neovim updates

modules/features/forgejo.nix

@@ -0,0 +1,62 @@
+{ self, inputs, ... }: {
+  flake.modules.nixos.forgejo = {config, pkgs, lib, ... }:
+    let
+      cfg = config.forgejo;
+    in
+    {
+      options.forgejo = {
+        enable = lib.mkEnableOption "Enable Forgejo backed with PostgreSQL";
+
+        port = lib.mkOption {
+          type = lib.types.port;
+          default = 3000;
+          description = "TCP port for the Forgejo web interface.";
+        };
+
+        openFirewall = lib.mkOption {
+          type = lib.types.bool;
+          default = true;
+          description = "Open the Forgejo web interface port in the firewall.";
+        };
+
+        https = lib.mkEnableOption "Open the Forgejo web interface port in the firewall.";
+      };
+
+      config = lib.mkIf cfg.enable {
+        networking.firewall.allowedTCPPorts = lib.optionals cfg.openFirewall [ cfg.port ];
+
+        services.forgejo = {
+          enable = true;
+          lfs.enable = true;
+          settings.server = lib.mkMerge [
+            {
+              HTTP_PORT = cfg.port;
+              DISABLE_SSH = true;
+            }
+            (lib.mkIf cfg.https {
+              ROOT_URL = "https://forgejo.john-stream.com";
+              PROTOCOL = "https";
+              COOKIE_SECURE = true;
+            })
+          ];
+
+          database = {
+            type = "postgres";
+            port = config.services.postgresql.settings.port;
+            # createDatabase = false;
+          };
+          # dump = {
+          #   enable = true;
+          #   interval = "12h";
+          # };
+        };
+
+        services.postgresql = {
+          enable = true;
+          settings = {
+
+          };
+        };
+      };
+    };
+}

modules/features/greetd.nix

@@ -1,6 +1,6 @@
 # https://github.com/glabrie/dotfiles/blob/main/modules/system/settings/greetd.nix
 { inputs, ... }: {
-  flake.module.nixos.greetd = { pkgs, lib, ... }: {
+  flake.modules.nixos.greetd = { pkgs, lib, ... }: {
     services.greetd = {
       enable = true;
       settings = {

modules/features/mtls.nix

@@ -265,7 +265,7 @@ in
 
       config = lib.mkIf cfg.enable {
         environment.systemPackages = with pkgs; lib.optionals cfg.enable [
-          step-cli
+          # step-cli
           (mkMtlsGenerateScript {
             inherit (cfg) subject provisioner san lifetime;
             inherit pkgs tlsCert tlsKey mtlsBundle;
@@ -308,7 +308,7 @@ in
 
       config = {
         home.packages = with pkgs; lib.optionals cfg.enable [
-          step-cli
+          # step-cli
           (mkMtlsGenerateScript {
             inherit (cfg) subject provisioner san lifetime;
             inherit pkgs tlsCert tlsKey mtlsBundle;

modules/hosts/janus/default.nix

@@ -4,7 +4,6 @@ let
   hostname = "janus";
   ca-url = "https://janus.john-stream.com/";
   fingerprint = "2036c44f7b5901566ff7611ea6c927291ecc6d2dd00779c0eead70ec77fa10d6";
-
 in
 {
   flake.modules.nixos.janus-ca = { config, lib, ... }:
@@ -73,4 +72,24 @@ in
       }
     ];
   };
+
+
+  flake-file.inputs = {
+    wrappers = {
+      url = "github:lassulus/wrappers";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  perSystem = { pkgs, lib, ... }: {
+    packages.janus-ca = inputs.wrappers.lib.wrapPackage {
+      inherit pkgs;
+      package = pkgs.step-cli;
+      binName = "janus-cert";
+      args = [
+        "ca" "certificate"
+        "--ca-url=${ca-url}"
+      ];
+    };
+  };
 }

modules/hosts/john-pc/default.nix

@@ -3,7 +3,7 @@ let
   username = "john";
   hostname = "john-pc-ubuntu";
 
-  testHost = "soteria";
+  testHost = "soteria"; # which host to test build
   testTarget = "fded:fb16:653e:25da:be24:11ff:fea0:753f"; # test-nix
   # testTarget = "fded:fb16:653e:25da:be24:11ff:fe89:1cc3"; # soteria
 

modules/hosts/soteria/soteria.nix

@@ -14,6 +14,7 @@ in
       nixos.docker
       nixos.mtls
       nixos.janus-ca
+      nixos.forgejo
       # nixos.restic-server
       # nixos.restic-envoy
       ({ pkgs, ... }: {
@@ -60,6 +61,12 @@ in
             homeManager."${hostname}"
           ];
         };
+
+        environment.systemPackages = [
+          inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.janus-ca
+        ];
+
+        forgejo.enable = true;
       })
     ];
   };

modules/nix-tools/rebuild.nix

@@ -87,6 +87,19 @@
             ${echoCmd} "Testing the evaulation of the nixos config for $HOSTNAME"
             ${lib.getExe nix} eval ${flakeDir}#nixosConfigurations.$HOSTNAME.config.system.build.toplevel.drvPath
           '')
+
+          (writeShellScriptBin "cleanup" ''
+            set -e
+            DAYS=$1
+            if [ -z "$DAYS" ]; then
+              ${echoCmd} "usage: cleanup <days>"
+              exit 1
+            fi
+            ${lib.getExe home-manager} expire-generations "-$DAYS days"
+            ${lib.getExe nix} profile wipe-history --older-than "''${DAYS}d"
+            ${lib.getExe nix} store gc
+            ${lib.getExe nix} store optimise
+          '')
         ];
       };
     };

modules/nix-tools/user.nix

@@ -18,16 +18,13 @@
         isNormalUser = true;
         home = "/home/${username}";
         shell = lib.mkIf config.programs.zsh.enable pkgs.zsh;
-        extraGroups = [
+        extraGroups = [ "input" "networkmanager" ]
-          "input"
+        ++ lib.optional isAdmin "wheel"
-          "networkmanager"
+        ++ lib.optional config.virtualisation.docker.enable "docker"
-        ] ++ lib.optionals isAdmin [
+        ++ lib.optional (isAdmin && config.services.forgejo.enable) config.services.forgejo.group
-          "docker"
+        ++ lib.optional (isAdmin && config.services.postgresql.enable) config.services.postgresql.group;
-          "wheel"
-        ];
       };
       
-      
       security.sudo-rs.enable = lib.mkIf isAdmin true;
 
       home-manager.useGlobalPkgs = true;

modules/programs/neovim.nix

@@ -7,10 +7,11 @@
   };
 
   perSystem = { system, pkgs, ... }: {
-    packages.my-neovim = (inputs.nvf.lib.neovimConfiguration {
+    packages.my-neovim = ((inputs.nvf.lib.neovimConfiguration {
       inherit pkgs;
       modules = [
         {
+          # https://nvf.notashelf.dev/search.html
           config.vim = {
             options = {
               number = true;
@@ -19,6 +20,9 @@
               shiftwidth = 4;
               tabstop = 4;
               softtabstop = 4;
+
+              wrap = true;
+              linebreak = true;
             };
 
             syntaxHighlighting = true;
@@ -28,10 +32,27 @@
             theme.name = "catppuccin";
             theme.style = "mocha";
 
+            git = {
+              enable = true;
+            };
+
+            filetree.neo-tree = {
+              enable = true;
+            };
+
             lazy = {
               enable = true;
             };
 
+            # globals = {
+            #   SimpylFold_docstring_preview = 1;
+            #   SimpylFold_fold_blank = 0;
+            # };
+
+            # extraPlugins = with pkgs.vimPlugins; {
+            #   SimpylFold.package = SimpylFold;
+            # };
+
             telescope = {
               enable = true;
               extensions  = [
@@ -46,7 +67,7 @@
             # Enable Treesitter
             treesitter = {
               enable = true;
-              # grammars = [ "python" ];
+              grammars = with pkgs.vimPlugins.nvim-treesitter-parsers; [ python ];
             };
 
             lsp.enable = true;
@@ -54,6 +75,24 @@
             languages = {
               enableTreesitter = true;
               enableFormat = true;
+
+              markdown = {
+                enable = true;
+                extensions = {
+                  # render-markdown-nvim.enable = true;
+                  markview-nvim.enable = true;
+                };
+              };
+
+              bash.enable = true;
+              css.enable = true;
+              yaml.enable = true;
+              toml.enable = true;
+
+              nix = {
+                enable = true;
+              };
+
               python = {
                 enable = true;
                 dap.enable = true;
@@ -63,16 +102,24 @@
 
             keymaps = [
               {
-                key = "<leader>m";
+                key = "<leader>fd";
+                mode = "n";
+                silent = false;
+                action = ":Telescope find_files";
+              }
+              {
+                key = "<C-b>";
                 mode = "n";
                 silent = true;
-                action = ":make<CR>";
+                action = ":Neotree";
               }
             ];
           };
         }
       ];
-    })
+    }).neovim).overrideAttrs (old: {
-    .neovim;
+      pname = "my-neovim";
+      version = "custom";
+    });
   };
 }

modules/services/step-ca/ssh-host.nix

@@ -33,7 +33,7 @@
       networking.nameservers = [ "192.168.1.150" ];
       networking.dhcpcd.extraConfig = "nohook resolv.conf";
       environment.systemPackages = with pkgs; [
-        step-cli
+        # step-cli
         (writeShellScriptBin "ssh-host-cert-renew" ''
           ${lib.getExe pkgs.step-cli} ssh certificate \
           --host --sign \
@@ -51,7 +51,7 @@
         wantedBy = [ ];
         after = [ "network-online.target" ];
         wants = [ "network-online.target" ];
-        path = [ pkgs.step-cli pkgs.openssh pkgs.coreutils pkgs.systemd ];
+        path = with pkgs; [ coreutils systemd step-cli openssh  ];
         serviceConfig = {
           Type = "oneshot";
           User = "root";

modules/services/step-ca/step-ca.nix

@@ -17,6 +17,9 @@ in
         crt = "";
       };
     };
-    environment.systemPackages = with pkgs; [ step-ca step-cli ];
+    environment.systemPackages = with pkgs; [
+      step-ca
+      step-cli
+    ];
   };
 }