Compare commits

..

198 commits

Author SHA1 Message Date
Bruno BELANYI 9c50691ede nixos: services: nginx: sso: use upstream module
All checks were successful
ci/woodpecker/push/check Pipeline was successful
It's finally been merged, so let's get rid of this module.
2024-12-28 13:28:03 -05:00
Bruno BELANYI 2996481327 flake: bump inputs 2024-12-28 13:24:21 -05:00
Bruno BELANYI e65b3ed1fc home: vim: ftplugin: add query
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-12-23 22:42:42 -05:00
Bruno BELANYI 5cae5632d3 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-12-21 17:06:37 -05:00
Bruno BELANYI b7b6705391 home: wm: i3: make 'arandr' float
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Another work-around due to a wrapper in nixpkgs.
2024-12-18 20:48:09 -05:00
Bruno BELANYI ead8101b8d home: wm: i3: match 'blueman' float explicitly
This is more of a work-around due to the wrapper in nixpkgs' packaging
of that application, so might as well make that explicit and narrow.
2024-12-18 20:48:09 -05:00
Bruno BELANYI c75a307c58 home: wm: i3: fix 'pavucontrol' float
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-12-18 20:39:15 -05:00
Bruno BELANYI f4f1aad1c0 pkgs: fix shell formatting
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Ran `shfmt --write --indent 4 --simplify --case-indent`, in accordance
with my editor settings.
2024-12-18 20:35:34 -05:00
Bruno BELANYI 322fbc970b home: vim: lsp: rely on 'bashls' formatting
All checks were successful
ci/woodpecker/push/check Pipeline was successful
I finally figured out why I was getting the wrong indentation, turns out
it was an issue in `lsp-format.nvim`. With that fixed/worked around, I
can now rely completely on `bash-language-server` for formatting.

I'll also rely on `shfmt` automatically detecting the type of file, as
(Neo)Vim cannot be made to reliably set `ft=bash` for Bash scripts and
`ft=sh` for POSIX shell.

Finally, I removed spaces after redirections, I've now come around to
liking the default (no spaces) better.
2024-12-18 20:20:28 -05:00
Bruno BELANYI 92e5fbe7df overlays: add 'lsp-format-nvim-indentation'
To fix the issue I reported upstream [1].

[1]: https://github.com/lukas-reineke/lsp-format.nvim/issues/94
2024-12-18 20:13:03 -05:00
Bruno BELANYI 747b344b76 pkgs: remove 'cgt-calc'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
It's been merged upstream.
2024-12-15 18:39:27 -05:00
Bruno BELANYI dec5dabf02 modules: services: postgres: upgrade version
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-12-16 00:20:18 +01:00
Bruno BELANYI b2d2ff1798 nixos: services: postgres: fix renamed option 2024-12-16 00:19:31 +01:00
Bruno BELANYI c5a375d165 nixos: services: paperless: use automatic DB setup
That way I don't have to worry about the `postgresql.service` dependency
anymore :-).
2024-12-11 01:40:14 +01:00
Bruno BELANYI cb5eb68d35 flake: bump inputs
And fix deprecated NUR overlay attribute.
2024-12-11 01:40:10 +01:00
Bruno BELANYI 19120bca29 nixos: hardware: graphics: use 'initrd' option
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-12-08 16:08:48 -05:00
Bruno BELANYI 35c547a090 home: tmux: enable focus events
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Since `tmux-sensible` was disabled by default, we should enable this
explicitly now.
2024-12-08 10:44:26 -05:00
Bruno BELANYI ad1cfbd6f0 flake: bump inputs
Allow-list the build inputs for `sonarr` until the package is fixed
upstream [1].

[1]: https://github.com/NixOS/nixpkgs/issues/360592
2024-12-08 10:44:26 -05:00
Bruno BELANYI baa853477d nixos: hardware: sound: remove ALSA
`sound.enable` was removed from the latest release, and is unnecessary
with PulseAudio.
2024-12-08 10:44:26 -05:00
Bruno BELANYI 3ac85b8762 home: packages: add 'tree' 2024-12-08 10:44:26 -05:00
Bruno BELANYI c74acda957 nixos: system: packages: remove 'wget' 2024-12-08 10:44:26 -05:00
Bruno BELANYI 98c90d77c5 home: tmux: add sloppy window switching bindings
Another set of bindings which were setup by `tmux-sensible`, that I want
to enable explicitly to avoid issues when it is disabled by default.
2024-12-08 10:44:26 -05:00
Bruno BELANYI b38658405a home: tmux: add binding to refresh configuration
Don't rely on `tmux-sensible` to set it up.
2024-11-28 18:39:09 +00:00
Bruno BELANYI da3c29bbaf home: xdg: add comment about 'tig'
To explain why I didn't modify it as part of my `$XDG_STATE_HOME`
migration in fbd3b70d61.
2024-11-28 12:07:52 +00:00
Bruno BELANYI 8b61af1ac3 home: xdg: remove 'gdb' directory
I have an actual module to configure `gdb`, and it uses
`$XDG_STATE_HOME` anyway...
2024-11-28 12:07:12 +00:00
Bruno BELANYI e8a41187e7 home: xdg: create 'HISTFILE' parent directory
In fbd3b70d61, I forgot to modify the
`.keep` file to be created in `$XDG_STATE_HOME/bash/`.
2024-11-28 12:06:03 +00:00
Bruno BELANYI 83da7ba9c8 home: tmux: explicitly disable mouse support
All checks were successful
ci/woodpecker/push/check Pipeline was successful
It's disabled by default, but make it explicit :-).
2024-11-28 11:24:34 +00:00
Bruno BELANYI f2168378fc home: direnv: lib: also watch '.python-version'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
It's used by `uv` as a kind of configuration file, so watch it as well.
2024-11-27 15:12:10 +00:00
Bruno BELANYI e39fef275c nixos: services: paperless: use 'environmentFile'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
That way I don't have to configure all services to make use of it.

Someday I'll find the will to add the `postgresql.service` dependency
upstream, truly removing the need to configure any service at all.
2024-11-27 12:05:41 +00:00
Bruno BELANYI fe49e47026 flake: bump inputs 2024-11-27 12:02:29 +00:00
Bruno BELANYI 6a5c4a627a nixos: services: pyload: add fail2ban jail
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-11-20 21:06:17 +01:00
Bruno BELANYI 7f0cd6612e nixos: services: paperless: remove MKL work-around
Instead, rely on the upstream service's work-around [1].

This will reduce the amount of package builds I need to do when updating
my server...

[1]: https://github.com/NixOS/nixpkgs/pull/299008

This reverts commit e2ec4d3032.
2024-11-20 21:06:17 +01:00
Bruno BELANYI 2ffbc13513 flake: bump inputs 2024-11-20 21:06:17 +01:00
Bruno BELANYI 60050113bc nixos: services: nginx: modify example
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Now that `websocketLocations` exists, it makes little sense to use
`proxyWebsockets` in an example, so use a different one.
2024-11-19 16:03:38 +00:00
Bruno BELANYI 6a1a35a384 nixos: services: migrate to 'websocketsLocations' 2024-11-19 16:03:38 +00:00
Bruno BELANYI e9d96138d5 nixos: services: nginx: add 'websocketsLocations'
This accounts for the overwhelming majority of my usage of
`extraConfig`.
2024-11-19 16:03:38 +00:00
Bruno BELANYI ae230b5df7 hosts: porthos: services: enable collabora
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-11-19 15:58:48 +01:00
Bruno BELANYI 138d4d2bd9 nixos: services: nextcloud: add collabora
This needs to be configured through the "Nextcloud Office" app,
specifically the WOPI setting is important for security (I put both the
external IP, as well as `::1` and `127.0.0.1`).
2024-11-19 15:58:48 +01:00
Bruno BELANYI ab8a5daefe hosts: porthos: secrets: acme: use OVH API
All checks were successful
ci/woodpecker/push/check Pipeline was successful
I switched registrar, as OVH was ~4x cheaper.

This needs a small change to the module to both refer to OVH instead of
Gandi in the documentation, and make use of the correct API.

I also needed to disable the propagation check, as it looks like OVH is
slower than Gandi, and leads to spurious errors...
2024-11-14 22:19:35 +01:00
Bruno BELANYI 7b42368e2f hosts: nixos: porthos: services: remove tandoor
All checks were successful
ci/woodpecker/push/check Pipeline was successful
I fully transitioned to using Mealie instead.

This reverts commit 493636decb.
2024-11-11 11:45:11 +00:00
Bruno BELANYI 46bd23ff07 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-11-06 10:53:58 +00:00
Bruno BELANYI 62de2772a4 home: vim: do not italicize comments
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-11-05 15:54:18 +00:00
Bruno BELANYI 8475d92314 home: nix: configure GC
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-10-30 10:33:50 +00:00
Bruno BELANYI 07552f3070 nixos: system: nix: configure GC 2024-10-30 10:33:50 +00:00
Bruno BELANYI 5b66145be3 flake: bump inputs 2024-10-30 10:33:50 +00:00
Bruno BELANYI 67eb7bdd4b hosts: nixos: porthos: secrets: remove matrix sync
Remove the secret, as it not used anymore.

This reverts commit 52413dcaf7.
2024-10-30 10:33:50 +00:00
Bruno BELANYI 6d2ac0c473 modules: services: matrix: remove sliding sync
The functionality has been folded into `synapse` itself, and the module
has been removed from the unstable branch.

This reverts commit b4c2cc581b.
2024-10-28 10:47:49 +00:00
Bruno BELANYI 46df8b5b5b home: direnv: lib: fix shellcheck directive
All checks were successful
ci/woodpecker/push/check Pipeline was successful
I like it better with a space in it.
2024-10-23 13:49:28 +00:00
Bruno BELANYI cf1aeaf088 flake: bump inputs 2024-10-23 13:49:28 +00:00
Bruno BELANYI a09cef76c5 nixos: services: nextcloud: bump to 30
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-10-17 15:26:17 +02:00
Bruno BELANYI 0547ebc33c home: wm: i3: remove 'FIXME'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Add a clearer message about why I don't use the `startup` section.
2024-10-16 10:43:52 +00:00
Bruno BELANYI 8e81d148bd home: direnv: warn on non-existent version
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-10-10 13:56:27 +00:00
Bruno BELANYI b10d936c0a flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-10-08 11:35:11 +00:00
Bruno BELANYI eec65dc6b3 hosts: nixos: porthos: services: remove podgrab
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Podgrab is unmaintained...

I'll rely on Audiobookshelf to both download and play podcasts.
2024-10-01 16:54:44 +02:00
Bruno BELANYI 09f763bc16 nixos: services: add komga
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-09-30 22:10:38 +02:00
Bruno BELANYI 79f08ea5a1 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-09-30 13:47:26 +00:00
Bruno BELANYI 38f3ac0ce5 home: vim: lspconfig: add 'typos-lsp'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-09-27 14:11:03 +00:00
Bruno BELANYI 898523d079 treewide: fix typos 2024-09-27 13:49:29 +00:00
Bruno BELANYI cbba752b54 nixos: services: nginx: remove 'literalExample'
Those examples do not use functions or any other "difficult to render"
expression.
2024-09-27 13:44:40 +00:00
Bruno BELANYI 20db71996c pkgs: add 'cgt-calc'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-09-25 16:40:15 +00:00
Bruno BELANYI b0029448c6 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-09-25 14:10:34 +00:00
Bruno BELANYI 3aab65d9ea nixos: services: tandoor-recipes: add fail2ban note
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-09-24 13:13:15 +00:00
Bruno BELANYI b6279108e0 nixos: services: vikunja: add fail2ban note
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-09-24 10:44:42 +00:00
Bruno BELANYI 0f3c5d1d63 nixos: services: transmission: add fail2ban note 2024-09-24 10:44:42 +00:00
Bruno BELANYI 1f40ac4a9f nixos: services: grocy: add fail2ban note 2024-09-24 10:44:42 +00:00
Bruno BELANYI 2b64a00dc9 nixos: services: flood: add fail2ban note 2024-09-24 10:44:42 +00:00
Bruno BELANYI 1aa3385e13 nixos: services: navidrome: add fail2ban jail
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-09-22 02:12:48 +02:00
Bruno BELANYI a059828a58 nixos: services: miniflux: add fail2ban jail
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-09-22 01:59:04 +02:00
Bruno BELANYI 96e1a54638 nixos: services: nextcloud: add fail2ban jail 2024-09-22 01:59:04 +02:00
Bruno BELANYI f24cf2e16d nixos: services: audiobookshelf: add fail2ban jail 2024-09-22 01:37:34 +02:00
Bruno BELANYI cedac6bbf4 nixos: services: mealie: add fail2ban jail 2024-09-22 01:37:34 +02:00
Bruno BELANYI 129d4b3a5a hosts: nixos: porthos: services: enable pdf-edit
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-09-20 22:05:21 +02:00
Bruno BELANYI c1eab0edee nixos: services: jellyfin: add fail2ban jail
All checks were successful
ci/woodpecker/push/check Pipeline was successful
The upstream documentation adds quotes around the IP, but I don't see
them in my logs. Let's split the difference by making them optional.
2024-09-20 14:39:53 +00:00
Bruno BELANYI 4a38757db9 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-09-19 11:58:55 +00:00
Bruno BELANYI 8d344b5d51 home: direnv: add 'layout_uv'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
I haven't really played with it yet, but from my small experiments this
should be good enough for my (future) purposes.
2024-09-12 13:23:19 +00:00
Bruno BELANYI 8a6af0e5b7 home: direnv: only mention 'poetry init'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
`poetry new` creates a new directory, which isn't really what we're
interested in here.
2024-09-12 12:08:50 +00:00
Bruno BELANYI 4f73945e28 home: direnv: silence 'layout_poetry' 2024-09-12 12:07:22 +00:00
Bruno BELANYI 6529bea6bb home: nixpkgs: don't use 'escapeShellArg'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
I don't know what I was thinking exactly when I wrote this, but I
clearly hadn't tested it. We can't use `escapeShellArg` as we need to
expand the `$XDG_RUNTIME_DIR` variable used in those paths...

This reverts commit 468eaa9ed4.
2024-09-11 10:28:32 +00:00
Bruno BELANYI e67b055a7b home: vim: fix unimpaired mapping groups
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-09-09 21:40:54 +01:00
Bruno BELANYI fbd3b70d61 home: use 'XDG_STATE_HOME' for history files
All checks were successful
ci/woodpecker/push/check Pipeline was successful
It's specified as the place to put them, so let's make use of it I
guess.
2024-09-06 20:52:30 +01:00
Bruno BELANYI f91286d13b flake: bump inputs 2024-09-06 20:52:30 +01:00
Bruno BELANYI 90dcf3a164 hosts: nixos: porthos: secrets: add pdf-edit
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-09-05 18:10:00 +02:00
Bruno BELANYI a713913eef nixos: services: add pdf-edit 2024-09-05 18:10:00 +02:00
Bruno BELANYI 9b7bab8e83 flake: bump inputs 2024-09-05 18:10:00 +02:00
Bruno BELANYI 0d2b9c9699 nixos: services: rename 'servarr'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-09-05 10:39:01 +00:00
Bruno BELANYI 6f00036b79 overlays: add 'downgrade-transmission'
The 4.0.6 release is buggy and widely blacklisted.
2024-09-05 10:36:31 +00:00
Bruno BELANYI 52197a4f96 nixos: services: pirate: add readarr 2024-09-05 10:36:31 +00:00
Bruno BELANYI fb4047b2b3 nixos: services: nginx: sso: align with upstream
This aligns with the PR I opened on nixpkgs [1].

[1]: https://github.com/NixOS/nixpkgs/pull/325838
2024-09-05 10:36:31 +00:00
Bruno BELANYI 445cb43cb4 nixos: services: nix-cache: fix deprecated config
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-09-04 10:35:10 +00:00
Bruno BELANYI 10727f9eea flake: bump inputs
Some checks failed
ci/woodpecker/push/check Pipeline failed
2024-09-04 12:33:13 +02:00
Bruno BELANYI 44c11fc431 pkgs: lohr: 0.4.5 -> 0.4.6 2024-09-04 12:33:13 +02:00
Bruno BELANYI e94bdef690 hosts: nixos: porthos: secrets: fix SSO owner
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-08-22 20:54:26 +02:00
Bruno BELANYI 483c5d23e0 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-08-14 12:50:20 +00:00
Bruno BELANYI 8ed69de4be hosts: nixos: aramis: home: remove 'pinentry-rofi'
Some checks failed
ci/woodpecker/push/check Pipeline failed
I'm not sure why, but it's messing with my `gpg-agent`... But I didn't
get any issues with `rbw`.

I'll try and figure out why.

This reverts commit 93dfe04114.
2024-08-10 12:13:09 +01:00
Bruno BELANYI f240730c4f flake: bump inputs
Some checks failed
ci/woodpecker/push/check Pipeline failed
And remove the overlay for `none-ls`, which has been fixed.

This reverts commit ace266b02c.
2024-08-08 19:03:30 +01:00
Bruno BELANYI 93dfe04114 hosts: nixos: aramis: home: use 'pinentry-rofi'
Some checks failed
ci/woodpecker/push/check Pipeline failed
2024-08-04 11:37:33 +01:00
Bruno BELANYI 1e2872c5c7 home: vim: fix '+'/'-' highlighting in diffs
Some checks failed
ci/woodpecker/push/check Pipeline failed
I'm not a big fan of the new highlighting [1].

[1]: https://github.com/nvim-treesitter/nvim-treesitter/pull/6619
2024-07-27 15:09:52 +01:00
Bruno BELANYI 9ed2dcefde home: vim: which-key: use lua callbacks
Some checks failed
ci/woodpecker/push/check Pipeline failed
2024-07-26 11:54:11 +00:00
Bruno BELANYI 0d820cc2f4 home: vim: move 'nohls' to 'which-key' 2024-07-26 11:52:17 +00:00
Bruno BELANYI ace266b02c overlays: add 'none-ls-root-bug'
Some checks failed
ci/woodpecker/push/check Pipeline failed
Will be removed when the plug-in gets its next bump.
2024-07-26 10:06:02 +00:00
Bruno BELANYI 6b7510cfd9 home: vim: show directories in blue
Some checks failed
ci/woodpecker/push/check Pipeline failed
Blue is much more readable when the night filter kicks in.
2024-07-25 20:32:15 +01:00
Bruno BELANYI 58760280be home: vim: update for 'which-key' v3
It complains quite loudly about the legacy mapping syntax.
2024-07-25 20:32:15 +01:00
Bruno BELANYI 4de7886950 nixos: system: packages: fix deprecated config 2024-07-25 20:32:15 +01:00
Bruno BELANYI d04de7d213 flake: bump inputs
And fix renamed packages.
2024-07-25 20:32:15 +01:00
Bruno BELANYI b5216a6a50 pkgs: unbound-zones-adblock: fix version 2024-07-25 20:29:00 +02:00
Bruno BELANYI 442eef0482 home: vim: git: fix deprecated functions
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-07-25 09:39:38 +00:00
Bruno BELANYI 997f208d30 home: vim: remove irrelevant filetype plugins
I don't make use of their non-upstreamed functionality.
2024-07-24 16:33:09 +00:00
Bruno BELANYI 326f9d039a home: vim: disable 'swapfile'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
As before, I still dislike this option and find its downsides worse than
its upsides.
2024-07-22 16:05:54 +00:00
Bruno BELANYI abaa7119e7 home: vim: consistent 'unimpaired' mapping names
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-07-20 11:34:42 +01:00
Bruno BELANYI c6735f3912 home: vime: tree-sitter: remove 'which-key'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
The plug-in now has support for setting mapping descriptions by itself.
2024-07-19 11:38:55 +00:00
Bruno BELANYI 3438290e32 home: vim: tree-sitter: move mappings from 'after' 2024-07-19 11:38:55 +00:00
Bruno BELANYI 82f49f1389 home: vim: telescope: move mappings from 'after' 2024-07-19 11:38:55 +00:00
Bruno BELANYI 5918a0b9e6 home: vim: signtoggle: use lua callbacks
Use `vim.opt` because this is a local option (i.e: similar to `set` it
defaults to setting it locally, `vim.opt_local` is not necessary).
2024-07-19 11:38:55 +00:00
Bruno BELANYI a7c542784c home: vim: numbertoggle: use lua callbacks
Use `vim.opt` because those are local options (i.e: similar to `set` it
defaults to setting it locally, `vim.opt_local` is not necessary).
2024-07-19 11:38:55 +00:00
Bruno BELANYI 280829b54f home: vim: signtoggle: fix toggling
Don't know how I missed this for so long...
2024-07-19 11:38:55 +00:00
Bruno BELANYI 5ffe2653c0 home: vim: git: work around partial staging issue
See [1].

[1]: https://github.com/lewis6991/gitsigns.nvim/issues/929
2024-07-19 11:38:54 +00:00
Bruno BELANYI 5592a120a4 home: vim: git: use 'partial' 2024-07-19 11:38:54 +00:00
Bruno BELANYI bcd9a31bb8 home: vim: lua: utils: add 'partial'
Love me some functional goodness.

This was taken from [1].

[1]: https://reddit.com/r/lua/comments/fh2go5
2024-07-19 11:36:26 +00:00
Bruno BELANYI 966934a8bc home: vim: git: use lua in hunk mappings 2024-07-19 11:36:26 +00:00
Bruno BELANYI 88e4d72366 home: vim: git: use lua in visual mappings
I thought the partial staging feature had broken, but it looks to be
unrelated [1].

[1]: https://github.com/lewis6991/gitsigns.nvim/issues/1088
2024-07-19 11:36:26 +00:00
Bruno BELANYI 16d68022eb home: vim: enable swap and undo files
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Trying it on for size, since NeoVim does use XDG directories for those.
2024-07-12 19:13:09 +01:00
Bruno BELANYI 0de9966127 home: vim: remove redundant 'nobackup'
It's already the default.
2024-07-12 19:13:09 +01:00
Bruno BELANYI 452399ee4c home: vim: oil: add detail view toggle mapping 2024-07-12 19:12:58 +01:00
Bruno BELANYI 6a6f3aed63 home: vim: migrate to 'oil.nvim' 2024-07-12 19:12:12 +01:00
Bruno BELANYI 04de570926 home: atuin: add 'package' option
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-07-08 13:29:08 +00:00
Bruno BELANYI 1644e95243 home: discord: add 'package' option
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-07-08 13:12:38 +00:00
Bruno BELANYI abb78d63e2 home: calibre: add 'package' option 2024-07-08 13:12:38 +00:00
Bruno BELANYI 4943df69ef home: gdb: add 'package' option 2024-07-08 13:12:38 +00:00
Bruno BELANYI f11cdb3675 home: gdb: use 'mkPackageOption' 2024-07-08 13:10:07 +00:00
Bruno BELANYI dc90e14e60 home: vim: lspconfig: add 'starpls'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-07-01 09:59:41 +00:00
Bruno BELANYI b895265537 nixos: hardware: graphics: fix renamed option
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-06-28 18:10:59 +01:00
Bruno BELANYI fc5cb1a47d flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-06-28 09:54:50 +00:00
Bruno BELANYI a15f7ec270 templates: fix typo
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-06-22 17:29:21 +01:00
Bruno BELANYI 105e0fbfd0 ci: fix typo 2024-06-22 17:29:21 +01:00
Bruno BELANYI b73f6af5e0 nixos: services: flood: use upstream module
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-06-21 15:40:34 +00:00
Bruno BELANYI c2362795d8 flake: bump inputs
Fixup `bash-language-server` which has been migrated out of `nodePackages`.
2024-06-21 15:40:34 +00:00
Bruno BELANYI 468eaa9ed4 home: nixpkgs: use 'escapeShellArg'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-06-18 13:13:42 +00:00
Bruno BELANYI eb94fca939 home: nix: use 'nix.nixPath'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Freshly merged upstream, I've only been waiting ~1 year for it.
2024-06-18 09:21:42 +00:00
Bruno BELANYI 9ab49e06f9 nixos: hardware: graphics: add 32bit Intel drivers
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-06-17 10:17:15 +00:00
Bruno BELANYI 7c61d6dffc nixos: hardware: graphics: use AMDVLK options 2024-06-17 10:12:05 +00:00
Bruno BELANYI 64331981d0 flake: bump inputs 2024-06-17 10:11:50 +00:00
Bruno BELANYI 6a9ac77b0c nixos: hardware: bluetooth: remove pipewire conf
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Turns out the wireplumber configuration I was setting up is redundant
with the upstream default (which work better, becomes they use a quirks
database...).

It was also out-of-date due to the update to v0.5, which changed the
configuration format...
2024-06-14 21:19:07 +01:00
Bruno BELANYI d37c767a2f nixos: services: forgejo: fix deprecated config
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-06-12 21:29:19 +02:00
Bruno BELANYI 10a7111f1c nixos: services: mealie: fix DB auth
Turns out the package update [1] was because someone couldn't make it
work on the previous version, and added a new setting to configure it
more easily :-).

[1]: https://github.com/NixOS/nixpkgs/pull/314294
2024-06-12 21:28:41 +02:00
Bruno BELANYI 7ea10f7823 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-06-12 10:06:31 +00:00
Bruno BELANYI c08c8c79d3 home: firefox: tridactyl: fix DDG mapping
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-06-10 12:53:13 +00:00
Bruno BELANYI 82a0c65901 home: firefox: tridactyl: add LWN comment toggle
Ideally, I would instead be targeting the `::before` pseudo-element,
which is the _actual_ button, but it doesn't work...
2024-06-10 12:48:33 +00:00
Bruno BELANYI 5af0230c58 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
And undo the overlay for `gruvbox-nvim`.

This reverts commit ccab4d0952.
2024-05-29 11:15:34 +00:00
Bruno BELANYI 442d267ca2 home: vim: lsp: add missing type hint 2024-05-28 13:49:00 +00:00
Bruno BELANYI b90da603b1 home: nix: fix typo
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-05-28 11:36:18 +00:00
Bruno BELANYI e0b66e89f9 home: vim: ftplugin: remove bp
It's now part of the upstream runtime as of v0.10, so this file is
redundant and can be removed.
2024-05-24 14:39:55 +01:00
Bruno BELANYI 212f280d92 home: vim: remove commenting plug-ins
Rely on the new built-in support which was added upstream as part of
v0.10.

Crucially, upstream supports using tree-sitter aware comment strings by default.
2024-05-24 14:39:55 +01:00
Bruno BELANYI cc82d7575f home: vim: do not set 'termguicolors' explicitly
Rely on the new behaviour from v0.10 which detects it more
intelligently.
2024-05-24 14:39:55 +01:00
Bruno BELANYI a60287f8cf home: vim: remove 'nvim-osc52'
OSC52 supports has been added upstream, and is set up automatically when
`SSH_TTY` is set (and a few other conditions) in v0.10.
2024-05-24 14:39:55 +01:00
Bruno BELANYI 201fabbc14 home: vim: remove redundant ftdetect files
These have been added upstream and made redundant as part of the update
to v0.10.
2024-05-24 14:39:55 +01:00
Bruno BELANYI 89056e3d5d home: vim: lspconfig: migrate to 'ruff'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
This replaces and enhances the experience from the old `ruff-lsp`
wrapper.
2024-05-23 22:38:55 +01:00
Bruno BELANYI ccab4d0952 overlays: add 'gruvbox-nvim-delimiters'
To fix [1] and [2] until the plug-in gets bumped.

[1]: https://github.com/ellisonleao/gruvbox.nvim/issues/335
[2]: https://github.com/ellisonleao/gruvbox.nvim/issues/340
2024-05-23 22:38:55 +01:00
Bruno BELANYI 9e89b4dd36 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-05-19 22:32:54 +02:00
Bruno BELANYI 1cba7b609d home: vim: null-ls: remove 'clang-format'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
I should be relying on `clangd` instead, which should always be
available whenever `clang-format` was.
2024-05-13 14:29:19 +00:00
Bruno BELANYI 811a9f44c5 home: vim: ftplugin: add json
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-05-10 09:36:09 +00:00
Bruno BELANYI f6c476a07f nixos: services: postgres: add post-upgrade advice
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-05-07 11:40:11 +00:00
Bruno BELANYI 0745e450b9 nixos: services: postgres: remove unused container 2024-05-07 11:40:11 +00:00
Bruno BELANYI 48beb9f1fe nixos: services: postgres: simplify update script 2024-05-07 11:21:28 +00:00
Bruno BELANYI 6162f4f4d5 modules: services: nextcloud: bump to 29
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-05-04 22:51:11 +02:00
Bruno BELANYI 8d2cf7f2c0 nixos: profiles: laptop: fix renamed option 2024-05-04 16:06:57 +02:00
Bruno BELANYI df79f36c87 flake: bump inputs 2024-05-04 16:06:14 +02:00
Bruno BELANYI 929c8ea9b0 hosts: nixos: porthos: services: audiobookshelf
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-04-22 21:00:00 +02:00
Bruno BELANYI 2dedb41a47 nixos: services: add audiobookshelf 2024-04-22 21:00:00 +02:00
Bruno BELANYI 7ebbb10568 hosts: nixos: porthos: migrate podgrab 'dataDir'
I want to share it with `audiobookshelf`, so putting it in `/data/media`
makes it easier.
2024-04-22 21:00:00 +02:00
Bruno BELANYI 5df0574f41 nixos: services: podgrab: add 'dataDir' 2024-04-22 21:00:00 +02:00
Bruno BELANYI c18054cad7 nixos: services: podgrab: use 'media' group 2024-04-22 20:59:09 +02:00
Bruno BELANYI f9db06a6d4 flake: bump inputs 2024-04-22 20:58:45 +02:00
Bruno BELANYI b735eb4b98 home: direnv: set 'DIRENV_DEFAULT_FLAKE' as needed
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-04-19 11:22:15 +00:00
Bruno BELANYI 6a22a80d42 home: direnv: update default flake
Now that I (usually?) override `nixpkgs` in the registry, there's not
much use in defaulting to `pkgs`.
2024-04-19 11:22:15 +00:00
Bruno BELANYI 06b760e3ee pkgs: remove 'bt-migrate'
I have packaged it upstream.
2024-04-19 11:22:15 +00:00
Bruno BELANYI e43cdbfa65 pkgs: remove 'sqlite_orm'
I have packaged it upstream.
2024-04-19 11:22:15 +00:00
Bruno BELANYI 7e0cb867de pkgs: remove 'digestpp'
I have packaged it upstream.
2024-04-19 11:22:15 +00:00
Bruno BELANYI a4ede5f6f4 templates: add rust-cargo 2024-04-19 11:22:15 +00:00
Bruno BELANYI 95c688766f home: vim: ftplugin: add bp 2024-04-19 11:22:15 +00:00
Bruno BELANYI 3e6b9f7161 home: vim: ftdetect: add bp
Unfortunately, the `blueprint` filetype name is already taken...
2024-04-12 10:03:28 +00:00
Bruno BELANYI 6efe2c12ba nixos: services: woodpecker: exec: fix NodeJS
All checks were successful
ci/woodpecker/push/check Pipeline was successful
I need it for Tree Sitter support...
2024-04-08 21:19:54 +02:00
Bruno BELANYI 6b51b4e2ab nixos: services: rss-bridge: fix deprecated option
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-04-07 13:30:40 +02:00
Bruno BELANYI 10a3e684c8 flake: bump inputs 2024-04-07 13:28:26 +02:00
Bruno BELANYI 8f120e2129 nixos: services: lohr: fix SSH key creation
All checks were successful
ci/woodpecker/push/check Pipeline was successful
In the migration to `tmpfiles.d(5)`, I used the wrong type of file.

Using `f` would write the path to the file as its content, rather than
copy it. Unfortunately `C` and `C+` do not overwrite an existing file,
so using a symlink it the correct solution here.

This means the SSH key file must have `lohr` as an owner... Perhaps I
should make it so the service can read the file itself, rather than
rely on the filesystem location, so that I don't have to contort myself
quite so much to make it work.
2024-04-02 12:25:34 +02:00
Bruno BELANYI f729f6a098 hosts: nixos: porthos: secrets: add 'lohr' owner 2024-04-02 12:25:05 +02:00
Bruno BELANYI 8a4fdf6a56 templates: fix description typo
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-04-01 22:27:06 +01:00
Bruno BELANYI d97da124ee templates: fix homepage links 2024-04-01 22:27:06 +01:00
Bruno BELANYI 96aa934bec pkgs: zsh-done: fix homepage link 2024-04-01 22:27:06 +01:00
Bruno BELANYI 4b5a19a8fa templates: fix deprecated CI syntax
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-04-01 22:26:21 +01:00
Bruno BELANYI 06c64c1a78 templates: fix 'matrix-notifier' CI step 2024-04-01 22:25:37 +01:00
Bruno BELANYI 15d0e6bb38 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-03-28 11:19:33 +00:00
Bruno BELANYI 607aa5351c nixos: services: tandoor-recipes: fix bulk upload
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-03-22 22:03:53 +01:00
Bruno BELANYI 61fa35093c nixos: services: mealie: fix bulk upload 2024-03-22 22:03:53 +01:00
Bruno BELANYI 4a01a50532 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
And fix the update `pinentry` options in home-manager.
2024-03-16 19:49:00 +01:00
Bruno BELANYI 41e1ad3265 overlays: remove 'gruvbox-nvim-better-diff'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Now that I have the explicit override for it, this overlay is not
necessary.

This reverts commit 9e0930aca4.
This reverts commit 28187c3b8f.
2024-03-14 10:58:09 +00:00
Bruno BELANYI 10b4e6ce2d home: vim: explicitly revert diff highlighting 2024-03-14 10:56:08 +00:00
Bruno BELANYI c0ef5c9275 overlays: add gruvbox-nvin-expose-palette 2024-03-14 10:49:39 +00:00
Bruno BELANYI 0ff8366105 home: vim: fix path high-lighting
All checks were successful
ci/woodpecker/push/check Pipeline was successful
It was previously linked to `Underlined`, which just looks plain wrong
IMO.

This links it back to `GruvboxOrange`, as it used to be.
2024-03-13 13:08:57 +00:00
135 changed files with 1513 additions and 1098 deletions

View file

@ -1,18 +0,0 @@
local lspconfig = require("lspconfig")
-- FIXME: https://github.com/folke/neodev.nvim ?
lspconfig.lua_ls.setup({
settings = {
Lua = {
runtime = {
version = "LuaJIT",
},
workspace = {
checkThirdParty = false,
library = {
vim.env.VIMRUNTIME,
},
},
},
},
})

View file

@ -7,17 +7,17 @@ steps:
commands: commands:
- nix flake check - nix flake check
- name: notifiy - name: notify
image: bash image: bash
secrets: environment:
- source: matrix_homeserver ADDRESS:
target: address from_secret: matrix_homeserver
- source: matrix_roomid ROOM:
target: room from_secret: matrix_roomid
- source: matrix_username USER:
target: user from_secret: matrix_username
- source: matrix_password PASS:
target: pass from_secret: matrix_password
commands: commands:
- nix run '.#matrix-notifier' - nix run '.#matrix-notifier'
when: when:

View file

@ -14,11 +14,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1707830867, "lastModified": 1723293904,
"narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -73,11 +73,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1709336216, "lastModified": 1733312601,
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -94,11 +94,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1709126324, "lastModified": 1731533236,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605", "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -116,11 +116,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1703887061, "lastModified": 1709087332,
"narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=", "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "gitignore.nix", "repo": "gitignore.nix",
"rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5", "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -136,11 +136,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1709988192, "lastModified": 1735381016,
"narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=", "narHash": "sha256-CyCZFhMUkuYbSD6bxB/r43EdmDE7hYeZZPTCv0GudO4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030", "rev": "10e99c43cdf4a0713b4e81d90691d22c6a58bdf2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -152,11 +152,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1709703039, "lastModified": 1735291276,
"narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=", "narHash": "sha256-NYVcA06+blsLG6wpAbSPTCyLvxD/92Hy4vlY9WxFI1M=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d", "rev": "634fd46801442d760e09493a794c4f15db2d0cbb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -167,12 +167,21 @@
} }
}, },
"nur": { "nur": {
"inputs": {
"flake-parts": [
"flake-parts"
],
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": { "locked": {
"lastModified": 1710013455, "lastModified": 1735408823,
"narHash": "sha256-qzOpU4APTso6JLA+/F4zlO/yL8++n/CsUpmxbQAsy/4=", "narHash": "sha256-1VjQeMQer5nXNYtw+BG+s78ucaEoxO5oqj+yRmM8MMs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "cf1e9b0e085368cc489c765f285f1d07c2ec8d36", "rev": "8283ea92deac8cdb6fd63ff04049ac9e879bf5eb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -185,9 +194,6 @@
"pre-commit-hooks": { "pre-commit-hooks": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-utils": [
"futils"
],
"gitignore": "gitignore", "gitignore": "gitignore",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@ -197,11 +203,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1708018599, "lastModified": 1734797603,
"narHash": "sha256-M+Ng6+SePmA8g06CmUZWi1AjG2tFBX9WCXElBHEKnyM=", "narHash": "sha256-ulZN7ps8nBV31SE+dwkDvKIzvN6hroRY8sYOT0w+E28=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "5df5a70ad7575f6601d91f0efec95dd9bc619431", "rev": "f0f0dc4920a903c3e08f5bdb9246bb572fcae498",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -238,6 +244,27 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733222881,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

View file

@ -55,6 +55,10 @@
owner = "nix-community"; owner = "nix-community";
repo = "NUR"; repo = "NUR";
ref = "master"; ref = "master";
inputs = {
flake-parts.follows = "flake-parts";
nixpkgs.follows = "nixpkgs";
};
}; };
pre-commit-hooks = { pre-commit-hooks = {
@ -63,7 +67,6 @@
repo = "pre-commit-hooks.nix"; repo = "pre-commit-hooks.nix";
ref = "master"; ref = "master";
inputs = { inputs = {
flake-utils.follows = "futils";
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs";
}; };

View file

@ -7,7 +7,6 @@
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [
gitAndTools.pre-commit gitAndTools.pre-commit
lua-language-server
nixpkgs-fmt nixpkgs-fmt
]; ];

View file

@ -25,7 +25,7 @@ let
inherit system; inherit system;
overlays = (lib.attrValues self.overlays) ++ [ overlays = (lib.attrValues self.overlays) ++ [
inputs.nur.overlay inputs.nur.overlays.default
]; ];
}; };

View file

@ -7,7 +7,7 @@ let
} }
{ {
nixpkgs.overlays = (lib.attrValues self.overlays) ++ [ nixpkgs.overlays = (lib.attrValues self.overlays) ++ [
inputs.nur.overlay inputs.nur.overlays.default
]; ];
} }
# Include generic settings # Include generic settings

View file

@ -2,7 +2,7 @@
{ {
my.home = { my.home = {
# Use graphical pinentry # Use graphical pinentry
bitwarden.pinentry = "gtk2"; bitwarden.pinentry = pkgs.pinentry-gtk2;
# Ebook library # Ebook library
calibre.enable = true; calibre.enable = true;
# Some amount of social life # Some amount of social life
@ -14,7 +14,7 @@
# Blue light filter # Blue light filter
gammastep.enable = true; gammastep.enable = true;
# Use a small popup to enter passwords # Use a small popup to enter passwords
gpg.pinentry = "gtk2"; gpg.pinentry = pkgs.pinentry-gtk2;
# Machine specific packages # Machine specific packages
packages.additionalPackages = with pkgs; [ packages.additionalPackages = with pkgs; [
element-desktop # Matrix client element-desktop # Matrix client

View file

@ -1,8 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 cKojmg bQFr9oAnbo1rI/MpUV8wQz/Xj7iZY4ZU+Swf0nSIQFw -> ssh-ed25519 cKojmg Ec0xt1uJTva8MxUdoTVX5m3uWaIiRlodf345FEM7Uzs
zama2XJ0gdvUlD2GHMhmZqHSxHe+dKSfXnHoWDcSw7Y aJIneWFJPB5HVeoUGp57agXih9YeZ6xMEbyQ+zJtWQY
-> ssh-ed25519 jPowng gitUwSKTNKWLSxnwa185O7x/u0ul93g8wPESdZaKRk8 -> ssh-ed25519 jPowng B5XotRgv7s/FUegGhceBj7EoukewNUOIFl4TFRQf1EQ
uvBIfAUkZp5sg6rfeEGvL5ZDV8m2uSEotW02kjPN3Hw PgGCBd/Pqwp7ayqi7okHBGF1SfFpwT4KlHJ/np6p2uQ
--- SZxe5f/CUZBvPQa2Sz/UBY3L68rMkIGGRuZPk7YE+Vg --- AeLgwGz6k3OABb53cXNaCU/sgI4FlU1s6p8PhAaFOlg
¾r ú&…¥‹{~v?¨}=Ä 1ÌÉCÔ¹ð¤ŽULfI1¸Hm»Ûòb}m” ÁÅ¡ìg•ß0¦¢–¤`X<16>G>\>¹8rŽz+ŠY ™¼`—Ê¢.JBUÏ!z¸Z50ú*õ¡ÙŸ¤×ÖÇ®I<C2AE>ôÔ]¹Ïå I
}+ ¿SQM[²]Œ±k MÒAàtŒÃmMë/£µLsü|Þ…m©CÀñiYC}ƒŽ‡çxŽ€ ĵ<18>¿oÒÛ°…g„®„ÒêÁ³Â¿Ÿt©nƒºãcz[»{
jçå&ÁõõNæ°Nÿo{õš½‚ -eP¾=L‰™ 6¦.SP:»e¶

View file

@ -1,8 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 cKojmg xRtF3XVc7yPicAV/E4U7mn0itvD0h1BWBTjwunuoe2E
OkB9sjGB3ulH4Feuyj3Ed0DBG4+mghW/Qpum9oXL/8c
-> ssh-ed25519 jPowng 1r8drqhz1yZdTq0Kvqya+ArU1C2fkN7Gg9LiWWfeUFg
cjbxntVwHvqLaJpiKs/Y8ojeb6e3/cLFcsoeuoobfFg
--- B1qA2PylJBrdZxZtCzlU2kRPvxLM+IrXTvR+ERxVtTY
"W9<57>Äbg¸©~Ì/áÕb4ãÕ†ú³ÜÔIÊ
Û}ð §ËÅË-³²ªNó±”ÑC7vWœbºØ?¦8=œÉwÆB ÃUpJClï²OÈ™³œnOÁ\

View file

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 cKojmg VYlHgHSLpfKb5bn1XA3aCpfX7M23DgbraLxxOfo9PDk
Rj+mDvAsWX3WwpuhTrOubmo17j/aud5+P87df5bosBA
-> ssh-ed25519 jPowng o9ZFaYrITZ6DjWw07Vk/+TkuU187/ytlEK4sw7G32G4
zmxlpDvDDEgQFqBVARXeX1ABhvfJ4uAHfa6mIxXzjAY
--- k/d9FWW8/OSo8EllwOBV74pZyX918u54jEljGk3ATUc
ü4+ø2{hE7!Ò­GA`×<>_@Íß—´¡R_ý§6J„ñL4v,6%ô‡øó#^® Ù¹ åB­§OøF|7ܽÉL]œÙj
BþóÛ¾éaòs]xS<78>Î pbÞo#¬J1QŸ=t}5Õ>Oï{+¼. M"7e»yý÷—

View file

@ -31,8 +31,14 @@ in
publicKeys = all; publicKeys = all;
}; };
"lohr/secret.age".publicKeys = all; "lohr/secret.age" = {
"lohr/ssh-key.age".publicKeys = all; owner = "lohr";
publicKeys = all;
};
"lohr/ssh-key.age" = {
owner = "lohr";
publicKeys = all;
};
"matrix/mail.age" = { "matrix/mail.age" = {
owner = "matrix-synapse"; owner = "matrix-synapse";
@ -42,9 +48,6 @@ in
owner = "matrix-synapse"; owner = "matrix-synapse";
publicKeys = all; publicKeys = all;
}; };
"matrix/sliding-sync-secret.age" = {
publicKeys = all;
};
"mealie/mail.age" = { "mealie/mail.age" = {
publicKeys = all; publicKeys = all;
@ -71,13 +74,24 @@ in
"paperless/password.age".publicKeys = all; "paperless/password.age".publicKeys = all;
"paperless/secret-key.age".publicKeys = all; "paperless/secret-key.age".publicKeys = all;
"pdf-edit/login.age".publicKeys = all;
"podgrab/password.age".publicKeys = all; "podgrab/password.age".publicKeys = all;
"pyload/credentials.age".publicKeys = all; "pyload/credentials.age".publicKeys = all;
"sso/auth-key.age".publicKeys = all; "sso/auth-key.age" = {
"sso/ambroisie/password-hash.age".publicKeys = all; owner = "nginx-sso";
"sso/ambroisie/totp-secret.age".publicKeys = all; publicKeys = all;
};
"sso/ambroisie/password-hash.age" = {
owner = "nginx-sso";
publicKeys = all;
};
"sso/ambroisie/totp-secret.age" = {
owner = "nginx-sso";
publicKeys = all;
};
"tandoor-recipes/secret-key.age".publicKeys = all; "tandoor-recipes/secret-key.age".publicKeys = all;

View file

@ -10,6 +10,11 @@ in
adblock = { adblock = {
enable = true; enable = true;
}; };
# Audiobook and podcast library
audiobookshelf = {
enable = true;
port = 9599;
};
# Backblaze B2 backup # Backblaze B2 backup
backup = { backup = {
enable = true; enable = true;
@ -64,9 +69,6 @@ in
mailConfigFile = secrets."matrix/mail".path; mailConfigFile = secrets."matrix/mail".path;
# Only necessary when doing the initial registration # Only necessary when doing the initial registration
secretFile = secrets."matrix/secret".path; secretFile = secrets."matrix/secret".path;
slidingSync = {
secretFile = secrets."matrix/sliding-sync-secret".path;
};
}; };
mealie = { mealie = {
enable = true; enable = true;
@ -93,6 +95,9 @@ in
nextcloud = { nextcloud = {
enable = true; enable = true;
passwordFile = secrets."nextcloud/password".path; passwordFile = secrets."nextcloud/password".path;
collabora = {
enable = true;
};
}; };
nix-cache = { nix-cache = {
enable = true; enable = true;
@ -122,19 +127,10 @@ in
passwordFile = secrets."paperless/password".path; passwordFile = secrets."paperless/password".path;
secretKeyFile = secrets."paperless/secret-key".path; secretKeyFile = secrets."paperless/secret-key".path;
}; };
# The whole *arr software suite # Sometimes, editing PDFs is useful
pirate = { pdf-edit = {
enable = true; enable = true;
# ... But not Lidarr because I don't care for music that much loginFile = secrets."pdf-edit/login".path;
lidarr = {
enable = false;
};
};
# Podcast automatic downloader
podgrab = {
enable = true;
passwordFile = secrets."podgrab/password".path;
port = 9598;
}; };
# Regular backups # Regular backups
postgresql-backup.enable = true; postgresql-backup.enable = true;
@ -146,13 +142,16 @@ in
rss-bridge.enable = true; rss-bridge.enable = true;
# Usenet client # Usenet client
sabnzbd.enable = true; sabnzbd.enable = true;
# Because I stilll need to play sysadmin # The whole *arr software suite
ssh-server.enable = true; servarr = {
# Recipe manager
tandoor-recipes = {
enable = true; enable = true;
secretKeyFile = secrets."tandoor-recipes/secret-key".path; # ... But not Lidarr because I don't care for music that much
lidarr = {
enable = false;
};
}; };
# Because I still need to play sysadmin
ssh-server.enable = true;
# Torrent client and webui # Torrent client and webui
transmission = { transmission = {
enable = true; enable = true;

View file

@ -1,15 +1,19 @@
{ config, lib, ... }: { config, lib, pkgs, ... }:
let let
cfg = config.my.home.atuin; cfg = config.my.home.atuin;
in in
{ {
options.my.home.atuin = with lib; { options.my.home.atuin = with lib; {
enable = my.mkDisableOption "atuin configuration"; enable = my.mkDisableOption "atuin configuration";
# I want the full experience by default
package = mkPackageOption pkgs "atuin" { };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
programs.atuin = { programs.atuin = {
enable = true; enable = true;
inherit (cfg) package;
flags = [ flags = [
# I *despise* this hijacking of the up key, even though I use Ctrl-p # I *despise* this hijacking of the up key, even though I use Ctrl-p

View file

@ -1,4 +1,4 @@
{ config, lib, ... }: { config, lib, pkgs, ... }:
let let
cfg = config.my.home.bitwarden; cfg = config.my.home.bitwarden;
in in
@ -6,12 +6,7 @@ in
options.my.home.bitwarden = with lib; { options.my.home.bitwarden = with lib; {
enable = my.mkDisableOption "bitwarden configuration"; enable = my.mkDisableOption "bitwarden configuration";
pinentry = mkOption { pinentry = mkPackageOption pkgs "pinentry" { default = [ "pinentry-tty" ]; };
type = types.str;
default = "tty";
example = "gtk2";
description = "Which pinentry interface to use";
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {

View file

@ -5,11 +5,13 @@ in
{ {
options.my.home.calibre = with lib; { options.my.home.calibre = with lib; {
enable = mkEnableOption "calibre configuration"; enable = mkEnableOption "calibre configuration";
package = mkPackageOption pkgs "calibre" { };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
home.packages = with pkgs; [ home.packages = with pkgs; [
calibre cfg.package
]; ];
}; };
} }

View file

@ -7,9 +7,9 @@ in
enable = my.mkDisableOption "direnv configuration"; enable = my.mkDisableOption "direnv configuration";
defaultFlake = mkOption { defaultFlake = mkOption {
type = types.str; type = with types; nullOr str;
default = "pkgs"; default = null;
example = "nixpkgs"; example = "pkgs";
description = '' description = ''
Which flake from the registry should be used for Which flake from the registry should be used for
<command>use pkgs</command> by default. <command>use pkgs</command> by default.
@ -39,7 +39,7 @@ in
in in
lib.my.genAttrs' files linkLibFile; lib.my.genAttrs' files linkLibFile;
home.sessionVariables = { home.sessionVariables = lib.mkIf (cfg.defaultFlake != null) {
DIRENV_DEFAULT_FLAKE = cfg.defaultFlake; DIRENV_DEFAULT_FLAKE = cfg.defaultFlake;
}; };
}; };

View file

@ -1,4 +1,4 @@
#shellcheck shell=bash # shellcheck shell=bash
# shellcheck disable=2155 # shellcheck disable=2155
use_android() { use_android() {
@ -32,10 +32,16 @@ use_android() {
-b|--build-tools) -b|--build-tools)
build_tools_version="$2" build_tools_version="$2"
shift 2 shift 2
if ! [ -e "$ANDROID_HOME/build-tools/$build_tools_version" ]; then
log_error "use_android: build-tools version '$build_tools_version' does not exist"
fi
;; ;;
-n|--ndk) -n|--ndk)
ndk_version="$2" ndk_version="$2"
shift 2 shift 2
if ! [ -e "$ANDROID_HOME/ndk/$ndk_version" ]; then
log_error "use_android: NDK version '$ndk_version' does not exist"
fi
;; ;;
--) --)
shift shift

View file

@ -1,4 +1,4 @@
#shellcheck shell=bash # shellcheck shell=bash
use_pkgs() { use_pkgs() {
if ! has nix; then if ! has nix; then

View file

@ -1,4 +1,4 @@
#shellcheck shell=bash # shellcheck shell=bash
layout_postgres() { layout_postgres() {
if ! has postgres || ! has initdb; then if ! has postgres || ! has initdb; then

View file

@ -1,4 +1,4 @@
#shellcheck shell=bash # shellcheck shell=bash
layout_poetry() { layout_poetry() {
if ! has poetry; then if ! has poetry; then
@ -9,12 +9,12 @@ layout_poetry() {
if [[ ! -f pyproject.toml ]]; then if [[ ! -f pyproject.toml ]]; then
# shellcheck disable=2016 # shellcheck disable=2016
log_error 'layout_poetry: no pyproject.toml found. Use `poetry new` or `poetry init` to create one first' log_error 'layout_poetry: no pyproject.toml found. Use `poetry init` to create one first'
return 1 return 1
fi fi
# create venv if it doesn't exist # create venv if it doesn't exist
poetry run true poetry run -q -- true
# shellcheck disable=2155 # shellcheck disable=2155
export VIRTUAL_ENV=$(poetry env info --path) export VIRTUAL_ENV=$(poetry env info --path)
@ -23,3 +23,35 @@ layout_poetry() {
watch_file pyproject.toml watch_file pyproject.toml
watch_file poetry.lock watch_file poetry.lock
} }
layout_uv() {
if ! has uv; then
# shellcheck disable=2016
log_error 'layout_uv: `uv` is not in PATH'
return 1
fi
if [[ ! -f pyproject.toml ]]; then
# shellcheck disable=2016
log_error 'layout_uv: no pyproject.toml found. Use `uv init` to create one first'
return 1
fi
local default_venv="$PWD/.venv"
: "${VIRTUAL_ENV:=$default_venv}"
# Use non-default venv path if required
if [ "$VIRTUAL_ENV" != "$default_venv" ]; then
export UV_PROJECT_ENVIRONMENT="$VIRTUAL_ENV"
fi
# create venv if it doesn't exist
uv venv -q
export VIRTUAL_ENV
export UV_ACTIVE=1
PATH_add "$VIRTUAL_ENV/bin"
watch_file pyproject.toml
watch_file uv.lock
watch_file .python-version
}

View file

@ -7,11 +7,13 @@ in
{ {
options.my.home.discord = with lib; { options.my.home.discord = with lib; {
enable = mkEnableOption "discord configuration"; enable = mkEnableOption "discord configuration";
package = mkPackageOption pkgs "discord" { };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
home.packages = with pkgs; [ home.packages = with pkgs; [
discord cfg.package
]; ];
xdg.configFile."discord/settings.json".source = xdg.configFile."discord/settings.json".source =

View file

@ -4,7 +4,7 @@
" Use dark color scheme " Use dark color scheme
colorscheme dark colorscheme dark
" Make tridactyl open Vim in my prefered terminal " Make tridactyl open Vim in my preferred terminal
set editorcmd @editorcmd@ set editorcmd @editorcmd@
" Remove editor file after use " Remove editor file after use
@ -15,8 +15,8 @@ bind --mode=input <C-i> editor_rm
" Binds {{{ " Binds {{{
" Reddit et al. {{{ " Reddit et al. {{{
" Toggle comments on Reddit, Hacker News, Lobste.rs " Toggle comments on Reddit, Hacker News, Lobste.rs, LWN
bind ;c hint -Jc [class*="expand"],[class*="togg"],[class="comment_folder"] bind ;c hint -Jc [class*="expand"],[class*="togg"],[class="comment_folder"],[class="CommentTitle"]
" Make `gu` take me back to subreddit from comments " Make `gu` take me back to subreddit from comments
bindurl reddit.com gu urlparent 3 bindurl reddit.com gu urlparent 3
@ -26,8 +26,8 @@ bindurl www.google.com f hint -Jc #search a
bindurl www.google.com F hint -Jbc #search a bindurl www.google.com F hint -Jbc #search a
" Only hint search results on DuckDuckGo " Only hint search results on DuckDuckGo
bindurl ^https://duckduckgo.com f hint -Jc [data-testid="result-title-a"] bindurl ^https://duckduckgo.com f hint -Jc [data-testid="result"]
bindurl ^https://duckduckgo.com F hint -Jbc [data-testid="result-title-a"] bindurl ^https://duckduckgo.com F hint -Jbc [data-testid="result"]
" Only hint item pages on Hacker News " Only hint item pages on Hacker News
bindurl news.ycombinator.com ;f hint -Jc .age > a bindurl news.ycombinator.com ;f hint -Jc .age > a

View file

@ -6,33 +6,28 @@ in
options.my.home.gdb = with lib; { options.my.home.gdb = with lib; {
enable = my.mkDisableOption "gdb configuration"; enable = my.mkDisableOption "gdb configuration";
package = mkPackageOption pkgs "gdb" { };
rr = { rr = {
enable = my.mkDisableOption "rr configuration"; enable = my.mkDisableOption "rr configuration";
package = mkOption { package = mkPackageOption pkgs "rr" { };
type = types.package;
default = pkgs.rr;
defaultText = literalExample "pkgs.rr";
description = ''
Package providing rr
'';
};
}; };
}; };
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enable (lib.mkMerge [
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
gdb cfg.package
]; ];
xdg = { xdg = {
configFile."gdb/gdbinit".source = ./gdbinit; configFile."gdb/gdbinit".source = ./gdbinit;
dataFile. "gdb/.keep".text = ""; stateFile."gdb/.keep".text = "";
}; };
home.sessionVariables = { home.sessionVariables = {
GDBHISTFILE = "${config.xdg.dataHome}/gdb/gdb_history"; GDBHISTFILE = "${config.xdg.stateHome}/gdb/gdb_history";
}; };
} }

View file

@ -1,4 +1,4 @@
{ config, lib, ... }: { config, lib, pkgs, ... }:
let let
cfg = config.my.home.gpg; cfg = config.my.home.gpg;
in in
@ -6,12 +6,7 @@ in
options.my.home.gpg = with lib; { options.my.home.gpg = with lib; {
enable = my.mkDisableOption "gpg configuration"; enable = my.mkDisableOption "gpg configuration";
pinentry = mkOption { pinentry = mkPackageOption pkgs "pinentry" { default = [ "pinentry-tty" ]; };
type = types.str;
default = "tty";
example = "gtk2";
description = "Which pinentry interface to use";
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
@ -22,7 +17,7 @@ in
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
enableSshSupport = true; # One agent to rule them all enableSshSupport = true; # One agent to rule them all
pinentryFlavor = cfg.pinentry; pinentryPackage = cfg.pinentry;
extraConfig = '' extraConfig = ''
allow-loopback-pinentry allow-loopback-pinentry
''; '';

View file

@ -21,12 +21,12 @@ in
}; };
iconTheme = { iconTheme = {
package = pkgs.gnome.gnome-themes-extra; package = pkgs.gnome-themes-extra;
name = "Adwaita"; name = "Adwaita";
}; };
theme = { theme = {
package = pkgs.gnome.gnome-themes-extra; package = pkgs.gnome-themes-extra;
name = "Adwaita"; name = "Adwaita";
}; };
}; };

View file

@ -58,7 +58,7 @@ in
{ {
config.accounts.email.accounts = { config.accounts.email.accounts = {
personal = lib.mkMerge [ personal = lib.mkMerge [
# Common configuraton # Common configuration
(mkConfig { (mkConfig {
domain = "belanyi.fr"; domain = "belanyi.fr";
address = "bruno"; address = "bruno";
@ -70,7 +70,7 @@ in
]; ];
gmail = lib.mkMerge [ gmail = lib.mkMerge [
# Common configuraton # Common configuration
(mkConfig { (mkConfig {
domain = "gmail.com"; domain = "gmail.com";
address = "brunobelanyi"; address = "brunobelanyi";

View file

@ -22,12 +22,16 @@ in
options.my.home.nix = with lib; { options.my.home.nix = with lib; {
enable = my.mkDisableOption "nix configuration"; enable = my.mkDisableOption "nix configuration";
gc = {
enable = my.mkDisableOption "nix GC configuration";
};
cache = { cache = {
selfHosted = my.mkDisableOption "self-hosted cache"; selfHosted = my.mkDisableOption "self-hosted cache";
}; };
inputs = { inputs = {
link = my.mkDisableOption "link inputs to `/etc/nix/inputs/`"; link = my.mkDisableOption "link inputs to `$XDG_CONFIG_HOME/nix/inputs/`";
addToRegistry = my.mkDisableOption "add inputs and self to registry"; addToRegistry = my.mkDisableOption "add inputs and self to registry";
@ -60,6 +64,22 @@ in
}; };
} }
(lib.mkIf cfg.gc.enable {
nix.gc = {
automatic = true;
# Every week, with some wiggle room
frequency = "weekly";
randomizedDelaySec = "10min";
# Use a persistent timer for e.g: laptops
persistent = true;
# Delete old profiles automatically after 15 days
options = "--delete-older-than 15d";
};
})
(lib.mkIf cfg.cache.selfHosted { (lib.mkIf cfg.cache.selfHosted {
nix = { nix = {
settings = { settings = {
@ -96,7 +116,7 @@ in
}) })
(lib.mkIf cfg.inputs.addToNixPath { (lib.mkIf cfg.inputs.addToNixPath {
home.sessionVariables.NIX_PATH = "${config.xdg.configHome}/nix/inputs\${NIX_PATH:+:$NIX_PATH}"; nix.nixPath = [ "${config.xdg.configHome}/nix/inputs" ];
}) })
]); ]);
} }

View file

@ -26,6 +26,7 @@ in
fd fd
file file
ripgrep ripgrep
tree
] ++ cfg.additionalPackages); ] ++ cfg.additionalPackages);
nixpkgs.config = { nixpkgs.config = {

View file

@ -15,7 +15,7 @@ in
# Clear the screen on start and exit # Clear the screen on start and exit
LESS = "-R -+X -c"; LESS = "-R -+X -c";
# Better XDG compliance # Better XDG compliance
LESSHISTFILE = "${config.xdg.dataHome}/less/history"; LESSHISTFILE = "${config.xdg.stateHome}/less/history";
LESSKEY = "${config.xdg.configHome}/less/lesskey"; LESSKEY = "${config.xdg.configHome}/less/lesskey";
}; };
}; };

View file

@ -30,7 +30,7 @@ in
}); });
default = { ${config.my.home.terminal.program} = { }; }; default = { ${config.my.home.terminal.program} = { }; };
defaultText = litteralExpression '' defaultText = literalExpression ''
{ ''${config.my.home.terminal.program} = { }; }; { ''${config.my.home.terminal.program} = { }; };
''; '';
example = { xterm-256color = { }; }; example = { xterm-256color = { }; };
@ -47,6 +47,8 @@ in
clock24 = true; # I'm one of those heathens clock24 = true; # I'm one of those heathens
escapeTime = 0; # Let vim do its thing instead escapeTime = 0; # Let vim do its thing instead
historyLimit = 100000; # Bigger buffer historyLimit = 100000; # Bigger buffer
mouse = false; # I dislike mouse support
focusEvents = true; # Report focus events
terminal = "tmux-256color"; # I want accurate termcap info terminal = "tmux-256color"; # I want accurate termcap info
plugins = with pkgs.tmuxPlugins; [ plugins = with pkgs.tmuxPlugins; [
@ -80,6 +82,13 @@ in
]; ];
extraConfig = '' extraConfig = ''
# Refresh configuration
bind-key -N "Source tmux.conf" R source-file ${config.xdg.configHome}/tmux/tmux.conf \; display-message "Sourced tmux.conf!"
# Accept sloppy Ctrl key when switching windows, on top of default mapping
bind-key -N "Select the previous window" C-p previous-window
bind-key -N "Select the next window" C-n next-window
# Better vim mode # Better vim mode
bind-key -T copy-mode-vi 'v' send -X begin-selection bind-key -T copy-mode-vi 'v' send -X begin-selection
${ ${

View file

@ -0,0 +1,6 @@
" Create the `b:undo_ftplugin` variable if it doesn't exist
call ftplugined#check_undo_ft()
" Use a small indentation value on JSON files
setlocal shiftwidth=2
let b:undo_ftplugin.='|setlocal shiftwidth<'

View file

@ -1,6 +0,0 @@
" Create the `b:undo_ftplugin` variable if it doesn't exist
call ftplugined#check_undo_ft()
" Don't show Netrw in buffer list
setlocal bufhidden=delete
let b:undo_ftplugin='|setlocal bufhidden<'

View file

@ -0,0 +1,6 @@
" Create the `b:undo_ftplugin` variable if it doesn't exist
call ftplugined#check_undo_ft()
" Use a small indentation value on query files
setlocal shiftwidth=2
let b:undo_ftplugin.='|setlocal shiftwidth<'

View file

@ -1,10 +0,0 @@
local wk = require("which-key")
local keys = {
name = "Comment/uncomment",
c = "Current line",
u = "Uncomment the current and adjacent commented lines",
["gc"] = "Uncomment the current and adjacent commented lines",
}
wk.register(keys, { prefix = "gc" })

View file

@ -1,7 +0,0 @@
local wk = require("which-key")
local keys = {
["<leader>"] = { "<cmd>nohls<CR>", "Clear search highlight" },
}
wk.register(keys, { prefix = "<leader>" })

View file

@ -1,15 +0,0 @@
local wk = require("which-key")
local telescope_builtin = require("telescope.builtin")
local keys = {
f = {
name = "Fuzzy finder",
b = { telescope_builtin.buffers, "Open buffers" },
f = { telescope_builtin.git_files, "Git tracked files" },
F = { telescope_builtin.find_files, "Files" },
g = { telescope_builtin.live_grep, "Grep string" },
G = { telescope_builtin.grep_string, "Grep string under cursor" },
},
}
wk.register(keys, { prefix = "<leader>" })

View file

@ -1,30 +0,0 @@
local wk = require("which-key")
local motions = {
["]m"] = "Next method start",
["]M"] = "Next method end",
["]S"] = "Next statement start",
["]]"] = "Next class start",
["]["] = "Next class end",
["[m"] = "Previous method start",
["[M"] = "Previous method end",
["[S"] = "Previous statement start",
["[["] = "Previous class start",
["[]"] = "Previous class end",
}
local objects = {
["aa"] = "a parameter",
["ia"] = "inner parameter",
["ab"] = "a block",
["ib"] = "inner block",
["ac"] = "a class",
["ic"] = "inner class",
["af"] = "a function",
["if"] = "inner function",
["ak"] = "a comment",
["aS"] = "a statement",
}
wk.register(motions, { mode = "n" })
wk.register(objects, { mode = "o" })

View file

@ -3,126 +3,124 @@ local wk = require("which-key")
local lsp = require("ambroisie.lsp") local lsp = require("ambroisie.lsp")
local keys = { local keys = {
-- Edition and navigation mappins -- Previous
["["] = { { "[", group = "Previous" },
name = "Previous", -- Edition and navigation mappings
["<space>"] = "Insert blank line above", { "[<space>", desc = "Insert blank line above" },
["<C-L>"] = "Previous location list file", { "[<C-L>", desc = "Previous location list file" },
["<C-Q>"] = "Previous quickfix list file", { "[<C-Q>", desc = "Previous quickfix list file" },
["<C-T>"] = "Previous tag in preview window", { "[<C-T>", desc = "Previous tag in preview window" },
a = "Previous argument", { "[a", desc = "Previous argument" },
A = "First argument", { "[A", desc = "First argument" },
b = "Previous buffer", { "[b", desc = "Previous buffer" },
B = "First buffer", { "[B", desc = "First buffer" },
e = "Exchange previous line", { "[e", desc = "Exchange previous line" },
f = "Previous file in directory", { "[f", desc = "Previous file in directory" },
l = "Previous location list entry", { "[l", desc = "Previous location list entry" },
L = "First Location list entry", { "[L", desc = "First Location list entry" },
n = "Previous conflict marker/diff hunk", { "[n", desc = "Previous conflict marker/diff hunk" },
p = "Paste line above", { "[p", desc = "Paste line above" },
P = "Paste line above", { "[P", desc = "Paste line above" },
q = "Previous quickfix list entry", { "[q", desc = "Previous quickfix list entry" },
Q = "First quickfix list entry", { "[Q", desc = "First quickfix list entry" },
t = "Previous matching tag", { "[t", desc = "Previous matching tag" },
T = "First matching tag", { "[T", desc = "First matching tag" },
z = "Previous fold", { "[z", desc = "Previous fold" },
-- Encoding -- Encoding
C = "C string encode", { "[C", desc = "C string encode" },
u = "URL encode", { "[u", desc = "URL encode" },
x = "XML encode", { "[x", desc = "XML encode" },
y = "C string encode", { "[y", desc = "C string encode" },
-- Custom -- Custom
d = { lsp.goto_prev_diagnostic, "Previous diagnostic" }, { "[d", lsp.goto_prev_diagnostic, desc = "Previous diagnostic" },
},
["]"] = {
name = "Next",
["<space>"] = "Insert blank line below",
["<C-L>"] = "Next location list file",
["<C-Q>"] = "Next quickfix list file",
["<C-T>"] = "Next tag in preview window",
a = "Next argument",
A = "Last argument",
b = "Next buffer",
B = "Last buffer",
e = "Exchange next line",
f = "Next file in directory",
l = "Next location list entry",
L = "Last Location list entry",
n = "Next conflict marker/diff hunk",
p = "Paste line below",
P = "Paste line below",
q = "Next quickfix list entry",
Q = "Last quickfix list entry",
t = "Next matching tag",
T = "Last matching tag",
z = "Next fold",
-- Decoding
C = "C string decode",
u = "URL decode",
x = "XML decode",
y = "C string decode",
-- Custom
d = { lsp.goto_next_diagnostic, "Next diagnostic" },
},
-- Option mappings -- Next
["[o"] = { { "]", group = "Next" },
name = "Enable option", -- Edition and navigation mappings
b = "Light background", { "]<space>", desc = "Insert blank line below" },
c = "Cursor line", { "]<C-L>", desc = "Next location list file" },
d = "Diff", { "]<C-Q>", desc = "Next quickfix list file" },
f = { "<cmd>FormatEnable<CR>", "LSP Formatting" }, { "]<C-T>", desc = "Next tag in preview window" },
h = "Search high-lighting", { "]a", desc = "Next argument" },
i = "Case insensitive search", { "]A", desc = "Last argument" },
l = "List mode", { "]b", desc = "Next buffer" },
n = "Line numbers", { "]B", desc = "Last buffer" },
r = "Relative line numbers", { "]e", desc = "Exchange next line" },
p = { "<cmd>lwindow<CR>", "Location list" }, { "]f", desc = "Next file in directory" },
q = { "<cmd>cwindow<CR>", "Quickfix list" }, { "]l", desc = "Next location list entry" },
u = "Cursor column", { "]L", desc = "Last Location list entry" },
v = "Virtual editing", { "]n", desc = "Next conflict marker/diff hunk" },
w = "Text wrapping", { "]p", desc = "Paste line below" },
x = "Cursor line and column", { "]P", desc = "Paste line below" },
z = "Spell checking", { "]q", desc = "Next quickfix list entry" },
}, { "]Q", desc = "Last quickfix list entry" },
["]o"] = { { "]t", desc = "Next matching tag" },
name = "Option off", { "]T", desc = "Last matching tag" },
b = "Light background", { "]z", desc = "Next fold" },
c = "Cursor line", -- Decoding
d = "Diff", { "]C", desc = "C string decode" },
f = { "<cmd>FormatDisable<CR>", "LSP Formatting" }, { "]u", desc = "URL decode" },
h = "Search high-lighting", { "]x", desc = "XML decode" },
i = "Case insensitive search", { "]y", desc = "C string decode" },
l = "List mode", -- Custom
n = "Line numbers", { "]d", lsp.goto_next_diagnostic, desc = "Next diagnostic" },
p = { "<cmd>lclose<CR>", "Location list" },
q = { "<cmd>cclose<CR>", "Quickfix list" }, -- Enable option
r = "Relative line numbers", { "[o", group = "Enable option" },
u = "Cursor column", { "[ob", desc = "Light background" },
v = "Virtual editing", { "[oc", desc = "Cursor line" },
w = "Text wrapping", { "[od", desc = "Diff" },
x = "Cursor line and column", { "[of", "<cmd>FormatEnable<CR>", desc = "LSP Formatting" },
z = "Spell checking", { "[oh", desc = "Search high-lighting" },
}, { "[oi", desc = "Case insensitive search" },
["yo"] = { { "[ol", desc = "List mode" },
name = "Option toggle", { "[on", desc = "Line numbers" },
b = "Light background", { "[or", desc = "Relative line numbers" },
c = "Cursor line", { "[op", "<cmd>lwindow<CR>", desc = "Location list" },
d = "Diff", { "[oq", "<cmd>cwindow<CR>", desc = "Quickfix list" },
f = { "<cmd>FormatToggle<CR>", "LSP Formatting" }, { "[ou", desc = "Cursor column" },
h = "Search high-lighting", { "[ov", desc = "Virtual editing" },
i = "Case insensitive search", { "[ow", desc = "Text wrapping" },
l = "List mode", { "[ox", desc = "Cursor line and column" },
n = "Line numbers", { "[oz", desc = "Spell checking" },
p = { "<Plug>(qf_loc_toggle)", "Location list" },
q = { "<Plug>(qf_qf_toggle)", "Quickfix list" }, -- Disable option
r = "Relative line numbers", { "]o", group = "Disable option" },
u = "Cursor column", { "]ob", desc = "Light background" },
v = "Virtual editing", { "]oc", desc = "Cursor line" },
w = "Text wrapping", { "]od", desc = "Diff" },
x = "Cursor line and column", { "]of", "<cmd>FormatDisable<CR>", desc = "LSP Formatting" },
z = "Spell checking", { "]oh", desc = "Search high-lighting" },
}, { "]oi", desc = "Case insensitive search" },
{ "]ol", desc = "List mode" },
{ "]on", desc = "Line numbers" },
{ "]op", "<cmd>lclose<CR>", desc = "Location list" },
{ "]oq", "<cmd>cclose<CR>", desc = "Quickfix list" },
{ "]or", desc = "Relative line numbers" },
{ "]ou", desc = "Cursor column" },
{ "]ov", desc = "Virtual editing" },
{ "]ow", desc = "Text wrapping" },
{ "]ox", desc = "Cursor line and column" },
{ "]oz", desc = "Spell checking" },
-- Toggle option
{ "yo", group = "Toggle option" },
{ "yob", desc = "Light background" },
{ "yoc", desc = "Cursor line" },
{ "yod", desc = "Diff" },
{ "yof", "<cmd>FormatToggle<CR>", desc = "LSP Formatting" },
{ "yoh", desc = "Search high-lighting" },
{ "yoi", desc = "Case insensitive search" },
{ "yol", desc = "List mode" },
{ "yon", desc = "Line numbers" },
{ "yop", "<Plug>(qf_loc_toggle)", desc = "Location list" },
{ "yoq", "<Plug>(qf_qf_toggle)", desc = "Quickfix list" },
{ "yor", desc = "Relative line numbers" },
{ "you", desc = "Cursor column" },
{ "yov", desc = "Virtual editing" },
{ "yow", desc = "Text wrapping" },
{ "yox", desc = "Cursor line and column" },
{ "yoz", desc = "Spell checking" },
} }
wk.register(keys) wk.add(keys)

View file

@ -0,0 +1,5 @@
; extends
; I want to the line added/removed markers to be the correct color
"+" @diff.plus
"-" @diff.minus

View file

@ -40,25 +40,18 @@ in
lualine-lsp-progress # Show progress for LSP servers lualine-lsp-progress # Show progress for LSP servers
# tpope essentials # tpope essentials
vim-commentary # Easy comments
vim-eunuch # UNIX integrations vim-eunuch # UNIX integrations
vim-fugitive # A 'git' wrapper vim-fugitive # A 'git' wrapper
vim-git # Sane git syntax files vim-git # Sane git syntax files
vim-repeat # Enanche '.' for plugins vim-repeat # Enanche '.' for plugins
vim-rsi # Readline mappings vim-rsi # Readline mappings
vim-unimpaired # Some ex command mappings vim-unimpaired # Some ex command mappings
vim-vinegar # Better netrw
# Languages # Languages
rust-vim
vim-beancount vim-beancount
vim-jsonnet
vim-nix
vim-toml
# General enhancements # General enhancements
vim-qf # Better quick-fix list vim-qf # Better quick-fix list
nvim-osc52 # Send clipboard data through terminal escape for SSH
# Other wrappers # Other wrappers
git-messenger-vim # A simple blame window git-messenger-vim # A simple blame window
@ -70,7 +63,6 @@ in
none-ls-nvim # LSP integration for linters and formatters none-ls-nvim # LSP integration for linters and formatters
nvim-treesitter.withAllGrammars # Better highlighting nvim-treesitter.withAllGrammars # Better highlighting
nvim-treesitter-textobjects # More textobjects nvim-treesitter-textobjects # More textobjects
nvim-ts-context-commentstring # Comment string in nested language blocks
plenary-nvim # 'null-ls', 'telescope' dependency plenary-nvim # 'null-ls', 'telescope' dependency
# Completion # Completion
@ -88,6 +80,7 @@ in
dressing-nvim # Integrate native UI hooks with Telescope etc... dressing-nvim # Integrate native UI hooks with Telescope etc...
gitsigns-nvim # Fast git UI integration gitsigns-nvim # Fast git UI integration
nvim-surround # Deal with pairs, now in Lua nvim-surround # Deal with pairs, now in Lua
oil-nvim # Better alternative to NetrW
telescope-fzf-native-nvim # Use 'fzf' fuzzy matching algorithm telescope-fzf-native-nvim # Use 'fzf' fuzzy matching algorithm
telescope-lsp-handlers-nvim # Use 'telescope' for various LSP actions telescope-lsp-handlers-nvim # Use 'telescope' for various LSP actions
telescope-nvim # Fuzzy finder interface telescope-nvim # Fuzzy finder interface
@ -105,8 +98,11 @@ in
nixpkgs-fmt nixpkgs-fmt
# Shell # Shell
nodePackages.bash-language-server bash-language-server
shfmt shfmt
# Generic
typos-lsp
]; ];
}; };

View file

@ -1,7 +0,0 @@
-- Use GN filetype for Chromium Generate Ninja files
vim.filetype.add({
extension = {
gn = "gn",
gni = "gn",
},
})

View file

@ -1,6 +0,0 @@
-- Kbuild is just a Makefile under a different name
vim.filetype.add({
filename = {
["Kbuild"] = "make",
},
})

View file

@ -1,6 +0,0 @@
-- Use LaTeX filetype for TikZ files
vim.filetype.add({
extension = {
tikz = "tex",
},
})

View file

@ -1,4 +1,4 @@
" Basic configuraion {{{ " Basic configuration {{{
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
" Use UTF-8 " Use UTF-8
set encoding=utf-8 set encoding=utf-8
@ -38,10 +38,10 @@ set tabstop=8
" File parameters {{{ " File parameters {{{
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
" Disable backups, we have source control for that " Disable swap files
set nobackup
" Disable swapfiles too
set noswapfile set noswapfile
" Enable undo files
set undofile
" }}} " }}}
" UI and UX parameters {{{ " UI and UX parameters {{{
@ -86,8 +86,29 @@ set mouse=
" Set dark mode by default " Set dark mode by default
set background=dark set background=dark
" 24 bit colors " Setup some overrides for gruvbox
set termguicolors lua << EOF
local gruvbox = require("gruvbox")
local colors = gruvbox.palette
gruvbox.setup({
overrides = {
-- Only URLs should be underlined
["@string.special.path"] = { link = "GruvboxOrange" },
-- Revert back to the better diff highlighting
DiffAdd = { fg = colors.green, bg = "NONE" },
DiffChange = { fg = colors.aqua, bg = "NONE" },
DiffDelete = { fg = colors.red, bg = "NONE" },
DiffText = { fg = colors.yellow, bg = colors.bg0 },
-- Directories "pop" better in blue
Directory = { link = "GruvboxBlueBold" },
},
italic = {
-- Comments should not be italic, for e.g: box drawing
comments = false,
},
})
EOF
" Use my preferred colorscheme " Use my preferred colorscheme
colorscheme gruvbox colorscheme gruvbox
" }}} " }}}

View file

@ -5,7 +5,7 @@ local lsp_format = require("lsp-format")
--- Move to the next/previous diagnostic, automatically showing the diagnostics --- Move to the next/previous diagnostic, automatically showing the diagnostics
--- float if necessary. --- float if necessary.
--- @param forward whether to go forward or backwards --- @param forward bool whether to go forward or backwards
local function goto_diagnostic(forward) local function goto_diagnostic(forward)
vim.validate({ vim.validate({
forward = { forward, "boolean" }, forward = { forward, "boolean" },
@ -42,7 +42,7 @@ end
--- shared LSP configuration callback --- shared LSP configuration callback
--- @param client native client configuration --- @param client native client configuration
--- @param bufnr int? buffer number of the attched client --- @param bufnr int? buffer number of the attached client
M.on_attach = function(client, bufnr) M.on_attach = function(client, bufnr)
-- Format on save -- Format on save
lsp_format.on_attach(client, bufnr) lsp_format.on_attach(client, bufnr)
@ -87,31 +87,30 @@ M.on_attach = function(client, bufnr)
end end
local keys = { local keys = {
K = { vim.lsp.buf.hover, "Show symbol information" }, buffer = bufnr,
["<C-k>"] = { vim.lsp.buf.signature_help, "Show signature information" }, -- LSP navigation
["gd"] = { vim.lsp.buf.definition, "Go to definition" }, { "K", vim.lsp.buf.hover, desc = "Show symbol information" },
["gD"] = { vim.lsp.buf.declaration, "Go to declaration" }, { "<C-k>", vim.lsp.buf.signature_help, desc = "Show signature information" },
["gi"] = { vim.lsp.buf.implementation, "Go to implementation" }, { "gd", vim.lsp.buf.definition, desc = "Go to definition" },
["gr"] = { vim.lsp.buf.references, "List all references" }, { "gD", vim.lsp.buf.declaration, desc = "Go to declaration" },
{ "gi", vim.lsp.buf.implementation, desc = "Go to implementation" },
["<leader>c"] = { { "gr", vim.lsp.buf.references, desc = "List all references" },
name = "Code", -- Code
a = { vim.lsp.buf.code_action, "Code actions" }, { "<leader>c", group = "Code" },
d = { cycle_diagnostics_display, "Cycle diagnostics display" }, { "<leader>ca", vim.lsp.buf.code_action, desc = "Code actions" },
D = { show_buffer_diagnostics, "Show buffer diagnostics" }, { "<leader>cd", cycle_diagnostics_display, desc = "Cycle diagnostics display" },
r = { vim.lsp.buf.rename, "Rename symbol" }, { "<leader>cD", show_buffer_diagnostics, desc = "Show buffer diagnostics" },
s = { vim.lsp.buf.signature_help, "Show signature" }, { "<leader>cr", vim.lsp.buf.rename, desc = "Rename symbol" },
t = { vim.lsp.buf.type_definition, "Go to type definition" }, { "<leader>cs", vim.lsp.buf.signature_help, desc = "Show signature" },
w = { { "<leader>ct", vim.lsp.buf.type_definition, desc = "Go to type definition" },
name = "Workspace", -- Workspace
a = { vim.lsp.buf.add_workspace_folder, "Add folder to workspace" }, { "<leader>cw", group = "Workspace" },
l = { list_workspace_folders, "List folders in workspace" }, { "<leader>cwa", vim.lsp.buf.add_workspace_folder, desc = "Add folder to workspace" },
r = { vim.lsp.buf.remove_workspace_folder, "Remove folder from workspace" }, { "<leader>cwl", list_workspace_folders, desc = "List folders in workspace" },
}, { "<leader>cwr", vim.lsp.buf.remove_workspace_folder, desc = "Remove folder from workspace" },
},
} }
wk.register(keys, { buffer = bufnr }) wk.add(keys)
end end
return M return M

View file

@ -48,4 +48,22 @@ M.list_lsp_clients = function(bufnr)
return names return names
end end
--- partially apply a function with given arguments
M.partial = function(f, ...)
local a = { ... }
local a_len = select("#", ...)
return function(...)
local tmp = { ... }
local tmp_len = select("#", ...)
-- Merge arg lists
for i = 1, tmp_len do
a[a_len + i] = tmp[i]
end
return f(unpack(a, 1, a_len + tmp_len))
end
end
return M return M

View file

@ -7,17 +7,28 @@ local numbertoggle = vim.api.nvim_create_augroup("numbertoggle", { clear = true
vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "InsertLeave", "WinEnter" }, { vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "InsertLeave", "WinEnter" }, {
pattern = "*", pattern = "*",
group = numbertoggle, group = numbertoggle,
command = "if &nu | setlocal rnu | endif", callback = function()
if vim.opt.number:get() then
vim.opt.relativenumber = true
end
end,
}) })
vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "InsertEnter", "WinLeave" }, { vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "InsertEnter", "WinLeave" }, {
pattern = "*", pattern = "*",
group = numbertoggle, group = numbertoggle,
command = "if &nu | setlocal nornu | endif", callback = function()
if vim.opt.number:get() then
vim.opt.relativenumber = false
end
end,
}) })
-- Never show the sign column in a terminal buffer -- Never show the sign column in a terminal buffer
vim.api.nvim_create_autocmd({ "TermOpen" }, { vim.api.nvim_create_autocmd({ "TermOpen" }, {
pattern = "*", pattern = "*",
group = numbertoggle, group = numbertoggle,
command = "setlocal nonu nornu", callback = function()
vim.opt.number = false
vim.opt.relativenumber = false
end,
}) })

View file

@ -1,58 +1,75 @@
local gitsigns = require("gitsigns") local gitsigns = require("gitsigns")
local utils = require("ambroisie.utils")
local wk = require("which-key") local wk = require("which-key")
--- Transform `f` into a function which acts on the current visual selection
local function make_visual(f)
return function()
local first = vim.fn.line("v")
local last = vim.fn.line(".")
f({ first, last })
end
end
local function nav_hunk(dir)
if vim.wo.diff then
local map = {
prev = "[c",
next = "]c",
}
vim.cmd.normal({ map[dir], bang = true })
else
gitsigns.nav_hunk(dir)
end
end
gitsigns.setup({ gitsigns.setup({
current_line_blame_opts = { current_line_blame_opts = {
-- Show the blame quickly -- Show the blame quickly
delay = 100, delay = 100,
}, },
-- Work-around for https://github.com/lewis6991/gitsigns.nvim/issues/929
signs_staged_enable = false,
}) })
local keys = { local keys = {
-- Navigation -- Navigation
["[c"] = { "&diff ? '[c' : '<cmd>Gitsigns prev_hunk<CR>'", "Previous hunk/diff", expr = true }, { "[c", utils.partial(nav_hunk, "prev"), desc = "Previous hunk/diff" },
["]c"] = { "&diff ? ']c' : '<cmd>Gitsigns next_hunk<CR>'", "Next hunk/diff", expr = true }, { "]c", utils.partial(nav_hunk, "next"), desc = "Next hunk/diff" },
-- Commands -- Commands
["<leader>g"] = { { "<leader>g", group = "Git" },
name = "Git", { "<leader>gb", gitsigns.toggle_current_line_blame, desc = "Toggle blame virtual text" },
-- Actions { "<leader>gd", gitsigns.diffthis, desc = "Diff buffer" },
b = { gitsigns.toggle_current_line_blame, "Toggle blame virtual text" }, { "<leader>gD", utils.partial(gitsigns.diffthis, "~"), desc = "Diff buffer against last commit" },
d = { gitsigns.diffthis, "Diff buffer" }, { "<leader>gg", "<cmd>Git<CR>", desc = "Git status" },
-- stylua: ignore { "<leader>gh", gitsigns.toggle_deleted, desc = "Show deleted hunks" },
D = { function() gitsigns.diffthis("~") end, "Diff buffer against last commit" }, { "<leader>gL", "<cmd>:sp<CR><C-w>T:Gllog --follow -- %:p<CR>", desc = "Current buffer log" },
g = { "<cmd>Git<CR>", "Git status" }, { "<leader>gm", "<Plug>(git-messenger)", desc = "Current line blame" },
h = { gitsigns.toggle_deleted, "Show deleted hunks" }, { "<leader>gp", gitsigns.preview_hunk, desc = "Preview hunk" },
L = { "<cmd>:sp<CR><C-w>T:Gllog --follow -- %:p<CR>", "Current buffer log" }, { "<leader>gr", gitsigns.reset_hunk, desc = "Restore hunk" },
m = { "<Plug>(git-messenger)", "Current line blame" }, { "<leader>gR", gitsigns.reset_buffer, desc = "Restore buffer" },
p = { gitsigns.preview_hunk, "Preview hunk" }, { "<leader>gs", gitsigns.stage_hunk, desc = "Stage hunk" },
r = { gitsigns.reset_hunk, "Restore hunk" }, { "<leader>gS", gitsigns.stage_buffer, desc = "Stage buffer" },
R = { gitsigns.reset_buffer, "Restore buffer" }, { "<leader>gu", gitsigns.undo_stage_hunk, desc = "Undo stage hunk" },
s = { gitsigns.stage_hunk, "Stage hunk" }, { "<leader>g[", utils.partial(gitsigns.nav_hunk, "prev"), desc = "Previous hunk" },
S = { gitsigns.stage_buffer, "Stage buffer" }, { "<leader>g]", utils.partial(gitsigns.nav_hunk, "next"), desc = "Next hunk" },
u = { gitsigns.undo_stage_hunk, "Undo stage hunk" },
["["] = { gitsigns.prev_hunk, "Previous hunk" },
["]"] = { gitsigns.next_hunk, "Next hunk" },
},
} }
local objects = { local objects = {
["ih"] = { gitsigns.select_hunk, "Git hunk" }, mode = "o",
{ "ih", gitsigns.select_hunk, desc = "Git hunk" },
} }
-- Visual
local visual = { local visual = {
["ih"] = { gitsigns.select_hunk, "Git hunk" }, mode = { "x" },
{ "ih", gitsigns.select_hunk, desc = "Git hunk" },
-- Only the actual command can make use of the visual selection... { "<leader>g", group = "Git" },
["<leader>g"] = { { "<leader>gp", gitsigns.preview_hunk, desc = "Preview selection" },
name = "Git", { "<leader>gr", make_visual(gitsigns.reset_hunk), desc = "Restore selection" },
p = { ":Gitsigns preview_hunk<CR>", "Preview selection" }, { "<leader>gs", make_visual(gitsigns.stage_hunk), desc = "Stage selection" },
r = { ":Gitsigns reset_hunk<CR>", "Restore selection" }, { "<leader>gu", gitsigns.undo_stage_hunk, desc = "Undo stage selection" },
s = { ":Gitsigns stage_hunk<CR>", "Stage selection" },
u = { ":Gitsigns undo_stage_hunk<CR>", "Undo stage selection" },
},
} }
wk.register(keys, { buffer = bufnr }) wk.add(keys)
wk.register(objects, { buffer = bufnr, mode = "o" }) wk.add(objects)
wk.register(visual, { buffer = bufnr, mode = "x" }) wk.add(visual)

View file

@ -53,8 +53,8 @@ if utils.is_executable("pyright") then
}) })
end end
if utils.is_executable("ruff-lsp") then if utils.is_executable("ruff") then
lspconfig.ruff_lsp.setup({ lspconfig.ruff.setup({
capabilities = capabilities, capabilities = capabilities,
on_attach = lsp.on_attach, on_attach = lsp.on_attach,
}) })
@ -74,5 +74,31 @@ if utils.is_executable("bash-language-server") then
filetypes = { "bash", "sh", "zsh" }, filetypes = { "bash", "sh", "zsh" },
capabilities = capabilities, capabilities = capabilities,
on_attach = lsp.on_attach, on_attach = lsp.on_attach,
settings = {
bashIde = {
shfmt = {
-- Simplify the code
simplifyCode = true,
-- Indent switch cases
caseIndent = true,
},
},
},
})
end
-- Starlark
if utils.is_executable("starpls") then
lspconfig.starpls.setup({
capabilities = capabilities,
on_attach = lsp.on_attach,
})
end
-- Generic
if utils.is_executable("typos-lsp") then
lspconfig.typos_lsp.setup({
capabilities = capabilities,
on_attach = lsp.on_attach,
}) })
end end

View file

@ -18,16 +18,6 @@ null_ls.register({
}), }),
}) })
-- C, C++
null_ls.register({
null_ls.builtins.formatting.clang_format.with({
-- Only used if available, but prefer clangd formatting if available
condition = function()
return utils.is_executable("clang-format") and not utils.is_executable("clangd")
end,
}),
})
-- Nix -- Nix
null_ls.register({ null_ls.register({
null_ls.builtins.formatting.nixpkgs_fmt.with({ null_ls.builtins.formatting.nixpkgs_fmt.with({
@ -56,29 +46,3 @@ null_ls.register({
condition = utils.is_executable_condition("isort"), condition = utils.is_executable_condition("isort"),
}), }),
}) })
-- Shell (non-POSIX)
null_ls.register({
null_ls.builtins.formatting.shfmt.with({
-- Indent with 4 spaces, simplify the code, indent switch cases,
-- add space after redirection, use bash dialect
extra_args = { "-i", "4", "-s", "-ci", "-sr", "-ln", "bash" },
-- Restrict to bash and zsh
filetypes = { "bash", "zsh" },
-- Only used if available
condition = utils.is_executable_condition("shfmt"),
}),
})
-- Shell (POSIX)
null_ls.register({
null_ls.builtins.formatting.shfmt.with({
-- Indent with 4 spaces, simplify the code, indent switch cases,
-- add space after redirection, use POSIX
extra_args = { "-i", "4", "-s", "-ci", "-sr", "-ln", "posix" },
-- Restrict to POSIX sh
filetypes = { "sh" },
-- Only used if available
condition = utils.is_executable_condition("shfmt"),
}),
})

View file

@ -0,0 +1,34 @@
local oil = require("oil")
local wk = require("which-key")
local detail = false
oil.setup({
view_options = {
-- Show files and directories that start with "." by default
show_hidden = true,
-- But never '..'
is_always_hidden = function(name, bufnr)
return name == ".."
end,
},
keymaps = {
["gd"] = {
desc = "Toggle file detail view",
callback = function()
detail = not detail
if detail then
oil.set_columns({ "icon", "permissions", "size", "mtime" })
else
oil.set_columns({ "icon" })
end
end,
},
},
})
local keys = {
{ "-", oil.open, desc = "Open parent directory" },
}
wk.add(keys)

View file

@ -1,17 +0,0 @@
if not require("ambroisie.utils").is_ssh() then
return
end
local function copy(lines, _)
require("osc52").copy(table.concat(lines, "\n"))
end
local function paste()
return { vim.fn.split(vim.fn.getreg(""), "\n"), vim.fn.getregtype("") }
end
vim.g.clipboard = {
name = "osc52",
copy = { ["+"] = copy, ["*"] = copy },
paste = { ["+"] = paste, ["*"] = paste },
}

View file

@ -1,4 +1,6 @@
local telescope = require("telescope") local telescope = require("telescope")
local telescope_builtin = require("telescope.builtin")
local wk = require("which-key")
telescope.setup({ telescope.setup({
defaults = { defaults = {
@ -22,3 +24,14 @@ telescope.setup({
telescope.load_extension("fzf") telescope.load_extension("fzf")
telescope.load_extension("lsp_handlers") telescope.load_extension("lsp_handlers")
local keys = {
{ "<leader>f", group = "Fuzzy finder" },
{ "<leader>fb", telescope_builtin.buffers, desc = "Open buffers" },
{ "<leader>ff", telescope_builtin.git_files, desc = "Git tracked files" },
{ "<leader>fF", telescope_builtin.find_files, desc = "Files" },
{ "<leader>fg", telescope_builtin.live_grep, desc = "Grep string" },
{ "<leader>fG", telescope_builtin.grep_string, desc = "Grep string under cursor" },
}
wk.add(keys)

View file

@ -1,4 +1,5 @@
local ts_config = require("nvim-treesitter.configs") local ts_config = require("nvim-treesitter.configs")
ts_config.setup({ ts_config.setup({
highlight = { highlight = {
enable = true, enable = true,
@ -14,16 +15,16 @@ ts_config.setup({
-- Jump to matching text objects -- Jump to matching text objects
lookahead = true, lookahead = true,
keymaps = { keymaps = {
["aa"] = "@parameter.outer", ["aa"] = { query = "@parameter.outer", desc = "a parameter" },
["ia"] = "@parameter.inner", ["ia"] = { query = "@parameter.inner", desc = "inner parameter" },
["ab"] = "@block.outer", ["ab"] = { query = "@block.outer", desc = "a block" },
["ib"] = "@block.inner", ["ib"] = { query = "@block.inner", desc = "inner block" },
["ac"] = "@class.outer", ["ac"] = { query = "@class.outer", desc = "a class" },
["ic"] = "@class.inner", ["ic"] = { query = "@class.inner", desc = "inner class" },
["af"] = "@function.outer", ["af"] = { query = "@function.outer", desc = "a function" },
["if"] = "@function.inner", ["if"] = { query = "@function.inner", desc = "inner function" },
["ak"] = "@comment.outer", ["ak"] = { query = "@comment.outer", desc = "a comment" },
["aS"] = "@statement.outer", ["aS"] = { query = "@statement.outer", desc = "a statement" },
}, },
}, },
move = { move = {
@ -31,22 +32,22 @@ ts_config.setup({
-- Add to jump list -- Add to jump list
set_jumps = true, set_jumps = true,
goto_next_start = { goto_next_start = {
["]m"] = "@function.outer", ["]m"] = { query = "@function.outer", desc = "Next method start" },
["]S"] = "@statement.outer", ["]S"] = { query = "@statement.outer", desc = "Next statement start" },
["]]"] = "@class.outer", ["]]"] = { query = "@class.outer", desc = "Next class start" },
}, },
goto_next_end = { goto_next_end = {
["]M"] = "@function.outer", ["]M"] = { query = "@function.outer", desc = "Next method end" },
["]["] = "@class.outer", ["]["] = { query = "@class.outer", desc = "Next class end" },
}, },
goto_previous_start = { goto_previous_start = {
["[m"] = "@function.outer", ["[m"] = { query = "@function.outer", desc = "Previous method start" },
["[S"] = "@statement.outer", ["[S"] = { query = "@statement.outer", desc = "Previous statement start" },
["[["] = "@class.outer", ["[["] = { query = "@class.outer", desc = "Previous class start" },
}, },
goto_previous_end = { goto_previous_end = {
["[M"] = "@function.outer", ["[M"] = { query = "@function.outer", desc = "Previous method end" },
["[]"] = "@class.outer", ["[]"] = { query = "@class.outer", desc = "Previous class end" },
}, },
}, },
}, },

View file

@ -1,2 +1,33 @@
local wk = require("which-key") local wk = require("which-key")
wk.setup() wk.setup({
icons = {
-- I don't like icons
mappings = false,
breadcrumb = "»",
separator = "",
group = "+",
ellipsis = "",
keys = {
Up = "",
Down = "",
Left = "",
Right = "",
C = "<C>",
M = "<M>",
D = "<D>",
S = "<S>",
CR = "<CR>",
Esc = "<Esc> ",
NL = "<NL>",
BS = "<BS>",
Space = "<space>",
Tab = "<Tab> ",
},
},
})
local keys = {
{ "<leader><leader>", vim.cmd.nohlsearch, desc = "Clear search highlight" },
}
wk.add(keys)

View file

@ -4,17 +4,23 @@ local signtoggle = vim.api.nvim_create_augroup("signtoggle", { clear = true })
vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "WinEnter" }, { vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "WinEnter" }, {
pattern = "*", pattern = "*",
group = signtoggle, group = signtoggle,
command = "setlocal signcolumn=yes", callback = function()
vim.opt.signcolumn = "yes"
end,
}) })
vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "WinLeave" }, { vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "WinLeave" }, {
pattern = "*", pattern = "*",
group = signtoggle, group = signtoggle,
command = "setlocal signcolumn=yes", callback = function()
vim.opt.signcolumn = "no"
end,
}) })
-- Never show the sign column in a terminal buffer -- Never show the sign column in a terminal buffer
vim.api.nvim_create_autocmd({ "TermOpen" }, { vim.api.nvim_create_autocmd({ "TermOpen" }, {
pattern = "*", pattern = "*",
group = signtoggle, group = signtoggle,
command = "setlocal signcolumn=no", callback = function()
vim.opt.signcolumn = "no"
end,
}) })

View file

@ -20,7 +20,7 @@ in
}; };
xdg.configFile."wgetrc".text = '' xdg.configFile."wgetrc".text = ''
hsts-file = ${config.xdg.dataHome}/wget-hsts hsts-file = ${config.xdg.stateHome}/wget-hsts
''; '';
}; };
} }

View file

@ -58,7 +58,7 @@ in
service = "some-service-name"; service = "some-service-name";
} }
]; ];
description = "list of block configurations, merged with the defauls"; description = "list of block configurations, merged with the defaults";
}; };
}; };
}; };

View file

@ -127,9 +127,10 @@ in
{ class = "^Blueman-.*$"; } { class = "^Blueman-.*$"; }
{ title = "^htop$"; } { title = "^htop$"; }
{ class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; } { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; }
{ class = "^Pavucontrol.*$"; } { class = "^pavucontrol.*$"; }
{ class = "^Arandr$"; } { class = "^Arandr$"; }
{ class = ".?blueman-manager.*$"; } { class = "^\\.blueman-manager-wrapped$"; }
{ class = "^\\.arandr-wrapped$"; }
]; ];
}; };
@ -371,8 +372,7 @@ in
}; };
startup = [ startup = [
# FIXME # NOTE: rely on systemd user services instead...
# { commdand; always; notification; }
]; ];
window = { window = {

View file

@ -2,7 +2,7 @@
let let
cfg = config.my.home.wm.screen-lock; cfg = config.my.home.wm.screen-lock;
notficationCmd = notificationCmd =
let let
duration = toString (cfg.notify.delay * 1000); duration = toString (cfg.notify.delay * 1000);
notifyCmd = "${lib.getExe pkgs.libnotify} -u critical -t ${duration}"; notifyCmd = "${lib.getExe pkgs.libnotify} -u critical -t ${duration}";
@ -48,7 +48,7 @@ in
"-notify" "-notify"
"${toString cfg.notify.delay}" "${toString cfg.notify.delay}"
"-notifier" "-notifier"
notficationCmd notificationCmd
]; ];
}; };
}; };

View file

@ -11,7 +11,7 @@ in
enable = true; enable = true;
# File types # File types
mime.enable = true; mime.enable = true;
# File associatons # File associations
mimeApps = { mimeApps = {
enable = true; enable = true;
}; };
@ -30,9 +30,11 @@ in
}; };
# A tidy home is a tidy mind # A tidy home is a tidy mind
dataFile = { dataFile = {
"tig/.keep".text = ""; # `tig` uses `XDG_DATA_HOME` specifically...
};
stateFile = {
"bash/.keep".text = ""; "bash/.keep".text = "";
"gdb/.keep".text = ""; "python/.keep".text = "";
"tig/.keep".text = "";
}; };
}; };
@ -43,13 +45,13 @@ in
CARGO_HOME = "${dataHome}/cargo"; CARGO_HOME = "${dataHome}/cargo";
DOCKER_CONFIG = "${configHome}/docker"; DOCKER_CONFIG = "${configHome}/docker";
GRADLE_USER_HOME = "${dataHome}/gradle"; GRADLE_USER_HOME = "${dataHome}/gradle";
HISTFILE = "${dataHome}/bash/history"; HISTFILE = "${stateHome}/bash/history";
INPUTRC = "${configHome}/readline/inputrc"; INPUTRC = "${configHome}/readline/inputrc";
PSQL_HISTORY = "${dataHome}/psql_history"; PSQL_HISTORY = "${stateHome}/psql_history";
PYTHONPYCACHEPREFIX = "${cacheHome}/python/"; PYTHONPYCACHEPREFIX = "${cacheHome}/python/";
PYTHONUSERBASE = "${dataHome}/python/"; PYTHONUSERBASE = "${dataHome}/python/";
PYTHON_HISTORY = "${stateHome}/python/history"; PYTHON_HISTORY = "${stateHome}/python/history";
REDISCLI_HISTFILE = "${dataHome}/redis/rediscli_history"; REDISCLI_HISTFILE = "${stateHome}/redis/rediscli_history";
REPO_CONFIG_DIR = "${configHome}/repo"; REPO_CONFIG_DIR = "${configHome}/repo";
XCOMPOSECACHE = "${dataHome}/X11/xcompose"; XCOMPOSECACHE = "${dataHome}/X11/xcompose";
_JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java"; _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java";

View file

@ -68,7 +68,7 @@ in
ignoreSpace = true; ignoreSpace = true;
ignoreDups = true; ignoreDups = true;
share = false; share = false;
path = "${config.xdg.dataHome}/zsh/zsh_history"; path = "${config.xdg.stateHome}/zsh/zsh_history";
}; };
plugins = [ plugins = [

View file

@ -12,7 +12,7 @@ setopt rc_quotes
setopt auto_resume setopt auto_resume
# Show history expansion before running a command # Show history expansion before running a command
setopt hist_verify setopt hist_verify
# Append commands to history as they are exectuted # Append commands to history as they are executed
setopt inc_append_history_time setopt inc_append_history_time
# Remove useless whitespace from commands # Remove useless whitespace from commands
setopt hist_reduce_blanks setopt hist_reduce_blanks

View file

@ -24,24 +24,6 @@ in
extraModules = [ pkgs.pulseaudio-modules-bt ]; extraModules = [ pkgs.pulseaudio-modules-bt ];
package = pkgs.pulseaudioFull; package = pkgs.pulseaudioFull;
}; };
services.pipewire.wireplumber.configPackages = [
(pkgs.writeTextDir "share/wireplumber/bluetooth.lua.d/51-bluez-config.lua" ''
bluez_monitor.properties = {
-- SBC XQ provides better audio
["bluez5.enable-sbc-xq"] = true,
-- mSBC provides better audio + microphone
["bluez5.enable-msbc"] = true,
-- Synchronize volume with bluetooth device
["bluez5.enable-hw-volume"] = true,
-- FIXME: Some devices may now support both hsp_ag and hfp_ag
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
}
'')
];
}) })
# Support for A2DP audio profile # Support for A2DP audio profile

View file

@ -26,28 +26,30 @@ in
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enable (lib.mkMerge [
{ {
hardware.opengl = { hardware.graphics = {
enable = true; enable = true;
}; };
} }
# AMD GPU # AMD GPU
(lib.mkIf (cfg.gpuFlavor == "amd") { (lib.mkIf (cfg.gpuFlavor == "amd") {
boot.initrd.kernelModules = lib.mkIf cfg.amd.enableKernelModule [ "amdgpu" ]; hardware.amdgpu = {
initrd.enable = cfg.amd.enableKernelModule;
# Vulkan
amdvlk = lib.mkIf cfg.amd.amdvlk {
enable = true;
support32Bit = {
enable = true;
};
};
};
hardware.opengl = { hardware.graphics = {
extraPackages = with pkgs; [ extraPackages = with pkgs; [
# OpenCL # OpenCL
rocmPackages.clr rocmPackages.clr
rocmPackages.clr.icd rocmPackages.clr.icd
] ];
++ lib.optional cfg.amd.amdvlk amdvlk
;
extraPackages32 = with pkgs; [
]
++ lib.optional cfg.amd.amdvlk driversi686Linux.amdvlk
;
}; };
}) })
@ -59,7 +61,7 @@ in
VDPAU_DRIVER = "va_gl"; VDPAU_DRIVER = "va_gl";
}; };
hardware.opengl = { hardware.graphics = {
extraPackages = with pkgs; [ extraPackages = with pkgs; [
# Open CL # Open CL
intel-compute-runtime intel-compute-runtime
@ -69,6 +71,13 @@ in
intel-vaapi-driver intel-vaapi-driver
libvdpau-va-gl libvdpau-va-gl
]; ];
extraPackages32 = with pkgs.driversi686Linux; [
# VA API
intel-media-driver
intel-vaapi-driver
libvdpau-va-gl
];
}; };
}) })
]); ]);

View file

@ -54,9 +54,6 @@ in
# Pulseaudio setup # Pulseaudio setup
(lib.mkIf cfg.pulse.enable { (lib.mkIf cfg.pulse.enable {
# ALSA
sound.enable = true;
hardware.pulseaudio.enable = true; hardware.pulseaudio.enable = true;
}) })
]); ]);

View file

@ -11,7 +11,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.xserver = { services.xserver = {
# This section must be *after* the one configured by `libinput` # This section must be *after* the one configured by `libinput`
# for the `ScrollMethod` configuration to not be overriden # for the `ScrollMethod` configuration to not be overridden
inputClassSections = lib.mkAfter [ inputClassSections = lib.mkAfter [
# MX Ergo # MX Ergo
'' ''

View file

@ -1,4 +1,4 @@
# Configuration that spans accross system and home, or are almagations of modules # Configuration that spans across system and home, or are almagations of modules
{ ... }: { ... }:
{ {
imports = [ imports = [

View file

@ -9,7 +9,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# Enable touchpad support # Enable touchpad support
services.xserver.libinput.enable = true; services.libinput.enable = true;
# Enable TLP power management # Enable TLP power management
my.services.tlp.enable = true; my.services.tlp.enable = true;

View file

@ -65,9 +65,7 @@ in
aria-rpc = { aria-rpc = {
port = cfg.rpcPort; port = cfg.rpcPort;
# Proxy websockets for RPC # Proxy websockets for RPC
extraConfig = { websocketsLocations = [ "/" ];
locations."/".proxyWebsockets = true;
};
}; };
}; };

View file

@ -0,0 +1,53 @@
# Audiobook and podcast library
{ config, lib, ... }:
let
cfg = config.my.services.audiobookshelf;
in
{
options.my.services.audiobookshelf = with lib; {
enable = mkEnableOption "Audiobookshelf, a self-hosted podcast manager";
port = mkOption {
type = types.port;
default = 8000;
example = 4242;
description = "The port on which Audiobookshelf will listen for incoming HTTP traffic.";
};
};
config = lib.mkIf cfg.enable {
services.audiobookshelf = {
enable = true;
inherit (cfg) port;
group = "media";
};
# Set-up media group
users.groups.media = { };
my.services.nginx.virtualHosts = {
audiobookshelf = {
inherit (cfg) port;
# Proxy websockets for RPC
websocketsLocations = [ "/" ];
};
};
services.fail2ban.jails = {
audiobookshelf = ''
enabled = true
filter = audiobookshelf
port = http,https
'';
};
environment.etc = {
"fail2ban/filter.d/audiobookshelf.conf".text = ''
[Definition]
failregex = ^.*ERROR: \[Auth\] Failed login attempt for username ".*" from ip <ADDR>
journalmatch = _SYSTEMD_UNIT=audiobookshelf.service
'';
};
};
}

View file

@ -4,6 +4,7 @@
imports = [ imports = [
./adblock ./adblock
./aria ./aria
./audiobookshelf
./backup ./backup
./blog ./blog
./calibre-web ./calibre-web
@ -15,6 +16,7 @@
./grocy ./grocy
./indexers ./indexers
./jellyfin ./jellyfin
./komga
./lohr ./lohr
./matrix ./matrix
./mealie ./mealie
@ -25,7 +27,7 @@
./nginx ./nginx
./nix-cache ./nix-cache
./paperless ./paperless
./pirate ./pdf-edit
./podgrab ./podgrab
./postgresql ./postgresql
./postgresql-backup ./postgresql-backup
@ -33,6 +35,7 @@
./quassel ./quassel
./rss-bridge ./rss-bridge
./sabnzbd ./sabnzbd
./servarr
./ssh-server ./ssh-server
./tandoor-recipes ./tandoor-recipes
./tlp ./tlp

View file

@ -1,5 +1,5 @@
# A nice UI for various torrent clients # A nice UI for various torrent clients
{ config, lib, pkgs, ... }: { config, lib, ... }:
let let
cfg = config.my.services.flood; cfg = config.my.services.flood;
in in
@ -13,31 +13,13 @@ in
example = 3000; example = 3000;
description = "Internal port for Flood UI"; description = "Internal port for Flood UI";
}; };
stateDir = mkOption {
type = types.str;
default = "flood";
example = "floodUI";
description = "Directory under `/var/run` for storing Flood's files";
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.services.flood = { services.flood = {
description = "Flood torrent UI"; enable = true;
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = { inherit (cfg) port;
ExecStart = lib.concatStringsSep " " [
(lib.getExe pkgs.flood)
"--port ${builtins.toString cfg.port}"
"--rundir /var/lib/${cfg.stateDir}"
];
DynamicUser = true;
StateDirectory = cfg.stateDir;
ReadWritePaths = "";
};
}; };
my.services.nginx.virtualHosts = { my.services.nginx.virtualHosts = {
@ -45,5 +27,7 @@ in
inherit (cfg) port; inherit (cfg) port;
}; };
}; };
# NOTE: unfortunately flood does not log connection failures for fail2ban
}; };
} }

View file

@ -1,4 +1,4 @@
# A low-ressource, full-featured git forge. # A low-resource, full-featured git forge.
{ config, lib, ... }: { config, lib, ... }:
let let
cfg = config.my.services.forgejo; cfg = config.my.services.forgejo;
@ -83,7 +83,11 @@ in
# I configure my backup system manually below. # I configure my backup system manually below.
dump.enable = false; dump.enable = false;
mailerPasswordFile = lib.mkIf cfg.mail.enable cfg.mail.passwordFile; secrets = {
mailer = lib.mkIf cfg.mail.enable {
PASSWD = cfg.mail.passwordFile;
};
};
settings = { settings = {
DEFAULT = { DEFAULT = {

View file

@ -1,4 +1,4 @@
# A low-ressource, full-featured git forge. # A low-resource, full-featured git forge.
{ config, lib, ... }: { config, lib, ... }:
let let
cfg = config.my.services.gitea; cfg = config.my.services.gitea;

View file

@ -36,5 +36,7 @@ in
forceSSL = true; forceSSL = true;
useACMEHost = config.networking.domain; useACMEHost = config.networking.domain;
}; };
# NOTE: unfortunately grocy does not log connection failures for fail2ban
}; };
} }

View file

@ -27,19 +27,31 @@ in
my.services.nginx.virtualHosts = { my.services.nginx.virtualHosts = {
jellyfin = { jellyfin = {
port = 8096; port = 8096;
websocketsLocations = [ "/socket" ];
extraConfig = { extraConfig = {
locations."/" = { locations."/" = {
extraConfig = '' extraConfig = ''
proxy_buffering off; proxy_buffering off;
''; '';
}; };
# Too bad for the repetition...
locations."/socket" = {
proxyPass = "http://127.0.0.1:8096/";
proxyWebsockets = true;
};
}; };
}; };
}; };
services.fail2ban.jails = {
jellyfin = ''
enabled = true
filter = jellyfin
port = http,https
'';
};
environment.etc = {
"fail2ban/filter.d/jellyfin.conf".text = ''
[Definition]
failregex = ^.*Authentication request for .* has been denied \(IP: "?<ADDR>"?\)\.
journalmatch = _SYSTEMD_UNIT=jellyfin.service
'';
};
}; };
} }

View file

@ -0,0 +1,55 @@
# A Comics/Manga media server
{ config, lib, ... }:
let
cfg = config.my.services.komga;
in
{
options.my.services.komga = with lib; {
enable = mkEnableOption "Komga comics server";
port = mkOption {
type = types.port;
default = 4584;
example = 8080;
description = "Internal port for webui";
};
};
config = lib.mkIf cfg.enable {
services.komga = {
enable = true;
inherit (cfg) port;
group = "media";
};
systemd.services.komga.environment = {
LOGGING_LEVEL_ORG_GOTSON_KOMGA = "DEBUG"; # Needed for fail2ban
};
# Set-up media group
users.groups.media = { };
my.services.nginx.virtualHosts = {
komga = {
inherit (cfg) port;
};
};
services.fail2ban.jails = {
komga = ''
enabled = true
filter = komga
port = http,https
'';
};
environment.etc = {
"fail2ban/filter.d/komga.conf".text = ''
[Definition]
failregex = ^.* ip=<HOST>,.*Bad credentials.*$
journalmatch = _SYSTEMD_UNIT=komga.service
'';
};
};
}

View file

@ -99,7 +99,7 @@ in
}; };
}; };
"${lohrHome}/.ssh/id_ed25519" = { "${lohrHome}/.ssh/id_ed25519" = {
"f+" = { "L+" = {
user = "lohr"; user = "lohr";
group = "lohr"; group = "lohr";
mode = "0700"; mode = "0700";

View file

@ -26,21 +26,6 @@ in
description = "Shared secret to register users"; description = "Shared secret to register users";
}; };
slidingSync = {
port = mkOption {
type = types.port;
default = 8009;
example = 8084;
description = "Port used by sliding sync server";
};
secretFile = mkOption {
type = types.str;
example = "/var/lib/matrix/sliding-sync-secret-file.env";
description = "Secret file which contains SYNCV3_SECRET definition";
};
};
mailConfigFile = mkOption { mailConfigFile = mkOption {
type = types.str; type = types.str;
example = "/var/lib/matrix/email-config.yaml"; example = "/var/lib/matrix/email-config.yaml";
@ -106,17 +91,6 @@ in
] ++ lib.optional (cfg.secretFile != null) cfg.secretFile; ] ++ lib.optional (cfg.secretFile != null) cfg.secretFile;
}; };
services.matrix-sliding-sync = {
enable = true;
settings = {
SYNCV3_SERVER = "https://${matrixDomain}";
SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.slidingSync.port}";
};
environmentFile = cfg.slidingSync.secretFile;
};
my.services.nginx.virtualHosts = { my.services.nginx.virtualHosts = {
# Element Web app deployment # Element Web app deployment
chat = { chat = {
@ -130,9 +104,6 @@ in
"m.identity_server" = { "m.identity_server" = {
"base_url" = "https://vector.im"; "base_url" = "https://vector.im";
}; };
"org.matrix.msc3575.proxy" = {
"url" = "https://matrix-sync.${domain}";
};
}; };
showLabsSettings = true; showLabsSettings = true;
defaultCountryCode = "FR"; # cocorico defaultCountryCode = "FR"; # cocorico
@ -152,10 +123,6 @@ in
matrix-client = { matrix-client = {
port = clientPort.private; port = clientPort.private;
}; };
# Sliding sync
matrix-sync = {
inherit (cfg.slidingSync) port;
};
}; };
# Those are too complicated to use my wrapper... # Those are too complicated to use my wrapper...
@ -178,11 +145,6 @@ in
"/_matrix" = proxyToClientPort; "/_matrix" = proxyToClientPort;
"/_synapse/client" = proxyToClientPort; "/_synapse/client" = proxyToClientPort;
# Sliding sync
"~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
proxyPass = "http://${config.services.matrix-sliding-sync.settings.SYNCV3_BINDADDR}";
};
}; };
listen = [ listen = [
@ -228,7 +190,6 @@ in
client = { client = {
"m.homeserver" = { "base_url" = "https://${matrixDomain}"; }; "m.homeserver" = { "base_url" = "https://${matrixDomain}"; };
"m.identity_server" = { "base_url" = "https://vector.im"; }; "m.identity_server" = { "base_url" = "https://vector.im"; };
"org.matrix.msc3575.proxy" = { "url" = "https://matrix-sync.${domain}"; };
}; };
# ACAO required to allow element-web on any URL to request this json file # ACAO required to allow element-web on any URL to request this json file
in in

View file

@ -35,12 +35,8 @@ in
# Use PostgreSQL # Use PostgreSQL
DB_ENGINE = "postgres"; DB_ENGINE = "postgres";
POSTGRES_USER = "mealie"; # Make it work with socket auth
POSTGRES_PASSWORD = ""; POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql";
POSTGRES_SERVER = "/run/postgresql";
# Pydantic and/or mealie doesn't handle the URI correctly, hijack it
# with query parameters...
POSTGRES_DB = "mealie?host=/run/postgresql&dbname=mealie";
}; };
}; };
@ -66,7 +62,30 @@ in
my.services.nginx.virtualHosts = { my.services.nginx.virtualHosts = {
mealie = { mealie = {
inherit (cfg) port; inherit (cfg) port;
extraConfig = {
# Allow bulk upload of recipes for import/export
locations."/".extraConfig = ''
client_max_body_size 0;
'';
};
}; };
}; };
services.fail2ban.jails = {
mealie = ''
enabled = true
filter = mealie
port = http,https
'';
};
environment.etc = {
"fail2ban/filter.d/mealie.conf".text = ''
[Definition]
failregex = ^.*ERROR.*Incorrect username or password from <HOST>
journalmatch = _SYSTEMD_UNIT=mealie.service
'';
};
}; };
} }

View file

@ -48,5 +48,21 @@ in
inherit (cfg) port; inherit (cfg) port;
}; };
}; };
services.fail2ban.jails = {
miniflux = ''
enabled = true
filter = miniflux
port = http,https
'';
};
environment.etc = {
"fail2ban/filter.d/miniflux.conf".text = ''
[Definition]
failregex = ^.*msg="[^"]*(Incorrect|Invalid) username or password[^"]*".*client_ip=<ADDR>
journalmatch = _SYSTEMD_UNIT=miniflux.service
'';
};
}; };
} }

View file

@ -52,5 +52,21 @@ in
inherit (cfg) port; inherit (cfg) port;
}; };
}; };
services.fail2ban.jails = {
navidrome = ''
enabled = true
filter = navidrome
port = http,https
'';
};
environment.etc = {
"fail2ban/filter.d/navidrome.conf".text = ''
[Definition]
failregex = ^.*msg="Unsuccessful login".*X-Real-Ip:\[<HOST>\]
journalmatch = _SYSTEMD_UNIT=navidrome.service
'';
};
}; };
} }

View file

@ -0,0 +1,50 @@
# Document editor with Nextcloud
{ config, lib, ... }:
let
cfg = config.my.services.nextcloud.collabora;
in
{
options.my.services.nextcloud.collabora = with lib; {
enable = mkEnableOption "Collabora integration";
port = mkOption {
type = types.port;
default = 9980;
example = 8080;
description = "Internal port for API";
};
};
config = lib.mkIf cfg.enable {
services.collabora-online = {
enable = true;
inherit (cfg) port;
aliasGroups = [
{
host = "https://collabora.${config.networking.domain}";
# Allow using from nextcloud
aliases = [ "https://${config.services.nextcloud.hostName}" ];
}
];
settings = {
# Rely on reverse proxy for SSL
ssl = {
enable = false;
termination = true;
};
};
};
my.services.nginx.virtualHosts = {
collabora = {
inherit (cfg) port;
websocketsLocations = [
"~ ^/cool/(.*)/ws$"
"^~ /cool/adminws"
];
};
};
};
}

View file

@ -4,6 +4,10 @@ let
cfg = config.my.services.nextcloud; cfg = config.my.services.nextcloud;
in in
{ {
imports = [
./collabora.nix
];
options.my.services.nextcloud = with lib; { options.my.services.nextcloud = with lib; {
enable = mkEnableOption "Nextcloud"; enable = mkEnableOption "Nextcloud";
maxSize = mkOption { maxSize = mkOption {
@ -31,7 +35,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud28; package = pkgs.nextcloud30;
hostName = "nextcloud.${config.networking.domain}"; hostName = "nextcloud.${config.networking.domain}";
home = "/var/lib/nextcloud"; home = "/var/lib/nextcloud";
maxUploadSize = cfg.maxSize; maxUploadSize = cfg.maxSize;
@ -87,5 +91,25 @@ in
"${config.services.nextcloud.home}/data/appdata_*/preview" "${config.services.nextcloud.home}/data/appdata_*/preview"
]; ];
}; };
services.fail2ban.jails = {
nextcloud = ''
enabled = true
filter = nextcloud
port = http,https
'';
};
environment.etc = {
"fail2ban/filter.d/nextcloud.conf".text = ''
[Definition]
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
failregex = ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Two-factor challenge failed:
journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service
'';
};
}; };
} }

View file

@ -17,6 +17,16 @@ let
''; '';
}; };
websocketsLocations = mkOption {
type = with types; listOf str;
default = [ ];
example = [ "/socket" ];
description = ''
Which locations on this virtual host should be configured for
websockets.
'';
};
port = mkOption { port = mkOption {
type = with types; nullOr port; type = with types; nullOr port;
default = null; default = null;
@ -59,14 +69,15 @@ let
extraConfig = mkOption { extraConfig = mkOption {
type = types.attrs; # FIXME: forward type of virtualHosts type = types.attrs; # FIXME: forward type of virtualHosts
example = litteralExample '' example = {
{ extraConfig = ''
locations."/socket" = { add_header X-Clacks-Overhead "GNU Terry Pratchett";
proxyPass = "http://127.0.0.1:8096/"; '';
proxyWebsockets = true;
}; locations."/".extraConfig = ''
} client_max_body_size 1G;
''; '';
};
default = { }; default = { };
description = '' description = ''
Any extra configuration that should be applied to this virtual host. Any extra configuration that should be applied to this virtual host.
@ -76,10 +87,6 @@ let
}); });
in in
{ {
imports = [
./sso
];
options.my.services.nginx = with lib; { options.my.services.nginx = with lib; {
enable = mkEnableOption "Nginx"; enable = mkEnableOption "Nginx";
@ -88,7 +95,7 @@ in
type = types.str; type = types.str;
example = "/var/lib/acme/creds.env"; example = "/var/lib/acme/creds.env";
description = '' description = ''
Gandi API key file as an 'EnvironmentFile' (see `systemd.exec(5)`) OVH API key file as an 'EnvironmentFile' (see `systemd.exec(5)`)
''; '';
}; };
}; };
@ -100,26 +107,19 @@ in
virtualHosts = mkOption { virtualHosts = mkOption {
type = types.attrsOf virtualHostOption; type = types.attrsOf virtualHostOption;
default = { }; default = { };
example = litteralExample '' example = {
{ gitea = {
gitea = { subdomain = "git";
subdomain = "git"; port = 8080;
port = 8080; };
}; dev = {
dev = { root = "/var/www/dev";
root = "/var/www/dev"; };
}; jellyfin = {
jellyfin = { port = 8096;
port = 8096; websocketsLocations = [ "/socket" ];
extraConfig = { };
locations."/socket" = { };
proxyPass = "http://127.0.0.1:8096/";
proxyWebsockets = true;
};
};
};
}
'';
description = '' description = ''
List of virtual hosts to set-up using default settings. List of virtual hosts to set-up using default settings.
''; '';
@ -163,25 +163,21 @@ in
}; };
}; };
}); });
example = litteralExample '' example = {
{ alice = {
alice = { passwordHashFile = "/var/lib/nginx-sso/alice/password-hash.txt";
passwordHashFile = "/var/lib/nginx-sso/alice/password-hash.txt"; totpSecretFile = "/var/lib/nginx-sso/alice/totp-secret.txt";
totpSecretFile = "/var/lib/nginx-sso/alice/totp-secret.txt"; };
}; };
}
'';
description = "Definition of users"; description = "Definition of users";
}; };
groups = mkOption { groups = mkOption {
type = with types; attrsOf (listOf str); type = with types; attrsOf (listOf str);
example = litteralExample '' example = {
{ root = [ "alice" ];
root = [ "alice" ]; users = [ "alice" "bob" ];
users = [ "alice" "bob" ]; };
}
'';
description = "Groups of users"; description = "Groups of users";
}; };
}; };
@ -203,6 +199,19 @@ in
} configured. } configured.
''; '';
})) }))
++ (lib.flip lib.mapAttrsToList cfg.virtualHosts (_: { subdomain, ... } @ args:
let
proxyPass = [ "port" "socket" ];
proxyPassUsed = lib.any (v: args.${v} != null) proxyPass;
in
{
assertion = args.websocketsLocations != [ ] -> proxyPassUsed;
message = ''
Subdomain '${subdomain}' can only use 'websocketsLocations' with one of ${
lib.concatStringsSep ", " (builtins.map (v: "'${v}'") proxyPass)
}.
'';
}))
++ ( ++ (
let let
ports = lib.my.mapFilter ports = lib.my.mapFilter
@ -249,6 +258,14 @@ in
virtualHosts = virtualHosts =
let let
domain = config.networking.domain; domain = config.networking.domain;
mkProxyPass = { websocketsLocations, ... }: proxyPass:
let
websockets = lib.genAttrs websocketsLocations (_: {
inherit proxyPass;
proxyWebsockets = true;
});
in
{ "/" = { inherit proxyPass; }; } // websockets;
mkVHost = ({ subdomain, ... } @ args: lib.nameValuePair mkVHost = ({ subdomain, ... } @ args: lib.nameValuePair
"${subdomain}.${domain}" "${subdomain}.${domain}"
(lib.my.recursiveMerge [ (lib.my.recursiveMerge [
@ -259,8 +276,7 @@ in
} }
# Proxy to port # Proxy to port
(lib.optionalAttrs (args.port != null) { (lib.optionalAttrs (args.port != null) {
locations."/".proxyPass = locations = mkProxyPass args "http://127.0.0.1:${toString args.port}";
"http://127.0.0.1:${toString args.port}";
}) })
# Serve filesystem content # Serve filesystem content
(lib.optionalAttrs (args.root != null) { (lib.optionalAttrs (args.root != null) {
@ -268,8 +284,7 @@ in
}) })
# Serve to UNIX socket # Serve to UNIX socket
(lib.optionalAttrs (args.socket != null) { (lib.optionalAttrs (args.socket != null) {
locations."/".proxyPass = locations = mkProxyPass args "http://unix:${args.socket}";
"http://unix:${args.socket}";
}) })
# Redirect to a different domain # Redirect to a different domain
(lib.optionalAttrs (args.redirect != null) { (lib.optionalAttrs (args.redirect != null) {
@ -289,6 +304,7 @@ in
locations."/" = { locations."/" = {
extraConfig = extraConfig =
# FIXME: check that X-User is dropped otherwise
(args.extraConfig.locations."/".extraConfig or "") + '' (args.extraConfig.locations."/".extraConfig or "") + ''
# Use SSO # Use SSO
auth_request /sso-auth; auth_request /sso-auth;
@ -422,7 +438,8 @@ in
{ {
"${domain}" = { "${domain}" = {
extraDomainNames = [ "*.${domain}" ]; extraDomainNames = [ "*.${domain}" ];
dnsProvider = "gandiv5"; dnsProvider = "ovh";
dnsPropagationCheck = false; # OVH is slow
inherit (cfg.acme) credentialsFile; inherit (cfg.acme) credentialsFile;
}; };
}; };

View file

@ -1,89 +0,0 @@
# I must override the module to allow having runtime secrets
{ config, lib, pkgs, utils, ... }:
let
cfg = config.services.nginx.sso;
pkg = lib.getBin cfg.package;
confPath = "/var/lib/nginx-sso/config.json";
in
{
disabledModules = [ "services/security/nginx-sso.nix" ];
options.services.nginx.sso = with lib; {
enable = mkEnableOption "nginx-sso service";
package = mkOption {
type = types.package;
default = pkgs.nginx-sso;
defaultText = "pkgs.nginx-sso";
description = ''
The nginx-sso package that should be used.
'';
};
configuration = mkOption {
type = types.attrsOf types.unspecified;
default = { };
example = literalExample ''
{
listen = { addr = "127.0.0.1"; port = 8080; };
providers.token.tokens = {
myuser = "MyToken";
};
acl = {
rule_sets = [
{
rules = [ { field = "x-application"; equals = "MyApp"; } ];
allow = [ "myuser" ];
}
];
};
}
'';
description = ''
nginx-sso configuration
(<link xlink:href="https://github.com/Luzifer/nginx-sso/wiki/Main-Configuration">documentation</link>)
as a Nix attribute set.
'';
};
};
config = lib.mkIf cfg.enable {
systemd.services.nginx-sso = {
description = "Nginx SSO Backend";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
StateDirectory = "nginx-sso";
WorkingDirectory = "/var/lib/nginx-sso";
# The files to be merged might not have the correct permissions
ExecStartPre = ''+${pkgs.writeShellScript "merge-nginx-sso-config" ''
rm -f '${confPath}'
${utils.genJqSecretsReplacementSnippet cfg.configuration confPath}
# Fix permissions
chown nginx-sso:nginx-sso ${confPath}
chmod 0600 ${confPath}
''
}'';
ExecStart = lib.mkForce ''
${lib.getExe pkg} \
--config ${confPath} \
--frontend-dir ${pkg}/share/frontend
'';
Restart = "always";
User = "nginx-sso";
Group = "nginx-sso";
};
};
users.users.nginx-sso = {
isSystemUser = true;
group = "nginx-sso";
};
users.groups.nginx-sso = { };
};
}

View file

@ -40,7 +40,7 @@ in
inherit (cfg) priority; inherit (cfg) priority;
}; };
signKeyPath = cfg.secretKeyFile; signKeyPaths = [ cfg.secretKeyFile ];
}; };
my.services.nginx.virtualHosts = { my.services.nginx.virtualHosts = {

View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, ... }:
let let
cfg = config.my.services.paperless; cfg = config.my.services.paperless;
in in
@ -61,11 +61,6 @@ in
PAPERLESS_ENABLE_HTTP_REMOTE_USER = true; PAPERLESS_ENABLE_HTTP_REMOTE_USER = true;
PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER"; PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER";
# Use PostgreSQL
PAPERLESS_DBHOST = "/run/postgresql";
PAPERLESS_DBUSER = "paperless";
PAPERLESS_DBNAME = "paperless";
# Security settings # Security settings
PAPERLESS_ALLOWED_HOSTS = paperlessDomain; PAPERLESS_ALLOWED_HOSTS = paperlessDomain;
PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}"; PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}";
@ -80,63 +75,18 @@ in
# Misc # Misc
PAPERLESS_TIME_ZONE = config.time.timeZone; PAPERLESS_TIME_ZONE = config.time.timeZone;
PAPERLESS_ADMIN_USER = cfg.username; PAPERLESS_ADMIN_USER = cfg.username;
# Fix classifier hangs
LD_LIBRARY_PATH = "${lib.getLib pkgs.mkl}/lib";
}; };
# Admin password # Admin password
passwordFile = cfg.passwordFile; passwordFile = cfg.passwordFile;
};
systemd.services = { # Secret key
paperless-scheduler = { environmentFile = cfg.secretKeyFile;
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
serviceConfig = { # Automatic PostgreSQL provisioning
EnvironmentFile = cfg.secretKeyFile; database = {
}; createLocally = true;
}; };
paperless-consumer = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
serviceConfig = {
EnvironmentFile = cfg.secretKeyFile;
};
};
paperless-web = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
serviceConfig = {
EnvironmentFile = cfg.secretKeyFile;
};
};
paperless-task-queue = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
serviceConfig = {
EnvironmentFile = cfg.secretKeyFile;
};
};
};
# Set-up database
services.postgresql = {
enable = true;
ensureDatabases = [ "paperless" ];
ensureUsers = [
{
name = "paperless";
ensureDBOwnership = true;
}
];
}; };
# Set-up media group # Set-up media group
@ -152,11 +102,7 @@ in
sso = { sso = {
enable = true; enable = true;
}; };
websocketsLocations = [ "/" ];
# Enable websockets on root
extraConfig = {
locations."/".proxyWebsockets = true;
};
}; };
}; };

View file

@ -0,0 +1,73 @@
{ config, lib, ... }:
let
cfg = config.my.services.pdf-edit;
in
{
options.my.services.pdf-edit = with lib; {
enable = mkEnableOption "PDF edition service";
port = mkOption {
type = types.port;
default = 8089;
example = 8080;
description = "Internal port for webui";
};
loginFile = mkOption {
type = types.str;
example = "/run/secrets/pdf-edit/login.env";
description = ''
`SECURITY_INITIALLOGIN_USERNAME` and `SECURITY_INITIALLOGIN_PASSWORD`
defined in the format of 'EnvironmentFile' (see `systemd.exec(5)`).
'';
};
};
config = lib.mkIf cfg.enable {
services.stirling-pdf = lib.mkIf cfg.enable {
enable = true;
environment = {
SERVER_PORT = cfg.port;
SECURITY_CSRFDISABLED = "false";
SYSTEM_SHOWUPDATE = "false"; # We don't care about update notifications
INSTALL_BOOK_AND_ADVANCED_HTML_OPS = "true"; # Installed by the module
SECURITY_ENABLELOGIN = "true";
SECURITY_LOGINATTEMPTCOUNT = "-1"; # Rely on fail2ban instead
};
environmentFiles = [ cfg.loginFile ];
};
my.services.nginx.virtualHosts = {
pdf-edit = {
inherit (cfg) port;
extraConfig = {
# Allow upload of PDF files up to 1G
locations."/".extraConfig = ''
client_max_body_size 1G;
'';
};
};
};
services.fail2ban.jails = {
stirling-pdf = ''
enabled = true
filter = stirling-pdf
port = http,https
'';
};
environment.etc = {
"fail2ban/filter.d/stirling-pdf.conf".text = ''
[Definition]
failregex = ^.*Failed login attempt from IP: <HOST>$
journalmatch = _SYSTEMD_UNIT=stirling-pdf.service
'';
};
};
}

View file

@ -13,7 +13,16 @@ in
example = "/run/secrets/password.env"; example = "/run/secrets/password.env";
description = '' description = ''
The path to a file containing the PASSWORD environment variable The path to a file containing the PASSWORD environment variable
definition for Podgrab's authentification. definition for Podgrab's authentication.
'';
};
dataDir = mkOption {
type = with types; nullOr str;
default = null;
example = "/mnt/podgrab";
description = ''
Path to the directory to store the podcasts. Use default if null
''; '';
}; };
@ -29,8 +38,14 @@ in
services.podgrab = { services.podgrab = {
enable = true; enable = true;
inherit (cfg) passwordFile port; inherit (cfg) passwordFile port;
group = "media";
dataDirectory = lib.mkIf (cfg.dataDir != null) cfg.dataDir;
}; };
# Set-up media group
users.groups.media = { };
my.services.nginx.virtualHosts = { my.services.nginx.virtualHosts = {
podgrab = { podgrab = {
inherit (cfg) port; inherit (cfg) port;

View file

@ -14,30 +14,34 @@ in
# Let other services enable postgres when they need it # Let other services enable postgres when they need it
(lib.mkIf cfg.enable { (lib.mkIf cfg.enable {
services.postgresql = { services.postgresql = {
package = pkgs.postgresql_13; package = pkgs.postgresql_17;
}; };
}) })
# Taken from the manual # Taken from the manual
(lib.mkIf cfg.upgradeScript { (lib.mkIf cfg.upgradeScript {
containers.temp-pg.config.services.postgresql = {
enable = true;
package = pkgs.postgresql_13;
};
environment.systemPackages = environment.systemPackages =
let let
newpg = config.containers.temp-pg.config.services.postgresql; pgCfg = config.services.postgresql;
newPackage' = pkgs.postgresql_17;
oldPackage = if pgCfg.enableJIT then pgCfg.package.withJIT else pgCfg.package;
oldData = pgCfg.dataDir;
oldBin = "${if pgCfg.extensions == [] then oldPackage else oldPackage.withPackages pgCfg.extensions}/bin";
newPackage = if pgCfg.enableJIT then newPackage'.withJIT else newPackage';
newData = "/var/lib/postgresql/${newPackage.psqlSchema}";
newBin = "${if pgCfg.extensions == [] then newPackage else newPackage.withPackages pgCfg.extensions}/bin";
in in
[ [
(pkgs.writeScriptBin "upgrade-pg-cluster" '' (pkgs.writeScriptBin "upgrade-pg-cluster" ''
#!/usr/bin/env bash #!/usr/bin/env bash
set -x set -eux
export OLDDATA="${config.services.postgresql.dataDir}" export OLDDATA="${oldData}"
export NEWDATA="${newpg.dataDir}" export NEWDATA="${newData}"
export OLDBIN="${config.services.postgresql.package}/bin" export OLDBIN="${oldBin}"
export NEWBIN="${newpg.package}/bin" export NEWBIN="${newBin}"
if [ "$OLDDATA" -ef "$NEWDATA" ]; then if [ "$OLDDATA" -ef "$NEWDATA" ]; then
echo "Cannot migrate to same data directory" >&2 echo "Cannot migrate to same data directory" >&2
@ -46,14 +50,21 @@ in
install -d -m 0700 -o postgres -g postgres "$NEWDATA" install -d -m 0700 -o postgres -g postgres "$NEWDATA"
cd "$NEWDATA" cd "$NEWDATA"
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" sudo -u postgres "$NEWBIN/initdb" -D "$NEWDATA"
systemctl stop postgresql # old one systemctl stop postgresql # old one
sudo -u postgres $NEWBIN/pg_upgrade \ sudo -u postgres "$NEWBIN/pg_upgrade" \
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \ --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
--old-bindir $OLDBIN --new-bindir $NEWBIN \ --old-bindir "$OLDBIN" --new-bindir "$NEWBIN" \
"$@" "$@"
cat << EOF
Run the following commands after setting:
services.postgresql.package = pkgs.postgresql_${lib.versions.major newPackage.version}
sudo -u postgres vacuumdb --all --analyze-in-stages
${newData}/delete_old_cluster.sh
EOF
'') '')
]; ];
}) })

View file

@ -53,6 +53,20 @@ in
}; };
}; };
# FIXME: fail2ban services.fail2ban.jails = {
pyload = ''
enabled = true
filter = pyload
port = http,https
'';
};
environment.etc = {
"fail2ban/filter.d/pyload.conf".text = ''
[Definition]
failregex = ^.*Login failed for user '<F-USER>.*</F-USER>' \[CLIENT: <HOST>\]$
journalmatch = _SYSTEMD_UNIT=pyload.service
'';
};
}; };
} }

View file

@ -11,7 +11,9 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.rss-bridge = { services.rss-bridge = {
enable = true; enable = true;
whitelist = [ "*" ]; # Whitelist all config = {
system.enabled_bridges = [ "*" ]; # Whitelist all
};
virtualHost = "rss-bridge.${config.networking.domain}"; virtualHost = "rss-bridge.${config.networking.domain}";
}; };

View file

@ -4,12 +4,13 @@
# [1]: https://youtu.be/I26Ql-uX6AM # [1]: https://youtu.be/I26Ql-uX6AM
{ config, lib, ... }: { config, lib, ... }:
let let
cfg = config.my.services.pirate; cfg = config.my.services.servarr;
ports = { ports = {
bazarr = 6767; bazarr = 6767;
lidarr = 8686; lidarr = 8686;
radarr = 7878; radarr = 7878;
readarr = 8787;
sonarr = 8989; sonarr = 8989;
}; };
@ -52,7 +53,7 @@ let
]); ]);
in in
{ {
options.my.services.pirate = { options.my.services.servarr = {
enable = lib.mkEnableOption "Media automation"; enable = lib.mkEnableOption "Media automation";
bazarr = { bazarr = {
@ -67,6 +68,10 @@ in
enable = lib.my.mkDisableOption "Radarr"; enable = lib.my.mkDisableOption "Radarr";
}; };
readarr = {
enable = lib.my.mkDisableOption "Readarr";
};
sonarr = { sonarr = {
enable = lib.my.mkDisableOption "Sonarr"; enable = lib.my.mkDisableOption "Sonarr";
}; };
@ -85,8 +90,21 @@ in
# Radarr for movies # Radarr for movies
(mkFullConfig "radarr") (mkFullConfig "radarr")
(mkFail2Ban "radarr") (mkFail2Ban "radarr")
# Readarr for books
(mkFullConfig "readarr")
(mkFail2Ban "readarr")
# Sonarr for shows # Sonarr for shows
(mkFullConfig "sonarr") (mkFullConfig "sonarr")
(mkFail2Ban "sonarr") (mkFail2Ban "sonarr")
# HACK: until https://github.com/NixOS/nixpkgs/issues/360592 is resolved
(lib.mkIf cfg.sonarr.enable {
nixpkgs.config.permittedInsecurePackages = [
"aspnetcore-runtime-6.0.36"
"aspnetcore-runtime-wrapped-6.0.36"
"dotnet-sdk-6.0.428"
"dotnet-sdk-wrapped-6.0.428"
];
})
]); ]);
} }

View file

@ -73,7 +73,16 @@ in
my.services.nginx.virtualHosts = { my.services.nginx.virtualHosts = {
recipes = { recipes = {
inherit (cfg) port; inherit (cfg) port;
extraConfig = {
# Allow bulk upload of recipes for import/export
locations."/".extraConfig = ''
client_max_body_size 0;
'';
};
}; };
}; };
# NOTE: unfortunately tandoor-recipes does not log connection failures for fail2ban
}; };
} }

View file

@ -90,5 +90,7 @@ in
allowedTCPPorts = [ cfg.peerPort ]; allowedTCPPorts = [ cfg.peerPort ];
allowedUDPPorts = [ cfg.peerPort ]; allowedUDPPorts = [ cfg.peerPort ];
}; };
# NOTE: unfortunately transmission does not log connection failures for fail2ban
}; };
} }

View file

@ -41,7 +41,7 @@ in
service = { service = {
# Only allow registration of users through the CLI # Only allow registration of users through the CLI
enableregistration = false; enableregistration = false;
# Ues the host's timezone # Use the host's timezone
timezone = config.time.timeZone; timezone = config.time.timeZone;
# Use UNIX socket for serving the API # Use UNIX socket for serving the API
unixsocket = socketPath; unixsocket = socketPath;
@ -99,5 +99,7 @@ in
config.services.vikunja.settings.files.basepath config.services.vikunja.settings.files.basepath
]; ];
}; };
# NOTE: unfortunately vikunja does not log connection failures for fail2ban
}; };
} }

View file

@ -206,7 +206,7 @@ in
]; ];
} }
# Additional inteface is only used to get access to "LAN" from wireguard # Additional interface is only used to get access to "LAN" from wireguard
(lib.mkIf cfg.internal.enable { (lib.mkIf cfg.internal.enable {
networking.wg-quick.interfaces."${cfg.internal.name}" = mkInterface [ networking.wg-quick.interfaces."${cfg.internal.name}" = mkInterface [
"${cfg.net.v4.subnet}.0/${toString cfg.net.v4.mask}" "${cfg.net.v4.subnet}.0/${toString cfg.net.v4.mask}"

Some files were not shown because too many files have changed in this diff Show more