try to statically set caddy to prevent cloudflare hash breaking

flake.nix

@@ -114,6 +114,7 @@
           bookmarks = "keep.${baseName}";
           books = "books.${baseName}";
           budget = "money.${baseName}";
+          contacts = "contacts.${baseName}";
           content = "cloud.${baseName}";
           download = "download.${baseName}";
           files = "files.${baseName}";
@@ -246,30 +247,30 @@
         default = lib.pkgsBySystem.${system}.nmasur.dotfiles-devshell;
       });
 
-      checks = lib.forAllSystems (
+      # checks = lib.forAllSystems (
-        system:
+      #   system:
-        let
+      #   let
-          pkgs = import nixpkgs {
+      #     pkgs = import nixpkgs {
-            inherit system;
+      #       inherit system;
-            overlays = lib.overlays;
+      #       overlays = lib.overlays;
-          };
+      #     };
-        in
+      #   in
-        {
+      #   {
-          neovim =
+      #     neovim =
-            pkgs.runCommand "neovim-check-health" { buildInputs = [ inputs.self.packages.${system}.neovim ]; }
+      #       pkgs.runCommand "neovim-check-health" { buildInputs = [ inputs.self.packages.${system}.neovim ]; }
-              ''
+      #         ''
-                mkdir -p $out
+      #           mkdir -p $out
-                export HOME=$TMPDIR
+      #           export HOME=$TMPDIR
-                nvim -c "checkhealth" -c "write $out/health.log" -c "quitall"
+      #           nvim -c "checkhealth" -c "write $out/health.log" -c "quitall"
 
-                # Check for errors inside the health log
+      #           # Check for errors inside the health log
-                if $(grep "ERROR" $out/health.log); then
+      #           if $(grep "ERROR" $out/health.log); then
-                  cat $out/health.log
+      #             cat $out/health.log
-                  exit 1
+      #             exit 1
-                fi
+      #           fi
-              '';
+      #         '';
-        }
+      #   }
-      );
+      # );
 
       formatter = lib.forAllSystems (
         system:

hosts/aarch64-linux/flame/default.nix

@@ -31,10 +31,10 @@ rec {
       power-user.enable = true;
     };
     nmasur.presets.programs.helix.enable = true;
-    home.stateVersion = "23.05";
+    home.stateVersion = "25.05";
   };
 
-  system.stateVersion = "23.05";
+  system.stateVersion = "25.05";
   # File systems must be declared in order to boot
 
   # # This is the root filesystem containing NixOS

pkgs/caddy/package.nix

@@ -0,0 +1,15 @@
+# Caddy with Cloudflare DNS
+
+{
+  pkgs,
+  ...
+}:
+
+# Maintain a static version so that the plugin hash doesn't keep breaking
+(pkgs.caddy.override {
+  version = "2.10.2";
+}).withPlugins
+  {
+    plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ];
+    hash = "sha256-AcWko5513hO8I0lvbCLqVbM1eWegAhoM0J0qXoWL/vI=";
+  }

platforms/home-manager/modules/nmasur/presets/programs/ghostty.nix

@@ -21,7 +21,7 @@ in
     programs.ghostty = {
       enable = true;
 
-      package = if pkgs.stdenv.isDarwin then pkgs.nur.repos.DimitarNestorov.ghostty else pkgs.ghostty;
+      package = if pkgs.stdenv.isDarwin then null else pkgs.ghostty;
 
       enableFishIntegration = true;
       enableBashIntegration = true;
@@ -37,8 +37,8 @@ in
         fullscreen = if pkgs.stdenv.isDarwin then true else false;
         keybind = [
           "super+t=unbind" # Pass super-t to underlying tool (e.g. zellij tabs)
-          "super+shift+]=unbind"
+          "super+shift+bracket_right=unbind"
-          "super+shift+[=unbind"
+          "super+shift+bracket_left=unbind"
           "ctrl+tab=unbind"
           "ctrl+shift+tab=unbind"
           "ctrl+tab=text:\\x1b[9;5u"

platforms/home-manager/modules/nmasur/presets/programs/helix.nix

@@ -46,6 +46,10 @@ in
           command = "${pkgs.nixd}/bin/nixd";
         };
 
+        language-server.ty = {
+          command = "${pkgs.ty}/bin/ty";
+        };
+
         language-server.fish-lsp = {
           command = "${pkgs.fish-lsp}/bin/fish-lsp";
         };
@@ -59,7 +63,8 @@ in
         };
 
         language-server.terraform-ls = {
-          command = "${lib.getExe pkgs.terraform-ls} serve";
+          command = "${lib.getExe pkgs.terraform-ls}";
+          args = [ "serve" ];
         };
 
         language-server.bash-language-server = {

platforms/home-manager/modules/nmasur/presets/services/hammerspoon/Spoons/Launcher.spoon/init.lua

@@ -57,7 +57,7 @@ function obj:init()
     self.launcher:bind("ctrl", "space", function() end)
     self.launcher:bind("", "return", function()
         -- self:switch("@wezterm@")
-        self:switch("@ghostty@")
+        self:switch("/Applications/Ghostty.app")
     end)
     self.launcher:bind("", "C", function()
         self:switch("Calendar.app")

platforms/home-manager/modules/nmasur/presets/services/hammerspoon/default.nix

@@ -23,7 +23,6 @@ in
         {
           discord = "${pkgs.discord}/Applications/Discord.app";
           firefox = "${pkgs.firefox-unwrapped}/Applications/Firefox.app";
-          ghostty = "${config.programs.ghostty.package}/Applications/Ghostty.app";
           obsidian = "${pkgs.obsidian}/Applications/Obsidian.app";
           slack = "${pkgs.slack}/Applications/Slack.app";
           wezterm = "${pkgs.wezterm}/Applications/WezTerm.app";

platforms/home-manager/modules/nmasur/profiles/experimental.nix

@@ -29,6 +29,8 @@ in
       pkgs.charm # Manage account and filesystem
       pkgs.pop # Send emails from a TUI
 
+      pkgs.chawan # Browser TUI
+
     ];
 
     programs.gh-dash.enable = lib.mkDefault true;

platforms/nix-darwin/modules/nmasur/presets/services/dock.nix

@@ -6,7 +6,6 @@
 }:
 
 let
-  inherit (config.nmasur.settings) username;
   cfg = config.nmasur.presets.services.dock;
 in
 
@@ -50,7 +49,7 @@ in
         "/System/Applications/Messages.app"
         "/System/Applications/Mail.app"
         "/Applications/zoom.us.app"
-        "${config.home-manager.users.${username}.programs.ghostty.package}/Applications/Ghostty.app"
+        "/Applications/Ghostty.app"
         "${pkgs.discord}/Applications/Discord.app"
         "${pkgs.obsidian}/Applications/Obsidian.app"
       ];

platforms/nix-darwin/modules/nmasur/profiles/base.nix

@@ -39,6 +39,7 @@ in
       "scroll-reverser" # Different scroll style for mouse vs. trackpad
       "notunes" # Don't launch Apple Music with the play button
       "topnotch" # Darkens the menu bar to complete black
+      "ghostty" # Terminal application (not buildable on Nix on macOS)
     ];
 
   };

platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix

@@ -66,10 +66,7 @@ in
     nmasur.presets.services.caddy.cidrAllowlist = cloudflareIpRanges;
 
     # Tell Caddy to use Cloudflare DNS for ACME challenge validation
-    services.caddy.package = pkgs.caddy.withPlugins {
+    services.caddy.package = pkgs.nmasur.caddy;
-      plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ];
-      hash = "sha256-AcWko5513hO8I0lvbCLqVbM1eWegAhoM0J0qXoWL/vI=";
-    };
     nmasur.presets.services.caddy.tlsPolicies = [
       {
         issuers = [

platforms/nixos/modules/nmasur/presets/services/logind.nix

@@ -10,8 +10,8 @@ in
   config = lib.mkIf cfg.enable {
 
     # Use power button to sleep instead of poweroff
-    services.logind.powerKey = "suspend";
+    services.logind.settings.Login.HandlePowerKey = "suspend";
-    services.logind.powerKeyLongPress = "poweroff";
+    services.logind.settings.Login.HandlePowerKeyLongPress = "poweroff";
 
   };
 

platforms/nixos/modules/nmasur/presets/services/stalwart-mail.nix

@@ -0,0 +1,56 @@
+# Stalwart is a self-hosted email service, but in my case I want to use it as a
+# vCard contacts database server and ignore the email component.
+
+{ config, lib, ... }:
+
+let
+  inherit (config.nmasur.settings) hostnames;
+  cfg = config.nmasur.presets.services.stalwart-mail;
+in
+
+{
+
+  options.nmasur.presets.services.stalwart-mail = {
+    enable = lib.mkEnableOption "Stalwart mail and contacts server";
+    port = lib.mkOption {
+      type = lib.types.port;
+      description = "Port to use for the localhost";
+      default = 7982;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+
+    services.stalwart-mail = {
+      enable = true;
+      settings = {
+        server.listener.http = {
+          bind = [ "127.0.0.1:${builtins.toString cfg.port}" ];
+          protocol = "http";
+        };
+        authentication.fallback-admin = {
+          user = "admin";
+          secret = "$6$W/zXJP0xtZSUQqIe$DedCz9ncAn8mtfQVCg8Fzguuz.x8u1dfVU/d7wKyc6ujLuY4WCdtY0OeYwpv8huJfKAgBKE3go2MTrT99ID7I1";
+        };
+      };
+    };
+
+    # Configure Cloudflare DNS to point to this machine
+    services.cloudflare-dyndns.domains = [ hostnames.contacts ];
+
+    # Allow web traffic to Caddy
+    nmasur.presets.services.caddy.routes = [
+      {
+        match = [ { host = [ hostnames.contacts ]; } ];
+        handle = [
+          {
+            handler = "reverse_proxy";
+            upstreams = [
+              { dial = "localhost:${builtins.toString cfg.port}"; }
+            ];
+          }
+        ];
+      }
+    ];
+  };
+}

platforms/nixos/modules/nmasur/profiles/communications.nix

@@ -36,6 +36,7 @@ in
         ntfy-sh.enable = lib.mkDefault true;
         pgweb.enable = lib.mkDefault true;
         postgresql.enable = lib.mkDefault true;
+        stalwart-mail.enable = lib.mkDefault true;
         thelounge.enable = lib.mkDefault true;
         uptime-kuma.enable = lib.mkDefault true;
         vaultwarden.enable = lib.mkDefault true;