nixos: services: mealie: backup state directory

Somehow forgot to do this when first writing the module.

flake.lock

@@ -14,11 +14,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754433428,
-        "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=",
+        "lastModified": 1762618334,
+        "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d",
+        "rev": "fcdea223397448d35d9b31f798479227e80183f6",
         "type": "github"
       },
       "original": {
@@ -53,11 +53,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1747046372,
-        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
+        "lastModified": 1761588595,
+        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
         "type": "github"
       },
       "original": {
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756770412,
-        "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
+        "lastModified": 1763759067,
+        "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "4524271976b625a4a605beefd893f270620fd751",
+        "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
         "type": "github"
       },
       "original": {
@@ -117,11 +117,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755960406,
-        "narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=",
+        "lastModified": 1763988335,
+        "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2",
+        "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce",
         "type": "github"
       },
       "original": {
@@ -159,11 +159,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756954499,
-        "narHash": "sha256-Pg4xBHzvzNY8l9x/rLWoJMnIR8ebG+xeU+IyqThIkqU=",
+        "lastModified": 1764361670,
+        "narHash": "sha256-jgWzgpIaHbL3USIq0gihZeuy1lLf2YSfwvWEwnfAJUw=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "ed1a98c375450dfccf427adacd2bfd1a7b22eb25",
+        "rev": "780be8ef503a28939cf9dc7996b48ffb1a3e04c6",
         "type": "github"
       },
       "original": {
@@ -175,11 +175,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1756936398,
-        "narHash": "sha256-/o1TTpMIICpjrMHBilL9lYm/r69uhdK1L8j1pfY6tWU=",
+        "lastModified": 1764242076,
+        "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "47f28ad9378956563df9a884fd1b209b64336ba3",
+        "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4",
         "type": "github"
       },
       "original": {
@@ -196,20 +196,19 @@
         ],
         "nixpkgs": [
           "nixpkgs"
-        ],
-        "treefmt-nix": "treefmt-nix"
+        ]
       },
       "locked": {
-        "lastModified": 1753980880,
-        "narHash": "sha256-aj1pbYxL6N+XFqBHjB4B1QP0bnKRcg1AfpgT5zUFsW8=",
+        "lastModified": 1764449851,
+        "narHash": "sha256-VnodC1+3KML8MYLLnK84E6U2Fz4ioNacOeQd1pMCSTw=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "16db3e61da7606984a05b4dfc33cd1d26d22fb22",
+        "rev": "b1781c0aa8935d8d1f35d228bcc7127fcebcd363",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "master",
+        "ref": "main",
         "repo": "NUR",
         "type": "github"
       }
@@ -241,27 +240,6 @@
         "repo": "default",
         "type": "github"
       }
-    },
-    "treefmt-nix": {
-      "inputs": {
-        "nixpkgs": [
-          "nur",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1733222881,
-        "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
-        "owner": "numtide",
-        "repo": "treefmt-nix",
-        "rev": "49717b5af6f80172275d47a418c9719a31a78b53",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "treefmt-nix",
-        "type": "github"
-      }
     }
   },
   "root": "root",

flake.nix

@@ -54,7 +54,7 @@
       type = "github";
       owner = "nix-community";
       repo = "NUR";
-      ref = "master";
+      ref = "main";
       inputs = {
         flake-parts.follows = "flake-parts";
         nixpkgs.follows = "nixpkgs";

flake/overlays.nix

@@ -1,4 +1,4 @@
-{ self, ... }:
+{ self, lib, ... }:
 let
   default-overlays = import "${self}/overlays";
 
@@ -8,7 +8,7 @@ let
 
     # Expose my custom packages
     pkgs = _final: prev: {
-      ambroisie = prev.recurseIntoAttrs (import "${self}/pkgs" { pkgs = prev; });
+      ambroisie = lib.recurseIntoAttrs (import "${self}/pkgs" { pkgs = prev; });
     };
   };
 in

hosts/nixos/porthos/secrets/secrets.nix

@@ -83,18 +83,9 @@ in
   "servarr/autobrr/session-secret.age".publicKeys = all;
   "servarr/cross-seed/configuration.json.age".publicKeys = all;
 
-  "sso/auth-key.age" = {
-    owner = "nginx-sso";
-    publicKeys = all;
-  };
-  "sso/ambroisie/password-hash.age" = {
-    owner = "nginx-sso";
-    publicKeys = all;
-  };
-  "sso/ambroisie/totp-secret.age" = {
-    owner = "nginx-sso";
-    publicKeys = all;
-  };
+  "sso/auth-key.age".publicKeys = all;
+  "sso/ambroisie/password-hash.age".publicKeys = all;
+  "sso/ambroisie/totp-secret.age".publicKeys = all;
 
   "tandoor-recipes/secret-key.age".publicKeys = all;
 

modules/home/delta/default.nix

@@ -1,9 +1,6 @@
 { config, pkgs, lib, ... }:
 let
   cfg = config.my.home.delta;
-
-  configFormat = pkgs.formats.gitIni { };
-  configPath = "${config.xdg.configHome}/delta/config";
 in
 {
   options.my.home.delta = with lib; {
@@ -17,28 +14,14 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    assertions = [
-      {
-        # For its configuration
-        assertion = cfg.enable -> cfg.git.enable;
-        message = ''
-          `config.my.home.delta` must enable `config.my.home.delta.git` to be
-          properly configured.
-        '';
-      }
-      {
-        assertion = cfg.enable -> config.programs.git.enable;
-        message = ''
-          `config.my.home.delta` relies on `config.programs.git` to be
-          enabled.
-        '';
-      }
-    ];
+    programs.delta = {
+      enable = true;
 
-    home.packages = [ cfg.package ];
+      inherit (cfg) package;
 
-    xdg.configFile."delta/config".source = configFormat.generate "delta-config" {
-      delta = {
+      enableGitIntegration = cfg.git.enable;
+
+      options = {
         features = "diff-highlight decorations";
 
         # Less jarring style for `diff-highlight` emulation
@@ -62,18 +45,5 @@ in
         };
       };
     };
-
-    programs.git = lib.mkIf cfg.git.enable {
-      delta = {
-        enable = true;
-        inherit (cfg) package;
-      };
-
-      includes = [
-        {
-          path = configPath;
-        }
-      ];
-    };
   };
 }

modules/home/discord/default.nix

@@ -1,8 +1,6 @@
 { config, lib, pkgs, ... }:
 let
   cfg = config.my.home.discord;
-
-  jsonFormat = pkgs.formats.json { };
 in
 {
   options.my.home.discord = with lib; {
@@ -12,14 +10,15 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    home.packages = with pkgs; [
-      cfg.package
-    ];
+    programs.discord = {
+      enable = true;
 
-    xdg.configFile."discord/settings.json".source =
-      jsonFormat.generate "discord.json" {
+      inherit (cfg) package;
+
+      settings = {
         # Do not keep me from using the app just to force an update
         SKIP_HOST_UPDATE = true;
       };
+    };
   };
 }

modules/home/git/default.nix

@@ -21,29 +21,31 @@ in
   config.programs.git = lib.mkIf cfg.enable {
     enable = true;
 
-    # Who am I?
-    userEmail = mkMailAddress "bruno" "belanyi.fr";
-    userName = "Bruno BELANYI";
-
     inherit (cfg) package;
 
-    aliases = {
-      git = "!git";
-      lol = "log --graph --decorate --pretty=oneline --abbrev-commit --topo-order";
-      lola = "lol --all";
-      assume = "update-index --assume-unchanged";
-      unassume = "update-index --no-assume-unchanged";
-      assumed = "!git ls-files -v | grep ^h | cut -c 3-";
-      pick = "log -p -G";
-      push-new = "!git push -u origin "
-        + ''"$(git branch | grep '^* ' | cut -f2- -d' ')"'';
-      root = "git rev-parse --show-toplevel";
-    };
-
     lfs.enable = true;
 
     # There's more
-    extraConfig = {
+    settings = {
+      # Who am I?
+      user = {
+        email = mkMailAddress "bruno" "belanyi.fr";
+        name = "Bruno BELANYI";
+      };
+
+      alias = {
+        git = "!git";
+        lol = "log --graph --decorate --pretty=oneline --abbrev-commit --topo-order";
+        lola = "lol --all";
+        assume = "update-index --assume-unchanged";
+        unassume = "update-index --no-assume-unchanged";
+        assumed = "!git ls-files -v | grep ^h | cut -c 3-";
+        pick = "log -p -G";
+        push-new = "!git push -u origin "
+          + ''"$(git branch | grep '^* ' | cut -f2- -d' ')"'';
+        root = "git rev-parse --show-toplevel";
+      };
+
       # Makes it a bit more readable
       blame = {
         coloring = "repeatedLines";

modules/home/vim/ftdetect/glsl.lua

@@ -1,7 +0,0 @@
--- Use GLSL filetype for common shader file extensions
-vim.filetype.add({
-    extension = {
-        frag = "glsl",
-        vert = "glsl",
-    },
-})

modules/home/vim/init.vim

@@ -81,9 +81,6 @@ set updatetime=250
 " Disable all mouse integrations
 set mouse=
 
-" Set dark mode by default
-set background=dark
-
 " Setup some overrides for gruvbox
 lua << EOF
 local gruvbox = require("gruvbox")

modules/home/vim/plugin/settings/lspconfig.lua

@@ -1,4 +1,3 @@
-local lspconfig = require("lspconfig")
 local lsp = require("ambroisie.lsp")
 local utils = require("ambroisie.utils")
 
@@ -25,59 +24,27 @@ vim.diagnostic.config({
 -- Inform servers we are able to do completion, snippets, etc...
 local capabilities = require("cmp_nvim_lsp").default_capabilities()
 
--- C/C++
-if utils.is_executable("clangd") then
-    lspconfig.clangd.setup({
-        capabilities = capabilities,
-        on_attach = lsp.on_attach,
-    })
-end
+-- Shared configuration
+vim.lsp.config("*", {
+    capabilities = capabilities,
+    on_attach = lsp.on_attach,
+})
 
--- Haskell
-if utils.is_executable("haskell-language-server-wrapper") then
-    lspconfig.hls.setup({
-        capabilities = capabilities,
-        on_attach = lsp.on_attach,
-    })
-end
-
--- Nix
-if utils.is_executable("nil") then
-    lspconfig.nil_ls.setup({
-        capabilities = capabilities,
-        on_attach = lsp.on_attach,
-    })
-end
-
--- Python
-if utils.is_executable("pyright") then
-    lspconfig.pyright.setup({
-        capabilities = capabilities,
-        on_attach = lsp.on_attach,
-    })
-end
-
-if utils.is_executable("ruff") then
-    lspconfig.ruff.setup({
-        capabilities = capabilities,
-        on_attach = lsp.on_attach,
-    })
-end
-
--- Rust
-if utils.is_executable("rust-analyzer") then
-    lspconfig.rust_analyzer.setup({
-        capabilities = capabilities,
-        on_attach = lsp.on_attach,
-    })
-end
-
--- Shell
-if utils.is_executable("bash-language-server") then
-    lspconfig.bashls.setup({
+local servers = {
+    -- C/C++
+    clangd = {},
+    -- Haskell
+    hls = {},
+    -- Nix
+    nil_ls = {},
+    -- Python
+    pyright = {},
+    ruff = {},
+    -- Rust
+    rust_analyzer = {},
+    -- Shell
+    bashls = {
         filetypes = { "bash", "sh", "zsh" },
-        capabilities = capabilities,
-        on_attach = lsp.on_attach,
         settings = {
             bashIde = {
                 shfmt = {
@@ -88,28 +55,17 @@ if utils.is_executable("bash-language-server") then
                 },
             },
         },
-    })
-end
+    },
+    -- Starlark
+    starpls = {},
+    -- Generic
+    harper_ls = {},
+    typos_lsp = {},
+}
 
--- Starlark
-if utils.is_executable("starpls") then
-    lspconfig.starpls.setup({
-        capabilities = capabilities,
-        on_attach = lsp.on_attach,
-    })
-end
-
--- Generic
-if utils.is_executable("harper-ls") then
-    lspconfig.harper_ls.setup({
-        capabilities = capabilities,
-        on_attach = lsp.on_attach,
-    })
-end
-
-if utils.is_executable("typos-lsp") then
-    lspconfig.typos_lsp.setup({
-        capabilities = capabilities,
-        on_attach = lsp.on_attach,
-    })
+for server, config in pairs(servers) do
+    if not vim.tbl_isempty(config) then
+        vim.lsp.config(server, config)
+    end
+    vim.lsp.enable(server)
 end

modules/home/zsh/default.nix

@@ -8,6 +8,10 @@ in
 
     launchTmux = mkEnableOption "auto launch tmux at shell start";
 
+    completionSync = {
+      enable = mkEnableOption "zsh-completion-sync plugin";
+    };
+
     notify = {
       enable = mkEnableOption "zsh-done notification";
 
@@ -19,7 +23,7 @@ in
           "direnv reload"
           "fg"
           "git (?!push|pull|fetch)"
-          "home-manager (?!switch|build|news)"
+          "home-manager (?!switch|build)"
           "htop"
           "less"
           "man"
@@ -68,7 +72,7 @@ in
         plugins = [
           {
             name = "fast-syntax-highlighting";
-            file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh";
+            file = "share/zsh/plugins/fast-syntax-highlighting/fast-syntax-highlighting.plugin.zsh";
             src = pkgs.zsh-fast-syntax-highlighting;
           }
           {
@@ -118,6 +122,18 @@ in
       };
     }
 
+    (lib.mkIf cfg.completionSync.enable {
+      programs.zsh = {
+        plugins = [
+          {
+            name = "zsh-completion-sync";
+            file = "share/zsh-completion-sync/zsh-completion-sync.plugin.zsh";
+            src = pkgs.zsh-completion-sync;
+          }
+        ];
+      };
+    })
+
     (lib.mkIf cfg.notify.enable {
       programs.zsh = {
         plugins = [

modules/nixos/services/homebox/default.nix

@@ -39,7 +39,7 @@ in
 
     my.services.backup = {
       paths = [
-        config.services.homebox.settings.HBOX_STORAGE_DATA
+        (lib.removePrefix "file://" config.services.homebox.settings.HBOX_STORAGE_CONN_STRING)
       ];
     };
 

modules/nixos/services/mealie/default.nix

@@ -32,6 +32,7 @@ in
         BASE_URL = "https://mealie.${config.networking.domain}";
         TZ = config.time.timeZone;
         ALLOw_SIGNUP = "false";
+        TOKEN_TIME = 24 * 180; # 180 days
       };
 
       # Automatic PostgreSQL provisioning
@@ -53,6 +54,12 @@ in
       };
     };
 
+    my.services.backup = {
+      paths = [
+        "/var/lib/mealie"
+      ];
+    };
+
     services.fail2ban.jails = {
       mealie = ''
         enabled = true

modules/nixos/services/nextcloud/collabora.nix

@@ -16,6 +16,12 @@ in
   };
 
   config = lib.mkIf cfg.enable {
+    services.nextcloud = {
+      extraApps = {
+        inherit (config.services.nextcloud.package.packages.apps) richdocuments;
+      };
+    };
+
     services.collabora-online = {
       enable = true;
       inherit (cfg) port;

modules/nixos/services/nextcloud/default.nix

@@ -35,7 +35,7 @@ in
   config = lib.mkIf cfg.enable {
     services.nextcloud = {
       enable = true;
-      package = pkgs.nextcloud31;
+      package = pkgs.nextcloud32;
       hostName = "nextcloud.${config.networking.domain}";
       home = "/var/lib/nextcloud";
       maxUploadSize = cfg.maxSize;
@@ -62,6 +62,16 @@ in
         # Allow using the push service without hard-coding my IP in the configuration
         bendDomainToLocalhost = true;
       };
+
+      extraApps = {
+        inherit (config.services.nextcloud.package.packages.apps)
+          calendar
+          contacts
+          deck
+          tasks
+          ;
+        # notify_push is automatically installed by the module
+      };
     };
 
     # The service above configures the domain, no need for my wrapper

modules/nixos/services/nginx/default.nix

@@ -444,7 +444,7 @@ in
         };
     };
 
-    systemd.services."acme-${domain}" = {
+    systemd.services."acme-order-renew-${domain}" = {
       serviceConfig = {
         Environment = [
           # Since I do a "weird" setup with a wildcard CNAME

modules/nixos/services/transmission/default.nix

@@ -71,10 +71,14 @@ in
       };
     };
 
-    # Transmission wants to eat *all* my RAM if left to its own devices
     systemd.services.transmission = {
       serviceConfig = {
+        # Transmission wants to eat *all* my RAM if left to its own devices
         MemoryMax = "33%";
+        # Avoid errors due to high number of open files.
+        LimitNOFILE = 1048576;
+        # Longer stop timeout to finish all torrents
+        TimeoutStopSec = "5m";
       };
     };