fix warnings for flame

2025-02-20 22:12:03 +00:00 · 2025-02-18 17:44:39 -05:00 · 2025-02-18 17:44:39 -05:00 · 7007567207
commit 7007567207
parent 1d4ad5b0af
18 changed files with 94 additions and 75 deletions
--- a/flake.nix
+++ b/flake.nix
@ -228,24 +228,27 @@
          dotfilesRepo = "https://github.com/nmasur/dotfiles";
          hostnames = {
            audiobooks = "read.${baseName}";
+            books = "books.${baseName}";
            budget = "money.${baseName}";
+            content = "cloud.${baseName}";
+            download = "download.${baseName}";
            files = "files.${baseName}";
            git = "git.${baseName}";
+            imap = "imap.purelymail.com";
            influxdb = "influxdb.${baseName}";
            irc = "irc.${baseName}";
+            mail = "noahmasur.com";
            metrics = "metrics.${baseName}";
            minecraft = "minecraft.${baseName}";
            n8n = "n8n.${baseName}";
            notifications = "ntfy.${baseName}";
-            prometheus = "prom.${baseName}";
            paperless = "paper.${baseName}";
            photos = "photos.${baseName}";
+            prometheus = "prom.${baseName}";
            secrets = "vault.${baseName}";
-            stream = "stream.${baseName}";
-            content = "cloud.${baseName}";
-            books = "books.${baseName}";
-            download = "download.${baseName}";
+            smtp = "smtp.purelymail.com";
            status = "status.${baseName}";
+            stream = "stream.${baseName}";
            transmission = "transmission.${baseName}";
          };
        };
@ -273,7 +276,13 @@
      forAllSystems = nixpkgs.lib.genAttrs supportedSystems;

      # { system -> pkgs }
-      pkgsBySystem = forAllSystems (system: import nixpkgs { inherit system overlays; });
+      pkgsBySystem = forAllSystems (
+        system:
+        import nixpkgs {
+          inherit system overlays;
+          config.permittedInsecurePackages = [ "litestream-0.3.13" ];
+        }
+      );
      # stablePkgsBySystem = forAllSystems (system: import nixpkgs { inherit system overlays; });

      buildHome =
@ -295,9 +304,9 @@
            inputs.wsl.nixosModules.wsl
            ./platforms/nixos
          ];
-          # specialArgs = {
-          #   wallpapers = inputs.wallpapers;
-          # };
+          specialArgs = {
+            hostnames = globals.hostnames;
+          };
        };

      buildDarwin =
--- a/hosts/nixos/flame/default.nix
+++ b/hosts/nixos/flame/default.nix
@ -11,23 +11,23 @@ rec {
  nmasur.settings = {
    username = "noah";
    fullName = "Noah Masur";
-    hostnames =
-      let
-        baseName = "masu.rs";
-      in
-      {
-        budget = "money.${baseName}";
-        git = "git.${baseName}";
-        influxdb = "influxdb.${baseName}";
-        irc = "irc.${baseName}";
-        metrics = "metrics.${baseName}";
-        minecraft = "minecraft.${baseName}";
-        n8n = "n8n.${baseName}";
-        notifications = "ntfy.${baseName}";
-        prometheus = "prom.${baseName}";
-        secrets = "vault.${baseName}";
-        status = "status.${baseName}";
-      };
+    # hostnames =
+    #   let
+    #     baseName = "masu.rs";
+    #   in
+    #   {
+    #     budget = "money.${baseName}";
+    #     git = "git.${baseName}";
+    #     influxdb = "influxdb.${baseName}";
+    #     irc = "irc.${baseName}";
+    #     metrics = "metrics.${baseName}";
+    #     minecraft = "minecraft.${baseName}";
+    #     n8n = "n8n.${baseName}";
+    #     notifications = "ntfy.${baseName}";
+    #     prometheus = "prom.${baseName}";
+    #     secrets = "vault.${baseName}";
+    #     status = "status.${baseName}";
+    #   };
  };

  nmasur.profiles = {
--- a/hosts/nixos/swan/default.nix
+++ b/hosts/nixos/swan/default.nix
@ -7,21 +7,21 @@ rec {
  nmasur.settings = {
    username = "noah";
    fullName = "Noah Masur";
-    hostnames =
-      let
-        baseName = "masu.rs";
-      in
-      {
-        audiobooks = "read.${baseName}";
-        books = "books.${baseName}";
-        content = "cloud.${baseName}";
-        download = "download.${baseName}";
-        files = "files.${baseName}";
-        paperless = "paper.${baseName}";
-        photos = "photos.${baseName}";
-        prometheus = "prom.${baseName}";
-        stream = "stream.${baseName}";
-      };
+    # hostnames =
+    #   let
+    #     baseName = "masu.rs";
+    #   in
+    #   {
+    #     audiobooks = "read.${baseName}";
+    #     books = "books.${baseName}";
+    #     content = "cloud.${baseName}";
+    #     download = "download.${baseName}";
+    #     files = "files.${baseName}";
+    #     paperless = "paper.${baseName}";
+    #     photos = "photos.${baseName}";
+    #     prometheus = "prom.${baseName}";
+    #     stream = "stream.${baseName}";
+    #   };
  };

  nmasur.profiles = {
--- a/hosts/nixos/tempest/default.nix
+++ b/hosts/nixos/tempest/default.nix
@ -8,13 +8,13 @@ rec {
  nmasur.settings = {
    username = "noah";
    fullName = "Noah Masur";
-    hostnames =
-      let
-        baseName = "masu.rs";
-      in
-      {
-        prometheus = "prom.${baseName}";
-      };
+    # hostnames =
+    #   let
+    #     baseName = "masu.rs";
+    #   in
+    #   {
+    #     prometheus = "prom.${baseName}";
+    #   };
  };

  nmasur.profiles = {
--- a/platforms/home-manager/modules/nmasur/presets/programs/notes/default.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/notes/default.nix
@ -10,7 +10,7 @@ let
 in
 {

-  options.nmasur.preset.programs.notes = {
+  options.nmasur.presets.programs.notes = {
    enable = lib.mkEnableOption "Manage notes repository";
    repo = lib.mkOption {
      type = lib.types.nullOr lib.types.str;
--- a/platforms/home-manager/modules/nmasur/presets/programs/ripgrep.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/ripgrep.nix
@ -13,14 +13,19 @@ in

  options.nmasur.presets.programs.ripgrep = {
    enable = lib.mkEnableOption "Ripgrep search tool";
-    ignorePatterns = ''
-      !.env*
-      !.github/
-      !.gitignore
-      !*.tfvars
-      .terraform/
-      .target/
-      /Library/'';
+    ignorePatterns = lib.mkOption {
+      type = lib.types.lines;
+      description = "Patterns to ignore with ripgrep";
+      default = ''
+        !.env*
+        !.github/
+        !.gitignore
+        !*.tfvars
+        .terraform/
+        .target/
+        /Library/
+      '';
+    };
  };

  config = lib.mkIf cfg.enable {
--- a/platforms/home-manager/theme.nix
+++ b/platforms/home-manager/theme.nix
@ -11,7 +11,7 @@
    colors = lib.mkOption {
      type = lib.types.attrs;
      description = "Base16 color scheme.";
-      default = (import ../colorscheme/gruvbox).dark;
+      default = (import ../../colorscheme/gruvbox).dark;
    };
    mode = lib.mkOption {
      type = lib.types.enum [
--- a/platforms/nixos/modules/nmasur/presets/programs/msmtp.nix
+++ b/platforms/nixos/modules/nmasur/presets/programs/msmtp.nix
@ -2,6 +2,7 @@
  config,
  pkgs,
  lib,
+  hostnames,
  ...
 }:

@ -16,10 +17,12 @@ in
    host = lib.mkOption {
      type = lib.types.str;
      description = "Hostname for SMTP server";
+      default = hostnames.smtp;
    };
    domain = lib.mkOption {
      type = lib.types.str;
      description = "Domain name for SMTP email";
+      default = hostnames.mail;
    };
    user = lib.mkOption {
      type = lib.types.str;
--- a/platforms/nixos/modules/nmasur/presets/services/actualbudget.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/actualbudget.nix
@ -41,7 +41,7 @@ in
      user = "${toString (builtins.toString config.users.users.actualbudget.uid)}";
      pull = "missing";
      privileged = false;
-      ports = [ "127.0.0.1:${builtins.toString config.services.actualbudget.port}:5006" ];
+      ports = [ "127.0.0.1:${builtins.toString cfg.port}:5006" ];
      networks = [ ];
      log-driver = "journald";
      labels = {
@ -65,7 +65,7 @@ in
        handle = [
          {
            handler = "reverse_proxy";
-            upstreams = [ { dial = "localhost:${builtins.toString config.services.actualbudget.port}"; } ];
+            upstreams = [ { dial = "localhost:${builtins.toString cfg.port}"; } ];
          }
        ];
      }
--- a/platforms/nixos/modules/nmasur/presets/services/grafana.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/grafana.nix
@ -17,7 +17,7 @@ in

    # Allow Grafana to connect to email service
    secrets.mailpass-grafana = {
-      source = ../../../private/mailpass-grafana.age;
+      source = ../../../../../../private/mailpass-grafana.age;
      dest = "${config.secretsDirectory}/mailpass-grafana";
      owner = "grafana";
      group = "grafana";
--- a/platforms/nixos/modules/nmasur/presets/services/influxdb2.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/influxdb2.nix
@ -33,7 +33,7 @@ in

    # Create credentials file for InfluxDB admin
    secrets.influxdb2Password = lib.mkIf config.services.influxdb2.enable {
-      source = ../../../private/influxdb2-password.age;
+      source = ../../../../../../private/influxdb2-password.age;
      dest = "${config.secretsDirectory}/influxdb2-password";
      owner = "influxdb2";
      group = "influxdb2";
@ -44,7 +44,7 @@ in
      before = [ "influxdb2.service" ];
    };
    secrets.influxdb2Token = lib.mkIf config.services.influxdb2.enable {
-      source = ../../../private/influxdb2-token.age;
+      source = ../../../../../../private/influxdb2-token.age;
      dest = "${config.secretsDirectory}/influxdb2-token";
      owner = "influxdb2";
      group = "influxdb2";
--- a/platforms/nixos/modules/nmasur/presets/services/nix-autoupgrade.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/nix-autoupgrade.nix
@ -55,7 +55,7 @@ in
          systemctl status $SERVICE_ID >> $TEMPFILE
          set -e
          ${lib.getExe pkgs.msmtp} \
-              --file=${config.home-manager.users.${username}.xdg.configDir}/msmtp/config \
+              --file=${config.home-manager.users.${username}.xdg.configHome}/msmtp/config \
              --account=system \
              ${address} < $TEMPFILE
        '';
--- a/platforms/nixos/modules/nmasur/presets/services/paperless.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/paperless.nix
@ -51,7 +51,7 @@ in
    services.cloudflare-dyndns.domains = [ hostnames.paperless ];

    secrets.paperless = {
-      source = ../../../private/prometheus.age;
+      source = ../../../../../../private/prometheus.age;
      dest = "${config.secretsDirectory}/paperless";
      owner = "paperless";
      group = "paperless";
--- a/platforms/nixos/modules/nmasur/presets/services/prometheus-remote-write.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/prometheus-remote-write.nix
@ -38,7 +38,7 @@ in

    # Create credentials file for remote Prometheus push
    secrets.prometheus = {
-      source = ../../../private/prometheus.age;
+      source = ../../../../../../private/prometheus.age;
      dest = "${config.secretsDirectory}/prometheus";
      owner = "prometheus";
      group = "prometheus";
--- a/platforms/nixos/modules/nmasur/presets/services/vaultwarden.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/vaultwarden.nix
@ -43,7 +43,7 @@ in
    };

    secrets.vaultwarden = {
-      source = ../../../private/vaultwarden.age;
+      source = ../../../../../../private/vaultwarden.age;
      dest = "${config.secretsDirectory}/vaultwarden";
      owner = "vaultwarden";
      group = "vaultwarden";
@ -94,7 +94,9 @@ in
          {
            path = "${vaultwardenPath}/db.sqlite3";
            replicas = [
-              { url = "s3://${config.backup.s3.bucket}.${config.backup.s3.endpoint}/vaultwarden"; }
+              {
+                url = "s3://${config.nmasur.presets.services.litestream.s3.bucket}.${config.nmasur.presets.services.litestream.s3.endpoint}/vaultwarden";
+              }
            ];
          }
        ];
@ -119,7 +121,7 @@ in
    # Backup other Vaultwarden data to object storage
    systemd.services.vaultwarden-backup = lib.mkIf config.nmasur.presets.services.litestream.enable {
      description = "Backup Vaultwarden files";
-      environment.AWS_ACCESS_KEY_ID = config.backup.s3.accessKeyId;
+      environment.AWS_ACCESS_KEY_ID = config.nmasur.presets.services.litestream.s3.accessKeyId;
      serviceConfig = {
        Type = "oneshot";
        User = "vaultwarden";
@ -129,8 +131,8 @@ in
      script = ''
        ${pkgs.awscli2}/bin/aws s3 sync \
            ${vaultwardenPath}/ \
-            s3://${config.backup.s3.bucket}/vaultwarden/ \
-            --endpoint-url=https://${config.backup.s3.endpoint} \
+            s3://${config.nmasur.presets.services.litestream.s3.bucket}/vaultwarden/ \
+            --endpoint-url=https://${config.nmasur.presets.services.litestream.s3.endpoint} \
            --exclude "*db.sqlite3*" \
            --exclude ".db.sqlite3*"
      '';
--- a/platforms/nixos/modules/nmasur/presets/services/victoriametrics.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/victoriametrics.nix
@ -71,7 +71,7 @@ in
    };

    secrets.vmauth = lib.mkIf config.services.victoriametrics.enable {
-      source = ../../../private/prometheus.age;
+      source = ../../../../../../private/prometheus.age;
      dest = "${config.secretsDirectory}/vmauth";
      prefix = "PASSWORD=";
    };
--- a/platforms/nixos/modules/nmasur/presets/services/vm-agent.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/vm-agent.nix
@ -47,7 +47,7 @@ in
    };

    secrets.vmagent = {
-      source = ../../../private/prometheus.age;
+      source = ../../../../../../private/prometheus.age;
      dest = "${config.secretsDirectory}/vmagent";
    };
    systemd.services.vmagent-secret = lib.mkIf config.services.vmagent.enable {
--- a/platforms/nixos/modules/nmasur/settings.nix
+++ b/platforms/nixos/modules/nmasur/settings.nix
@ -1,4 +1,4 @@
-{ lib, ... }:
+{ lib, hostnames, ... }:

 {
  options.nmasur.settings = {
@ -13,7 +13,7 @@
    hostnames = lib.mkOption {
      type = lib.types.attrsOf lib.types.str;
      description = "Map of service names to FQDNs";
-      default = { };
+      default = hostnames;
    };
  };
 }