Merged
Conversation
…repositories - Introduced Gitleaks configuration in home-manager with options to enable and set up hooks. - Added pre-commit hook script to run Gitleaks on staged changes. - Copied Gitleaks configuration file and pre-commit hook to the appropriate directories. fix(obsidian): remove mutable option for file configuration fix(multimedia): remove unused hyprdisplays package from clientsToPackage feat(multimedia): enhance player module with Spicetify support - Added Spicetify configuration options including extensions and themes. - Integrated Spicetify into the multimedia player clients. feat(multimedia): add remote-viewer to remote desktop clients feat(utilities): add Tock time tracking tool configuration - Introduced Tock and Tock UI packages with configuration options for backend and file paths. - Added shell aliases for Tock commands. chore: clean up unused utilities (FileZilla, KDE Connect) fix(app-launcher): refactor to support multiple application launcher clients fix(hydenix): adjust startup commands and fix Git configuration feat(hosts): add birch-seed host configuration fix(cedar): update tools and remove unnecessary services fix(oak): adjust game mode and print server configuration fix(virtualisation): include winboat in additional packages fix(wrapper): remove deprecated modules and update dependencies chore: update hayase version and source URL fix: general cleanup and refactoring across various modules
…management and multimedia support
…spatcher - Introduced a unified VPN dispatcher script to manage WireGuard and OpenFortiVPN connections. - Added configuration options for WireGuard and OpenFortiVPN in the NixOS module. - Created a new script for managing WireGuard VPN connections with TUI interface for actions like up, down, status, config, and edit. - Updated the NixOS configuration to include new VPN options and scripts. - Removed deprecated Deskflow and Matrix Synapse configurations. - Adjusted garbage collection settings for Nix and enabled automatic store optimization. - Changed default password manager from KeepassXC to Bitwarden.refactor: renommer et implémenter les repositories pour les styles et titres avec journalisation
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (79)
📝 WalkthroughSummary by CodeRabbitRelease Notes
WalkthroughThis PR performs a comprehensive system reorganization, introducing new flake inputs ( Changes
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Possibly related PRs
Suggested labels
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
🎉 This PR is included in version 1.5.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
There was a problem hiding this comment.
Pull request overview
This PR updates the Nix flake + host/home-manager modules by reshaping the wrapper packages, adding new VPN/power-management tooling, and adjusting host configurations (printing, virtualization, browsers, apps).
Changes:
- Add new wrapper packages (velo, tock, tock-ui, fluxer) and swap some HM/service selections to use them.
- Introduce interactive VPN manager scripts (WireGuard/OpenFortiVPN) and enhance power profile tooling (tuning + toggle).
- Remove several modules/packages (matrix/ollama/deskflow/wrkflw wrappers, etc.) and update multiple host defaults (printing, virtualization/wine, browsers).
Reviewed changes
Copilot reviewed 79 out of 80 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| result | Updates recorded NixOS system store path output |
| modules/wrapper/wrkflw.nix | Removes local wrkflw wrapper derivation |
| modules/wrapper/winboat.nix | Removes local winboat AppImage wrapper |
| modules/wrapper/velo.nix | Adds AppImage wrapper for Velo mail client |
| modules/wrapper/tock.nix | Adds Go-based tock CLI package |
| modules/wrapper/tock-ui.nix | Adds AppImage wrapper for Tock UI |
| modules/wrapper/scalar.nix | Updates scalar .deb hash |
| modules/wrapper/hyprDisplays.nix | Removes local HyprDisplays derivation |
| modules/wrapper/hayase.nix | Removes local hayase AppImage wrapper |
| modules/wrapper/fluxer.nix | Adds AppImage wrapper for Fluxer client |
| modules/wrapper/default.nix | Updates wrapper imports list (adds/removes wrappers) |
| modules/system/hosts/seed-birch/default.nix | Enables printing + adjusts powersave settings |
| modules/system/hosts/oak/default.nix | Adjusts games/vpn/virtualisation + printing + removes portmaster |
| modules/system/hosts/cedar/default.nix | Disables matrix-synapse and portmaster blocks |
| modules/system/common/virtualisation/ollama.nix | Removes Ollama module |
| modules/system/common/virtualisation/default.nix | Changes Wine package selection + adds winboat to extras |
| modules/system/common/server/print.nix | Changes default printer driver + expands avahi config |
| modules/system/common/server/communication/ntfy-sh.nix | Comments out HM client config generation |
| modules/system/common/server/communication/matrix.nix | Removes matrix-synapse server module |
| modules/system/common/server/communication/deskflow.nix | Removes deskflow server module |
| modules/system/common/security/password-manager.nix | Switches default backend to bitwarden; removes keepassxc |
| modules/system/common/nix/nix-garbage.nix | Changes enable option type/defaults; enables autoOptimiseStore by default |
| modules/system/common/networks/wireguard-vpn.sh | Adds interactive WireGuard VPN manager script |
| modules/system/common/networks/vpn.nix | Expands VPN support (tailscale/wireguard/openfortivpn) + adds dispatcher tool |
| modules/system/common/networks/openfortivpn.sh | Adds interactive OpenFortiVPN manager script |
| modules/system/common/hardware/powersave/power-tuning.sh | Refactors/expands power tuning profiles and sysfs controls |
| modules/system/common/hardware/powersave/power-toggle.sh | Adds AC/battery-aware asusctl profile toggle script |
| modules/system/common/hardware/powersave/default.nix | Adds power toggle integration into power-tools and /etc script exports |
| modules/system/common/hardware/boot.nix | Comments out hydenix.boot.enable assignment |
| modules/system/common/games.nix | Updates Steam compat path option type/default; adds steamtinkerlauncher integration + aliases |
| modules/system/common/dev/tools/flatpak.nix | Removes flatpak dev tooling module |
| modules/system/common/dev/languages/php.nix | Removes system-level PHP dev module |
| modules/system/common/dev/languages/flutter.nix | Adds adb-restart alias; removes programs.adb.enable |
| modules/system/common/default.nix | Updates common imports (adds android, removes several modules) |
| modules/hm/hosts/seed-birch/default.nix | Simplifies multimedia player selection; removes ianny config |
| modules/hm/hosts/oak/default.nix | Updates multimedia/dev/tools/communication selections (act/velo/fluxer/etc.) |
| modules/hm/hosts/cedar/default.nix | Switches git-action tool to act; removes tunnel + gitleaks enable |
| modules/hm/desktops/powermode-toggle.sh | Removes old powermode toggle script |
| modules/hm/desktops/mirage-waybar.jsonc | Removes old waybar layout file |
| modules/hm/desktops/hydenix.nix | Adds browser.enable option; adjusts bindings/spotify/spicetify behavior + aliases |
| modules/hm/desktops/configHydenix.nix | Adjusts startup timing; adds zen binds; removes ianny/kando sections |
| modules/hm/common/utilities/tracker.nix | Adds HM module for tock + optional UI + aliases |
| modules/hm/common/utilities/stacer.nix | Removes stacer HM module |
| modules/hm/common/utilities/safety/ianny.nix | Removes ianny HM module |
| modules/hm/common/utilities/safety/config.json | Removes ianny preset JSON |
| modules/hm/common/utilities/kde-connect.nix | Removes kde-connect HM module |
| modules/hm/common/utilities/filezilla.nix | Removes filezilla HM module |
| modules/hm/common/utilities/app-launcher.nix | Replaces kando/themes logic with client list (hyprshell) |
| modules/hm/common/security/burp.nix | Removes burp HM module |
| modules/hm/common/multimedia/remote-desktop.nix | Adds remote-viewer client mapping |
| modules/hm/common/multimedia/rambox.nix | Removes rambox HM module |
| modules/hm/common/multimedia/player.nix | Expands player clients; adds spicetify-nix integration + options |
| modules/hm/common/multimedia/management-utility.nix | Removes hyprdisplays wrapper usage from HM |
| modules/hm/common/multimedia/editing/audio.nix | Removes audio editor HM module |
| modules/hm/common/engine/default.nix | Removes engine selection HM module |
| modules/hm/common/documentation/obsidian.nix | Removes mutable flags for obsidian theme files |
| modules/hm/common/dev/tools/nix.nix | Switches formatter from nixfmt-rfc-style to nixfmt |
| modules/hm/common/dev/tools/gitleaks/pre-commit-hook.sh | Adds gitleaks pre-commit hook script |
| modules/hm/common/dev/tools/gitleaks/default.nix | Adds HM gitleaks module configuring hooksPath + files |
| modules/hm/common/dev/tools/gitleaks/.gitleaks.toml | Adds shared gitleaks rules/config |
| modules/hm/common/dev/tools/gitleaks.nix | Removes old gitleaks module |
| modules/hm/common/dev/tools/git-action.nix | Stops using local wrkflw wrapper; uses pkgs.wrkflw |
| modules/hm/common/dev/tools/cli.nix | Removes generic CLI tools module |
| modules/hm/common/dev/languages/php.nix | Adds new HM PHP module with version/extensions/xdebug options |
| modules/hm/common/dev/languages/kotlin.nix | Removes kotlin HM module |
| modules/hm/common/dev/languages/dotnet.nix | Changes default .NET SDK versions to 10 |
| modules/hm/common/dev/environments/editor.nix | Removes android-studio IDE entry; adds codium |
| modules/hm/common/default.nix | Updates HM common imports; adds php + gitleaks dir + tracker module |
| modules/hm/common/communication/matrix.nix | Removes matrix HM communication module |
| modules/hm/common/communication/mail.nix | Switches mail services mapping to velo wrapper |
| modules/hm/common/communication/discord.nix | Reworks discord clients mapping; adds fluxer wrapper |
| modules/hm/common/browser/default.nix | Adjusts browser list; adds zen via flake input |
| hosts/seed-birch/default.nix | Removes old host entry (replaced by birch-seed host) |
| hosts/oak/default.nix | Removes insecure package allowlist; tweaks hydenix + firewall |
| hosts/cedar/hardware-configuration.nix | Updates detected hardware config (UUIDs, modules, swap, microcode) |
| hosts/cedar/default.nix | Updates LXC/proxmox settings and imports; changes nixpkgs import source |
| hosts/birch-seed/default.nix | Adds new birch-seed host definition |
| flake.nix | Adds inputs (sops-nix, spicetify-nix, zen-browser), pins hydenix, extends mkHost args |
| README.md | Updates title line to indicate fork origin |
Comments suppressed due to low confidence (9)
modules/system/common/virtualisation/default.nix:1
winboatis added toadditionalPackages, but this PR removes the localmodules/wrapper/winboat.nixwrapper and also removes it frommodules/wrapper/default.nix. Unlesspkgsprovideswinboatelsewhere, this will fail evaluation/build. Fix by either reintroducing the wrapper and ensuring it is in scope (e.g., via an overlay), or removewinboatfrom this list / gate it behind a dedicated option that also provides the package.
modules/system/common/networks/vpn.nix:1- Nix options don't expand
$HOME, so the default will be the literal string$HOME/vpn. Also, both added scripts hardcodeCONFIG_DIR=\"$HOME/vpn\", so this option currently has no effect. Fix by (1) defaulting to a concrete path (e.g., using the configured user/home in NixOS/HM context), and (2) wiringcfg.configDirinto the scripts via substitution or an environment variable consumed by the scripts.
modules/system/common/networks/vpn.nix:1 lib.mkIfis intended for attrsets; when the condition is false it returns{}, which won't type-check where a list is expected (boot.kernelModules). Uselib.optionals cfg.wireguard.autoLoadKernelModule [ \"wireguard\" ](or setboot.kernelModulesin an enclosingmkIf) to ensure the value is always a list.
modules/system/common/networks/openfortivpn.sh:1- This flow captures the sudo password into a shell variable and interpolates it into a command string, which can leak via process listings/logs and is generally unsafe. Additionally, passing the VPN password via
--password=...puts secrets into process args, and theexec echo ... | sudo ...pipeline construction is fragile. Consider switching to a systemd unit (orsudowith an askpass helper) so you never handle sudo credentials manually, and avoid passing VPN credentials as CLI args (prefer config file / stdin / secure prompt). Also consider moving PID/log files from/tmpto a per-user runtime directory (e.g.,$XDG_RUNTIME_DIR) to reduce symlink/permission risks.
modules/hm/common/utilities/tracker.nix:1 mkIfreturns an attrset when the condition is false, which will breakhome.packages(expects a list of packages). Uselib.optional cfg.ui.enable cfg.ui.packageorlib.optionals cfg.ui.enable [ cfg.ui.package ]instead.
modules/hm/common/utilities/tracker.nix:1- The option name
alliasEnablelooks like a typo and is harder to discover/search thanaliasEnable. Also the description mentions enabling the'tock'alias, but the module defines aliases likeproject-start,task-start, etc. Consider renaming the option toaliasEnableand updating the description (or actually adding atockalias if that's the intent).
modules/system/common/games.nix:1 - Using
~in a Nix-set environment variable/path is typically not expanded by consumers;STEAM_EXTRA_COMPAT_TOOLS_PATHSwill likely end up with a literal~path. Prefer an absolute path (e.g., based on the configured user's home) or$HOME/...if the consuming process expands it (many do not).
modules/system/common/games.nix:1 - Two concrete issues here: (1)
lib.optionalStringwill produce an empty string when disabled but still defines the alias key, which can create an invalid/empty alias; define these aliases conditionally (e.g., withlib.optionalAttrs). (2)\"~/games/...\"is quoted inside the shell test so~won't expand, making the directory check always fail; use$HOME/...or an unquoted tilde.
result:1 - The
resultsymlink/recorded store path looks like a local build artifact and is likely to change frequently across machines/builds. Consider removing it from version control (and adding it to.gitignore) to avoid noisy diffs and accidental coupling to a specific local store path.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+19
to
+31
| programs.git.settings = { | ||
| core.hooksPath = "${config.xdg.configHome}/.git-config/.git-hooks"; | ||
| }; | ||
|
|
||
| # Copy gitleaks config file | ||
| home.file.".git-config/.gitleaks.toml".source = | ||
| "${moduleDir}/.gitleaks.toml"; | ||
|
|
||
| # Copy pre-commit hook | ||
| home.file.".git-config/.git-hooks/pre-commit" = { | ||
| source = "${moduleDir}/pre-commit-hook.sh"; | ||
| executable = true; | ||
| }; |
There was a problem hiding this comment.
core.hooksPath points under ${config.xdg.configHome}/.git-config/... (typically ~/.config/.git-config/...), but the files are installed under ~/.git-config/.... As written, Git won't find the hook. Fix by either installing the hook/config under ${config.xdg.configHome} to match the hooksPath, or set core.hooksPath to ${config.home.homeDirectory}/.git-config/.git-hooks so it matches the installed location.
Comment on lines
+15
to
+22
| CONFIG_FLAG="" | ||
| CONFIG_FILE="$HOME/.git-config/.gitleaks.toml" | ||
| if [ -f "$CONFIG_FILE" ]; then | ||
| CONFIG_FLAG="--config $CONFIG_FILE" | ||
| fi | ||
|
|
||
| # Run gitleaks on staged changes | ||
| if gitleaks detect --source . --verbose $CONFIG_FLAG; then |
There was a problem hiding this comment.
The comment says this scans staged changes, but gitleaks detect --source . scans the entire working tree, which is slower and can fail commits due to unrelated files. Prefer running gitleaks in a staged-only mode (according to the gitleaks CLI you target), and quote/array the config flag to avoid word-splitting issues.
Suggested change
| CONFIG_FLAG="" | |
| CONFIG_FILE="$HOME/.git-config/.gitleaks.toml" | |
| if [ -f "$CONFIG_FILE" ]; then | |
| CONFIG_FLAG="--config $CONFIG_FILE" | |
| fi | |
| # Run gitleaks on staged changes | |
| if gitleaks detect --source . --verbose $CONFIG_FLAG; then | |
| CONFIG_ARGS=() | |
| CONFIG_FILE="$HOME/.git-config/.gitleaks.toml" | |
| if [ -f "$CONFIG_FILE" ]; then | |
| CONFIG_ARGS+=(--config "$CONFIG_FILE") | |
| fi | |
| # Run gitleaks on staged changes | |
| if gitleaks detect --staged --verbose "${CONFIG_ARGS[@]}"; then |
Comment on lines
+107
to
+109
| home.shellAliases = { | ||
| # shell alias for ani-cli to anime | ||
| anime = lib.mkIf (lib.elem "ani-cli" cfg.clients) ''ani-cli''; |
There was a problem hiding this comment.
lib.mkIf is for conditionally including attrsets; using it as a string value will produce a type mismatch (string vs attrset) when the condition is false. Use lib.optionalAttrs around the alias attrset, or lib.optionalString for the value and only define the key when enabled.
Suggested change
| home.shellAliases = { | |
| # shell alias for ani-cli to anime | |
| anime = lib.mkIf (lib.elem "ani-cli" cfg.clients) ''ani-cli''; | |
| home.shellAliases = lib.optionalAttrs (lib.elem "ani-cli" cfg.clients) { | |
| # shell alias for ani-cli to anime | |
| anime = ''ani-cli''; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Type of change
Checklist