From 66cb0c4ec188b9623edffee834cad6d6ab07c0e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Fri, 16 Jan 2026 02:41:31 +0800 Subject: [PATCH 1/2] chore(lints): Update nix-ast-lint --- checks/default.nix | 2 +- flake.lock | 8 +- flake.nix | 6 +- home-config/applications/tty/default.nix | 38 ++++----- home-config/desktop/sway.nix | 6 +- home-config/personal/keepassxc.nix | 62 ++++++++------- home-config/shell/default.nix | 6 +- home-config/shell/nushell.nix | 14 ++-- home-config/work/famedly.nix | 12 +-- nixos-config/default.nix | 99 ++++++++++++------------ nixos-config/desktop/greeter/default.nix | 16 ++-- nixos-config/hosts/yui/networking.nix | 13 ++-- nixos-config/networking/default.nix | 6 +- 13 files changed, 154 insertions(+), 134 deletions(-) diff --git a/checks/default.nix b/checks/default.nix index 80cbba26..41129fa9 100644 --- a/checks/default.nix +++ b/checks/default.nix @@ -15,7 +15,7 @@ in }; script = '' - nix-ast-lint --error --off=empty-let-in + nix-ast-lint --error deadnix --fail **/*.nix nixfmt --check --strict **/*.nix ''; diff --git a/flake.lock b/flake.lock index 593e97ff..2243242f 100644 --- a/flake.lock +++ b/flake.lock @@ -169,11 +169,11 @@ ] }, "locked": { - "lastModified": 1768472416, - "narHash": "sha256-SWAY3QviGbp4MN1/RlQOeh3VfSD2/8o8wwvISHXe2oo=", - "rev": "e5acfd1d234fcd6b6997e25dc9d830d023a2d025", + "lastModified": 1768501693, + "narHash": "sha256-H7PmIBB8BVnh9lpvoOAk+PfOMhhzVgkCyAz1KtvHIcQ=", + "rev": "d0b8b619d5e1b96fc71c321cb3d33a02b5f44d7a", "type": "tarball", - "url": "https://codeberg.org/api/v1/repos/tlater/nix-ast-lint/archive/e5acfd1d234fcd6b6997e25dc9d830d023a2d025.tar.gz" + "url": "https://codeberg.org/api/v1/repos/tlater/nix-ast-lint/archive/d0b8b619d5e1b96fc71c321cb3d33a02b5f44d7a.tar.gz" }, "original": { "type": "tarball", diff --git a/flake.nix b/flake.nix index 4c08632c..ed176cdc 100644 --- a/flake.nix +++ b/flake.nix @@ -30,8 +30,10 @@ emacs-overlay = { url = "github:nix-community/emacs-overlay"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.nixpkgs-stable.follows = "nixpkgs"; + inputs = { + nixpkgs.follows = "nixpkgs"; + nixpkgs-stable.follows = "nixpkgs"; + }; }; tree-sitter-sieve = { diff --git a/home-config/applications/tty/default.nix b/home-config/applications/tty/default.nix index 9ec66858..e103c837 100644 --- a/home-config/applications/tty/default.nix +++ b/home-config/applications/tty/default.nix @@ -9,25 +9,27 @@ home.packages = [ flake-inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.topiary ]; - programs.bottom = { - enable = true; - settings.flags.group_processes = true; - }; + programs = { + bottom = { + enable = true; + settings.flags.group_processes = true; + }; - programs.git.settings = - let - mergiraf-attributes = - pkgs.runCommandLocal "gitattributes" { nativeBuildInputs = [ pkgs.mergiraf ]; } - '' - mergiraf languages --gitattributes >> $out - ''; - in - { - core.attributesfile = mergiraf-attributes.outPath; + git.settings = + let + mergiraf-attributes = + pkgs.runCommandLocal "gitattributes" { nativeBuildInputs = [ pkgs.mergiraf ]; } + '' + mergiraf languages --gitattributes >> $out + ''; + in + { + core.attributesfile = mergiraf-attributes.outPath; - merge.mergiraf = { - name = "mergiraf"; - driver = "${lib.getExe pkgs.mergiraf} merge --git %O %A %B -s %S -x %X -y %Y -p %P -l %L"; + merge.mergiraf = { + name = "mergiraf"; + driver = "${lib.getExe pkgs.mergiraf} merge --git %O %A %B -s %S -x %X -y %Y -p %P -l %L"; + }; }; - }; + }; } diff --git a/home-config/desktop/sway.nix b/home-config/desktop/sway.nix index 8b296515..31fba693 100644 --- a/home-config/desktop/sway.nix +++ b/home-config/desktop/sway.nix @@ -55,8 +55,10 @@ in enable = true; package = null; config = null; - systemd.enable = false; - systemd.xdgAutostart = false; + systemd = { + enable = false; + xdgAutostart = false; + }; extraConfigEarly = let theme = "${ diff --git a/home-config/personal/keepassxc.nix b/home-config/personal/keepassxc.nix index 79a70f34..d2b3e749 100644 --- a/home-config/personal/keepassxc.nix +++ b/home-config/personal/keepassxc.nix @@ -11,41 +11,43 @@ in { home.packages = with pkgs; [ keepassxc ]; - systemd.user.services.keepass-sync = { - Unit = { - Description = "KeepassXC synchronization"; - ConditionEnvironment = [ "DBUS_SESSION_BUS_ADDRESS" ]; - }; - Service = { - Type = "oneshot"; + systemd.user = { + services.keepass-sync = { + Unit = { + Description = "KeepassXC synchronization"; + ConditionEnvironment = [ "DBUS_SESSION_BUS_ADDRESS" ]; + }; + Service = { + Type = "oneshot"; - ExecCondition = "${lib.getExe' pkgs.systemd "busctl"} --user status org.freedesktop.secrets"; + ExecCondition = "${lib.getExe' pkgs.systemd "busctl"} --user status org.freedesktop.secrets"; - ExecStart = - writeNuWith - { - packages = [ - nextcloudcmd - pkgs.libsecret - ]; - } - "sync-keepassxc" - '' - const url = 'https://nextcloud.tlater.net' - const nextcloud_dir = 'Backups/keepass' - let local_dir = $'($env.XDG_DATA_HOME | default ~/.local/share)/keepassxc/synced' + ExecStart = + writeNuWith + { + packages = [ + nextcloudcmd + pkgs.libsecret + ]; + } + "sync-keepassxc" + '' + const url = 'https://nextcloud.tlater.net' + const nextcloud_dir = 'Backups/keepass' + let local_dir = $'($env.XDG_DATA_HOME | default ~/.local/share)/keepassxc/synced' - let attributes = secret-tool search URL $url o+e>| parse "{attribute} = {value}" | transpose -rid - let password = secret-tool lookup URL $url + let attributes = secret-tool search URL $url o+e>| parse "{attribute} = {value}" | transpose -rid + let password = secret-tool lookup URL $url - $"($attributes.'attribute.UserName')\n($password)" | nextcloudcmd --path $nextcloud_dir $local_dir $url - ''; + $"($attributes.'attribute.UserName')\n($password)" | nextcloudcmd --path $nextcloud_dir $local_dir $url + ''; + }; }; - }; - systemd.user.timers.keepass-sync = { - Unit.Description = "Periodic KeepassXC synchronization"; - Timer.OnCalendar = "hourly"; - Install.WantedBy = [ "timers.target" ]; + timers.keepass-sync = { + Unit.Description = "Periodic KeepassXC synchronization"; + Timer.OnCalendar = "hourly"; + Install.WantedBy = [ "timers.target" ]; + }; }; } diff --git a/home-config/shell/default.nix b/home-config/shell/default.nix index 42678b43..8bea532c 100644 --- a/home-config/shell/default.nix +++ b/home-config/shell/default.nix @@ -77,8 +77,10 @@ branch.autoSetupRebase = "always"; checkout.defaultRemote = "origin"; - pull.rebase = true; - pull.ff = "only"; + pull = { + rebase = true; + ff = "only"; + }; push.default = "current"; init.defaultBranch = "main"; diff --git a/home-config/shell/nushell.nix b/home-config/shell/nushell.nix index 952960c6..54ea4e66 100644 --- a/home-config/shell/nushell.nix +++ b/home-config/shell/nushell.nix @@ -2,12 +2,14 @@ { home.shell.enableNushellIntegration = true; - programs.nushell = { - enable = true; - configFile.source = ../dotfiles/nushell/config.nu; + programs = { + nushell = { + enable = true; + configFile.source = ../dotfiles/nushell/config.nu; - plugins = [ pkgs.nushellPlugins.query ]; - }; + plugins = [ pkgs.nushellPlugins.query ]; + }; - programs.carapace.enable = true; + carapace.enable = true; + }; } diff --git a/home-config/work/famedly.nix b/home-config/work/famedly.nix index 65b69484..d268d54a 100644 --- a/home-config/work/famedly.nix +++ b/home-config/work/famedly.nix @@ -44,10 +44,12 @@ services.mpd.enable = lib.mkForce false; - home.packages = with pkgs; [ - bitwarden-desktop - pre-commit - ]; + home = { + packages = with pkgs; [ + bitwarden-desktop + pre-commit + ]; - home.file.".ssh/famedly-tlater.pub".source = "${flake-inputs.self}/keys/famedly-tlater.pub"; + file.".ssh/famedly-tlater.pub".source = "${flake-inputs.self}/keys/famedly-tlater.pub"; + }; } diff --git a/nixos-config/default.nix b/nixos-config/default.nix index b17db844..04cd653a 100644 --- a/nixos-config/default.nix +++ b/nixos-config/default.nix @@ -54,25 +54,6 @@ easyNvidia.desktopEnvironment = "wlroots"; - hardware.nvidia = - let - inherit (flake-inputs.self.packages.${pkgs.stdenv.hostPlatform.system}) nvidia; - in - { - package = config.boot.kernelPackages.nvidiaPackages.mkDriver { - inherit (nvidia) version; - sha256_64bit = nvidia.src.outputHash; - openSha256 = nvidia.open.src.outputHash; - useSettings = false; - usePersistenced = false; - }; - - # Disabled because I don't use it and I can't be bothered to - # figure out how to get a hash for something nvidia don't seem to - # publish consistently. - nvidiaSettings = false; - }; - boot = { initrd.systemd.enable = true; @@ -142,7 +123,10 @@ nano.enable = false; }; - security.sudo-rs.enable = true; + security = { + sudo-rs.enable = true; + rtkit.enable = true; + }; fileSystems."/boot".options = [ "umask=0077" ]; @@ -165,30 +149,32 @@ }; }; - # My systems never have usable root accounts anyway, so emergency - # mode just drops into a shell telling me it can't log into root - systemd.enableEmergencyMode = false; - - systemd.services.angrr-touch = { - description = "`touch` gcroots that angrr shouldn't delete"; - wantedBy = [ "angrr.service" ]; - before = [ "angrr.service" ]; - - serviceConfig.ExecStart = - (flake-inputs.self.pkgs-lib.${pkgs.stdenv.hostPlatform.system}.writeNuWith - { packages = [ pkgs.fd ]; } - "angrr-touch" - '' - let roots = (fd --no-ignore -t d gcroots /home/tlater/.local/src /home/tlater/Documents/Projects - | split row "\n" - | each { ls -l $in } - | flatten - | where target =~ ^/nix/store) - - print ($roots | select name accessed modified | update name { path relative-to /home/tlater }) - $roots | each { touch --no-deref $in.name } - '' - ).outPath; + systemd = { + # My systems never have usable root accounts anyway, so emergency + # mode just drops into a shell telling me it can't log into root + enableEmergencyMode = false; + + services.angrr-touch = { + description = "`touch` gcroots that angrr shouldn't delete"; + wantedBy = [ "angrr.service" ]; + before = [ "angrr.service" ]; + + serviceConfig.ExecStart = + (flake-inputs.self.pkgs-lib.${pkgs.stdenv.hostPlatform.system}.writeNuWith + { packages = [ pkgs.fd ]; } + "angrr-touch" + '' + let roots = (fd --no-ignore -t d gcroots /home/tlater/.local/src /home/tlater/Documents/Projects + | split row "\n" + | each { ls -l $in } + | flatten + | where target =~ ^/nix/store) + + print ($roots | select name accessed modified | update name { path relative-to /home/tlater }) + $roots | each { touch --no-deref $in.name } + '' + ).outPath; + }; }; services = { @@ -277,18 +263,35 @@ fstrim.enable = true; fwupd.enable = true; automatic-timezoned.enable = true; + + # Necessary for opening links in gnome under certain conditions + gvfs.enable = true; }; hardware = { bluetooth.enable = true; enableRedistributableFirmware = true; opentabletdriver.enable = true; - }; - security.rtkit.enable = true; + nvidia = + let + inherit (flake-inputs.self.packages.${pkgs.stdenv.hostPlatform.system}) nvidia; + in + { + package = config.boot.kernelPackages.nvidiaPackages.mkDriver { + inherit (nvidia) version; + sha256_64bit = nvidia.src.outputHash; + openSha256 = nvidia.open.src.outputHash; + useSettings = false; + usePersistenced = false; + }; - # Necessary for opening links in gnome under certain conditions - services.gvfs.enable = true; + # Disabled because I don't use it and I can't be bothered to + # figure out how to get a hash for something nvidia don't seem to + # publish consistently. + nvidiaSettings = false; + }; + }; system.stateVersion = "20.09"; } diff --git a/nixos-config/desktop/greeter/default.nix b/nixos-config/desktop/greeter/default.nix index c7646b4b..e0897d41 100644 --- a/nixos-config/desktop/greeter/default.nix +++ b/nixos-config/desktop/greeter/default.nix @@ -49,14 +49,16 @@ in }; }; - environment.etc."greetd/environments".text = '' - sway-run - ''; + environment = { + etc."greetd/environments".text = '' + sway-run + ''; - environment.systemPackages = with pkgs; [ - sway-run - pciutils - ]; + systemPackages = with pkgs; [ + sway-run + pciutils + ]; + }; fonts.packages = [ flake-inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.phosphor-icons ]; diff --git a/nixos-config/hosts/yui/networking.nix b/nixos-config/hosts/yui/networking.nix index 959034b5..a5287835 100644 --- a/nixos-config/hosts/yui/networking.nix +++ b/nixos-config/hosts/yui/networking.nix @@ -2,13 +2,12 @@ networking = { hostName = "yui"; - firewall.allowedTCPPorts = [ - # Allow minecraft for when I'm running a minecraft server - # locally - 25565 - ]; - - firewall.allowedUDPPorts = [ 25565 ]; + # Allow minecraft for when I'm running a minecraft server + # locally + firewall = { + allowedTCPPorts = [ 25565 ]; + allowedUDPPorts = [ 25565 ]; + }; networkmanager.ensureProfiles.profiles.bond.bond.primary = "eno1"; }; diff --git a/nixos-config/networking/default.nix b/nixos-config/networking/default.nix index 6a0ae57a..355e6985 100644 --- a/nixos-config/networking/default.nix +++ b/nixos-config/networking/default.nix @@ -63,6 +63,8 @@ # Ensure unbound is available for DNS settings by the time # connections might set such - systemd.services.unbound.after = lib.mkForce [ ]; - systemd.services.unbound.before = [ "NetworkManager.service" ]; + systemd.services.unbound = { + after = lib.mkForce [ ]; + before = [ "NetworkManager.service" ]; + }; } From 09dec975f81045ea5e3101cccfc5ac5d803f54ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Fri, 16 Jan 2026 02:42:28 +0800 Subject: [PATCH 2/2] chore(git-blame-ignore-revs): Ignore nix-ast-lint commit --- .git-blame-ignore-revs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs index 25d5a28b..19e09285 100644 --- a/.git-blame-ignore-revs +++ b/.git-blame-ignore-revs @@ -4,3 +4,5 @@ ba4f3ffb1956acd35a2d4a71a8775d2f520497d1 # Switched to `nix-ast-lint` 8581934d6669224eed540123af826deec67b400c +# Fixed a bug in `nix-ast-lint` +66cb0c4ec188b9623edffee834cad6d6ab07c0e5