WIP: nixos: services: add aria

home: firefox: tridactyl: remove 'Nitter' rule
Turns out it's very annoying when the Nitter instance has been rate limited. This reverts commit e514389a3d.
2024-01-29 16:24:19 +00:00 · 2024-01-27 15:33:40 +00:00 · 2024-01-26 23:36:05 +01:00 · 2024-01-26 23:27:58 +01:00 · 2024-01-22 16:57:18 +00:00 · 2024-01-22 16:55:57 +00:00
76 changed files with 403 additions and 476 deletions
--- a/flake.lock
+++ b/flake.lock
@ -8,14 +8,17 @@
        ],
        "nixpkgs": [
          "nixpkgs"
+        ],
+        "systems": [
+          "systems"
        ]
      },
      "locked": {
-        "lastModified": 1701216516,
-        "narHash": "sha256-jKSeJn+7hZ1dZdiH1L+NWUGT2i/BGomKAJ54B9kT06Q=",
+        "lastModified": 1703433843,
+        "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "13ac9ac6d68b9a0896e3d43a082947233189e247",
+        "rev": "417caa847f9383e111d1397039c9d4337d024bf0",
        "type": "github"
      },
      "original": {
@ -33,11 +36,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1673295039,
-        "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
+        "lastModified": 1700795494,
+        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
+        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
        "type": "github"
      },
      "original": {
@ -50,11 +53,11 @@
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1673956053,
-        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
        "type": "github"
      },
      "original": {
@ -70,11 +73,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1701473968,
-        "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
+        "lastModified": 1704982712,
+        "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
+        "rev": "07f6395285469419cf9d078f59b5b49993198c00",
        "type": "github"
      },
      "original": {
@ -86,14 +89,16 @@
    },
    "futils": {
      "inputs": {
-        "systems": "systems"
+        "systems": [
+          "systems"
+        ]
      },
      "locked": {
-        "lastModified": 1701680307,
-        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "lastModified": 1705309234,
+        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
        "type": "github"
      },
      "original": {
@ -111,11 +116,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1660459072,
-        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
+        "lastModified": 1703887061,
+        "narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=",
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
-        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
+        "rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5",
        "type": "github"
      },
      "original": {
@ -131,11 +136,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1702538064,
-        "narHash": "sha256-At5GwJPu2tzvS9dllhBoZmqK6lkkh/sOp2YefWRlaL8=",
+        "lastModified": 1705879479,
+        "narHash": "sha256-ZIohbyly1KOe+8I3gdyNKgVN/oifKdmeI0DzMfytbtg=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "0e2e443ff24f9d75925e91b89d1da44b863734af",
+        "rev": "2d47379ad591bcb14ca95a90b6964b8305f6c913",
        "type": "github"
      },
      "original": {
@ -147,11 +152,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1702312524,
-        "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=",
+        "lastModified": 1705856552,
+        "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "a9bf124c46ef298113270b1f84a164865987a91c",
+        "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
        "type": "github"
      },
      "original": {
@ -163,11 +168,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1702558663,
-        "narHash": "sha256-MHq/DdwsBwsTRqwFg1JuFtcoGArgvaH/XwbxgWQ4Zn0=",
+        "lastModified": 1705927265,
+        "narHash": "sha256-eUUIBb3qYMrQB0ONGEj2kzKN8yzqwDmR4+Ct5/dvJcs=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "b839a2bae27c0c14dd99dcc1f6d18f83b0af59bd",
+        "rev": "a29c6f71063d0ce903e927fa7885651c00abd33b",
        "type": "github"
      },
      "original": {
@ -192,11 +197,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1702456155,
-        "narHash": "sha256-I2XhXGAecdGlqi6hPWYT83AQtMgL+aa3ulA85RAEgOk=",
+        "lastModified": 1705757126,
+        "narHash": "sha256-Eksr+n4Q8EYZKAN0Scef5JK4H6FcHc+TKNHb95CWm+c=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "007a45d064c1c32d04e1b8a0de5ef00984c419bc",
+        "rev": "f56597d53fd174f796b5a7d3ee0b494f9e2285cc",
        "type": "github"
      },
      "original": {
@ -214,7 +219,8 @@
        "home-manager": "home-manager",
        "nixpkgs": "nixpkgs",
        "nur": "nur",
-        "pre-commit-hooks": "pre-commit-hooks"
+        "pre-commit-hooks": "pre-commit-hooks",
+        "systems": "systems"
      }
    },
    "systems": {
@ -228,6 +234,7 @@
      },
      "original": {
        "owner": "nix-systems",
+        "ref": "main",
        "repo": "default",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@ -9,6 +9,7 @@
      inputs = {
        home-manager.follows = "home-manager";
        nixpkgs.follows = "nixpkgs";
+        systems.follows = "systems";
      };
    };

@ -27,6 +28,9 @@
      owner = "numtide";
      repo = "flake-utils";
      ref = "main";
+      inputs = {
+        systems.follows = "systems";
+      };
    };

    home-manager = {
@ -64,6 +68,13 @@
        nixpkgs-stable.follows = "nixpkgs";
      };
    };
+
+    systems = {
+      type = "github";
+      owner = "nix-systems";
+      repo = "default";
+      ref = "main";
+    };
  };

  # Can't eta-reduce a flake outputs...
--- a/hosts/homes/ambroisie@bazin/default.nix
+++ b/hosts/homes/ambroisie@bazin/default.nix
@ -1,4 +1,4 @@
-# Google Cloudtop configuration
+# Google Laptop configuration
 { lib, pkgs, ... }:
 {
  services.gpg-agent.enable = lib.mkForce false;
--- a/hosts/nixos/aramis/home.nix
+++ b/hosts/nixos/aramis/home.nix
@ -2,7 +2,7 @@
 {
  my.home = {
    # Use graphical pinentry
-    bitwarden.pinentry = "gtk2";
+    bitwarden.pinentry = "qt";
    # Ebook library
    calibre.enable = true;
    # Some amount of social life
@ -14,7 +14,7 @@
    # Blue light filter
    gammastep.enable = true;
    # Use a small popup to enter passwords
-    gpg.pinentry = "gtk2";
+    gpg.pinentry = "qt";
    # Machine specific packages
    packages.additionalPackages = with pkgs; [
      element-desktop # Matrix client
--- a/hosts/nixos/porthos/secrets/acme/dns-key.age
+++ b/hosts/nixos/porthos/secrets/acme/dns-key.age
@ -1,10 +1,8 @@
 age-encryption.org/v1
-> ssh-ed25519 cKojmg 0bz3W8QcGaulxy+kDmM717jTthQpFOCwV9HkenFJEyo
-NKeh1/JkX4WAWbOjUeKLMbsyCevnDf3a70FfYUav26c
-> ssh-ed25519 jPowng Q59ybJMMteOSB6hZ5m6UPP0N2p8jrDSu5vBYwPgGcRw
-j420on2jSsfMsv4MDtiOTMIFjaXV7sIsrS+g4iab+68
-> z}.q-grease s2W<qM_Z t
-n1Yfs/gmNsl/n9HtuKBIIT8iwIjYca2yxlh7Q1XAT1B+RZ8oGjW8yCPj1unbDGZL
-e5BfLO3zgkEZnQ
--- FSgNKEdDeeTjCx9jN9UtOFl58mC/Lbu1PAYRGK0CZW4
-U€¿+æ©jïÝ{gø`GŽ›ÆàÂˆR¾Qk]šóïdÐ6å˜ú‚y5T²$ÄÃ±s~Ùh‰Ä£òÔ<C3B2>Fº¢ç%°vöÌm<C38C>
+-> ssh-ed25519 cKojmg bQFr9oAnbo1rI/MpUV8wQz/Xj7iZY4ZU+Swf0nSIQFw
+zama2XJ0gdvUlD2GHMhmZqHSxHe+dKSfXnHoWDcSw7Y
+-> ssh-ed25519 jPowng gitUwSKTNKWLSxnwa185O7x/u0ul93g8wPESdZaKRk8
+uvBIfAUkZp5sg6rfeEGvL5ZDV8m2uSEotW02kjPN3Hw
+--- SZxe5f/CUZBvPQa2Sz/UBY3L68rMkIGGRuZPk7YE+Vg
+¾r ú&…¥‹{~v?¨}=Ä
+}+
¿SQ’M[²]Œ±kMÒAàtŒÃmMë/£µLsü|Þ…m©CÀñiYC}ƒŽ‡çxŽ€
--- a/hosts/nixos/porthos/secrets/backup/credentials.age
+++ b/hosts/nixos/porthos/secrets/backup/credentials.age
--- a/hosts/nixos/porthos/secrets/backup/password.age
+++ b/hosts/nixos/porthos/secrets/backup/password.age
@ -1,8 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 cKojmg dgS4bezgtDi44R1A8am+J6zh80kUVYTo1heaxJCtzX4
-F3w/62xwtqYa40NU7OvF9pnZzYz/5hACAGJfMA4e2zw
-> ssh-ed25519 jPowng lx81CK3yeNp9RjHCUFJeKYZlRzxBmXuADVBvRc13zCI
-P7e75t8xU+ZkYmeQ8mmMfyZZsRdG1J8yrvSUkiWzkFQ
-> *z4/`-grease S/)a{e sFd";=
--- 15FVhqRTkoPFEeETRRyFQhsv4Fn19Ozlax0u8Zy9mNA
-õ#+¥àÎvøSÈ4èá}<7D>§Rì%‹Î¯F4fnDœ˜J¹¤Z‹¸A¥Û™,_
+-> ssh-ed25519 cKojmg O3DMSSPQP9/ehXmzs0xcCGllu7VSzhd6b4Pii8t2vWQ
+Ys1nMv2384elWWGW9C8HabvwUeWu52VsQpxx9L/4/dM
+-> ssh-ed25519 jPowng ft/9SX5fpG7+7gHMubaFtb+50/gfNgmaofOVq5UjRUE
+xMwdFjFdkH0Li+PikaFt0WAZbFUu5daHgkfN8aQQumo
+--- 7DVINvXIXdE1MRwIkeajonYsy1cp4HugCxfTeub5SXU
+<¥ö¡Ãñ<ýØ{VÇ?ñfk/¤áI®"<22>ï×/5K"Š¸(ì¢ùiÃÔôìñ
--- a/hosts/nixos/porthos/secrets/drone/gitea.age
+++ b/hosts/nixos/porthos/secrets/drone/gitea.age
--- a/hosts/nixos/porthos/secrets/drone/secret.age
+++ b/hosts/nixos/porthos/secrets/drone/secret.age
@ -1,9 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 cKojmg 1+cLlzctgcM0FnVDwMPOAqBkvMcDBRg8SvCw4djI93Y
-oV2XI4f1AvM9P591kZZ6NgJXa+SDtqGzCSgc4psOmxM
-> ssh-ed25519 jPowng Ufjfh1p350XxRPg95+/DHdmnl4lC0bbzUUlaxd1Bmxc
-/RHwFDSn2ov+60r1uHUigrsn99+GmmKmlk4h4T2gbA0
-> *Lc$@-grease
-pzVJAHy1qRq3jUrnFV0DDO7/hwV1US4Ogf0RsrVfX0xzbr73uJ003YjieVB25LqN
--- ME7/iVevyiguyhXugbkVFGzJV0yDccyKNlWbEZa/FmY
-YžŠXjb2uþnd;i0íýX]…§é0–þjé’L„PÔT~óú ƒÙ^kc”$D×ÚÛr¹úu³¶fr€e¸OÕ¸þ<C2B8>+p•¨<E280A2><C2A8>&ãw®öÏ¨
+-> ssh-ed25519 cKojmg 0J8FMcVRf78LYG+dTOFzu3luXwhOjdOg0sx4Jxdccj4
+tdrCcfcYbTZYhL18RG3goiqtyhu3NTn+fJhdIAnU5uA
+-> ssh-ed25519 jPowng qlF8nkSEg5fZgai0VP5eTSlZOHyj5IcalTf+QNWITVo
+O5aiZX0AJD76ixsu6i9xnnFBQANdsu3h6XzdTQ6KtKU
+--- ByMQt9bnbzd8YO0Y93FIYF/lmdbYcOydkYdKxpRQujM
+堍6JNm裶遁[Eb1p)vD究侖PL9捦€z逡<7A>煸!縺贿噮'嘥閍顖卷赿5︰:[控d肯峈撟M抪庱zj<7A>
--- a/hosts/nixos/porthos/secrets/drone/ssh/private-key.age
+++ b/hosts/nixos/porthos/secrets/drone/ssh/private-key.age
--- a/hosts/nixos/porthos/secrets/gitea/mail-password.age
+++ b/hosts/nixos/porthos/secrets/gitea/mail-password.age
@ -1,9 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 jPowng BkIjie2KrwDLaZYYIguCs7TPA/wQy+YPguikuhfye0M
-7viTA/EGYB/jRKQm6fFd86DMd4j+Jxsaw/xQ1T8ZKNo
-> ssh-ed25519 cKojmg t1Y8bZvPccNAX8vWQLTfCyOJIBXN515vyfFrEI2EVww
-bJEjpIWrKeQrA/JfY7FRdB6hpHwR/aG4Vya1ChFNBKs
-> jK/-grease Oz.R ?;)G ],
-AuHk9TcC9kl0dg8/L6UfHIk3e9fgGwSTJAJpVgInhok
--- 47z9lol5MtpX0IsO/0ggLDMcNVfl4lNNvoHUSwOU/18
-)gÐªeuÞ!œš-
ÞTì¥YAðM+ˆãGbMe@|A,è&ãÆE!Ü†p=P²=û9¹ÙP¹!Üö’Q|Ðä r
+-> ssh-ed25519 cKojmg 46BI3ItrXRWMivmd/K8bmkKlrYFSr8cbehAkmwCskig
+gTjYquH1hDEZ2zWD5P7gN/ejTCH8JJb8bC/VLZ3koeg
+-> ssh-ed25519 jPowng 5MqfJlasDbbqlI0dX98NZzHxmYmnnpveyBxa4z48V0o
+r7Yiv4+SZiDncD0Xzp5eFSP4f2yjGBOILKxEO1iT3Os
+--- l43+JtT28i1YDhNX3hE3Qb7swskOBc5ghDqiyh3rU2s
+Ž+)´”¯ÛPô¢nåWT,.<2E>‹²eÚNW€Îñ YÆ±kçÿF4Ê#=˜)üîò™6Ö±ÛmÈµîJ‹<4A>ª#
--- a/hosts/nixos/porthos/secrets/lohr/secret.age
+++ b/hosts/nixos/porthos/secrets/lohr/secret.age
--- a/hosts/nixos/porthos/secrets/lohr/ssh-key.age
+++ b/hosts/nixos/porthos/secrets/lohr/ssh-key.age
--- a/hosts/nixos/porthos/secrets/matrix/mail.age
+++ b/hosts/nixos/porthos/secrets/matrix/mail.age
@ -1,9 +1,9 @@
 age-encryption.org/v1
-> ssh-ed25519 cKojmg lmu3MinmydRHD0A/YVRRtopermfoBC8M8cTHfVanY1s
-ygrtpZZJ7aeQTblNazpoP7DdifmDxHsE3DFJsIrWX5M
-> ssh-ed25519 jPowng X0cihOc+fBtmtrkEivIHQngdYIobezXEF1x+pHqNzAw
-/+sw9x1NWY0anZhDMpAywBPrR0F4XCHaF9e8j/Yo/kI
-> 32;%1s-grease
-JafjuSZty6a4NSO/y4y5wHWL8Mw
--- dwCl66vdpsL0MR5NWWvg3JUnQ2QZQBeW0Dj0l5tvOKY
-oi,`ÓÜ#uÄwW%PoubÚcy8<79>ó
ƒÃÉ><¿F‰Ååq…ÂKÃ‚Çk0Çk/<2F>hÀ¥Ÿ5åŠ¿ÝF+ýu‡ •e€<06>¾Ÿ²óôbãè>1QŠ2®ñwn˜WbÖ–B˜âî<C3A2>iŸ^xurâ†-/llùÒÀÀ-ã=°7;jã0»I×%Fi¼<69>í€ø‹™A;Y†ìUd]KÅI0(½ ”øAg£Ðóž^†uG:äpkJ’Ÿ:q<>¢šWSaLw¯¿Ô!ïM³4ã L/ùZÅ‡®¢D¶-XéUb»‘vÊbP‚ó›0ÇÅfÂ9êú<08> †âJ`ÃX°ôÐOÅ!s›{ÙÄQAšc€c;ÏÃÑ‹4öMíÚ†Ý¹lxH&ïéöé{é}ÁäÛzZ¦œ‚9Ã»ÊXžÜ“g‰]VÏ±•0gt¡¿…žw·
+-> ssh-ed25519 cKojmg u+5VWUy7eFq4boAIOhuKXZYD4mhczaUAcjz4+coVggA
+QlBHHgz7uY3TVgex59yZA0XgsIeHi2WN2S+UleC7bMg
+-> ssh-ed25519 jPowng IyeI6WUjF8wxe92xD3xY++4ZqXtY8divB39eLWfAtm8
+eGj8w5X2ydS1LJvNSmo56xzRVoUB0iAKKs2NHX968Yc
+--- hsYH9lUl3wIErJmBKzlWV+gIR5v6vgPIcNDgd0hiRGc
+¹Ã@Úl<C39A>ôQûsÈ„ÿ×£©Dƒ}^{ºžá¾X)¸nYóJhXhg8wƒž´  “ú°˜Ó¨Ç‚Çw–‡y(œ–aè¸ìê.0>|ÚPSlOÃ|ÈÊE‰õÂÙé°€¡<E282AC>BWó_ˆ³ÜÌ)|x4©„šºë\_F¶
+ZÒo0=dts –j<E28093>[ùŽõ0O+ÑÕRž8±‡ÕiüËçŽÜ»ˆõŒæÆdÀ«ß8j»â©ê
+‚g¹©‘–$xŒÿÃ²¥Æbâ÷í<C3B7>˜äX·¢gÂ^¼íùG¼Êô¤Ž$UÏûB*ö°é²¡£ÈÔ)[t¶ÃHa•vŸ7<>ÌÑj£âD.z¸+¬[~–õÁÃé9Ùý<C399>àz¼øô`sé¶,_!^YÓïÊ¯2H¹øS‹¿¼©øÅ<C3B8>øý*âñó@êjZ^ˆôæÎv~Øº¶@ò<>
--- a/hosts/nixos/porthos/secrets/matrix/secret.age
+++ b/hosts/nixos/porthos/secrets/matrix/secret.age
--- a/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age
+++ b/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age
@ -1,9 +1,8 @@
 age-encryption.org/v1
-> ssh-ed25519 cKojmg N182xey8TWRVUWTRP16rT0zlhYZNr/pOZVR7YRnlIkk
-HVqAag55z1cKLgjR3WsUj2wvaVjxm169JcDRJGRvCVU
-> ssh-ed25519 jPowng Dc+aaUTxDsMTY+oOst0SC3ldq1e6zX8F5A5uBL5RHhc
-JWZou6+VaFc5f2OLRIrmFFWg3Er6WSY+TloXU0mP1K8
-> |9_9Aqh%-grease $ X8Mn|5 aKnl' fl<D{T-
-+fAc0cajqxhYWu55HCY
--- SrmtWXQXGYxNTabSrb5tBRXHnK1F22Qoiy7hKYrrF+0
-ñD·û²:,õn0i<>½Àß^ÆŠ`üÔ2Æ#y'ý9ÖñÓÒŽéÿæ<C3BF>r]ÀØ›¹x“³S=ú°ˆôuJéEÛóc€lH Ê~eÅ‚›ŸKtévo'êv+
+-> ssh-ed25519 cKojmg xRtF3XVc7yPicAV/E4U7mn0itvD0h1BWBTjwunuoe2E
+OkB9sjGB3ulH4Feuyj3Ed0DBG4+mghW/Qpum9oXL/8c
+-> ssh-ed25519 jPowng 1r8drqhz1yZdTq0Kvqya+ArU1C2fkN7Gg9LiWWfeUFg
+cjbxntVwHvqLaJpiKs/Y8ojeb6e3/cLFcsoeuoobfFg
+--- B1qA2PylJBrdZxZtCzlU2kRPvxLM+IrXTvR+ERxVtTY
+"W9<57>Äbg¸©~Ì/áÕb4ãÕ†ú³ÜÔIÊ
+Û}ð
§ËÅË-³²ªNó±”ÑC7vWœbºØ?¦8=œÉwÆBÃUpJClï²OÈ™³œnOÁ\
--- a/hosts/nixos/porthos/secrets/miniflux/credentials.age
+++ b/hosts/nixos/porthos/secrets/miniflux/credentials.age
--- a/hosts/nixos/porthos/secrets/monitoring/password.age
+++ b/hosts/nixos/porthos/secrets/monitoring/password.age
@ -1,10 +1,9 @@
 age-encryption.org/v1
-> ssh-ed25519 cKojmg OdLtFHbHbc28rUn47vgsVvXxFNg9nF+9y9R6XOK390Y
-yQQYUPQGjN2+xrSqqBYa7/zS618KrVjX5Amw2MFuSLg
-> ssh-ed25519 jPowng NwUjiLtiXVi6XFmht5l1CxEs3gm0oN4vHYwDZyda7Q4
-di6znVjNRO6QdqteVNkeot5Ko2NwWLe6v+zVR3f+o10
-> 4Vx%\(-grease ^^Z>EC91 R 2BJ d48Wip*s
-yPiBgChRF31XgxccQFLO3MzRL7+5s29sfRoF3W1yUX6Bu59MpxD4D+n/jhLcxSH/
-CxW7KaiOctNmPm5tWh6qjmgQ+V4bcAji5vo4FKs40l56cfyueEJj+Q
--- WUGF28zqK9E1AlOeeCtSHxFg6ikRy85gOoLtBd4m0y0
-.|…rr>©†ðìì1ÅÆ2SÉž.×hw<12>wqºš%i˜øé	‚*U^)Öè'qžµ›O2ÓœümòQÝ7˜¯m`
+-> ssh-ed25519 cKojmg l5lOlGnbvQ4D2kaSj1dd8Xr+btlNbTkT0SxSz02Vr1E
+Cjy73yKL1N8LnjRXXLpxX+wIOFCa8wrG44VjXUND1lI
+-> ssh-ed25519 jPowng nYHfkP9dRkxu4Fqh8MgrbdZAc8gk+VGDyxIV6RsSeEM
+rKKi1NDoKMMzQ+kUs5ZX4zMqRBI0QwGY7q6K/L9+dLI
+--- Umv3UCtXlApug7uuqmwbQN38i8Lx9/b0uhLgbc3OdZM
+äBLsś ‹?ÖsÓ“s<E2809C>2Îy
+R0ą‘!<fü9txB7dň<13>™ÚŠň^©ô É‡LJ&ńW
€<©e]
+ţ/$$
--- a/hosts/nixos/porthos/secrets/monitoring/secret-key.age
+++ b/hosts/nixos/porthos/secrets/monitoring/secret-key.age
--- a/hosts/nixos/porthos/secrets/nextcloud/password.age
+++ b/hosts/nixos/porthos/secrets/nextcloud/password.age
--- a/hosts/nixos/porthos/secrets/nix-cache/cache-key.age
+++ b/hosts/nixos/porthos/secrets/nix-cache/cache-key.age
--- a/hosts/nixos/porthos/secrets/paperless/password.age
+++ b/hosts/nixos/porthos/secrets/paperless/password.age
@ -1,10 +1,8 @@
 age-encryption.org/v1
-> ssh-ed25519 cKojmg zhpo89xef68JoeOFWzhdFshrj2BXXUCFPMLVJzv6EyE
-fmJxJi5rmyai9qGwDo7iHg4BrObGre96KCpl+g91O6I
-> ssh-ed25519 jPowng INA6EZdy4J1p3QY5mfVOQXiLdOjIDaZR+CZMP+GfkXM
-8Nf5soaxY5SEzeJca5kaJkx7ByOvc4NkJVetB7wpEmo
-> xjK'w-grease
-f5v0cvlt4JbHlAwDOob86qOInWdlN/oohTg
--- NTGv4rr+MhJ/YeZhVHOjoS1V+zCHFf2itJYfK36R+wE
-š×—®JÚ dő– oŞę'YFUź@
-r7”ă“_N$‰˙Ź–č‡>‚ˇę]hq»-¨FŰ°qX˙?Î|?µĘ
+-> ssh-ed25519 cKojmg 1hbRAuAGrTy6nmkAq+UWua8weywphZsTIGF68YQEOlQ
+92Q7uIKv1EiO73wMh53jrTuEkzP6ziBmX9SWXCl4d3w
+-> ssh-ed25519 jPowng aPb9v/S/mLW95Qom+swvasqY878RxpxxOkMJA2wb6nY
+qu/dzcqciqKzNc28HqFMHA1XnrJy+/wWgbfM1+BrlkE
+--- 8PXOozvZzNZQD2OT4a+0XuIQauzUGSvovdfDugmp+bc
+x²Ž‚ê Ã>ùý²ç¦©ðóÁÇ_ÏC9d™T5ŸûKzÐ„qØcZ©°É¾pŒš¾¡ à¹ƒºv
+)Œ³õ²¥
--- a/hosts/nixos/porthos/secrets/paperless/secret-key.age
+++ b/hosts/nixos/porthos/secrets/paperless/secret-key.age
@ -1,10 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 cKojmg tZwn2usN6K62oS4vBa6boh9zEp/+cS4chP8boXG6SH4
-Fr3kV8gUDoiDqMxPYWsHyww8umYhQEKhqbVBiVw5NeI
-> ssh-ed25519 jPowng wRbJl4G85obH/GluQBBsXE7MOvooEui65eqHfurvuQs
-KqVZMBSyHhkayEdwI6ocmA4qhHY9zYJvg1CEKM1SOa0
-> 2E"/OFW-grease o Qp3HFe^
-bGhCNicPqt7txqxUiEWXCFs1OuQLqOqHmjHSqYQv919dqYep/xBXzi/aRf3dsdvh
-TCJCTvZG31Qxvikp
--- xKJGbdVp+Z5h0vCBleSF2zYYYd2S5i0y4szNqjRwrDY
-Tª
/N¯<4E>¨¹i7m4‚#³MhiñP¹šÒÞ›Á¥-ÏgI÷ñ±%@E†(›iÿ7·ý©ýYg¦k±´"+ã¸ Àª(þ]o¨¸–ý†ð<E280A0>@báÊÞ§+Ï[‚Y"ÿ‘ÌBóóCR[ >-Ë.4d…¤b9v
+-> ssh-ed25519 cKojmg r3ZUTfSNcHc1TS2fVtk99Y2xJMMunkwkcR0dQIdiCi4
+LICSnzAaooGy6x4wt0vNM6YtQ4S17QohZNt7lfVrD6Q
+-> ssh-ed25519 jPowng KLU68ws4lemr0wWHxm8H8pf1SQAoUZTN4QSPzk2PyHk
+6pjH1pI956oaf9ZIHPPq8p3g/mZC5GxWhWkT54Wohf0
+--- cAQbniTwwtTftfXU/dGtA69yF/hh8iB97vHxvkIZMMo
+°c#Ž=^Ì~?5ú-w—NT†Ì¡<C38C>¨+¶¨Ä!z¥<7A> "’ Zö"2ºëðù×M!pž5×V¬ÈÛjçÎ¡Ñ¡Žâ¥âL¹ÁÌyóÐÅ¹úš›n÷ÄŠ8zQö°+¨ËÁØ©9WSµ§<C2B5>Æ0¨u}YÃš
--- a/hosts/nixos/porthos/secrets/podgrab/password.age
+++ b/hosts/nixos/porthos/secrets/podgrab/password.age
@ -1,9 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 cKojmg 8rcBI7fYHuA3jO6EzJNFaAj2niIApKDt1HQEv61AKTs
-ANxkIX/CeI7t7Zqp6wmjt/D194Z+xpeiidb+qvYzoQU
-> ssh-ed25519 jPowng oruewwTM9X/HjjcmOPcQVdp02rQBlgJPdzvlAffs3T0
-MrO0kaNhjgOkNHuz3NrIMWXNrXOHH9dT/Fk6hoQNKyY
-> COK%H7-grease
-6yfI90QurOKlM+kgpW8KZ/iBzDYD9yhNmjG1LQ
--- uArz8eHg8sLO0sdlkM6cELFh+FHiI5BrM0+iXJxxiDo
-¿vývû´ÊNÊbæ@Ÿ¡Â<C2A1>FÛMMíYËÆíÌ&‰’/%¤¹Ñm¨®ØtÁÖ“ªd†h„|¡ðŒß©8¼Ž Ú½¨9‚®<11>Cã¯/Å
+-> ssh-ed25519 cKojmg bICZUDqk/C2divEZu2lxUDsrtS1inSbDbS8hxJSJfHc
+FsfueyP6WCesAu5EcXIxxtvbb8RX09qNTN9GvuhYuTw
+-> ssh-ed25519 jPowng Uujsu6c+QTXqCNi6c+zxk5tf0UQcG+Qm/SZF4dzSKCY
+RPVNNNauz73A8kWA0VSQiMWCerUkxPoXG2MUrFly3Bc
+--- 8h4hGasOwZxk+i5aQfg6AzdA1G4wROhxz2rmM9u41b8
+{Rﾜ<>ﾗ=42<34>
y<>咨ｯ眺ﾃj嚀廁<E59A80>WQ▽隯%畊ｽ宅	顕褜返<E8A49C>弁K<E5BC81>ﾄ蘊ﾏFｮﾓ?埴膕K歯｢
--- a/hosts/nixos/porthos/secrets/sso/ambroisie/password-hash.age
+++ b/hosts/nixos/porthos/secrets/sso/ambroisie/password-hash.age
--- a/hosts/nixos/porthos/secrets/sso/ambroisie/totp-secret.age
+++ b/hosts/nixos/porthos/secrets/sso/ambroisie/totp-secret.age
--- a/hosts/nixos/porthos/secrets/sso/auth-key.age
+++ b/hosts/nixos/porthos/secrets/sso/auth-key.age
--- a/hosts/nixos/porthos/secrets/tandoor-recipes/secret-key.age
+++ b/hosts/nixos/porthos/secrets/tandoor-recipes/secret-key.age
--- a/hosts/nixos/porthos/secrets/transmission/credentials.age
+++ b/hosts/nixos/porthos/secrets/transmission/credentials.age
@ -1,10 +1,8 @@
 age-encryption.org/v1
-> ssh-ed25519 cKojmg mP2H3PWJN6Pv3q6C2wci3KnXjtFAIiuGy0YH0sGIy2g
-f43QqyUQfTYznszub47kgc2Mz95zVScTDkwnG3INi9U
-> ssh-ed25519 jPowng fENbu7+FZ1mnQQHQCLm1spLHmsQGlRoJResUJtGzYkY
-hX+AqCkLCca6m/aKtGCThi7/mCCz/TZQNJNOlOmlqyA
-> J<-grease
-n7+CPRr4oazWnE7yzpJN2ZAI4QrGsAerloP4wNeebjQDx8+IxJq1JE0g3Yi0RxzN
-chDccuSPLYk45Ov+SD/qqqFZlQ
--- p81HYw3LFj+qz2kiZsDcevM4ZBfvN743P9Jdi7J9XkM
-‚¢ìÛ±S·7 <EFBFBD>‘ý£÷ÜãV»»Bðßâø±³ˆ¶ïO‰lEt˜‹Á…šqý</Ç—Ø©9²ã(ØP†$Wƒ0h;÷‰±àJy¯feø‚ >·_D,PºVFp\æ"AM}èg?<3F>ÿ<EFBFBD>Ý/\²Ä;ùy’¬Óš(<28>ÑSñKË
+-> ssh-ed25519 cKojmg Froxrdh4H2Bsj4X2xicyBXHPRlbkRJAOztoTfzxItSM
+FnsLS2QYm8mJUO+c152FieLCFkALxxwQLnY4PAj8zsU
+-> ssh-ed25519 jPowng pKl4p02M+U5JsiOnM2wXL5bkPwsI3IHjlTutlvez3zM
+NSuOFsyV8JqtTq97lNzacJnJ3YZgWp53XxU3mjUlcMQ
+--- 2TK2ViFblmDheaYdat/GF0ze1wVsla1EPLaeRdMM4Gs
+®àµÕ¨ENÜžämÂ›Û2uÂ~Ju¼b´´t[Ý$Tñþ^‘2–°<E28093>½jœÙÜi@xªÒ¸*Ä°g[MÞH½½Xš!”‰6Áez¼…¥DW]ÓÕ<‰–`XÛâêÁÜÄPóéý÷ÃÞ›
+¶¥q*Îo¼½ÃÑ$‚åÓ<²
--- a/hosts/nixos/porthos/secrets/vikunja/mail.age
+++ b/hosts/nixos/porthos/secrets/vikunja/mail.age
--- a/hosts/nixos/porthos/secrets/wireguard/private-key.age
+++ b/hosts/nixos/porthos/secrets/wireguard/private-key.age
@ -1,10 +1,8 @@
 age-encryption.org/v1
-> ssh-ed25519 cKojmg +WwRpd2MzycutQFXyLsr2+GzSgF67Z6UuvyqYZaLd3w
-sppt8HzaZP3yxnvnhzjl18Trnz8g3VyXJ6CaVBWd7jA
-> ssh-ed25519 jPowng wanoqGB7T8bim/WZ4IAYViFQoGzaIZSgeoTr3YKpeTY
-ihDAdGa1XVW/qQz40V1v7a7iK7tu0EHMa7ayIogpcRw
-> l-grease |PIcZ NIr >0;*
-4o8o0bevQZ6uDSx1WxxlDCURbFCM+yK1XPdrb9aztCSvG2a+ne78E42l5rBcoH7I
-m51A8uWS4nSj36N/76v6K4kelxKzWUg
--- O6cGbTAVbDcdmPHf7UzfZiyiRtu1yfL4sBI+CkJA1qw
-ýqýŐ$ň`żw'čS“X¸]Ąá÷ř®úî…?¤6‹Đ/ĆN(Bžň N«a”.˙ HŽ7żí•I<E280A2>ú÷Ŕoz‡/4:sK",7J
+-> ssh-ed25519 cKojmg KslHl4v8yCsKZn5TduLgpTfpTi1uOInC9N2e8Ow83FI
+NzcJJr8kw1ykAdWRZOeWdNhx0BTgE7FwTKcge+yLJ/w
+-> ssh-ed25519 jPowng YGWcOai0A9l2HDZyV0GtD8kEbY/xTUssODFBcseWAkA
+nJaHXkipFSHdyektoKV5y1jQrjkvnU7pwZwAymiQm7M
+--- IgWkDulol1jRa+pcx7DbEy5pvC+2nrRJHsdQVPvPur0
+Bb<ÅŒb!ÏëE?:ÇÓô=÷srJC<4A>œüKz5ø®Ô{–Æ4`¾&N0€ÕÈö¹57ñüví’©+´1
+(d§á¡{ìQŠÙ
--- a/hosts/nixos/porthos/secrets/woodpecker/gitea.age
+++ b/hosts/nixos/porthos/secrets/woodpecker/gitea.age
--- a/hosts/nixos/porthos/secrets/woodpecker/secret.age
+++ b/hosts/nixos/porthos/secrets/woodpecker/secret.age
@ -1,10 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 jPowng yz0I+AazPmamF7NOnwYNrPE/ArarU01jd2mVDJUPSTY
-6Y/YQ7gb8cAZf3zT9SKOorvfUnU7kYff+gHh8fG2mY8
-> ssh-ed25519 cKojmg 0FZU9v8eHsVeE+EoX9Y4IgfIj/8+45waPaSnSDb961I
-L6SzJoh5xqai45scoVAa6v9zslBGFYNnZY044d470uQ
-> I[G-grease p
-AMRQY1alSzHi/PLL80kcvnM1Z9YNfoUo9u5alWXYMyzrRsg+vXjMuBvAXg3fmnzr
-wdOowTYMRV+jEG8vzkcQTsv+f7JIyo4DvOOaPyGfWMl1
--- ih3IAFPcN1JP3FP1vcRGnPrfk91yrnIX0m/Szkbcf7Q
-ÑmW„r‚µœ_\)Í°]QŠ¦xMÃs/ÝƒÎÝªäœó‚Í6óº“k±äÅY§xïMy¶ J¿¸‹GßÃ)i2_'ÖœHF€þ.âg_Îe5³#uätñØÕ 7j„ŽPñ²'TÞ¥8´•\IàW«UùäK°1Úº9½è
+-> ssh-ed25519 cKojmg tAW2hbBSxsael6cdbN+vI4h1/PMNrWYct8cppCAasn0
+cex/wBTviSIXc8clNm5PGltTYa1Q5PwqlX4BGsNHiyU
+-> ssh-ed25519 jPowng YxfhtpytvuhIARQAaJ0w94aOZiGNUOBR0pF+Sp80D2k
+nMon/VdYUQTs6LFccDGeIKWeNYib1wwtFmEYZkDZxg0
+--- giL477X0+uZ2Ocvbixt5f5kNc1laj5P79oW8P9XsNP0
+¨›Ãd>ò±cE?nb¹vš_²'2ûûà³<1B>Õµ¥_6P›u:ÊusºE“8õ“ØÏ“xuÚ¶Ìª…ÎxùÌ§ïžC[†®°ˆÁ.õêŽ6‰¯  qÌÀÍîJ°Ä5GäKÌ)N<ÊyYÉ¥tX=l7T´2¨ùRÙ
--- a/hosts/nixos/porthos/secrets/woodpecker/ssh/private-key.age
+++ b/hosts/nixos/porthos/secrets/woodpecker/ssh/private-key.age
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@ -10,6 +10,9 @@ in
    adblock = {
      enable = true;
    };
+    aria = {
+      enable = true;
+    };
    # Backblaze B2 backup
    backup = {
      enable = true;
--- a/modules/home/default.nix
+++ b/modules/home/default.nix
@ -23,6 +23,7 @@
    ./gtk
    ./htop
    ./jq
+    ./keyboard
    ./mail
    ./mpv
    ./nix
--- a/modules/home/firefox/tridactyl/tridactylrc
+++ b/modules/home/firefox/tridactyl/tridactylrc
@ -22,8 +22,8 @@ bind ;c hint -Jc [class*="expand"],[class*="togg"],[class="comment_folder"]
 bindurl reddit.com gu urlparent 3

 " Only hint search results on Google
-bindurl www.google.com f hint -Jc #search div:not(.action-menu) > a
-bindurl www.google.com F hint -Jbc #search div:not(.action-menu) > a
+bindurl www.google.com f hint -Jc #search a
+bindurl www.google.com F hint -Jbc #search a

 " Only hint search results on DuckDuckGo
 bindurl ^https://duckduckgo.com f hint -Jc [data-testid="result-title-a"]
@ -69,8 +69,6 @@ unbind <C-f>
 " Redirections {{{
 " Always redirect Reddit to the old site
 autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old")
-" Use a better Twitter front-end
-autocmd DocStart ^http(s?)://twitter.com js tri.excmds.urlmodify("-t", "twitter.com", "nitter.net")
 " }}}

 " Disabled websites {{{
--- a/modules/home/x/keyboard/default.nix
+++ b/modules/home/x/keyboard/default.nix
@ -1,8 +1,12 @@
 { config, lib, ... }:
 let
-  cfg = config.my.home.x;
+  cfg = config.my.home.keyboard;
 in
 {
+  options.my.home.keyboard = with lib; {
+    enable = my.mkDisableOption "keyboard configuration";
+  };
+
  config = lib.mkIf cfg.enable {
    home.keyboard = {
      layout = "fr";
--- a/modules/home/mpv/default.nix
+++ b/modules/home/mpv/default.nix
@ -13,6 +13,7 @@ in

      scripts = [
        pkgs.mpvScripts.mpris # Allow controlling using media keys
+        pkgs.mpvScripts.uosc # Nicer UI
      ];
    };
  };
--- a/modules/home/vim/after/ftplugin/gn.vim
+++ b/modules/home/vim/after/ftplugin/gn.vim
@ -0,0 +1,6 @@
+" Create the `b:undo_ftplugin` variable if it doesn't exist
+call ftplugined#check_undo_ft()
+
+" Set comment string, as it seems that no official GN support exists upstream
+setlocal commentstring=#\ %s
+let b:undo_ftplugin.='|setlocal commentstring<'
--- a/modules/home/vim/ftdetect/automake.lua
+++ b/modules/home/vim/ftdetect/automake.lua
@ -1,4 +1,4 @@
-- Use Automake filetype for `local.am` files, explicit `set` to force override
+-- Use Automake filetype for `local.am` files
 vim.filetype.add({
    filename = {
        ["local.am"] = "automake",
--- a/modules/home/vim/ftdetect/glsl.lua
+++ b/modules/home/vim/ftdetect/glsl.lua
@ -0,0 +1,7 @@
+-- Use GLSL filetype for common shader file extensions
+vim.filetype.add({
+    extension = {
+        frag = "glsl",
+        vert = "glsl",
+    },
+})
--- a/modules/home/vim/ftdetect/gn.lua
+++ b/modules/home/vim/ftdetect/gn.lua
@ -0,0 +1,7 @@
+-- Use GN filetype for Chromium Generate Ninja files
+vim.filetype.add({
+    extension = {
+        gn = "gn",
+        gni = "gn",
+    },
+})
--- a/modules/home/wm/i3bar/default.nix
+++ b/modules/home/wm/i3bar/default.nix
@ -74,7 +74,7 @@ in
            )
            {
              block = "net";
-              format = " $icon{| $ssid|} $ip{| $signal_strength|} ";
+              format = " $icon{| $ssid|}{| $ip|}{| $signal_strength|} ";
            }
            {
              block = "backlight";
--- a/modules/home/x/default.nix
+++ b/modules/home/x/default.nix
@ -3,10 +3,6 @@ let
  cfg = config.my.home.x;
 in
 {
-  imports = [
-    ./keyboard
-  ];
-
  options.my.home.x = with lib; {
    enable = mkEnableOption "X server configuration";
  };
--- a/modules/nixos/services/aria/default.nix
+++ b/modules/nixos/services/aria/default.nix
@ -0,0 +1,70 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.my.services.aria;
+in
+{
+  options.my.services.aria = with lib; {
+    enable = mkEnableOption "";
+
+    rpcPort = mkOption {
+      type = types.port;
+      default = 6800;
+      example = 8080;
+      description = "RPC port";
+    };
+
+    downloadDir = mkOption {
+      type = types.str;
+      default = "/data/downloads";
+      example = "/var/lib/transmission/download";
+      description = "Download directory";
+    };
+
+    # FIXME: secrets file
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.aria2 = {
+      enable = true;
+
+      inherit (cfg) downloadDir;
+
+      rpcListenPort = cfg.rpcPort;
+    };
+
+    # Expose DHT ports, but not RPC ports
+    networking.firewall = {
+      allowedUDPPortRanges = config.services.aria2.listenPortRange;
+    };
+
+    # Set-up media group
+    users.groups.media = { };
+
+    systemd.services.aria2 = {
+      serviceConfig = {
+        Group = lib.mkForce "media"; # Use 'media' group
+      };
+    };
+
+    my.services.nginx.virtualHosts = [
+      {
+        subdomain = "aria-rpc";
+        port = cfg.rpcPort;
+        # Proxy websockets for RPC
+        extraConfig = {
+          locations."/".proxyWebsockets = true;
+        };
+      }
+      {
+        subdomain = "aria";
+        root = "${pkgs.ariang}/share/ariang";
+        # For paranoia, don't allow anybody to use the UI unauthenticated
+        sso = {
+          enable = true;
+        };
+      }
+    ];
+
+    # FIXME: fail2ban rules
+  };
+}
--- a/modules/nixos/services/blog/default.nix
+++ b/modules/nixos/services/blog/default.nix
@ -5,11 +5,10 @@ let
  domain = config.networking.domain;

  makeHostInfo = subdomain: {
-    inherit subdomain;
    root = "/var/www/${subdomain}";
  };

-  hostsInfo = map makeHostInfo [ "cv" "dev" "key" ];
+  hostsInfo = lib.flip lib.genAttrs makeHostInfo [ "cv" "dev" "key" ];
 in
 {
  options.my.services.blog = {
--- a/modules/nixos/services/calibre-web/default.nix
+++ b/modules/nixos/services/calibre-web/default.nix
@ -40,12 +40,11 @@ in
    # Set-up media group
    users.groups.media = { };

-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "library";
+    my.services.nginx.virtualHosts = {
+      library = {
        inherit (cfg) port;
-      }
-    ];
+      };
+    };

    my.services.backup = {
      paths = [
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@ -3,6 +3,7 @@
 {
  imports = [
    ./adblock
+    ./aria
    ./backup
    ./blog
    ./calibre-web
--- a/modules/nixos/services/drone/server/default.nix
+++ b/modules/nixos/services/drone/server/default.nix
@ -45,11 +45,10 @@ in
      }];
    };

-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "drone";
+    my.services.nginx.virtualHosts = {
+      drone = {
        inherit (cfg) port;
-      }
-    ];
+      };
+    };
  };
 }
--- a/modules/nixos/services/flood/default.nix
+++ b/modules/nixos/services/flood/default.nix
@ -40,11 +40,10 @@ in
      };
    };

-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "flood";
+    my.services.nginx.virtualHosts = {
+      flood = {
        inherit (cfg) port;
-      }
-    ];
+      };
+    };
  };
 }
--- a/modules/nixos/services/gitea/default.nix
+++ b/modules/nixos/services/gitea/default.nix
@ -116,18 +116,16 @@ in
    };
    users.groups.git = { };

-    my.services.nginx.virtualHosts = [
+    my.services.nginx.virtualHosts = {
      # Proxy to Gitea
-      {
-        subdomain = "git";
+      git = {
        inherit (cfg) port;
-      }
+      };
      # Redirect `gitea.` to actual forge subdomain
-      {
-        subdomain = "gitea";
+      gitea = {
        redirect = config.services.gitea.settings.server.ROOT_URL;
-      }
-    ];
+      };
+    };

    my.services.backup = {
      paths = [
--- a/modules/nixos/services/indexers/default.nix
+++ b/modules/nixos/services/indexers/default.nix
@ -28,12 +28,11 @@ in
        };
      };

-      my.services.nginx.virtualHosts = [
-        {
-          subdomain = "jackett";
+      my.services.nginx.virtualHosts = {
+        jackett = {
          port = jackettPort;
-        }
-      ];
+        };
+      };
    })

    (lib.mkIf cfg.nzbhydra.enable {
@ -41,12 +40,11 @@ in
        enable = true;
      };

-      my.services.nginx.virtualHosts = [
-        {
-          subdomain = "nzbhydra";
+      my.services.nginx.virtualHosts = {
+        nzbhydra = {
          port = nzbhydraPort;
-        }
-      ];
+        };
+      };
    })

    (lib.mkIf cfg.prowlarr.enable {
@ -54,12 +52,11 @@ in
        enable = true;
      };

-      my.services.nginx.virtualHosts = [
-        {
-          subdomain = "prowlarr";
+      my.services.nginx.virtualHosts = {
+        prowlarr = {
          port = prowlarrPort;
-        }
-      ];
+        };
+      };

      services.fail2ban.jails = {
        prowlarr = ''
--- a/modules/nixos/services/jellyfin/default.nix
+++ b/modules/nixos/services/jellyfin/default.nix
@ -17,9 +17,15 @@ in
    # Set-up media group
    users.groups.media = { };

-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "jellyfin";
+    systemd.services.jellyfin = {
+      serviceConfig = {
+        # Loose umask to make Jellyfin metadata more broadly readable
+        UMask = lib.mkForce "0002";
+      };
+    };
+
+    my.services.nginx.virtualHosts = {
+      jellyfin = {
        port = 8096;
        extraConfig = {
          locations."/" = {
@ -33,7 +39,7 @@ in
            proxyWebsockets = true;
          };
        };
-      }
-    ];
+      };
+    };
  };
 }
--- a/modules/nixos/services/lohr/default.nix
+++ b/modules/nixos/services/lohr/default.nix
@ -98,11 +98,10 @@ in
    };
    users.groups.lohr = { };

-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "lohr";
+    my.services.nginx.virtualHosts = {
+      lohr = {
        inherit (cfg) port;
-      }
-    ];
+      };
+    };
  };
 }
--- a/modules/nixos/services/matrix/default.nix
+++ b/modules/nixos/services/matrix/default.nix
@ -104,23 +104,22 @@ in
      extraConfigFiles = [
        cfg.mailConfigFile
      ] ++ lib.optional (cfg.secretFile != null) cfg.secretFile;
-
-      sliding-sync = {
-        enable = true;
-
-        settings = {
-          SYNCV3_SERVER = "https://${matrixDomain}";
-          SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.slidingSync.port}";
-        };
-
-        environmentFile = cfg.slidingSync.secretFile;
-      };
    };

-    my.services.nginx.virtualHosts = [
+    services.matrix-sliding-sync = {
+      enable = true;
+
+      settings = {
+        SYNCV3_SERVER = "https://${matrixDomain}";
+        SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.slidingSync.port}";
+      };
+
+      environmentFile = cfg.slidingSync.secretFile;
+    };
+
+    my.services.nginx.virtualHosts = {
      # Element Web app deployment
-      {
-        subdomain = "chat";
+      chat = {
        root = pkgs.element-web.override {
          conf = {
            default_server_config = {
@ -145,22 +144,19 @@ in
            };
          };
        };
-      }
+      };
      # Dummy VHosts for port collision detection
-      {
-        subdomain = "matrix-federation";
+      matrix-federation = {
        port = federationPort.private;
-      }
-      {
-        subdomain = "matrix-client";
+      };
+      matrix-client = {
        port = clientPort.private;
-      }
+      };
      # Sliding sync
-      {
-        subdomain = "matrix-sync";
+      matrix-sync = {
        inherit (cfg.slidingSync) port;
-      }
-    ];
+      };
+    };

    # Those are too complicated to use my wrapper...
    services.nginx.virtualHosts = {
@ -185,7 +181,7 @@ in

            # Sliding sync
            "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
-              proxyPass = "http://${config.services.matrix-synapse.sliding-sync.settings.SYNCV3_BINDADDR}";
+              proxyPass = "http://${config.services.matrix-sliding-sync.settings.SYNCV3_BINDADDR}";
            };
          };

--- a/modules/nixos/services/miniflux/default.nix
+++ b/modules/nixos/services/miniflux/default.nix
@ -43,11 +43,10 @@ in
      };
    };

-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "reader";
+    my.services.nginx.virtualHosts = {
+      reader = {
        inherit (cfg) port;
-      }
-    ];
+      };
+    };
  };
 }
--- a/modules/nixos/services/monitoring/default.nix
+++ b/modules/nixos/services/monitoring/default.nix
@ -125,11 +125,10 @@ in
      ];
    };

-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "monitoring";
+    my.services.nginx.virtualHosts = {
+      monitoring = {
        inherit (cfg.grafana) port;
-      }
-    ];
+      };
+    };
  };
 }
--- a/modules/nixos/services/navidrome/default.nix
+++ b/modules/nixos/services/navidrome/default.nix
@ -47,11 +47,10 @@ in
      };
    };

-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "music";
+    my.services.nginx.virtualHosts = {
+      music = {
        inherit (cfg) port;
-      }
-    ];
+      };
+    };
  };
 }
--- a/modules/nixos/services/nextcloud/default.nix
+++ b/modules/nixos/services/nextcloud/default.nix
@ -31,7 +31,7 @@ in
  config = lib.mkIf cfg.enable {
    services.nextcloud = {
      enable = true;
-      package = pkgs.nextcloud27;
+      package = pkgs.nextcloud28;
      hostName = "nextcloud.${config.networking.domain}";
      home = "/var/lib/nextcloud";
      maxUploadSize = cfg.maxSize;
@ -41,7 +41,12 @@ in
        adminpassFile = cfg.passwordFile;
        dbtype = "pgsql";
        dbhost = "/run/postgresql";
-        overwriteProtocol = "https"; # Nginx only allows SSL
+      };
+
+      https = true;
+
+      extraOptions = {
+        overwriteprotocol = "https"; # Nginx only allows SSL
      };

      notify_push = {
--- a/modules/nixos/services/nginx/default.nix
+++ b/modules/nixos/services/nginx/default.nix
@ -5,10 +5,11 @@ let

  domain = config.networking.domain;

-  virtualHostOption = with lib; types.submodule {
+  virtualHostOption = with lib; types.submodule ({ name, ... }: {
    options = {
      subdomain = mkOption {
        type = types.str;
+        default = name;
        example = "dev";
        description = ''
          Which subdomain, under config.networking.domain, to use
@ -72,7 +73,7 @@ let
        '';
      };
    };
-  };
+  });
 in
 {
  imports = [
@ -97,20 +98,18 @@ in
    };

    virtualHosts = mkOption {
-      type = types.listOf virtualHostOption;
-      default = [ ];
+      type = types.attrsOf virtualHostOption;
+      default = { };
      example = litteralExample ''
-        [
-          {
-            subdomain = "gitea";
+        {
+          gitea = {
+            subdomain = "git";
            port = 8080;
-          }
-          {
-            subdomain = "dev";
+          };
+          dev = {
            root = "/var/www/dev";
-          }
-          {
-            subdomain = "jellyfin";
+          };
+          jellyfin = {
            port = 8096;
            extraConfig = {
              locations."/socket" = {
@ -118,8 +117,8 @@ in
                proxyWebsockets = true;
              };
            };
-          }
-        ]
+          };
+        }
      '';
      description = ''
        List of virtual hosts to set-up using default settings.
@ -190,7 +189,7 @@ in

  config = lib.mkIf cfg.enable {
    assertions = [ ]
-      ++ (lib.flip builtins.map cfg.virtualHosts ({ subdomain, ... } @ args:
+      ++ (lib.flip lib.mapAttrsToList cfg.virtualHosts (_: { subdomain, ... } @ args:
      let
        conflicts = [ "port" "root" "socket" "redirect" ];
        optionsNotNull = builtins.map (v: args.${v} != null) conflicts;
@ -209,7 +208,7 @@ in
        ports = lib.my.mapFilter
          (v: v != null)
          ({ port, ... }: port)
-          cfg.virtualHosts;
+          (lib.attrValues cfg.virtualHosts);
        portCounts = lib.my.countValues ports;
        nonUniquesCounts = lib.filterAttrs (_: v: v != 1) portCounts;
        nonUniques = builtins.attrNames nonUniquesCounts;
@ -221,7 +220,7 @@ in
      map mkAssertion nonUniques
    ) ++ (
      let
-        subs = map ({ subdomain, ... }: subdomain) cfg.virtualHosts;
+        subs = lib.mapAttrsToList (_: { subdomain, ... }: subdomain) cfg.virtualHosts;
        subsCounts = lib.my.countValues subs;
        nonUniquesCounts = lib.filterAttrs (_: v: v != 1) subsCounts;
        nonUniques = builtins.attrNames nonUniquesCounts;
@ -325,7 +324,7 @@ in
            ])
          );
        in
-        lib.my.genAttrs' cfg.virtualHosts mkVHost;
+        lib.my.genAttrs' (lib.attrValues cfg.virtualHosts) mkVHost;

      sso = {
        enable = true;
@ -403,12 +402,11 @@ in
      };
    };

-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "login";
+    my.services.nginx.virtualHosts = {
+      ${cfg.sso.subdomain} = {
        inherit (cfg.sso) port;
-      }
-    ];
+      };
+    };

    networking.firewall.allowedTCPPorts = [ 80 443 ];

--- a/modules/nixos/services/nix-cache/default.nix
+++ b/modules/nixos/services/nix-cache/default.nix
@ -43,11 +43,10 @@ in
      signKeyPath = cfg.secretKeyFile;
    };

-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "cache";
+    my.services.nginx.virtualHosts = {
+      cache = {
        inherit (cfg) port;
-      }
-    ];
+      };
+    };
  };
 }
--- a/modules/nixos/services/paperless/default.nix
+++ b/modules/nixos/services/paperless/default.nix
@ -52,7 +52,7 @@ in

      mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath;

-      extraConfig =
+      settings =
        let
          paperlessDomain = "paperless.${config.networking.domain}";
        in
@ -143,9 +143,8 @@ in
      extraGroups = [ "media" ];
    };

-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "paperless";
+    my.services.nginx.virtualHosts = {
+      paperless = {
        inherit (cfg) port;
        sso = {
          enable = true;
@ -155,8 +154,8 @@ in
        extraConfig = {
          locations."/".proxyWebsockets = true;
        };
-      }
-    ];
+      };
+    };

    my.services.backup = {
      paths = [
--- a/modules/nixos/services/pirate/default.nix
+++ b/modules/nixos/services/pirate/default.nix
@ -21,12 +21,11 @@ let
  };

  mkRedirection = service: {
-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = service;
+    my.services.nginx.virtualHosts = {
+      ${service} = {
        port = ports.${service};
-      }
-    ];
+      };
+    };
  };

  mkFail2Ban = service: lib.mkIf cfg.${service}.enable {
--- a/modules/nixos/services/podgrab/default.nix
+++ b/modules/nixos/services/podgrab/default.nix
@ -31,11 +31,10 @@ in
      inherit (cfg) passwordFile port;
    };

-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "podgrab";
+    my.services.nginx.virtualHosts = {
+      podgrab = {
        inherit (cfg) port;
-      }
-    ];
+      };
+    };
  };
 }
--- a/modules/nixos/services/sabnzbd/default.nix
+++ b/modules/nixos/services/sabnzbd/default.nix
@ -18,12 +18,11 @@ in
    # Set-up media group
    users.groups.media = { };

-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "sabnzbd";
+    my.services.nginx.virtualHosts = {
+      sabnzbd = {
        inherit port;
-      }
-    ];
+      };
+    };

    services.fail2ban.jails = {
      sabnzbd = ''
--- a/modules/nixos/services/tandoor-recipes/default.nix
+++ b/modules/nixos/services/tandoor-recipes/default.nix
@ -70,11 +70,10 @@ in
      ];
    };

-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "recipes";
+    my.services.nginx.virtualHosts = {
+      recipes = {
        inherit (cfg) port;
-      }
-    ];
+      };
+    };
  };
 }
--- a/modules/nixos/services/transmission/default.nix
+++ b/modules/nixos/services/transmission/default.nix
@ -80,12 +80,11 @@ in

    # Default transmission webui, I prefer combustion but its development
    # seems to have stalled
-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "transmission";
+    my.services.nginx.virtualHosts = {
+      transmission = {
        inherit (cfg) port;
-      }
-    ];
+      };
+    };

    networking.firewall = {
      allowedTCPPorts = [ cfg.peerPort ];
--- a/modules/nixos/services/vikunja/default.nix
+++ b/modules/nixos/services/vikunja/default.nix
@ -59,9 +59,8 @@ in
    };

    # This is a weird setup
-    my.services.nginx.virtualHosts = [
-      {
-        inherit subdomain;
+    my.services.nginx.virtualHosts = {
+      ${subdomain} = {
        # Serve the root for the web-ui
        root = config.services.vikunja.package-frontend;

@ -80,8 +79,8 @@ in
            };
          };
        };
-      }
-    ];
+      };
+    };

    systemd.services.vikunja-api = {
      serviceConfig = {
--- a/modules/nixos/services/woodpecker/server/default.nix
+++ b/modules/nixos/services/woodpecker/server/default.nix
@ -52,16 +52,14 @@ in
      }];
    };

-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "woodpecker";
+    my.services.nginx.virtualHosts = {
+      woodpecker = {
        inherit (cfg) port;
-      }
+      };
      # I might want to be able to RPC from other hosts in the future
-      {
-        subdomain = "woodpecker-rpc";
+      woodpecker-rpc = {
        port = cfg.rpcPort;
-      }
-    ];
+      };
+    };
  };
 }
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@ -14,8 +14,6 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: {

  drone-rsync = pkgs.callPackage ./drone-rsync { };

-  drone-scp = pkgs.callPackage ./drone-scp { };
-
  i3-get-window-criteria = pkgs.callPackage ./i3-get-window-criteria { };

  lohr = pkgs.callPackage ./lohr { };
@ -30,9 +28,5 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: {

  unbound-zones-adblock = pkgs.callPackage ./unbound-zones-adblock { };

-  unified-hosts-lists = pkgs.callPackage ./unified-hosts-lists { };
-
-  wifi-qr = pkgs.callPackage ./wifi-qr { };
-
  zsh-done = pkgs.callPackage ./zsh-done { };
 })
--- a/pkgs/drone-scp/default.nix
+++ b/pkgs/drone-scp/default.nix
@ -1,25 +0,0 @@
-{ lib, buildGoModule, fetchFromGitHub }:
-buildGoModule rec {
-  pname = "drone-scp";
-  version = "1.6.3";
-
-  src = fetchFromGitHub {
-    owner = "appleboy";
-    repo = "drone-scp";
-    rev = "v${version}";
-    hash = "sha256-ELjPqoRR4O6gmc/PgthQuSXuSTQNzBZoAUT80zVVbV0=";
-  };
-
-  vendorHash = "sha256-/c103hTJ/Qdz2KTkdl/ACvAaSSTKcl1DQY3+Us6OxaI=";
-
-  doCheck = false; # Needs a specific user...
-
-  meta = with lib; {
-    description = ''
-      Copy files and artifacts via SSH using a binary, docker or Drone CI
-    '';
-    homepage = "https://github.com/appleboy/drone-scp";
-    license = licenses.mit;
-    mainProgram = "drone-scp";
-  };
-}
--- a/pkgs/matrix-notifier/default.nix
+++ b/pkgs/matrix-notifier/default.nix
@ -1,13 +1,13 @@
 { lib, curl, jq, fetchFromGitHub, makeWrapper, pandoc, stdenvNoCC }:
 stdenvNoCC.mkDerivation rec {
  pname = "matrix-notifier";
-  version = "0.3.0";
+  version = "0.4.0";

  src = fetchFromGitHub {
    owner = "ambroisie";
    repo = "matrix-notifier";
    rev = "v${version}";
-    hash = "sha256-NE9RO0ep2ibrT9EUPGTnUE3ofdNTCHwelxnX9tCflg0=";
+    hash = "sha256-6KHteQx0bHodpNp7cuUIGM7uBRPaj386n2t5yz6umpY=";
  };

  nativeBuildInputs = [
--- a/pkgs/unbound-zones-adblock/default.nix
+++ b/pkgs/unbound-zones-adblock/default.nix
@ -1,9 +1,9 @@
-{ lib, gawk, stdenvNoCC, unified-hosts-lists }:
+{ lib, gawk, stdenvNoCC, stevenblack-blocklist }:
 stdenvNoCC.mkDerivation {
  name = "unbound-zones-adblock";
-  version = unified-hosts-lists.version;
+  version = stevenblack-blocklist.rev;

-  src = unified-hosts-lists;
+  src = stevenblack-blocklist;

  dontUnpack = true;

@ -18,9 +18,11 @@ stdenvNoCC.mkDerivation {
      ];
    in
    ''
-      mkdir -p $out
-      for file in $src/*; do
-          ${gawkCmd} $file | tr '[:upper:]' '[:lower:]' | sort -u > $out/$(basename $file)
+      shopt -s globstar
+      for file in $src/**/hosts; do
+          outFile="$out/''${file#$src}"
+          mkdir -p "$(dirname "$outFile")"
+          ${gawkCmd} $file | tr '[:upper:]' '[:lower:]' | sort -u > "$outFile"
      done
    '';

--- a/pkgs/unified-hosts-lists/default.nix
+++ b/pkgs/unified-hosts-lists/default.nix
@ -1,34 +0,0 @@
-{ lib, fetchFromGitHub, stdenvNoCC }:
-stdenvNoCC.mkDerivation rec {
-  pname = "unified-hosts-lists";
-  version = "3.14.37";
-
-  src = fetchFromGitHub {
-    owner = "StevenBlack";
-    repo = "hosts";
-    rev = version;
-    hash = "sha256-HoNX57lCoIr36B/7HMuazWSWeAPPfWY1oZf6dXnxYIE=";
-  };
-
-  dontUnpack = true;
-
-  installPhase = ''
-    mkdir -p $out
-    cp -r $src/hosts $out
-    for file in $src/alternates/*/hosts; do
-        cp $file $out/$(basename $(dirname $file))
-    done
-  '';
-
-  meta = with lib; {
-    description = "Unified host lists";
-    longDescription = ''
-      Consolidating and extending hosts files from several well-curated sources.
-      Optionally pick extensions for porn, social media, and other categories.
-    '';
-    homepage = "https://github.com/StevenBlack/hosts";
-    license = licenses.mit;
-    maintainers = with maintainers; [ ambroisie ];
-    platforms = platforms.all;
-  };
-}
--- a/pkgs/wifi-qr/default.nix
+++ b/pkgs/wifi-qr/default.nix
@ -1,81 +0,0 @@
-{ lib
-, fetchFromGitHub
-, gnome
-, installShellFiles
-, makeWrapper
-, networkmanager
-, qrencode
-, stdenvNoCC
-, xdg-utils
-, zbar
-}:
-stdenvNoCC.mkDerivation rec {
-  pname = "wifi-qr";
-  version = "unstable-2023-04-19";
-
-  outputs = [ "out" "man" ];
-
-  src = fetchFromGitHub {
-    owner = "kokoye2007";
-    repo = "wifi-qr";
-    rev = "b81d4a44257252f07e745464879aa5618ae3d434";
-    hash = "sha256-oGTAr+raJGpK4PV4GdBxX8fIUE8gcbXw7W0SvQJAee0=";
-  };
-
-  nativeBuildInputs = [
-    installShellFiles
-    makeWrapper
-  ];
-
-  dontBuild = true;
-
-  dontConfigure = true;
-
-  postPatch = ''
-    substituteInPlace wifi-qr.desktop \
-      --replace "Exec=sh -c 'wifi-qr g'" "Exec=$out/bin/wifi-qr g" \
-      --replace "Exec=sh -c 'wifi-qr q'" "Exec=$out/bin/wifi-qr q" \
-      --replace "Exec=sh -c 'wifi-qr p'" "Exec=$out/bin/wifi-qr p" \
-      --replace "Exec=sh -c 'wifi-qr c'" "Exec=$out/bin/wifi-qr c" \
-      --replace "Icon=wifi-qr.svg" "Icon=wifi-qr"
-  '';
-
-  installPhase = ''
-    runHook preInstall
-
-    install -Dm755 wifi-qr $out/bin/wifi-qr
-
-    install -Dm644 wifi-qr.desktop $out/share/applications/wifi-qr.desktop
-    install -Dm644 wifi-qr.svg $out/share/icons/hicolor/scalable/apps/wifi-qr.svg
-
-    installManPage wifi-qr.1
-
-    runHook postInstall
-  '';
-
-  wrapperPath = lib.makeBinPath [
-    gnome.zenity
-    networkmanager
-    qrencode
-    xdg-utils
-    zbar
-  ];
-
-  fixupPhase = ''
-    runHook preFixup
-
-    patchShebangs $out/bin/wifi-qr
-    wrapProgram $out/bin/wifi-qr --suffix PATH : "${wrapperPath}"
-
-    runHook postFixup
-  '';
-
-  meta = with lib; {
-    description = "WiFi password sharing via QR codes";
-    homepage = "https://github.com/kokoye2007/wifi-qr";
-    license = with licenses; [ gpl3Plus ];
-    mainProgram = "wifi-qr";
-    maintainers = with maintainers; [ ambroisie ];
-    platforms = platforms.linux;
-  };
-}
Author	SHA1	Message	Date
Bruno BELANYI	2172710dc8	WIP: nixos: services: add aria Some checks failed ci/woodpecker/push/check Pipeline failed Details	2024-01-29 16:24:19 +00:00
Bruno BELANYI	58b22b7354	home: firefox: tridactyl: remove 'Nitter' rule All checks were successful ci/woodpecker/push/check Pipeline was successful Details Turns out it's very annoying when the Nitter instance has been rate limited. This reverts commit `e514389a3d`.	2024-01-27 15:33:40 +00:00
Bruno BELANYI	e2091e9e2e	nixos: services: nextcloud: use HTTPS All checks were successful ci/woodpecker/push/check Pipeline was successful Details This should fix my issue with the sliding sync server.	2024-01-26 23:36:05 +01:00
Bruno BELANYI	5cb67cf040	hosts: nixos: porthos: secrets: rekey secrets Some of the secrets were using an invalid format due to (probably?) being encrypted with a beta version of `age`. I didn't need to rekey all the secrets, but I might as well	2024-01-26 23:27:58 +01:00
Bruno BELANYI	b33938e825	nixos: services: paperless: rename settings option All checks were successful ci/woodpecker/push/check Pipeline was successful Details	2024-01-22 16:57:18 +00:00
Bruno BELANYI	309c344a34	flake: bump inputs All checks were successful ci/woodpecker/push/check Pipeline was successful Details	2024-01-22 16:55:57 +00:00
Bruno BELANYI	13f20a28eb	home: vim: add gn ftplugin	2024-01-22 16:55:57 +00:00
Bruno BELANYI	dca6a9018b	home: vim: ftdetect: add gn	2024-01-22 16:55:57 +00:00
Bruno BELANYI	629ec539c9	nixos: services: nextcloud: fix typo	2024-01-22 16:55:57 +00:00
Bruno BELANYI	a5c57333cf	hosts: homes: bazin: fix typo	2024-01-22 16:55:57 +00:00
Bruno BELANYI	136bd342ff	nixos: services: matrix: fix deprecated option	2024-01-22 16:55:57 +00:00
Bruno BELANYI	10a3055136	nixos: services: nextcloud: fix deprecated option	2024-01-05 19:19:00 +01:00
Bruno BELANYI	e4f8214cb2	modules: services: nextcloud: bump to 28	2024-01-05 19:19:00 +01:00
Bruno BELANYI	b8b64bed8e	home: vim: ftdetect: add glsl All checks were successful ci/woodpecker/push/check Pipeline was successful Details	2024-01-05 10:59:58 +00:00
Bruno BELANYI	9546c00124	home: vim: ftdetect: fix obsolete comment	2024-01-05 10:59:45 +00:00
Bruno BELANYI	bddcab110d	pkgs: matrix-notifier: 0.3.0 -> 0.4.0 All checks were successful ci/woodpecker/push/check Pipeline was successful Details	2024-01-03 15:58:34 +00:00
Bruno BELANYI	e02da7ec69	flake: bump inputs All checks were successful ci/woodpecker/push/check Pipeline was successful Details	2024-01-03 14:25:20 +00:00
Bruno BELANYI	a93dc2935b	flake: add explicit 'systems' input	2024-01-03 14:25:20 +00:00
Bruno BELANYI	39eba647ac	hosts: nixos: aramis: home: use 'pinentry-qt' The GTK2 variant has been removed [1]. I may revise this in the future if [2] is merged (I'd like to try `pinentry-rofi` [3]). [1]: https://github.com/NixOS/nixpkgs/pull/270266 [2]: https://github.com/NixOS/nixpkgs/pull/277221 [3]: https://github.com/plattfot/pinentry-rofi	2024-01-03 14:25:20 +00:00
Bruno BELANYI	932717b754	nixos: services: jellyfin: loosen umask All checks were successful ci/woodpecker/push/check Pipeline was successful Details I just noticed that all the metadata files Jellyfin stores have very restrictive ACLs. The whole point of the `media` group is to make my HTPC eco-system work together. In particular this should allow Sonarr and friends to delete folders without manual intervention.	2023-12-26 15:17:05 +01:00
Bruno BELANYI	71ee178510	nixos: services: nginx: fix SSO subdomain All checks were successful ci/woodpecker/push/check Pipeline was successful Details	2023-12-25 20:23:55 +01:00
Bruno BELANYI	6948424b81	nixos: services: remove redundant subdomains See previous commit for the defaults.	2023-12-25 20:23:55 +01:00
Bruno BELANYI	b7a4bc063f	nixos: services: nginx: add default subdomain In almost all cases, the subdomain should be the same as the attribute name...	2023-12-25 20:23:55 +01:00
Bruno BELANYI	faa87743e5	nixos: services: nginx: use attrset for vhosts Attribute sets compose better than lists, it was a mistake to use a list in the first place...	2023-12-25 20:23:55 +01:00
Bruno BELANYI	26950332c7	home: keyboard: extract from X module All checks were successful ci/woodpecker/push/check Pipeline was successful Details This deserves to be its own standalone module, as I would want to use it in both X and Wayland, etc...	2023-12-23 14:56:55 +01:00
Bruno BELANYI	13d85c30f9	pkgs: remove 'wifi-qr' Some checks are pending ci/woodpecker/push/check Pipeline is pending Details Now that I added it to upstream, I can get rid of it.	2023-12-19 19:08:25 +01:00
Bruno BELANYI	a657a7742e	home: wm: i3bar: fix 'net' block when disconnected Some checks are pending ci/woodpecker/push/check Pipeline is pending Details I still sometimes get the error message about not being able to format the block, this should fix it.	2023-12-18 09:41:35 +00:00
Bruno BELANYI	066a33587d	home: mpv: add uosc script Some checks are pending ci/woodpecker/push/check Pipeline is pending Details	2023-12-16 20:24:38 +00:00
Bruno BELANYI	864e0a5ae6	home: firefox: tridactyl: fix Google mapping All checks were successful ci/woodpecker/push/check Pipeline was successful Details	2023-12-16 16:23:18 +00:00
Bruno BELANYI	4aca698ac6	pkgs: remove 'unified-hosts-lists' All checks were successful ci/woodpecker/push/check Pipeline was successful Details Instead make use of the upstream packaged host list.	2023-12-16 14:31:16 +00:00
Bruno BELANYI	7ccb8ea8b5	pkgs: unbound-zones-adblock: use upstream package All checks were successful ci/woodpecker/push/check Pipeline was successful Details This is a slight regression, as the current version of `stevenblack-blocklist` is 3.13.10 and the version I packaged is 3.14.37. However I am lazy and want to avoid having to bump the version manually...	2023-12-16 14:28:46 +00:00
Bruno BELANYI	49f695bf68	pkgs: remove 'drone-scp' All checks were successful ci/woodpecker/push/check Pipeline was successful Details I added it to upstream nixpkgs.	2023-12-16 12:51:12 +00:00