ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

merge into: ambroisie:native-vim-snippets
Branches Tags
ambroisie:main
ambroisie:add-jj
ambroisie:xdg-mime-apps
ambroisie:tmux-undercurls
ambroisie:add-nixgl
ambroisie:export-nixos-homes
ambroisie:native-vim-snippets
ambroisie:add-impermanence
ambroisie:add-typos-hook
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix
...
pull from: ambroisie:main
Branches Tags
ambroisie:add-jj
ambroisie:main
ambroisie:xdg-mime-apps
ambroisie:tmux-undercurls
ambroisie:add-nixgl
ambroisie:export-nixos-homes
ambroisie:native-vim-snippets
ambroisie:add-impermanence
ambroisie:add-typos-hook
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix
Sign in to create a new pull request.

137 commits
native-vim ... main

Author SHA1 Message Date
Bruno BELANYI
5cd9155a58 nixos: services: mealie: backup state directory
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
Somehow forgot to do this when first writing the module.
 2025-11-30 00:21:21 +01:00
Bruno BELANYI
f546f85037 hosts: nixos: porthos: secrets: sso: remove owner 
Now that the service uses `LoadCredential` [1], I can make the files
root-owned.

[1]: https://github.com/NixOS/nixpkgs/pull/460305
 2025-11-30 00:21:21 +01:00
Bruno BELANYI
3020c6433b flake: bump inputs 2025-11-30 00:21:21 +01:00
Bruno BELANYI
29fb7c5066 home: discord: use upstream module
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-11-17 13:58:13 +00:00
Bruno BELANYI
b37bde6eaf nixos: services: transmission: use longer timeout
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
It looks like Transmission takes time roughly proportional with the
number of open files to stop, so let's increase the timeout slightly.
 2025-11-17 12:45:22 +01:00
Bruno BELANYI
127e26b259 nixos: services: transmission: use high file limit 
Seeding a lot of files means keeping them all open.

The actual limit was cargo-culted from an open issue.
 2025-11-17 12:38:30 +01:00
Bruno BELANYI
ad6a0bf4d3 nixos: services: mealie: extend session timeout 2025-11-17 12:36:03 +01:00
Bruno BELANYI
6124d07c1b flake: bump inputs 2025-11-17 12:36:03 +01:00
Bruno BELANYI
1b4111e28f nixos: services: nextcloud: use declarative apps
Some checks failed
ci/woodpecker/push/check Pipeline failed
Details 
Now that the `notify_push` module declaratively installs _its_ app [1],
I should declaratively install _all_ apps.

[1]: https://github.com/NixOS/nixpkgs/pull/451501
 2025-11-08 22:14:25 +01:00
Bruno BELANYI
6e73c936b0 home: zsh: fix plug-in path
Some checks failed
ci/woodpecker/push/check Pipeline failed
Details 
The upstream commit [1] said it was a non-breaking change, but didn't
actually setup the symlinks for this package...

[1]: 10f01ded353d5a76c6acbecaa0ac5e5063f60c13
 2025-11-08 11:57:45 +00:00
Bruno BELANYI
bbdbc1e55c home: vim: ftdetect: remove glsl 
GLSL is now correctly detected starting with v0.11.

This reverts commit b8b64bed8e.
 2025-11-08 11:57:45 +00:00
Bruno BELANYI
0ac983a71f home: vim: do not set 'background' explicitly 
Rely on the new behaviour from v0.10 which detects it more
intelligently.
 2025-11-08 11:57:45 +00:00
Bruno BELANYI
fe681d3f16 flake: bump inputs 2025-11-08 11:57:45 +00:00
Bruno BELANYI
44246b4ea1 flake: NUR has renamed its branch to 'main' 2025-11-08 11:56:25 +00:00
Bruno BELANYI
41c506749e flake: overlays: use 'lib' 
It's a `lib` function, not _really_ a Nixpkgs one.

Also it's about to break after the next flake update :-).
 2025-11-06 14:40:26 +00:00
Bruno BELANYI
983bf0f764 nixos: services: nextcloud: bump to 32
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-11-03 17:22:29 +01:00
Bruno BELANYI
c536ee0136 home: zsh: add 'zsh-completion-sync'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
It's gated behind `completionSync.enable`, as it does make
entering/leaving direnv-enabled projects slower (due to the calls to
`compinit`).

This might need a bit more work to avoid multiple `compinit`s at shell
startup, will refine in the future if necessary.
 2025-11-03 17:20:03 +01:00
Bruno BELANYI
a20c8f820d flake: bump inputs 2025-11-03 17:20:02 +01:00
Bruno BELANYI
4000a848ef home: delta: use upstream module 2025-11-03 17:20:02 +01:00
Bruno BELANYI
9ddc77958a home: git: fix deprecated config 2025-11-03 17:20:02 +01:00
Bruno BELANYI
2df05aaa1a flake: bump inputs 
And fix a breaking change leading to an evaluation failure.
 2025-11-03 17:20:02 +01:00
Bruno BELANYI
6b1b5300cd home: vim: lspconfig: simplify LSP config
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
Despite what I just said in the previous commit, I decided to remove the
`is_executable` checks and always enable all servers.

I figured out that NeoVim actually handles `PATH` modifications pretty
well in this scenario: making a previously unavailable server executable
will automatically enable it.
 2025-10-03 12:39:18 +00:00
Bruno BELANYI
62533d435b home: vim: lspconfig: use native configuration 
The `nvim-lspconfig` "framework" is being deprecated to use the native
`vim.lsp.config` and `vim.lsp.enable` functionality.

I _could_ remove the `is_executable` checks, as native LSP handling does
_not_ loudly error out when enabling a server which isn't executable.
However I think `:LspInfo` is more readable if I don't.
 2025-10-03 12:18:42 +00:00
Bruno BELANYI
5b47fc6365 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-10-03 12:23:54 +02:00
Bruno BELANYI
9f9c1e571b home: zsh: do not notify on 'home-manager news'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-09-18 10:03:12 +00:00
Bruno BELANYI
445b3d1422 flake: bump inputs 2025-09-18 10:03:12 +00:00
Bruno BELANYI
4c3e3d471f modules: services: nginx: fix SSL renewal, again
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
I'd previously fixed this in 1e10c6630b,
however NixOS has recently updated how the renewal units work [1], which
broke it.

[1]: https://github.com/NixOS/nixpkgs/pull/422076
 2025-09-13 19:17:54 +02:00
Bruno BELANYI
27da55519c hosts: nixos: porthos: secrets: update cross-seed 2025-09-12 11:19:39 +02:00
Bruno BELANYI
fa6bcabf95 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-09-11 13:33:27 +00:00
Bruno BELANYI
e6c95245b2 home: ssh: disable default config
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
It's been deprecated.

This also makes my `addKeysToAgent` configuration more explicit.
 2025-09-04 11:37:17 +00:00
Bruno BELANYI
b9bc37d365 flake: bump inputs 2025-09-04 11:37:17 +00:00
Bruno BELANYI
3dd4f07609 hosts: nixos: aramis: home: drop 'jellyfin-media-player' 
It's about to be made broken due to using QtWebEngine 5, which is EOL
and marked insecure in new nixpkgs.
 2025-09-04 11:37:17 +00:00
Bruno BELANYI
3fa1664b5c home: delta: use stand-alone configuration file 
Ideally, I'd like for `delta` to just read a configuration file at
`$XDG_CONFIG_HOME/delta/config` by default, but upstream seems somewhat
reticent to the idea :-/.

So instead, let's keep relying on `git` being enabled, but rather than
inlining the configuration, let's store it where I think it should
belong and include it into `gitconfig`.
 2025-09-04 11:20:57 +00:00
Bruno BELANYI
1800cb9daa hosts: nixos: aramis: use 'trgui' module 2025-09-04 11:20:57 +00:00
Bruno BELANYI
31147abd91 home: add trgui 2025-09-04 11:20:57 +00:00
Bruno BELANYI
a889dfbb1a home: nix: fix renamed option 2025-09-04 11:20:57 +00:00
Bruno BELANYI
1a109b6b1f flake: bump inputs 
And fix a renamed package.
 2025-09-04 11:20:57 +00:00
Bruno BELANYI
f3af8f9ba8 home: atuin: remove bad comment 
Most likely a copy-paste error.
 2025-08-21 12:07:10 +00:00
Bruno BELANYI
e2ae3e02d9 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-08-18 11:00:38 +00:00
Bruno BELANYI
5f073875e6 home: tmux: use consistent commenting style
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-08-11 10:18:35 +00:00
Bruno BELANYI
8c506ea03c home: xdg: enable 'preferXdgDirectories' 
At the moment this only makes a difference for `dircolors`.
 2025-08-11 10:05:19 +00:00
Bruno BELANYI
8688206ff5 flake: bump inputs 2025-08-11 10:05:19 +00:00
Bruno BELANYI
17ceaa5620 nixos: services: matrix: fix out-dated comments
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-08-06 15:37:08 +00:00
Bruno BELANYI
b1c9279c63 nixos: services: add thelounge
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-08-05 15:53:21 +02:00
Bruno BELANYI
30348a1e19 nixos: services: matrix: add Facebook bridge 
I probably won't actually use it, after test-driving it quickly.

But now that the effort has been expanded, might as well keep it if only
as a future reference.
 2025-08-05 15:53:21 +02:00
Bruno BELANYI
7a85a44407 nixos: services: matrix: remove obsolete comment 2025-08-05 15:53:21 +02:00
Bruno BELANYI
9cadbe6256 nixos: services: matrix: add admin interface 2025-08-05 15:53:21 +02:00
Bruno BELANYI
fa7b4910f5 nixos: services: matrix: fix proxy to synapse 
I want to make use of the `/_synapse/matrix/` sub-path, so just proxy
the whole of `/_synapse/`.
 2025-08-05 15:53:21 +02:00
Bruno BELANYI
1e31b2dfea nixos: services: matrix: simplify VHost 2025-08-05 15:53:21 +02:00
Bruno BELANYI
bd019258cb nixos: services: matrix: simplify listeners 2025-08-05 15:53:21 +02:00
Bruno BELANYI
0792e8c7cb nixos: services: matrix: fix element-web config 2025-08-05 15:53:21 +02:00
Bruno BELANYI
f1d7da7fcb nixos: services: matrix: refactor well-knowns 2025-08-05 15:53:21 +02:00
Bruno BELANYI
dd7b613531 pkgs: lohr: remove 'useFetchCargoVendor'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
It's now turned on by default.
 2025-08-05 11:03:01 +00:00
Bruno BELANYI
a10270f8e1 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-08-05 11:00:26 +00:00
Bruno BELANYI
f94fc468aa home: zsh: ignore more commands for notification
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-08-04 14:28:34 +00:00
Bruno BELANYI
7786c591b5 pkgs: comma: add 'COMMA_PICKER' 2025-08-04 11:13:52 +00:00
Bruno BELANYI
4b7c6c1f5e pkgs: comma: fix 'nix-locate' invocation
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-07-29 16:13:58 +00:00
Bruno BELANYI
2a515754a2 home: zsh: use absolute path to 'XDG_CONFIG_HOME'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
The path handling has been fixed upstream, which makes this module more
readable.
 2025-07-27 20:49:36 +01:00
Bruno BELANYI
add7967685 flake: bump inputs 2025-07-27 20:49:36 +01:00
Bruno BELANYI
13b61346f5 home: tmux: increase history scrollback
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
Even *longer*.
 2025-07-16 14:50:16 +00:00
Bruno BELANYI
979ae901c4 flake: bump inputs 2025-07-16 14:50:16 +00:00
Bruno BELANYI
2473bca167 home: vim: telescope: remove LSP handlers
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
The plug-in was broken with the update to 0.11, and I would like to try
using the built-in quickfixlist-based handlers for a while.

This reverts commit 8d4a1e61b4.
 2025-07-11 14:27:51 +00:00
Bruno BELANYI
b093faf00d nixos: services: tandoor-recipes: use automatic DB
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-07-08 10:42:13 +00:00
Bruno BELANYI
8d809e3ac3 flake: bump inputs 2025-07-08 10:40:08 +00:00
Bruno BELANYI
66ec807dc6 hosts: nixos: aramis: home: use 'trgui-ng'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
It looks and works much better than the old one.

Unfortunately, it's a Tauri app.
 2025-07-02 14:01:18 +02:00
Bruno BELANYI
5d87223970 nixos: services: transmission: use 'trgui-ng'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
I like it much better than the built-in UI.
 2025-07-02 13:26:22 +02:00
Bruno BELANYI
d618406516 nixos: services: use 'postgresql.target' 
This is now the more correct dependency to use in service definitions,
to guarantee read-write access with users and permissions.
 2025-07-02 13:24:19 +02:00
Bruno BELANYI
03bb627770 flake: bump inputs 2025-07-02 13:23:34 +02:00
Bruno BELANYI
112e340361 home: do not hard-code username
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
The flake module already sets it with `mkDefault`, making it easier to
override it for a specific host.
 2025-06-17 09:29:30 +00:00
Bruno BELANYI
1b275e1a8a flake: bump inputs 2025-06-17 09:29:30 +00:00
Bruno BELANYI
971f905813 nixos: services: mealie: remove DB settings
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
Looks like I missed them in the original commit to migrate to
`database.createLocally`.
 2025-06-09 13:52:32 +02:00
Bruno BELANYI
151570ccca flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-06-09 10:36:33 +00:00
Bruno BELANYI
98d39717e2 home: direnv: lib: don't erase pre-existing venv
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
Turns out `uv venv` isn't idempotent, it removes the existing virtual
environment by default.

Thankfully, there's a flag to fix it.
 2025-05-31 22:39:25 +01:00
Bruno BELANYI
a67a54bda2 nixos: services: paperless: use structured setting
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
The module should stringify it to JSON automatically, so might as well
use the more readable option.
 2025-05-31 22:56:30 +02:00
Bruno BELANYI
9751fdb888 hosts: homes: bazin: disable 'atuin' package
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
Same as on `mousqueton`.
 2025-05-27 11:39:15 +00:00
Bruno BELANYI
24407448d4 hosts: homes: mousqueton: disable 'atuin' package 
The system-provided package is built without its sync functionality.

To ensure the module works as written, I can't use `pkgs.emptyDirectory`
for this unfortunately...
 2025-05-27 11:38:09 +00:00
Bruno BELANYI
c1e2114c57 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-05-23 22:57:41 +01:00
Bruno BELANYI
97bcc5f34e hosts: nixos: porthos: secrets: update cross-seed
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-05-22 16:13:55 +02:00
Bruno BELANYI
f14f5c7f8a flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-05-14 18:51:12 +00:00
Bruno BELANYI
5b545a28f1 nixos: services: mealie: use automatic DB setup
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-05-09 00:02:07 +02:00
Bruno BELANYI
1dc65a37e7 nixos: services: paperless: set proxy settings
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-05-08 23:29:30 +02:00
Bruno BELANYI
a997d36964 nixos: services: paperless: fix formatting 2025-05-08 23:22:35 +02:00
Bruno BELANYI
0c5836bc56 nixos: services: paperless: use 'PAPERLESS_URL' 2025-05-08 23:22:11 +02:00
Bruno BELANYI
77839ab2ef flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-05-08 13:29:35 +00:00
Bruno BELANYI
8a8e4f93a5 flake: home-manager: remove obsolete comment
Some checks failed
ci/woodpecker/push/check Pipeline failed
Details
2025-05-07 17:16:44 +00:00
Bruno BELANYI
07d8f5a03f flake: nixos: use 'nixpkgs.hostPlatform'
Some checks failed
ci/woodpecker/push/check Pipeline failed
Details 
This is the proper way to set `system` nowadays.
 2025-05-07 17:46:01 +02:00
Bruno BELANYI
a9ba93f834 home: delta: assert git is enabled
Some checks failed
ci/woodpecker/push/check Pipeline failed
Details
2025-05-07 11:27:12 +00:00
Bruno BELANYI
d2a8894eb2 home: wm: i3: make 'firefox' history float
Some checks failed
ci/woodpecker/manual/check Pipeline failed
Details
2025-05-05 18:06:46 +01:00
Bruno BELANYI
22f97b4ac7 home: vim: lua: lsp: configure inlay hints 2025-05-03 13:56:12 +01:00
Bruno BELANYI
921d604ebe hosts: nixos: porthos: secrets: update cross-seed
Some checks failed
ci/woodpecker/push/check Pipeline failed
Details
2025-05-02 22:35:33 +01:00
Bruno BELANYI
e3243ebe80 nixos: services: nextcloud: simplify DB handling
Some checks failed
ci/woodpecker/push/check Pipeline failed
Details 
I *think* the option didn't exist when I originally used this module.
 2025-05-02 17:59:06 +01:00
Bruno BELANYI
4b6f62b25a home: gpg: fix deprecated config
Some checks failed
ci/woodpecker/push/check Pipeline failed
Details
2025-04-30 21:39:39 +01:00
Bruno BELANYI
c5be292dfc nixos: profiles: wm: fix i3lock PAM service 
This was announced as a breaking change, and would lock me out if not
set.

I wish the transition went a bit slower, by first introducing the
option for each PAM service, and *then* toggling it. Oh well.
 2025-04-30 21:38:29 +01:00
Bruno BELANYI
bfda64288e nix: bump inputs 2025-04-30 21:05:22 +01:00
Bruno BELANYI
89bc60609f home: firefox: tridactyl: use 'replaceVars'
Some checks failed
ci/woodpecker/push/check Pipeline failed
Details
2025-04-24 12:46:24 +02:00
Bruno BELANYI
2eb2a83dca flake: bump inputs
Some checks failed
ci/woodpecker/push/check Pipeline failed
Details
2025-04-24 09:33:30 +00:00
Bruno BELANYI
946eab9ec0 home: git: extract 'delta' configuration
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
I want to be able to re-use it between different source control systems
(e.g: `jj`).

As a first step, extract it to a proper module so that I can have it
live in a single space.
 2025-04-22 13:53:35 +00:00
Bruno BELANYI
ec1c94676a home: vim: highlight over-extended commit subjects
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-22 13:15:04 +00:00
Bruno BELANYI
29b47d7f84 home: tmux: rename 'mkTerminalFeature' 
This is a more accurate name to describe what the function is doing.
 2025-04-22 13:04:36 +00:00
Bruno BELANYI
135cef2536 home: atuin: add daemon
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
Enabled by default, I probably won't have a reason *not* to use it.
 2025-04-16 16:05:14 +00:00
Bruno BELANYI
ee1139713c hosts: nixos: porthos: services: enable cross-seed
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-16 17:26:10 +02:00
Bruno BELANYI
058096079e hosts: nixos: porthos: secrets: add cross-seed 2025-04-16 17:26:10 +02:00
Bruno BELANYI
c40090d176 nixos: services: servarr: add cross-seed 2025-04-16 17:26:10 +02:00
Bruno BELANYI
1b6a48d6c2 flake: bump inputs 2025-04-16 17:07:38 +02:00
Bruno BELANYI
e4bc0444bf nixos: services: transmission: fix umask 
I want downloads to be readable by the `media` group. The permissions
weren't correctly applied without `umask`.
 2025-04-16 17:01:18 +02:00
Bruno BELANYI
c69aaa7adb nixos: services: servarr: autobrr: fix websockets 
I found some logs complaining about websockets before enabling this.
 2025-04-16 17:01:18 +02:00
Bruno BELANYI
26ee59ef6e home: atuin: use 'uk' dialect for dates
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
This should be for date *parsing*, from my looking at the code.

Unlikely to be relevant, but might as well set it to the saner of the
two options.
 2025-04-14 13:54:57 +00:00
Bruno BELANYI
6f5ac4e55f home: vim: signtoggle: only show signs if 'number'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
If a buffer doesn't show a number column, I probably also don't want a
sign column to be toggled on/off in there.
 2025-04-14 10:24:33 +00:00
Bruno BELANYI
67936af4c7 home: vim: signtoggle: remove 'TermOpen' event 
It's now part of upstream's default setup.
 2025-04-14 10:20:02 +00:00
Bruno BELANYI
e82ae4a219 home: vim: numbertoggle: remove 'TermOpen' event 
It's now part of upstream's default setup.
 2025-04-14 10:20:02 +00:00
Bruno BELANYI
a0473a5c6c nixos: services: servarr: autobrr: fix fail2ban
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
The log line for authentication failures has been updated since the
original PR.

It also happens to be logged in JSON, and I'm a bit too lazy to match it
more properly than this.
 2025-04-12 11:30:14 +02:00
Bruno BELANYI
a28295da27 nixos: services: servarr: autobrr: fix comment
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-11 19:01:08 +02:00
Bruno BELANYI
bd55ecc016 hosts: nixos: porthos: services: enable homebox
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-09 12:29:27 +02:00
Bruno BELANYI
1dd1dbb917 nixos: services: homebox: proxy websockets 
Should avoid a bunch of error logs, and ensure that e.g: adding a label
does not require a refresh to show it in a list.
 2025-04-09 12:29:27 +02:00
Bruno BELANYI
439a6bc930 nixos: services: homebox: use postgres 2025-04-09 12:29:27 +02:00
Bruno BELANYI
e5bf5a3ba1 flake: bump inputs 2025-04-09 12:29:27 +02:00
Bruno BELANYI
a1cab7f606 flake: home-manager: set overlays in module
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
I need to inherit `lib` to make sure it picks up my version, not the one
from `pkgs`.

I can't use `extraSpecialArgs` like NixOS, due to it missing from
upstream [1].

[1]: https://github.com/nix-community/home-manager/pull/3969
 2025-04-07 16:16:41 +00:00
Bruno BELANYI
0152907536 flake: nixos: use 'self.dirtyRev' if available
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-07 10:19:30 +00:00
Bruno BELANYI
08f7c2bd79 nixos: services: nextcloud: bump to 31
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-05 20:24:21 +02:00
Bruno BELANYI
b8c649d5bf hosts: nixos: porthos: services: enable autobrr
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-05 20:22:27 +02:00
Bruno BELANYI
979814e9de hosts: nixos: porthos: secrets: add autobrr 2025-04-05 20:22:27 +02:00
Bruno BELANYI
215eb4c91a nixos: services: servarr: add autobrr 2025-04-05 20:22:27 +02:00
Bruno BELANYI
3510264186 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-05 20:11:43 +02:00
Bruno BELANYI
ec965800e4 nixos: services: servarr: nzbhydra: fix websockets 
From what I could read, NZBHydra2 *might* require proxying websockets in
new versions (better safe than sorry).
 2025-04-05 20:07:47 +02:00
Bruno BELANYI
b1ade72383 nixos: services: servarr: migrate nzbhydra 2025-04-05 20:07:47 +02:00
Bruno BELANYI
c823edf584 nixos: services: servarr: jackett: add 'port' 2025-04-05 20:07:47 +02:00
Bruno BELANYI
950cf4dd05 nixos: services: servarr: migrate jackett 2025-04-05 20:07:47 +02:00
Bruno BELANYI
f825d047b5 nixos: services: servarr: migrate prowlarr 
The configuration doesn't have `group`, so it's a slightly different
configuration to the rest of the *arr services.

I also want to move the other two indexer modules under `servarr`, as
they are all closely related.
 2025-04-05 20:07:47 +02:00
Bruno BELANYI
d783b5f5ee nixos: services: servarr: starr: add 'port' 
Now that declarative configurations are supported for those
applications.
 2025-04-05 20:07:47 +02:00
Bruno BELANYI
8e6be43817 nixox: services: servarr: refactor starr config 
Makes it slightly DRY-er and more readable.
 2025-04-05 20:07:47 +02:00
Bruno BELANYI
1f876d3e21 nixos: services: servarr: bazarr: add 'port' 2025-04-05 20:07:46 +02:00
Bruno BELANYI
860c13ab1f nixos: services: servarr: extract bazarr 
It's not an actual *arr package, but closely related to them. Extract
its configuration to a sub-module.
 2025-04-05 20:07:46 +02:00
Bruno BELANYI
7791ad0907 nixos: services: servarr: fix 'enableAll' logic 
I renamed the option and refactored how it worked to make it more
explicit that it enables the entire suite by default, with explicit
opt-out of individual components (or fine-grained opt-in as an
alternative).
 2025-04-05 20:07:46 +02:00
Bruno BELANYI
ca98b8367c templates: add python-uv 2025-04-05 19:00:10 +01:00
Bruno BELANYI
62ddec5c23 templates: remove unused 'follows' 2025-04-05 18:57:18 +01:00
Bruno BELANYI
418494004b templates: use 'pre-commit.enabledPackages' 2025-04-05 18:57:18 +01:00
Bruno BELANYI
53569f17a6 treewide: pre-commit-hooks.nix renaming 2025-04-05 18:33:37 +01:00
74 changed files with 1284 additions and 702 deletions
Download patch file Download diff file Expand all files Collapse all files

124
flake.lock generated
View file

@ -14,11 +14,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1736955230, "lastModified": 1762618334,
"narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", "rev": "fcdea223397448d35d9b31f798479227e80183f6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -36,11 +36,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1700795494, "lastModified": 1744478979,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -53,11 +53,11 @@
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1761588595,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -73,11 +73,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1743550720, "lastModified": 1763759067,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "c621e8422220273271f52058f618c94e405bb0f5", "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -108,10 +108,33 @@
"type": "github" "type": "github"
} }
}, },
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1763988335,
"narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "master",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"pre-commit-hooks", "git-hooks",
"nixpkgs" "nixpkgs"
] ]
}, },
@ -136,11 +159,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1743607567, "lastModified": 1764361670,
"narHash": "sha256-kTzKPDFmNzwO1cK4fiJgPB/iSw7HgBAmknRTeAPJAeI=", "narHash": "sha256-jgWzgpIaHbL3USIq0gihZeuy1lLf2YSfwvWEwnfAJUw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "49748c74cdbae03d70381f150b810f92617f23aa", "rev": "780be8ef503a28939cf9dc7996b48ffb1a3e04c6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -152,11 +175,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1743448293, "lastModified": 1764242076,
"narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=", "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3", "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -171,46 +194,22 @@
"flake-parts": [ "flake-parts": [
"flake-parts" "flake-parts"
], ],
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1741294988,
"narHash": "sha256-3408u6q615kVTb23WtDriHRmCBBpwX7iau6rvfipcu4=",
"owner": "nix-community",
"repo": "NUR",
"rev": "b30c245e2c44c7352a27485bfd5bc483df660f0e",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "NUR",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1742649964, "lastModified": 1764449851,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", "narHash": "sha256-VnodC1+3KML8MYLLnK84E6U2Fz4ioNacOeQd1pMCSTw=",
"owner": "cachix", "owner": "nix-community",
"repo": "pre-commit-hooks.nix", "repo": "NUR",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", "rev": "b1781c0aa8935d8d1f35d228bcc7127fcebcd363",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "cachix", "owner": "nix-community",
"ref": "master", "ref": "main",
"repo": "pre-commit-hooks.nix", "repo": "NUR",
"type": "github" "type": "github"
} }
}, },
@ -219,10 +218,10 @@
"agenix": "agenix", "agenix": "agenix",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"futils": "futils", "futils": "futils",
"git-hooks": "git-hooks",
"home-manager": "home-manager", "home-manager": "home-manager",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nur": "nur", "nur": "nur",
"pre-commit-hooks": "pre-commit-hooks",
"systems": "systems" "systems": "systems"
} }
}, },
@ -241,27 +240,6 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733222881,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

6
flake.nix
View file

@ -54,17 +54,17 @@
type = "github"; type = "github";
owner = "nix-community"; owner = "nix-community";
repo = "NUR"; repo = "NUR";
ref = "master"; ref = "main";
inputs = { inputs = {
flake-parts.follows = "flake-parts"; flake-parts.follows = "flake-parts";
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
}; };
}; };
pre-commit-hooks = { git-hooks = {
type = "github"; type = "github";
owner = "cachix"; owner = "cachix";
repo = "pre-commit-hooks.nix"; repo = "git-hooks.nix";
ref = "master"; ref = "master";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";

2
flake/checks.nix
View file

@ -1,7 +1,7 @@
{ inputs, ... }: { inputs, ... }:
{ {
imports = [ imports = [
inputs.pre-commit-hooks.flakeModule inputs.git-hooks.flakeModule
]; ];
perSystem = { ... }: { perSystem = { ... }: {

20
flake/home-manager.nix
View file

@ -3,6 +3,11 @@ let
defaultModules = [ defaultModules = [
# Include generic settings # Include generic settings
"${self}/modules/home" "${self}/modules/home"
{
nixpkgs.overlays = (lib.attrValues self.overlays) ++ [
inputs.nur.overlays.default
];
}
{ {
# Basic user information defaults # Basic user information defaults
home.username = lib.mkDefault "ambroisie"; home.username = lib.mkDefault "ambroisie";
@ -17,22 +22,15 @@ let
]; ];
mkHome = name: system: inputs.home-manager.lib.homeManagerConfiguration { mkHome = name: system: inputs.home-manager.lib.homeManagerConfiguration {
# Work-around for home-manager pkgs = inputs.nixpkgs.legacyPackages.${system};
# * not letting me set `lib` as an extraSpecialArgs
# * not respecting `nixpkgs.overlays` [1]
# [1]: https://github.com/nix-community/home-manager/issues/2954
pkgs = import inputs.nixpkgs {
inherit system;
overlays = (lib.attrValues self.overlays) ++ [
inputs.nur.overlays.default
];
};
modules = defaultModules ++ [ modules = defaultModules ++ [
"${self}/hosts/homes/${name}" "${self}/hosts/homes/${name}"
]; ];
# Use my extended lib in NixOS configuration
inherit (self) lib;
extraSpecialArgs = { extraSpecialArgs = {
# Inject inputs to use them in global registry # Inject inputs to use them in global registry
inherit inputs; inherit inputs;

6
flake/nixos.nix
View file

@ -3,7 +3,7 @@ let
defaultModules = [ defaultModules = [
{ {
# Let 'nixos-version --json' know about the Git revision # Let 'nixos-version --json' know about the Git revision
system.configurationRevision = self.rev or "dirty"; system.configurationRevision = self.rev or self.dirtyRev or "dirty";
} }
{ {
nixpkgs.overlays = (lib.attrValues self.overlays) ++ [ nixpkgs.overlays = (lib.attrValues self.overlays) ++ [
@ -15,8 +15,10 @@ let
]; ];
buildHost = name: system: lib.nixosSystem { buildHost = name: system: lib.nixosSystem {
inherit system;
modules = defaultModules ++ [ modules = defaultModules ++ [
{
nixpkgs.hostPlatform = system;
}
"${self}/hosts/nixos/${name}" "${self}/hosts/nixos/${name}"
]; ];
specialArgs = { specialArgs = {

4
flake/overlays.nix
View file

@ -1,4 +1,4 @@
{ self, ... }: { self, lib, ... }:
let let
default-overlays = import "${self}/overlays"; default-overlays = import "${self}/overlays";
@ -8,7 +8,7 @@ let
# Expose my custom packages # Expose my custom packages
pkgs = _final: prev: { pkgs = _final: prev: {
ambroisie = prev.recurseIntoAttrs (import "${self}/pkgs" { pkgs = prev; }); ambroisie = lib.recurseIntoAttrs (import "${self}/pkgs" { pkgs = prev; });
}; };
}; };
in in

14
hosts/homes/ambroisie@bazin/default.nix
View file

@ -4,6 +4,20 @@
services.gpg-agent.enable = lib.mkForce false; services.gpg-agent.enable = lib.mkForce false;
my.home = { my.home = {
atuin = {
package = pkgs.stdenv.mkDerivation {
pname = "atuin";
version = "18.4.0";
buildCommand = ''
mkdir -p $out/bin
ln -s /usr/bin/atuin $out/bin/atuin
'';
meta.mainProgram = "atuin";
};
};
git = { git = {
package = pkgs.emptyDirectory; package = pkgs.emptyDirectory;
}; };

14
hosts/homes/ambroisie@mousqueton/default.nix
View file

@ -7,6 +7,20 @@
services.gpg-agent.enable = lib.mkForce false; services.gpg-agent.enable = lib.mkForce false;
my.home = { my.home = {
atuin = {
package = pkgs.stdenv.mkDerivation {
pname = "atuin";
version = "18.4.0";
buildCommand = ''
mkdir -p $out/bin
ln -s /usr/bin/atuin $out/bin/atuin
'';
meta.mainProgram = "atuin";
};
};
git = { git = {
package = pkgs.emptyDirectory; package = pkgs.emptyDirectory;
}; };

4
hosts/nixos/aramis/home.nix
View file

@ -18,9 +18,7 @@
# Machine specific packages # Machine specific packages
packages.additionalPackages = with pkgs; [ packages.additionalPackages = with pkgs; [
element-desktop # Matrix client element-desktop # Matrix client
jellyfin-media-player # Wraps the webui and mpv together
pavucontrol # Audio mixer GUI pavucontrol # Audio mixer GUI
transgui # Transmission remote
]; ];
# Minimal video player # Minimal video player
mpv.enable = true; mpv.enable = true;
@ -28,6 +26,8 @@
nm-applet.enable = true; nm-applet.enable = true;
# Terminal # Terminal
terminal.program = "alacritty"; terminal.program = "alacritty";
# Transmission remote
trgui.enable = true;
# Zathura document viewer # Zathura document viewer
zathura.enable = true; zathura.enable = true;
}; };

18
hosts/nixos/porthos/secrets/secrets.nix
View file

@ -80,18 +80,12 @@ in
"pyload/credentials.age".publicKeys = all; "pyload/credentials.age".publicKeys = all;
"sso/auth-key.age" = { "servarr/autobrr/session-secret.age".publicKeys = all;
owner = "nginx-sso"; "servarr/cross-seed/configuration.json.age".publicKeys = all;
publicKeys = all;
}; "sso/auth-key.age".publicKeys = all;
"sso/ambroisie/password-hash.age" = { "sso/ambroisie/password-hash.age".publicKeys = all;
owner = "nginx-sso"; "sso/ambroisie/totp-secret.age".publicKeys = all;
publicKeys = all;
};
"sso/ambroisie/totp-secret.age" = {
owner = "nginx-sso";
publicKeys = all;
};
"tandoor-recipes/secret-key.age".publicKeys = all; "tandoor-recipes/secret-key.age".publicKeys = all;

7
hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 cKojmg bu09lB+fjaPP31cUQZP6EqSPuseucgNK7k9vAS08iS0
+NGL+b2QD/qGo6hqHvosAXzHZtDvfodmPdcgnrKlD1o
-> ssh-ed25519 jPowng QDCdRBGWhtdvvMCiDH52cZHz1/W7aomhTatZ4+9IKwI
Ou3jjV/O55G1CPgGS33l3eWhhYWrVdwVNPSiE14d5rE
--- q0ssmpG50OX1WaNSInc2hbtH3DbTwQGDU74VGEoMh94
 ¯mCùº<C3B9>Æ'hK.Ðì/™Xu(€«Õ×g$½'¼šM{fK˜ !ÛMZ²oR÷®ˆüÎÕ<C38E>ÍŸö;yb

BIN
hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age Normal file
View file

Binary file not shown.

21
hosts/nixos/porthos/services.nix
View file

@ -51,9 +51,9 @@ in
passwordFile = secrets."forgejo/mail-password".path; passwordFile = secrets."forgejo/mail-password".path;
}; };
}; };
# Meta-indexers # Home inventory
indexers = { homebox = {
prowlarr.enable = true; enable = true;
}; };
# Jellyfin media server # Jellyfin media server
jellyfin.enable = true; jellyfin.enable = true;
@ -144,11 +144,24 @@ in
sabnzbd.enable = true; sabnzbd.enable = true;
# The whole *arr software suite # The whole *arr software suite
servarr = { servarr = {
enable = true; enableAll = true;
autobrr = {
sessionSecretFile = secrets."servarr/autobrr/session-secret".path;
};
cross-seed = {
secretSettingsFile = secrets."servarr/cross-seed/configuration.json".path;
};
# ... But not Lidarr because I don't care for music that much # ... But not Lidarr because I don't care for music that much
lidarr = { lidarr = {
enable = false; enable = false;
}; };
# I only use Prowlarr nowadays
jackett = {
enable = false;
};
nzbhydra = {
enable = false;
};
}; };
# Because I still need to play sysadmin # Because I still need to play sysadmin
ssh-server.enable = true; ssh-server.enable = true;

11
modules/home/atuin/default.nix
View file

@ -6,8 +6,11 @@ in
options.my.home.atuin = with lib; { options.my.home.atuin = with lib; {
enable = my.mkDisableOption "atuin configuration"; enable = my.mkDisableOption "atuin configuration";
# I want the full experience by default
package = mkPackageOption pkgs "atuin" { }; package = mkPackageOption pkgs "atuin" { };
daemon = {
enable = my.mkDisableOption "atuin daemon";
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
@ -15,12 +18,18 @@ in
enable = true; enable = true;
inherit (cfg) package; inherit (cfg) package;
daemon = lib.mkIf cfg.daemon.enable {
enable = true;
};
flags = [ flags = [
# I *despise* this hijacking of the up key, even though I use Ctrl-p # I *despise* this hijacking of the up key, even though I use Ctrl-p
"--disable-up-arrow" "--disable-up-arrow"
]; ];
settings = { settings = {
# Reasonable date format
dialect = "uk";
# The package is managed by Nix # The package is managed by Nix
update_check = false; update_check = false;
# I don't care for the fancy display # I don't care for the fancy display

5
modules/home/default.nix
View file

@ -8,6 +8,7 @@
./bluetooth ./bluetooth
./calibre ./calibre
./comma ./comma
./delta
./dircolors ./dircolors
./direnv ./direnv
./discord ./discord
@ -37,6 +38,7 @@
./ssh ./ssh
./terminal ./terminal
./tmux ./tmux
./trgui
./udiskie ./udiskie
./vim ./vim
./wget ./wget
@ -50,9 +52,6 @@
# First sane reproducible version # First sane reproducible version
home.stateVersion = "20.09"; home.stateVersion = "20.09";
# Who am I?
home.username = "ambroisie";
# Start services automatically # Start services automatically
systemd.user.startServices = "sd-switch"; systemd.user.startServices = "sd-switch";
} }

49
modules/home/delta/default.nix Normal file
View file

@ -0,0 +1,49 @@
{ config, pkgs, lib, ... }:
let
cfg = config.my.home.delta;
in
{
options.my.home.delta = with lib; {
enable = my.mkDisableOption "delta configuration";
package = mkPackageOption pkgs "delta" { };
git = {
enable = my.mkDisableOption "git integration";
};
};
config = lib.mkIf cfg.enable {
programs.delta = {
enable = true;
inherit (cfg) package;
enableGitIntegration = cfg.git.enable;
options = {
features = "diff-highlight decorations";
# Less jarring style for `diff-highlight` emulation
diff-highlight = {
minus-style = "red";
minus-non-emph-style = "red";
minus-emph-style = "bold red 52";
plus-style = "green";
plus-non-emph-style = "green";
plus-emph-style = "bold green 22";
whitespace-error-style = "reverse red";
};
# Personal preference for easier reading
decorations = {
commit-style = "raw"; # Do not recolor meta information
keep-plus-minus-markers = true;
paging = "always";
};
};
};
};
}

2
modules/home/direnv/lib/python.sh
View file

@ -46,7 +46,7 @@ layout_uv() {
fi fi
# create venv if it doesn't exist # create venv if it doesn't exist
uv venv -q uv venv -q --allow-existing
export VIRTUAL_ENV export VIRTUAL_ENV
export UV_ACTIVE=1 export UV_ACTIVE=1

13
modules/home/discord/default.nix
View file

@ -1,8 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
cfg = config.my.home.discord; cfg = config.my.home.discord;
jsonFormat = pkgs.formats.json { };
in in
{ {
options.my.home.discord = with lib; { options.my.home.discord = with lib; {
@ -12,14 +10,15 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
home.packages = with pkgs; [ programs.discord = {
cfg.package enable = true;
];
xdg.configFile."discord/settings.json".source = inherit (cfg) package;
jsonFormat.generate "discord.json" {
settings = {
# Do not keep me from using the app just to force an update # Do not keep me from using the app just to force an update
SKIP_HOST_UPDATE = true; SKIP_HOST_UPDATE = true;
}; };
};
}; };
} }

4
modules/home/firefox/tridactyl/default.nix
View file

@ -12,9 +12,7 @@ let
in in
{ {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
xdg.configFile."tridactyl/tridactylrc".source = pkgs.substituteAll { xdg.configFile."tridactyl/tridactylrc".source = pkgs.replaceVars ./tridactylrc {
src = ./tridactylrc;
editorcmd = lib.concatStringsSep " " [ editorcmd = lib.concatStringsSep " " [
# Use my configured terminal # Use my configured terminal
term term

66
modules/home/git/default.nix
View file

@ -21,57 +21,31 @@ in
config.programs.git = lib.mkIf cfg.enable { config.programs.git = lib.mkIf cfg.enable {
enable = true; enable = true;
# Who am I?
userEmail = mkMailAddress "bruno" "belanyi.fr";
userName = "Bruno BELANYI";
inherit (cfg) package; inherit (cfg) package;
aliases = {
git = "!git";
lol = "log --graph --decorate --pretty=oneline --abbrev-commit --topo-order";
lola = "lol --all";
assume = "update-index --assume-unchanged";
unassume = "update-index --no-assume-unchanged";
assumed = "!git ls-files -v | grep ^h | cut -c 3-";
pick = "log -p -G";
push-new = "!git push -u origin "
+ ''"$(git branch | grep '^* ' | cut -f2- -d' ')"'';
root = "git rev-parse --show-toplevel";
};
lfs.enable = true; lfs.enable = true;
delta = {
enable = true;
options = {
features = "diff-highlight decorations";
# Less jarring style for `diff-highlight` emulation
diff-highlight = {
minus-style = "red";
minus-non-emph-style = "red";
minus-emph-style = "bold red 52";
plus-style = "green";
plus-non-emph-style = "green";
plus-emph-style = "bold green 22";
whitespace-error-style = "reverse red";
};
# Personal preference for easier reading
decorations = {
commit-style = "raw"; # Do not recolor meta information
keep-plus-minus-markers = true;
paging = "always";
};
};
};
# There's more # There's more
extraConfig = { settings = {
# Who am I?
user = {
email = mkMailAddress "bruno" "belanyi.fr";
name = "Bruno BELANYI";
};
alias = {
git = "!git";
lol = "log --graph --decorate --pretty=oneline --abbrev-commit --topo-order";
lola = "lol --all";
assume = "update-index --assume-unchanged";
unassume = "update-index --no-assume-unchanged";
assumed = "!git ls-files -v | grep ^h | cut -c 3-";
pick = "log -p -G";
push-new = "!git push -u origin "
+ ''"$(git branch | grep '^* ' | cut -f2- -d' ')"'';
root = "git rev-parse --show-toplevel";
};
# Makes it a bit more readable # Makes it a bit more readable
blame = { blame = {
coloring = "repeatedLines"; coloring = "repeatedLines";

2
modules/home/gpg/default.nix
View file

@ -17,7 +17,7 @@ in
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
enableSshSupport = true; # One agent to rule them all enableSshSupport = true; # One agent to rule them all
pinentryPackage = cfg.pinentry; pinentry.package = cfg.pinentry;
extraConfig = '' extraConfig = ''
allow-loopback-pinentry allow-loopback-pinentry
''; '';

2
modules/home/nix/default.nix
View file

@ -69,7 +69,7 @@ in
automatic = true; automatic = true;
# Every week, with some wiggle room # Every week, with some wiggle room
frequency = "weekly"; dates = "weekly";
randomizedDelaySec = "10min"; randomizedDelaySec = "10min";
# Use a persistent timer for e.g: laptops # Use a persistent timer for e.g: laptops

10
modules/home/ssh/default.nix
View file

@ -17,6 +17,7 @@ in
{ {
programs.ssh = { programs.ssh = {
enable = true; enable = true;
enableDefaultConfig = false;
includes = [ includes = [
# Local configuration, not-versioned # Local configuration, not-versioned
@ -53,11 +54,12 @@ in
identityFile = "~/.ssh/shared_rsa"; identityFile = "~/.ssh/shared_rsa";
user = "ambroisie"; user = "ambroisie";
}; };
};
extraConfig = '' # `*` is automatically made the last match block by the module
AddKeysToAgent yes "*" = {
''; addKeysToAgent = "yes";
};
};
}; };
} }

12
modules/home/tmux/default.nix
View file

@ -6,7 +6,7 @@ let
(config.my.home.wm.windowManager != null) (config.my.home.wm.windowManager != null)
]; ];
mkTerminalFlags = opt: flag: mkTerminalFeature = opt: flag:
let let
mkFlag = term: ''set -as terminal-features ",${term}:${flag}"''; mkFlag = term: ''set -as terminal-features ",${term}:${flag}"'';
enabledTerminals = lib.filterAttrs (_: v: v.${opt}) cfg.terminalFeatures; enabledTerminals = lib.filterAttrs (_: v: v.${opt}) cfg.terminalFeatures;
@ -48,7 +48,7 @@ in
keyMode = "vi"; # Home-row keys and other niceties keyMode = "vi"; # Home-row keys and other niceties
clock24 = true; # I'm one of those heathens clock24 = true; # I'm one of those heathens
escapeTime = 0; # Let vim do its thing instead escapeTime = 0; # Let vim do its thing instead
historyLimit = 100000; # Bigger buffer historyLimit = 1000000; # Bigger buffer
mouse = false; # I dislike mouse support mouse = false; # I dislike mouse support
focusEvents = true; # Report focus events focusEvents = true; # Report focus events
terminal = "tmux-256color"; # I want accurate termcap info terminal = "tmux-256color"; # I want accurate termcap info
@ -61,8 +61,8 @@ in
pain-control pain-control
# Better session management # Better session management
sessionist sessionist
# X clipboard integration
{ {
# X clipboard integration
plugin = yank; plugin = yank;
extraConfig = '' extraConfig = ''
# Use 'clipboard' because of misbehaving apps (e.g: firefox) # Use 'clipboard' because of misbehaving apps (e.g: firefox)
@ -71,8 +71,8 @@ in
set -g @yank_action 'copy-pipe' set -g @yank_action 'copy-pipe'
''; '';
} }
# Show when prefix has been pressed
{ {
# Show when prefix has been pressed
plugin = prefix-highlight; plugin = prefix-highlight;
extraConfig = '' extraConfig = ''
# Also show when I'm in copy or sync mode # Also show when I'm in copy or sync mode
@ -123,9 +123,9 @@ in
} }
# Force OSC8 hyperlinks for each relevant $TERM # Force OSC8 hyperlinks for each relevant $TERM
${mkTerminalFlags "hyperlinks" "hyperlinks"} ${mkTerminalFeature "hyperlinks" "hyperlinks"}
# Force 24-bit color for each relevant $TERM # Force 24-bit color for each relevant $TERM
${mkTerminalFlags "trueColor" "RGB"} ${mkTerminalFeature "trueColor" "RGB"}
''; '';
}; };
} }

17
modules/home/trgui/default.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let
cfg = config.my.home.trgui;
in
{
options.my.home.trgui = with lib; {
enable = mkEnableOption "Transmission GUI onfiguration";
package = mkPackageOption pkgs "TrguiNG" { default = "trgui-ng"; };
};
config = lib.mkIf cfg.enable {
home.packages = with pkgs; [
cfg.package
];
};
}

6
modules/home/vim/after/queries/gitcommit/highlights.scm Normal file
View file

@ -0,0 +1,6 @@
; extends
; Highlight over-extended subject lines (rely on wrapping for message body)
((subject) @comment.error
(#vim-match? @comment.error ".\{50,}")
(#offset! @comment.error 0 50 0 0))

1
modules/home/vim/default.nix
View file

@ -80,7 +80,6 @@ in
nvim-surround # Deal with pairs, now in Lua nvim-surround # Deal with pairs, now in Lua
oil-nvim # Better alternative to NetrW oil-nvim # Better alternative to NetrW
telescope-fzf-native-nvim # Use 'fzf' fuzzy matching algorithm telescope-fzf-native-nvim # Use 'fzf' fuzzy matching algorithm
telescope-lsp-handlers-nvim # Use 'telescope' for various LSP actions
telescope-nvim # Fuzzy finder interface telescope-nvim # Fuzzy finder interface
which-key-nvim # Show available mappings which-key-nvim # Show available mappings
]; ];

7
modules/home/vim/ftdetect/glsl.lua
View file

@ -1,7 +0,0 @@
-- Use GLSL filetype for common shader file extensions
vim.filetype.add({
extension = {
frag = "glsl",
vert = "glsl",
},
})

3
modules/home/vim/init.vim
View file

@ -81,9 +81,6 @@ set updatetime=250
" Disable all mouse integrations " Disable all mouse integrations
set mouse= set mouse=
" Set dark mode by default
set background=dark
" Setup some overrides for gruvbox " Setup some overrides for gruvbox
lua << EOF lua << EOF
local gruvbox = require("gruvbox") local gruvbox = require("gruvbox")

5
modules/home/vim/lua/ambroisie/lsp.lua
View file

@ -53,6 +53,10 @@ M.on_attach = function(client, bufnr)
vim.diagnostic.open_float(nil, { scope = "buffer" }) vim.diagnostic.open_float(nil, { scope = "buffer" })
end end
local function toggle_inlay_hints()
vim.lsp.inlay_hint.enable(not vim.lsp.inlay_hint.is_enabled())
end
local keys = { local keys = {
buffer = bufnr, buffer = bufnr,
-- LSP navigation -- LSP navigation
@ -67,6 +71,7 @@ M.on_attach = function(client, bufnr)
{ "<leader>ca", vim.lsp.buf.code_action, desc = "Code actions" }, { "<leader>ca", vim.lsp.buf.code_action, desc = "Code actions" },
{ "<leader>cd", cycle_diagnostics_display, desc = "Cycle diagnostics display" }, { "<leader>cd", cycle_diagnostics_display, desc = "Cycle diagnostics display" },
{ "<leader>cD", show_buffer_diagnostics, desc = "Show buffer diagnostics" }, { "<leader>cD", show_buffer_diagnostics, desc = "Show buffer diagnostics" },
{ "<leader>ch", toggle_inlay_hints, desc = "Toggle inlay hints" },
{ "<leader>cr", vim.lsp.buf.rename, desc = "Rename symbol" }, { "<leader>cr", vim.lsp.buf.rename, desc = "Rename symbol" },
{ "<leader>cs", vim.lsp.buf.signature_help, desc = "Show signature" }, { "<leader>cs", vim.lsp.buf.signature_help, desc = "Show signature" },
{ "<leader>ct", vim.lsp.buf.type_definition, desc = "Go to type definition" }, { "<leader>ct", vim.lsp.buf.type_definition, desc = "Go to type definition" },

10
modules/home/vim/plugin/numbertoggle.lua
View file

@ -22,13 +22,3 @@ vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "InsertEnter", "WinLeave"
end end
end, end,
}) })
-- Never show the sign column in a terminal buffer
vim.api.nvim_create_autocmd({ "TermOpen" }, {
pattern = "*",
group = numbertoggle,
callback = function()
vim.opt.number = false
vim.opt.relativenumber = false
end,
})

106
modules/home/vim/plugin/settings/lspconfig.lua
View file

@ -1,4 +1,3 @@
local lspconfig = require("lspconfig")
local lsp = require("ambroisie.lsp") local lsp = require("ambroisie.lsp")
local utils = require("ambroisie.utils") local utils = require("ambroisie.utils")
@ -25,59 +24,27 @@ vim.diagnostic.config({
-- Inform servers we are able to do completion, snippets, etc... -- Inform servers we are able to do completion, snippets, etc...
local capabilities = require("cmp_nvim_lsp").default_capabilities() local capabilities = require("cmp_nvim_lsp").default_capabilities()
-- C/C++ -- Shared configuration
if utils.is_executable("clangd") then vim.lsp.config("*", {
lspconfig.clangd.setup({ capabilities = capabilities,
capabilities = capabilities, on_attach = lsp.on_attach,
on_attach = lsp.on_attach, })
})
end
-- Haskell local servers = {
if utils.is_executable("haskell-language-server-wrapper") then -- C/C++
lspconfig.hls.setup({ clangd = {},
capabilities = capabilities, -- Haskell
on_attach = lsp.on_attach, hls = {},
}) -- Nix
end nil_ls = {},
-- Python
-- Nix pyright = {},
if utils.is_executable("nil") then ruff = {},
lspconfig.nil_ls.setup({ -- Rust
capabilities = capabilities, rust_analyzer = {},
on_attach = lsp.on_attach, -- Shell
}) bashls = {
end
-- Python
if utils.is_executable("pyright") then
lspconfig.pyright.setup({
capabilities = capabilities,
on_attach = lsp.on_attach,
})
end
if utils.is_executable("ruff") then
lspconfig.ruff.setup({
capabilities = capabilities,
on_attach = lsp.on_attach,
})
end
-- Rust
if utils.is_executable("rust-analyzer") then
lspconfig.rust_analyzer.setup({
capabilities = capabilities,
on_attach = lsp.on_attach,
})
end
-- Shell
if utils.is_executable("bash-language-server") then
lspconfig.bashls.setup({
filetypes = { "bash", "sh", "zsh" }, filetypes = { "bash", "sh", "zsh" },
capabilities = capabilities,
on_attach = lsp.on_attach,
settings = { settings = {
bashIde = { bashIde = {
shfmt = { shfmt = {
@ -88,28 +55,17 @@ if utils.is_executable("bash-language-server") then
}, },
}, },
}, },
}) },
end -- Starlark
starpls = {},
-- Generic
harper_ls = {},
typos_lsp = {},
}
-- Starlark for server, config in pairs(servers) do
if utils.is_executable("starpls") then if not vim.tbl_isempty(config) then
lspconfig.starpls.setup({ vim.lsp.config(server, config)
capabilities = capabilities, end
on_attach = lsp.on_attach, vim.lsp.enable(server)
})
end
-- Generic
if utils.is_executable("harper-ls") then
lspconfig.harper_ls.setup({
capabilities = capabilities,
on_attach = lsp.on_attach,
})
end
if utils.is_executable("typos-lsp") then
lspconfig.typos_lsp.setup({
capabilities = capabilities,
on_attach = lsp.on_attach,
})
end end

1
modules/home/vim/plugin/settings/telescope.lua
View file

@ -23,7 +23,6 @@ telescope.setup({
}) })
telescope.load_extension("fzf") telescope.load_extension("fzf")
telescope.load_extension("lsp_handlers")
local keys = { local keys = {
{ "<leader>f", group = "Fuzzy finder" }, { "<leader>f", group = "Fuzzy finder" },

19
modules/home/vim/plugin/signtoggle.lua
View file

@ -1,26 +1,21 @@
local signtoggle = vim.api.nvim_create_augroup("signtoggle", { clear = true }) local signtoggle = vim.api.nvim_create_augroup("signtoggle", { clear = true })
-- Only show sign column for the currently focused buffer -- Only show sign column for the currently focused buffer, if it has a number column
vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "WinEnter" }, { vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "WinEnter" }, {
pattern = "*", pattern = "*",
group = signtoggle, group = signtoggle,
callback = function() callback = function()
vim.opt.signcolumn = "yes" if vim.opt.number:get() then
vim.opt.signcolumn = "yes"
end
end, end,
}) })
vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "WinLeave" }, { vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "WinLeave" }, {
pattern = "*", pattern = "*",
group = signtoggle, group = signtoggle,
callback = function() callback = function()
vim.opt.signcolumn = "no" if vim.opt.number:get() then
end, vim.opt.signcolumn = "no"
}) end
-- Never show the sign column in a terminal buffer
vim.api.nvim_create_autocmd({ "TermOpen" }, {
pattern = "*",
group = signtoggle,
callback = function()
vim.opt.signcolumn = "no"
end, end,
}) })

1
modules/home/wm/i3/default.nix
View file

@ -127,6 +127,7 @@ in
{ class = "^Blueman-.*$"; } { class = "^Blueman-.*$"; }
{ title = "^htop$"; } { title = "^htop$"; }
{ class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; } { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; }
{ class = "^firefox$"; instance = "Places"; window_role = "Organizer"; }
{ class = "^pavucontrol.*$"; } { class = "^pavucontrol.*$"; }
{ class = "^Arandr$"; } { class = "^Arandr$"; }
{ class = "^\\.blueman-manager-wrapped$"; } { class = "^\\.blueman-manager-wrapped$"; }

3
modules/home/xdg/default.nix
View file

@ -56,4 +56,7 @@ in
XCOMPOSECACHE = "${dataHome}/X11/xcompose"; XCOMPOSECACHE = "${dataHome}/X11/xcompose";
_JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java"; _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java";
}; };
# Some modules *optionally* use `XDG_*_HOME` when told to
config.home.preferXdgDirectories = lib.mkIf cfg.enable true;
} }

30
modules/home/zsh/default.nix
View file

@ -1,14 +1,6 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
cfg = config.my.home.zsh; cfg = config.my.home.zsh;
# Have a nice relative path for XDG_CONFIG_HOME, without leading `/`
relativeXdgConfig =
let
noHome = lib.removePrefix config.home.homeDirectory;
noSlash = lib.removePrefix "/";
in
noSlash (noHome config.xdg.configHome);
in in
{ {
options.my.home.zsh = with lib; { options.my.home.zsh = with lib; {
@ -16,16 +8,22 @@ in
launchTmux = mkEnableOption "auto launch tmux at shell start"; launchTmux = mkEnableOption "auto launch tmux at shell start";
completionSync = {
enable = mkEnableOption "zsh-completion-sync plugin";
};
notify = { notify = {
enable = mkEnableOption "zsh-done notification"; enable = mkEnableOption "zsh-done notification";
exclude = mkOption { exclude = mkOption {
type = with types; listOf str; type = with types; listOf str;
default = [ default = [
"bat"
"delta" "delta"
"direnv reload" "direnv reload"
"fg" "fg"
"git (?!push|pull|fetch)" "git (?!push|pull|fetch)"
"home-manager (?!switch|build)"
"htop" "htop"
"less" "less"
"man" "man"
@ -57,7 +55,7 @@ in
programs.zsh = { programs.zsh = {
enable = true; enable = true;
dotDir = "${relativeXdgConfig}/zsh"; # Don't clutter $HOME dotDir = "${config.xdg.configHome}/zsh"; # Don't clutter $HOME
enableCompletion = true; enableCompletion = true;
history = { history = {
@ -74,7 +72,7 @@ in
plugins = [ plugins = [
{ {
name = "fast-syntax-highlighting"; name = "fast-syntax-highlighting";
file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh"; file = "share/zsh/plugins/fast-syntax-highlighting/fast-syntax-highlighting.plugin.zsh";
src = pkgs.zsh-fast-syntax-highlighting; src = pkgs.zsh-fast-syntax-highlighting;
} }
{ {
@ -124,6 +122,18 @@ in
}; };
} }
(lib.mkIf cfg.completionSync.enable {
programs.zsh = {
plugins = [
{
name = "zsh-completion-sync";
file = "share/zsh-completion-sync/zsh-completion-sync.plugin.zsh";
src = pkgs.zsh-completion-sync;
}
];
};
})
(lib.mkIf cfg.notify.enable { (lib.mkIf cfg.notify.enable {
programs.zsh = { programs.zsh = {
plugins = [ plugins = [

2
modules/nixos/profiles/wm/default.nix
View file

@ -24,6 +24,8 @@ in
my.home.udiskie.enable = true; my.home.udiskie.enable = true;
# udiskie fails if it can't find this dbus service # udiskie fails if it can't find this dbus service
services.udisks2.enable = true; services.udisks2.enable = true;
# Ensure i3lock can actually unlock the session
security.pam.services.i3lock.enable = true;
}) })
]; ];
} }

2
modules/nixos/profiles/x/default.nix
View file

@ -13,7 +13,7 @@ in
# Nice wallpaper # Nice wallpaper
services.xserver.displayManager.lightdm.background = services.xserver.displayManager.lightdm.background =
let let
wallpapers = "${pkgs.plasma5Packages.plasma-workspace-wallpapers}/share/wallpapers"; wallpapers = "${pkgs.kdePackages.plasma-workspace-wallpapers}/share/wallpapers";
in in
"${wallpapers}/summer_1am/contents/images/2560x1600.jpg"; "${wallpapers}/summer_1am/contents/images/2560x1600.jpg";

2
modules/nixos/services/default.nix
View file

@ -15,7 +15,6 @@
./gitea ./gitea
./grocy ./grocy
./homebox ./homebox
./indexers
./jellyfin ./jellyfin
./komga ./komga
./lohr ./lohr
@ -39,6 +38,7 @@
./servarr ./servarr
./ssh-server ./ssh-server
./tandoor-recipes ./tandoor-recipes
./thelounge
./tlp ./tlp
./transmission ./transmission
./vikunja ./vikunja

4
modules/nixos/services/drone/server/default.nix
View file

@ -6,8 +6,8 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.services.drone-server = { systemd.services.drone-server = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "postgresql.service" ]; after = [ "postgresql.target" ];
requires = [ "postgresql.service" ]; requires = [ "postgresql.target" ];
serviceConfig = { serviceConfig = {
EnvironmentFile = [ EnvironmentFile = [
cfg.secretFile cfg.secretFile

8
modules/nixos/services/homebox/default.nix
View file

@ -19,6 +19,11 @@ in
services.homebox = { services.homebox = {
enable = true; enable = true;
# Automatic PostgreSQL provisioning
database = {
createLocally = true;
};
settings = { settings = {
# FIXME: mailer? # FIXME: mailer?
HBOX_WEB_PORT = toString cfg.port; HBOX_WEB_PORT = toString cfg.port;
@ -28,12 +33,13 @@ in
my.services.nginx.virtualHosts = { my.services.nginx.virtualHosts = {
homebox = { homebox = {
inherit (cfg) port; inherit (cfg) port;
websocketsLocations = [ "/api" ];
}; };
}; };
my.services.backup = { my.services.backup = {
paths = [ paths = [
config.services.homebox.settings.HBOX_STORAGE_DATA (lib.removePrefix "file://" config.services.homebox.settings.HBOX_STORAGE_CONN_STRING)
]; ];
}; };

78
modules/nixos/services/indexers/default.nix
View file

@ -1,78 +0,0 @@
# Torrent and usenet meta-indexers
{ config, lib, ... }:
let
cfg = config.my.services.indexers;
jackettPort = 9117;
nzbhydraPort = 5076;
prowlarrPort = 9696;
in
{
options.my.services.indexers = with lib; {
jackett.enable = mkEnableOption "Jackett torrent meta-indexer";
nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer";
prowlarr.enable = mkEnableOption "Prowlarr torrent & usenet meta-indexer";
};
config = lib.mkMerge [
(lib.mkIf cfg.jackett.enable {
services.jackett = {
enable = true;
};
# Jackett wants to eat *all* my RAM if left to its own devices
systemd.services.jackett = {
serviceConfig = {
MemoryHigh = "15%";
MemoryMax = "25%";
};
};
my.services.nginx.virtualHosts = {
jackett = {
port = jackettPort;
};
};
})
(lib.mkIf cfg.nzbhydra.enable {
services.nzbhydra2 = {
enable = true;
};
my.services.nginx.virtualHosts = {
nzbhydra = {
port = nzbhydraPort;
};
};
})
(lib.mkIf cfg.prowlarr.enable {
services.prowlarr = {
enable = true;
};
my.services.nginx.virtualHosts = {
prowlarr = {
port = prowlarrPort;
};
};
services.fail2ban.jails = {
prowlarr = ''
enabled = true
filter = prowlarr
action = iptables-allports
'';
};
environment.etc = {
"fail2ban/filter.d/prowlarr.conf".text = ''
[Definition]
failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
journalmatch = _SYSTEMD_UNIT=prowlarr.service
'';
};
})
];
}

143
modules/nixos/services/matrix/bridges.nix Normal file
View file

@ -0,0 +1,143 @@
# Matrix bridges for some services I use
{ config, lib, ... }:
let
cfg = config.my.services.matrix.bridges;
synapseCfg = config.services.matrix-synapse;
domain = config.networking.domain;
serverName = synapseCfg.settings.server_name;
mkBridgeOption = n: lib.mkEnableOption "${n} bridge" // { default = cfg.enable; };
mkPortOption = n: default: lib.mkOption {
type = lib.types.port;
inherit default;
example = 8080;
description = "${n} bridge port";
};
mkEnvironmentFileOption = n: lib.mkOption {
type = lib.types.str;
example = "/run/secret/matrix/${lib.toLower n}-bridge-secrets.env";
description = ''
Path to a file which should contain the secret values for ${n} bridge.
Using through the following format:
```
MATRIX_APPSERVICE_AS_TOKEN=<the_as_value>
MATRIX_APPSERVICE_HS_TOKEN=<the_hs_value>
```
Each bridge should use a different set of secrets, as they each register
their own independent double-puppetting appservice.
'';
};
in
{
options.my.services.matrix.bridges = with lib; {
enable = mkEnableOption "bridges configuration";
admin = mkOption {
type = types.str;
default = "ambroisie";
example = "admin";
description = "Local username for the admin";
};
facebook = {
enable = mkBridgeOption "Facebook";
port = mkPortOption "Facebook" 29321;
environmentFile = mkEnvironmentFileOption "Facebook";
};
};
config = lib.mkMerge [
(lib.mkIf cfg.facebook.enable {
services.mautrix-meta.instances.facebook = {
enable = true;
# Automatically register the bridge with synapse
registerToSynapse = true;
# Provide `AS_TOKEN`, `HS_TOKEN`
inherit (cfg.facebook) environmentFile;
settings = {
homeserver = {
domain = serverName;
address = "http://localhost:${toString config.my.services.matrix.port}";
};
appservice = {
hostname = "localhost";
inherit (cfg.facebook) port;
address = "http://localhost:${toString cfg.facebook.port}";
public_address = "https://facebook-bridge.${domain}";
as_token = "$MATRIX_APPSERVICE_AS_TOKEN";
hs_token = "$MATRIX_APPSERVICE_HS_TOKEN";
bot = {
username = "fbbot";
};
};
backfill = {
enabled = true;
};
bridge = {
delivery_receipts = true;
permissions = {
"*" = "relay";
${serverName} = "user";
"@${cfg.admin}:${serverName}" = "admin";
};
};
database = {
type = "postgres";
uri = "postgres:///mautrix-meta-facebook?host=/var/run/postgresql/";
};
double_puppet = {
secrets = {
${serverName} = "as_token:$MATRIX_APPSERVICE_AS_TOKEN";
};
};
network = {
# Don't be picky on Facebook/Messenger
allow_messenger_com_on_fb = true;
displayname_template = ''{{or .DisplayName .Username "Unknown user"}} (FB)'';
};
provisioning = {
shared_secret = "disable";
};
};
};
services.postgresql = {
enable = true;
ensureDatabases = [ "mautrix-meta-facebook" ];
ensureUsers = [{
name = "mautrix-meta-facebook";
ensureDBOwnership = true;
}];
};
systemd.services.mautrix-meta-facebook = {
wants = [ "postgres.service" ];
after = [ "postgres.service" ];
};
my.services.nginx.virtualHosts = {
# Proxy to the bridge
"facebook-bridge" = {
inherit (cfg.facebook) port;
};
};
})
];
}

199
modules/nixos/services/matrix/default.nix
View file

@ -1,24 +1,49 @@
# Matrix homeserver setup, using different endpoints for federation and client # Matrix homeserver setup.
# traffic. The main trick for this is defining two nginx servers endpoints for
# matrix.domain.com, each listening on different ports.
#
# Configuration shamelessly stolen from [1]
#
# [1]: https://github.com/alarsyo/nixos-config/blob/main/services/matrix.nix
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
cfg = config.my.services.matrix; cfg = config.my.services.matrix;
federationPort = { public = 8448; private = 11338; }; adminPkg = pkgs.synapse-admin-etkecc;
clientPort = { public = 443; private = 11339; };
domain = config.networking.domain; domain = config.networking.domain;
matrixDomain = "matrix.${domain}"; matrixDomain = "matrix.${domain}";
serverConfig = {
"m.server" = "${matrixDomain}:443";
};
clientConfig = {
"m.homeserver" = {
"base_url" = "https://${matrixDomain}";
"server_name" = domain;
};
"m.identity_server" = {
"base_url" = "https://vector.im";
};
};
# ACAO required to allow element-web on any URL to request this json file
mkWellKnown = data: ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in in
{ {
imports = [
./bridges.nix
];
options.my.services.matrix = with lib; { options.my.services.matrix = with lib; {
enable = mkEnableOption "Matrix Synapse"; enable = mkEnableOption "Matrix Synapse";
port = mkOption {
type = types.port;
default = 8448;
example = 8008;
description = "Internal port for listeners";
};
secretFile = mkOption { secretFile = mkOption {
type = with types; nullOr str; type = with types; nullOr str;
default = null; default = null;
@ -58,22 +83,22 @@ in
enable_registration = false; enable_registration = false;
listeners = [ listeners = [
# Federation
{ {
inherit (cfg) port;
bind_addresses = [ "::1" ]; bind_addresses = [ "::1" ];
port = federationPort.private; type = "http";
tls = false; # Terminated by nginx. tls = false;
x_forwarded = true; x_forwarded = true;
resources = [{ names = [ "federation" ]; compress = false; }]; resources = [
} {
names = [ "client" ];
# Client compress = true;
{ }
bind_addresses = [ "::1" ]; {
port = clientPort.private; names = [ "federation" ];
tls = false; # Terminated by nginx. compress = false;
x_forwarded = true; }
resources = [{ names = [ "client" ]; compress = false; }]; ];
} }
]; ];
@ -96,19 +121,12 @@ in
chat = { chat = {
root = pkgs.element-web.override { root = pkgs.element-web.override {
conf = { conf = {
default_server_config = { default_server_config = clientConfig;
"m.homeserver" = { show_labs_settings = true;
"base_url" = "https://${matrixDomain}"; default_country_code = "FR"; # cocorico
"server_name" = domain; room_directory = {
};
"m.identity_server" = {
"base_url" = "https://vector.im";
};
};
showLabsSettings = true;
defaultCountryCode = "FR"; # cocorico
roomDirectory = {
"servers" = [ "servers" = [
domain
"matrix.org" "matrix.org"
"mozilla.org" "mozilla.org"
]; ];
@ -116,99 +134,54 @@ in
}; };
}; };
}; };
# Dummy VHosts for port collision detection matrix = {
matrix-federation = { # Somewhat unused, but necessary for port collision detection
port = federationPort.private; inherit (cfg) port;
};
matrix-client = { extraConfig = {
port = clientPort.private; locations = {
# Or do a redirect instead of the 404, or whatever is appropriate
# for you. But do not put a Matrix Web client here! See the
# Element web section above.
"/".return = "404";
"/_matrix".proxyPass = "http://[::1]:${toString cfg.port}";
"/_synapse".proxyPass = "http://[::1]:${toString cfg.port}";
"= /admin".return = "307 /admin/";
"/admin/" = {
alias = "${adminPkg}/";
priority = 500;
tryFiles = "$uri $uri/ /index.html";
};
"~ ^/admin/.*\\.(?:css|js|jpg|jpeg|gif|png|svg|ico|woff|woff2|ttf|eot|webp)$" = {
priority = 400;
root = adminPkg;
extraConfig = ''
rewrite ^/admin/(.*)$ /$1 break;
expires 30d;
more_set_headers "Cache-Control: public";
'';
};
};
};
}; };
}; };
# Those are too complicated to use my wrapper... # Setup well-known locations
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
${matrixDomain} = {
onlySSL = true;
useACMEHost = domain;
locations =
let
proxyToClientPort = {
proxyPass = "http://[::1]:${toString clientPort.private}";
};
in
{
# Or do a redirect instead of the 404, or whatever is appropriate
# for you. But do not put a Matrix Web client here! See the
# Element web section below.
"/".return = "404";
"/_matrix" = proxyToClientPort;
"/_synapse/client" = proxyToClientPort;
};
listen = [
{ addr = "0.0.0.0"; port = clientPort.public; ssl = true; }
{ addr = "[::]"; port = clientPort.public; ssl = true; }
];
};
# same as above, but listening on the federation port
"${matrixDomain}_federation" = {
onlySSL = true;
serverName = matrixDomain;
useACMEHost = domain;
locations."/".return = "404";
locations."/_matrix" = {
proxyPass = "http://[::1]:${toString federationPort.private}";
};
listen = [
{ addr = "0.0.0.0"; port = federationPort.public; ssl = true; }
{ addr = "[::]"; port = federationPort.public; ssl = true; }
];
};
"${domain}" = { "${domain}" = {
forceSSL = true; forceSSL = true;
useACMEHost = domain; useACMEHost = domain;
locations."= /.well-known/matrix/server".extraConfig = locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
let locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
server = { "m.server" = "${matrixDomain}:${toString federationPort.public}"; };
in
''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
locations."= /.well-known/matrix/client".extraConfig =
let
client = {
"m.homeserver" = { "base_url" = "https://${matrixDomain}"; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
};
# ACAO required to allow element-web on any URL to request this json file
in
''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
}; };
}; };
# For administration tools. # For administration tools.
environment.systemPackages = [ pkgs.matrix-synapse ]; environment.systemPackages = [ pkgs.matrix-synapse ];
networking.firewall.allowedTCPPorts = [
clientPort.public
federationPort.public
];
my.services.backup = { my.services.backup = {
paths = [ paths = [
config.services.matrix-synapse.dataDir config.services.matrix-synapse.dataDir

32
modules/nixos/services/mealie/default.nix
View file

@ -32,33 +32,15 @@ in
BASE_URL = "https://mealie.${config.networking.domain}"; BASE_URL = "https://mealie.${config.networking.domain}";
TZ = config.time.timeZone; TZ = config.time.timeZone;
ALLOw_SIGNUP = "false"; ALLOw_SIGNUP = "false";
TOKEN_TIME = 24 * 180; # 180 days
# Use PostgreSQL
DB_ENGINE = "postgres";
# Make it work with socket auth
POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql";
}; };
};
systemd.services = { # Automatic PostgreSQL provisioning
mealie = { database = {
after = [ "postgresql.service" ]; createLocally = true;
requires = [ "postgresql.service" ];
}; };
}; };
# Set-up database
services.postgresql = {
enable = true;
ensureDatabases = [ "mealie" ];
ensureUsers = [
{
name = "mealie";
ensureDBOwnership = true;
}
];
};
my.services.nginx.virtualHosts = { my.services.nginx.virtualHosts = {
mealie = { mealie = {
inherit (cfg) port; inherit (cfg) port;
@ -72,6 +54,12 @@ in
}; };
}; };
my.services.backup = {
paths = [
"/var/lib/mealie"
];
};
services.fail2ban.jails = { services.fail2ban.jails = {
mealie = '' mealie = ''
enabled = true enabled = true

6
modules/nixos/services/nextcloud/collabora.nix
View file

@ -16,6 +16,12 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.nextcloud = {
extraApps = {
inherit (config.services.nextcloud.package.packages.apps) richdocuments;
};
};
services.collabora-online = { services.collabora-online = {
enable = true; enable = true;
inherit (cfg) port; inherit (cfg) port;

32
modules/nixos/services/nextcloud/default.nix
View file

@ -35,7 +35,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud30; package = pkgs.nextcloud32;
hostName = "nextcloud.${config.networking.domain}"; hostName = "nextcloud.${config.networking.domain}";
home = "/var/lib/nextcloud"; home = "/var/lib/nextcloud";
maxUploadSize = cfg.maxSize; maxUploadSize = cfg.maxSize;
@ -44,11 +44,15 @@ in
adminuser = cfg.admin; adminuser = cfg.admin;
adminpassFile = cfg.passwordFile; adminpassFile = cfg.passwordFile;
dbtype = "pgsql"; dbtype = "pgsql";
dbhost = "/run/postgresql";
}; };
https = true; https = true;
# Automatic PostgreSQL provisioning
database = {
createLocally = true;
};
settings = { settings = {
overwriteprotocol = "https"; # Nginx only allows SSL overwriteprotocol = "https"; # Nginx only allows SSL
}; };
@ -58,22 +62,16 @@ in
# Allow using the push service without hard-coding my IP in the configuration # Allow using the push service without hard-coding my IP in the configuration
bendDomainToLocalhost = true; bendDomainToLocalhost = true;
}; };
};
services.postgresql = { extraApps = {
enable = true; inherit (config.services.nextcloud.package.packages.apps)
ensureDatabases = [ "nextcloud" ]; calendar
ensureUsers = [ contacts
{ deck
name = "nextcloud"; tasks
ensureDBOwnership = true; ;
} # notify_push is automatically installed by the module
]; };
};
systemd.services."nextcloud-setup" = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
}; };
# The service above configures the domain, no need for my wrapper # The service above configures the domain, no need for my wrapper

2
modules/nixos/services/nginx/default.nix
View file

@ -444,7 +444,7 @@ in
}; };
}; };
systemd.services."acme-${domain}" = { systemd.services."acme-order-renew-${domain}" = {
serviceConfig = { serviceConfig = {
Environment = [ Environment = [
# Since I do a "weird" setup with a wildcard CNAME # Since I do a "weird" setup with a wildcard CNAME

38
modules/nixos/services/paperless/default.nix
View file

@ -52,30 +52,28 @@ in
mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath; mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath;
settings = settings = {
let # Use SSO
paperlessDomain = "paperless.${config.networking.domain}"; PAPERLESS_ENABLE_HTTP_REMOTE_USER = true;
in PAPERLESS_ENABLE_HTTP_REMOTE_USER_API = true;
{ PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER";
# Use SSO
PAPERLESS_ENABLE_HTTP_REMOTE_USER = true;
PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER";
# Security settings # Security settings
PAPERLESS_ALLOWED_HOSTS = paperlessDomain; PAPERLESS_URL = "https://paperless.${config.networking.domain}";
PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}"; PAPERLESS_USE_X_FORWARD_HOST = true;
PAPERLESS_PROXY_SSL_HEADER = [ "HTTP_X_FORWARDED_PROTO" "https" ];
# OCR settings # OCR settings
PAPERLESS_OCR_LANGUAGE = "fra+eng"; PAPERLESS_OCR_LANGUAGE = "fra+eng";
# Workers # Workers
PAPERLESS_TASK_WORKERS = 3; PAPERLESS_TASK_WORKERS = 3;
PAPERLESS_THREADS_PER_WORKER = 4; PAPERLESS_THREADS_PER_WORKER = 4;
# Misc # Misc
PAPERLESS_TIME_ZONE = config.time.timeZone; PAPERLESS_TIME_ZONE = config.time.timeZone;
PAPERLESS_ADMIN_USER = cfg.username; PAPERLESS_ADMIN_USER = cfg.username;
}; };
# Admin password # Admin password
passwordFile = cfg.passwordFile; passwordFile = cfg.passwordFile;

63
modules/nixos/services/servarr/autobrr.nix Normal file
View file

@ -0,0 +1,63 @@
# IRC-based indexer
{ config, lib, ... }:
let
cfg = config.my.services.servarr.autobrr;
in
{
options.my.services.servarr.autobrr = with lib; {
enable = mkEnableOption "autobrr IRC announce tracker" // {
default = config.my.services.servarr.enableAll;
};
port = mkOption {
type = types.port;
default = 7474;
example = 8080;
description = "Internal port for webui";
};
sessionSecretFile = mkOption {
type = types.str;
example = "/run/secrets/autobrr-secret.txt";
description = ''
File containing the session secret.
'';
};
};
config = lib.mkIf cfg.enable {
services.autobrr = {
enable = true;
settings = {
inherit (cfg) port;
checkForUpdates = false;
};
secretFile = cfg.sessionSecretFile;
};
my.services.nginx.virtualHosts = {
autobrr = {
inherit (cfg) port;
websocketsLocations = [ "/api" ];
};
};
services.fail2ban.jails = {
autobrr = ''
enabled = true
filter = autobrr
action = iptables-allports
'';
};
environment.etc = {
"fail2ban/filter.d/autobrr.conf".text = ''
[Definition]
failregex = "message":"Auth: Failed login attempt username: \[.*\] ip: <HOST>"
journalmatch = _SYSTEMD_UNIT=autobrr.service
'';
};
};
}

37
modules/nixos/services/servarr/bazarr.nix Normal file
View file

@ -0,0 +1,37 @@
{ config, lib, ... }:
let
cfg = config.my.services.servarr.bazarr;
in
{
options.my.services.servarr.bazarr = with lib; {
enable = lib.mkEnableOption "Bazarr" // {
default = config.my.services.servarr.enableAll;
};
port = mkOption {
type = types.port;
default = 6767;
example = 8080;
description = "Internal port for webui";
};
};
config = lib.mkIf cfg.enable {
services.bazarr = {
enable = true;
group = "media";
listenPort = cfg.port;
};
# Set-up media group
users.groups.media = { };
my.services.nginx.virtualHosts = {
bazarr = {
inherit (cfg) port;
};
};
# Bazarr does not log authentication failures...
};
}

96
modules/nixos/services/servarr/cross-seed.nix Normal file
View file

@ -0,0 +1,96 @@
# Automatic cross-seeding for video media
{ config, lib, ... }:
let
cfg = config.my.services.servarr.cross-seed;
in
{
options.my.services.servarr.cross-seed = with lib; {
enable = mkEnableOption "cross-seed daemon" // {
default = config.my.services.servarr.enableAll;
};
port = mkOption {
type = types.port;
default = 2468;
example = 8080;
description = "Internal port for daemon";
};
linkDirectory = mkOption {
type = types.str;
default = "/data/downloads/complete/links";
example = "/var/lib/cross-seed/links";
description = "Link directory";
};
secretSettingsFile = mkOption {
type = types.str;
example = "/run/secrets/cross-seed-secrets.json";
description = ''
File containing secret settings.
'';
};
};
config = lib.mkIf cfg.enable {
services.cross-seed = {
enable = true;
group = "media";
# Rely on recommended defaults for tracker snatches etc...
useGenConfigDefaults = true;
settings = {
inherit (cfg) port;
host = "127.0.0.1";
# Inject torrents to client directly
action = "inject";
# Query the client for torrents to match
useClientTorrents = true;
# Use hardlinks
linkType = "hardlink";
# Use configured link directory
linkDirs = [ cfg.linkDirectory ];
# Match as many torrents as possible
matchMode = "partial";
# Cross-seed full season if at least 50% of episodes are already downloaded
seasonFromEpisodes = 0.5;
};
settingsFile = cfg.secretSettingsFile;
};
systemd.services.cross-seed = {
serviceConfig = {
# Loose umask to make cross-seed links readable by `media`
UMask = "0002";
};
};
# Set-up media group
users.groups.media = { };
my.services.nginx.virtualHosts = {
cross-seed = {
inherit (cfg) port;
};
};
services.fail2ban.jails = {
cross-seed = ''
enabled = true
filter = cross-seed
action = iptables-allports
'';
};
environment.etc = {
"fail2ban/filter.d/cross-seed.conf".text = ''
[Definition]
failregex = ^.*Unauthorized API access attempt to .* from <HOST>$
journalmatch = _SYSTEMD_UNIT=cross-seed.service
'';
};
};
}

107
modules/nixos/services/servarr/default.nix
View file

@ -2,99 +2,22 @@
# Relevant link [1]. # Relevant link [1].
# #
# [1]: https://youtu.be/I26Ql-uX6AM # [1]: https://youtu.be/I26Ql-uX6AM
{ config, lib, ... }: { lib, ... }:
let
cfg = config.my.services.servarr;
ports = {
bazarr = 6767;
lidarr = 8686;
radarr = 7878;
readarr = 8787;
sonarr = 8989;
};
mkService = service: {
services.${service} = {
enable = true;
group = "media";
};
};
mkRedirection = service: {
my.services.nginx.virtualHosts = {
${service} = {
port = ports.${service};
};
};
};
mkFail2Ban = service: lib.mkIf cfg.${service}.enable {
services.fail2ban.jails = {
${service} = ''
enabled = true
filter = ${service}
action = iptables-allports
'';
};
environment.etc = {
"fail2ban/filter.d/${service}.conf".text = ''
[Definition]
failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
journalmatch = _SYSTEMD_UNIT=${service}.service
'';
};
};
mkFullConfig = service: lib.mkIf cfg.${service}.enable (lib.mkMerge [
(mkService service)
(mkRedirection service)
]);
in
{ {
imports = [
./autobrr.nix
./bazarr.nix
./cross-seed.nix
./jackett.nix
./nzbhydra.nix
./prowlarr.nix
(import ./starr.nix "lidarr")
(import ./starr.nix "radarr")
(import ./starr.nix "readarr")
(import ./starr.nix "sonarr")
];
options.my.services.servarr = { options.my.services.servarr = {
enable = lib.mkEnableOption "Media automation"; enableAll = lib.mkEnableOption "media automation suite";
bazarr = {
enable = lib.my.mkDisableOption "Bazarr";
};
lidarr = {
enable = lib.my.mkDisableOption "Lidarr";
};
radarr = {
enable = lib.my.mkDisableOption "Radarr";
};
readarr = {
enable = lib.my.mkDisableOption "Readarr";
};
sonarr = {
enable = lib.my.mkDisableOption "Sonarr";
};
}; };
config = lib.mkIf cfg.enable (lib.mkMerge [
{
# Set-up media group
users.groups.media = { };
}
# Bazarr does not log authentication failures...
(mkFullConfig "bazarr")
# Lidarr for music
(mkFullConfig "lidarr")
(mkFail2Ban "lidarr")
# Radarr for movies
(mkFullConfig "radarr")
(mkFail2Ban "radarr")
# Readarr for books
(mkFullConfig "readarr")
(mkFail2Ban "readarr")
# Sonarr for shows
(mkFullConfig "sonarr")
(mkFail2Ban "sonarr")
]);
} }

41
modules/nixos/services/servarr/jackett.nix Normal file
View file

@ -0,0 +1,41 @@
{ config, lib, ... }:
let
cfg = config.my.services.servarr.jackett;
in
{
options.my.services.servarr.jackett = with lib; {
enable = lib.mkEnableOption "Jackett" // {
default = config.my.services.servarr.enableAll;
};
port = mkOption {
type = types.port;
default = 9117;
example = 8080;
description = "Internal port for webui";
};
};
config = lib.mkIf cfg.enable {
services.jackett = {
enable = true;
inherit (cfg) port;
};
# Jackett wants to eat *all* my RAM if left to its own devices
systemd.services.jackett = {
serviceConfig = {
MemoryHigh = "15%";
MemoryMax = "25%";
};
};
my.services.nginx.virtualHosts = {
jackett = {
inherit (cfg) port;
};
};
# Jackett does not log authentication failures...
};
}

26
modules/nixos/services/servarr/nzbhydra.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, lib, ... }:
let
cfg = config.my.services.servarr.nzbhydra;
in
{
options.my.services.servarr.nzbhydra = with lib; {
enable = lib.mkEnableOption "NZBHydra2" // {
default = config.my.services.servarr.enableAll;
};
};
config = lib.mkIf cfg.enable {
services.nzbhydra2 = {
enable = true;
};
my.services.nginx.virtualHosts = {
nzbhydra = {
port = 5076;
websocketsLocations = [ "/" ];
};
};
# NZBHydra2 does not log authentication failures...
};
}

53
modules/nixos/services/servarr/prowlarr.nix Normal file
View file

@ -0,0 +1,53 @@
# Torrent and NZB indexer
{ config, lib, ... }:
let
cfg = config.my.services.servarr.prowlarr;
in
{
options.my.services.servarr.prowlarr = with lib; {
enable = lib.mkEnableOption "Prowlarr" // {
default = config.my.services.servarr.enableAll;
};
port = mkOption {
type = types.port;
default = 9696;
example = 8080;
description = "Internal port for webui";
};
};
config = lib.mkIf cfg.enable {
services.prowlarr = {
enable = true;
settings = {
server = {
port = cfg.port;
};
};
};
my.services.nginx.virtualHosts = {
prowlarr = {
inherit (cfg) port;
};
};
services.fail2ban.jails = {
prowlarr = ''
enabled = true
filter = prowlarr
action = iptables-allports
'';
};
environment.etc = {
"fail2ban/filter.d/prowlarr.conf".text = ''
[Definition]
failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
journalmatch = _SYSTEMD_UNIT=prowlarr.service
'';
};
};
}

64
modules/nixos/services/servarr/starr.nix Normal file
View file

@ -0,0 +1,64 @@
# Templated *arr configuration
starr:
{ config, lib, ... }:
let
cfg = config.my.services.servarr.${starr};
ports = {
lidarr = 8686;
radarr = 7878;
readarr = 8787;
sonarr = 8989;
};
in
{
options.my.services.servarr.${starr} = with lib; {
enable = lib.mkEnableOption (lib.toSentenceCase starr) // {
default = config.my.services.servarr.enableAll;
};
port = mkOption {
type = types.port;
default = ports.${starr};
example = 8080;
description = "Internal port for webui";
};
};
config = lib.mkIf cfg.enable {
services.${starr} = {
enable = true;
group = "media";
settings = {
server = {
port = cfg.port;
};
};
};
# Set-up media group
users.groups.media = { };
my.services.nginx.virtualHosts = {
${starr} = {
port = cfg.port;
};
};
services.fail2ban.jails = {
${starr} = ''
enabled = true
filter = ${starr}
action = iptables-allports
'';
};
environment.etc = {
"fail2ban/filter.d/${starr}.conf".text = ''
[Definition]
failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
journalmatch = _SYSTEMD_UNIT=${starr}.service
'';
};
};
}

25
modules/nixos/services/tandoor-recipes/default.nix
View file

@ -26,18 +26,16 @@ in
services.tandoor-recipes = { services.tandoor-recipes = {
enable = true; enable = true;
database = {
createLocally = true;
};
port = cfg.port; port = cfg.port;
extraConfig = extraConfig =
let let
tandoorRecipesDomain = "recipes.${config.networking.domain}"; tandoorRecipesDomain = "recipes.${config.networking.domain}";
in in
{ {
# Use PostgreSQL
DB_ENGINE = "django.db.backends.postgresql";
POSTGRES_HOST = "/run/postgresql";
POSTGRES_USER = "tandoor_recipes";
POSTGRES_DB = "tandoor_recipes";
# Security settings # Security settings
ALLOWED_HOSTS = tandoorRecipesDomain; ALLOWED_HOSTS = tandoorRecipesDomain;
CSRF_TRUSTED_ORIGINS = "https://${tandoorRecipesDomain}"; CSRF_TRUSTED_ORIGINS = "https://${tandoorRecipesDomain}";
@ -49,27 +47,12 @@ in
systemd.services = { systemd.services = {
tandoor-recipes = { tandoor-recipes = {
after = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
serviceConfig = { serviceConfig = {
EnvironmentFile = cfg.secretKeyFile; EnvironmentFile = cfg.secretKeyFile;
}; };
}; };
}; };
# Set-up database
services.postgresql = {
enable = true;
ensureDatabases = [ "tandoor_recipes" ];
ensureUsers = [
{
name = "tandoor_recipes";
ensureDBOwnership = true;
}
];
};
my.services.nginx.virtualHosts = { my.services.nginx.virtualHosts = {
recipes = { recipes = {
inherit (cfg) port; inherit (cfg) port;

59
modules/nixos/services/thelounge/default.nix Normal file
View file

@ -0,0 +1,59 @@
# Web IRC client
{ config, lib, ... }:
let
cfg = config.my.services.thelounge;
in
{
options.my.services.thelounge = with lib; {
enable = mkEnableOption "The Lounge, a self-hosted web IRC client";
port = mkOption {
type = types.port;
default = 9050;
example = 4242;
description = "The port on which The Lounge will listen for incoming HTTP traffic.";
};
};
config = lib.mkIf cfg.enable {
services.thelounge = {
enable = true;
inherit (cfg) port;
extraConfig = {
reverseProxy = true;
};
};
my.services.nginx.virtualHosts = {
irc = {
inherit (cfg) port;
# Proxy websockets for RPC
websocketsLocations = [ "/" ];
extraConfig = {
locations."/".extraConfig = ''
proxy_read_timeout 1d;
'';
};
};
};
services.fail2ban.jails = {
thelounge = ''
enabled = true
filter = thelounge
port = http,https
'';
};
environment.etc = {
"fail2ban/filter.d/thelounge.conf".text = ''
[Definition]
failregex = Authentication failed for user .* from <HOST>$
Authentication for non existing user attempted from <HOST>$
journalmatch = _SYSTEMD_UNIT=thelounge.service
'';
};
};
}

9
modules/nixos/services/transmission/default.nix
View file

@ -47,6 +47,7 @@ in
enable = true; enable = true;
package = pkgs.transmission_4; package = pkgs.transmission_4;
group = "media"; group = "media";
webHome = pkgs.trgui-ng-web;
downloadDirPermissions = "775"; downloadDirPermissions = "775";
@ -65,13 +66,19 @@ in
# Proxied behind Nginx. # Proxied behind Nginx.
rpc-whitelist-enabled = true; rpc-whitelist-enabled = true;
rpc-whitelist = "127.0.0.1"; rpc-whitelist = "127.0.0.1";
umask = "002"; # To go with `downloadDirPermissions`
}; };
}; };
# Transmission wants to eat *all* my RAM if left to its own devices
systemd.services.transmission = { systemd.services.transmission = {
serviceConfig = { serviceConfig = {
# Transmission wants to eat *all* my RAM if left to its own devices
MemoryMax = "33%"; MemoryMax = "33%";
# Avoid errors due to high number of open files.
LimitNOFILE = 1048576;
# Longer stop timeout to finish all torrents
TimeoutStopSec = "5m";
}; };
}; };

4
modules/nixos/services/woodpecker/server/default.nix
View file

@ -24,8 +24,8 @@ in
}; };
systemd.services.woodpecker-server = { systemd.services.woodpecker-server = {
after = [ "postgresql.service" ]; after = [ "postgresql.target" ];
requires = [ "postgresql.service" ]; requires = [ "postgresql.target" ];
serviceConfig = { serviceConfig = {
# Set username for DB access # Set username for DB access

4
pkgs/comma/comma
View file

@ -12,9 +12,9 @@ usage() {
find_program() { find_program() {
local CANDIDATE local CANDIDATE
CANDIDATE="$(nix-locate --top-level --minimal --at-root --whole-name "/bin/$1")" CANDIDATE="$(nix-locate --minimal --at-root --whole-name "/bin/$1")"
if [ "$(printf '%s\n' "$CANDIDATE" | wc -l)" -gt 1 ]; then if [ "$(printf '%s\n' "$CANDIDATE" | wc -l)" -gt 1 ]; then
CANDIDATE="$(printf '%s' "$CANDIDATE" | fzf-tmux)" CANDIDATE="$(printf '%s' "$CANDIDATE" | "${COMMA_PICKER:-fzf-tmux}")"
fi fi
printf '%s' "$CANDIDATE" printf '%s' "$CANDIDATE"
} }

1
pkgs/lohr/default.nix
View file

@ -10,7 +10,6 @@ rustPlatform.buildRustPackage rec {
hash = "sha256-dunQgtap+XCK5LoSyOqIY/6p6HizBeiyPWNuCffwjDU="; hash = "sha256-dunQgtap+XCK5LoSyOqIY/6p6HizBeiyPWNuCffwjDU=";
}; };
useFetchCargoVendor = true;
cargoHash = "sha256-R3/N/43+bGx6acE/rhBcrk6kS5zQu8NJ1sVvKJJkK9w="; cargoHash = "sha256-R3/N/43+bGx6acE/rhBcrk6kS5zQu8NJ1sVvKJJkK9w=";
meta = with lib; { meta = with lib; {

15
templates/c++-cmake/flake.nix
View file

@ -16,19 +16,18 @@
ref = "nixos-unstable"; ref = "nixos-unstable";
}; };
pre-commit-hooks = { git-hooks = {
type = "github"; type = "github";
owner = "cachix"; owner = "cachix";
repo = "pre-commit-hooks.nix"; repo = "git-hooks.nix";
ref = "master"; ref = "master";
inputs = { inputs = {
flake-utils.follows = "futils";
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
}; };
}; };
}; };
outputs = { self, futils, nixpkgs, pre-commit-hooks }: outputs = { self, futils, nixpkgs, git-hooks }:
{ {
overlays = { overlays = {
default = final: _prev: { default = final: _prev: {
@ -69,7 +68,7 @@
]; ];
}; };
pre-commit = pre-commit-hooks.lib.${system}.run { pre-commit = git-hooks.lib.${system}.run {
src = self; src = self;
hooks = { hooks = {
@ -92,12 +91,12 @@
devShells = { devShells = {
default = pkgs.mkShell { default = pkgs.mkShell {
inputsFrom = with self.packages.${system}; [ inputsFrom = [
project self.packages.${system}.project
]; ];
packages = with pkgs; [ packages = with pkgs; [
clang-tools self.checks.${system}.pre-commit.enabledPackages
]; ];
inherit (pre-commit) shellHook; inherit (pre-commit) shellHook;

15
templates/c++-meson/flake.nix
View file

@ -16,19 +16,18 @@
ref = "nixos-unstable"; ref = "nixos-unstable";
}; };
pre-commit-hooks = { git-hooks = {
type = "github"; type = "github";
owner = "cachix"; owner = "cachix";
repo = "pre-commit-hooks.nix"; repo = "git-hooks.nix";
ref = "master"; ref = "master";
inputs = { inputs = {
flake-utils.follows = "futils";
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
}; };
}; };
}; };
outputs = { self, futils, nixpkgs, pre-commit-hooks }: outputs = { self, futils, nixpkgs, git-hooks }:
{ {
overlays = { overlays = {
default = final: _prev: { default = final: _prev: {
@ -69,7 +68,7 @@
]; ];
}; };
pre-commit = pre-commit-hooks.lib.${system}.run { pre-commit = git-hooks.lib.${system}.run {
src = self; src = self;
hooks = { hooks = {
@ -92,12 +91,12 @@
devShells = { devShells = {
default = pkgs.mkShell { default = pkgs.mkShell {
inputsFrom = with self.packages.${system}; [ inputsFrom = [
project self.packages.${system}.project
]; ];
packages = with pkgs; [ packages = with pkgs; [
clang-tools self.checks.${system}.pre-commit.enabledPackages
]; ];
inherit (pre-commit) shellHook; inherit (pre-commit) shellHook;

4
templates/default.nix
View file

@ -7,6 +7,10 @@
path = ./c++-meson; path = ./c++-meson;
description = "A C++ project using Meson"; description = "A C++ project using Meson";
}; };
"python-uv" = {
path = ./python-uv;
description = "A Python project using uv";
};
"rust-cargo" = { "rust-cargo" = {
path = ./rust-cargo; path = ./rust-cargo;
description = "A Rust project using Cargo"; description = "A Rust project using Cargo";

6
templates/python-uv/.envrc Normal file
View file

@ -0,0 +1,6 @@
# shellcheck shell=bash
if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then
source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg="
fi
use flake

6
templates/python-uv/.gitignore vendored Normal file
View file

@ -0,0 +1,6 @@
# Virtual environments
.venv
# Nix generated files
/.pre-commit-config.yaml
/result

31
templates/python-uv/.woodpecker/check.yml Normal file
View file

@ -0,0 +1,31 @@
labels:
backend: local
steps:
- name: pre-commit check
image: bash
commands:
- nix develop --command pre-commit run --all
- name: nix flake check
image: bash
commands:
- nix flake check
- name: notify
image: bash
environment:
ADDRESS:
from_secret: matrix_homeserver
ROOM:
from_secret: matrix_roomid
USER:
from_secret: matrix_username
PASS:
from_secret: matrix_password
commands:
- nix run github:ambroisie/matrix-notifier
when:
status:
- failure
- success

112
templates/python-uv/flake.nix Normal file
View file

@ -0,0 +1,112 @@
{
description = "A Python project";
inputs = {
futils = {
type = "github";
owner = "numtide";
repo = "flake-utils";
ref = "main";
};
nixpkgs = {
type = "github";
owner = "NixOS";
repo = "nixpkgs";
ref = "nixos-unstable";
};
git-hooks = {
type = "github";
owner = "cachix";
repo = "git-hooks.nix";
ref = "master";
inputs = {
nixpkgs.follows = "nixpkgs";
};
};
};
outputs = { self, futils, nixpkgs, git-hooks }:
{
overlays = {
default = final: _prev: {
project = with final; python3.pkgs.buildPythonApplication {
pname = "project";
version = (final.lib.importTOML ./pyproject.toml).project.version;
pyproject = true;
src = self;
build-system = with python3.pkgs; [ setuptools ];
pythonImportsCheck = [ "project" ];
meta = with lib; {
description = "A Python project";
homepage = "https://git.belanyi.fr/ambroisie/project";
license = licenses.mit;
maintainers = with maintainers; [ ambroisie ];
};
};
};
};
} // futils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs {
inherit system;
overlays = [
self.overlays.default
];
};
pre-commit = git-hooks.lib.${system}.run {
src = self;
hooks = {
mypy = {
enable = true;
};
nixpkgs-fmt = {
enable = true;
};
ruff = {
enable = true;
};
ruff-format = {
enable = true;
};
};
};
in
{
checks = {
inherit (self.packages.${system}) project;
inherit pre-commit;
};
devShells = {
default = pkgs.mkShell {
inputsFrom = [
self.packages.${system}.project
];
packages = with pkgs; [
uv
self.checks.${system}.pre-commit.enabledPackages
];
inherit (pre-commit) shellHook;
};
};
packages = futils.lib.flattenTree {
default = pkgs.project;
inherit (pkgs) project;
};
});
}

17
templates/python-uv/pyproject.toml Normal file
View file

@ -0,0 +1,17 @@
[build-system]
requires = ["setuptools"]
build-backend = "setuptools.build_meta"
[project]
name = "project"
version = "0.0.0"
description = "project description"
requires-python = ">=3.12"
dependencies = []
[project.scripts]
project = "project:main"
[dependency-groups]
dev = []

2
templates/python-uv/src/project/__init__.py Normal file
View file

@ -0,0 +1,2 @@
def main() -> None:
print("Hello, world!")

16
templates/rust-cargo/flake.nix
View file

@ -16,19 +16,18 @@
ref = "nixos-unstable"; ref = "nixos-unstable";
}; };
pre-commit-hooks = { git-hooks = {
type = "github"; type = "github";
owner = "cachix"; owner = "cachix";
repo = "pre-commit-hooks.nix"; repo = "git-hooks.nix";
ref = "master"; ref = "master";
inputs = { inputs = {
flake-utils.follows = "futils";
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
}; };
}; };
}; };
outputs = { self, futils, nixpkgs, pre-commit-hooks }: outputs = { self, futils, nixpkgs, git-hooks }:
{ {
overlays = { overlays = {
default = final: _prev: { default = final: _prev: {
@ -60,7 +59,7 @@
]; ];
}; };
pre-commit = pre-commit-hooks.lib.${system}.run { pre-commit = git-hooks.lib.${system}.run {
src = self; src = self;
hooks = { hooks = {
@ -88,14 +87,13 @@
devShells = { devShells = {
default = pkgs.mkShell { default = pkgs.mkShell {
inputsFrom = with self.packages.${system}; [ inputsFrom = [
project self.packages.${system}.project
]; ];
packages = with pkgs; [ packages = with pkgs; [
clippy
rust-analyzer rust-analyzer
rustfmt self.checks.${system}.pre-commit.enabledPackages
]; ];
RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}"; RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}";