ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: ambroisie:main
Branches Tags
ambroisie:main
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix
ambroisie:export-nixos-homes
ambroisie:add-impermanence
ambroisie:nvim-notify
ambroisie:deploy-rs-exploration
ambroisie:add-matrix-bridges
..
compare: ambroisie:xdg-nix
Branches Tags
ambroisie:main
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix
ambroisie:export-nixos-homes
ambroisie:add-impermanence
ambroisie:nvim-notify
ambroisie:deploy-rs-exploration
ambroisie:add-matrix-bridges

8 commits
main ... xdg-nix

Author SHA1 Message Date
Bruno BELANYI 2e5899b22e WIP
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2024-02-07 20:56:13 +00:00
Bruno BELANYI c68574b745 home: add wget
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
This is mostly so that I can add the XDG-compliant configuration.
 2024-02-07 20:17:49 +00:00
Bruno BELANYI 7a03ce2012 home: xdg: add python configuration
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
It looks like 3.13 finally brought a way to change the history location
through `PYTHON_HISTORY`.
 2024-02-07 20:01:28 +00:00
Bruno BELANYI 0650c1f159 home: xdg: fix sort order 2024-02-07 19:44:51 +00:00
Bruno BELANYI 9b2963cb8c overlays: add gruvbox-nvim-treesitter-fix
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
The version in nixpkgs is not up-to-date with regards to the
nvim-treesitter breaking changes that were recently introduced.
 2024-02-07 13:10:25 +00:00
Bruno BELANYI 091424cb14 overlays: gruvbox-nvim-better-diff: simplify 2024-02-07 11:53:56 +00:00
Bruno BELANYI 1a7223a5e5 overlays: remove 'tandoor-recipes-failing-test'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
This is now redundant, the nixpkgs bump provided an updated package
which builds successfully.

This reverts commit 473be47b29.
 2024-02-06 17:25:03 +01:00
Bruno BELANYI c8b5b1586c flake: bump inputs 
And remove the now-redundant overlay to fix a flaky `tandoor-recipes`
test.
 2024-02-06 17:24:11 +01:00
82 changed files with 504 additions and 1087 deletions
Show stats Expand all files Collapse all files

18
.woodpecker/check.yml
View file

@ -9,15 +9,15 @@ steps:
- name: notifiy
image: bash
environment:
ADDRESS:
from_secret: matrix_homeserver
ROOM:
from_secret: matrix_roomid
USER:
from_secret: matrix_username
PASS:
from_secret: matrix_password
secrets:
- source: matrix_homeserver
target: address
- source: matrix_roomid
target: room
- source: matrix_username
target: user
- source: matrix_password
target: pass
commands:
- nix run '.#matrix-notifier'
when:

51
flake.lock
View file

@ -14,11 +14,11 @@
]
},
"locked": {
"lastModified": 1715290355,
"narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=",
"lastModified": 1703433843,
"narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=",
"owner": "ryantm",
"repo": "agenix",
"rev": "8d37c5bdeade12b6479c85acd133063ab53187a0",
"rev": "417caa847f9383e111d1397039c9d4337d024bf0",
"type": "github"
},
"original": {
@ -73,11 +73,11 @@
]
},
"locked": {
"lastModified": 1715865404,
"narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
"lastModified": 1706830856,
"narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
"rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f",
"type": "github"
},
"original": {
@ -94,11 +94,11 @@
]
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
@ -116,11 +116,11 @@
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"lastModified": 1703887061,
"narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5",
"type": "github"
},
"original": {
@ -136,11 +136,11 @@
]
},
"locked": {
"lastModified": 1715930644,
"narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
"lastModified": 1707175763,
"narHash": "sha256-0MKHC6tQ4KEuM5rui6DjKZ/VNiSANB4E+DJ/+wPS1PU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
"rev": "f99eace7c167b8a6a0871849493b1c613d0f1b80",
"type": "github"
},
"original": {
@ -152,11 +152,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1715961556,
"narHash": "sha256-+NpbZRCRisUHKQJZF3CT+xn14ZZQO+KjxIIanH3Pvn4=",
"lastModified": 1707092692,
"narHash": "sha256-ZbHsm+mGk/izkWtT4xwwqz38fdlwu7nUUKXTOmm4SyE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4a6b83b05df1a8bd7d99095ec4b4d271f2956b64",
"rev": "faf912b086576fd1a15fca610166c98d47bc667e",
"type": "github"
},
"original": {
@ -168,11 +168,11 @@
},
"nur": {
"locked": {
"lastModified": 1716149933,
"narHash": "sha256-0Ui2HmmKvSqxXfT5kCzTu2EO+kqYxavPZHROxQLsI14=",
"lastModified": 1707234300,
"narHash": "sha256-D+LdA8g0Tq+KE9EmJMmn8EGRO5jZ2nLe/W0Fr5EIsdg=",
"owner": "nix-community",
"repo": "NUR",
"rev": "0d0e224fe23a49977d871ae2fe2f14c84b03322a",
"rev": "59fceae769455455ef44c1dfb63bbae1ecddc41d",
"type": "github"
},
"original": {
@ -185,6 +185,9 @@
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": [
"futils"
],
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs"
@ -194,11 +197,11 @@
]
},
"locked": {
"lastModified": 1715870890,
"narHash": "sha256-nacSOeXtUEM77Gn0G4bTdEOeFIrkCBXiyyFZtdGwuH0=",
"lastModified": 1706424699,
"narHash": "sha256-Q3RBuOpZNH2eFA1e+IHgZLAOqDD9SKhJ/sszrL8bQD4=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "fa606cccd7b0ccebe2880051208e4a0f61bfc8c1",
"rev": "7c54e08a689b53c8a1e5d70169f2ec9e2a68ffaf",
"type": "github"
},
"original": {

1
flake.nix
View file

@ -63,6 +63,7 @@
repo = "pre-commit-hooks.nix";
ref = "master";
inputs = {
flake-utils.follows = "futils";
nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs";
};

4
flake/default.nix
View file

@ -1,9 +1,9 @@
{ flake-parts
, systems
, futils
, ...
} @ inputs:
let
mySystems = import systems;
mySystems = futils.lib.defaultSystems;
in
flake-parts.lib.mkFlake { inherit inputs; } {
systems = mySystems;

24
hosts/homes/ambroisie@bazin/default.nix
View file

@ -1,5 +1,5 @@
# Google Laptop configuration
{ lib, options, pkgs, ... }:
{ lib, pkgs, ... }:
{
services.gpg-agent.enable = lib.mkForce false;
@ -12,10 +12,8 @@
# I use scripts that use the passthrough sequence often on this host
enablePassthrough = true;
terminalFeatures = {
# HTerm uses `xterm-256color` as its `$TERM`, so use that here
xterm-256color = { };
};
# HTerm uses `xterm-256color` as its `$TERM`, so use that here
trueColorTerminals = [ "xterm-256color" ];
};
ssh = {
@ -23,21 +21,5 @@
package = pkgs.emptyDirectory;
};
};
zsh = {
notify = {
enable = true;
exclude = options.my.home.zsh.notify.exclude.default ++ [
"adb shell$" # Only interactive shell sessions
];
ssh = {
enable = true;
# `notify-send` is proxied to the ChromeOS layer
useOsc777 = false;
};
};
};
};
}

6
hosts/homes/ambroisie@mousqueton/default.nix
View file

@ -15,10 +15,8 @@
# I use scripts that use the passthrough sequence often on this host
enablePassthrough = true;
terminalFeatures = {
# HTerm uses `xterm-256color` as its `$TERM`, so use that here
xterm-256color = { };
};
# HTerm uses `xterm-256color` as its `$TERM`, so use that here
trueColorTerminals = [ "xterm-256color" ];
};
};
}

4
hosts/nixos/aramis/home.nix
View file

@ -2,7 +2,7 @@
{
my.home = {
# Use graphical pinentry
bitwarden.pinentry = pkgs.pinentry-gtk2;
bitwarden.pinentry = "gtk2";
# Ebook library
calibre.enable = true;
# Some amount of social life
@ -14,7 +14,7 @@
# Blue light filter
gammastep.enable = true;
# Use a small popup to enter passwords
gpg.pinentry = pkgs.pinentry-gtk2;
gpg.pinentry = "gtk2";
# Machine specific packages
packages.additionalPackages = with pkgs; [
element-desktop # Matrix client

11
hosts/nixos/porthos/boot.nix
View file

@ -3,14 +3,15 @@
{
boot = {
# Use the systemd-boot EFI boot loader.
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
# Use the GRUB 2 boot loader.
loader.grub = {
enable = true;
# Define on which hard drive you want to install Grub.
device = "/dev/disk/by-id/ata-HGST_HUS724020ALA640_PN2181P6J58M1P";
};
initrd = {
availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "usbhid" "sd_mod" ];
availableKernelModules = [ "uhci_hcd" "ahci" "usbhid" ];
kernelModules = [ "dm-snapshot" ];
};

8
hosts/nixos/porthos/default.nix
View file

@ -16,5 +16,11 @@
# Set your time zone.
time.timeZone = "Europe/Paris";
system.stateVersion = "24.05"; # Did you read the comment?
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.09"; # Did you read the comment?
}

13
hosts/nixos/porthos/hardware.nix
View file

@ -1,5 +1,5 @@
# Hardware configuration
{ modulesPath, ... }:
{ lib, modulesPath, ... }:
{
imports = [
@ -11,18 +11,9 @@
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
swapDevices = [
{ device = "/dev/disk/by-label/swap"; }
];
my.hardware = {
firmware = {
cpuFlavor = "intel";
};
};
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}

15
hosts/nixos/porthos/home.nix
View file

@ -1,18 +1,11 @@
{ ... }:
{
my.home = {
nix = {
cache = {
# This server is the one serving the cache, don't try to query it
selfHosted = false;
};
};
# Allow using extended features when SSH-ing from various clients
tmux.terminalFeatures = {
# Allow using 24bit color when SSH-ing from various clients
tmux.trueColorTerminals = [
# My usual terminal, e.g: on laptop
alacritty = { };
};
"alacritty"
];
# Always start a tmux session when opening a shell session
zsh.launchTmux = true;

29
hosts/nixos/porthos/install.sh
View file

@ -3,7 +3,7 @@
SWAP_SIZE=16GiB
parted /dev/sda --script -- \
mklabel gpt \
mklabel msdos \
mkpart primary 512MiB -$SWAP_SIZE \
mkpart primary linux-swap -$SWAP_SIZE 100% \
mkpart ESP fat32 1MiB 512MiB \
@ -11,24 +11,14 @@ parted /dev/sda --script -- \
parted /dev/sdb --script -- \
mklabel gpt \
mkpart primary 0% 100%
parted /dev/sdc --script -- \
mklabel gpt \
mkpart primary 0% 100%
parted /dev/sdd --script -- \
mklabel gpt \
mkpart primary 0% 100%
mkpart primary 0MiB 100%
mkfs.ext4 -L media1 /dev/sda1
mkfs.ext4 -L media2 /dev/sdb1
mkfs.ext4 -L media3 /dev/sdc1
mkfs.ext4 -L media4 /dev/sdd1
pvcreate /dev/sda1
pvcreate /dev/sdb1
pvcreate /dev/sdc1
pvcreate /dev/sdd1
vgcreate lvm /dev/sda1 /dev/sdb1 /dev/sdc1 /dev/sdd1
vgcreate lvm /dev/sda1 /dev/sdb1
lvcreate -l 100%FREE -n media lvm
mkfs.ext4 -L nixos /dev/mapper/lvm-media
@ -37,17 +27,17 @@ mkfs.fat -F 32 -n boot /dev/sda3
mount /dev/disk/by-label/nixos /mnt
swapon /dev/sda2
mkdir -p /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot
apt install sudo
useradd -m -G sudo setupuser
# shellcheck disable=2117
su setupuser
cat << EOF
# Run the following commands as setup user
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
nix profile install nixpkgs#nixos-install-tools
curl -L https://nixos.org/nix/install | sh
. $HOME/.nix-profile/etc/profile.d/nix.sh
nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs
sudo "$(which nixos-generate-config)" --root /mnt
# Change uuids to labels
@ -64,6 +54,3 @@ git crypt unlock
nixos-install --root /mnt --flake '.#<hostname>'
EOF
# shellcheck disable=2117
su setupuser

29
hosts/nixos/porthos/networking.nix
View file

@ -6,17 +6,30 @@
hostName = "porthos"; # Define your hostname.
domain = "belanyi.fr"; # Define your domain.
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
useDHCP = true;
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
useDHCP = false;
interfaces = {
eno1.useDHCP = true;
eno2.useDHCP = true;
bond0.useDHCP = true;
bonding_masters.useDHCP = true;
dummy0.useDHCP = true;
erspan0.useDHCP = true;
eth0.useDHCP = true;
eth1.useDHCP = true;
gre0.useDHCP = true;
gretap0.useDHCP = true;
ifb0.useDHCP = true;
ifb1.useDHCP = true;
ip6tnl0.useDHCP = true;
sit0.useDHCP = true;
teql0.useDHCP = true;
tunl0.useDHCP = true;
};
};
# Which interface is used to connect to the internet
my.hardware.networking.externalInterface = "eno1";
my.hardware.networking.externalInterface = "eth0";
}

10
hosts/nixos/porthos/secrets/forgejo/mail-password.age
View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 cKojmg Lhgx43wR8PtAMf5v1eJxKlUBSAoOLdOOn/QaQrwF8zA
jfUCpgNzkHCNTWCqtErDaLMmg1Oy+s9zUra1JLCi+J4
-> ssh-ed25519 jPowng kSeQ/SmMrzd8ByVu3YHWeZyKmqFZvQSBnDunkB8e6wc
WRmnfrV5xcRXA9t0ZXx6YvbRl0sX4PTrw63VVKX4Ei4
--- a+LLM1gP9g1AbUapbeeKaS4cEcRBmPo3MHU2DSWTAds
Ò,FÜÒ6”â⬘ ixÌ<78>°Øe| «
²
ÌÏœ,{† ˆõvª!†‰zÜ$P;ãé©TØÆÉKW
qGô

BIN
hosts/nixos/porthos/secrets/mealie/mail.age
View file

Binary file not shown.

19
hosts/nixos/porthos/secrets/secrets.nix
View file

@ -21,24 +21,13 @@ in
"drone/secret.age".publicKeys = all;
"drone/ssh/private-key.age".publicKeys = all;
"forgejo/mail-password.age" = {
owner = "git";
publicKeys = all;
};
"gitea/mail-password.age" = {
owner = "git";
publicKeys = all;
};
"lohr/secret.age" = {
owner = "lohr";
publicKeys = all;
};
"lohr/ssh-key.age" = {
owner = "lohr";
publicKeys = all;
};
"lohr/secret.age".publicKeys = all;
"lohr/ssh-key.age".publicKeys = all;
"matrix/mail.age" = {
owner = "matrix-synapse";
@ -52,10 +41,6 @@ in
publicKeys = all;
};
"mealie/mail.age" = {
publicKeys = all;
};
"miniflux/credentials.age".publicKeys = all;
"monitoring/password.age" = {

20
hosts/nixos/porthos/services.nix
View file

@ -10,11 +10,6 @@ in
adblock = {
enable = true;
};
# Audiobook and podcast library
audiobookshelf = {
enable = true;
port = 9599;
};
# Backblaze B2 backup
backup = {
enable = true;
@ -41,14 +36,14 @@ in
flood = {
enable = true;
};
# Forgejo forge
forgejo = {
# Gitea forge
gitea = {
enable = true;
mail = {
enable = true;
host = "smtp.migadu.com";
user = lib.my.mkMailAddress "forgejo" "belanyi.fr";
passwordFile = secrets."forgejo/mail-password".path;
host = "smtp.migadu.com:465";
user = lib.my.mkMailAddress "gitea" "belanyi.fr";
passwordFile = secrets."gitea/mail-password".path;
};
};
# Meta-indexers
@ -73,10 +68,6 @@ in
secretFile = secrets."matrix/sliding-sync-secret".path;
};
};
mealie = {
enable = true;
credentialsFile = secrets."mealie/mail".path;
};
miniflux = {
enable = true;
credentialsFiles = secrets."miniflux/credentials".path;
@ -139,7 +130,6 @@ in
podgrab = {
enable = true;
passwordFile = secrets."podgrab/password".path;
dataDir = "/data/media/podcasts";
port = 9598;
};
# Regular backups

2
modules/home/atuin/default.nix
View file

@ -25,8 +25,6 @@ in
search_mode = "skim";
# Show long command lines at the bottom
show_preview = true;
# I like being able to edit my commands
enter_accept = false;
};
};
};

9
modules/home/bitwarden/default.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, lib, ... }:
let
cfg = config.my.home.bitwarden;
in
@ -6,7 +6,12 @@ in
options.my.home.bitwarden = with lib; {
enable = my.mkDisableOption "bitwarden configuration";
pinentry = mkPackageOption pkgs "pinentry" { default = [ "pinentry-tty" ]; };
pinentry = mkOption {
type = types.str;
default = "tty";
example = "gtk2";
description = "Which pinentry interface to use";
};
};
config = lib.mkIf cfg.enable {

8
modules/home/direnv/default.nix
View file

@ -7,9 +7,9 @@ in
enable = my.mkDisableOption "direnv configuration";
defaultFlake = mkOption {
type = with types; nullOr str;
default = null;
example = "pkgs";
type = types.str;
default = "pkgs";
example = "nixpkgs";
description = ''
Which flake from the registry should be used for
<command>use pkgs</command> by default.
@ -39,7 +39,7 @@ in
in
lib.my.genAttrs' files linkLibFile;
home.sessionVariables = lib.mkIf (cfg.defaultFlake != null) {
home.sessionVariables = {
DIRENV_DEFAULT_FLAKE = cfg.defaultFlake;
};
};

9
modules/home/gdb/default.nix
View file

@ -26,14 +26,7 @@ in
gdb
];
xdg = {
configFile."gdb/gdbinit".source = ./gdbinit;
dataFile. "gdb/.keep".text = "";
};
home.sessionVariables = {
GDBHISTFILE = "${config.xdg.dataHome}/gdb/gdb_history";
};
xdg.configFile."gdb/gdbinit".source = ./gdbinit;
}
(lib.mkIf cfg.rr.enable {

4
modules/home/git/default.nix
View file

@ -148,10 +148,6 @@ in
autoStash = true;
};
rerere = {
enabled = true;
};
url = {
"git@git.belanyi.fr:" = {
insteadOf = "https://git.belanyi.fr/";

11
modules/home/gpg/default.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, lib, ... }:
let
cfg = config.my.home.gpg;
in
@ -6,7 +6,12 @@ in
options.my.home.gpg = with lib; {
enable = my.mkDisableOption "gpg configuration";
pinentry = mkPackageOption pkgs "pinentry" { default = [ "pinentry-tty" ]; };
pinentry = mkOption {
type = types.str;
default = "tty";
example = "gtk2";
description = "Which pinentry interface to use";
};
};
config = lib.mkIf cfg.enable {
@ -17,7 +22,7 @@ in
services.gpg-agent = {
enable = true;
enableSshSupport = true; # One agent to rule them all
pinentryPackage = cfg.pinentry;
pinentryFlavor = cfg.pinentry;
extraConfig = ''
allow-loopback-pinentry
'';

42
modules/home/nix/default.nix
View file

@ -12,7 +12,7 @@ let
# Use pinned nixpkgs when using `nix run pkgs#<whatever>`
pkgs = inputs.nixpkgs;
}
(lib.optionalAttrs cfg.inputs.overrideNixpkgs {
(lib.optionalAttrs cfg.overrideNixpkgs {
# ... And with `nix run nixpkgs#<whatever>`
nixpkgs = inputs.nixpkgs;
})
@ -22,26 +22,20 @@ in
options.my.home.nix = with lib; {
enable = my.mkDisableOption "nix configuration";
cache = {
selfHosted = my.mkDisableOption "self-hosted cache";
};
linkInputs = my.mkDisableOption "link inputs to `$XDG_CONFIG_HOME/nix/inputs`";
inputs = {
link = my.mkDisableOption "link inputs to `/etc/nix/inputs/`";
addToRegistry = my.mkDisableOption "add inputs and self to registry";
addToRegistry = my.mkDisableOption "add inputs and self to registry";
addToNixPath = my.mkDisableOption "add inputs and self to nix path";
addToNixPath = my.mkDisableOption "add inputs and self to nix path";
overrideNixpkgs = my.mkDisableOption "point nixpkgs to pinned system version";
};
overrideNixpkgs = my.mkDisableOption "point nixpkgs to pinned system version";
};
config = lib.mkIf cfg.enable (lib.mkMerge [
{
assertions = [
{
assertion = cfg.inputs.addToNixPath -> cfg.inputs.link;
assertion = cfg.addToNixPath -> cfg.linkInputs;
message = ''
enabling `my.home.nix.addToNixPath` needs to have
`my.home.nix.linkInputs = true`
@ -54,27 +48,17 @@ in
nix = {
package = lib.mkDefault pkgs.nix; # NixOS module sets it unconditionally
# FIXME: waiting on https://github.com/nix-community/home-manager/pull/3876
settings = {
# I like XDG-compliance
use-xdg-base-directories = true;
experimental-features = [ "nix-command" "flakes" ];
};
};
}
(lib.mkIf cfg.cache.selfHosted {
nix = {
settings = {
extra-substituters = [
"https://cache.belanyi.fr/"
];
extra-trusted-public-keys = [
"cache.belanyi.fr:LPhrTqufwfxTceg1nRWueDWf7/2zSVY9K00pq2UI7tw="
];
};
};
})
(lib.mkIf cfg.inputs.addToRegistry {
(lib.mkIf cfg.addToRegistry {
nix.registry =
let
makeEntry = v: { flake = v; };
@ -83,7 +67,7 @@ in
makeEntries channels;
})
(lib.mkIf cfg.inputs.link {
(lib.mkIf cfg.linkInputs {
xdg.configFile =
let
makeLink = n: v: {
@ -95,7 +79,7 @@ in
makeLinks channels;
})
(lib.mkIf cfg.inputs.addToNixPath {
(lib.mkIf cfg.addToNixPath {
home.sessionVariables.NIX_PATH = "${config.xdg.configHome}/nix/inputs\${NIX_PATH:+:$NIX_PATH}";
})
]);

1
modules/home/pager/default.nix
View file

@ -16,7 +16,6 @@ in
LESS = "-R -+X -c";
# Better XDG compliance
LESSHISTFILE = "${config.xdg.dataHome}/less/history";
LESSKEY = "${config.xdg.configHome}/less/lesskey";
};
};
}

2
modules/home/ssh/default.nix
View file

@ -49,7 +49,7 @@ in
};
porthos = {
hostname = "37.187.146.15";
hostname = "91.121.177.163";
identityFile = "~/.ssh/shared_rsa";
user = "ambroisie";
};

41
modules/home/tmux/default.nix
View file

@ -5,14 +5,6 @@ let
config.my.home.x.enable
(config.my.home.wm.windowManager != null)
];
mkTerminalFlags = opt: flag:
let
mkFlag = term: ''set -as terminal-features ",${term}:${flag}"'';
enabledTerminals = lib.filterAttrs (_: v: v.${opt}) cfg.terminalFeatures;
terminals = lib.attrNames enabledTerminals;
in
lib.concatMapStringsSep "\n" mkFlag terminals;
in
{
options.my.home.tmux = with lib; {
@ -20,22 +12,16 @@ in
enablePassthrough = mkEnableOption "tmux DCS passthrough sequence";
terminalFeatures = mkOption {
type = with types; attrsOf (submodule {
options = {
hyperlinks = my.mkDisableOption "hyperlinks through OSC8";
trueColor = my.mkDisableOption "24-bit (RGB) color support";
};
});
default = { ${config.my.home.terminal.program} = { }; };
defaultText = litteralExpression ''
{ ''${config.my.home.terminal.program} = { }; };
trueColorTerminals = mkOption {
type = with types; listOf str;
default = lib.my.nullableToList config.my.home.terminal.program;
defaultText = ''
`[ config.my.home.terminal.program ]` if it is non-null, otherwise an
empty list.
'';
example = { xterm-256color = { }; };
example = [ "xterm-256color" ];
description = ''
$TERM values which should be considered to have additional features.
$TERM values which should be considered to always support 24-bit color.
'';
};
};
@ -46,7 +32,7 @@ in
keyMode = "vi"; # Home-row keys and other niceties
clock24 = true; # I'm one of those heathens
escapeTime = 0; # Let vim do its thing instead
historyLimit = 100000; # Bigger buffer
historyLimit = 50000; # Bigger buffer
terminal = "tmux-256color"; # I want accurate termcap info
plugins = with pkgs.tmuxPlugins; [
@ -103,10 +89,13 @@ in
''
}
# Force OSC8 hyperlinks for each relevant $TERM
${mkTerminalFlags "hyperlinks" "hyperlinks"}
# Force 24-bit color for each relevant $TERM
${mkTerminalFlags "trueColor" "RGB"}
${
let
mkTcFlag = term: ''set -as terminal-features ",${term}:RGB"'';
in
lib.concatMapStringsSep "\n" mkTcFlag cfg.trueColorTerminals
}
'';
};
}

7
modules/home/vim/after/ftplugin/bp.vim
View file

@ -1,7 +0,0 @@
" Create the `b:undo_ftplugin` variable if it doesn't exist
call ftplugined#check_undo_ft()
" Add comment format
setlocal comments=b://,s1:/*,mb:*,ex:*/
setlocal commentstring=//\ %s
let b:undo_ftplugin.='|setlocal comments< commentstring<'

6
modules/home/vim/after/ftplugin/json.vim
View file

@ -1,6 +0,0 @@
" Create the `b:undo_ftplugin` variable if it doesn't exist
call ftplugined#check_undo_ft()
" Use a small indentation value on JSON files
setlocal shiftwidth=2
let b:undo_ftplugin.='|setlocal shiftwidth<'

2
modules/home/vim/default.nix
View file

@ -105,7 +105,7 @@ in
nixpkgs-fmt
# Shell
nodePackages.bash-language-server
shellcheck
shfmt
];
};

6
modules/home/vim/ftdetect/blueprint.lua
View file

@ -1,6 +0,0 @@
-- Use `bp` filetype for Blueprint files
vim.filetype.add({
extension = {
bp = "bp",
},
})

17
modules/home/vim/init.vim
View file

@ -88,23 +88,6 @@ set background=dark
" 24 bit colors
set termguicolors
" Setup some overrides for gruvbox
lua << EOF
local gruvbox = require("gruvbox")
local colors = gruvbox.palette
gruvbox.setup({
overrides = {
-- Only URLs should be underlined
["@string.special.path"] = { link = "GruvboxOrange" },
-- Revert back to the better diff highlighting
DiffAdd = { fg = colors.green, bg = "NONE" },
DiffChange = { fg = colors.aqua, bg = "NONE" },
DiffDelete = { fg = colors.red, bg = "NONE" },
DiffText = { fg = colors.yellow, bg = colors.bg0 },
}
})
EOF
" Use my preferred colorscheme
colorscheme gruvbox
" }}}

3
modules/home/vim/lua/ambroisie/lsp.lua
View file

@ -51,7 +51,8 @@ M.on_attach = function(client, bufnr)
local wk = require("which-key")
local function list_workspace_folders()
vim.print(vim.lsp.buf.list_workspace_folders())
local utils = require("ambroisie.utils")
utils.dump(vim.lsp.buf.list_workspace_folders())
end
local function cycle_diagnostics_display()

12
modules/home/vim/lua/ambroisie/utils.lua
View file

@ -1,5 +1,11 @@
local M = {}
--- pretty print lua object
--- @param obj any object to pretty print
M.dump = function(obj)
print(vim.inspect(obj))
end
--- checks if a given command is executable
--- @param cmd string? command to check
--- @return boolean executable
@ -9,7 +15,7 @@ end
--- return a function that checks if a given command is executable
--- @param cmd string? command to check
--- @return fun(): boolean executable
--- @return fun(cmd: string): boolean executable
M.is_executable_condition = function(cmd)
return function()
return M.is_executable(cmd)
@ -34,11 +40,11 @@ M.is_ssh = function()
return false
end
--- list all active LSP clients for specific buffer, or all buffers
--- list all active LSP clients for current buffer
--- @param bufnr int? buffer number
--- @return table all active LSP client names
M.list_lsp_clients = function(bufnr)
local clients = vim.lsp.get_active_clients({ bufnr = bufnr })
local clients = vim.lsp.buf_get_clients(bufnr)
local names = {}
for _, client in ipairs(clients) do

27
modules/home/vim/plugin/settings/lspconfig.lua
View file

@ -29,17 +29,16 @@ if utils.is_executable("clangd") then
})
end
-- Haskell
if utils.is_executable("haskell-language-server-wrapper") then
lspconfig.hls.setup({
-- Nix
if utils.is_executable("nil") then
lspconfig.nil_ls.setup({
capabilities = capabilities,
on_attach = lsp.on_attach,
})
end
-- Nix
if utils.is_executable("nil") then
lspconfig.nil_ls.setup({
if utils.is_executable("rnix-lsp") then
lspconfig.rnix.setup({
capabilities = capabilities,
on_attach = lsp.on_attach,
})
@ -53,13 +52,6 @@ if utils.is_executable("pyright") then
})
end
if utils.is_executable("ruff-lsp") then
lspconfig.ruff_lsp.setup({
capabilities = capabilities,
on_attach = lsp.on_attach,
})
end
-- Rust
if utils.is_executable("rust-analyzer") then
lspconfig.rust_analyzer.setup({
@ -67,12 +59,3 @@ if utils.is_executable("rust-analyzer") then
on_attach = lsp.on_attach,
})
end
-- Shell
if utils.is_executable("bash-language-server") then
lspconfig.bashls.setup({
filetypes = { "bash", "sh", "zsh" },
capabilities = capabilities,
on_attach = lsp.on_attach,
})
end

2
modules/home/vim/plugin/settings/lualine.lua
View file

@ -10,7 +10,7 @@ local function list_spell_languages()
end
local function list_lsp_clients()
local client_names = utils.list_lsp_clients(0)
local client_names = utils.list_lsp_clients()
if #client_names == 0 then
return ""

68
modules/home/vim/plugin/settings/null-ls.lua
View file

@ -18,16 +18,48 @@ null_ls.register({
}),
})
-- C, C++
null_ls.register({
null_ls.builtins.formatting.clang_format.with({
-- Only used if available, but prefer clangd formatting if available
condition = function()
return utils.is_executable("clang-format") and not utils.is_executable("clangd")
end,
}),
})
-- Haskell
null_ls.register({
null_ls.builtins.formatting.brittany.with({
-- Only used if available
condition = utils.is_executable_condition("brittany"),
}),
})
-- Nix
null_ls.register({
null_ls.builtins.formatting.nixpkgs_fmt.with({
-- Only used if available
condition = utils.is_executable_condition("nixpkgs-fmt"),
-- Only used if available, but prefer rnix if available
condition = function()
return utils.is_executable("nixpkgs-fmt")
and not utils.is_executable("rnix-lsp")
and not utils.is_executable("nil")
end,
}),
})
-- Python
null_ls.register({
null_ls.builtins.diagnostics.flake8.with({
-- Only used if available, but prefer pflake8 if available
condition = function()
return utils.is_executable("flake8") and not utils.is_executable("pflake8")
end,
}),
null_ls.builtins.diagnostics.pyproject_flake8.with({
-- Only used if available
condition = utils.is_executable_condition("pflake8"),
}),
null_ls.builtins.diagnostics.mypy.with({
-- Only used if available
condition = utils.is_executable_condition("mypy"),
@ -49,6 +81,22 @@ null_ls.register({
-- Shell (non-POSIX)
null_ls.register({
null_ls.builtins.code_actions.shellcheck.with({
-- Restrict to bash and zsh
filetypes = { "bash", "zsh" },
-- Only used if available
condition = utils.is_executable_condition("shellcheck"),
}),
null_ls.builtins.diagnostics.shellcheck.with({
-- Show error code in message
diagnostics_format = "[#{c}] #{m}",
-- Require explicit empty string test, use bash dialect
extra_args = { "-s", "bash", "-o", "avoid-nullary-conditions" },
-- Restrict to bash and zsh
filetypes = { "bash", "zsh" },
-- Only used if available
condition = utils.is_executable_condition("shellcheck"),
}),
null_ls.builtins.formatting.shfmt.with({
-- Indent with 4 spaces, simplify the code, indent switch cases,
-- add space after redirection, use bash dialect
@ -62,6 +110,22 @@ null_ls.register({
-- Shell (POSIX)
null_ls.register({
null_ls.builtins.code_actions.shellcheck.with({
-- Restrict to POSIX sh
filetypes = { "sh" },
-- Only used if available
condition = utils.is_executable_condition("shellcheck"),
}),
null_ls.builtins.diagnostics.shellcheck.with({
-- Show error code in message
diagnostics_format = "[#{c}] #{m}",
-- Require explicit empty string test
extra_args = { "-o", "avoid-nullary-conditions" },
-- Restrict to POSIX sh
filetypes = { "sh" },
-- Only used if available
condition = utils.is_executable_condition("shellcheck"),
}),
null_ls.builtins.formatting.shfmt.with({
-- Indent with 4 spaces, simplify the code, indent switch cases,
-- add space after redirection, use POSIX

5
modules/home/xdg/default.nix
View file

@ -42,9 +42,11 @@ in
ANDROID_USER_HOME = "${configHome}/android";
CARGO_HOME = "${dataHome}/cargo";
DOCKER_CONFIG = "${configHome}/docker";
GRADLE_USER_HOME = "${dataHome}/gradle";
GDBHISTFILE = "${dataHome}/gdb/gdb_history";
HISTFILE = "${dataHome}/bash/history";
INPUTRC = "${configHome}/readline/inputrc";
LESSHISTFILE = "${dataHome}/less/history";
LESSKEY = "${configHome}/less/lesskey";
PSQL_HISTORY = "${dataHome}/psql_history";
PYTHONPYCACHEPREFIX = "${cacheHome}/python/";
PYTHONUSERBASE = "${dataHome}/python/";
@ -52,6 +54,5 @@ in
REDISCLI_HISTFILE = "${dataHome}/redis/rediscli_history";
REPO_CONFIG_DIR = "${configHome}/repo";
XCOMPOSECACHE = "${dataHome}/X11/xcompose";
_JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java";
};
}

207
modules/home/zsh/default.nix
View file

@ -15,152 +15,81 @@ in
enable = my.mkDisableOption "zsh configuration";
launchTmux = mkEnableOption "auto launch tmux at shell start";
notify = {
enable = mkEnableOption "zsh-done notification";
exclude = mkOption {
type = with types; listOf str;
default = [
"delta"
"direnv reload"
"fg"
"git (?!push|pull|fetch)"
"htop"
"less"
"man"
"nvim"
"tail -f"
"tmux"
"vim"
];
example = [ "command --long-running-option" ];
description = ''
List of exclusions which should not be create a notification. Accepts
Perl regexes (implicitly anchored with `^\s*`).
'';
};
ssh = {
enable = mkEnableOption "notify through SSH/non-graphical connections";
useOsc777 = lib.my.mkDisableOption "use OSC-777 for notifications";
};
};
};
config = lib.mkIf cfg.enable (lib.mkMerge [
{
home.packages = with pkgs; [
zsh-completions
config = lib.mkIf cfg.enable {
home.packages = with pkgs; [
zsh-completions
];
programs.zsh = {
enable = true;
dotDir = "${relativeXdgConfig}/zsh"; # Don't clutter $HOME
enableCompletion = true;
history = {
size = 500000;
save = 500000;
extended = true;
expireDuplicatesFirst = true;
ignoreSpace = true;
ignoreDups = true;
share = false;
path = "${config.xdg.dataHome}/zsh/zsh_history";
};
plugins = [
{
name = "fast-syntax-highlighting";
file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh";
src = pkgs.zsh-fast-syntax-highlighting;
}
{
name = "agkozak-zsh-prompt";
file = "share/zsh/site-functions/agkozak-zsh-prompt.plugin.zsh";
src = pkgs.agkozak-zsh-prompt;
}
];
programs.zsh = {
enable = true;
dotDir = "${relativeXdgConfig}/zsh"; # Don't clutter $HOME
enableCompletion = true;
# Modal editing is life, but CLI benefits from emacs gymnastics
defaultKeymap = "emacs";
history = {
size = 500000;
save = 500000;
extended = true;
expireDuplicatesFirst = true;
ignoreSpace = true;
ignoreDups = true;
share = false;
path = "${config.xdg.dataHome}/zsh/zsh_history";
};
plugins = [
{
name = "fast-syntax-highlighting";
file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh";
src = pkgs.zsh-fast-syntax-highlighting;
}
{
name = "agkozak-zsh-prompt";
file = "share/zsh/site-functions/agkozak-zsh-prompt.plugin.zsh";
src = pkgs.agkozak-zsh-prompt;
}
];
# Modal editing is life, but CLI benefits from emacs gymnastics
defaultKeymap = "emacs";
# Make those happen early to avoid doing double the work
initExtraFirst = lib.mkBefore ''
${
lib.optionalString cfg.launchTmux ''
# Launch tmux unless already inside one
if [ -z "$TMUX" ]; then
exec tmux new-session
fi
''
}
'';
initExtra = lib.mkAfter ''
source ${./completion-styles.zsh}
source ${./extra-mappings.zsh}
source ${./options.zsh}
# Source local configuration
if [ -f "$ZDOTDIR/zshrc.local" ]; then
source "$ZDOTDIR/zshrc.local"
fi
'';
localVariables = {
# I like having the full path
AGKOZAK_PROMPT_DIRTRIM = 0;
# Because I *am* from EPITA
AGKOZAK_PROMPT_CHAR = [ "42sh$" "42sh#" ":" ];
# Easy on the eyes
AGKOZAK_COLORS_BRANCH_STATUS = "magenta";
# I don't like moving my eyes
AGKOZAK_LEFT_PROMPT_ONLY = 1;
};
# Enable VTE integration
enableVteIntegration = true;
};
}
(lib.mkIf cfg.notify.enable {
programs.zsh = {
plugins = [
{
name = "zsh-done";
file = "share/zsh/site-functions/done.plugin.zsh";
src = pkgs.ambroisie.zsh-done;
}
];
# `localVariables` values don't get merged correctly due to their type,
# don't use `mkIf`
localVariables = {
DONE_EXCLUDE =
let
joined = lib.concatMapStringsSep "|" (c: "(${c})") cfg.notify.exclude;
in
''^\s*(${joined})'';
# Make those happen early to avoid doing double the work
initExtraFirst = ''
${
lib.optionalString cfg.launchTmux ''
# Launch tmux unless already inside one
if [ -z "$TMUX" ]; then
exec tmux new-session
fi
''
}
# Enable `zsh-done` through SSH, if configured
// lib.optionalAttrs cfg.notify.ssh.enable {
DONE_ALLOW_NONGRAPHICAL = 1;
};
'';
# Use OSC-777 to send the notification through SSH
initExtra = lib.mkIf cfg.notify.ssh.useOsc777 ''
done_send_notification() {
local exit_status="$1"
local title="$2"
local message="$3"
initExtra = ''
source ${./completion-styles.zsh}
source ${./extra-mappings.zsh}
source ${./options.zsh}
${lib.getExe pkgs.ambroisie.osc777} "$title" "$message"
}
'';
# Source local configuration
if [ -f "$ZDOTDIR/zshrc.local" ]; then
source "$ZDOTDIR/zshrc.local"
fi
'';
localVariables = {
# I like having the full path
AGKOZAK_PROMPT_DIRTRIM = 0;
# Because I *am* from EPITA
AGKOZAK_PROMPT_CHAR = [ "42sh$" "42sh#" ":" ];
# Easy on the eyes
AGKOZAK_COLORS_BRANCH_STATUS = "magenta";
# I don't like moving my eyes
AGKOZAK_LEFT_PROMPT_ONLY = 1;
};
})
]);
# Enable VTE integration
enableVteIntegration = true;
};
};
}

8
modules/nixos/hardware/bluetooth/default.nix
View file

@ -25,8 +25,8 @@ in
package = pkgs.pulseaudioFull;
};
services.pipewire.wireplumber.configPackages = [
(pkgs.writeTextDir "share/wireplumber/bluetooth.lua.d/51-bluez-config.lua" ''
environment.etc = {
"wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
bluez_monitor.properties = {
-- SBC XQ provides better audio
["bluez5.enable-sbc-xq"] = true,
@ -40,8 +40,8 @@ in
-- FIXME: Some devices may now support both hsp_ag and hfp_ag
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
}
'')
];
'';
};
})
# Support for A2DP audio profile

2
modules/nixos/profiles/laptop/default.nix
View file

@ -9,7 +9,7 @@ in
config = lib.mkIf cfg.enable {
# Enable touchpad support
services.libinput.enable = true;
services.xserver.libinput.enable = true;
# Enable TLP power management
my.services.tlp.enable = true;

39
modules/nixos/services/audiobookshelf/default.nix
View file

@ -1,39 +0,0 @@
# Audiobook and podcast library
{ config, lib, ... }:
let
cfg = config.my.services.audiobookshelf;
in
{
options.my.services.audiobookshelf = with lib; {
enable = mkEnableOption "Audiobookshelf, a self-hosted podcast manager";
port = mkOption {
type = types.port;
default = 8000;
example = 4242;
description = "The port on which Audiobookshelf will listen for incoming HTTP traffic.";
};
};
config = lib.mkIf cfg.enable {
services.audiobookshelf = {
enable = true;
inherit (cfg) port;
group = "media";
};
# Set-up media group
users.groups.media = { };
my.services.nginx.virtualHosts = {
audiobookshelf = {
inherit (cfg) port;
# Proxy websockets for RPC
extraConfig = {
locations."/".proxyWebsockets = true;
};
};
};
};
}

10
modules/nixos/services/backup/default.nix
View file

@ -89,16 +89,6 @@ in
};
config = lib.mkIf cfg.enable {
# Essential files which should always be backed up
my.services.backup.paths = lib.flatten [
# Should be unique to a given host, used by some software (e.g: ZFS)
"/etc/machine-id"
# Contains the UID/GID map, and other useful state
"/var/lib/nixos"
# SSH host keys (and public keys for convenience)
(builtins.map (key: [ key.path "${key.path}.pub" ]) config.services.openssh.hostKeys)
];
services.restic.backups.backblaze = {
# Take care of included and excluded files
paths = cfg.paths;

2
modules/nixos/services/blog/default.nix
View file

@ -35,7 +35,7 @@ in
useACMEHost = domain;
default = true;
locations."/".return = "302 https://${domain}$request_uri";
locations."/".return = "302 https://belanyi.fr$request_uri";
};
};

3
modules/nixos/services/default.nix
View file

@ -4,21 +4,18 @@
imports = [
./adblock
./aria
./audiobookshelf
./backup
./blog
./calibre-web
./drone
./fail2ban
./flood
./forgejo
./gitea
./grocy
./indexers
./jellyfin
./lohr
./matrix
./mealie
./miniflux
./monitoring
./navidrome

162
modules/nixos/services/forgejo/default.nix
View file

@ -1,162 +0,0 @@
# A low-ressource, full-featured git forge.
{ config, lib, ... }:
let
cfg = config.my.services.forgejo;
in
{
options.my.services.forgejo = with lib; {
enable = mkEnableOption "Forgejo";
port = mkOption {
type = types.port;
default = 3042;
example = 8080;
description = "Internal port";
};
mail = {
enable = mkEnableOption {
description = "mailer configuration";
};
host = mkOption {
type = types.str;
example = "smtp.example.com";
description = "Host for the mail account";
};
port = mkOption {
type = types.port;
default = 465;
example = 587;
description = "Port for the mail account";
};
user = mkOption {
type = types.str;
example = "forgejo@example.com";
description = "User for the mail account";
};
passwordFile = mkOption {
type = types.str;
example = "/run/secrets/forgejo-mail-password.txt";
description = "Password for the mail account";
};
protocol = mkOption {
type = types.str;
default = "smtps";
example = "smtp";
description = "Protocol for connection";
};
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = cfg.enable -> !config.my.services.gitea.enable;
message = ''
`config.my.services.forgejo` is incompatible with
`config.my.services.gitea`.
'';
}
];
services.forgejo =
let
inherit (config.networking) domain;
forgejoDomain = "git.${domain}";
in
{
enable = true;
user = "git";
group = "git";
lfs.enable = true;
useWizard = false;
database = {
type = "postgres"; # Automatic setup
user = "git"; # User needs to be the same as forgejo user
name = "git"; # Name must be the same as user for `ensureDBOwnership`
};
# NixOS module uses `forgejo dump` to backup repositories and the database,
# but it produces a single .zip file that's not very backup friendly.
# I configure my backup system manually below.
dump.enable = false;
mailerPasswordFile = lib.mkIf cfg.mail.enable cfg.mail.passwordFile;
settings = {
DEFAULT = {
APP_NAME = "Ambroisie's forge";
};
server = {
HTTP_PORT = cfg.port;
DOMAIN = forgejoDomain;
ROOT_URL = "https://${forgejoDomain}";
};
mailer = lib.mkIf cfg.mail.enable {
ENABLED = true;
SMTP_ADDR = cfg.mail.host;
SMTP_PORT = cfg.mail.port;
FROM = "Forgejo <${cfg.mail.user}>";
USER = cfg.mail.user;
PROTOCOL = cfg.mail.protocol;
};
service = {
DISABLE_REGISTRATION = true;
};
session = {
# only send cookies via HTTPS
COOKIE_SECURE = true;
};
};
};
users.users.git = {
description = "Forgejo Service";
home = config.services.forgejo.stateDir;
useDefaultShell = true;
group = "git";
isSystemUser = true;
};
users.groups.git = { };
my.services.nginx.virtualHosts = {
# Proxy to Forgejo
git = {
inherit (cfg) port;
};
# Redirect `forgejo.` to actual forge subdomain
forgejo = {
redirect = config.services.forgejo.settings.server.ROOT_URL;
};
};
my.services.backup = {
paths = [
config.services.forgejo.lfs.contentDir
config.services.forgejo.repositoryRoot
];
};
services.fail2ban.jails = {
forgejo = ''
enabled = true
filter = forgejo
action = iptables-allports
'';
};
environment.etc = {
"fail2ban/filter.d/forgejo.conf".text = ''
[Definition]
failregex = ^.*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>$
journalmatch = _SYSTEMD_UNIT=forgejo.service
'';
};
};
}

35
modules/nixos/services/gitea/default.nix
View file

@ -18,15 +18,9 @@ in
};
host = mkOption {
type = types.str;
example = "smtp.example.com";
example = "smtp.example.com:465";
description = "Host for the mail account";
};
port = mkOption {
type = types.port;
default = 465;
example = 587;
description = "Port for the mail account";
};
user = mkOption {
type = types.str;
example = "gitea@example.com";
@ -37,11 +31,17 @@ in
example = "/run/secrets/gitea-mail-password.txt";
description = "Password for the mail account";
};
protocol = mkOption {
type = mkOption {
type = types.str;
default = "smtps";
default = "smtp";
example = "smtp";
description = "Protocol for connection";
description = "Password for the mail account";
};
tls = mkOption {
type = types.bool;
default = true;
example = false;
description = "Use TLS for connection";
};
};
};
@ -58,8 +58,6 @@ in
appName = "Ambroisie's forge";
user = "git";
group = "git";
lfs.enable = true;
useWizard = false;
@ -86,11 +84,11 @@ in
mailer = lib.mkIf cfg.mail.enable {
ENABLED = true;
SMTP_ADDR = cfg.mail.host;
SMTP_PORT = cfg.mail.port;
FROM = "Gitea <${cfg.mail.user}>";
HOST = cfg.mail.host;
FROM = cfg.mail.user;
USER = cfg.mail.user;
PROTOCOL = cfg.mail.protocol;
MAILER_TYPE = cfg.mail.type;
IS_TLS_ENABLED = cfg.mail.tls;
};
service = {
@ -109,6 +107,11 @@ in
home = config.services.gitea.stateDir;
useDefaultShell = true;
group = "git";
# The service for gitea seems to hardcode the group as
# gitea, so, uh, just in case?
extraGroups = [ "gitea" ];
isSystemUser = true;
};
users.groups.git = { };

34
modules/nixos/services/lohr/default.nix
View file

@ -59,6 +59,21 @@ in
"LOHR_HOME=${lohrHome}"
"LOHR_CONFIG="
];
ExecStartPre = lib.mkIf (cfg.sshKeyFile != null) ''+${
pkgs.writeScript "copy-ssh-key" ''
#!${pkgs.bash}/bin/bash
# Ensure the key is not there
mkdir -p '${lohrHome}/.ssh'
rm -f '${lohrHome}/.ssh/id_ed25519'
# Move the key into place
cp ${cfg.sshKeyFile} '${lohrHome}/.ssh/id_ed25519'
# Fix permissions
chown -R lohr:lohr '${lohrHome}/.ssh'
chmod -R 0700 '${lohrHome}/.ssh'
''
}'';
ExecStart =
let
configFile = settingsFormat.generate "lohr-config.yaml" cfg.setting;
@ -88,24 +103,5 @@ in
inherit (cfg) port;
};
};
# SSH key provisioning
systemd.tmpfiles.settings."10-lohr" = lib.mkIf (cfg.sshKeyFile != null) {
"${lohrHome}/.ssh" = {
d = {
user = "lohr";
group = "lohr";
mode = "0700";
};
};
"${lohrHome}/.ssh/id_ed25519" = {
"L+" = {
user = "lohr";
group = "lohr";
mode = "0700";
argument = cfg.sshKeyFile;
};
};
};
};
}

79
modules/nixos/services/mealie/default.nix
View file

@ -1,79 +0,0 @@
{ config, lib, ... }:
let
cfg = config.my.services.mealie;
in
{
options.my.services.mealie = with lib; {
enable = mkEnableOption "Mealie service";
port = mkOption {
type = types.port;
default = 4537;
example = 8080;
description = "Internal port for webui";
};
credentialsFile = mkOption {
type = types.str;
example = "/var/lib/mealie/credentials.env";
description = ''
Configuration file for secrets.
'';
};
};
config = lib.mkIf cfg.enable {
services.mealie = {
enable = true;
inherit (cfg) port credentialsFile;
settings = {
# Basic settings
BASE_URL = "https://mealie.${config.networking.domain}";
TZ = config.time.timeZone;
ALLOw_SIGNUP = "false";
# Use PostgreSQL
DB_ENGINE = "postgres";
POSTGRES_USER = "mealie";
POSTGRES_PASSWORD = "";
POSTGRES_SERVER = "/run/postgresql";
# Pydantic and/or mealie doesn't handle the URI correctly, hijack it
# with query parameters...
POSTGRES_DB = "mealie?host=/run/postgresql&dbname=mealie";
};
};
systemd.services = {
mealie = {
after = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
};
};
# Set-up database
services.postgresql = {
enable = true;
ensureDatabases = [ "mealie" ];
ensureUsers = [
{
name = "mealie";
ensureDBOwnership = true;
}
];
};
my.services.nginx.virtualHosts = {
mealie = {
inherit (cfg) port;
extraConfig = {
# Allow bulk upload of recipes for import/export
locations."/".extraConfig = ''
client_max_body_size 0;
'';
};
};
};
};
}

2
modules/nixos/services/nextcloud/default.nix
View file

@ -31,7 +31,7 @@ in
config = lib.mkIf cfg.enable {
services.nextcloud = {
enable = true;
package = pkgs.nextcloud29;
package = pkgs.nextcloud28;
hostName = "nextcloud.${config.networking.domain}";
home = "/var/lib/nextcloud";
maxUploadSize = cfg.maxSize;

15
modules/nixos/services/podgrab/default.nix
View file

@ -17,15 +17,6 @@ in
'';
};
dataDir = mkOption {
type = with types; nullOr str;
default = null;
example = "/mnt/podgrab";
description = ''
Path to the directory to store the podcasts. Use default if null
'';
};
port = mkOption {
type = types.port;
default = 8080;
@ -38,14 +29,8 @@ in
services.podgrab = {
enable = true;
inherit (cfg) passwordFile port;
group = "media";
dataDirectory = lib.mkIf (cfg.dataDir != null) cfg.dataDir;
};
# Set-up media group
users.groups.media = { };
my.services.nginx.virtualHosts = {
podgrab = {
inherit (cfg) port;

39
modules/nixos/services/postgresql/default.nix
View file

@ -20,28 +20,24 @@ in
# Taken from the manual
(lib.mkIf cfg.upgradeScript {
containers.temp-pg.config.services.postgresql = {
enable = true;
package = pkgs.postgresql_13;
};
environment.systemPackages =
let
pgCfg = config.services.postgresql;
newPackage' = pkgs.postgresql_13;
oldPackage = if pgCfg.enableJIT then pgCfg.package.withJIT else pgCfg.package;
oldData = pgCfg.dataDir;
oldBin = "${if pgCfg.extraPlugins == [] then oldPackage else oldPackage.withPackages pgCfg.extraPlugins}/bin";
newPackage = if pgCfg.enableJIT then newPackage'.withJIT else newPackage';
newData = "/var/lib/postgresql/${newPackage.psqlSchema}";
newBin = "${if pgCfg.extraPlugins == [] then newPackage else newPackage.withPackages pgCfg.extraPlugins}/bin";
newpg = config.containers.temp-pg.config.services.postgresql;
in
[
(pkgs.writeScriptBin "upgrade-pg-cluster" ''
#!/usr/bin/env bash
set -eux
export OLDDATA="${oldData}"
export NEWDATA="${newData}"
export OLDBIN="${oldBin}"
export NEWBIN="${newBin}"
set -x
export OLDDATA="${config.services.postgresql.dataDir}"
export NEWDATA="${newpg.dataDir}"
export OLDBIN="${config.services.postgresql.package}/bin"
export NEWBIN="${newpg.package}/bin"
if [ "$OLDDATA" -ef "$NEWDATA" ]; then
echo "Cannot migrate to same data directory" >&2
@ -50,21 +46,14 @@ in
install -d -m 0700 -o postgres -g postgres "$NEWDATA"
cd "$NEWDATA"
sudo -u postgres "$NEWBIN/initdb" -D "$NEWDATA"
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA"
systemctl stop postgresql # old one
sudo -u postgres "$NEWBIN/pg_upgrade" \
sudo -u postgres $NEWBIN/pg_upgrade \
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
--old-bindir "$OLDBIN" --new-bindir "$NEWBIN" \
--old-bindir $OLDBIN --new-bindir $NEWBIN \
"$@"
cat << EOF
Run the following commands after setting:
services.postgresql.package = pkgs.postgresql_${lib.versions.major newPackage.version}
sudo -u postgres vacuumdb --all --analyze-in-stages
${newData}/delete_old_cluster.sh
EOF
'')
];
})

23
modules/nixos/services/pyload/default.nix
View file

@ -39,12 +39,31 @@ in
downloadDirectory
port
;
};
# Use media group when downloading files
# Use pyload user/media group when downloading files
systemd.services.pyload = {
serviceConfig = {
User = lib.mkForce "pyload";
Group = lib.mkForce "media";
DynamicUser = lib.mkForce false;
};
};
# And make sure the download directory has the correct owners
systemd.tmpfiles.settings.pyload = {
${cfg.downloadDirectory}.d = {
user = "pyload";
group = "media";
};
};
# Set-up pyload user and media group
users.users.pyload = {
isSystemUser = true;
group = "media";
};
# Set-up media group
users.groups.media = { };
my.services.nginx.virtualHosts = {

4
modules/nixos/services/rss-bridge/default.nix
View file

@ -11,9 +11,7 @@ in
config = lib.mkIf cfg.enable {
services.rss-bridge = {
enable = true;
config = {
system.enabled_bridges = [ "*" ]; # Whitelist all
};
whitelist = [ "*" ]; # Whitelist all
virtualHost = "rss-bridge.${config.networking.domain}";
};

7
modules/nixos/services/tandoor-recipes/default.nix
View file

@ -73,13 +73,6 @@ in
my.services.nginx.virtualHosts = {
recipes = {
inherit (cfg) port;
extraConfig = {
# Allow bulk upload of recipes for import/export
locations."/".extraConfig = ''
client_max_body_size 0;
'';
};
};
};
};

23
modules/nixos/services/vikunja/default.nix
View file

@ -30,6 +30,8 @@ in
frontendScheme = "https";
frontendHostname = vikunjaDomain;
setupNginx = false;
database = {
type = "postgres";
user = "vikunja";
@ -59,11 +61,28 @@ in
# This is a weird setup
my.services.nginx.virtualHosts = {
${subdomain} = {
socket = socketPath;
# Serve the root for the web-ui
root = config.services.vikunja.package-frontend;
extraConfig = {
locations = {
"/" = {
tryFiles = "try_files $uri $uri/ /";
};
# Serve the API through a UNIX socket
"~* ^/(api|dav|\\.well-known)/" = {
proxyPass = "http://unix:${socketPath}";
extraConfig = ''
client_max_body_size 20M;
'';
};
};
};
};
};
systemd.services.vikunja = {
systemd.services.vikunja-api = {
serviceConfig = {
# Use a system user to simplify using the CLI
DynamicUser = lib.mkForce false;

2
modules/nixos/services/wireguard/default.nix
View file

@ -13,7 +13,7 @@ let
porthos = {
clientNum = 1;
publicKey = "PLdgsizztddri0LYtjuNHr5r2E8D+yI+gM8cm5WDfHQ=";
externalIp = "37.187.146.15";
externalIp = "91.121.177.163";
};
# "Clients"

2
modules/nixos/services/woodpecker/agent-exec/default.nix
View file

@ -44,8 +44,6 @@ in
serviceConfig = {
# Same option as upstream, without @setuid
SystemCallFilter = lib.mkForce "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap";
# NodeJS requires RWX memory...
MemoryDenyWriteExecute = lib.mkForce false;
BindPaths = [
"/nix/var/nix/daemon-socket/socket"

6
modules/nixos/services/woodpecker/default.nix
View file

@ -8,12 +8,6 @@
options.my.services.woodpecker = with lib; {
enable = mkEnableOption "Woodpecker CI";
forge = mkOption {
type = types.enum [ "gitea" "forgejo" ];
default = "forgejo";
example = "gitea";
description = "Which Forge to connect to";
};
runners = mkOption {
type = with types; listOf (enum [ "exec" "docker" ]);
default = [ ];

2
modules/nixos/services/woodpecker/server/default.nix
View file

@ -17,7 +17,7 @@ in
WOODPECKER_GRPC_ADDR = ":${toString cfg.rpcPort}";
WOODPECKER_GITEA = "true";
WOODPECKER_GITEA_URL = config.services.${cfg.forge}.settings.server.ROOT_URL;
WOODPECKER_GITEA_URL = config.services.gitea.settings.server.ROOT_URL;
WOODPECKER_LOG_LEVEL = "debug";
};

7
modules/nixos/system/nix/default.nix
View file

@ -54,10 +54,13 @@ in
nix = {
package = pkgs.nix;
# FIXME: waiting on https://github.com/NixOS/nixpkgs/pull/146515
# FIXME: look at https://github.com/SuperSandro2000/nixos-modules/blob/master/modules/nix.nix
settings = {
# I like XDG-compliance
use-xdg-base-directories = true;
experimental-features = [ "nix-command" "flakes" ];
# Trusted users are equivalent to root, and might as well allow wheel
trusted-users = [ "root" "@wheel" ];
};
};
}

28
overlays/gruvbox-nvim-better-diff/colours.patch Normal file
View file

@ -0,0 +1,28 @@
From 416b3c9c5e783d173ac0fd5310a76c1b144b92c1 Mon Sep 17 00:00:00 2001
From: eeeXun <sdes96303@gmail.com>
Date: Thu, 19 Oct 2023 02:34:12 +0800
Subject: Use better diff colours
---
README.md | 3 ++-
lua/gruvbox.lua | 7 ++++---
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/lua/gruvbox.lua b/lua/gruvbox.lua
index ceba0735..a319fc6a 100644
--- a/lua/gruvbox.lua
+++ b/lua/gruvbox.lua
@@ -360,9 +361,9 @@ local function get_groups()
PmenuSel = { fg = colors.bg2, bg = colors.blue, bold = config.bold },
PmenuSbar = { bg = colors.bg2 },
PmenuThumb = { bg = colors.bg4 },
- DiffDelete = { bg = colors.dark_red },
- DiffAdd = { bg = colors.dark_green },
- DiffChange = { bg = colors.dark_aqua },
- DiffText = { bg = colors.yellow, fg = colors.bg0 },
+ DiffDelete = { fg = colors.red },
+ DiffAdd = { fg = colors.green },
+ DiffChange = { fg = colors.aqua },
+ DiffText = { fg = colors.yellow, bg = colors.bg0 },
SpellCap = { link = "GruvboxBlueUnderline" },
SpellBad = { link = "GruvboxRedUnderline" },

0
overlays/gruvbox-nvin-expose-palette/default.nix → overlays/gruvbox-nvim-better-diff/default.nix
View file

10
overlays/gruvbox-nvim-better-diff/generated.nix Normal file
View file

@ -0,0 +1,10 @@
{ ... }:
_final: prev: {
gruvbox-nvim = prev.gruvbox-nvim.overrideAttrs (oa: {
patches = (oa.patches or [ ]) ++ [
# Inspired by https://github.com/ellisonleao/gruvbox.nvim/pull/291
./colours.patch
];
});
}

4
overlays/gruvbox-nvim-treesitter-fix/default.nix Normal file
View file

@ -0,0 +1,4 @@
self: prev:
{
vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { });
}

14
overlays/gruvbox-nvim-treesitter-fix/generated.nix Normal file
View file

@ -0,0 +1,14 @@
{ fetchFromGitHub }:
_final: prev: {
gruvbox-nvim = prev.gruvbox-nvim.overrideAttrs (_: {
version = "2024-01-29";
src = fetchFromGitHub {
owner = "ellisonleao";
repo = "gruvbox.nvim";
rev = "6e4027ae957cddf7b193adfaec4a8f9e03b4555f";
sha256 = "sha256-jWnrRy/PT7D0UcPGL+XTbKHWvS0ixvbyqPtTzG9HY84=";
};
});
}

14
overlays/gruvbox-nvin-expose-palette/generated.nix
View file

@ -1,14 +0,0 @@
{ fetchpatch, ... }:
_final: prev: {
gruvbox-nvim = prev.gruvbox-nvim.overrideAttrs (oa: {
patches = (oa.patches or [ ]) ++ [
# https://github.com/ellisonleao/gruvbox.nvim/pull/319
(fetchpatch {
name = "expose-color-palette.patch";
url = "https://github.com/ellisonleao/gruvbox.nvim/commit/07a493ba4f8b650aab9ed9e486caa89822be0996.patch";
hash = "sha256-iGwt8qIHe2vaiAUcpaUxyGlM472F89vobTdQ7CF/H70=";
})
];
});
}

6
pkgs/zsh-done/default.nix
View file

@ -2,13 +2,13 @@
stdenvNoCC.mkDerivation rec {
pname = "zsh-done";
version = "0.1.1";
version = "0.1.0";
src = fetchFromGitHub {
owner = "ambroisie";
repo = "zsh-done";
rev = "v${version}";
hash = "sha256-dyhPhoMrAfDWtrBX5TA+B3G7QZ7gBhoDGNOEqGsCBQU=";
hash = "sha256-DC7urJDXPP9vBYABrJF5KZ4HfMbrpHIVogSmEB8PWLA=";
};
dontConfigure = true;
@ -26,7 +26,7 @@ stdenvNoCC.mkDerivation rec {
description = ''
A zsh plug-in to receive notifications when long processes finish
'';
homepage = "https://git.belanyi.fr/ambroisie/zsh-done";
homepage = "https://gitea.belanyi.fr/ambroisie/zsh-done";
license = licenses.mit;
platforms = platforms.unix;
maintainers = with maintainers; [ ambroisie ];

27
templates/c++-cmake/.woodpecker/check.yml
View file

@ -1,12 +1,7 @@
labels:
backend: local
type: exec
steps:
- name: pre-commit check
image: bash
commands:
- nix develop --command pre-commit run --all
- name: nix flake check
image: bash
commands:
@ -14,17 +9,17 @@ steps:
- name: notifiy
image: bash
environment:
ADDRESS:
from_secret: matrix_homeserver
ROOM:
from_secret: matrix_roomid
USER:
from_secret: matrix_username
PASS:
from_secret: matrix_password
secrets:
- source: matrix_homeserver
target: address
- source: matrix_roomid
target: room
- source: matrix_username
target: user
- source: matrix_password
target: pass
commands:
- nix run github:ambroisie/matrix-notifier
- nix run '.#matrix-notifier'
when:
status:
- failure

2
templates/c++-cmake/flake.nix
View file

@ -52,7 +52,7 @@
meta = with lib; {
description = "A C++ project";
homepage = "https://git.belanyi.fr/ambroisie/project";
homepage = "https://gitea.belanyi.fr/ambroisie/project";
license = licenses.mit;
maintainers = with maintainers; [ ambroisie ];
platforms = platforms.unix;

20
templates/c++-cmake/tests/unit/CMakeLists.txt
View file

@ -1,15 +1,15 @@
find_package(GTest)
if(${GTest_FOUND})
include(GoogleTest)
if (${GTest_FOUND})
include(GoogleTest)
add_executable(dummy_test dummy_test.cc)
target_link_libraries(dummy_test PRIVATE common_options)
add_executable(dummy_test dummy_test.cc)
target_link_libraries(dummy_test PRIVATE common_options)
target_link_libraries(dummy_test PRIVATE
GTest::gtest
GTest::gtest_main
)
target_link_libraries(dummy_test PRIVATE
GTest::gtest
GTest::gtest_main
)
gtest_discover_tests(dummy_test)
endif()
gtest_discover_tests(dummy_test)
endif (${GTest_FOUND})

27
templates/c++-meson/.woodpecker/check.yml
View file

@ -1,12 +1,7 @@
labels:
backend: local
type: exec
steps:
- name: pre-commit check
image: bash
commands:
- nix develop --command pre-commit run --all
- name: nix flake check
image: bash
commands:
@ -14,17 +9,17 @@ steps:
- name: notifiy
image: bash
environment:
ADDRESS:
from_secret: matrix_homeserver
ROOM:
from_secret: matrix_roomid
USER:
from_secret: matrix_username
PASS:
from_secret: matrix_password
secrets:
- source: matrix_homeserver
target: address
- source: matrix_roomid
target: room
- source: matrix_username
target: user
- source: matrix_password
target: pass
commands:
- nix run github:ambroisie/matrix-notifier
- nix run '.#matrix-notifier'
when:
status:
- failure

2
templates/c++-meson/flake.nix
View file

@ -52,7 +52,7 @@
meta = with lib; {
description = "A C++ project";
homepage = "https://git.belanyi.fr/ambroisie/project";
homepage = "https://gitea.belanyi.fr/ambroisie/project";
license = licenses.mit;
maintainers = with maintainers; [ ambroisie ];
platforms = platforms.unix;

6
templates/default.nix
View file

@ -5,10 +5,6 @@
};
"c++-meson" = {
path = ./c++-meson;
description = "A C++ project using Meson";
};
"rust-cargo" = {
path = ./rust-cargo;
description = "A Rust project using Cargo";
description = "A C++ project using CMake";
};
}

5
templates/rust-cargo/.envrc
View file

@ -1,5 +0,0 @@
if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then
source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg="
fi
use flake

6
templates/rust-cargo/.gitignore vendored
View file

@ -1,6 +0,0 @@
# Rust build directory
/target
# Nix generated files
/.pre-commit-config.yaml
/result

31
templates/rust-cargo/.woodpecker/check.yml
View file

@ -1,31 +0,0 @@
labels:
backend: local
steps:
- name: pre-commit check
image: bash
commands:
- nix develop --command pre-commit run --all
- name: nix flake check
image: bash
commands:
- nix flake check
- name: notifiy
image: bash
environment:
ADDRESS:
from_secret: matrix_homeserver
ROOM:
from_secret: matrix_roomid
USER:
from_secret: matrix_username
PASS:
from_secret: matrix_password
commands:
- nix run github:ambroisie/matrix-notifier
when:
status:
- failure
- success

7
templates/rust-cargo/Cargo.lock generated
View file

@ -1,7 +0,0 @@
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 3
[[package]]
name = "project"
version = "0.0.0"

8
templates/rust-cargo/Cargo.toml
View file

@ -1,8 +0,0 @@
[package]
name = "project"
version = "0.0.0"
edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]

112
templates/rust-cargo/flake.nix
View file

@ -1,112 +0,0 @@
{
description = "A Rust project";
inputs = {
futils = {
type = "github";
owner = "numtide";
repo = "flake-utils";
ref = "main";
};
nixpkgs = {
type = "github";
owner = "NixOS";
repo = "nixpkgs";
ref = "nixos-unstable";
};
pre-commit-hooks = {
type = "github";
owner = "cachix";
repo = "pre-commit-hooks.nix";
ref = "master";
inputs = {
flake-utils.follows = "futils";
nixpkgs.follows = "nixpkgs";
};
};
};
outputs = { self, futils, nixpkgs, pre-commit-hooks }:
{
overlays = {
default = final: _prev: {
project = with final; rustPlatform.buildRustPackage {
pname = "project";
version = (final.lib.importTOML ./Cargo.toml).package.version;
src = self;
cargoLock = {
lockFile = "${self}/Cargo.lock";
};
meta = with lib; {
description = "A Rust project";
homepage = "https://git.belanyi.fr/ambroisie/project";
license = licenses.mit;
maintainers = with maintainers; [ ambroisie ];
};
};
};
};
} // futils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs {
inherit system;
overlays = [
self.overlays.default
];
};
pre-commit = pre-commit-hooks.lib.${system}.run {
src = self;
hooks = {
clippy = {
enable = true;
settings = {
denyWarnings = true;
};
};
nixpkgs-fmt = {
enable = true;
};
rustfmt = {
enable = true;
};
};
};
in
{
checks = {
inherit (self.packages.${system}) project;
};
devShells = {
default = pkgs.mkShell {
inputsFrom = with self.packages.${system}; [
project
];
packages = with pkgs; [
clippy
rust-analyzer
rustfmt
];
RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}";
inherit (pre-commit) shellHook;
};
};
packages = futils.lib.flattenTree {
default = pkgs.project;
inherit (pkgs) project;
};
});
}

0
templates/rust-cargo/rustfmt.toml
View file

3
templates/rust-cargo/src/main.rs
View file

@ -1,3 +0,0 @@
fn main() {
println!("Hello, world!");
}