From 2ed60a227e7066e54201647d36b58ed8d6ffb75b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Jan 2024 16:49:19 +0000 Subject: [PATCH 001/135] modules: add common This should define modules that are identical, or very similar. The driving force is to be able to use `my.profiles` on home-manager and NixOS without repeating myself. In the future I might migrate other modules, such as `nixos/system/nix`... --- modules/common/default.nix | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 modules/common/default.nix diff --git a/modules/common/default.nix b/modules/common/default.nix new file mode 100644 index 0000000..c170939 --- /dev/null +++ b/modules/common/default.nix @@ -0,0 +1,24 @@ +# Modules that are common to various module systems +# Usually with very small differences, if any, between them. +{ lib, _class, ... }: +let + allowedClass = [ + "darwin" + "homeManager" + "nixos" + ]; + + allowedClassString = lib.concatStringSep ", " (builtins.map lib.escapeNixString allowedClass); +in +{ + config = { + assertions = [ + { + assertion = builtins.elem _class allowedClass; + message = '' + `_class` specialArgs must be one of ${allowedClassString}. + ''; + } + ]; + }; +} From 748e55f1a60583e4ac41e67d4b9007ce429b3b9c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Jan 2024 16:50:05 +0000 Subject: [PATCH 002/135] nixos: home: import common modules --- modules/nixos/home/default.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/modules/nixos/home/default.nix b/modules/nixos/home/default.nix index fe00704..fb120f2 100644 --- a/modules/nixos/home/default.nix +++ b/modules/nixos/home/default.nix @@ -13,8 +13,13 @@ in config = lib.mkIf cfg.enable { home-manager = { - # Not a fan of out-of-directory imports, but this is a good exception - users.${config.my.user.name} = import "${inputs.self}/modules/home"; + users.${config.my.user.name} = { + # Not a fan of out-of-directory imports, but this is a good exception + imports = [ + "${inputs.self}/modules/common" + "${inputs.self}/modules/home" + ]; + }; # Nix Flakes compatibility useGlobalPkgs = true; From 5d706dd2dce548e66d49b88fe452075978b6df38 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Jan 2024 16:50:16 +0000 Subject: [PATCH 003/135] flake: home-manager: import common modules --- flake/home-manager.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/flake/home-manager.nix b/flake/home-manager.nix index 88a74e8..69cd484 100644 --- a/flake/home-manager.nix +++ b/flake/home-manager.nix @@ -19,6 +19,8 @@ let # Enable home-manager programs.home-manager.enable = true; } + # Import common modules + "${self}/modules/common" ]; mkHome = name: system: inputs.home-manager.lib.homeManagerConfiguration { From 27a486bf5c4b5b66a52752a6339fdc6c7d631527 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Jan 2024 16:50:22 +0000 Subject: [PATCH 004/135] flake: nixos: import common modules --- flake/nixos.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/flake/nixos.nix b/flake/nixos.nix index 0fbd3a6..4777967 100644 --- a/flake/nixos.nix +++ b/flake/nixos.nix @@ -12,6 +12,8 @@ let } # Include generic settings "${self}/modules/nixos" + # Import common modules + "${self}/modules/common" ]; buildHost = name: system: lib.nixosSystem { From 033b0e8a5767e780ce56a672e514214567bddbeb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Jan 2024 16:51:34 +0000 Subject: [PATCH 005/135] common: add profiles I will be migrating each sub-module one by one. --- modules/common/default.nix | 4 ++++ modules/common/profiles/default.nix | 7 +++++++ 2 files changed, 11 insertions(+) create mode 100644 modules/common/profiles/default.nix diff --git a/modules/common/default.nix b/modules/common/default.nix index c170939..fff2cf5 100644 --- a/modules/common/default.nix +++ b/modules/common/default.nix @@ -11,6 +11,10 @@ let allowedClassString = lib.concatStringSep ", " (builtins.map lib.escapeNixString allowedClass); in { + imports = [ + ./profiles + ]; + config = { assertions = [ { diff --git a/modules/common/profiles/default.nix b/modules/common/profiles/default.nix new file mode 100644 index 0000000..bb0f12b --- /dev/null +++ b/modules/common/profiles/default.nix @@ -0,0 +1,7 @@ +# Configuration that spans across system and home, or are almagations of modules +{ ... }: +{ + imports = [ + # FIXME: empty + ]; +} From e01c8330d68eeaa6d3975e4e050278a74ba112de Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Jan 2024 16:51:34 +0000 Subject: [PATCH 006/135] common: profiles: migrate bluetooth --- modules/common/profiles/bluetooth/default.nix | 19 +++++++++++++++++++ modules/common/profiles/default.nix | 2 +- modules/nixos/profiles/bluetooth/default.nix | 15 --------------- modules/nixos/profiles/default.nix | 1 - 4 files changed, 20 insertions(+), 17 deletions(-) create mode 100644 modules/common/profiles/bluetooth/default.nix delete mode 100644 modules/nixos/profiles/bluetooth/default.nix diff --git a/modules/common/profiles/bluetooth/default.nix b/modules/common/profiles/bluetooth/default.nix new file mode 100644 index 0000000..e687a4c --- /dev/null +++ b/modules/common/profiles/bluetooth/default.nix @@ -0,0 +1,19 @@ +{ config, lib, _class, ... }: +let + cfg = config.my.profiles.bluetooth; +in +{ + options.my.profiles.bluetooth = with lib; { + enable = mkEnableOption "bluetooth profile"; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + (lib.optionalAttrs (_class == "homeManager") { + my.home.bluetooth.enable = true; + }) + + (lib.optionalAttrs (_class == "nixos") { + my.hardware.bluetooth.enable = true; + }) + ]); +} diff --git a/modules/common/profiles/default.nix b/modules/common/profiles/default.nix index bb0f12b..4d050e0 100644 --- a/modules/common/profiles/default.nix +++ b/modules/common/profiles/default.nix @@ -2,6 +2,6 @@ { ... }: { imports = [ - # FIXME: empty + ./bluetooth ]; } diff --git a/modules/nixos/profiles/bluetooth/default.nix b/modules/nixos/profiles/bluetooth/default.nix deleted file mode 100644 index 292d0d1..0000000 --- a/modules/nixos/profiles/bluetooth/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.my.profiles.bluetooth; -in -{ - options.my.profiles.bluetooth = with lib; { - enable = mkEnableOption "bluetooth profile"; - }; - - config = lib.mkIf cfg.enable { - my.hardware.bluetooth.enable = true; - - my.home.bluetooth.enable = true; - }; -} diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix index dbd4be3..112decd 100644 --- a/modules/nixos/profiles/default.nix +++ b/modules/nixos/profiles/default.nix @@ -2,7 +2,6 @@ { ... }: { imports = [ - ./bluetooth ./devices ./gtk ./laptop From 9ee0cb3287f70048e0722729b24b6652ddb11c5a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Jan 2024 17:03:09 +0000 Subject: [PATCH 007/135] common: profiles: migrate devices --- modules/common/profiles/default.nix | 1 + modules/common/profiles/devices/default.nix | 22 +++++++++++++++++++++ modules/nixos/profiles/default.nix | 1 - modules/nixos/profiles/devices/default.nix | 20 ------------------- 4 files changed, 23 insertions(+), 21 deletions(-) create mode 100644 modules/common/profiles/devices/default.nix delete mode 100644 modules/nixos/profiles/devices/default.nix diff --git a/modules/common/profiles/default.nix b/modules/common/profiles/default.nix index 4d050e0..b47897b 100644 --- a/modules/common/profiles/default.nix +++ b/modules/common/profiles/default.nix @@ -3,5 +3,6 @@ { imports = [ ./bluetooth + ./devices ]; } diff --git a/modules/common/profiles/devices/default.nix b/modules/common/profiles/devices/default.nix new file mode 100644 index 0000000..224004a --- /dev/null +++ b/modules/common/profiles/devices/default.nix @@ -0,0 +1,22 @@ +{ config, lib, _class, ... }: +let + cfg = config.my.profiles.devices; +in +{ + options.my.profiles.devices = with lib; { + enable = mkEnableOption "devices profile"; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + (lib.optionalAttrs (_class == "nixos") { + my.hardware = { + ergodox.enable = true; + + trackball.enable = true; + }; + + # MTP devices auto-mount via file explorers + services.gvfs.enable = true; + }) + ]); +} diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix index 112decd..fc3a7f5 100644 --- a/modules/nixos/profiles/default.nix +++ b/modules/nixos/profiles/default.nix @@ -2,7 +2,6 @@ { ... }: { imports = [ - ./devices ./gtk ./laptop ./wm diff --git a/modules/nixos/profiles/devices/default.nix b/modules/nixos/profiles/devices/default.nix deleted file mode 100644 index 7a84bd2..0000000 --- a/modules/nixos/profiles/devices/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.my.profiles.devices; -in -{ - options.my.profiles.devices = with lib; { - enable = mkEnableOption "devices profile"; - }; - - config = lib.mkIf cfg.enable { - my.hardware = { - ergodox.enable = true; - - trackball.enable = true; - }; - - # MTP devices auto-mount via file explorers - services.gvfs.enable = true; - }; -} From a68c26c6ef90be871ecc46dfa16ea507c10d554d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Jan 2024 17:03:47 +0000 Subject: [PATCH 008/135] common: profiles: migrate gtk --- modules/common/profiles/default.nix | 1 + modules/common/profiles/gtk/default.nix | 21 +++++++++++++++++++++ modules/nixos/profiles/default.nix | 1 - modules/nixos/profiles/gtk/default.nix | 17 ----------------- 4 files changed, 22 insertions(+), 18 deletions(-) create mode 100644 modules/common/profiles/gtk/default.nix delete mode 100644 modules/nixos/profiles/gtk/default.nix diff --git a/modules/common/profiles/default.nix b/modules/common/profiles/default.nix index b47897b..2c8e7e1 100644 --- a/modules/common/profiles/default.nix +++ b/modules/common/profiles/default.nix @@ -4,5 +4,6 @@ imports = [ ./bluetooth ./devices + ./gtk ]; } diff --git a/modules/common/profiles/gtk/default.nix b/modules/common/profiles/gtk/default.nix new file mode 100644 index 0000000..3d2a05f --- /dev/null +++ b/modules/common/profiles/gtk/default.nix @@ -0,0 +1,21 @@ +{ config, lib, _class, ... }: +let + cfg = config.my.profiles.gtk; +in +{ + options.my.profiles.gtk = with lib; { + enable = mkEnableOption "gtk profile"; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + (lib.optionalAttrs (_class == "homeManager") { + # GTK theme configuration + my.home.gtk.enable = true; + }) + + (lib.optionalAttrs (_class == "nixos") { + # Allow setting GTK configuration using home-manager + programs.dconf.enable = true; + }) + ]); +} diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix index fc3a7f5..c6c74a0 100644 --- a/modules/nixos/profiles/default.nix +++ b/modules/nixos/profiles/default.nix @@ -2,7 +2,6 @@ { ... }: { imports = [ - ./gtk ./laptop ./wm ./x diff --git a/modules/nixos/profiles/gtk/default.nix b/modules/nixos/profiles/gtk/default.nix deleted file mode 100644 index a8d6d9a..0000000 --- a/modules/nixos/profiles/gtk/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.my.profiles.gtk; -in -{ - options.my.profiles.gtk = with lib; { - enable = mkEnableOption "gtk profile"; - }; - - config = lib.mkIf cfg.enable { - # Allow setting GTK configuration using home-manager - programs.dconf.enable = true; - - # GTK theme configuration - my.home.gtk.enable = true; - }; -} From b1be9f20d9b0f2b5fafe16027549a203b6ea551d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Jan 2024 17:05:16 +0000 Subject: [PATCH 009/135] common: profiles: migrate laptop --- modules/common/profiles/default.nix | 1 + modules/common/profiles/laptop/default.nix | 27 ++++++++++++++++++++++ modules/nixos/profiles/default.nix | 1 - modules/nixos/profiles/laptop/default.nix | 23 ------------------ 4 files changed, 28 insertions(+), 24 deletions(-) create mode 100644 modules/common/profiles/laptop/default.nix delete mode 100644 modules/nixos/profiles/laptop/default.nix diff --git a/modules/common/profiles/default.nix b/modules/common/profiles/default.nix index 2c8e7e1..dafab3b 100644 --- a/modules/common/profiles/default.nix +++ b/modules/common/profiles/default.nix @@ -5,5 +5,6 @@ ./bluetooth ./devices ./gtk + ./laptop ]; } diff --git a/modules/common/profiles/laptop/default.nix b/modules/common/profiles/laptop/default.nix new file mode 100644 index 0000000..afced27 --- /dev/null +++ b/modules/common/profiles/laptop/default.nix @@ -0,0 +1,27 @@ +{ config, lib, _class, ... }: +let + cfg = config.my.profiles.laptop; +in +{ + options.my.profiles.laptop = with lib; { + enable = mkEnableOption "laptop profile"; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + (lib.optionalAttrs (_class == "homeManager") { + # Enable battery notifications + my.home.power-alert.enable = true; + }) + + (lib.optionalAttrs (_class == "nixos") { + # Enable touchpad support + services.libinput.enable = true; + + # Enable TLP power management + my.services.tlp.enable = true; + + # Enable upower power management + my.hardware.upower.enable = true; + }) + ]); +} diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix index c6c74a0..fc12361 100644 --- a/modules/nixos/profiles/default.nix +++ b/modules/nixos/profiles/default.nix @@ -2,7 +2,6 @@ { ... }: { imports = [ - ./laptop ./wm ./x ]; diff --git a/modules/nixos/profiles/laptop/default.nix b/modules/nixos/profiles/laptop/default.nix deleted file mode 100644 index 68c65b8..0000000 --- a/modules/nixos/profiles/laptop/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.my.profiles.laptop; -in -{ - options.my.profiles.laptop = with lib; { - enable = mkEnableOption "laptop profile"; - }; - - config = lib.mkIf cfg.enable { - # Enable touchpad support - services.libinput.enable = true; - - # Enable TLP power management - my.services.tlp.enable = true; - - # Enable upower power management - my.hardware.upower.enable = true; - - # Enable battery notifications - my.home.power-alert.enable = true; - }; -} From 75f1776916f1877ffb3d3caa0c5e0d2a46a91f7d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Jan 2024 17:05:37 +0000 Subject: [PATCH 010/135] common: profiles: migrate wm --- modules/common/profiles/default.nix | 1 + modules/common/profiles/wm/default.nix | 38 ++++++++++++++++++++++++++ modules/nixos/profiles/default.nix | 1 - modules/nixos/profiles/wm/default.nix | 31 --------------------- 4 files changed, 39 insertions(+), 32 deletions(-) create mode 100644 modules/common/profiles/wm/default.nix delete mode 100644 modules/nixos/profiles/wm/default.nix diff --git a/modules/common/profiles/default.nix b/modules/common/profiles/default.nix index dafab3b..2f12fb8 100644 --- a/modules/common/profiles/default.nix +++ b/modules/common/profiles/default.nix @@ -6,5 +6,6 @@ ./devices ./gtk ./laptop + ./wm ]; } diff --git a/modules/common/profiles/wm/default.nix b/modules/common/profiles/wm/default.nix new file mode 100644 index 0000000..6fb80b3 --- /dev/null +++ b/modules/common/profiles/wm/default.nix @@ -0,0 +1,38 @@ +{ config, lib, _class, ... }: +let + cfg = config.my.profiles.wm; + + applyWm = wm: configs: lib.mkIf (cfg.windowManager == wm) (lib.my.merge configs); +in +{ + options.my.profiles.wm = with lib; { + windowManager = mkOption { + type = with types; nullOr (enum [ "i3" ]); + default = null; + example = "i3"; + description = "Which window manager to use"; + }; + }; + + config = lib.mkMerge [ + (applyWm "i3" [ + (lib.optionalAttrs (_class == "homeManager") { + # i3 settings + my.home.wm.windowManager = "i3"; + # Screenshot tool + my.home.flameshot.enable = true; + # Auto disk mounter + my.home.udiskie.enable = true; + }) + + (lib.optionalAttrs (_class == "nixos") { + # Enable i3 + services.xserver.windowManager.i3.enable = true; + # udiskie fails if it can't find this dbus service + services.udisks2.enable = true; + # Ensure i3lock can actually unlock the session + security.pam.services.i3lock.enable = true; + }) + ]) + ]; +} diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix index fc12361..aec95b1 100644 --- a/modules/nixos/profiles/default.nix +++ b/modules/nixos/profiles/default.nix @@ -2,7 +2,6 @@ { ... }: { imports = [ - ./wm ./x ]; } diff --git a/modules/nixos/profiles/wm/default.nix b/modules/nixos/profiles/wm/default.nix deleted file mode 100644 index bca4d70..0000000 --- a/modules/nixos/profiles/wm/default.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.my.profiles.wm; -in -{ - options.my.profiles.wm = with lib; { - windowManager = mkOption { - type = with types; nullOr (enum [ "i3" ]); - default = null; - example = "i3"; - description = "Which window manager to use"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf (cfg.windowManager == "i3") { - # Enable i3 - services.xserver.windowManager.i3.enable = true; - # i3 settings - my.home.wm.windowManager = "i3"; - # Screenshot tool - my.home.flameshot.enable = true; - # Auto disk mounter - my.home.udiskie.enable = true; - # udiskie fails if it can't find this dbus service - services.udisks2.enable = true; - # Ensure i3lock can actually unlock the session - security.pam.services.i3lock.enable = true; - }) - ]; -} From 2a6696bafcb80a55dc614e01bc5884492c67e79b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Jan 2024 17:05:54 +0000 Subject: [PATCH 011/135] common: profiles: migrate X --- modules/common/profiles/default.nix | 1 + modules/common/profiles/x/default.nix | 27 +++++++++++++++++++++++++++ modules/nixos/default.nix | 1 - modules/nixos/profiles/default.nix | 7 ------- modules/nixos/profiles/x/default.nix | 23 ----------------------- 5 files changed, 28 insertions(+), 31 deletions(-) create mode 100644 modules/common/profiles/x/default.nix delete mode 100644 modules/nixos/profiles/default.nix delete mode 100644 modules/nixos/profiles/x/default.nix diff --git a/modules/common/profiles/default.nix b/modules/common/profiles/default.nix index 2f12fb8..dbd4be3 100644 --- a/modules/common/profiles/default.nix +++ b/modules/common/profiles/default.nix @@ -7,5 +7,6 @@ ./gtk ./laptop ./wm + ./x ]; } diff --git a/modules/common/profiles/x/default.nix b/modules/common/profiles/x/default.nix new file mode 100644 index 0000000..d70b1e6 --- /dev/null +++ b/modules/common/profiles/x/default.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, _class, ... }: +let + cfg = config.my.profiles.x; +in +{ + options.my.profiles.x = with lib; { + enable = mkEnableOption "X profile"; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + (lib.optionalAttrs (_class == "homeManager") { + # X configuration + my.home.x.enable = true; + }) + + (lib.optionalAttrs (_class == "nixos") { + # Enable the X11 windowing system. + services.xserver.enable = true; + # Nice wallpaper + services.xserver.displayManager.lightdm.background = + let + wallpapers = "${pkgs.plasma5Packages.plasma-workspace-wallpapers}/share/wallpapers"; + in + "${wallpapers}/summer_1am/contents/images/2560x1600.jpg"; + }) + ]); +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 3648631..2eaa2e6 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -5,7 +5,6 @@ imports = [ ./hardware ./home - ./profiles ./programs ./secrets ./services diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix deleted file mode 100644 index aec95b1..0000000 --- a/modules/nixos/profiles/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -# Configuration that spans across system and home, or are almagations of modules -{ ... }: -{ - imports = [ - ./x - ]; -} diff --git a/modules/nixos/profiles/x/default.nix b/modules/nixos/profiles/x/default.nix deleted file mode 100644 index ea77939..0000000 --- a/modules/nixos/profiles/x/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, pkgs, ... }: -let - cfg = config.my.profiles.x; -in -{ - options.my.profiles.x = with lib; { - enable = mkEnableOption "X profile"; - }; - - config = lib.mkIf cfg.enable { - # Enable the X11 windowing system. - services.xserver.enable = true; - # Nice wallpaper - services.xserver.displayManager.lightdm.background = - let - wallpapers = "${pkgs.plasma5Packages.plasma-workspace-wallpapers}/share/wallpapers"; - in - "${wallpapers}/summer_1am/contents/images/2560x1600.jpg"; - - # X configuration - my.home.x.enable = true; - }; -} From d181f3a71903c5bb5a8b0f89c3fe84023492e76e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Jan 2024 16:51:34 +0000 Subject: [PATCH 012/135] common: profiles: forward profiles to home-manager We can only do this now that every profile has been migrated, otherwise we would get errors about undeclared modules... It's not perfect, but it's good enough. --- modules/common/profiles/default.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/modules/common/profiles/default.nix b/modules/common/profiles/default.nix index dbd4be3..8ce5a3c 100644 --- a/modules/common/profiles/default.nix +++ b/modules/common/profiles/default.nix @@ -1,5 +1,5 @@ # Configuration that spans across system and home, or are almagations of modules -{ ... }: +{ config, lib, _class, ... }: { imports = [ ./bluetooth @@ -9,4 +9,17 @@ ./wm ./x ]; + + config = lib.mkMerge [ + # Transparently enable home-manager profiles as well + (lib.optionalAttrs (_class != "homeManager") { + home-manager.users.${config.my.user.name} = { + config = { + my = { + inherit (config.my) profiles; + }; + }; + }; + }) + ]; } From 7ac78ca260a0d81ff51cc6f8f7cdc810243f1a42 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Jan 2024 17:55:14 +0000 Subject: [PATCH 013/135] hosts: nixos: porthos: add profiles --- hosts/nixos/porthos/default.nix | 1 + hosts/nixos/porthos/profiles.nix | 4 ++++ 2 files changed, 5 insertions(+) create mode 100644 hosts/nixos/porthos/profiles.nix diff --git a/hosts/nixos/porthos/default.nix b/hosts/nixos/porthos/default.nix index bd1bdb1..e69bccf 100644 --- a/hosts/nixos/porthos/default.nix +++ b/hosts/nixos/porthos/default.nix @@ -7,6 +7,7 @@ ./hardware.nix ./home.nix ./networking.nix + ./profiles.nix ./secrets ./services.nix ./system.nix diff --git a/hosts/nixos/porthos/profiles.nix b/hosts/nixos/porthos/profiles.nix new file mode 100644 index 0000000..3ec736c --- /dev/null +++ b/hosts/nixos/porthos/profiles.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + # Nothing +} From 1c86c85c56e3fccde64a58b841fdc7132cca8492 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 7 Dec 2023 21:31:46 +0000 Subject: [PATCH 014/135] flake: add hosts This will allow other modules to cross-reference which hosts exist on which system. My main use-case is to automatically declare home-manager configuration for the home configuration of NixOS hosts. I also include Darwin in case I ever want to use that in the future, though that is unlikely for the moment. --- flake/default.nix | 1 + flake/hosts.nix | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 flake/hosts.nix diff --git a/flake/default.nix b/flake/default.nix index 5e52025..6f1d4ac 100644 --- a/flake/default.nix +++ b/flake/default.nix @@ -13,6 +13,7 @@ flake-parts.lib.mkFlake { inherit inputs; } { ./checks.nix ./dev-shells.nix ./home-manager.nix + ./hosts.nix ./lib.nix ./nixos.nix ./overlays.nix diff --git a/flake/hosts.nix b/flake/hosts.nix new file mode 100644 index 0000000..7d95fdc --- /dev/null +++ b/flake/hosts.nix @@ -0,0 +1,21 @@ +# Define `hosts.{darwin,home,nixos}` options for consumption in other modules +{ lib, ... }: +let + mkHostsOption = description: lib.mkOption { + inherit description; + type = with lib.types; attrsOf str; + default = { }; + example = { name = "x86_64-linux"; }; + }; +in +{ + options = { + hosts = { + darwin = mkHostsOption "Darwin hosts"; + + homes = mkHostsOption "Home Manager hosts"; + + nixos = mkHostsOption "NixOS hosts"; + }; + }; +} From 9e35764e0c270ae9e6826ea6c700d1d10efb5d40 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 7 Dec 2023 21:33:10 +0000 Subject: [PATCH 015/135] flake: nixos: use 'hosts' option --- flake/nixos.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/flake/nixos.nix b/flake/nixos.nix index 4777967..9a6d5bc 100644 --- a/flake/nixos.nix +++ b/flake/nixos.nix @@ -1,4 +1,4 @@ -{ self, inputs, lib, ... }: +{ self, config, inputs, lib, ... }: let defaultModules = [ { @@ -32,8 +32,12 @@ let }; in { - flake.nixosConfigurations = lib.mapAttrs buildHost { - aramis = "x86_64-linux"; - porthos = "x86_64-linux"; + config = { + hosts.nixos = { + aramis = "x86_64-linux"; + porthos = "x86_64-linux"; + }; + + flake.nixosConfigurations = lib.mapAttrs buildHost config.hosts.nixos; }; } From 87ba726b18e277feabb81218f778c22fe8b184a7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 7 Dec 2023 21:41:05 +0000 Subject: [PATCH 016/135] flake: home-manager: use 'hosts' option --- flake/home-manager.nix | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/flake/home-manager.nix b/flake/home-manager.nix index 69cd484..4a42757 100644 --- a/flake/home-manager.nix +++ b/flake/home-manager.nix @@ -1,5 +1,7 @@ -{ self, inputs, lib, ... }: +{ self, config, inputs, lib, ... }: let + inherit (config) hosts; + defaultModules = [ # Include generic settings "${self}/modules/home" @@ -39,18 +41,19 @@ let }; }; - homes = { +in +{ + hosts.homes = { "ambroisie@bazin" = "x86_64-linux"; "ambroisie@mousqueton" = "x86_64-linux"; }; -in -{ + perSystem = { system, ... }: { # Work-around for https://github.com/nix-community/home-manager/issues/3075 legacyPackages = { homeConfigurations = let - filteredHomes = lib.filterAttrs (_: v: v == system) homes; + filteredHomes = lib.filterAttrs (_: v: v == system) hosts.homes; allHomes = filteredHomes // { # Default configuration ambroisie = system; From 31effae175c4558e38633639e5ca119416f0fdf5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 7 Dec 2023 21:44:01 +0000 Subject: [PATCH 017/135] flake: home-manager: refactor 'mkHome' This will allow making a similar function for NixOS homes. --- flake/home-manager.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/flake/home-manager.nix b/flake/home-manager.nix index 4a42757..25dab9b 100644 --- a/flake/home-manager.nix +++ b/flake/home-manager.nix @@ -25,12 +25,10 @@ let "${self}/modules/common" ]; - mkHome = name: system: inputs.home-manager.lib.homeManagerConfiguration { + mkHomeCommon = mainModules: system: inputs.home-manager.lib.homeManagerConfiguration { pkgs = inputs.nixpkgs.legacyPackages.${system}; - modules = defaultModules ++ [ - "${self}/hosts/homes/${name}" - ]; + modules = defaultModules ++ mainModules; # Use my extended lib in NixOS configuration inherit (self) lib; @@ -41,6 +39,7 @@ let }; }; + mkHome = name: mkHomeCommon [ "${self}/hosts/homes/${name}" ]; in { hosts.homes = { From 2c0062bf51e0a55622944cab8169e4edd7d6d497 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 7 Dec 2023 21:56:25 +0000 Subject: [PATCH 018/135] flake: home-manager: export NixOS homes And here is what the last few commits were building up to. This is neat, but won't be useful *very* often. --- flake/home-manager.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/flake/home-manager.nix b/flake/home-manager.nix index 25dab9b..d4d14fc 100644 --- a/flake/home-manager.nix +++ b/flake/home-manager.nix @@ -40,6 +40,11 @@ let }; mkHome = name: mkHomeCommon [ "${self}/hosts/homes/${name}" ]; + + mkNixosHome = name: mkHomeCommon [ + "${self}/hosts/nixos/${name}/home.nix" + "${self}/hosts/nixos/${name}/profiles.nix" + ]; in { hosts.homes = { @@ -57,8 +62,18 @@ in # Default configuration ambroisie = system; }; + homeManagerHomes = lib.mapAttrs mkHome allHomes; + + filteredNixosHosts = lib.filterAttrs (_: v: v == system) hosts.nixos; + nixosHomes' = lib.mapAttrs mkNixosHome filteredNixosHosts; + nixosHomeUsername = (host: self.nixosConfigurations.${host}.config.my.user.name); + nixosHomes = lib.mapAttrs' (host: lib.nameValuePair "${nixosHomeUsername host}@${host}") nixosHomes'; in - lib.mapAttrs mkHome allHomes; + lib.foldl' lib.mergeAttrs { } + [ + homeManagerHomes + nixosHomes + ]; }; }; } From 8d809e3ac3c05eb9ca6de3279fee2a8c72cdd293 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 8 Jul 2025 10:40:08 +0000 Subject: [PATCH 019/135] flake: bump inputs --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index a4da84d..dc32e95 100644 --- a/flake.lock +++ b/flake.lock @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751271578, - "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", + "lastModified": 1751952840, + "narHash": "sha256-SIkjQb9PPGvR/EcZAU8UZEnO9dwY2Z/BrDWgtyZd7OA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", + "rev": "27278798fe68d7f81131dd7ab62b8ea2b795cd56", "type": "github" }, "original": { From b093faf00d8066e19d144c34533a32602a4fb8f7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 8 Jul 2025 10:42:13 +0000 Subject: [PATCH 020/135] nixos: services: tandoor-recipes: use automatic DB --- .../services/tandoor-recipes/default.nix | 25 +++---------------- 1 file changed, 4 insertions(+), 21 deletions(-) diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix index 169eec8..4b4ed1a 100644 --- a/modules/nixos/services/tandoor-recipes/default.nix +++ b/modules/nixos/services/tandoor-recipes/default.nix @@ -26,18 +26,16 @@ in services.tandoor-recipes = { enable = true; + database = { + createLocally = true; + }; + port = cfg.port; extraConfig = let tandoorRecipesDomain = "recipes.${config.networking.domain}"; in { - # Use PostgreSQL - DB_ENGINE = "django.db.backends.postgresql"; - POSTGRES_HOST = "/run/postgresql"; - POSTGRES_USER = "tandoor_recipes"; - POSTGRES_DB = "tandoor_recipes"; - # Security settings ALLOWED_HOSTS = tandoorRecipesDomain; CSRF_TRUSTED_ORIGINS = "https://${tandoorRecipesDomain}"; @@ -49,27 +47,12 @@ in systemd.services = { tandoor-recipes = { - after = [ "postgresql.target" ]; - requires = [ "postgresql.target" ]; - serviceConfig = { EnvironmentFile = cfg.secretKeyFile; }; }; }; - # Set-up database - services.postgresql = { - enable = true; - ensureDatabases = [ "tandoor_recipes" ]; - ensureUsers = [ - { - name = "tandoor_recipes"; - ensureDBOwnership = true; - } - ]; - }; - my.services.nginx.virtualHosts = { recipes = { inherit (cfg) port; From 2473bca1671ddaab0ce6de70d5471bf304133af6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 11 Jul 2025 14:24:23 +0000 Subject: [PATCH 021/135] home: vim: telescope: remove LSP handlers The plug-in was broken with the update to 0.11, and I would like to try using the built-in quickfixlist-based handlers for a while. This reverts commit 8d4a1e61b4f26f7443f7c8b0b65643f0bd312e9f. --- modules/home/vim/default.nix | 1 - modules/home/vim/plugin/settings/telescope.lua | 1 - 2 files changed, 2 deletions(-) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 20a74ff..930a853 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -80,7 +80,6 @@ in nvim-surround # Deal with pairs, now in Lua oil-nvim # Better alternative to NetrW telescope-fzf-native-nvim # Use 'fzf' fuzzy matching algorithm - telescope-lsp-handlers-nvim # Use 'telescope' for various LSP actions telescope-nvim # Fuzzy finder interface which-key-nvim # Show available mappings ]; diff --git a/modules/home/vim/plugin/settings/telescope.lua b/modules/home/vim/plugin/settings/telescope.lua index 1a23928..810d51c 100644 --- a/modules/home/vim/plugin/settings/telescope.lua +++ b/modules/home/vim/plugin/settings/telescope.lua @@ -23,7 +23,6 @@ telescope.setup({ }) telescope.load_extension("fzf") -telescope.load_extension("lsp_handlers") local keys = { { "f", group = "Fuzzy finder" }, From 979ae901c4057308ce1da3bbf2388e2addd99d7f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 15 Jul 2025 09:52:21 +0000 Subject: [PATCH 022/135] flake: bump inputs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index dc32e95..0f205ab 100644 --- a/flake.lock +++ b/flake.lock @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1751429452, - "narHash": "sha256-4s5vRtaqdNhVBnbOWOzBNKrRa0ShQTLoEPjJp3joeNI=", + "lastModified": 1752467539, + "narHash": "sha256-4kaR+xmng9YPASckfvIgl5flF/1nAZOplM+Wp9I5SMI=", "owner": "nix-community", "repo": "home-manager", - "rev": "df12269039dcf752600b1bcc176bacf2786ec384", + "rev": "1e54837569e0b80797c47be4720fab19e0db1616", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751952840, - "narHash": "sha256-SIkjQb9PPGvR/EcZAU8UZEnO9dwY2Z/BrDWgtyZd7OA=", + "lastModified": 1752644555, + "narHash": "sha256-oeRcp4VEyZ/3ZgfRRoq60/08l2zy0K53l8MdfSIYd24=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "27278798fe68d7f81131dd7ab62b8ea2b795cd56", + "rev": "9100a4f6bf446603b9575927c8585162f9ec9aa6", "type": "github" }, "original": { From 13b61346f5cca39d1ba2c66717e14a6d01b99acc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 15 Jul 2025 09:54:23 +0000 Subject: [PATCH 023/135] home: tmux: increase history scrollback Even *longer*. --- modules/home/tmux/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 82ceb3a..3ea047a 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -48,7 +48,7 @@ in keyMode = "vi"; # Home-row keys and other niceties clock24 = true; # I'm one of those heathens escapeTime = 0; # Let vim do its thing instead - historyLimit = 100000; # Bigger buffer + historyLimit = 1000000; # Bigger buffer mouse = false; # I dislike mouse support focusEvents = true; # Report focus events terminal = "tmux-256color"; # I want accurate termcap info From add796768567599e9d6b2a54c80baac84d7681b5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 27 Jul 2025 20:49:24 +0100 Subject: [PATCH 024/135] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 0f205ab..e96a7a0 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "lastModified": 1753121425, + "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1752467539, - "narHash": "sha256-4kaR+xmng9YPASckfvIgl5flF/1nAZOplM+Wp9I5SMI=", + "lastModified": 1753617834, + "narHash": "sha256-WEVfKrdIdu5CpppJ0Va3vzP0DKlS+ZTLbBjugMO2Drg=", "owner": "nix-community", "repo": "home-manager", - "rev": "1e54837569e0b80797c47be4720fab19e0db1616", + "rev": "72cc1e3134a35005006f06640724319caa424737", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1752644555, - "narHash": "sha256-oeRcp4VEyZ/3ZgfRRoq60/08l2zy0K53l8MdfSIYd24=", + "lastModified": 1753429684, + "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9100a4f6bf446603b9575927c8585162f9ec9aa6", + "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", "type": "github" }, "original": { From 2a515754a2c8bb87fe756d9862d3bb04c6be2bbb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 27 Jul 2025 20:48:06 +0100 Subject: [PATCH 025/135] home: zsh: use absolute path to 'XDG_CONFIG_HOME' The path handling has been fixed upstream, which makes this module more readable. --- modules/home/zsh/default.nix | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index f4092d8..08b4101 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -1,14 +1,6 @@ { config, pkgs, lib, ... }: let cfg = config.my.home.zsh; - - # Have a nice relative path for XDG_CONFIG_HOME, without leading `/` - relativeXdgConfig = - let - noHome = lib.removePrefix config.home.homeDirectory; - noSlash = lib.removePrefix "/"; - in - noSlash (noHome config.xdg.configHome); in { options.my.home.zsh = with lib; { @@ -57,7 +49,7 @@ in programs.zsh = { enable = true; - dotDir = "${relativeXdgConfig}/zsh"; # Don't clutter $HOME + dotDir = "${config.xdg.configHome}/zsh"; # Don't clutter $HOME enableCompletion = true; history = { From 4b7c6c1f5eb7cbd7254a8f69050b17c9d4723837 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 29 Jul 2025 16:13:58 +0000 Subject: [PATCH 026/135] pkgs: comma: fix 'nix-locate' invocation --- pkgs/comma/comma | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/comma/comma b/pkgs/comma/comma index 4367a26..857b9c9 100755 --- a/pkgs/comma/comma +++ b/pkgs/comma/comma @@ -12,7 +12,7 @@ usage() { find_program() { local CANDIDATE - CANDIDATE="$(nix-locate --top-level --minimal --at-root --whole-name "/bin/$1")" + CANDIDATE="$(nix-locate --minimal --at-root --whole-name "/bin/$1")" if [ "$(printf '%s\n' "$CANDIDATE" | wc -l)" -gt 1 ]; then CANDIDATE="$(printf '%s' "$CANDIDATE" | fzf-tmux)" fi From 7786c591b5f1e5745eb73b3a60ebe5e0704669a9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 4 Aug 2025 11:13:52 +0000 Subject: [PATCH 027/135] pkgs: comma: add 'COMMA_PICKER' --- pkgs/comma/comma | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/comma/comma b/pkgs/comma/comma index 857b9c9..b03a7f2 100755 --- a/pkgs/comma/comma +++ b/pkgs/comma/comma @@ -14,7 +14,7 @@ find_program() { local CANDIDATE CANDIDATE="$(nix-locate --minimal --at-root --whole-name "/bin/$1")" if [ "$(printf '%s\n' "$CANDIDATE" | wc -l)" -gt 1 ]; then - CANDIDATE="$(printf '%s' "$CANDIDATE" | fzf-tmux)" + CANDIDATE="$(printf '%s' "$CANDIDATE" | "${COMMA_PICKER:-fzf-tmux}")" fi printf '%s' "$CANDIDATE" } From f94fc468aa3c3bed51611d083d01e5adbecf75dd Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 4 Aug 2025 14:28:34 +0000 Subject: [PATCH 028/135] home: zsh: ignore more commands for notification --- modules/home/zsh/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 08b4101..1e85cce 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -14,10 +14,12 @@ in exclude = mkOption { type = with types; listOf str; default = [ + "bat" "delta" "direnv reload" "fg" "git (?!push|pull|fetch)" + "home-manager (?!switch|build|news)" "htop" "less" "man" From a10270f8e16b9e397782a8cd9297e516247b049e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 5 Aug 2025 11:00:26 +0000 Subject: [PATCH 029/135] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index e96a7a0..080c212 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1750173260, - "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", + "lastModified": 1754337839, + "narHash": "sha256-fEc2/4YsJwtnLU7HCFMRckb0u9UNnDZmwGhXT5U5NTw=", "owner": "ryantm", "repo": "agenix", - "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", + "rev": "856df6f6922845abd4fd958ce21febc07ca2fa45", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1753121425, - "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", + "lastModified": 1754091436, + "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", + "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1753617834, - "narHash": "sha256-WEVfKrdIdu5CpppJ0Va3vzP0DKlS+ZTLbBjugMO2Drg=", + "lastModified": 1754365350, + "narHash": "sha256-NLWIkn1qM0wxtZu/2NXRaujWJ4Y1PSZlc7h0y6pOzOQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "72cc1e3134a35005006f06640724319caa424737", + "rev": "c5d7e957397ecb7d48b99c928611c6e780db1b56", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1753429684, - "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", + "lastModified": 1754372978, + "narHash": "sha256-ByII9p9ek0k9UADC/hT+i9ueM2mw0Zxiz+bOlydU6Oo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", + "rev": "9ebe222ec7ef9de52478f76cba3f0324c1d1119f", "type": "github" }, "original": { @@ -200,11 +200,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1741294988, - "narHash": "sha256-3408u6q615kVTb23WtDriHRmCBBpwX7iau6rvfipcu4=", + "lastModified": 1753980880, + "narHash": "sha256-aj1pbYxL6N+XFqBHjB4B1QP0bnKRcg1AfpgT5zUFsW8=", "owner": "nix-community", "repo": "NUR", - "rev": "b30c245e2c44c7352a27485bfd5bc483df660f0e", + "rev": "16db3e61da7606984a05b4dfc33cd1d26d22fb22", "type": "github" }, "original": { From dd7b6135315c51812e6928087b20235c9fb7638d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 5 Aug 2025 11:03:01 +0000 Subject: [PATCH 030/135] pkgs: lohr: remove 'useFetchCargoVendor' It's now turned on by default. --- pkgs/lohr/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/pkgs/lohr/default.nix b/pkgs/lohr/default.nix index aeb13b1..d8545e0 100644 --- a/pkgs/lohr/default.nix +++ b/pkgs/lohr/default.nix @@ -10,7 +10,6 @@ rustPlatform.buildRustPackage rec { hash = "sha256-dunQgtap+XCK5LoSyOqIY/6p6HizBeiyPWNuCffwjDU="; }; - useFetchCargoVendor = true; cargoHash = "sha256-R3/N/43+bGx6acE/rhBcrk6kS5zQu8NJ1sVvKJJkK9w="; meta = with lib; { From f1d7da7fcb72aff435a975adfe710810ab064d93 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 00:11:26 +0200 Subject: [PATCH 031/135] nixos: services: matrix: refactor well-knowns --- modules/nixos/services/matrix/default.nix | 54 ++++++++++------------- 1 file changed, 23 insertions(+), 31 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index f423834..b43dbcc 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -14,6 +14,26 @@ let clientPort = { public = 443; private = 11339; }; domain = config.networking.domain; matrixDomain = "matrix.${domain}"; + + serverConfig = { + "m.server" = "${matrixDomain}:${toString federationPort.public}"; + }; + clientConfig = { + "m.homeserver" = { + "base_url" = "https://${matrixDomain}"; + "server_name" = domain; + }; + "m.identity_server" = { + "base_url" = "https://vector.im"; + }; + }; + + # ACAO required to allow element-web on any URL to request this json file + mkWellKnown = data: '' + default_type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON data}'; + ''; in { options.my.services.matrix = with lib; { @@ -96,15 +116,7 @@ in chat = { root = pkgs.element-web.override { conf = { - default_server_config = { - "m.homeserver" = { - "base_url" = "https://${matrixDomain}"; - "server_name" = domain; - }; - "m.identity_server" = { - "base_url" = "https://vector.im"; - }; - }; + default_server_config = clientConfig; showLabsSettings = true; defaultCountryCode = "FR"; # cocorico roomDirectory = { @@ -176,28 +188,8 @@ in forceSSL = true; useACMEHost = domain; - locations."= /.well-known/matrix/server".extraConfig = - let - server = { "m.server" = "${matrixDomain}:${toString federationPort.public}"; }; - in - '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON server}'; - ''; - - locations."= /.well-known/matrix/client".extraConfig = - let - client = { - "m.homeserver" = { "base_url" = "https://${matrixDomain}"; }; - "m.identity_server" = { "base_url" = "https://vector.im"; }; - }; - # ACAO required to allow element-web on any URL to request this json file - in - '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON client}'; - ''; + locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; + locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; }; }; From 0792e8c7cb1b75e608372e44fb36a885f28a998e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 00:34:40 +0200 Subject: [PATCH 032/135] nixos: services: matrix: fix element-web config --- modules/nixos/services/matrix/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index b43dbcc..42f7b4e 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -117,10 +117,11 @@ in root = pkgs.element-web.override { conf = { default_server_config = clientConfig; - showLabsSettings = true; - defaultCountryCode = "FR"; # cocorico - roomDirectory = { + show_labs_settings = true; + default_country_code = "FR"; # cocorico + room_directory = { "servers" = [ + domain "matrix.org" "mozilla.org" ]; From bd019258cb4f15e028bc4cb7a68353abe270e6ac Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 10:39:55 +0200 Subject: [PATCH 033/135] nixos: services: matrix: simplify listeners --- modules/nixos/services/matrix/default.nix | 93 ++++++++--------------- 1 file changed, 30 insertions(+), 63 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 42f7b4e..83dac7c 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -10,13 +10,11 @@ let cfg = config.my.services.matrix; - federationPort = { public = 8448; private = 11338; }; - clientPort = { public = 443; private = 11339; }; domain = config.networking.domain; matrixDomain = "matrix.${domain}"; serverConfig = { - "m.server" = "${matrixDomain}:${toString federationPort.public}"; + "m.server" = "${matrixDomain}:443"; }; clientConfig = { "m.homeserver" = { @@ -39,6 +37,13 @@ in options.my.services.matrix = with lib; { enable = mkEnableOption "Matrix Synapse"; + port = mkOption { + type = types.port; + default = 8448; + example = 8008; + description = "Internal port for listeners"; + }; + secretFile = mkOption { type = with types; nullOr str; default = null; @@ -78,22 +83,22 @@ in enable_registration = false; listeners = [ - # Federation { + inherit (cfg) port; bind_addresses = [ "::1" ]; - port = federationPort.private; - tls = false; # Terminated by nginx. + type = "http"; + tls = false; x_forwarded = true; - resources = [{ names = [ "federation" ]; compress = false; }]; - } - - # Client - { - bind_addresses = [ "::1" ]; - port = clientPort.private; - tls = false; # Terminated by nginx. - x_forwarded = true; - resources = [{ names = [ "client" ]; compress = false; }]; + resources = [ + { + names = [ "client" ]; + compress = true; + } + { + names = [ "federation" ]; + compress = false; + } + ]; } ]; @@ -130,11 +135,8 @@ in }; }; # Dummy VHosts for port collision detection - matrix-federation = { - port = federationPort.private; - }; - matrix-client = { - port = clientPort.private; + matrix-dummy = { + inherit (cfg) port; }; }; @@ -144,45 +146,15 @@ in onlySSL = true; useACMEHost = domain; - locations = - let - proxyToClientPort = { - proxyPass = "http://[::1]:${toString clientPort.private}"; - }; - in - { - # Or do a redirect instead of the 404, or whatever is appropriate - # for you. But do not put a Matrix Web client here! See the - # Element web section below. - "/".return = "404"; + locations = { + # Or do a redirect instead of the 404, or whatever is appropriate + # for you. But do not put a Matrix Web client here! See the + # Element web section below. + "/".return = "404"; - "/_matrix" = proxyToClientPort; - "/_synapse/client" = proxyToClientPort; - }; - - listen = [ - { addr = "0.0.0.0"; port = clientPort.public; ssl = true; } - { addr = "[::]"; port = clientPort.public; ssl = true; } - ]; - - }; - - # same as above, but listening on the federation port - "${matrixDomain}_federation" = { - onlySSL = true; - serverName = matrixDomain; - useACMEHost = domain; - - locations."/".return = "404"; - - locations."/_matrix" = { - proxyPass = "http://[::1]:${toString federationPort.private}"; + "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; + "/_synapse/client".proxyPass = "http://[::1]:${toString cfg.port}"; }; - - listen = [ - { addr = "0.0.0.0"; port = federationPort.public; ssl = true; } - { addr = "[::]"; port = federationPort.public; ssl = true; } - ]; }; "${domain}" = { @@ -197,11 +169,6 @@ in # For administration tools. environment.systemPackages = [ pkgs.matrix-synapse ]; - networking.firewall.allowedTCPPorts = [ - clientPort.public - federationPort.public - ]; - my.services.backup = { paths = [ config.services.matrix-synapse.dataDir From 1e31b2dfea4e2161c371806b262b924349ab31f5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 10:42:23 +0200 Subject: [PATCH 034/135] nixos: services: matrix: simplify VHost --- modules/nixos/services/matrix/default.nix | 31 ++++++++++------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 83dac7c..763d9b1 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -134,29 +134,26 @@ in }; }; }; - # Dummy VHosts for port collision detection - matrix-dummy = { + matrix = { + # Somewhat unused, but necessary for port collision detection inherit (cfg) port; + + extraConfig = { + locations = { + # Or do a redirect instead of the 404, or whatever is appropriate + # for you. But do not put a Matrix Web client here! See the + # Element web section below. + "/".return = "404"; + + "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; + "/_synapse/client".proxyPass = "http://[::1]:${toString cfg.port}"; + }; + }; }; }; # Those are too complicated to use my wrapper... services.nginx.virtualHosts = { - ${matrixDomain} = { - onlySSL = true; - useACMEHost = domain; - - locations = { - # Or do a redirect instead of the 404, or whatever is appropriate - # for you. But do not put a Matrix Web client here! See the - # Element web section below. - "/".return = "404"; - - "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; - "/_synapse/client".proxyPass = "http://[::1]:${toString cfg.port}"; - }; - }; - "${domain}" = { forceSSL = true; useACMEHost = domain; From fa7b4910f5cac8bc1f50cc396174ecceae8b1fd5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 11:06:04 +0200 Subject: [PATCH 035/135] nixos: services: matrix: fix proxy to synapse I want to make use of the `/_synapse/matrix/` sub-path, so just proxy the whole of `/_synapse/`. --- modules/nixos/services/matrix/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 763d9b1..dfd5b50 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -146,7 +146,7 @@ in "/".return = "404"; "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; - "/_synapse/client".proxyPass = "http://[::1]:${toString cfg.port}"; + "/_synapse".proxyPass = "http://[::1]:${toString cfg.port}"; }; }; }; From 9cadbe6256b8ea9db3c2acc3eeb0e02b903d7579 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 11:07:37 +0200 Subject: [PATCH 036/135] nixos: services: matrix: add admin interface --- modules/nixos/services/matrix/default.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index dfd5b50..837d150 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -10,6 +10,8 @@ let cfg = config.my.services.matrix; + adminPkg = pkgs.synapse-admin-etkecc; + domain = config.networking.domain; matrixDomain = "matrix.${domain}"; @@ -147,6 +149,22 @@ in "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; "/_synapse".proxyPass = "http://[::1]:${toString cfg.port}"; + + "= /admin".return = "307 /admin/"; + "/admin/" = { + alias = "${adminPkg}/"; + priority = 500; + tryFiles = "$uri $uri/ /index.html"; + }; + "~ ^/admin/.*\\.(?:css|js|jpg|jpeg|gif|png|svg|ico|woff|woff2|ttf|eot|webp)$" = { + priority = 400; + root = adminPkg; + extraConfig = '' + rewrite ^/admin/(.*)$ /$1 break; + expires 30d; + more_set_headers "Cache-Control: public"; + ''; + }; }; }; }; From 7a85a4440716f752c8f004330c9e2aa1a3c9886f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 20:06:40 +0200 Subject: [PATCH 037/135] nixos: services: matrix: remove obsolete comment --- modules/nixos/services/matrix/default.nix | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 837d150..483a72a 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -1,10 +1,4 @@ -# Matrix homeserver setup, using different endpoints for federation and client -# traffic. The main trick for this is defining two nginx servers endpoints for -# matrix.domain.com, each listening on different ports. -# -# Configuration shamelessly stolen from [1] -# -# [1]: https://github.com/alarsyo/nixos-config/blob/main/services/matrix.nix +# Matrix homeserver setup. { config, lib, pkgs, ... }: let From 30348a1e193318b1d8bbb8f6d828226f49e8eaa7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 22:28:22 +0200 Subject: [PATCH 038/135] nixos: services: matrix: add Facebook bridge I probably won't actually use it, after test-driving it quickly. But now that the effort has been expanded, might as well keep it if only as a future reference. --- modules/nixos/services/matrix/bridges.nix | 143 ++++++++++++++++++++++ modules/nixos/services/matrix/default.nix | 4 + 2 files changed, 147 insertions(+) create mode 100644 modules/nixos/services/matrix/bridges.nix diff --git a/modules/nixos/services/matrix/bridges.nix b/modules/nixos/services/matrix/bridges.nix new file mode 100644 index 0000000..70f4118 --- /dev/null +++ b/modules/nixos/services/matrix/bridges.nix @@ -0,0 +1,143 @@ +# Matrix bridges for some services I use +{ config, lib, ... }: +let + cfg = config.my.services.matrix.bridges; + synapseCfg = config.services.matrix-synapse; + + domain = config.networking.domain; + serverName = synapseCfg.settings.server_name; + + mkBridgeOption = n: lib.mkEnableOption "${n} bridge" // { default = cfg.enable; }; + mkPortOption = n: default: lib.mkOption { + type = lib.types.port; + inherit default; + example = 8080; + description = "${n} bridge port"; + }; + mkEnvironmentFileOption = n: lib.mkOption { + type = lib.types.str; + example = "/run/secret/matrix/${lib.toLower n}-bridge-secrets.env"; + description = '' + Path to a file which should contain the secret values for ${n} bridge. + + Using through the following format: + + ``` + MATRIX_APPSERVICE_AS_TOKEN= + MATRIX_APPSERVICE_HS_TOKEN= + ``` + + Each bridge should use a different set of secrets, as they each register + their own independent double-puppetting appservice. + ''; + }; +in +{ + options.my.services.matrix.bridges = with lib; { + enable = mkEnableOption "bridges configuration"; + + admin = mkOption { + type = types.str; + default = "ambroisie"; + example = "admin"; + description = "Local username for the admin"; + }; + + facebook = { + enable = mkBridgeOption "Facebook"; + + port = mkPortOption "Facebook" 29321; + + environmentFile = mkEnvironmentFileOption "Facebook"; + }; + }; + + config = lib.mkMerge [ + (lib.mkIf cfg.facebook.enable { + services.mautrix-meta.instances.facebook = { + enable = true; + # Automatically register the bridge with synapse + registerToSynapse = true; + + # Provide `AS_TOKEN`, `HS_TOKEN` + inherit (cfg.facebook) environmentFile; + + settings = { + homeserver = { + domain = serverName; + address = "http://localhost:${toString config.my.services.matrix.port}"; + }; + + appservice = { + hostname = "localhost"; + inherit (cfg.facebook) port; + address = "http://localhost:${toString cfg.facebook.port}"; + public_address = "https://facebook-bridge.${domain}"; + + as_token = "$MATRIX_APPSERVICE_AS_TOKEN"; + hs_token = "$MATRIX_APPSERVICE_HS_TOKEN"; + + bot = { + username = "fbbot"; + }; + }; + + backfill = { + enabled = true; + }; + + bridge = { + delivery_receipts = true; + permissions = { + "*" = "relay"; + ${serverName} = "user"; + "@${cfg.admin}:${serverName}" = "admin"; + }; + }; + + database = { + type = "postgres"; + uri = "postgres:///mautrix-meta-facebook?host=/var/run/postgresql/"; + }; + + double_puppet = { + secrets = { + ${serverName} = "as_token:$MATRIX_APPSERVICE_AS_TOKEN"; + }; + }; + + network = { + # Don't be picky on Facebook/Messenger + allow_messenger_com_on_fb = true; + displayname_template = ''{{or .DisplayName .Username "Unknown user"}} (FB)''; + }; + + provisioning = { + shared_secret = "disable"; + }; + }; + }; + + services.postgresql = { + enable = true; + ensureDatabases = [ "mautrix-meta-facebook" ]; + ensureUsers = [{ + name = "mautrix-meta-facebook"; + ensureDBOwnership = true; + }]; + }; + + systemd.services.mautrix-meta-facebook = { + wants = [ "postgres.service" ]; + after = [ "postgres.service" ]; + }; + + my.services.nginx.virtualHosts = { + # Proxy to the bridge + "facebook-bridge" = { + inherit (cfg.facebook) port; + }; + }; + }) + ]; +} diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 483a72a..04d24a0 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -30,6 +30,10 @@ let ''; in { + imports = [ + ./bridges.nix + ]; + options.my.services.matrix = with lib; { enable = mkEnableOption "Matrix Synapse"; From b1c9279c637956d134793431e0760d71a0e8bd97 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 2 Aug 2025 14:46:32 +0200 Subject: [PATCH 039/135] nixos: services: add thelounge --- modules/nixos/services/default.nix | 1 + modules/nixos/services/thelounge/default.nix | 59 ++++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100644 modules/nixos/services/thelounge/default.nix diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 27f8765..e03eca1 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -38,6 +38,7 @@ ./servarr ./ssh-server ./tandoor-recipes + ./thelounge ./tlp ./transmission ./vikunja diff --git a/modules/nixos/services/thelounge/default.nix b/modules/nixos/services/thelounge/default.nix new file mode 100644 index 0000000..e224839 --- /dev/null +++ b/modules/nixos/services/thelounge/default.nix @@ -0,0 +1,59 @@ +# Web IRC client +{ config, lib, ... }: +let + cfg = config.my.services.thelounge; +in +{ + options.my.services.thelounge = with lib; { + enable = mkEnableOption "The Lounge, a self-hosted web IRC client"; + + port = mkOption { + type = types.port; + default = 9050; + example = 4242; + description = "The port on which The Lounge will listen for incoming HTTP traffic."; + }; + }; + + config = lib.mkIf cfg.enable { + services.thelounge = { + enable = true; + inherit (cfg) port; + + extraConfig = { + reverseProxy = true; + }; + }; + + my.services.nginx.virtualHosts = { + irc = { + inherit (cfg) port; + # Proxy websockets for RPC + websocketsLocations = [ "/" ]; + + extraConfig = { + locations."/".extraConfig = '' + proxy_read_timeout 1d; + ''; + }; + }; + }; + + services.fail2ban.jails = { + thelounge = '' + enabled = true + filter = thelounge + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/thelounge.conf".text = '' + [Definition] + failregex = Authentication failed for user .* from $ + Authentication for non existing user attempted from $ + journalmatch = _SYSTEMD_UNIT=thelounge.service + ''; + }; + }; +} From 17ceaa5620c49c5445b99945475c477122637ce7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 6 Aug 2025 15:37:08 +0000 Subject: [PATCH 040/135] nixos: services: matrix: fix out-dated comments --- modules/nixos/services/matrix/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 04d24a0..97dec2e 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -142,7 +142,7 @@ in locations = { # Or do a redirect instead of the 404, or whatever is appropriate # for you. But do not put a Matrix Web client here! See the - # Element web section below. + # Element web section above. "/".return = "404"; "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; @@ -168,7 +168,7 @@ in }; }; - # Those are too complicated to use my wrapper... + # Setup well-known locations services.nginx.virtualHosts = { "${domain}" = { forceSSL = true; From 8688206ff530dc8fc6da6d2e6e68dcc56dc77622 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 11 Aug 2025 10:05:13 +0000 Subject: [PATCH 041/135] flake: bump inputs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 080c212..7ee0f96 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1754337839, - "narHash": "sha256-fEc2/4YsJwtnLU7HCFMRckb0u9UNnDZmwGhXT5U5NTw=", + "lastModified": 1754433428, + "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", "owner": "ryantm", "repo": "agenix", - "rev": "856df6f6922845abd4fd958ce21febc07ca2fa45", + "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", "type": "github" }, "original": { @@ -53,11 +53,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1754091436, - "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1750779888, - "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "lastModified": 1754416808, + "narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1754365350, - "narHash": "sha256-NLWIkn1qM0wxtZu/2NXRaujWJ4Y1PSZlc7h0y6pOzOQ=", + "lastModified": 1754886238, + "narHash": "sha256-LTQomWOwG70lZR+78ZYSZ9sYELWNq3HJ7/tdHzfif/s=", "owner": "nix-community", "repo": "home-manager", - "rev": "c5d7e957397ecb7d48b99c928611c6e780db1b56", + "rev": "0d492b89d1993579e63b9dbdaed17fd7824834da", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1754372978, - "narHash": "sha256-ByII9p9ek0k9UADC/hT+i9ueM2mw0Zxiz+bOlydU6Oo=", + "lastModified": 1754725699, + "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9ebe222ec7ef9de52478f76cba3f0324c1d1119f", + "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", "type": "github" }, "original": { From 8c506ea03cfcbbc805eb5e9b26863fa5a0260400 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 8 Aug 2025 09:56:33 +0000 Subject: [PATCH 042/135] home: xdg: enable 'preferXdgDirectories' At the moment this only makes a difference for `dircolors`. --- modules/home/xdg/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index 803167f..7a0c517 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -56,4 +56,7 @@ in XCOMPOSECACHE = "${dataHome}/X11/xcompose"; _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java"; }; + + # Some modules *optionally* use `XDG_*_HOME` when told to + config.home.preferXdgDirectories = lib.mkIf cfg.enable true; } From 5f073875e63aadc7ac925b4fd078248d94f565cd Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 11 Aug 2025 10:18:35 +0000 Subject: [PATCH 043/135] home: tmux: use consistent commenting style --- modules/home/tmux/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 3ea047a..e3e3daf 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -61,8 +61,8 @@ in pain-control # Better session management sessionist + # X clipboard integration { - # X clipboard integration plugin = yank; extraConfig = '' # Use 'clipboard' because of misbehaving apps (e.g: firefox) @@ -71,8 +71,8 @@ in set -g @yank_action 'copy-pipe' ''; } + # Show when prefix has been pressed { - # Show when prefix has been pressed plugin = prefix-highlight; extraConfig = '' # Also show when I'm in copy or sync mode From e2ae3e02d91291327f883db2bf6fc6a14e269828 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 18 Aug 2025 11:00:38 +0000 Subject: [PATCH 044/135] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 7ee0f96..f4d5f57 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1754416808, - "narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=", + "lastModified": 1755446520, + "narHash": "sha256-I0Ok1OGDwc1jPd8cs2VvAYZsHriUVFGIUqW+7uSsOUM=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864", + "rev": "4b04db83821b819bbbe32ed0a025b31e7971f22e", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1754886238, - "narHash": "sha256-LTQomWOwG70lZR+78ZYSZ9sYELWNq3HJ7/tdHzfif/s=", + "lastModified": 1755491080, + "narHash": "sha256-ib1Xi13NEalrFqQAHceRsb+6aIPANFuQq80SS/bY10M=", "owner": "nix-community", "repo": "home-manager", - "rev": "0d492b89d1993579e63b9dbdaed17fd7824834da", + "rev": "f8af2cbe386f9b96dd9efa57ab15a09377f38f4d", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1754725699, - "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", + "lastModified": 1755186698, + "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", + "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", "type": "github" }, "original": { From f3af8f9ba8b0042875d9c856cb6ec5b37889ddcb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 21 Aug 2025 12:06:37 +0000 Subject: [PATCH 045/135] home: atuin: remove bad comment Most likely a copy-paste error. --- modules/home/atuin/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/home/atuin/default.nix b/modules/home/atuin/default.nix index dbd9690..40d2b04 100644 --- a/modules/home/atuin/default.nix +++ b/modules/home/atuin/default.nix @@ -6,7 +6,6 @@ in options.my.home.atuin = with lib; { enable = my.mkDisableOption "atuin configuration"; - # I want the full experience by default package = mkPackageOption pkgs "atuin" { }; daemon = { From 1a109b6b1f48919cc07a2a3c853858e5900eede4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 26 Aug 2025 11:39:23 +0000 Subject: [PATCH 046/135] flake: bump inputs And fix a renamed package. --- flake.lock | 18 +++++++++--------- modules/nixos/profiles/x/default.nix | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index f4d5f57..ca1b422 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1755446520, - "narHash": "sha256-I0Ok1OGDwc1jPd8cs2VvAYZsHriUVFGIUqW+7uSsOUM=", + "lastModified": 1755960406, + "narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "4b04db83821b819bbbe32ed0a025b31e7971f22e", + "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1755491080, - "narHash": "sha256-ib1Xi13NEalrFqQAHceRsb+6aIPANFuQq80SS/bY10M=", + "lastModified": 1756022458, + "narHash": "sha256-J1i35r4HfNDdPpwL0vOBaZopQudAUVtartEerc1Jryc=", "owner": "nix-community", "repo": "home-manager", - "rev": "f8af2cbe386f9b96dd9efa57ab15a09377f38f4d", + "rev": "9e3a33c0bcbc25619e540b9dfea372282f8a9740", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1755186698, - "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", + "lastModified": 1756125398, + "narHash": "sha256-XexyKZpf46cMiO5Vbj+dWSAXOnr285GHsMch8FBoHbc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", + "rev": "3b9f00d7a7bf68acd4c4abb9d43695afb04e03a5", "type": "github" }, "original": { diff --git a/modules/nixos/profiles/x/default.nix b/modules/nixos/profiles/x/default.nix index ea77939..874f36f 100644 --- a/modules/nixos/profiles/x/default.nix +++ b/modules/nixos/profiles/x/default.nix @@ -13,7 +13,7 @@ in # Nice wallpaper services.xserver.displayManager.lightdm.background = let - wallpapers = "${pkgs.plasma5Packages.plasma-workspace-wallpapers}/share/wallpapers"; + wallpapers = "${pkgs.kdePackages.plasma-workspace-wallpapers}/share/wallpapers"; in "${wallpapers}/summer_1am/contents/images/2560x1600.jpg"; From a889dfbb1a9ce76410e6655ba82616a4c20a3e71 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 26 Aug 2025 11:40:40 +0000 Subject: [PATCH 047/135] home: nix: fix renamed option --- modules/home/nix/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/nix/default.nix b/modules/home/nix/default.nix index c67cc6a..2f435a8 100644 --- a/modules/home/nix/default.nix +++ b/modules/home/nix/default.nix @@ -69,7 +69,7 @@ in automatic = true; # Every week, with some wiggle room - frequency = "weekly"; + dates = "weekly"; randomizedDelaySec = "10min"; # Use a persistent timer for e.g: laptops From 31147abd9176c9b8afbfa4924df0f589f041b3fc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 26 Aug 2025 13:07:41 +0000 Subject: [PATCH 048/135] home: add trgui --- modules/home/default.nix | 1 + modules/home/trgui/default.nix | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 modules/home/trgui/default.nix diff --git a/modules/home/default.nix b/modules/home/default.nix index 1c40377..ad3b979 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -38,6 +38,7 @@ ./ssh ./terminal ./tmux + ./trgui ./udiskie ./vim ./wget diff --git a/modules/home/trgui/default.nix b/modules/home/trgui/default.nix new file mode 100644 index 0000000..ee545a9 --- /dev/null +++ b/modules/home/trgui/default.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.my.home.trgui; +in +{ + options.my.home.trgui = with lib; { + enable = mkEnableOption "Transmission GUI onfiguration"; + + package = mkPackageOption pkgs "TrguiNG" { default = "trgui-ng"; }; + }; + + config = lib.mkIf cfg.enable { + home.packages = with pkgs; [ + cfg.package + ]; + }; +} From 1800cb9daa62bf87d55b98baf84a0d2d9a70129c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 26 Aug 2025 13:08:58 +0000 Subject: [PATCH 049/135] hosts: nixos: aramis: use 'trgui' module --- hosts/nixos/aramis/home.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix index 221b1ea..7578582 100644 --- a/hosts/nixos/aramis/home.nix +++ b/hosts/nixos/aramis/home.nix @@ -20,7 +20,6 @@ element-desktop # Matrix client jellyfin-media-player # Wraps the webui and mpv together pavucontrol # Audio mixer GUI - trgui-ng # Transmission remote ]; # Minimal video player mpv.enable = true; @@ -28,6 +27,8 @@ nm-applet.enable = true; # Terminal terminal.program = "alacritty"; + # Transmission remote + trgui.enable = true; # Zathura document viewer zathura.enable = true; }; From 3fa1664b5c574632c67848e44c167c77cf638ccb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 21 Feb 2025 16:47:11 +0000 Subject: [PATCH 050/135] home: delta: use stand-alone configuration file Ideally, I'd like for `delta` to just read a configuration file at `$XDG_CONFIG_HOME/delta/config` by default, but upstream seems somewhat reticent to the idea :-/. So instead, let's keep relying on `git` being enabled, but rather than inlining the configuration, let's store it where I think it should belong and include it into `gitconfig`. --- modules/home/delta/default.nix | 59 ++++++++++++++++++++-------------- 1 file changed, 35 insertions(+), 24 deletions(-) diff --git a/modules/home/delta/default.nix b/modules/home/delta/default.nix index 58ee031..16d3d59 100644 --- a/modules/home/delta/default.nix +++ b/modules/home/delta/default.nix @@ -1,6 +1,9 @@ { config, pkgs, lib, ... }: let cfg = config.my.home.delta; + + configFormat = pkgs.formats.gitIni { }; + configPath = "${config.xdg.configHome}/delta/config"; in { options.my.home.delta = with lib; { @@ -34,35 +37,43 @@ in home.packages = [ cfg.package ]; + xdg.configFile."delta/config".source = configFormat.generate "delta-config" { + delta = { + features = "diff-highlight decorations"; + + # Less jarring style for `diff-highlight` emulation + diff-highlight = { + minus-style = "red"; + minus-non-emph-style = "red"; + minus-emph-style = "bold red 52"; + + plus-style = "green"; + plus-non-emph-style = "green"; + plus-emph-style = "bold green 22"; + + whitespace-error-style = "reverse red"; + }; + + # Personal preference for easier reading + decorations = { + commit-style = "raw"; # Do not recolor meta information + keep-plus-minus-markers = true; + paging = "always"; + }; + }; + }; + programs.git = lib.mkIf cfg.git.enable { delta = { enable = true; inherit (cfg) package; - - options = { - features = "diff-highlight decorations"; - - # Less jarring style for `diff-highlight` emulation - diff-highlight = { - minus-style = "red"; - minus-non-emph-style = "red"; - minus-emph-style = "bold red 52"; - - plus-style = "green"; - plus-non-emph-style = "green"; - plus-emph-style = "bold green 22"; - - whitespace-error-style = "reverse red"; - }; - - # Personal preference for easier reading - decorations = { - commit-style = "raw"; # Do not recolor meta information - keep-plus-minus-markers = true; - paging = "always"; - }; - }; }; + + includes = [ + { + path = configPath; + } + ]; }; }; } From 3dd4f07609a8d8c9f15530745aa68ba458b943f3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 4 Sep 2025 11:35:39 +0000 Subject: [PATCH 051/135] hosts: nixos: aramis: home: drop 'jellyfin-media-player' It's about to be made broken due to using QtWebEngine 5, which is EOL and marked insecure in new nixpkgs. --- hosts/nixos/aramis/home.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix index 7578582..e8c99e4 100644 --- a/hosts/nixos/aramis/home.nix +++ b/hosts/nixos/aramis/home.nix @@ -18,7 +18,6 @@ # Machine specific packages packages.additionalPackages = with pkgs; [ element-desktop # Matrix client - jellyfin-media-player # Wraps the webui and mpv together pavucontrol # Audio mixer GUI ]; # Minimal video player From b9bc37d365c607bdda473c9f2a0a992f0e8f6cc0 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 4 Sep 2025 11:14:25 +0000 Subject: [PATCH 052/135] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index ca1b422..e86674e 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1754487366, - "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", + "rev": "4524271976b625a4a605beefd893f270620fd751", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1756022458, - "narHash": "sha256-J1i35r4HfNDdPpwL0vOBaZopQudAUVtartEerc1Jryc=", + "lastModified": 1756954499, + "narHash": "sha256-Pg4xBHzvzNY8l9x/rLWoJMnIR8ebG+xeU+IyqThIkqU=", "owner": "nix-community", "repo": "home-manager", - "rev": "9e3a33c0bcbc25619e540b9dfea372282f8a9740", + "rev": "ed1a98c375450dfccf427adacd2bfd1a7b22eb25", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1756125398, - "narHash": "sha256-XexyKZpf46cMiO5Vbj+dWSAXOnr285GHsMch8FBoHbc=", + "lastModified": 1756936398, + "narHash": "sha256-/o1TTpMIICpjrMHBilL9lYm/r69uhdK1L8j1pfY6tWU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3b9f00d7a7bf68acd4c4abb9d43695afb04e03a5", + "rev": "47f28ad9378956563df9a884fd1b209b64336ba3", "type": "github" }, "original": { From e6c95245b27e5ac6fbac237d222c56a39ba401f9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 4 Sep 2025 11:17:27 +0000 Subject: [PATCH 053/135] home: ssh: disable default config It's been deprecated. This also makes my `addKeysToAgent` configuration more explicit. --- modules/home/ssh/default.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/modules/home/ssh/default.nix b/modules/home/ssh/default.nix index 748b195..b0b4167 100644 --- a/modules/home/ssh/default.nix +++ b/modules/home/ssh/default.nix @@ -17,6 +17,7 @@ in { programs.ssh = { enable = true; + enableDefaultConfig = false; includes = [ # Local configuration, not-versioned @@ -53,11 +54,12 @@ in identityFile = "~/.ssh/shared_rsa"; user = "ambroisie"; }; - }; - extraConfig = '' - AddKeysToAgent yes - ''; + # `*` is automatically made the last match block by the module + "*" = { + addKeysToAgent = "yes"; + }; + }; }; } From fa6bcabf95d8d1d860612880198271b6d31cbb0a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 11 Sep 2025 13:33:27 +0000 Subject: [PATCH 054/135] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index e86674e..d510422 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1755960406, - "narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=", + "lastModified": 1757588530, + "narHash": "sha256-tJ7A8mID3ct69n9WCvZ3PzIIl3rXTdptn/lZmqSS95U=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2", + "rev": "b084b2c2b6bc23e83bbfe583b03664eb0b18c411", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1756954499, - "narHash": "sha256-Pg4xBHzvzNY8l9x/rLWoJMnIR8ebG+xeU+IyqThIkqU=", + "lastModified": 1757578556, + "narHash": "sha256-w1PGkTGow5XzsjccV364No46rkuGxTqo7m/4cfhnkIk=", "owner": "nix-community", "repo": "home-manager", - "rev": "ed1a98c375450dfccf427adacd2bfd1a7b22eb25", + "rev": "b7112b12ea5b8c3aa6af344498ed9ca27dd03ba3", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1756936398, - "narHash": "sha256-/o1TTpMIICpjrMHBilL9lYm/r69uhdK1L8j1pfY6tWU=", + "lastModified": 1757487488, + "narHash": "sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/+G0lKfv4kk/5Izdg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "47f28ad9378956563df9a884fd1b209b64336ba3", + "rev": "ab0f3607a6c7486ea22229b92ed2d355f1482ee0", "type": "github" }, "original": { From 27da55519c74d63010d67153041aed789b9add97 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 25 Jul 2025 17:57:07 +0200 Subject: [PATCH 055/135] hosts: nixos: porthos: secrets: update cross-seed --- .../servarr/cross-seed/configuration.json.age | Bin 1528 -> 2031 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age index e319f3a823c4eb4c84b15f6630ea5fbf42f9092b..94fdf975d6418d394c62c42e572374b24865a776 100644 GIT binary patch delta 2009 zcmeyt{hohedfX?k{` z1y`7VVx&c?t9gk}QGTLxrkh!^t9em@esE}{g_)bXV|KY;V0m7Fd!m_FI+w1ULUD11 zZfc5=si~o*LRLV2d0x7Lc4U~PQL39qp1E1MdzE&0T786jgi(<}SWvRRr>}W=NOneY zrcYjImWfk2S4vnwc0qtaN}6SkajCw(qj8|KuW4wYgetwcC zm#(g^f^l-HWw5zNc~GcZlw(O$j#rLXR7JXTSaMlrp{u)Zm9JTfp`lNNdw8ZVSDWh2 z#!s*K@6<=xMeC=_?o%thNw!FzUK4zk}9+{djIX+e!sW%u-<*K zg`x6<({7nAg+QS)2}b2ZmsR#`cpQHtgw@qh{oS4Gr>yq1s#KP78(f|7M(2v?f%cFe zdK+w(Zm`yo-MD;X``@U5HMtds3LFpZa5q1Cf75z}isUzQ>VLkt(ynF|81>FrXLCH$ z&Wg1ktsTOTJ1K~>PqjR-D6s8Rtp3~@hpFB>^wx-#gs$M}+jXGsy0-4(1ewXs50~V9 zigIN*cem0SAT8vTwG@xF2&}V%g5S zbvLK-3d;z?W9>pkOWr#(XkWXVVP|5$)ZhG+qZ8B2YbTa}`trR_>-1!U!(B7G11l{bt?>D>|=Kub_=9QkS@T}J?SIitfI~6^tt!|Y)v2h;1n)1`V z^%<7OY!&Qdwto1vAxZbHfJdh+7gNxYqZbm7g{+Ugy6ZIe(uq2;z6)gUTv&2mIwWs} z`Jb6(eo-4|_i@JaeX8Aga9R4TNoQQjnCdU9=-tg%yWXYGos)OrL|50Lsa>f#I|Tn( zm;8>rDZ-*VTesuU&gWORr%Bgeue7R^~XAzs7N@4HA;{rsO9 z(lcKkSH8CF)vc%7PI{P}PhjU&yYZyV>r;N$oW#dc`PN(KH6K_c*=RX)jl4ik>7nF) zi}y3+>-Q_2J1E(mqogFoT;R$fBa%KTE2z-p=sQbU3)SaQ8?7D|xwkx1+x=Ulwobr`hivkGzlMSL?8Q-sbhbg}o$K$mIIH zn0HrR$J-qIx@KYe{<}(PTLeqJn~Z~X9<@w9f4_O%`H!FKAJtY##bwWRs!*8z{MRC` zI-BiZr>zmYS)$ z*m*YGcj9~FFg0lr+tj)MjT`d&KJjcaDB}82=PS>xrn-*l#vVq~IgZkasoUcwy?*9n zH#IWykeL|GQm@(g<#EC39dVNl8!f#inVDF< z$!ubHtf#Ue)$W-%d&^UW%1wOYr(Dfmq(9@P%IEI)U~jA!nzX*@t#PvD zDtUul9?IUFi#z5V4msEVsjKen0zdPe`3<|x6EvO#&f&HE_d~?})olj5HA3MR%BGr2 z_*Z=pntyD?-8F6pjf9_a2=2euvi3vMm(aqg=Y$zvh(BeT)V|(D)9IV@nu9!v*JR{n z&M`7N^;$&l_*0NFLr7&|#!U16tojWXxUPF{dfv<5`Qu`Q$PKIfAJ1iO80l}nptO9+ z?i90~zY5O$PSC#n$>b|9fBch~(ckU}{JdRZUvsv-eaW*k$0Qn;-O6fSw@bnP-KruH z#&1F$=Wd>1*mhZ}{V-cHgWhihiEFIvEw?Hz_}LitY2LL* zt@Z1oj|R+tZ+Ggb>@tQY@q5qN3J5UR2b!JHXuRSz#rx+HDSvbIJ)7;%?4Q(sVDEgB zDX|yxcpJEV-JA|Od%LWCbNvl}&yV&e`Toj}<$%nuu`;S@J6{!d_~ppE)|WJbR<50BIXQa& z+@HM~=S~$}b5jXYU(#)V<;K6#-sL^Wip$!Eo@>XNquY$E z7?Hu=vv9MR$YZ_4OQGumFMo6W5x^rP=Mt)AETV`3V z1(#E4QAJ@+N^qv5r>~)BvQubgdVynQWKwEazOiRuRf$n@d4RJ~l2Kr;1(&X!LUD11 zZfc5=si~o*LRLV2d0x7LTcA^FQMP_+ScYYkbCiF2Kz*uLx|y4Yvy+>npMhItskXmS zqIsZaWtO7}muXf=R=J;Zl8HxhR8p98WpSjBN1#htPF{*xP+m@HvU6p4X<2GTMrw)$ zm#(g^f>}hNuTxTJMdzPPBsB^Mmo>ycf*D2@n z37;fCdeuv+?>w+R<0Yeo{}QfuMmN)!+&k=0a;^TSYwE4IY0U~Q?{9Yfw0X#~C0&SF zX}+aS((K$VJ-bblR?1ZG`JdIke`#ik!jg~Af1G*t+V950$FnqoQUr|mohx^EF@65T z!^>7rb@N!fc}v>LkM#>r%T@8aynXUz(Vrc1N_9sTE>E4Nw7mX$h0l{u+OqtM1bTj@ z{(q8F`{LD`c_O|u&izgQ`QeY>?OCTZ*t+M1PUGCN>2JW}-2Va(cQ3Qqb*%S#`^L*J zG+q`LyViT9Zd*R-NA%IVo*yc{RKzX66}P)FtGzy)v4%Z9f!XkKo!$0ChYdC^i?TxQ zn;!e4|M;`7(CJ-Ed03yy+^*NF)SaH%BJzKE^2OXKtanWAHZ%#J&b~Tv%d`CgUAeXM zmqgG0v{sNa#44C8s9yZV?WjFxZhl>tDqUQvv?~1K4ePy1>-d}J>u|1KJ8x&IqfYo+ zv*Wuy^8DMJ_IAY~9#8ikC1JDBo^u^VY~lYmh;NKyxvQY*wpb@t-T7Qi$XnlQ^#W44 zZ`SP8{vYOUcPhZZFKDgXN`tTQ-^=Rxdu|@>URiWR^t<<$J0G5AKAz@imKnqS{_7*H z#FFImH@qBwus*nwkZR2-_kL^j^KWZC&P&xjDY@4u!1R1$kMd!|Dd)3Oj?a-1@bQuJ zGhz?e+$&-I#Jc~q!JT&{OXn-=ZTu><_0+@qFGA5bx1N1jc_%AC@a99t6+hbVFjPD* zlbM&YU~#mT=C-yyD6{*CAU zbAcA213k_z6ZG$z|4sdxvnDiormsueVi3I=hEAwk9|GFUKP*( zmVCWq#*6=IN3OVUo_;VjW9z5BgI6P(MYo&%yc#j-Pdb0amK!C$A9UOt4%p@|(ERo= zklTIkm2$WJ$%@ynyzZJ(QCwgDr_KO<~sq1K!1b7eBA@YG1o_ZS9v8 z<^gMpl?pxQNNIoN50~D4D9GRL(1pc$?pxUA*sb!4%qx!Ga!2Fh)W#z7ZdRxIg}XfB zp55k34$-WbeoQ+va{*q&I@m&wc zd^er?vXJvLKbtK3YbrlQ;`sKm-4o}XlD+TIschDg_~GD{&rUZ^itg#_SzfzD;_Y=d zZS&;ktru!-w(1*&1`97TayHfcbHvdhOU!CRc)|p!BKv182~T_$y*_L?x3k From 4c3e3d471fa61dcd5de24f0338b36e3b29c83f1f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 13 Sep 2025 19:10:39 +0200 Subject: [PATCH 056/135] modules: services: nginx: fix SSL renewal, again I'd previously fixed this in 1e10c6630b2c46bd40c2b23fa6a4f7c8fa751823, however NixOS has recently updated how the renewal units work [1], which broke it. [1]: https://github.com/NixOS/nixpkgs/pull/422076 --- modules/nixos/services/nginx/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index 1e9e38a..ff530b0 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -444,7 +444,7 @@ in }; }; - systemd.services."acme-${domain}" = { + systemd.services."acme-order-renew-${domain}" = { serviceConfig = { Environment = [ # Since I do a "weird" setup with a wildcard CNAME From 445b3d1422651d1604eda311f74ff0260386f76e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 18 Sep 2025 10:03:06 +0000 Subject: [PATCH 057/135] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index d510422..b9c0fd5 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1757588530, - "narHash": "sha256-tJ7A8mID3ct69n9WCvZ3PzIIl3rXTdptn/lZmqSS95U=", + "lastModified": 1758108966, + "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "b084b2c2b6bc23e83bbfe583b03664eb0b18c411", + "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1757578556, - "narHash": "sha256-w1PGkTGow5XzsjccV364No46rkuGxTqo7m/4cfhnkIk=", + "lastModified": 1758184248, + "narHash": "sha256-TOazVsj8D1LTGQ6q8xdtfoPs9Z+PiqUS952WvZPssR0=", "owner": "nix-community", "repo": "home-manager", - "rev": "b7112b12ea5b8c3aa6af344498ed9ca27dd03ba3", + "rev": "bf7056c6a2d893d80db18d06d7e730d6515aaae8", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1757487488, - "narHash": "sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/+G0lKfv4kk/5Izdg=", + "lastModified": 1758035966, + "narHash": "sha256-qqIJ3yxPiB0ZQTT9//nFGQYn8X/PBoJbofA7hRKZnmE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ab0f3607a6c7486ea22229b92ed2d355f1482ee0", + "rev": "8d4ddb19d03c65a36ad8d189d001dc32ffb0306b", "type": "github" }, "original": { From 9f9c1e571b7a871db4a19d9bfe7fc3ebf9b24875 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 15 Sep 2025 13:22:30 +0000 Subject: [PATCH 058/135] home: zsh: do not notify on 'home-manager news' --- modules/home/zsh/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 1e85cce..3c1e515 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -19,7 +19,7 @@ in "direnv reload" "fg" "git (?!push|pull|fetch)" - "home-manager (?!switch|build|news)" + "home-manager (?!switch|build)" "htop" "less" "man" From 5b47fc63656b7583fb427386339c7adce3cc7e97 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 3 Oct 2025 12:23:54 +0200 Subject: [PATCH 059/135] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index b9c0fd5..1889e0c 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "lastModified": 1759362264, + "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", + "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1758184248, - "narHash": "sha256-TOazVsj8D1LTGQ6q8xdtfoPs9Z+PiqUS952WvZPssR0=", + "lastModified": 1759337100, + "narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=", "owner": "nix-community", "repo": "home-manager", - "rev": "bf7056c6a2d893d80db18d06d7e730d6515aaae8", + "rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1758035966, - "narHash": "sha256-qqIJ3yxPiB0ZQTT9//nFGQYn8X/PBoJbofA7hRKZnmE=", + "lastModified": 1759422813, + "narHash": "sha256-WNkZqscW/dPLK5NMKH/jCkYMaVm/3KWgPmKMq65IXxk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8d4ddb19d03c65a36ad8d189d001dc32ffb0306b", + "rev": "2a7c84e1e740f004e0fe5c2577a63d1e659a496c", "type": "github" }, "original": { From 62533d435b9d86cf0c1271cd0a14ed73a67584f2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 3 Oct 2025 12:18:38 +0000 Subject: [PATCH 060/135] home: vim: lspconfig: use native configuration The `nvim-lspconfig` "framework" is being deprecated to use the native `vim.lsp.config` and `vim.lsp.enable` functionality. I _could_ remove the `is_executable` checks, as native LSP handling does _not_ loudly error out when enabling a server which isn't executable. However I think `:LspInfo` is more readable if I don't. --- .../home/vim/plugin/settings/lspconfig.lua | 57 ++++++------------- 1 file changed, 17 insertions(+), 40 deletions(-) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 7817d4c..68158b2 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -1,4 +1,3 @@ -local lspconfig = require("lspconfig") local lsp = require("ambroisie.lsp") local utils = require("ambroisie.utils") @@ -25,59 +24,45 @@ vim.diagnostic.config({ -- Inform servers we are able to do completion, snippets, etc... local capabilities = require("cmp_nvim_lsp").default_capabilities() +-- Shared configuration +vim.lsp.config("*", { + capabilities = capabilities, + on_attach = lsp.on_attach, +}) + -- C/C++ if utils.is_executable("clangd") then - lspconfig.clangd.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("clangd") end -- Haskell if utils.is_executable("haskell-language-server-wrapper") then - lspconfig.hls.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("hls") end -- Nix if utils.is_executable("nil") then - lspconfig.nil_ls.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("nil_ls") end -- Python if utils.is_executable("pyright") then - lspconfig.pyright.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("pyright") end if utils.is_executable("ruff") then - lspconfig.ruff.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("ruff") end -- Rust if utils.is_executable("rust-analyzer") then - lspconfig.rust_analyzer.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("rust_analyzer") end -- Shell if utils.is_executable("bash-language-server") then - lspconfig.bashls.setup({ + vim.lsp.config("bashls", { filetypes = { "bash", "sh", "zsh" }, - capabilities = capabilities, - on_attach = lsp.on_attach, settings = { bashIde = { shfmt = { @@ -89,27 +74,19 @@ if utils.is_executable("bash-language-server") then }, }, }) + vim.lsp.enable("bashls") end -- Starlark if utils.is_executable("starpls") then - lspconfig.starpls.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("starpls") end -- Generic if utils.is_executable("harper-ls") then - lspconfig.harper_ls.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("harper_ls") end if utils.is_executable("typos-lsp") then - lspconfig.typos_lsp.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("typos_lsp") end From 6b1b5300cdc275422e1eab5cdc24b7f6f6798d1b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 3 Oct 2025 12:39:18 +0000 Subject: [PATCH 061/135] home: vim: lspconfig: simplify LSP config Despite what I just said in the previous commit, I decided to remove the `is_executable` checks and always enable all servers. I figured out that NeoVim actually handles `PATH` modifications pretty well in this scenario: making a previously unavailable server executable will automatically enable it. --- .../home/vim/plugin/settings/lspconfig.lua | 73 +++++++------------ 1 file changed, 26 insertions(+), 47 deletions(-) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 68158b2..1596e84 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -30,38 +30,20 @@ vim.lsp.config("*", { on_attach = lsp.on_attach, }) --- C/C++ -if utils.is_executable("clangd") then - vim.lsp.enable("clangd") -end - --- Haskell -if utils.is_executable("haskell-language-server-wrapper") then - vim.lsp.enable("hls") -end - --- Nix -if utils.is_executable("nil") then - vim.lsp.enable("nil_ls") -end - --- Python -if utils.is_executable("pyright") then - vim.lsp.enable("pyright") -end - -if utils.is_executable("ruff") then - vim.lsp.enable("ruff") -end - --- Rust -if utils.is_executable("rust-analyzer") then - vim.lsp.enable("rust_analyzer") -end - --- Shell -if utils.is_executable("bash-language-server") then - vim.lsp.config("bashls", { +local servers = { + -- C/C++ + clangd = {}, + -- Haskell + hls = {}, + -- Nix + nil_ls = {}, + -- Python + pyright = {}, + ruff = {}, + -- Rust + rust_analyzer = {}, + -- Shell + bashls = { filetypes = { "bash", "sh", "zsh" }, settings = { bashIde = { @@ -73,20 +55,17 @@ if utils.is_executable("bash-language-server") then }, }, }, - }) - vim.lsp.enable("bashls") -end + }, + -- Starlark + starpls = {}, + -- Generic + harper_ls = {}, + typos_lsp = {}, +} --- Starlark -if utils.is_executable("starpls") then - vim.lsp.enable("starpls") -end - --- Generic -if utils.is_executable("harper-ls") then - vim.lsp.enable("harper_ls") -end - -if utils.is_executable("typos-lsp") then - vim.lsp.enable("typos_lsp") +for server, config in pairs(servers) do + if not vim.tbl_isempty(config) then + vim.lsp.config(server, config) + end + vim.lsp.enable(server) end From 2df05aaa1a2f85601df107f16bfec70b9239eab4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 Oct 2025 09:33:49 +0000 Subject: [PATCH 062/135] flake: bump inputs And fix a breaking change leading to an evaluation failure. --- flake.lock | 36 +++++++++++----------- modules/nixos/services/homebox/default.nix | 2 +- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index 1889e0c..1a8a934 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1754433428, - "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", + "lastModified": 1760836749, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", + "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1759362264, - "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1758108966, - "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", + "lastModified": 1760663237, + "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", + "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1759337100, - "narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=", + "lastModified": 1760969583, + "narHash": "sha256-vsf5mvR0xxK4GsfLx5bMJAQ4ysdrKymMIifNw+4TP7g=", "owner": "nix-community", "repo": "home-manager", - "rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3", + "rev": "c9d758b500e53db5b74aa02d17dc45b65229e8e9", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1759422813, - "narHash": "sha256-WNkZqscW/dPLK5NMKH/jCkYMaVm/3KWgPmKMq65IXxk=", + "lastModified": 1760878510, + "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2a7c84e1e740f004e0fe5c2577a63d1e659a496c", + "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", "type": "github" }, "original": { @@ -200,11 +200,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1753980880, - "narHash": "sha256-aj1pbYxL6N+XFqBHjB4B1QP0bnKRcg1AfpgT5zUFsW8=", + "lastModified": 1759781536, + "narHash": "sha256-v/X5gKmgVoGtu5elYyUu2w037PyWVhrqnWzXkLJ9xnY=", "owner": "nix-community", "repo": "NUR", - "rev": "16db3e61da7606984a05b4dfc33cd1d26d22fb22", + "rev": "c30a53a5947bcc874b3f8842e6fe5c34bc81d8dd", "type": "github" }, "original": { diff --git a/modules/nixos/services/homebox/default.nix b/modules/nixos/services/homebox/default.nix index 8ed5d77..524a6d7 100644 --- a/modules/nixos/services/homebox/default.nix +++ b/modules/nixos/services/homebox/default.nix @@ -39,7 +39,7 @@ in my.services.backup = { paths = [ - config.services.homebox.settings.HBOX_STORAGE_DATA + (lib.removePrefix "file://" config.services.homebox.settings.HBOX_STORAGE_CONN_STRING) ]; }; From 9ddc77958ab4c647df7173a3a5eee08ae88f926b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 Oct 2025 09:35:02 +0000 Subject: [PATCH 063/135] home: git: fix deprecated config --- modules/home/git/default.nix | 38 +++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index ca59a5f..c3a51a0 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -21,29 +21,31 @@ in config.programs.git = lib.mkIf cfg.enable { enable = true; - # Who am I? - userEmail = mkMailAddress "bruno" "belanyi.fr"; - userName = "Bruno BELANYI"; - inherit (cfg) package; - aliases = { - git = "!git"; - lol = "log --graph --decorate --pretty=oneline --abbrev-commit --topo-order"; - lola = "lol --all"; - assume = "update-index --assume-unchanged"; - unassume = "update-index --no-assume-unchanged"; - assumed = "!git ls-files -v | grep ^h | cut -c 3-"; - pick = "log -p -G"; - push-new = "!git push -u origin " - + ''"$(git branch | grep '^* ' | cut -f2- -d' ')"''; - root = "git rev-parse --show-toplevel"; - }; - lfs.enable = true; # There's more - extraConfig = { + settings = { + # Who am I? + user = { + email = mkMailAddress "bruno" "belanyi.fr"; + name = "Bruno BELANYI"; + }; + + alias = { + git = "!git"; + lol = "log --graph --decorate --pretty=oneline --abbrev-commit --topo-order"; + lola = "lol --all"; + assume = "update-index --assume-unchanged"; + unassume = "update-index --no-assume-unchanged"; + assumed = "!git ls-files -v | grep ^h | cut -c 3-"; + pick = "log -p -G"; + push-new = "!git push -u origin " + + ''"$(git branch | grep '^* ' | cut -f2- -d' ')"''; + root = "git rev-parse --show-toplevel"; + }; + # Makes it a bit more readable blame = { coloring = "repeatedLines"; From 4000a848ef21903b7d593160b509173c2fe81736 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 Oct 2025 09:39:19 +0000 Subject: [PATCH 064/135] home: delta: use upstream module --- modules/home/delta/default.nix | 42 +++++----------------------------- 1 file changed, 6 insertions(+), 36 deletions(-) diff --git a/modules/home/delta/default.nix b/modules/home/delta/default.nix index 16d3d59..e76edc6 100644 --- a/modules/home/delta/default.nix +++ b/modules/home/delta/default.nix @@ -1,9 +1,6 @@ { config, pkgs, lib, ... }: let cfg = config.my.home.delta; - - configFormat = pkgs.formats.gitIni { }; - configPath = "${config.xdg.configHome}/delta/config"; in { options.my.home.delta = with lib; { @@ -17,28 +14,14 @@ in }; config = lib.mkIf cfg.enable { - assertions = [ - { - # For its configuration - assertion = cfg.enable -> cfg.git.enable; - message = '' - `config.my.home.delta` must enable `config.my.home.delta.git` to be - properly configured. - ''; - } - { - assertion = cfg.enable -> config.programs.git.enable; - message = '' - `config.my.home.delta` relies on `config.programs.git` to be - enabled. - ''; - } - ]; + programs.delta = { + enable = true; - home.packages = [ cfg.package ]; + inherit (cfg) package; - xdg.configFile."delta/config".source = configFormat.generate "delta-config" { - delta = { + enableGitIntegration = cfg.git.enable; + + options = { features = "diff-highlight decorations"; # Less jarring style for `diff-highlight` emulation @@ -62,18 +45,5 @@ in }; }; }; - - programs.git = lib.mkIf cfg.git.enable { - delta = { - enable = true; - inherit (cfg) package; - }; - - includes = [ - { - path = configPath; - } - ]; - }; }; } From a20c8f820dcf77e0b0a75c67d2edf38d97488ba2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 27 Oct 2025 12:30:49 +0000 Subject: [PATCH 065/135] flake: bump inputs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 1a8a934..f56e8f2 100644 --- a/flake.lock +++ b/flake.lock @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1760969583, - "narHash": "sha256-vsf5mvR0xxK4GsfLx5bMJAQ4ysdrKymMIifNw+4TP7g=", + "lastModified": 1761530345, + "narHash": "sha256-+9+YCK9Lh6GThkXu/8JTxMFUnImIdZpb8ElUh6/F5Y8=", "owner": "nix-community", "repo": "home-manager", - "rev": "c9d758b500e53db5b74aa02d17dc45b65229e8e9", + "rev": "bbaeb9f1c29e79bb1653b32c3d73244cdf4bd888", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "lastModified": 1761373498, + "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", "type": "github" }, "original": { From c536ee0136969aa1715e07939dfac9b02342f60d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 27 Oct 2025 12:31:12 +0000 Subject: [PATCH 066/135] home: zsh: add 'zsh-completion-sync' It's gated behind `completionSync.enable`, as it does make entering/leaving direnv-enabled projects slower (due to the calls to `compinit`). This might need a bit more work to avoid multiple `compinit`s at shell startup, will refine in the future if necessary. --- modules/home/zsh/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 3c1e515..6c6a469 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -8,6 +8,10 @@ in launchTmux = mkEnableOption "auto launch tmux at shell start"; + completionSync = { + enable = mkEnableOption "zsh-completion-sync plugin"; + }; + notify = { enable = mkEnableOption "zsh-done notification"; @@ -118,6 +122,18 @@ in }; } + (lib.mkIf cfg.completionSync.enable { + programs.zsh = { + plugins = [ + { + name = "zsh-completion-sync"; + file = "share/zsh-completion-sync/zsh-completion-sync.plugin.zsh"; + src = pkgs.zsh-completion-sync; + } + ]; + }; + }) + (lib.mkIf cfg.notify.enable { programs.zsh = { plugins = [ From 983bf0f7646ea2ebdff895751eea7054b9140b3a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 3 Nov 2025 17:22:29 +0100 Subject: [PATCH 067/135] nixos: services: nextcloud: bump to 32 --- modules/nixos/services/nextcloud/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index d8d4fce..dd3b386 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -35,7 +35,7 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud31; + package = pkgs.nextcloud32; hostName = "nextcloud.${config.networking.domain}"; home = "/var/lib/nextcloud"; maxUploadSize = cfg.maxSize; From 41c506749ef389c9a2f11dd3f3d17493892820f2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Nov 2025 14:39:11 +0000 Subject: [PATCH 068/135] flake: overlays: use 'lib' It's a `lib` function, not _really_ a Nixpkgs one. Also it's about to break after the next flake update :-). --- flake/overlays.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake/overlays.nix b/flake/overlays.nix index 0c47989..c10afc3 100644 --- a/flake/overlays.nix +++ b/flake/overlays.nix @@ -1,4 +1,4 @@ -{ self, ... }: +{ self, lib, ... }: let default-overlays = import "${self}/overlays"; @@ -8,7 +8,7 @@ let # Expose my custom packages pkgs = _final: prev: { - ambroisie = prev.recurseIntoAttrs (import "${self}/pkgs" { pkgs = prev; }); + ambroisie = lib.recurseIntoAttrs (import "${self}/pkgs" { pkgs = prev; }); }; }; in From 44246b4ea146b1ca7b4687b35e0b833decb35b89 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 8 Nov 2025 11:56:25 +0000 Subject: [PATCH 069/135] flake: NUR has renamed its branch to 'main' --- flake.lock | 2 +- flake.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.lock b/flake.lock index f56e8f2..50f38e4 100644 --- a/flake.lock +++ b/flake.lock @@ -209,7 +209,7 @@ }, "original": { "owner": "nix-community", - "ref": "master", + "ref": "main", "repo": "NUR", "type": "github" } diff --git a/flake.nix b/flake.nix index 5076729..0bdd180 100644 --- a/flake.nix +++ b/flake.nix @@ -54,7 +54,7 @@ type = "github"; owner = "nix-community"; repo = "NUR"; - ref = "master"; + ref = "main"; inputs = { flake-parts.follows = "flake-parts"; nixpkgs.follows = "nixpkgs"; From fe681d3f16eea4d87d55d02c1e8e915eaaf415e6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Nov 2025 14:35:53 +0000 Subject: [PATCH 070/135] flake: bump inputs --- flake.lock | 54 ++++++++++++++++-------------------------------------- 1 file changed, 16 insertions(+), 38 deletions(-) diff --git a/flake.lock b/flake.lock index 50f38e4..d95de52 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1760836749, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1761656077, + "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", "owner": "ryantm", "repo": "agenix", - "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", + "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1760948891, - "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "lastModified": 1762040540, + "narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "rev": "0010412d62a25d959151790968765a70c436598b", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1761530345, - "narHash": "sha256-+9+YCK9Lh6GThkXu/8JTxMFUnImIdZpb8ElUh6/F5Y8=", + "lastModified": 1762435363, + "narHash": "sha256-BTmHXtuuwVO1dRs6jPHcHCoO6+A7G3+GzrgeluiSkww=", "owner": "nix-community", "repo": "home-manager", - "rev": "bbaeb9f1c29e79bb1653b32c3d73244cdf4bd888", + "rev": "432bc8a5da66638b5f139588efd6c4bd327e4cdc", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1761373498, - "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", "type": "github" }, "original": { @@ -196,15 +196,14 @@ ], "nixpkgs": [ "nixpkgs" - ], - "treefmt-nix": "treefmt-nix" + ] }, "locked": { - "lastModified": 1759781536, - "narHash": "sha256-v/X5gKmgVoGtu5elYyUu2w037PyWVhrqnWzXkLJ9xnY=", + "lastModified": 1762602346, + "narHash": "sha256-BVzjmS25ihrfnfpfLD6gzXqMp9vP0hOyjIWkV0LP6E0=", "owner": "nix-community", "repo": "NUR", - "rev": "c30a53a5947bcc874b3f8842e6fe5c34bc81d8dd", + "rev": "fe5118da8d7e09651e0362ff130d194bc1441185", "type": "github" }, "original": { @@ -241,27 +240,6 @@ "repo": "default", "type": "github" } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nur", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733222881, - "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "49717b5af6f80172275d47a418c9719a31a78b53", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } } }, "root": "root", From 0ac983a71f8cec556babe577e65b513173143417 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 9 Oct 2025 10:47:23 +0000 Subject: [PATCH 071/135] home: vim: do not set 'background' explicitly Rely on the new behaviour from v0.10 which detects it more intelligently. --- modules/home/vim/init.vim | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index 39ef32e..1142925 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -81,9 +81,6 @@ set updatetime=250 " Disable all mouse integrations set mouse= -" Set dark mode by default -set background=dark - " Setup some overrides for gruvbox lua << EOF local gruvbox = require("gruvbox") From bbdbc1e55cb8b2125b2ece2ff1c9d4c5922d821b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 28 Oct 2025 12:43:53 +0000 Subject: [PATCH 072/135] home: vim: ftdetect: remove glsl GLSL is now correctly detected starting with v0.11. This reverts commit b8b64bed8e4b3d8d109e7dcf38f69a4242142ec3. --- modules/home/vim/ftdetect/glsl.lua | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 modules/home/vim/ftdetect/glsl.lua diff --git a/modules/home/vim/ftdetect/glsl.lua b/modules/home/vim/ftdetect/glsl.lua deleted file mode 100644 index 2f4f1dd..0000000 --- a/modules/home/vim/ftdetect/glsl.lua +++ /dev/null @@ -1,7 +0,0 @@ --- Use GLSL filetype for common shader file extensions -vim.filetype.add({ - extension = { - frag = "glsl", - vert = "glsl", - }, -}) From 6e73c936b09d46c8427963b5139588804aceddaa Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 7 Nov 2025 14:48:49 +0000 Subject: [PATCH 073/135] home: zsh: fix plug-in path The upstream commit [1] said it was a non-breaking change, but didn't actually setup the symlinks for this package... [1]: 10f01ded353d5a76c6acbecaa0ac5e5063f60c13 --- modules/home/zsh/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 6c6a469..9524262 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -72,7 +72,7 @@ in plugins = [ { name = "fast-syntax-highlighting"; - file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh"; + file = "share/zsh/plugins/fast-syntax-highlighting/fast-syntax-highlighting.plugin.zsh"; src = pkgs.zsh-fast-syntax-highlighting; } { From 1b4111e28fc68d5b4592f3238854ba1164443c7e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 8 Nov 2025 22:12:42 +0100 Subject: [PATCH 074/135] nixos: services: nextcloud: use declarative apps Now that the `notify_push` module declaratively installs _its_ app [1], I should declaratively install _all_ apps. [1]: https://github.com/NixOS/nixpkgs/pull/451501 --- modules/nixos/services/nextcloud/collabora.nix | 6 ++++++ modules/nixos/services/nextcloud/default.nix | 10 ++++++++++ 2 files changed, 16 insertions(+) diff --git a/modules/nixos/services/nextcloud/collabora.nix b/modules/nixos/services/nextcloud/collabora.nix index f8f42a7..408b232 100644 --- a/modules/nixos/services/nextcloud/collabora.nix +++ b/modules/nixos/services/nextcloud/collabora.nix @@ -16,6 +16,12 @@ in }; config = lib.mkIf cfg.enable { + services.nextcloud = { + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) richdocuments; + }; + }; + services.collabora-online = { enable = true; inherit (cfg) port; diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index dd3b386..24515ff 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -62,6 +62,16 @@ in # Allow using the push service without hard-coding my IP in the configuration bendDomainToLocalhost = true; }; + + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) + calendar + contacts + deck + tasks + ; + # notify_push is automatically installed by the module + }; }; # The service above configures the domain, no need for my wrapper From 6124d07c1b846d316e03e78a3cb65a77ce2e9832 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Nov 2025 12:35:54 +0100 Subject: [PATCH 075/135] flake: bump inputs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index d95de52..b041409 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1761656077, - "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1762040540, - "narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=", + "lastModified": 1762980239, + "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "0010412d62a25d959151790968765a70c436598b", + "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1760663237, - "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", + "lastModified": 1763319842, + "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", + "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1762435363, - "narHash": "sha256-BTmHXtuuwVO1dRs6jPHcHCoO6+A7G3+GzrgeluiSkww=", + "lastModified": 1763313531, + "narHash": "sha256-yvdCYUL85zEDp2NzPUBmaNBXP6KnWEOhAk3j7PTfsKw=", "owner": "nix-community", "repo": "home-manager", - "rev": "432bc8a5da66638b5f139588efd6c4bd327e4cdc", + "rev": "3670a78eee49deebe4825fc8ecc46b172d1a8391", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "lastModified": 1763283776, + "narHash": "sha256-Y7TDFPK4GlqrKrivOcsHG8xSGqQx3A6c+i7novT85Uk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "rev": "50a96edd8d0db6cc8db57dab6bb6d6ee1f3dc49a", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1762602346, - "narHash": "sha256-BVzjmS25ihrfnfpfLD6gzXqMp9vP0hOyjIWkV0LP6E0=", + "lastModified": 1763378400, + "narHash": "sha256-9eZj8GNTBYnI8PQf9n8m9XbFCA/ugQ5r7sylY9DEx9M=", "owner": "nix-community", "repo": "NUR", - "rev": "fe5118da8d7e09651e0362ff130d194bc1441185", + "rev": "6bd477535ba71aa22d2712c8735c92812a1c74dc", "type": "github" }, "original": { From ad6a0bf4d3e5c5914160b2f427ef153d534b1030 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Nov 2025 22:36:18 +0100 Subject: [PATCH 076/135] nixos: services: mealie: extend session timeout --- modules/nixos/services/mealie/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 8c02398..837bff2 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -32,6 +32,7 @@ in BASE_URL = "https://mealie.${config.networking.domain}"; TZ = config.time.timeZone; ALLOw_SIGNUP = "false"; + TOKEN_TIME = 24 * 180; # 180 days }; # Automatic PostgreSQL provisioning From 127e26b259624c6a57bc839abdde4f245c3099b8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Nov 2025 12:38:30 +0100 Subject: [PATCH 077/135] nixos: services: transmission: use high file limit Seeding a lot of files means keeping them all open. The actual limit was cargo-culted from an open issue. --- modules/nixos/services/transmission/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index ddd77d4..2ed01fd 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -71,10 +71,12 @@ in }; }; - # Transmission wants to eat *all* my RAM if left to its own devices systemd.services.transmission = { serviceConfig = { + # Transmission wants to eat *all* my RAM if left to its own devices MemoryMax = "33%"; + # Avoid errors due to high number of open files. + LimitNOFILE = 1048576; }; }; From b37bde6eaf150033149d0bbd5d924d0f9fb4b145 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Nov 2025 12:45:22 +0100 Subject: [PATCH 078/135] nixos: services: transmission: use longer timeout It looks like Transmission takes time roughly proportional with the number of open files to stop, so let's increase the timeout slightly. --- modules/nixos/services/transmission/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index 2ed01fd..6a7fbc7 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -77,6 +77,8 @@ in MemoryMax = "33%"; # Avoid errors due to high number of open files. LimitNOFILE = 1048576; + # Longer stop timeout to finish all torrents + TimeoutStopSec = "5m"; }; }; From 29fb7c5066132e12b98a6cb7a7f9ba3c5460d8c1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Nov 2025 13:57:48 +0000 Subject: [PATCH 079/135] home: discord: use upstream module --- modules/home/discord/default.nix | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/modules/home/discord/default.nix b/modules/home/discord/default.nix index bfa5d40..f9892df 100644 --- a/modules/home/discord/default.nix +++ b/modules/home/discord/default.nix @@ -1,8 +1,6 @@ { config, lib, pkgs, ... }: let cfg = config.my.home.discord; - - jsonFormat = pkgs.formats.json { }; in { options.my.home.discord = with lib; { @@ -12,14 +10,15 @@ in }; config = lib.mkIf cfg.enable { - home.packages = with pkgs; [ - cfg.package - ]; + programs.discord = { + enable = true; - xdg.configFile."discord/settings.json".source = - jsonFormat.generate "discord.json" { + inherit (cfg) package; + + settings = { # Do not keep me from using the app just to force an update SKIP_HOST_UPDATE = true; }; + }; }; } From 3020c6433b0056aa805cdabd8d4c30f82cfb47e4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 30 Nov 2025 00:20:07 +0100 Subject: [PATCH 080/135] flake: bump inputs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index b041409..b84e16d 100644 --- a/flake.lock +++ b/flake.lock @@ -53,11 +53,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1762980239, - "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1763319842, - "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=", + "lastModified": 1763988335, + "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761", + "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1763313531, - "narHash": "sha256-yvdCYUL85zEDp2NzPUBmaNBXP6KnWEOhAk3j7PTfsKw=", + "lastModified": 1764361670, + "narHash": "sha256-jgWzgpIaHbL3USIq0gihZeuy1lLf2YSfwvWEwnfAJUw=", "owner": "nix-community", "repo": "home-manager", - "rev": "3670a78eee49deebe4825fc8ecc46b172d1a8391", + "rev": "780be8ef503a28939cf9dc7996b48ffb1a3e04c6", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1763283776, - "narHash": "sha256-Y7TDFPK4GlqrKrivOcsHG8xSGqQx3A6c+i7novT85Uk=", + "lastModified": 1764242076, + "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "50a96edd8d0db6cc8db57dab6bb6d6ee1f3dc49a", + "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1763378400, - "narHash": "sha256-9eZj8GNTBYnI8PQf9n8m9XbFCA/ugQ5r7sylY9DEx9M=", + "lastModified": 1764449851, + "narHash": "sha256-VnodC1+3KML8MYLLnK84E6U2Fz4ioNacOeQd1pMCSTw=", "owner": "nix-community", "repo": "NUR", - "rev": "6bd477535ba71aa22d2712c8735c92812a1c74dc", + "rev": "b1781c0aa8935d8d1f35d228bcc7127fcebcd363", "type": "github" }, "original": { From f546f85037bf23f105a721132f06ab3a562d38f7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 22 Nov 2025 23:34:06 +0100 Subject: [PATCH 081/135] hosts: nixos: porthos: secrets: sso: remove owner Now that the service uses `LoadCredential` [1], I can make the files root-owned. [1]: https://github.com/NixOS/nixpkgs/pull/460305 --- hosts/nixos/porthos/secrets/secrets.nix | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index b3812b4..f1842b4 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -83,18 +83,9 @@ in "servarr/autobrr/session-secret.age".publicKeys = all; "servarr/cross-seed/configuration.json.age".publicKeys = all; - "sso/auth-key.age" = { - owner = "nginx-sso"; - publicKeys = all; - }; - "sso/ambroisie/password-hash.age" = { - owner = "nginx-sso"; - publicKeys = all; - }; - "sso/ambroisie/totp-secret.age" = { - owner = "nginx-sso"; - publicKeys = all; - }; + "sso/auth-key.age".publicKeys = all; + "sso/ambroisie/password-hash.age".publicKeys = all; + "sso/ambroisie/totp-secret.age".publicKeys = all; "tandoor-recipes/secret-key.age".publicKeys = all; From 5cd9155a5838d54c3606f6b0851e54252ea0774c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 23 Nov 2025 17:08:35 +0100 Subject: [PATCH 082/135] nixos: services: mealie: backup state directory Somehow forgot to do this when first writing the module. --- modules/nixos/services/mealie/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 837bff2..f3774e1 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -54,6 +54,12 @@ in }; }; + my.services.backup = { + paths = [ + "/var/lib/mealie" + ]; + }; + services.fail2ban.jails = { mealie = '' enabled = true From ddc6cd37adbb80960e8c99ddbb549057b64126ed Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 11 Dec 2025 21:00:17 +0100 Subject: [PATCH 083/135] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index b84e16d..fd6173b 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1763988335, - "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=", + "lastModified": 1765464257, + "narHash": "sha256-dixPWKiHzh80PtD0aLuxYNQ0xP+843dfXG/yM3OzaYQ=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce", + "rev": "09e45f2598e1a8499c3594fe11ec2943f34fe509", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1764361670, - "narHash": "sha256-jgWzgpIaHbL3USIq0gihZeuy1lLf2YSfwvWEwnfAJUw=", + "lastModified": 1765480374, + "narHash": "sha256-HlbvQAqLx7WqZFFQZ8nu5UUJAVlXiV/kqKbyueA8srw=", "owner": "nix-community", "repo": "home-manager", - "rev": "780be8ef503a28939cf9dc7996b48ffb1a3e04c6", + "rev": "39cb677ed9e908e90478aa9fe5f3383dfc1a63f3", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1764242076, - "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", + "lastModified": 1765186076, + "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", + "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1764449851, - "narHash": "sha256-VnodC1+3KML8MYLLnK84E6U2Fz4ioNacOeQd1pMCSTw=", + "lastModified": 1765481746, + "narHash": "sha256-oWDp4EMOXvPZSC5ZVdg90K7EFgUGvxmrFAwA/1hJ/j4=", "owner": "nix-community", "repo": "NUR", - "rev": "b1781c0aa8935d8d1f35d228bcc7127fcebcd363", + "rev": "2b2d6d53d6a66d1be2d8620024cc61ad986bcee2", "type": "github" }, "original": { From bf428aaeca03be801b53396eeba5ab73fab7c297 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 2 Dec 2025 12:34:42 +0000 Subject: [PATCH 084/135] nixos: hardware: graphics: remove 'amdvlk' It's been fully deprecated, the package was removed. --- modules/nixos/hardware/graphics/default.nix | 9 --------- 1 file changed, 9 deletions(-) diff --git a/modules/nixos/hardware/graphics/default.nix b/modules/nixos/hardware/graphics/default.nix index 7d8b359..4b6eb37 100644 --- a/modules/nixos/hardware/graphics/default.nix +++ b/modules/nixos/hardware/graphics/default.nix @@ -15,8 +15,6 @@ in amd = { enableKernelModule = lib.my.mkDisableOption "Kernel driver module"; - - amdvlk = lib.mkEnableOption "Use AMDVLK instead of Mesa RADV driver"; }; intel = { @@ -35,13 +33,6 @@ in (lib.mkIf (cfg.gpuFlavor == "amd") { hardware.amdgpu = { initrd.enable = cfg.amd.enableKernelModule; - # Vulkan - amdvlk = lib.mkIf cfg.amd.amdvlk { - enable = true; - support32Bit = { - enable = true; - }; - }; }; hardware.graphics = { From 88024f16e59eb35dc1f13ff17626126604424ff6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 20 Dec 2025 14:56:25 +0000 Subject: [PATCH 085/135] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index fd6173b..c8c2073 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "lastModified": 1765835352, + "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "rev": "a34fae9c08a15ad73f295041fec82323541400a9", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1765464257, - "narHash": "sha256-dixPWKiHzh80PtD0aLuxYNQ0xP+843dfXG/yM3OzaYQ=", + "lastModified": 1765911976, + "narHash": "sha256-t3T/xm8zstHRLx+pIHxVpQTiySbKqcQbK+r+01XVKc0=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "09e45f2598e1a8499c3594fe11ec2943f34fe509", + "rev": "b68b780b69702a090c8bb1b973bab13756cc7a27", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1765480374, - "narHash": "sha256-HlbvQAqLx7WqZFFQZ8nu5UUJAVlXiV/kqKbyueA8srw=", + "lastModified": 1766171975, + "narHash": "sha256-47Ee0bTidhF/3/sHuYnWRuxcCrrm0mBNDxBkOTd3wWQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "39cb677ed9e908e90478aa9fe5f3383dfc1a63f3", + "rev": "bb35f07cc95a73aacbaf1f7f46bb8a3f40f265b5", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1765186076, - "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", + "lastModified": 1766070988, + "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", + "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1765481746, - "narHash": "sha256-oWDp4EMOXvPZSC5ZVdg90K7EFgUGvxmrFAwA/1hJ/j4=", + "lastModified": 1766242030, + "narHash": "sha256-GdaKIZrzm4fbFf9jBVmeQFZTwYPxUlSTZrSId/JNMAU=", "owner": "nix-community", "repo": "NUR", - "rev": "2b2d6d53d6a66d1be2d8620024cc61ad986bcee2", + "rev": "30006228925f07c5c2a270bb95dc8da35d9942dc", "type": "github" }, "original": { From 7202fa191197d24c05b621a643bd4b07f13f8a43 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 20 Dec 2025 13:43:06 +0000 Subject: [PATCH 086/135] home: firefox: do not trim URLs --- modules/home/firefox/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/firefox/default.nix b/modules/home/firefox/default.nix index 6346dc9..19a008c 100644 --- a/modules/home/firefox/default.nix +++ b/modules/home/firefox/default.nix @@ -52,6 +52,7 @@ in "browser.newtabpage.activity-stream.feeds.sections" = false; "browser.newtabpage.activity-stream.feeds.system.topstories" = false; # Disable top stories "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; # Disable pocket + "browser.urlbar.trimURLs" = false; # Always show the `http://` prefix "extensions.pocket.enabled" = false; # Disable pocket "media.eme.enabled" = true; # Enable DRM "media.gmp-widevinecdm.enabled" = true; # Enable DRM From 852ded641a1e47b9cd95c5aaf3a3a2c1c6e01e38 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 26 Jan 2026 16:53:16 +0000 Subject: [PATCH 087/135] home: vim: lua: move 'list_clients' to lsp' --- modules/home/vim/lua/ambroisie/lsp.lua | 14 ++++++++++++++ modules/home/vim/lua/ambroisie/utils.lua | 14 -------------- modules/home/vim/plugin/settings/lualine.lua | 4 ++-- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index fef0487..05ca47a 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -85,4 +85,18 @@ M.on_attach = function(client, bufnr) wk.add(keys) end +--- list all active LSP clients for specific buffer, or all buffers +--- @param bufnr int? buffer number +--- @return table all active LSP client names +M.list_clients = function(bufnr) + local clients = vim.lsp.get_clients({ bufnr = bufnr }) + local names = {} + + for _, client in ipairs(clients) do + table.insert(names, client.name) + end + + return names +end + return M diff --git a/modules/home/vim/lua/ambroisie/utils.lua b/modules/home/vim/lua/ambroisie/utils.lua index 0ee7c83..482325e 100644 --- a/modules/home/vim/lua/ambroisie/utils.lua +++ b/modules/home/vim/lua/ambroisie/utils.lua @@ -34,20 +34,6 @@ M.is_ssh = function() return false end ---- list all active LSP clients for specific buffer, or all buffers ---- @param bufnr int? buffer number ---- @return table all active LSP client names -M.list_lsp_clients = function(bufnr) - local clients = vim.lsp.get_clients({ bufnr = bufnr }) - local names = {} - - for _, client in ipairs(clients) do - table.insert(names, client.name) - end - - return names -end - --- partially apply a function with given arguments M.partial = function(f, ...) local a = { ... } diff --git a/modules/home/vim/plugin/settings/lualine.lua b/modules/home/vim/plugin/settings/lualine.lua index bbe4647..2dbc916 100644 --- a/modules/home/vim/plugin/settings/lualine.lua +++ b/modules/home/vim/plugin/settings/lualine.lua @@ -1,6 +1,6 @@ local lualine = require("lualine") local oil = require("oil") -local utils = require("ambroisie.utils") +local lsp = require("ambroisie.lsp") local function list_spell_languages() if not vim.opt.spell:get() then @@ -11,7 +11,7 @@ local function list_spell_languages() end local function list_lsp_clients() - local client_names = utils.list_lsp_clients(0) + local client_names = lsp.list_clients(0) if #client_names == 0 then return "" From 034a432c8e408aeb606e4100b1758a956124328f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 26 Jan 2026 16:57:25 +0000 Subject: [PATCH 088/135] home: vim: null-ls: use 'partial' Just noticed that 'is_executable_condition' wasn't necessary now that I have this more generic solution. --- modules/home/vim/plugin/settings/null-ls.lua | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/home/vim/plugin/settings/null-ls.lua b/modules/home/vim/plugin/settings/null-ls.lua index 258a209..00295bc 100644 --- a/modules/home/vim/plugin/settings/null-ls.lua +++ b/modules/home/vim/plugin/settings/null-ls.lua @@ -10,11 +10,11 @@ null_ls.setup({ null_ls.register({ null_ls.builtins.diagnostics.buildifier.with({ -- Only used if available - condition = utils.is_executable_condition("buildifier"), + condition = utils.partial(utils.is_executable, "buildifier"), }), null_ls.builtins.formatting.buildifier.with({ -- Only used if available - condition = utils.is_executable_condition("buildifier"), + condition = utils.partial(utils.is_executable, "buildifier"), }), }) @@ -22,7 +22,7 @@ null_ls.register({ null_ls.register({ null_ls.builtins.formatting.nixpkgs_fmt.with({ -- Only used if available - condition = utils.is_executable_condition("nixpkgs-fmt"), + condition = utils.partial(utils.is_executable, "nixpkgs-fmt"), }), }) @@ -30,19 +30,19 @@ null_ls.register({ null_ls.register({ null_ls.builtins.diagnostics.mypy.with({ -- Only used if available - condition = utils.is_executable_condition("mypy"), + condition = utils.partial(utils.is_executable, "mypy"), }), null_ls.builtins.diagnostics.pylint.with({ -- Only used if available - condition = utils.is_executable_condition("pylint"), + condition = utils.partial(utils.is_executable, "pylint"), }), null_ls.builtins.formatting.black.with({ extra_args = { "--fast" }, -- Only used if available - condition = utils.is_executable_condition("black"), + condition = utils.partial(utils.is_executable, "black"), }), null_ls.builtins.formatting.isort.with({ -- Only used if available - condition = utils.is_executable_condition("isort"), + condition = utils.partial(utils.is_executable, "isort"), }), }) From ab34234c8392130d0158940d761dfa2923d527bf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 26 Jan 2026 16:57:25 +0000 Subject: [PATCH 089/135] home: vim: lua: remove 'is_executable_condition' --- modules/home/vim/lua/ambroisie/utils.lua | 9 --------- 1 file changed, 9 deletions(-) diff --git a/modules/home/vim/lua/ambroisie/utils.lua b/modules/home/vim/lua/ambroisie/utils.lua index 482325e..5cb8df1 100644 --- a/modules/home/vim/lua/ambroisie/utils.lua +++ b/modules/home/vim/lua/ambroisie/utils.lua @@ -7,15 +7,6 @@ M.is_executable = function(cmd) return cmd and vim.fn.executable(cmd) == 1 end ---- return a function that checks if a given command is executable ---- @param cmd string? command to check ---- @return fun(): boolean executable -M.is_executable_condition = function(cmd) - return function() - return M.is_executable(cmd) - end -end - --- whether or not we are currently in an SSH connection --- @return boolean ssh connection M.is_ssh = function() From 69b9480aa10d6cedcad2d31048dfe2dea1fdeac1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 20 Jan 2026 11:43:50 +0000 Subject: [PATCH 090/135] home: vim: git: use consistent textobject names Specifically, use a lower-case name, to be consistent with all other textobjects. --- modules/home/vim/plugin/settings/git.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua index b9b92a6..fcae425 100644 --- a/modules/home/vim/plugin/settings/git.lua +++ b/modules/home/vim/plugin/settings/git.lua @@ -57,12 +57,12 @@ local keys = { local objects = { mode = "o", - { "ih", gitsigns.select_hunk, desc = "Git hunk" }, + { "ih", gitsigns.select_hunk, desc = "git hunk" }, } -- Visual local visual = { mode = { "x" }, - { "ih", gitsigns.select_hunk, desc = "Git hunk" }, + { "ih", gitsigns.select_hunk, desc = "git hunk" }, { "g", group = "Git" }, { "gp", gitsigns.preview_hunk, desc = "Preview selection" }, { "gr", make_visual(gitsigns.reset_hunk), desc = "Restore selection" }, From 47ca4ed61cd328aff79cbec8f933e396ef53ffb8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 19 Jan 2026 16:01:37 +0000 Subject: [PATCH 091/135] overlays: add 'nvim-treesitter-legacy-shim' There has been a major breaking change upstream, as they have merged updated the plug-in to its (majorly incompatible) main branch rewrite. To make the upgrade process easier, this overlay ensures my configuration will keep evaluating with the legacy plug-in variant. --- .../nvim-treesitter-legacy-shim/default.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 overlays/nvim-treesitter-legacy-shim/default.nix diff --git a/overlays/nvim-treesitter-legacy-shim/default.nix b/overlays/nvim-treesitter-legacy-shim/default.nix new file mode 100644 index 0000000..d629f71 --- /dev/null +++ b/overlays/nvim-treesitter-legacy-shim/default.nix @@ -0,0 +1,18 @@ +final: prev: +let + inherit (final) lib; + overrides = final: prev: + let + hasLegacyPackage = prev ? nvim-treesitter-legacy; + in + { + nvim-treesitter-textobjects-legacy = prev.nvim-treesitter-textobjects.overrideAttrs { + dependencies = [ final.nvim-treesitter-legacy ]; + }; + } // (lib.optionalAttrs (!hasLegacyPackage) { + nvim-treesitter-legacy = final.nvim-treesitter; + }); +in +{ + vimPlugins = prev.vimPlugins.extend (overrides); +} From 28a36cfdaab7154ec1eec5534963829edd89da83 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 20 Jan 2026 11:33:16 +0000 Subject: [PATCH 092/135] home: vim: use legacy 'nvim-treesitter' plug-ins --- modules/home/vim/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 930a853..726d487 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -60,8 +60,8 @@ in nvim-lspconfig # Easy LSP configuration lsp-format-nvim # Simplified formatting configuration none-ls-nvim # LSP integration for linters and formatters - nvim-treesitter.withAllGrammars # Better highlighting - nvim-treesitter-textobjects # More textobjects + nvim-treesitter-legacy.withAllGrammars # Better highlighting + nvim-treesitter-textobjects-legacy # More textobjects plenary-nvim # 'null-ls', 'telescope' dependency # Completion From dbd7e077e5f23f3b6f2c42b1c55d9180680c6faf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 19 Jan 2026 18:12:55 +0000 Subject: [PATCH 093/135] flake: bump inputs --- flake.lock | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/flake.lock b/flake.lock index c8c2073..3f7a9b5 100644 --- a/flake.lock +++ b/flake.lock @@ -53,15 +53,15 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", - "owner": "edolstra", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { - "owner": "edolstra", + "owner": "NixOS", "repo": "flake-compat", "type": "github" } @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1765835352, - "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "a34fae9c08a15ad73f295041fec82323541400a9", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1765911976, - "narHash": "sha256-t3T/xm8zstHRLx+pIHxVpQTiySbKqcQbK+r+01XVKc0=", + "lastModified": 1769069492, + "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "b68b780b69702a090c8bb1b973bab13756cc7a27", + "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1766171975, - "narHash": "sha256-47Ee0bTidhF/3/sHuYnWRuxcCrrm0mBNDxBkOTd3wWQ=", + "lastModified": 1769442288, + "narHash": "sha256-p+Xqr+P22TYW2RqbwccSd4UlUDEwl7PnoW3qiH8wVoE=", "owner": "nix-community", "repo": "home-manager", - "rev": "bb35f07cc95a73aacbaf1f7f46bb8a3f40f265b5", + "rev": "384786dc70c4992643f916c7e57f378714fec4f1", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1766070988, - "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=", + "lastModified": 1769170682, + "narHash": "sha256-oMmN1lVQU0F0W2k6OI3bgdzp2YOHWYUAw79qzDSjenU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8", + "rev": "c5296fdd05cfa2c187990dd909864da9658df755", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1766242030, - "narHash": "sha256-GdaKIZrzm4fbFf9jBVmeQFZTwYPxUlSTZrSId/JNMAU=", + "lastModified": 1769444957, + "narHash": "sha256-2VIGLo/Xj7v+ZZqR/k2uoaZ75vpYB1FLa2UAW5ZhIK8=", "owner": "nix-community", "repo": "NUR", - "rev": "30006228925f07c5c2a270bb95dc8da35d9942dc", + "rev": "9183819b926f1f58e8af86e86f28cc7d1e87698f", "type": "github" }, "original": { From 96a76f8c7f3811af06438b848bd266f013249e91 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 20 Jan 2026 11:41:38 +0000 Subject: [PATCH 094/135] home: vim: tree-sitter: migrate textobjects config This uses the new configuration format. I might DRY it up at some point in the future, though I probably won't. --- .../home/vim/plugin/settings/tree-sitter.lua | 105 +++++++++++------- 1 file changed, 64 insertions(+), 41 deletions(-) diff --git a/modules/home/vim/plugin/settings/tree-sitter.lua b/modules/home/vim/plugin/settings/tree-sitter.lua index d5fff46..cbb0d45 100644 --- a/modules/home/vim/plugin/settings/tree-sitter.lua +++ b/modules/home/vim/plugin/settings/tree-sitter.lua @@ -1,4 +1,58 @@ local ts_config = require("nvim-treesitter.configs") +local ts_select = require("nvim-treesitter-textobjects.select") +local ts_move = require("nvim-treesitter-textobjects.move") +local utils = require("ambroisie.utils") +local wk = require("which-key") + +local function select_textobject(query) + return utils.partial(ts_select.select_textobject, query) +end + +local function goto_next_start(query) + return utils.partial(ts_move.goto_next_start, query) +end +local function goto_next_end(query) + return utils.partial(ts_move.goto_next_end, query) +end +local function goto_previous_start(query) + return utils.partial(ts_move.goto_previous_start, query) +end +local function goto_previous_end(query) + return utils.partial(ts_move.goto_previous_end, query) +end + +local objects = { + mode = { "x", "o" }, + { "aa", select_textobject("@parameter.outer"), desc = "a parameter" }, + { "ia", select_textobject("@parameter.inner"), desc = "inner parameter" }, + { "ab", select_textobject("@block.outer"), desc = "a block" }, + { "ib", select_textobject("@block.inner"), desc = "inner block" }, + { "ac", select_textobject("@class.outer"), desc = "a class" }, + { "ic", select_textobject("@class.inner"), desc = "inner class" }, + { "af", select_textobject("@function.outer"), desc = "a function" }, + { "if", select_textobject("@function.inner"), desc = "inner function" }, + { "ak", select_textobject("@comment.outer"), desc = "a comment" }, + { "aS", select_textobject("@statement.outer"), desc = "a statement" }, +} +local moves = { + mode = { "n", "x", "o" }, + -- Next start + { "]m", goto_next_start("@function.outer"), desc = "Next method start" }, + { "]S", goto_next_start("@statement.outer"), desc = "Next statement start" }, + { "]]", goto_next_start("@class.outer"), desc = "Next class start" }, + -- Next end + { "]M", goto_next_end("@function.outer"), desc = "Next method end" }, + { "][", goto_next_end("@class.outer"), desc = "Next class end" }, + -- Previous start + { "[m", goto_previous_start("@function.outer"), desc = "Previous method start" }, + { "[S", goto_previous_start("@statement.outer"), desc = "Previous statement start" }, + { "[[", goto_previous_start("@class.outer"), desc = "Previous class start" }, + -- Previous end + { "[M", goto_previous_end("@function.outer"), desc = "Previous method end" }, + { "[]", goto_previous_end("@class.outer"), desc = "Previous class end" }, +} +wk.add(objects) +wk.add(moves) ts_config.setup({ highlight = { @@ -9,46 +63,15 @@ ts_config.setup({ indent = { enable = true, }, - textobjects = { - select = { - enable = true, - -- Jump to matching text objects - lookahead = true, - keymaps = { - ["aa"] = { query = "@parameter.outer", desc = "a parameter" }, - ["ia"] = { query = "@parameter.inner", desc = "inner parameter" }, - ["ab"] = { query = "@block.outer", desc = "a block" }, - ["ib"] = { query = "@block.inner", desc = "inner block" }, - ["ac"] = { query = "@class.outer", desc = "a class" }, - ["ic"] = { query = "@class.inner", desc = "inner class" }, - ["af"] = { query = "@function.outer", desc = "a function" }, - ["if"] = { query = "@function.inner", desc = "inner function" }, - ["ak"] = { query = "@comment.outer", desc = "a comment" }, - ["aS"] = { query = "@statement.outer", desc = "a statement" }, - }, - }, - move = { - enable = true, - -- Add to jump list - set_jumps = true, - goto_next_start = { - ["]m"] = { query = "@function.outer", desc = "Next method start" }, - ["]S"] = { query = "@statement.outer", desc = "Next statement start" }, - ["]]"] = { query = "@class.outer", desc = "Next class start" }, - }, - goto_next_end = { - ["]M"] = { query = "@function.outer", desc = "Next method end" }, - ["]["] = { query = "@class.outer", desc = "Next class end" }, - }, - goto_previous_start = { - ["[m"] = { query = "@function.outer", desc = "Previous method start" }, - ["[S"] = { query = "@statement.outer", desc = "Previous statement start" }, - ["[["] = { query = "@class.outer", desc = "Previous class start" }, - }, - goto_previous_end = { - ["[M"] = { query = "@function.outer", desc = "Previous method end" }, - ["[]"] = { query = "@class.outer", desc = "Previous class end" }, - }, - }, +}) + +require("nvim-treesitter-textobjects").setup({ + select = { + -- Jump to matching text objects + lookahead = true, + }, + move = { + -- Add to jump list + set_jumps = true, }, }) From 635fddc3388c4b2883bed382062ee8a5847a8dd7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 20 Jan 2026 12:26:37 +0000 Subject: [PATCH 095/135] home: vim: migrate to new 'nvim-treesitter' --- modules/home/vim/default.nix | 4 +- .../home/vim/plugin/settings/tree-sitter.lua | 42 +++++++++++++------ 2 files changed, 32 insertions(+), 14 deletions(-) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 726d487..930a853 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -60,8 +60,8 @@ in nvim-lspconfig # Easy LSP configuration lsp-format-nvim # Simplified formatting configuration none-ls-nvim # LSP integration for linters and formatters - nvim-treesitter-legacy.withAllGrammars # Better highlighting - nvim-treesitter-textobjects-legacy # More textobjects + nvim-treesitter.withAllGrammars # Better highlighting + nvim-treesitter-textobjects # More textobjects plenary-nvim # 'null-ls', 'telescope' dependency # Completion diff --git a/modules/home/vim/plugin/settings/tree-sitter.lua b/modules/home/vim/plugin/settings/tree-sitter.lua index cbb0d45..2958c2a 100644 --- a/modules/home/vim/plugin/settings/tree-sitter.lua +++ b/modules/home/vim/plugin/settings/tree-sitter.lua @@ -1,4 +1,4 @@ -local ts_config = require("nvim-treesitter.configs") +local treesitter = require("nvim-treesitter") local ts_select = require("nvim-treesitter-textobjects.select") local ts_move = require("nvim-treesitter-textobjects.move") local utils = require("ambroisie.utils") @@ -54,17 +54,6 @@ local moves = { wk.add(objects) wk.add(moves) -ts_config.setup({ - highlight = { - enable = true, - -- Avoid duplicate highlighting - additional_vim_regex_highlighting = false, - }, - indent = { - enable = true, - }, -}) - require("nvim-treesitter-textobjects").setup({ select = { -- Jump to matching text objects @@ -75,3 +64,32 @@ require("nvim-treesitter-textobjects").setup({ set_jumps = true, }, }) + +-- Automatically setup treesitter for supported filetypes +local function treesitter_try_attach(buf, language) + -- Try to load language + -- NOTE: the best way I found to check if a filetype has a grammar + if not vim.treesitter.language.add(language) then + return false + end + + -- Syntax highlighting + vim.treesitter.start(buf, language) + -- Indentation + vim.bo.indentexpr = "v:lua.require('nvim-treesitter').indentexpr()" + + return true +end + +vim.api.nvim_create_autocmd("FileType", { + pattern = "*", + group = vim.api.nvim_create_augroup("treesitter_attach", { clear = true }), + callback = function(args) + local buf, filetype = args.buf, args.match + local language = vim.treesitter.language.get_lang(filetype) + if not language then + return + end + treesitter_try_attach(buf, language) + end, +}) From f3f0cb6a34eb339d0a60a064aef340e5415b50bf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 20 Jan 2026 12:27:26 +0000 Subject: [PATCH 096/135] overlays: remove 'nvim-treesitter-legacy-shim' With the migration complete, I do not need it anymore. This reverts commit bf260de243e55d02ae6be52678ccadc6ea77439b. --- .../nvim-treesitter-legacy-shim/default.nix | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 overlays/nvim-treesitter-legacy-shim/default.nix diff --git a/overlays/nvim-treesitter-legacy-shim/default.nix b/overlays/nvim-treesitter-legacy-shim/default.nix deleted file mode 100644 index d629f71..0000000 --- a/overlays/nvim-treesitter-legacy-shim/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -final: prev: -let - inherit (final) lib; - overrides = final: prev: - let - hasLegacyPackage = prev ? nvim-treesitter-legacy; - in - { - nvim-treesitter-textobjects-legacy = prev.nvim-treesitter-textobjects.overrideAttrs { - dependencies = [ final.nvim-treesitter-legacy ]; - }; - } // (lib.optionalAttrs (!hasLegacyPackage) { - nvim-treesitter-legacy = final.nvim-treesitter; - }); -in -{ - vimPlugins = prev.vimPlugins.extend (overrides); -} From bfd058da36a535ace178e66a3a9100b879e15b45 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 4 Feb 2026 20:39:05 +0000 Subject: [PATCH 097/135] home: vim: git: map hunk-navigation in more modes --- modules/home/vim/plugin/settings/git.lua | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua index fcae425..2c4504d 100644 --- a/modules/home/vim/plugin/settings/git.lua +++ b/modules/home/vim/plugin/settings/git.lua @@ -33,10 +33,6 @@ gitsigns.setup({ }) local keys = { - -- Navigation - { "[c", utils.partial(nav_hunk, "prev"), desc = "Previous hunk/diff" }, - { "]c", utils.partial(nav_hunk, "next"), desc = "Next hunk/diff" }, - -- Commands { "g", group = "Git" }, { "gb", gitsigns.toggle_current_line_blame, desc = "Toggle blame virtual text" }, { "gd", gitsigns.diffthis, desc = "Diff buffer" }, @@ -55,6 +51,12 @@ local keys = { { "g]", utils.partial(gitsigns.nav_hunk, "next"), desc = "Next hunk" }, } +local moves = { + mode = { "n", "x", "o" }, + { "[c", utils.partial(nav_hunk, "prev"), desc = "Previous hunk/diff" }, + { "]c", utils.partial(nav_hunk, "next"), desc = "Next hunk/diff" }, +} + local objects = { mode = "o", { "ih", gitsigns.select_hunk, desc = "git hunk" }, @@ -71,5 +73,6 @@ local visual = { } wk.add(keys) +wk.add(moves) wk.add(objects) wk.add(visual) From 89db8883e961a417f6a6c78fc3c7b3ad4794ffb8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 10 Feb 2026 14:53:14 +0000 Subject: [PATCH 098/135] flake: bump inputs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 3f7a9b5..dad55a0 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1762618334, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1770165109, + "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", "owner": "ryantm", "repo": "agenix", - "rev": "fcdea223397448d35d9b31f798479227e80183f6", + "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1769069492, - "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", + "lastModified": 1770726378, + "narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", + "rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1769442288, - "narHash": "sha256-p+Xqr+P22TYW2RqbwccSd4UlUDEwl7PnoW3qiH8wVoE=", + "lastModified": 1770654520, + "narHash": "sha256-mg5WZMIPGsFu9MxSrUcuJUPMbfMsF77el5yb/7rc10k=", "owner": "nix-community", "repo": "home-manager", - "rev": "384786dc70c4992643f916c7e57f378714fec4f1", + "rev": "6c4fdbe1ad198fac36c320fd45c5957324a80b8e", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1769170682, - "narHash": "sha256-oMmN1lVQU0F0W2k6OI3bgdzp2YOHWYUAw79qzDSjenU=", + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c5296fdd05cfa2c187990dd909864da9658df755", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1769444957, - "narHash": "sha256-2VIGLo/Xj7v+ZZqR/k2uoaZ75vpYB1FLa2UAW5ZhIK8=", + "lastModified": 1770732881, + "narHash": "sha256-yGkibRit67Pz1uo1Kk55kZBHQq90K3gc0N762JGW/uQ=", "owner": "nix-community", "repo": "NUR", - "rev": "9183819b926f1f58e8af86e86f28cc7d1e87698f", + "rev": "06490c1287ab62a8c5075c440fd3e247913bc29c", "type": "github" }, "original": { From f2ae223c665968d94c573c3a6eb37b7d19513e2d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 19 Feb 2026 15:01:11 +0100 Subject: [PATCH 099/135] nixos: services: sabnzbd: fix deprecated config I want to have _some_ settings set outside my NixOS configuration, so keep the config-file writable. --- modules/nixos/services/sabnzbd/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos/services/sabnzbd/default.nix b/modules/nixos/services/sabnzbd/default.nix index 9e0d9c3..6c9eadd 100644 --- a/modules/nixos/services/sabnzbd/default.nix +++ b/modules/nixos/services/sabnzbd/default.nix @@ -13,6 +13,11 @@ in services.sabnzbd = { enable = true; group = "media"; + + # Don't warn about the config file + configFile = null; + # I want to configure servers outside of Nix + allowConfigWrite = true; }; # Set-up media group From c8f9e002f62e770be83d9af56a58f176b92a7474 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 19 Feb 2026 15:08:09 +0100 Subject: [PATCH 100/135] nixos: services: sabnzbd: add 'port' option --- modules/nixos/services/sabnzbd/default.nix | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/modules/nixos/services/sabnzbd/default.nix b/modules/nixos/services/sabnzbd/default.nix index 6c9eadd..37ba96c 100644 --- a/modules/nixos/services/sabnzbd/default.nix +++ b/modules/nixos/services/sabnzbd/default.nix @@ -2,11 +2,17 @@ { config, lib, ... }: let cfg = config.my.services.sabnzbd; - port = 9090; # NOTE: not declaratively set... in { options.my.services.sabnzbd = with lib; { enable = mkEnableOption "SABnzbd binary news reader"; + + port = mkOption { + type = types.port; + default = 9090; + example = 4242; + description = "The port on which SABnzbd will listen for incoming HTTP traffic"; + }; }; config = lib.mkIf cfg.enable { @@ -18,6 +24,13 @@ in configFile = null; # I want to configure servers outside of Nix allowConfigWrite = true; + + settings = { + misc = { + host = "127.0.0.1"; + inherit (cfg) port; + }; + }; }; # Set-up media group @@ -25,7 +38,7 @@ in my.services.nginx.virtualHosts = { sabnzbd = { - inherit port; + inherit (cfg) port; }; }; From 72efb0c7eae9a14c26e702dbca0ebbd1c2822f46 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 19 Feb 2026 19:46:25 +0100 Subject: [PATCH 101/135] hosts: nixos: porthos: secrets: update cross-seed --- .../servarr/cross-seed/configuration.json.age | Bin 2031 -> 3119 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age index 94fdf975d6418d394c62c42e572374b24865a776..b8cbe6aa7d2a5491342a62798ddaf2830e28cb7d 100644 GIT binary patch literal 3119 zcmdM|0Vh{?Pd^1mcUJ{hKj)yxfDl&~1vgJ0SCE`8S7dlfj!$@4X{522X|hL9L6VV4 zX_B#5o{w>4g>$BXwx@?*Rid+DPLzwMp-OH&<9-en~*4 zV_9IZMXqOvUzksLN@Y~ITUAuBlY5Yhle>?BVRnjRfvaz5SW%!+L2;r-RAo?zt4Xql zpGjbdV-Z(KXoX==M7B||L5Znzra_5Mu#<6!YlVAiXhu$CZct%VmXk?{tEEY>foEl4 zR*+eUhm(PCSb<4WZlqyUSX4Pza70d4Vor){RJd!obDn=nx{p&~aaOo*qH9ukKuVTx zS&+YTsk2*-c6OCtu5)T~Sa7OqQktc4X^xY5ScS0xSBQaIu4h(?QDT{EmU*#LzF$&F zgjryfTe4GXNI+#)xuJP}xItucQeIhEd0s_TQKoU3Pqt@?aa3-lQJHH}6<3%~cy3u} zNUm=|Xr@7#v2UJtYGuB!qq(_rV5woEuZdrIgppa9g{5z)pMjZMnqx(%f0RL>WoB4# zp@mn7vpH94P)bCEi+)yEs=Gl+s)2imXHjLienqfvxNnhTx<__qS)zZYk8w$fzn^Pb zs+)gRx{FgmQCg6pdzDF6K#4O~s#!sPqQGkVa zx?8weR(eIMcCN8ux^G&Ek#}-tRElGGg?~zAW@Je=m#KbYak-8G`MU_jAi*sg{Z)kCGgpsFVnv+v@nP-8MK~RuIQGiRXV`gSqrSdNg}G~JQese$QL0OTb5%q{u6u5}iK&rKqJ@E@V?ddav4>-% zuSIEbkh6JGWp-3Rva6$`Q${dXXh2Y)nR9rirKMTAX;EIWk+HrNB*v8#c5Rhf&nMXp(ZVV-H2Wr(Azi>YHemqnR-g+*p+Mwv&UxuI{6XGy71 zl5<&TPHCc9Zc15rXnBT*w_k9ob7qlyNl3YweoA7bkBhc(Vpe)?nn$RsE0=q&Ur3N& zK%jx6p_xH;zPYQVsY_r+SxKRnsdGtjq<>;nezCt{R*F$@YN?N(YpPFPxtB#{lwXju zPfnnvxj$D~iEnmgK$2y8u47t7SxAzhvw?SBs7bm(VoEVRA)=f1;zgcVtnacThf8U~!^nVMJn1ct(a}aHyk+XK8U-SV@(6VUS6pX=t{$ zPobMhR+&$^n|psE>JyQ$Suws%eUwpRq}Ju9rcYQA$}#c#yeQ zkdaA5fssdXT6T7zwwHf$zF8udp=VB*c3MWMt-7Eq=$EKl!ZwmSCwJ5m!)$_T7jXncDbojwu_&> zS8kHNzh9VR zZ(e%2rC)eiSZ;AniMK^ST1i-{Q)ZyPqmPGippScGpj&8WqGM8Ev5%osK%jAjkF&nM ztC@F3XcU*Pxpt_FKv|hZZnAz>qJ?>&S!Iz|o@ID= zm`7@Wp_yTtOHp!GXi9`>5X|}eTc|c)#prLC;c4l&wd%90i za=C9-PD+|vhIg{NcWR!8MTL2oTc%5tTTw)wTS|pDmws`HtADC%kZEb5U!GY;Wnoxu zq`OZ*v2$g*Wtd5&i&vgca+G7fw~1G>ey~AmW`4R)k+XS3aA8tKMNnCmDVMKHSYp0e zu}Ni~Q<8U?xv#%LQDAXIpii!gr@LuNfwzmRez-+$XsEtVaax*pfTc@BuxDXWNp@wW zdq75!sUcT{VX~`!a=y2jc}hjTNvf~8QE_&8NU(2lP-%#vaiCdIq+yA9u6|^yhe@J) zvPr17yLNd{N_wfWS(#66WQrwMnTw};Zl$w_c7bQEN1}UJx>2E@Yg&q9nWtx{yPv;F zqL+tfaDaZLc4b*cqNRCKZbW)mo{^z`sCjZlzIkNZo^ye7VNr>bQ+8gMGnbJ;ib+aV zSaMKSP^G?kp=XLmwn1TLfoW<=R+vjwdPJzVsj0JLxvNR0ab-|xMOaW`MwyFafJ;=7 zep+E}l^IutepX77WsY~4Pfl2hw_$2#mRD7zNxFAoUXizxmtj;%g@>cIk6*rTd8tL3 zep;njWu#A1L{+(gv0FufZ$OPwpT@Po_ShYP^h_UK%$p-M5Tp$ zZgx^wYEfcUNKj#vzf+ijexNs3m04v(iA#2tsb#pCe~NLQwtMuvxx zXL_o3WMyJvfK!o2KxSg1d#P(kae;H1b67~Ji)TeTmr+1LRJvJ~cZgGzV^FG}xl?MW zqqbR!p>}48e||=Wd1zH$W=V;0URtt#x?8YIrn7Hlc2QBNcc{63Nl{6NK37h7fnj#2 ztG}07kWZpxSV>BvL5ORJS4d!yiBpzOh^c=`xud(KOL3A{m1BresBw_9OOB_hOJzW+ zg-4*dTRxYwi(6(+q_&q?YJOUXTWLm^o2Pqvj%!*;Nvg4NWK?cdXjze0a=D9#c6g~z dsE?UZRiv?{u}hM_qpd9$xWVu0=Yq2@004Qv`|1Dy literal 2031 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSn_Ri1BO;<=S&$J9m zF108%Ez1fnwba%(@lP*Gv8;3pa4ITEa}G-n@GUjXG)>PAwBQQ!PmHukbu};XDaucD z&U7>_!m*q%D~GW!PCyAa=HPkhbXbVF37 zN?-GNd`T7B8omGaZol8#dRXti*uqeG!fCfmmqMUWnFOQqq01_JHaw2M5yI+fsQ&KG z^;1^+T2(5`xDBq(c%ySg^gw&a54{aGOE*~S$ZlM|vHfpUz?$5OLj{h9cDS1#y}xO_ zLPheMIX_=qX;-rfjCyCRvpJq=XT{o&)(+vvofO2`r&=CZ6xenuR)21d!&L7bdTYc= zLRawg?K)6*U0Zi?g3M&+hfDH4MY%GZyIb|5$M(Tg$;?inturkgj$Cn?HA&oN&q>*d z%j-_D9KL^(xx`Y#*#2;2Tk};p!Goa_9{fFLEF2WYr!0H+-AYr=0EGqj?(Yt>XF4Ff z^LVF#gTiOoH``>~kGU?fZ0Fs&n^Sp(WrX3ecA=sr@0}U6uieeCGqGRlZ+^IFKd}_&m#(Kht>q1$~?7h-IrI~ z%&SkOu>6!LUVgh?F8FEI=G%@PI}5)Uy%oJEr}TA>qx1J0-VF19e_!)T&sBKVYnCf! z4xgQhp43*i%AVLbk6%ss>E8Mb%VV|*_Ay&O{MwMDdso1tQGxeEs(${@4C$FKk1JnW_UhKtZ6`fU&L^<*s@-@}=JhGRYfj>0seJ3L z^O_GVl5Dh`xkg?fr}R*Azs36*^81y}9hB_OQBsm(E^y_L5lNqv6;$YP^qr-wh3fOD zjaCnf+*_Wh?f$f8*WIT<-`&ool<`Wgm|XZ^*~-gj&-*O;Qghv`FN-(z)9m+-N8U&B zt995tZ}WQJ!d{XqWODsp%)2YE<82OpU9&KK|6QfDErO-qO~%1Gk6I?5zu&y>{Krp^ zYOAE;vgbNgC`^C;YY|tS&GxU;)`;D#QDsfsZl6C({NUrz;_B1_=fy5LIdQ+W=JsBW z%nm*x^*YF&WF4f%bacs3anas8oq8>zcl;?xnIWXIFk_~9f7XTzT-QA}J@4i3{Bbctb2ra0Y`ZMgewZzp!SLVqDv#rWyUy*%TIj5Qnnm;M#5Gp- zmRl7U{A>*SH1FD@)^*WG1LnWCJ9Sic8N-wKz2|HN1Q_fC&CX~vUh$gZ{d0+wzq$IJ z&Gu*ZPwGFgcfQG#*o%3*4cxwNP6wU6UDm$2{)WHjNBfg}f91z=>nEK5wmQG|*T%vp zugUpj5qt5jvDxYAG8`$p`}cS0uK8!4wBd<@xa5ov-@>x` z4YxeF|KPXg(WwiqZH=k|s~OU!>h#QKwp+$GFD?D!my!U6gBn}j3M?G5IK4cBmr8yEjszWJTf zp1W!cj|^YLd89JDQEszyTYUQNp5XT0Nv|6oOkb2T!}#*+l9x$$F8u1*eEf3cUF%C4 zK`Ylzw45Bhf9}s-jdQ1puDPiMsW0iazjEVWY436#4iUuytqpbFRcg%T-vqDc6s{=g z4Jk}MwrrQLDd(G*jh+&7GI&|bm=9iYX7k+?#ah`e5XX1^e8pw$L(jEi&2pb)PMa+i zFva=c(QQUn47`Oi_WNAlX{^l28dhHW(0{s6O$>+bT+YbNvq~3Q>UY;AW&R7x@b Date: Wed, 18 Feb 2026 11:18:41 +0000 Subject: [PATCH 102/135] pkgs: i3-get-window-criteria: fix 'xorg' packages The `xorg` namespace is about to be removed in my next bump, so let's pro-actively remove them now. --- pkgs/i3-get-window-criteria/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/i3-get-window-criteria/default.nix b/pkgs/i3-get-window-criteria/default.nix index 2fc840d..cba5194 100644 --- a/pkgs/i3-get-window-criteria/default.nix +++ b/pkgs/i3-get-window-criteria/default.nix @@ -1,4 +1,4 @@ -{ lib, coreutils, gnused, makeWrapper, stdenvNoCC, xorg }: +{ lib, coreutils, gnused, makeWrapper, stdenvNoCC, xprop, xwininfo }: stdenvNoCC.mkDerivation rec { pname = "i3-get-window-criteria"; version = "0.1.0"; @@ -22,8 +22,8 @@ stdenvNoCC.mkDerivation rec { wrapperPath = lib.makeBinPath [ coreutils gnused - xorg.xprop - xorg.xwininfo + xprop + xwininfo ]; fixupPhase = '' From 4704b34db3e248abab508f0f8c2b5c6f45a26549 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 19 Feb 2026 21:40:35 +0100 Subject: [PATCH 103/135] overlays: downgrade-transmission: add derivation I need to vendor the full derivation definition, as upstream diverges further and further away from 4.0.5. On the next bump, the packaging for 4.1.0 starts becoming sufficiently different to break my overlay. --- overlays/downgrade-transmission/default.nix | 17 +- .../downgrade-transmission/transmission_4.nix | 232 ++++++++++++++++++ 2 files changed, 237 insertions(+), 12 deletions(-) create mode 100644 overlays/downgrade-transmission/transmission_4.nix diff --git a/overlays/downgrade-transmission/default.nix b/overlays/downgrade-transmission/default.nix index 9d3fc8a..9fc6d14 100644 --- a/overlays/downgrade-transmission/default.nix +++ b/overlays/downgrade-transmission/default.nix @@ -1,14 +1,7 @@ -self: prev: +self: _prev: { - transmission_4 = prev.transmission_4.overrideAttrs (_: { - version = "4.0.5"; - - src = self.fetchFromGitHub { - owner = "transmission"; - repo = "transmission"; - rev = "4.0.5"; - hash = "sha256-gd1LGAhMuSyC/19wxkoE2mqVozjGPfupIPGojKY0Hn4="; - fetchSubmodules = true; - }; - }); + transmission_4 = self.callPackage ./transmission_4.nix { + fmt = self.fmt_9; + libutp = self.libutp_3_4; + }; } diff --git a/overlays/downgrade-transmission/transmission_4.nix b/overlays/downgrade-transmission/transmission_4.nix new file mode 100644 index 0000000..a49f6b9 --- /dev/null +++ b/overlays/downgrade-transmission/transmission_4.nix @@ -0,0 +1,232 @@ +{ stdenv +, lib +, fetchFromGitHub +, fetchpatch2 +, cmake +, pkg-config +, python3 +, openssl +, curl +, libevent +, inotify-tools +, systemd +, zlib +, pcre +, libb64 +, libutp +, libdeflate +, utf8cpp +, fast-float +, fmt +, libpsl +, miniupnpc +, dht +, libnatpmp +, # Build options + enableGTK3 ? false +, gtkmm3 +, libpthread-stubs +, wrapGAppsHook3 +, enableQt5 ? false +, enableQt6 ? false +, qt5 +, qt6Packages +, nixosTests +, enableSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd +, enableDaemon ? true +, enableCli ? true +, installLib ? false +, apparmorRulesFromClosure +}: + +let + inherit (lib) cmakeBool optionals; + + apparmorRules = apparmorRulesFromClosure { name = "transmission-daemon"; } ( + [ + curl + libdeflate + libevent + libnatpmp + libpsl + miniupnpc + openssl + pcre + zlib + ] + ++ optionals enableSystemd [ systemd ] + ++ optionals stdenv.hostPlatform.isLinux [ inotify-tools ] + ); + +in +stdenv.mkDerivation (finalAttrs: { + pname = "transmission"; + version = "4.0.5"; + + src = fetchFromGitHub { + owner = "transmission"; + repo = "transmission"; + rev = finalAttrs.version; + hash = "sha256-gd1LGAhMuSyC/19wxkoE2mqVozjGPfupIPGojKY0Hn4="; + fetchSubmodules = true; + }; + + patches = [ + (fetchpatch2 { + url = "https://github.com/transmission/transmission/commit/febfe49ca3ecab1a7142ecb34012c1f0b2bcdee8.patch?full_index=1"; + hash = "sha256-Ge0+AXf/ilfMieGBAdvvImY7JOb0gGIdeKprC37AROs="; + excludes = [ + # The submodule that we don't use (we use our miniupnp) + "third-party/miniupnp" + # Hunk fails for this one, but we don't care because we don't rely upon + # xcode definitions even for the Darwin build. + "Transmission.xcodeproj/project.pbxproj" + ]; + }) + ]; + + outputs = [ + "out" + "apparmor" + ]; + + cmakeFlags = [ + (cmakeBool "ENABLE_CLI" enableCli) + (cmakeBool "ENABLE_DAEMON" enableDaemon) + (cmakeBool "ENABLE_GTK" enableGTK3) + (cmakeBool "ENABLE_MAC" false) # requires xcodebuild + (cmakeBool "ENABLE_QT" (enableQt5 || enableQt6)) + (cmakeBool "INSTALL_LIB" installLib) + ] + ++ optionals stdenv.hostPlatform.isDarwin [ + # Transmission sets this to 10.13 if not explicitly specified, see https://github.com/transmission/transmission/blob/0be7091eb12f4eb55f6690f313ef70a66795ee72/CMakeLists.txt#L7-L16. + "-DCMAKE_OSX_DEPLOYMENT_TARGET=${stdenv.hostPlatform.darwinMinVersion}" + ]; + + postPatch = '' + # Clean third-party libraries to ensure system ones are used. + # Excluding gtest since it is hardcoded to vendored version. The rest of the listed libraries are not packaged. + pushd third-party + for f in *; do + if [[ ! $f =~ googletest|wildmat|wide-integer|jsonsl ]]; then + rm -r "$f" + fi + done + popd + rm \ + cmake/FindFastFloat.cmake \ + cmake/FindFmt.cmake \ + cmake/FindUtfCpp.cmake + # Upstream uses different config file name. + substituteInPlace CMakeLists.txt --replace 'find_package(UtfCpp)' 'find_package(utf8cpp)' + + # Use gettext even on Darwin + substituteInPlace libtransmission/utils.h \ + --replace-fail '#if defined(HAVE_GETTEXT) && !defined(__APPLE__)' '#if defined(HAVE_GETTEXT)' + ''; + + nativeBuildInputs = [ + pkg-config + cmake + python3 + ] + ++ optionals enableGTK3 [ wrapGAppsHook3 ] + ++ optionals enableQt5 [ qt5.wrapQtAppsHook ] + ++ optionals enableQt6 [ qt6Packages.wrapQtAppsHook ]; + + buildInputs = [ + curl + dht + fast-float + fmt + libb64 + libdeflate + libevent + libnatpmp + libpsl + libutp + miniupnpc + openssl + pcre + utf8cpp + zlib + ] + ++ optionals enableQt5 ( + with qt5; + [ + qttools + qtbase + ] + ) + ++ optionals enableQt6 ( + with qt6Packages; + [ + qttools + qtbase + qtsvg + ] + ) + ++ optionals enableGTK3 [ + gtkmm3 + libpthread-stubs + ] + ++ optionals enableSystemd [ systemd ] + ++ optionals stdenv.hostPlatform.isLinux [ inotify-tools ]; + + postInstall = '' + mkdir $apparmor + cat >$apparmor/bin.transmission-daemon <, + include + profile $out/bin/transmission-daemon { + include + include + include + include "${apparmorRules}" + @{PROC}/sys/kernel/random/uuid r, + @{PROC}/sys/vm/overcommit_memory r, + @{PROC}/@{pid}/environ r, + @{PROC}/@{pid}/mounts r, + /tmp/tr_session_id_* rwk, + + $out/share/transmission/public_html/** r, + + include if exists + } + EOF + install -Dm0444 -t $out/share/icons ../qt/icons/transmission.svg + ''; + + passthru.tests = { + apparmor = nixosTests.transmission_4; # starts the service with apparmor enabled + smoke-test = nixosTests.bittorrent; + }; + + meta = { + description = "Fast, easy and free BitTorrent client"; + mainProgram = + if (enableQt5 || enableQt6) then + "transmission-qt" + else if enableGTK3 then + "transmission-gtk" + else + "transmission-cli"; + longDescription = '' + Transmission is a BitTorrent client which features a simple interface + on top of a cross-platform back-end. + Feature spotlight: + * Uses fewer resources than other clients + * Native Mac, GTK and Qt GUI clients + * Daemon ideal for servers, embedded systems, and headless use + * All these can be remote controlled by Web and Terminal clients + * Bluetack (PeerGuardian) blocklists with automatic updates + * Full encryption, DHT, and PEX support + ''; + homepage = "https://www.transmissionbt.com/"; + license = with lib.licenses; [ + gpl2Plus + mit + ]; + platforms = lib.platforms.unix; + }; +}) From 89bd3aa428ab9bb37c61f2fa0e75c755b37bc3c3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 19 Feb 2026 15:21:56 +0100 Subject: [PATCH 104/135] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index dad55a0..1f7bb18 100644 --- a/flake.lock +++ b/flake.lock @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1770654520, - "narHash": "sha256-mg5WZMIPGsFu9MxSrUcuJUPMbfMsF77el5yb/7rc10k=", + "lastModified": 1771505064, + "narHash": "sha256-lh9rF+C/nKFyWAqbHIa6tK9L/6N0UaQg7zw15aP4jBM=", "owner": "nix-community", "repo": "home-manager", - "rev": "6c4fdbe1ad198fac36c320fd45c5957324a80b8e", + "rev": "a0a01d8811fd5e99e003078ed64a0e7b531545dd", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1770562336, - "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", + "lastModified": 1771369470, + "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", + "rev": "0182a361324364ae3f436a63005877674cf45efb", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1770732881, - "narHash": "sha256-yGkibRit67Pz1uo1Kk55kZBHQq90K3gc0N762JGW/uQ=", + "lastModified": 1771506707, + "narHash": "sha256-R9oBi0EPsWN4bHfYgcyiSzx31/Fkgg3IHubf30II7Ow=", "owner": "nix-community", "repo": "NUR", - "rev": "06490c1287ab62a8c5075c440fd3e247913bc29c", + "rev": "30ad144e51a0ae8b47aa84c1139e84fc278d6e86", "type": "github" }, "original": { From 354118ada1f758922acbc4660c12a1902a810382 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 12 Jan 2026 14:54:11 +0000 Subject: [PATCH 105/135] treewide: remove unused 'with pkgs' --- modules/home/calibre/default.nix | 2 +- modules/home/gdb/default.nix | 2 +- modules/home/trgui/default.nix | 2 +- templates/c++-cmake/flake.nix | 2 +- templates/c++-meson/flake.nix | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/home/calibre/default.nix b/modules/home/calibre/default.nix index de7c126..fcd62f8 100644 --- a/modules/home/calibre/default.nix +++ b/modules/home/calibre/default.nix @@ -10,7 +10,7 @@ in }; config = lib.mkIf cfg.enable { - home.packages = with pkgs; [ + home.packages = [ cfg.package ]; }; diff --git a/modules/home/gdb/default.nix b/modules/home/gdb/default.nix index 1ffc6bd..b7c3aca 100644 --- a/modules/home/gdb/default.nix +++ b/modules/home/gdb/default.nix @@ -17,7 +17,7 @@ in config = lib.mkIf cfg.enable (lib.mkMerge [ { - home.packages = with pkgs; [ + home.packages = [ cfg.package ]; diff --git a/modules/home/trgui/default.nix b/modules/home/trgui/default.nix index ee545a9..63df355 100644 --- a/modules/home/trgui/default.nix +++ b/modules/home/trgui/default.nix @@ -10,7 +10,7 @@ in }; config = lib.mkIf cfg.enable { - home.packages = with pkgs; [ + home.packages = [ cfg.package ]; }; diff --git a/templates/c++-cmake/flake.nix b/templates/c++-cmake/flake.nix index 7796f5e..eb2767d 100644 --- a/templates/c++-cmake/flake.nix +++ b/templates/c++-cmake/flake.nix @@ -95,7 +95,7 @@ self.packages.${system}.project ]; - packages = with pkgs; [ + packages = [ self.checks.${system}.pre-commit.enabledPackages ]; diff --git a/templates/c++-meson/flake.nix b/templates/c++-meson/flake.nix index cb14eb5..4418917 100644 --- a/templates/c++-meson/flake.nix +++ b/templates/c++-meson/flake.nix @@ -95,7 +95,7 @@ self.packages.${system}.project ]; - packages = with pkgs; [ + packages = [ self.checks.${system}.pre-commit.enabledPackages ]; From b776c356929e84d876364e77e0ab5fad064763e0 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 26 Jan 2026 17:52:23 +0000 Subject: [PATCH 106/135] treewide: remove redundant 'builtins' I keep forgetting `map` and `removeAttrs` are included at the top-level in the prelude. --- modules/home/mail/accounts/default.nix | 2 +- modules/home/wm/i3bar/default.nix | 2 +- modules/nixos/programs/steam/default.nix | 2 +- modules/nixos/services/backup/default.nix | 2 +- modules/nixos/services/nginx/default.nix | 6 +++--- overlays/default.nix | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/home/mail/accounts/default.nix b/modules/home/mail/accounts/default.nix index 5216ad5..ca5e6ea 100644 --- a/modules/home/mail/accounts/default.nix +++ b/modules/home/mail/accounts/default.nix @@ -11,7 +11,7 @@ let lib.mkDefault [ (lib.getExe pkgs.ambroisie.rbw-pass) "Mail" passName ]; address = mkMailAddress address domain; - aliases = builtins.map (lib.flip mkMailAddress domain) aliases; + aliases = map (lib.flip mkMailAddress domain) aliases; inherit primary; diff --git a/modules/home/wm/i3bar/default.nix b/modules/home/wm/i3bar/default.nix index 5ae0e7d..28c1935 100644 --- a/modules/home/wm/i3bar/default.nix +++ b/modules/home/wm/i3bar/default.nix @@ -69,7 +69,7 @@ in inactive_state = "Idle"; }; in - builtins.map (block: defaults // block) cfg.vpn.blockConfigs + map (block: defaults // block) cfg.vpn.blockConfigs ) ) { diff --git a/modules/nixos/programs/steam/default.nix b/modules/nixos/programs/steam/default.nix index 0c7f9da..c859bdb 100644 --- a/modules/nixos/programs/steam/default.nix +++ b/modules/nixos/programs/steam/default.nix @@ -23,7 +23,7 @@ in enable = true; }; - environment.systemPackages = builtins.map lib.hiPrio [ + environment.systemPackages = map lib.hiPrio [ # Respect XDG conventions, leave my HOME alone (pkgs.writeShellScriptBin "steam" '' mkdir -p "${cfg.dataDir}" diff --git a/modules/nixos/services/backup/default.nix b/modules/nixos/services/backup/default.nix index 8aeeae1..7988406 100644 --- a/modules/nixos/services/backup/default.nix +++ b/modules/nixos/services/backup/default.nix @@ -96,7 +96,7 @@ in # Contains the UID/GID map, and other useful state "/var/lib/nixos" # SSH host keys (and public keys for convenience) - (builtins.map (key: [ key.path "${key.path}.pub" ]) config.services.openssh.hostKeys) + (map (key: [ key.path "${key.path}.pub" ]) config.services.openssh.hostKeys) ]; services.restic.backups.backblaze = { diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index ff530b0..153a299 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -188,14 +188,14 @@ in ++ (lib.flip lib.mapAttrsToList cfg.virtualHosts (_: { subdomain, ... } @ args: let conflicts = [ "port" "root" "socket" "redirect" ]; - optionsNotNull = builtins.map (v: args.${v} != null) conflicts; + optionsNotNull = map (v: args.${v} != null) conflicts; optionsSet = lib.filter lib.id optionsNotNull; in { assertion = builtins.length optionsSet == 1; message = '' Subdomain '${subdomain}' must have exactly one of ${ - lib.concatStringsSep ", " (builtins.map (v: "'${v}'") conflicts) + lib.concatStringsSep ", " (map (v: "'${v}'") conflicts) } configured. ''; })) @@ -208,7 +208,7 @@ in assertion = args.websocketsLocations != [ ] -> proxyPassUsed; message = '' Subdomain '${subdomain}' can only use 'websocketsLocations' with one of ${ - lib.concatStringsSep ", " (builtins.map (v: "'${v}'") proxyPass) + lib.concatStringsSep ", " (map (v: "'${v}'") proxyPass) }. ''; })) diff --git a/overlays/default.nix b/overlays/default.nix index 683e021..d3e30aa 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,6 +1,6 @@ # Automatically import all overlays in the directory let files = builtins.readDir ./.; - overlays = builtins.removeAttrs files [ "default.nix" ]; + overlays = removeAttrs files [ "default.nix" ]; in builtins.mapAttrs (name: _: import "${./.}/${name}") overlays From 0694be19251db5f8706b1c08fb202e2a484098d6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 12 Jan 2026 14:55:47 +0000 Subject: [PATCH 107/135] nixos: services: servarr: remove redundant 'lib' My personal style preference (currently) is to use `with lib` on option declarations, avoiding the `lib` prefix. --- modules/nixos/services/servarr/bazarr.nix | 2 +- modules/nixos/services/servarr/jackett.nix | 2 +- modules/nixos/services/servarr/nzbhydra.nix | 2 +- modules/nixos/services/servarr/prowlarr.nix | 2 +- modules/nixos/services/servarr/starr.nix | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/nixos/services/servarr/bazarr.nix b/modules/nixos/services/servarr/bazarr.nix index 637da0c..67d3416 100644 --- a/modules/nixos/services/servarr/bazarr.nix +++ b/modules/nixos/services/servarr/bazarr.nix @@ -4,7 +4,7 @@ let in { options.my.services.servarr.bazarr = with lib; { - enable = lib.mkEnableOption "Bazarr" // { + enable = mkEnableOption "Bazarr" // { default = config.my.services.servarr.enableAll; }; diff --git a/modules/nixos/services/servarr/jackett.nix b/modules/nixos/services/servarr/jackett.nix index 481cd3d..8e8a5c3 100644 --- a/modules/nixos/services/servarr/jackett.nix +++ b/modules/nixos/services/servarr/jackett.nix @@ -4,7 +4,7 @@ let in { options.my.services.servarr.jackett = with lib; { - enable = lib.mkEnableOption "Jackett" // { + enable = mkEnableOption "Jackett" // { default = config.my.services.servarr.enableAll; }; diff --git a/modules/nixos/services/servarr/nzbhydra.nix b/modules/nixos/services/servarr/nzbhydra.nix index 7b63986..f2f82ac 100644 --- a/modules/nixos/services/servarr/nzbhydra.nix +++ b/modules/nixos/services/servarr/nzbhydra.nix @@ -4,7 +4,7 @@ let in { options.my.services.servarr.nzbhydra = with lib; { - enable = lib.mkEnableOption "NZBHydra2" // { + enable = mkEnableOption "NZBHydra2" // { default = config.my.services.servarr.enableAll; }; }; diff --git a/modules/nixos/services/servarr/prowlarr.nix b/modules/nixos/services/servarr/prowlarr.nix index ce044c6..6825843 100644 --- a/modules/nixos/services/servarr/prowlarr.nix +++ b/modules/nixos/services/servarr/prowlarr.nix @@ -5,7 +5,7 @@ let in { options.my.services.servarr.prowlarr = with lib; { - enable = lib.mkEnableOption "Prowlarr" // { + enable = mkEnableOption "Prowlarr" // { default = config.my.services.servarr.enableAll; }; diff --git a/modules/nixos/services/servarr/starr.nix b/modules/nixos/services/servarr/starr.nix index 2bf7c11..0ccdaa4 100644 --- a/modules/nixos/services/servarr/starr.nix +++ b/modules/nixos/services/servarr/starr.nix @@ -12,7 +12,7 @@ let in { options.my.services.servarr.${starr} = with lib; { - enable = lib.mkEnableOption (lib.toSentenceCase starr) // { + enable = mkEnableOption (lib.toSentenceCase starr) // { default = config.my.services.servarr.enableAll; }; From 854a9729724a5a748cc61e15e4523247ba52ac5c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 26 Jan 2026 17:55:52 +0000 Subject: [PATCH 108/135] flake: checks: enable 'nixf-diagnose' --- flake/checks.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/flake/checks.nix b/flake/checks.nix index 73e64d5..01d3c7a 100644 --- a/flake/checks.nix +++ b/flake/checks.nix @@ -15,6 +15,10 @@ enable = true; }; + nixf-diagnose = { + enable = true; + }; + nixpkgs-fmt = { enable = true; }; From d94f9564340c71d18a957b3b3a7c78ce70d7fec0 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 26 Feb 2026 15:47:36 +0000 Subject: [PATCH 109/135] flake: bump inputs And fix a package change. --- flake.lock | 30 +++++++++++++++--------------- modules/home/mpv/default.nix | 2 +- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/flake.lock b/flake.lock index 1f7bb18..3faacc8 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1770726378, - "narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=", + "lastModified": 1772024342, + "narHash": "sha256-+eXlIc4/7dE6EcPs9a2DaSY3fTA9AE526hGqkNID3Wg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae", + "rev": "6e34e97ed9788b17796ee43ccdbaf871a5c2b476", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1771505064, - "narHash": "sha256-lh9rF+C/nKFyWAqbHIa6tK9L/6N0UaQg7zw15aP4jBM=", + "lastModified": 1772633327, + "narHash": "sha256-jl+DJB2DUx7EbWLRng+6HNWW/1/VQOnf0NsQB4PlA7I=", "owner": "nix-community", "repo": "home-manager", - "rev": "a0a01d8811fd5e99e003078ed64a0e7b531545dd", + "rev": "5a75730e6f21ee624cbf86f4915c6e7489c74acc", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1771369470, - "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=", + "lastModified": 1772638773, + "narHash": "sha256-hxYz2avAoL3bSuAsllNKdRIcSjZRzE0c+1vbPe6RFNk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0182a361324364ae3f436a63005877674cf45efb", + "rev": "9b91b0810a0fc78c2b9179390fd3a0295ec7107d", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1771506707, - "narHash": "sha256-R9oBi0EPsWN4bHfYgcyiSzx31/Fkgg3IHubf30II7Ow=", + "lastModified": 1772638553, + "narHash": "sha256-RTdoij40R7JMeORObiBLfT7VjwHpLxLTBR6hO/mplSk=", "owner": "nix-community", "repo": "NUR", - "rev": "30ad144e51a0ae8b47aa84c1139e84fc278d6e86", + "rev": "7a914a204156d118c4e98706a71f68a044c881ae", "type": "github" }, "original": { diff --git a/modules/home/mpv/default.nix b/modules/home/mpv/default.nix index 8af394c..207d601 100644 --- a/modules/home/mpv/default.nix +++ b/modules/home/mpv/default.nix @@ -13,7 +13,7 @@ in scripts = [ pkgs.mpvScripts.mpris # Allow controlling using media keys - pkgs.mpvScripts.mpv-cheatsheet # Show some simple mappings on '?' + pkgs.mpvScripts.mpv-cheatsheet-ng # Show some simple mappings on '?' pkgs.mpvScripts.uosc # Nicer UI ]; }; From 8103562170ce6ced978a59ab7f24e7de1307400b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 4 Mar 2026 21:24:42 +0100 Subject: [PATCH 110/135] nixos: services: nextcloud: bump to 33 --- modules/nixos/services/nextcloud/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index 24515ff..ae6d543 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -35,7 +35,7 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud32; + package = pkgs.nextcloud33; hostName = "nextcloud.${config.networking.domain}"; home = "/var/lib/nextcloud"; maxUploadSize = cfg.maxSize; From b3c0321b4038f15eb035e076da5e6be43a889d66 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 4 Mar 2026 22:00:49 +0100 Subject: [PATCH 111/135] nixos: system: documentation: fix renamed option --- modules/nixos/system/documentation/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/nixos/system/documentation/default.nix b/modules/nixos/system/documentation/default.nix index 304c811..0956a4b 100644 --- a/modules/nixos/system/documentation/default.nix +++ b/modules/nixos/system/documentation/default.nix @@ -29,7 +29,10 @@ in man = { enable = cfg.man.enable; - generateCaches = true; + + cache = { + enable = true; + }; }; nixos.enable = cfg.nixos.enable; From 36c34eb12ae7396a04cd84a2e3be940f427db850 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 16 Mar 2026 14:25:07 +0000 Subject: [PATCH 112/135] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 3faacc8..f33747b 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1772024342, - "narHash": "sha256-+eXlIc4/7dE6EcPs9a2DaSY3fTA9AE526hGqkNID3Wg=", + "lastModified": 1772893680, + "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "6e34e97ed9788b17796ee43ccdbaf871a5c2b476", + "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1772633327, - "narHash": "sha256-jl+DJB2DUx7EbWLRng+6HNWW/1/VQOnf0NsQB4PlA7I=", + "lastModified": 1773666768, + "narHash": "sha256-7XvLaFMQOsfWrK+msO0Oqe5CeNYsAlSGjrl5y14gA6w=", "owner": "nix-community", "repo": "home-manager", - "rev": "5a75730e6f21ee624cbf86f4915c6e7489c74acc", + "rev": "ca53f083dbd4c83dd5dca8a3099374708e155c32", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1772638773, - "narHash": "sha256-hxYz2avAoL3bSuAsllNKdRIcSjZRzE0c+1vbPe6RFNk=", + "lastModified": 1773579282, + "narHash": "sha256-LWvZj9Bvm1EuoO6zbX4yjZebwnZNfeTbmCJGS7RGQ3Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9b91b0810a0fc78c2b9179390fd3a0295ec7107d", + "rev": "5a88de74db0e948139be4b46f9a94d64aa11391c", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1772638553, - "narHash": "sha256-RTdoij40R7JMeORObiBLfT7VjwHpLxLTBR6hO/mplSk=", + "lastModified": 1773668952, + "narHash": "sha256-h6429piA06biF5pvpivmySNPxD9pRPR/9gp0w4SeeAs=", "owner": "nix-community", "repo": "NUR", - "rev": "7a914a204156d118c4e98706a71f68a044c881ae", + "rev": "b33e4c245dfbc30b80b7e67bf51071d4ad603ff4", "type": "github" }, "original": { From 38dc0488a930b5a9410b3faec86fd2f9d28923d9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 16 Mar 2026 14:27:02 +0000 Subject: [PATCH 113/135] nixos: services: nix-cache: fix renamed option --- modules/nixos/services/nix-cache/default.nix | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/modules/nixos/services/nix-cache/default.nix b/modules/nixos/services/nix-cache/default.nix index f3a29aa..e11962f 100644 --- a/modules/nixos/services/nix-cache/default.nix +++ b/modules/nixos/services/nix-cache/default.nix @@ -33,14 +33,16 @@ in config = lib.mkIf cfg.enable { services.harmonia = { - enable = true; + cache = { + enable = true; - settings = { - bind = "127.0.0.1:${toString cfg.port}"; - inherit (cfg) priority; + settings = { + bind = "127.0.0.1:${toString cfg.port}"; + inherit (cfg) priority; + }; + + signKeyPaths = [ cfg.secretKeyFile ]; }; - - signKeyPaths = [ cfg.secretKeyFile ]; }; my.services.nginx.virtualHosts = { From a2bb2bf25ea52a3fa850f88f548bd4a807c5d4cc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 24 Mar 2026 13:03:18 +0100 Subject: [PATCH 114/135] hosts: nixos: porthos: services: remove pyload I'm about to remove the module entirely. This reverts commit 5ecef0d789ce2fb990f3b5994321cf46c6ad950c. --- hosts/nixos/porthos/services.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 96f15d3..8c9e108 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -134,10 +134,6 @@ in }; # Regular backups postgresql-backup.enable = true; - pyload = { - enable = true; - credentialsFile = secrets."pyload/credentials".path; - }; # RSS provider for websites that do not provide any feeds rss-bridge.enable = true; # Usenet client From 1c7032cb5bf32f81068de77dfba40f23010fbb90 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 24 Mar 2026 13:04:23 +0100 Subject: [PATCH 115/135] hosts: nixos: porthos: secrets: remove pyload I'm about to remove the module entirely. This reverts commit df44786c9cc5c12935ecce260a5ac55277eb9bef. --- hosts/nixos/porthos/secrets/pyload/credentials.age | 7 ------- hosts/nixos/porthos/secrets/secrets.nix | 2 -- 2 files changed, 9 deletions(-) delete mode 100644 hosts/nixos/porthos/secrets/pyload/credentials.age diff --git a/hosts/nixos/porthos/secrets/pyload/credentials.age b/hosts/nixos/porthos/secrets/pyload/credentials.age deleted file mode 100644 index 089f962..0000000 --- a/hosts/nixos/porthos/secrets/pyload/credentials.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 cKojmg nJbOfp0/wmFOZLzcWjoGB7wEB8e56aO1NntSmn5KomU -/Vio4Z/t7IPJrdzdwUPidVH3wrouSkwRzNHP0T4z3x0 --> ssh-ed25519 jPowng QXg/xqs7/VfkYQg3X77w4i53q64bL9oYeTxqb9NVhiQ -sMHIXlmrIxtIr+s0X4lBqev/PPd3AKD5P7AP5K4NeJg ---- gzTn+6+aa4Ptic1lsvSt+r3IEBysHrvMMIyONogMDF0 -ˮUE_ Date: Tue, 24 Mar 2026 13:06:25 +0100 Subject: [PATCH 116/135] nixos: services: remove pyload The package and the module have been removed upstream. I do not have the will to package the enormous V8-based missing dependency (`mini-racer`), so let's remove the module entirely. I didn't use it much anymore anyway. --- modules/nixos/services/default.nix | 1 - modules/nixos/services/pyload/default.nix | 72 ----------------------- 2 files changed, 73 deletions(-) delete mode 100644 modules/nixos/services/pyload/default.nix diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index e03eca1..4267af3 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -31,7 +31,6 @@ ./podgrab ./postgresql ./postgresql-backup - ./pyload ./quassel ./rss-bridge ./sabnzbd diff --git a/modules/nixos/services/pyload/default.nix b/modules/nixos/services/pyload/default.nix deleted file mode 100644 index 7257d0f..0000000 --- a/modules/nixos/services/pyload/default.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.my.services.pyload; -in -{ - options.my.services.pyload = with lib; { - enable = mkEnableOption "pyload download manager"; - - credentialsFile = mkOption { - type = types.path; - example = "/run/secrets/pyload-credentials.env"; - description = "pyload credentials"; - }; - - downloadDirectory = mkOption { - type = types.str; - default = "/data/downloads/pyload"; - example = "/var/lib/pyload/download"; - description = "Download directory"; - }; - - port = mkOption { - type = types.port; - default = 9093; - example = 8080; - description = "Internal port for webui"; - }; - }; - - config = lib.mkIf cfg.enable { - services.pyload = { - enable = true; - - # Listening on `localhost` leads to 502 with the reverse proxy... - listenAddress = "127.0.0.1"; - - inherit (cfg) - credentialsFile - downloadDirectory - port - ; - - # Use media group when downloading files - group = "media"; - }; - - # Set-up media group - users.groups.media = { }; - - my.services.nginx.virtualHosts = { - pyload = { - inherit (cfg) port; - }; - }; - - services.fail2ban.jails = { - pyload = '' - enabled = true - filter = pyload - port = http,https - ''; - }; - - environment.etc = { - "fail2ban/filter.d/pyload.conf".text = '' - [Definition] - failregex = ^.*Login failed for user '.*' \[CLIENT: \]$ - journalmatch = _SYSTEMD_UNIT=pyload.service - ''; - }; - }; -} From 25cdd5755bb19ac3adacea17e511cd2d1972f110 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 1 Apr 2026 13:30:14 +0200 Subject: [PATCH 117/135] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index f33747b..72a0f23 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1772893680, - "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", + "lastModified": 1775036584, + "narHash": "sha256-zW0lyy7ZNNT/x8JhzFHBsP2IPx7ATZIPai4FJj12BgU=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", + "rev": "4e0eb042b67d863b1b34b3f64d52ceb9cd926735", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1773666768, - "narHash": "sha256-7XvLaFMQOsfWrK+msO0Oqe5CeNYsAlSGjrl5y14gA6w=", + "lastModified": 1774991950, + "narHash": "sha256-kScKj3qJDIWuN9/6PMmgy5esrTUkYinrO5VvILik/zw=", "owner": "nix-community", "repo": "home-manager", - "rev": "ca53f083dbd4c83dd5dca8a3099374708e155c32", + "rev": "f2d3e04e278422c7379e067e323734f3e8c585a7", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1773579282, - "narHash": "sha256-LWvZj9Bvm1EuoO6zbX4yjZebwnZNfeTbmCJGS7RGQ3Y=", + "lastModified": 1775020384, + "narHash": "sha256-3XiHDhiNxb2vWI0en8ug7WBMEPj9mcaWcMhaFFfhfJY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5a88de74db0e948139be4b46f9a94d64aa11391c", + "rev": "c9971bfbabf2fa3f3b7e6e4cbeaa2abd6295b478", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1773668952, - "narHash": "sha256-h6429piA06biF5pvpivmySNPxD9pRPR/9gp0w4SeeAs=", + "lastModified": 1775037587, + "narHash": "sha256-3weRbM7ODQocl6wTgyuKPubhpjS4zP2VA5YxeDx6YG8=", "owner": "nix-community", "repo": "NUR", - "rev": "b33e4c245dfbc30b80b7e67bf51071d4ad603ff4", + "rev": "0a0ed0957d4fee887d5101d3975d40e98658d75c", "type": "github" }, "original": { From 0f821729f1f275363f2f45c727f29125e6c5dee7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 1 Apr 2026 13:28:27 +0200 Subject: [PATCH 118/135] home: set 'stateVersion' to '26.05' Home-Manager now warns (loudly) about relying on legacy defaults on older state versions. I'd rather update to the newer state version than explicitly silence those warnings by setting options I do not care for. The new defaults are better anyway. --- modules/home/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/home/default.nix b/modules/home/default.nix index ad3b979..93c5fe9 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -49,8 +49,7 @@ ./zsh ]; - # First sane reproducible version - home.stateVersion = "20.09"; + home.stateVersion = "26.05"; # Start services automatically systemd.user.startServices = "sd-switch"; From 277ed53bb0c8a91d1685a72868063146800217d4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 8 Apr 2026 14:23:25 +0000 Subject: [PATCH 119/135] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 72a0f23..73f8820 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1772408722, - "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", + "lastModified": 1775087534, + "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", + "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1775036584, - "narHash": "sha256-zW0lyy7ZNNT/x8JhzFHBsP2IPx7ATZIPai4FJj12BgU=", + "lastModified": 1775585728, + "narHash": "sha256-8Psjt+TWvE4thRKktJsXfR6PA/fWWsZ04DVaY6PUhr4=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "4e0eb042b67d863b1b34b3f64d52ceb9cd926735", + "rev": "580633fa3fe5fc0379905986543fd7495481913d", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1774991950, - "narHash": "sha256-kScKj3qJDIWuN9/6PMmgy5esrTUkYinrO5VvILik/zw=", + "lastModified": 1775622785, + "narHash": "sha256-/yFxO+7oS1SymDfJ2iVO7K5vJKcYfe9XGIJ+quLqz0Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "f2d3e04e278422c7379e067e323734f3e8c585a7", + "rev": "527e47b78fe67213072f706bf933a9705a8c4974", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1775020384, - "narHash": "sha256-3XiHDhiNxb2vWI0en8ug7WBMEPj9mcaWcMhaFFfhfJY=", + "lastModified": 1775423009, + "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c9971bfbabf2fa3f3b7e6e4cbeaa2abd6295b478", + "rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1775037587, - "narHash": "sha256-3weRbM7ODQocl6wTgyuKPubhpjS4zP2VA5YxeDx6YG8=", + "lastModified": 1775654726, + "narHash": "sha256-4R6Bc5EIQ+HxVte1Mo1B3OkyYFVmehywOPiH3Z9CAIU=", "owner": "nix-community", "repo": "NUR", - "rev": "0a0ed0957d4fee887d5101d3975d40e98658d75c", + "rev": "c73a8885bd1bb5d329e16a4512e2c2708c5981a7", "type": "github" }, "original": { From 762779c461bc4f5926e789c905dbfa181118e903 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 19 Feb 2026 12:06:05 +0000 Subject: [PATCH 120/135] home: vim: prefix augroup with 'ambroisie.*' --- modules/home/vim/plugin/numbertoggle.lua | 2 +- modules/home/vim/plugin/settings/tree-sitter.lua | 2 +- modules/home/vim/plugin/signtoggle.lua | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/home/vim/plugin/numbertoggle.lua b/modules/home/vim/plugin/numbertoggle.lua index b1e3df2..2299a62 100644 --- a/modules/home/vim/plugin/numbertoggle.lua +++ b/modules/home/vim/plugin/numbertoggle.lua @@ -1,7 +1,7 @@ -- Show lines numbers vim.opt.number = true -local numbertoggle = vim.api.nvim_create_augroup("numbertoggle", { clear = true }) +local numbertoggle = vim.api.nvim_create_augroup("ambroisie.numbertoggle", { clear = true }) -- Toggle numbers between relative and absolute when changing buffers vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "InsertLeave", "WinEnter" }, { diff --git a/modules/home/vim/plugin/settings/tree-sitter.lua b/modules/home/vim/plugin/settings/tree-sitter.lua index 2958c2a..b533452 100644 --- a/modules/home/vim/plugin/settings/tree-sitter.lua +++ b/modules/home/vim/plugin/settings/tree-sitter.lua @@ -83,7 +83,7 @@ end vim.api.nvim_create_autocmd("FileType", { pattern = "*", - group = vim.api.nvim_create_augroup("treesitter_attach", { clear = true }), + group = vim.api.nvim_create_augroup("ambroisie.treesitter_attach", { clear = true }), callback = function(args) local buf, filetype = args.buf, args.match local language = vim.treesitter.language.get_lang(filetype) diff --git a/modules/home/vim/plugin/signtoggle.lua b/modules/home/vim/plugin/signtoggle.lua index 3deca34..66e0ab4 100644 --- a/modules/home/vim/plugin/signtoggle.lua +++ b/modules/home/vim/plugin/signtoggle.lua @@ -1,4 +1,4 @@ -local signtoggle = vim.api.nvim_create_augroup("signtoggle", { clear = true }) +local signtoggle = vim.api.nvim_create_augroup("ambroisie.signtoggle", { clear = true }) -- Only show sign column for the currently focused buffer, if it has a number column vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "WinEnter" }, { From cea0410c3d9f5eaee0c8cbef5854b4277a0771ad Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 19 Feb 2026 12:32:14 +0000 Subject: [PATCH 121/135] home: vim: fix unimpaired mapping descriptions --- modules/home/vim/after/plugin/mappings/unimpaired.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/vim/after/plugin/mappings/unimpaired.lua b/modules/home/vim/after/plugin/mappings/unimpaired.lua index 765b6b1..f83a3a3 100644 --- a/modules/home/vim/after/plugin/mappings/unimpaired.lua +++ b/modules/home/vim/after/plugin/mappings/unimpaired.lua @@ -82,7 +82,7 @@ local keys = { -- Disable option { "]o", group = "Disable option" }, - { "]ob", desc = "Light background" }, + { "]ob", desc = "Dark background" }, { "]oc", desc = "Cursor line" }, { "]od", desc = "Diff" }, { "]of", "FormatDisable", desc = "LSP Formatting" }, @@ -101,7 +101,7 @@ local keys = { -- Toggle option { "yo", group = "Toggle option" }, - { "yob", desc = "Light background" }, + { "yob", desc = "Toggle background" }, { "yoc", desc = "Cursor line" }, { "yod", desc = "Diff" }, { "yof", "FormatToggle", desc = "LSP Formatting" }, From dbb6f235fdbda259189645d9591961927ca60c32 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 10 Feb 2026 15:39:16 +0000 Subject: [PATCH 122/135] home: vim: clarify how to disable 'ignorecase' Because I tend to forget the exact way to do it, let's document it so I have an easy place to check next time. --- modules/home/vim/init.vim | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index 1142925..f3b5022 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -112,7 +112,7 @@ colorscheme gruvbox """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" " Enable search high-lighting while the search is on-going set hlsearch -" Ignore case on search +" Ignore case on search unless \C is in search terms set ignorecase " Ignore case unless there is an uppercase letter in the pattern set smartcase From 95363f49e6eb32ca92ba56b24da8851a51f67822 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 19 Jan 2026 12:10:17 +0000 Subject: [PATCH 123/135] home: calibre: use upstream module --- modules/home/calibre/default.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/modules/home/calibre/default.nix b/modules/home/calibre/default.nix index fcd62f8..e3733b1 100644 --- a/modules/home/calibre/default.nix +++ b/modules/home/calibre/default.nix @@ -10,8 +10,10 @@ in }; config = lib.mkIf cfg.enable { - home.packages = [ - cfg.package - ]; + programs.calibre = { + enable = true; + + inherit (cfg) package; + }; }; } From eaf542722a8e55a8695cbf23fcb680cf59db8d41 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 20 Feb 2026 14:12:19 +0000 Subject: [PATCH 124/135] home: git: fix Python env ignore --- modules/home/git/default.ignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/git/default.ignore b/modules/home/git/default.ignore index d80996e..a2da8f2 100644 --- a/modules/home/git/default.ignore +++ b/modules/home/git/default.ignore @@ -5,7 +5,7 @@ *.out # Python files -env/ +.venv/ __pycache__/ *.py[cod] .mypy_cache/ From adf2ef6f4e423d58485f4b75c803aa398e895a70 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 12 Apr 2026 20:52:12 +0200 Subject: [PATCH 125/135] nixos: services: wireguard: remove internal DNS For some reason `unbound` stopped working reliably recently. I can't be bothered to debug DNS issues, so let's remove it, it's only marginally useful anyways. --- modules/nixos/services/wireguard/default.nix | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/modules/nixos/services/wireguard/default.nix b/modules/nixos/services/wireguard/default.nix index 840ac33..9d5994c 100644 --- a/modules/nixos/services/wireguard/default.nix +++ b/modules/nixos/services/wireguard/default.nix @@ -81,19 +81,7 @@ let lib.mapAttrsToList mkPeer otherPeers; # Set up clients to use configured DNS servers - dns = - let - toInternalIps = peer: [ - "${cfg.net.v4.subnet}.${toString peer.clientNum}" - "${cfg.net.v6.subnet}::${toString peer.clientNum}" - ]; - # We know that `otherPeers` is an attribute set of servers - internalIps = lib.flatten - (lib.mapAttrsToList (_: peer: toInternalIps peer) otherPeers); - internalServers = lib.optionals cfg.dns.useInternal internalIps; - in - lib.mkIf (!thisPeerIsServer) - (internalServers ++ cfg.dns.additionalServers); + dns = cfg.dns.additionalServers; }; in { @@ -122,10 +110,6 @@ in }; dns = { - useInternal = my.mkDisableOption '' - Use internal DNS servers from wireguard 'server' - ''; - additionalServers = mkOption { type = with types; listOf str; default = [ From bdb9ce7b7e2453137ad93c68571ccc367704cd32 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 12 Apr 2026 20:53:49 +0200 Subject: [PATCH 126/135] hosts: nixos: porthos: services: disable adblock For some reason `unbound` stopped working reliably recently. I can't be bothered to debug DNS issues, so let's remove it, it's only marginally useful anyways. --- hosts/nixos/porthos/services.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 8c9e108..f993b9a 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -6,10 +6,6 @@ in { # List services that you want to enable: my.services = { - # Hosts-based adblock using unbound - adblock = { - enable = true; - }; # Audiobook and podcast library audiobookshelf = { enable = true; From 292b68523e71d9efa58cacc6794d2a893e43ab8b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 15 Apr 2026 12:51:37 +0200 Subject: [PATCH 127/135] flake: bump inputs Also change an aliased package's name. --- flake.lock | 18 +++++++++--------- modules/nixos/services/matrix/default.nix | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 73f8820..d2115e3 100644 --- a/flake.lock +++ b/flake.lock @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1775622785, - "narHash": "sha256-/yFxO+7oS1SymDfJ2iVO7K5vJKcYfe9XGIJ+quLqz0Q=", + "lastModified": 1776184304, + "narHash": "sha256-No6QGBmIv5ChiwKCcbkxjdEQ/RO2ZS1gD7SFy6EZ7rc=", "owner": "nix-community", "repo": "home-manager", - "rev": "527e47b78fe67213072f706bf933a9705a8c4974", + "rev": "3c7524c68348ef79ce48308e0978611a050089b2", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1775423009, - "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=", + "lastModified": 1776169885, + "narHash": "sha256-l/iNYDZ4bGOAFQY2q8y5OAfBBtrDAaPuRQqWaFHVRXM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9", + "rev": "4bd9165a9165d7b5e33ae57f3eecbcb28fb231c9", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1775654726, - "narHash": "sha256-4R6Bc5EIQ+HxVte1Mo1B3OkyYFVmehywOPiH3Z9CAIU=", + "lastModified": 1776248186, + "narHash": "sha256-CAWCGtcUvOYwrqeVgvyAKJ6UVQ1x0FQ/l5UWBfKApdE=", "owner": "nix-community", "repo": "NUR", - "rev": "c73a8885bd1bb5d329e16a4512e2c2708c5981a7", + "rev": "6b1e039f802f6974c56b414f8c8bf95b3d71dc11", "type": "github" }, "original": { diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 97dec2e..ccbe7c6 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -4,7 +4,7 @@ let cfg = config.my.services.matrix; - adminPkg = pkgs.synapse-admin-etkecc; + adminPkg = pkgs.ketesa; domain = config.networking.domain; matrixDomain = "matrix.${domain}"; From e5a28e5507003071bd2487bc3f51e13e0fbde641 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 31 Jan 2026 23:08:44 +0000 Subject: [PATCH 128/135] home: firefox: disable AI features As found on some HN thread, there may be more I have missed... --- modules/home/firefox/default.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/modules/home/firefox/default.nix b/modules/home/firefox/default.nix index 19a008c..1ffb8d9 100644 --- a/modules/home/firefox/default.nix +++ b/modules/home/firefox/default.nix @@ -48,15 +48,29 @@ in "browser.bookmarks.showMobileBookmarks" = true; # Mobile bookmarks "browser.download.useDownloadDir" = false; # Ask for download location "browser.in-content.dark-mode" = true; # Dark mode + "browser.ml.chat.enabled" = false; # No AI + "browser.ml.chat.menu" = false; # No AI + "browser.ml.chat.page" = false; # No AI + "browser.ml.chat.page.footerBadge" = false; # No AI + "browser.ml.chat.page.menuBadge" = false; # No AI + "browser.ml.chat.shortcuts" = false; # No AI + "browser.ml.chat.sidebar" = false; # No AI + "browser.ml.enable" = false; # No AI + "browser.ml.linkPreview.enabled" = false; # No AI + "browser.ml.pageAssist.enabled" = false; # No AI "browser.newtabpage.activity-stream.feeds.section.topstories" = false; # Disable top stories "browser.newtabpage.activity-stream.feeds.sections" = false; "browser.newtabpage.activity-stream.feeds.system.topstories" = false; # Disable top stories "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; # Disable pocket + "browser.tabs.groups.smart.enabled" = false; # No AI + "browser.tabs.groups.smart.userEnabled" = false; # No AI "browser.urlbar.trimURLs" = false; # Always show the `http://` prefix + "extensions.ml.enabled" = false; # No AI "extensions.pocket.enabled" = false; # Disable pocket "media.eme.enabled" = true; # Enable DRM "media.gmp-widevinecdm.enabled" = true; # Enable DRM "media.gmp-widevinecdm.visible" = true; # Enable DRM + "sidebar.notification.badge.aichat" = false; # No AI "signon.autofillForms" = false; # Disable built-in form-filling "signon.rememberSignons" = false; # Disable built-in password manager "ui.systemUsesDarkTheme" = true; # Dark mode From 95da471709364ab603d932b823b947ff8fcb49f7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 2 Jan 2026 15:10:59 +0000 Subject: [PATCH 129/135] home: pager: use explicit config section name --- modules/home/pager/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/pager/default.nix b/modules/home/pager/default.nix index e84dcb7..c14ff7e 100644 --- a/modules/home/pager/default.nix +++ b/modules/home/pager/default.nix @@ -19,6 +19,7 @@ in }; xdg.configFile."lesskey".text = '' + #command # Quit without clearing the screen on `Q` Q toggle-option -!^Predraw-on-quit\nq ''; From 6b966b65f0817f041807995601851b1e770d352e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 2 Jan 2026 15:13:04 +0000 Subject: [PATCH 130/135] home: pager: use upstream module Only for the configuration, not `LESS`, as settings it through the configuration file does not result in the behaviour I want in Git (and probably other programs). --- modules/home/pager/default.nix | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/modules/home/pager/default.nix b/modules/home/pager/default.nix index c14ff7e..073cf16 100644 --- a/modules/home/pager/default.nix +++ b/modules/home/pager/default.nix @@ -9,6 +9,16 @@ in config = lib.mkIf cfg.enable { + programs.less = { + enable = true; + + config = '' + #command + # Quit without clearing the screen on `Q` + Q toggle-option -!^Predraw-on-quit\nq + ''; + }; + home.sessionVariables = { # My default pager PAGER = "less"; @@ -17,11 +27,5 @@ in # Better XDG compliance LESSHISTFILE = "${config.xdg.stateHome}/less/history"; }; - - xdg.configFile."lesskey".text = '' - #command - # Quit without clearing the screen on `Q` - Q toggle-option -!^Predraw-on-quit\nq - ''; }; } From a4293fc48eef84bdb7de218f31c209eb589a9d1e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 2 Jan 2026 15:13:04 +0000 Subject: [PATCH 131/135] home: pager: use long option names Makes it more readable. --- modules/home/pager/default.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/modules/home/pager/default.nix b/modules/home/pager/default.nix index 073cf16..a74e7a6 100644 --- a/modules/home/pager/default.nix +++ b/modules/home/pager/default.nix @@ -22,8 +22,19 @@ in home.sessionVariables = { # My default pager PAGER = "less"; - # Clear the screen on start and exit - LESS = "-R -+X -c"; + # Set `LESS` in the environment so it overrides git's pager (and others) + LESS = + let + options = { + # Always use the alternate screen (so that it is cleared on exit) + "+no-init" = true; + # Write text top-down, rather than from the bottom + clear-screen = true; + # Interpret (some) escape sequences + RAW-CONTROL-CHARS = true; + }; + in + lib.concatStringsSep " " (lib.cli.toCommandLineGNU { } options); # Better XDG compliance LESSHISTFILE = "${config.xdg.stateHome}/less/history"; }; From 5485a75989c388d7ecd6ff8b12d5f380aa7cd03d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 2 Jan 2026 15:55:34 +0000 Subject: [PATCH 132/135] home: pager: remove 'LESSHISTFILE' It's now using an XDG-compliant value by default, I don't need to define it myself. --- modules/home/pager/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/home/pager/default.nix b/modules/home/pager/default.nix index a74e7a6..99ed3ac 100644 --- a/modules/home/pager/default.nix +++ b/modules/home/pager/default.nix @@ -35,8 +35,6 @@ in }; in lib.concatStringsSep " " (lib.cli.toCommandLineGNU { } options); - # Better XDG compliance - LESSHISTFILE = "${config.xdg.stateHome}/less/history"; }; }; } From 8bf8d234ed7be9ce8220484162664c0c49fe66e2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 3 Jan 2026 11:17:57 +0000 Subject: [PATCH 133/135] home: pager: add readline mappings Found a nice tip to emulate deletion to start/end of line. --- modules/home/pager/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/modules/home/pager/default.nix b/modules/home/pager/default.nix index 99ed3ac..0f58d12 100644 --- a/modules/home/pager/default.nix +++ b/modules/home/pager/default.nix @@ -16,6 +16,22 @@ in #command # Quit without clearing the screen on `Q` Q toggle-option -!^Predraw-on-quit\nq + + #line-edit + # readline-style command editing + ^p up + ^n down + ^b left + ^f right + ^a home + ^e end + \eb word-left + \ef word-right + ^w word-backspace + \ed word-delete + # Simulate delete to start/end of line by repeating word-wise actions + ^u word-backspace ${lib.strings.replicate 100 "^w"} + ^k word-delete ${lib.strings.replicate 100 "\\ed"} ''; }; From b7e849be9fdfd8211bdf02f966cba58dcdc22544 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 3 Jan 2026 11:24:35 +0000 Subject: [PATCH 134/135] home: pager: use colored UI --- modules/home/pager/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home/pager/default.nix b/modules/home/pager/default.nix index 0f58d12..353ef46 100644 --- a/modules/home/pager/default.nix +++ b/modules/home/pager/default.nix @@ -48,6 +48,8 @@ in clear-screen = true; # Interpret (some) escape sequences RAW-CONTROL-CHARS = true; + # Use colored text in search and UI + use-color = true; }; in lib.concatStringsSep " " (lib.cli.toCommandLineGNU { } options); From f5af7d3667d1c27374597f2d21eb25f31594c3b5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 2 Jan 2026 16:01:20 +0000 Subject: [PATCH 135/135] nixos: services: wireguard: fix path to keys --- modules/nixos/services/wireguard/keys/secrets.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/wireguard/keys/secrets.nix b/modules/nixos/services/wireguard/keys/secrets.nix index 3985477..3572217 100644 --- a/modules/nixos/services/wireguard/keys/secrets.nix +++ b/modules/nixos/services/wireguard/keys/secrets.nix @@ -1,6 +1,6 @@ # Extra wireguard keys that are not hosts NixOS hosts let - keys = import ../../../../keys; + keys = import ../../../../../keys; all = [ keys.users.ambroisie