mullvad: Drop

It currently fails and as I don’t use it, it can be removed.

flake.lock

@@ -85,16 +85,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1715381426,
-        "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
+        "lastModified": 1716736833,
+        "narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
+        "rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-23.11",
+        "ref": "release-24.05",
         "repo": "home-manager",
         "type": "github"
       }
@@ -106,11 +106,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1716457508,
-        "narHash": "sha256-ZxzffLuWRyuMrkVVq7wastNUqeO0HJL9xqfY1QsYaqo=",
+        "lastModified": 1717316182,
+        "narHash": "sha256-Xi0EpZcu39N0eW7apLjFfUOR9y80toyjYizez7J1wMI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "850cb322046ef1a268449cf1ceda5fd24d930b05",
+        "rev": "9b53a10f4c91892f5af87cf55d08fba59ca086af",
         "type": "github"
       },
       "original": {
@@ -228,11 +228,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1716173274,
-        "narHash": "sha256-FC21Bn4m6ctajMjiUof30awPBH/7WjD0M5yqrWepZbY=",
+        "lastModified": 1717248095,
+        "narHash": "sha256-e8X2eWjAHJQT82AAN+mCI0B68cIDBJpqJ156+VRrFO0=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "d9e0b26202fd500cf3e79f73653cce7f7d541191",
+        "rev": "7b49d3967613d9aacac5b340ef158d493906ba79",
         "type": "github"
       },
       "original": {
@@ -244,16 +244,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1716361217,
-        "narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=",
+        "lastModified": 1717144377,
+        "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f",
+        "rev": "805a384895c696f802a9bf5bf4720f37385df547",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-23.11",
+        "ref": "nixos-24.05",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -303,11 +303,11 @@
     },
     "nixpkgs-stable_2": {
       "locked": {
-        "lastModified": 1716061101,
-        "narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=",
+        "lastModified": 1717265169,
+        "narHash": "sha256-IITcGd6xpNoyq9SZBigCkv4+qMHSqot0RDPR4xsZ2CA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2",
+        "rev": "3b1b4895b2c5f9f5544d02132896aeb9ceea77bc",
         "type": "github"
       },
       "original": {
@@ -319,11 +319,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1716330097,
-        "narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=",
+        "lastModified": 1716948383,
+        "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2",
+        "rev": "ad57eef4ef0659193044870c731987a6df5cf56b",
         "type": "github"
       },
       "original": {
@@ -450,11 +450,11 @@
         "nixpkgs-stable": "nixpkgs-stable_2"
       },
       "locked": {
-        "lastModified": 1716400300,
-        "narHash": "sha256-0lMkIk9h3AzOHs1dCL9RXvvN4PM8VBKb+cyGsqOKa4c=",
+        "lastModified": 1717297459,
+        "narHash": "sha256-cZC2f68w5UrJ1f+2NWGV9Gx0dEYmxwomWN2B0lx0QRA=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "b549832718b8946e875c016a4785d204fcfc2e53",
+        "rev": "ab2a43b0d21d1d37d4d5726a892f714eaeb4b075",
         "type": "github"
       },
       "original": {

flake.nix

@@ -8,10 +8,10 @@
   inputs = {
     flake-utils.url = "github:numtide/flake-utils";
 
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
     nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
 
-    home-manager.url = "github:nix-community/home-manager/release-23.11";
+    home-manager.url = "github:nix-community/home-manager/release-24.05";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
     home-manager-unstable.url = "github:nix-community/home-manager";
     home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";

machines/hitagi/configuration.nix

@@ -18,7 +18,6 @@
     };
     gui.enable = true;
     media-proxy.enable = true;
-    mullvad.enable = true;
     restic.system = {
       enable = true;
       qos = true;

machines/hitagi/hardware-configuration.nix

@@ -74,7 +74,7 @@
 
   environment.systemPackages = with pkgs; [
     clinfo
-    nvtop-amd # also returns basic stats for intel
+    nvtopPackages.intel
   ];
 
   security.wrappers."intel_gpu_top" = {

machines/koyomi/services/hypervisor.nix

@@ -61,7 +61,7 @@ in
       no-hosts = true; # do not resolve hosts from /etc/hosts
       no-resolv = true; # only use explicitly configured resolvers
 
-      domain = [ "sbruder.de" ];
+      domain = [ "koyomi.sbruder.de" ];
 
       enable-ra = true; # required to tell clients to use DHCPv6
 

machines/mayushii/configuration.nix

@@ -18,7 +18,6 @@
     };
     gui.enable = true;
     media-proxy.enable = true;
-    mullvad.enable = true;
     podman.enable = true;
     restic.system = {
       enable = true;

machines/renge/services/invidious/default.nix

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2021-2023 Simon Bruder <simon@sbruder.de>
+# SPDX-FileCopyrightText: 2021-2024 Simon Bruder <simon@sbruder.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -41,6 +41,10 @@
       use_pubsub_feeds = true;
       modified_source_code_url = "https://github.com/sbruder/invidious/tree/patches";
       https_only = lib.mkForce true;
+
+      # this can be removed
+      # when this service is re-deployed on a host with state version ≥ 24.05
+      db.user = "invidious";
     };
     extraSettingsFile = config.sops.secrets.invidious-extra-settings.path;
   };

machines/shinobu/services/snmp-exporter.nix

@@ -9,5 +9,6 @@
     enable = true;
     listenAddress = config.sbruder.wireguard.home.address;
     configurationPath = "${pkgs.prometheus-snmp-exporter.src}/snmp.yml";
+    enableConfigCheck = false; # otherwise module fails to evaluate
   };
 }

machines/vueko/services/murmur.nix

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2021-2022 Simon Bruder <simon@sbruder.de>
+# SPDX-FileCopyrightText: 2021-2024 Simon Bruder <simon@sbruder.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -25,6 +25,8 @@
       channelname = ''[ \\-=\\w\\#\\[\\]\\{\\}\\(\\)\\@\\|]+'';
     };
   };
+  # upstream (out-of-tree) does not define this, but nixpkgs wants (🥁) it
+  systemd.services.murmur.wants = [ "network-online.target" ];
 
   services.nginx.virtualHosts."mumble.sbruder.de" = {
     enableACME = true;

modules/default.nix

@@ -46,7 +46,6 @@
     ./mailserver
     ./media-mount.nix
     ./media-proxy.nix
-    ./mullvad
     ./network-manager.nix
     ./nginx-interactive-index
     ./nginx.nix

modules/fonts.nix

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2020-2023 Simon Bruder <simon@sbruder.de>
+# SPDX-FileCopyrightText: 2020-2024 Simon Bruder <simon@sbruder.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -9,15 +9,15 @@ let
       family = "Iosevka sbruder";
       spacing = "term";
       serifs = "sans";
-      no-cv-ss = false;
-      export-glyph-names = true;
+      noCvSs = false;
+      exportGlyphNames = true;
 
       variants = {
         inherits = "ss20";
 
         design = {
           capital-g = "toothless-rounded-serifless-hooked";
-          four = "closed";
+          four = "closed-serifless";
           six = "closed-contour";
           nine = "closed-contour";
           number-sign = "upright-tall";

modules/mailserver/dovecot.nix

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2021-2023 Simon Bruder <simon@sbruder.de>
+# SPDX-FileCopyrightText: 2021-2024 Simon Bruder <simon@sbruder.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -38,14 +38,58 @@ lib.mkIf cfg.enable {
       Spam = { specialUse = "Junk"; auto = "subscribe"; };
     };
 
-    sieveScripts = {
-      before = pkgs.writeText "spam.sieve" ''
-        require "fileinto";
+    mailPlugins.perProtocol = {
+      imap.enable = [ "imap_sieve" ];
+      lmtp.enable = [ "sieve" ];
+    };
 
-        if header :is "X-Spam" "Yes" {
-            fileinto "Spam";
-        }
-      '';
+    sieve = {
+      scripts = {
+        before = pkgs.writeText "spam.sieve" ''
+          require "fileinto";
+
+          if header :is "X-Spam" "Yes" {
+              fileinto "Spam";
+          }
+        '';
+      };
+      extensions = [ "fileinto" ];
+      pipeBins = lib.mkIf cfg.spam.enable [
+        "${pkgs.rspamd}/bin/rspamc"
+      ];
+    };
+
+    imapsieve.mailbox = lib.mkIf cfg.spam.enable [
+      {
+        name = "Spam";
+        causes = [ "COPY" ];
+        before = pkgs.writeText "learn-spam.sieve" ''
+          require ["vnd.dovecot.pipe", "copy", "imapsieve"];
+          pipe :copy "rspamc" ["learn_spam"];
+        '';
+      }
+      {
+        name = "*";
+        from = "Spam";
+        causes = [ "COPY" ];
+        before = pkgs.writeText "learn-ham.sieve" ''
+          require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
+
+          if environment :matches "imap.mailbox" "*" {
+              set "mailbox" "''${1}";
+          }
+
+          if string "''${mailbox}" "Trash" {
+              stop;
+          }
+
+          pipe :copy "rspamc" ["learn_ham"];
+        '';
+      }
+    ];
+
+    pluginSettings = {
+      sieve = "file:/var/lib/sieve/%d/%n/scripts;active=/var/lib/sieve/%d/%n/active.sieve";
     };
 
     extraConfig = ''
@@ -56,14 +100,6 @@ lib.mkIf cfg.enable {
       ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
       ssl_prefer_server_ciphers = no
 
-      protocol imap {
-        mail_plugins = $mail_plugins imap_sieve
-      }
-
-      protocol lmtp {
-        mail_plugins = $mail_plugins sieve
-      }
-
       service imap-login {
         inet_listener imap {
         }
@@ -98,25 +134,6 @@ lib.mkIf cfg.enable {
       lda_mailbox_autosubscribe = yes
       lda_mailbox_autocreate = yes
 
-      plugin {
-        sieve_plugins = sieve_imapsieve sieve_extprograms
-        sieve = file:/var/lib/sieve/%d/%n/scripts;active=/var/lib/sieve/%d/%n/active.sieve
-
-        ${lib.optionalString cfg.spam.enable ''
-        imapsieve_mailbox1_name = Spam
-        imapsieve_mailbox1_causes = COPY
-        imapsieve_mailbox1_before = file:/var/lib/dovecot/sieve/learn-spam.sieve
-
-        imapsieve_mailbox2_name = *
-        imapsieve_mailbox2_from = Spam
-        imapsieve_mailbox2_causes = COPY
-        imapsieve_mailbox2_before = file:/var/lib/dovecot/sieve/learn-ham.sieve
-        sieve_pipe_bin_dir = ${pkgs.symlinkJoin { name = "sieve-pipe-bin-dir"; paths = with pkgs; [ rspamd ]; } }/bin
-        ''}
-
-        sieve_global_extensions = +vnd.dovecot.pipe
-      }
-
       service managesieve-login {
         inet_listener sieve {
           port = 4190
@@ -127,33 +144,6 @@ lib.mkIf cfg.enable {
   systemd.services.dovecot2 = {
     wants = [ "acme-finished-${cfg.fqdn}.target" ];
     after = [ "acme-finished-${cfg.fqdn}.target" ];
-
-    preStart = lib.mkIf cfg.spam.enable
-      (lib.mkAfter
-        (lib.concatStrings
-          (lib.mapAttrsToList
-            (name: content: ''
-              cp ${pkgs.writeText name content} /var/lib/dovecot/sieve/${name}
-            '')
-            {
-              "learn-spam.sieve" = ''
-                require ["vnd.dovecot.pipe", "copy", "imapsieve"];
-                pipe :copy "rspamc" ["learn_spam"];
-              '';
-              "learn-ham.sieve" = ''
-                require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
-
-                if environment :matches "imap.mailbox" "*" {
-                    set "mailbox" "''${1}";
-                }
-
-                if string "''${mailbox}" "Trash" {
-                    stop;
-                }
-
-                pipe :copy "rspamc" ["learn_ham"];
-              '';
-            })));
   };
 
   networking.firewall.allowedTCPPorts = [

modules/mailserver/postfix.nix

@@ -39,7 +39,6 @@ let
       cfg.cleanHeaders);
 in
 lib.mkIf cfg.enable {
-  security.dhparams.params.postfix = { };
   services.postfix = {
     enable = true;
 
@@ -108,8 +107,6 @@ lib.mkIf cfg.enable {
         "DHE-RSA-AES256-GCM-SHA384"
       ];
       tls_preempt_cipherlist = "no";
-
-      smtpd_tls_dh1024_param_file = config.security.dhparams.params.postfix.path;
     };
 
     # plain/STARTTLS (forced with smtpd_tls_security_level)

modules/media-proxy.nix

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2020-2023 Simon Bruder <simon@sbruder.de>
+# SPDX-FileCopyrightText: 2020-2024 Simon Bruder <simon@sbruder.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -23,6 +23,7 @@ in
 
     # otherwise name resolution fails
     systemd.services.nginx.after = [ "network-online.target" ];
+    systemd.services.nginx.wants = [ "network-online.target" ];
     services.nginx = {
       enable = true;
       commonHttpConfig = ''

modules/mullvad/default.nix

@@ -1,66 +0,0 @@
-# SPDX-FileCopyrightText: 2021-2022 Simon Bruder <simon@sbruder.de>
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
-{ config, lib, pkgs, ... }:
-let
-  relays = builtins.fromJSON (builtins.readFile ./relays.json);
-
-  cfg = config.sbruder.mullvad;
-
-  relayConfigs = lib.mapAttrs'
-    (name: configuration: lib.nameValuePair "mlv-${name}.conf" (with configuration; ''
-      [Interface]
-      DNS = ${cfg.dnsServer}
-
-      [Peer]
-      Endpoint = ${if cfg.ipVersion == 4 then endpoint4 else endpoint6}:${toString cfg.port}
-      PublicKey = ${pubkey}
-      AllowedIPs = 0.0.0.0/0,::0/0
-    ''))
-    relays;
-
-  # Creating 100+ files in a separate derivation each has too much overhead
-  relayConfigFiles = pkgs.runCommandNoCC "etc-wireguard-mullvad" { } (''
-    mkdir $out
-  '' + (lib.concatStringsSep
-    "\n"
-    (lib.mapAttrsToList
-      (name: content: ''
-        cat > $out/${lib.escapeShellArg name} << EOF
-        ${content}
-        EOF
-      '')
-      relayConfigs)));
-in
-{
-  options.sbruder.mullvad = {
-    enable = lib.mkEnableOption "wg-quick compatible configuration files in /etc/wireguard for Mullvad VPN";
-    dnsServer = lib.mkOption {
-      type = lib.types.str;
-      default = "193.138.218.74";
-    };
-    ipVersion = lib.mkOption {
-      type = lib.types.enum [ 4 6 ];
-      default = 4;
-    };
-    port = lib.mkOption {
-      type = lib.types.port;
-      default = 51820;
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    environment = {
-      etc = builtins.listToAttrs
-        (map
-          (name: lib.nameValuePair "wireguard/${name}" { source = "${relayConfigFiles}/${name}"; })
-          (lib.attrNames relayConfigs));
-
-      systemPackages = lib.singleton (pkgs.runCommandNoCC "mullvad-on-demand" { } ''
-        install -D ${./mullvad.sh} $out/bin/mullvad
-        install -D ${./mullvad-fzf.sh} $out/bin/mullvad-fzf
-      '');
-    };
-  };
-}

modules/mullvad/mullvad-fzf.sh

@@ -1,7 +0,0 @@
-#!/usr/bin/env bash
-
-# SPDX-FileCopyrightText: 2022 Simon Bruder <simon@sbruder.de>
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
-mullvad $(find /etc/wireguard -name "mlv-*.conf" -printf "%f\n" | sed 's/mlv-\(.*\)\.conf/\1/' | fzf)

modules/mullvad/mullvad.sh

@@ -1,65 +0,0 @@
-#!/usr/bin/env bash
-
-# SPDX-FileCopyrightText: 2021-2022 Simon Bruder <simon@sbruder.de>
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
-# This reads wg-quick compatible configuration files from
-# /etc/wireguard/mlv-LOCATION.conf
-#
-# Since they are autogenerated by nix and therefore world-readable, they do not
-# include secrets like the private key and client address. Instead, they are
-# manually added after wg-quick set up the tunnel by retrieving them with
-# pass(1) from web/mullvad.net/wireguard.
-#
-# Format of pass entry:
-#     PrivateKey: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa=
-#     Address4: 10.0.0.1/32
-#     Address6: fd00::1/128
-set -euo pipefail
-
-if (( $# < 1 )); then
-	echo "USAGE: $0 LOCATION|off" >&2
-	exit 1
-fi
-
-INTERFACE="mlv-$1"
-
-cmd() {
-	echo "[#] $*" >&2
-	sudo "$@"
-}
-
-for interface in /sys/class/net/*; do
-	interface="${interface#/sys/class/net/}"
-	[[ $interface =~ ^mlv-(v6-)?[a-z]{2}(-[a-z]{3}-)?[0-9]*$ ]] && cmd wg-quick down "$interface"
-done
-
-if [ "$1" != "off" ]; then
-	# Make sure gpg-agent is unlocked so the period where the interface exists but
-	# no private key is set is minised.
-	pass web/mullvad.net/wireguard >/dev/null
-
-	cmd wg-quick up "$INTERFACE"
-	pass web/mullvad.net/wireguard | while read -r line; do
-		key="${line%%: *}"
-		value="${line#*: }"
-		case "$key" in
-			PrivateKey)
-				cmd wg set "$INTERFACE" private-key /dev/stdin <<< "$value"
-				continue
-				;;
-			Address4)
-				cmd ip -4 address add "$value" dev "$INTERFACE"
-				continue
-				;;
-			Address6)
-				cmd ip -6 address add "$value" dev "$INTERFACE"
-				continue
-				;;
-			*)
-				echo "Invalid key '$key'"
-				exit 1
-		esac
-	done
-fi

modules/mullvad/relays.json.license

@@ -1,3 +0,0 @@
-SPDX-FileCopyrightText: 2021-2023 Mullvad VPN AB
-
-SPDX-License-Identifier: CC0-1.0

modules/mullvad/update.sh

@@ -1,17 +0,0 @@
-#!/usr/bin/env bash
-
-# SPDX-FileCopyrightText: 2021-2022 Simon Bruder <simon@sbruder.de>
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
-# This gets the current wireguard relay list from mullvad’s API and transforms
-# it into a format that takes up less space than the original response.
-set -euo pipefail
-curl -s 'https://api.mullvad.net/www/relays/wireguard/' | jq '. | map({
-	key: (if .hostname | endswith("-wireguard") then .hostname | split("-")[0] else .hostname | sub("-wg-"; "-") end),
-	value: {
-		endpoint4: .ipv4_addr_in,
-		endpoint6: .ipv6_addr_in,
-		pubkey: .pubkey
-	}
-}) | from_entries' > relays.json

modules/nix.nix

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2020-2023 Simon Bruder <simon@sbruder.de>
+# SPDX-FileCopyrightText: 2020-2024 Simon Bruder <simon@sbruder.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -25,14 +25,15 @@ let
 in
 {
   nix = {
+    channel.enable = false;
+
     registry = with inputs; {
-      nixpkgs.flake = nixpkgs;
       nixpkgs-unstable.flake = nixpkgs-unstable;
     };
 
     nixPath = [
-      "nixpkgs=${inputs.nixpkgs}"
       "nixpkgs-overlays=${overlaysCompat}"
+      "nixpkgs-unstable=flake:nixpkgs-unstable"
     ];
 
     settings = {

users/simon/modules/gpg.nix

@@ -20,7 +20,7 @@
     enableZshIntegration = true;
     enableSshSupport = lib.mkDefault nixosConfig.sbruder.gui.enable;
 
-    pinentryFlavor = if nixosConfig.sbruder.gui.enable then "gnome3" else "curses";
+    pinentryPackage = if nixosConfig.sbruder.gui.enable then pkgs.pinentry-gnome3 else pkgs.pinentry-curses;
 
     defaultCacheTtl = 300;
     defaultCacheTtlSsh = defaultCacheTtl;

users/simon/modules/neovim/default.nix

@@ -86,7 +86,6 @@ in
       lualine-lsp-progress
       lualine-nvim
       luasnip
-      neogit
       nvim-cmp
       nvim-jdtls
       nvim-lspconfig
@@ -94,7 +93,6 @@ in
       nvim-treesitter.withAllGrammars
       nvim-web-devicons
       plantuml-syntax
-      plenary-nvim
       rainbow_csv
       rust-vim
       tagbar

users/simon/modules/neovim/init.lua

@@ -125,18 +125,6 @@ require('which-key').setup {}
 require('nvim-web-devicons').setup { default = true }
 
 -- Git
-require('plenary') -- otherwise neogit SIGABRTs
-require('neogit').setup {
-    disable_commit_confirmation = true,
-    integrations = {
-        diffview = true,
-    },
-}
-cmd([[
-hi NeogitNotificationInfo guifg=#268bd2
-hi NeogitNotificationWarning guifg=#cb4b16
-hi NeogitNotificationError guifg=#dc322f
-]])
 require('gitsigns').setup {
     -- copied from upstream readme
     on_attach = function(bufnr)

users/simon/modules/pass.nix

@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
-{ config, pkgs, ... }:
+{ config, lib, nixosConfig, pkgs, ... }:
 {
   programs.password-store = {
     enable = true;
@@ -20,7 +20,7 @@
     browsers = [ "librewolf" ];
   };
 
-  services.pass-secret-service = {
+  services.pass-secret-service = lib.mkIf nixosConfig.sbruder.gui.enable {
     enable = true;
     storePath = "${config.xdg.dataHome}/secret-service-password-store";
   };

users/simon/modules/programs.nix

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2020-2023 Simon Bruder <simon@sbruder.de>
+# SPDX-FileCopyrightText: 2020-2024 Simon Bruder <simon@sbruder.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -156,7 +156,7 @@ in
     # tools
     gdb # debugger (for coredumpctl debug)
     gdrive # cli downloader for google drive
-    (ripgrep-all.overrideAttrs (o: { tesseract = tesseract.override { enableLanguages = [ "deu" "eng" ]; }; })) # ripgrep for complex (binary) files
+    ripgrep-all # ripgrep for complex (binary) files
 
     # audio and video
     libbluray # includes command line tools

users/simon/modules/sway/default.nix

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2020-2023 Simon Bruder <simon@sbruder.de>
+# SPDX-FileCopyrightText: 2020-2024 Simon Bruder <simon@sbruder.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -64,7 +64,7 @@ in
       output = {
         "*".bg = "${wallpaper} fill";
       } // (lib.optionalAttrs clamshellHack {
-        "Acer Technologies Acer B277K 0x0000F36C" = {
+        "Acer Technologies Acer B277K 0x1261936C" = {
           position = "1920,0";
           scale = "2";
           mode = "3840x2160";

users/simon/modules/sway/kanshi.nix

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2021-2022 Simon Bruder <simon@sbruder.de>
+# SPDX-FileCopyrightText: 2021-2024 Simon Bruder <simon@sbruder.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -7,24 +7,27 @@ let
   getMachineConfig = machine:
     if lib.hasAttr machine machineConfigs
     then lib.getAttr machine machineConfigs
-    else { };
+    else [ ];
 
   machineConfigs = {
     # mayushii is handled separately in sway’s main configuration.
     # See it for more details.
-    # mayushii = { };
-    hitagi = {
-      home.outputs = lib.singleton {
-        criteria = "Acer Technologies Acer B277K 0x0000F36C";
-        mode = "3840x2160";
-        scale = 2.0;
-      };
-    };
+    # mayushii = [ ];
+    hitagi = [
+      {
+        profile.name = "home";
+        profile.outputs = lib.singleton {
+          criteria = "Acer Technologies Acer B277K 0x1261936C";
+          mode = "3840x2160";
+          scale = 2.0;
+        };
+      }
+    ];
   };
 in
 {
   services.kanshi = {
     enable = true;
-    profiles = getMachineConfig (nixosConfig.networking.hostName);
+    settings = getMachineConfig (nixosConfig.networking.hostName);
   };
 }

users/simon/modules/zsh/default.nix

@@ -62,7 +62,6 @@ in
     };
     eza = {
       enable = true;
-      enableAliases = true;
       git = true;
       extraOptions = [
         "--binary" # prefer MiB over MB etc.