lib.my.mkDisableOption "Readarr";
};
sonarr = {
enable = lib.my.mkDisableOption "Sonarr";
};
}; };
config = lib.mkIf cfg.enable (lib.mkMerge [
{
# Set-up media group
users.groups.media = { };
}
# Bazarr does not log authentication failures...
(mkFullConfig "bazarr")
# Lidarr for music
(mkFullConfig "lidarr")
(mkFail2Ban "lidarr")
# Radarr for movies
(mkFullConfig "radarr")
(mkFail2Ban "radarr")
# Readarr for books
(mkFullConfig "readarr")
(mkFail2Ban "readarr")
# Sonarr for shows
(mkFullConfig "sonarr")
(mkFail2Ban "sonarr")
]);
} }

41
modules/nixos/services/servarr/jackett.nix Normal file
View file

@ -0,0 +1,41 @@
{ config, lib, ... }:
let
cfg = config.my.services.servarr.jackett;
in
{
options.my.services.servarr.jackett = with lib; {
enable = lib.mkEnableOption "Jackett" // {
default = config.my.services.servarr.enableAll;
};
port = mkOption {
type = types.port;
default = 9117;
example = 8080;
description = "Internal port for webui";
};
};
config = lib.mkIf cfg.enable {
services.jackett = {
enable = true;
inherit (cfg) port;
};
# Jackett wants to eat *all* my RAM if left to its own devices
systemd.services.jackett = {
serviceConfig = {
MemoryHigh = "15%";
MemoryMax = "25%";
};
};
my.services.nginx.virtualHosts = {
jackett = {
inherit (cfg) port;
};
};
# Jackett does not log authentication failures...
};
}

26
modules/nixos/services/servarr/nzbhydra.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, lib, ... }:
let
cfg = config.my.services.servarr.nzbhydra;
in
{
options.my.services.servarr.nzbhydra = with lib; {
enable = lib.mkEnableOption "NZBHydra2" // {
default = config.my.services.servarr.enableAll;
};
};
config = lib.mkIf cfg.enable {
services.nzbhydra2 = {
enable = true;
};
my.services.nginx.virtualHosts = {
nzbhydra = {
port = 5076;
websocketsLocations = [ "/" ];
};
};
# NZBHydra2 does not log authentication failures...
};
}

53
modules/nixos/services/servarr/prowlarr.nix Normal file
View file

@ -0,0 +1,53 @@
# Torrent and NZB indexer
{ config, lib, ... }:
let
cfg = config.my.services.servarr.prowlarr;
in
{
options.my.services.servarr.prowlarr = with lib; {
enable = lib.mkEnableOption "Prowlarr" // {
default = config.my.services.servarr.enableAll;
};
port = mkOption {
type = types.port;
default = 9696;
example = 8080;
description = "Internal port for webui";
};
};
config = lib.mkIf cfg.enable {
services.prowlarr = {
enable = true;
settings = {
server = {
port = cfg.port;
};
};
};
my.services.nginx.virtualHosts = {
prowlarr = {
inherit (cfg) port;
};
};
services.fail2ban.jails = {
prowlarr = ''
enabled = true
filter = prowlarr
action = iptables-allports
'';
};
environment.etc = {
"fail2ban/filter.d/prowlarr.conf".text = ''
[Definition]
failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
journalmatch = _SYSTEMD_UNIT=prowlarr.service
'';
};
};
}

64
modules/nixos/services/servarr/starr.nix Normal file
View file

@ -0,0 +1,64 @@
# Templated *arr configuration
starr:
{ config, lib, ... }:
let
cfg = config.my.services.servarr.${starr};
ports = {
lidarr = 8686;
radarr = 7878;
readarr = 8787;
sonarr = 8989;
};
in
{
options.my.services.servarr.${starr} = with lib; {
enable = lib.mkEnableOption (lib.toSentenceCase starr) // {
default = config.my.services.servarr.enableAll;
};
port = mkOption {
type = types.port;
default = ports.${starr};
example = 8080;
description = "Internal port for webui";
};
};
config = lib.mkIf cfg.enable {
services.${starr} = {
enable = true;
group = "media";
settings = {
server = {
port = cfg.port;
};
};
};
# Set-up media group
users.groups.media = { };
my.services.nginx.virtualHosts = {
${starr} = {
port = cfg.port;
};
};
services.fail2ban.jails = {
${starr} = ''
enabled = true
filter = ${starr}
action = iptables-allports
'';
};
environment.etc = {
"fail2ban/filter.d/${starr}.conf".text = ''
[Definition]
failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
journalmatch = _SYSTEMD_UNIT=${starr}.service
'';
};
};
}

6
modules/nixos/system/packages/default.nix
View file

@ -1,5 +1,5 @@
# Common packages # Common packages
{ config, lib, pkgs, ... }: { config, lib, ... }:
let let
cfg = config.my.system.packages; cfg = config.my.system.packages;
in in
@ -13,10 +13,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [
wget
];
programs = { programs = {
vim = { vim = {
enable = true; enable = true;

2
pkgs/bw-pass/bw-pass
View file

@ -66,7 +66,7 @@ query_password() {
printf '%s\n' "$PASSWORD" printf '%s\n' "$PASSWORD"
} }
if [ $# -lt 1 ] || [ $# -gt 2 ]; then if [ $# -lt 1 ] || [ $# -gt 2 ]; then
usage usage
exit 1 exit 1
fi fi

47
pkgs/cgt-calc/default.nix
View file

@ -1,47 +0,0 @@
{ lib
, fetchFromGitHub
, python3Packages
, withTeXLive ? true
, texliveSmall
}:
python3Packages.buildPythonApplication rec {
pname = "cgt-calc";
version = "1.13.0";
pyproject = true;
src = fetchFromGitHub {
owner = "KapJI";
repo = "capital-gains-calculator";
rev = "v${version}";
hash = "sha256-y/Y05wG89nccXyxfjqazyPJhd8dOkfwRJre+Rzx97Hw=";
};
build-system = with python3Packages; [
poetry-core
];
dependencies = with python3Packages; [
defusedxml
jinja2
pandas
requests
types-requests
yfinance
];
makeWrapperArgs = lib.optionals withTeXLive [
"--prefix"
"PATH"
":"
"${lib.getBin texliveSmall}/bin"
];
meta = with lib; {
description = "UK capital gains tax calculator";
homepage = "https://github.com/KapJI/capital-gains-calculator";
license = with licenses; [ mit ];
mainProgram = "cgt-calc";
maintainers = with maintainers; [ ambroisie ];
platforms = platforms.unix;
};
}

2
pkgs/change-audio/change-audio
View file

@ -62,7 +62,7 @@ do_toggle() {
} }
case "$1" in case "$1" in
up|down) up | down)
do_change_volume "$@" do_change_volume "$@"
;; ;;
toggle) toggle)

2
pkgs/default.nix
View file

@ -2,8 +2,6 @@
pkgs.lib.makeScope pkgs.newScope (pkgs: { pkgs.lib.makeScope pkgs.newScope (pkgs: {
bw-pass = pkgs.callPackage ./bw-pass { }; bw-pass = pkgs.callPackage ./bw-pass { };
cgt-calc = pkgs.callPackage ./cgt-calc { };
change-audio = pkgs.callPackage ./change-audio { }; change-audio = pkgs.callPackage ./change-audio { };
change-backlight = pkgs.callPackage ./change-backlight { }; change-backlight = pkgs.callPackage ./change-backlight { };

14
pkgs/diff-flake/diff-flake
View file

@ -81,23 +81,23 @@ parse_args() {
shift shift
case "$opt" in case "$opt" in
-h|--help) -h | --help)
usage usage
exit exit
;; ;;
-f|--flake-output) -f | --flake-output)
FLAKE_OUTPUTS+=("$1") FLAKE_OUTPUTS+=("$1")
shift shift
;; ;;
-o|--output) -o | --output)
OUTPUT_FILE="$1" OUTPUT_FILE="$1"
shift shift
;; ;;
-n|--new-rev) -n | --new-rev)
NEW_REV="$(git rev-parse "$1")" NEW_REV="$(git rev-parse "$1")"
shift shift
;; ;;
-p|--previous-rev) -p | --previous-rev)
PREVIOUS_REV="$(git rev-parse "$1")" PREVIOUS_REV="$(git rev-parse "$1")"
shift shift
;; ;;
@ -157,7 +157,7 @@ list_dev_shells() {
} }
diff_output() { diff_output() {
local PREV NEW; local PREV NEW
PREV="$(mktemp --dry-run)" PREV="$(mktemp --dry-run)"
NEW="$(mktemp --dry-run)" NEW="$(mktemp --dry-run)"
@ -169,7 +169,7 @@ diff_output() {
printf 'Closure diff for `%s`:\n```\n' "$1" printf 'Closure diff for `%s`:\n```\n' "$1"
nix store diff-closures "$PREV" "$NEW" | sanitize_output nix store diff-closures "$PREV" "$NEW" | sanitize_output
printf '```\n\n' printf '```\n\n'
} >> "$OUTPUT_FILE" } >>"$OUTPUT_FILE"
} }
parse_args "$@" parse_args "$@"

3
pkgs/lohr/default.nix
View file

@ -10,7 +10,8 @@ rustPlatform.buildRustPackage rec {
hash = "sha256-dunQgtap+XCK5LoSyOqIY/6p6HizBeiyPWNuCffwjDU="; hash = "sha256-dunQgtap+XCK5LoSyOqIY/6p6HizBeiyPWNuCffwjDU=";
}; };
cargoHash = "sha256-EUhyrhPe+mUgMmm4o+bxRIiSNReJRfw+/O1fPr8r7lo="; useFetchCargoVendor = true;
cargoHash = "sha256-R3/N/43+bGx6acE/rhBcrk6kS5zQu8NJ1sVvKJJkK9w=";
meta = with lib; { meta = with lib; {
description = "Git mirroring daemon"; description = "Git mirroring daemon";

2
pkgs/osc52/osc52
View file

@ -15,7 +15,7 @@ usage() {
exec 1>&2 exec 1>&2
fi fi
cat << EOF cat <<EOF
Usage: $0 [options] [string] Usage: $0 [options] [string]
Send an arbitrary string to the terminal clipboard using the OSC 52 escape Send an arbitrary string to the terminal clipboard using the OSC 52 escape
sequence as specified in xterm: sequence as specified in xterm:

2
pkgs/osc777/osc777
View file

@ -13,7 +13,7 @@ usage() {
exec 1>&2 exec 1>&2
fi fi
cat << EOF cat <<EOF
Usage: $0 [options] <title> <message> Usage: $0 [options] <title> <message>
Send a notification (title and message) to the host system using the OSC 777 Send a notification (title and message) to the host system using the OSC 777
escape sequence: escape sequence:

1
templates/c++-cmake/.envrc Normal file → Executable file
View file

@ -1,3 +1,4 @@
# shellcheck shell=bash
if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then
source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg="
fi fi

15
templates/c++-cmake/flake.nix
View file

@ -16,19 +16,18 @@
ref = "nixos-unstable"; ref = "nixos-unstable";
}; };
pre-commit-hooks = { git-hooks = {
type = "github"; type = "github";
owner = "cachix"; owner = "cachix";
repo = "pre-commit-hooks.nix"; repo = "git-hooks.nix";
ref = "master"; ref = "master";
inputs = { inputs = {
flake-utils.follows = "futils";
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
}; };
}; };
}; };
outputs = { self, futils, nixpkgs, pre-commit-hooks }: outputs = { self, futils, nixpkgs, git-hooks }:
{ {
overlays = { overlays = {
default = final: _prev: { default = final: _prev: {
@ -69,7 +68,7 @@
]; ];
}; };
pre-commit = pre-commit-hooks.lib.${system}.run { pre-commit = git-hooks.lib.${system}.run {
src = self; src = self;
hooks = { hooks = {
@ -92,12 +91,12 @@
devShells = { devShells = {
default = pkgs.mkShell { default = pkgs.mkShell {
inputsFrom = with self.packages.${system}; [ inputsFrom = [
project self.packages.${system}.project
]; ];
packages = with pkgs; [ packages = with pkgs; [
clang-tools self.checks.${system}.pre-commit.enabledPackages
]; ];
inherit (pre-commit) shellHook; inherit (pre-commit) shellHook;

1
templates/c++-meson/.envrc
View file

@ -1,3 +1,4 @@
# shellcheck shell=bash
if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then
source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg="
fi fi

15
templates/c++-meson/flake.nix
View file

@ -16,19 +16,18 @@
ref = "nixos-unstable"; ref = "nixos-unstable";
}; };
pre-commit-hooks = { git-hooks = {
type = "github"; type = "github";
owner = "cachix"; owner = "cachix";
repo = "pre-commit-hooks.nix"; repo = "git-hooks.nix";
ref = "master"; ref = "master";
inputs = { inputs = {
flake-utils.follows = "futils";
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
}; };
}; };
}; };
outputs = { self, futils, nixpkgs, pre-commit-hooks }: outputs = { self, futils, nixpkgs, git-hooks }:
{ {
overlays = { overlays = {
default = final: _prev: { default = final: _prev: {
@ -69,7 +68,7 @@
]; ];
}; };
pre-commit = pre-commit-hooks.lib.${system}.run { pre-commit = git-hooks.lib.${system}.run {
src = self; src = self;
hooks = { hooks = {
@ -92,12 +91,12 @@
devShells = { devShells = {
default = pkgs.mkShell { default = pkgs.mkShell {
inputsFrom = with self.packages.${system}; [ inputsFrom = [
project self.packages.${system}.project
]; ];
packages = with pkgs; [ packages = with pkgs; [
clang-tools self.checks.${system}.pre-commit.enabledPackages
]; ];
inherit (pre-commit) shellHook; inherit (pre-commit) shellHook;

4
templates/default.nix
View file

@ -7,6 +7,10 @@
path = ./c++-meson; path = ./c++-meson;
description = "A C++ project using Meson"; description = "A C++ project using Meson";
}; };
"python-uv" = {
path = ./python-uv;
description = "A Python project using uv";
};
"rust-cargo" = { "rust-cargo" = {
path = ./rust-cargo; path = ./rust-cargo;
description = "A Rust project using Cargo"; description = "A Rust project using Cargo";

6
templates/python-uv/.envrc Normal file
View file

@ -0,0 +1,6 @@
# shellcheck shell=bash
if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then
source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg="
fi
use flake

6
templates/python-uv/.gitignore vendored Normal file
View file

@ -0,0 +1,6 @@
# Virtual environments
.venv
# Nix generated files
/.pre-commit-config.yaml
/result

31
templates/python-uv/.woodpecker/check.yml Normal file
View file

@ -0,0 +1,31 @@
labels:
backend: local
steps:
- name: pre-commit check
image: bash
commands:
- nix develop --command pre-commit run --all
- name: nix flake check
image: bash
commands:
- nix flake check
- name: notify
image: bash
environment:
ADDRESS:
from_secret: matrix_homeserver
ROOM:
from_secret: matrix_roomid
USER:
from_secret: matrix_username
PASS:
from_secret: matrix_password
commands:
- nix run github:ambroisie/matrix-notifier
when:
status:
- failure
- success

112
templates/python-uv/flake.nix Normal file
View file

@ -0,0 +1,112 @@
{
description = "A Python project";
inputs = {
futils = {
type = "github";
owner = "numtide";
repo = "flake-utils";
ref = "main";
};
nixpkgs = {
type = "github";
owner = "NixOS";
repo = "nixpkgs";
ref = "nixos-unstable";
};
git-hooks = {
type = "github";
owner = "cachix";
repo = "git-hooks.nix";
ref = "master";
inputs = {
nixpkgs.follows = "nixpkgs";
};
};
};
outputs = { self, futils, nixpkgs, git-hooks }:
{
overlays = {
default = final: _prev: {
project = with final; python3.pkgs.buildPythonApplication {
pname = "project";
version = (final.lib.importTOML ./pyproject.toml).project.version;
pyproject = true;
src = self;
build-system = with python3.pkgs; [ setuptools ];
pythonImportsCheck = [ "project" ];
meta = with lib; {
description = "A Python project";
homepage = "https://git.belanyi.fr/ambroisie/project";
license = licenses.mit;
maintainers = with maintainers; [ ambroisie ];
};
};
};
};
} // futils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs {
inherit system;
overlays = [
self.overlays.default
];
};
pre-commit = git-hooks.lib.${system}.run {
src = self;
hooks = {
mypy = {
enable = true;
};
nixpkgs-fmt = {
enable = true;
};
ruff = {
enable = true;
};
ruff-format = {
enable = true;
};
};
};
in
{
checks = {
inherit (self.packages.${system}) project;
inherit pre-commit;
};
devShells = {
default = pkgs.mkShell {
inputsFrom = [
self.packages.${system}.project
];
packages = with pkgs; [
uv
self.checks.${system}.pre-commit.enabledPackages
];
inherit (pre-commit) shellHook;
};
};
packages = futils.lib.flattenTree {
default = pkgs.project;
inherit (pkgs) project;
};
});
}

17
templates/python-uv/pyproject.toml Normal file
View file

@ -0,0 +1,17 @@
[build-system]
requires = ["setuptools"]
build-backend = "setuptools.build_meta"
[project]
name = "project"
version = "0.0.0"
description = "project description"
requires-python = ">=3.12"
dependencies = []
[project.scripts]
project = "project:main"
[dependency-groups]
dev = []

2
templates/python-uv/src/project/__init__.py Normal file
View file

@ -0,0 +1,2 @@
def main() -> None:
print("Hello, world!")

1
templates/rust-cargo/.envrc
View file

@ -1,3 +1,4 @@
# shellcheck shell=bash
if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then
source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg="
fi fi

16
templates/rust-cargo/flake.nix
View file

@ -16,19 +16,18 @@
ref = "nixos-unstable"; ref = "nixos-unstable";
}; };
pre-commit-hooks = { git-hooks = {
type = "github"; type = "github";
owner = "cachix"; owner = "cachix";
repo = "pre-commit-hooks.nix"; repo = "git-hooks.nix";
ref = "master"; ref = "master";
inputs = { inputs = {
flake-utils.follows = "futils";
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
}; };
}; };
}; };
outputs = { self, futils, nixpkgs, pre-commit-hooks }: outputs = { self, futils, nixpkgs, git-hooks }:
{ {
overlays = { overlays = {
default = final: _prev: { default = final: _prev: {
@ -60,7 +59,7 @@
]; ];
}; };
pre-commit = pre-commit-hooks.lib.${system}.run { pre-commit = git-hooks.lib.${system}.run {
src = self; src = self;
hooks = { hooks = {
@ -88,14 +87,13 @@
devShells = { devShells = {
default = pkgs.mkShell { default = pkgs.mkShell {
inputsFrom = with self.packages.${system}; [ inputsFrom = [
project self.packages.${system}.project
]; ];
packages = with pkgs; [ packages = with pkgs; [
clippy
rust-analyzer rust-analyzer
rustfmt self.checks.${system}.pre-commit.enabledPackages
]; ];
RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}"; RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}";