From 13f9da00abbb081b492da00c8123b39ccf2e23a5 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 10 Aug 2023 21:58:22 +0900 Subject: [PATCH 01/33] Integrate atuin without server sync --- home-manager/bash.nix | 1 + home-manager/fish.nix | 1 + home-manager/home.nix | 9 +++++++++ home-manager/packages.nix | 1 + home-manager/zsh.nix | 1 + 5 files changed, 13 insertions(+) diff --git a/home-manager/bash.nix b/home-manager/bash.nix index 3ade0038b..b71f7a2a7 100644 --- a/home-manager/bash.nix +++ b/home-manager/bash.nix @@ -6,6 +6,7 @@ programs.zoxide.enableBashIntegration = true; programs.fzf.enableBashIntegration = true; programs.rtx.enableBashIntegration = true; + programs.atuin.enableBashIntegration = true; # Used only in bash - https://unix.stackexchange.com/a/689403 # https://github.com/nix-community/home-manager/blob/master/modules/programs/readline.nix diff --git a/home-manager/fish.nix b/home-manager/fish.nix index 7dedb7982..dcbc84998 100644 --- a/home-manager/fish.nix +++ b/home-manager/fish.nix @@ -7,6 +7,7 @@ programs.zoxide.enableFishIntegration = true; programs.fzf.enableFishIntegration = true; programs.rtx.enableFishIntegration = true; + programs.atuin.enableFishIntegration = true; xdg.configFile."fish/fish_variables".source = ../home/.config/fish/fish_variables; xdg.configFile."fish/functions/fish_prompt.fish".source = ../home/.config/fish/functions/fish_prompt.fish; diff --git a/home-manager/home.nix b/home-manager/home.nix index 170e6fe7c..3231f0c7c 100644 --- a/home-manager/home.nix +++ b/home-manager/home.nix @@ -150,4 +150,13 @@ # https://github.com/nix-community/home-manager/blob/master/modules/programs/rtx.nix programs.rtx.enable = true; + + # https://github.com/nix-community/home-manager/blob/master/modules/programs/atuin.nix + programs.atuin = { + enable = true; + + settings = { + sync_address = "https://127.0.0.1"; + }; + }; } diff --git a/home-manager/packages.nix b/home-manager/packages.nix index c04e3a8eb..d8de44f01 100644 --- a/home-manager/packages.nix +++ b/home-manager/packages.nix @@ -13,6 +13,7 @@ direnv zoxide fzf + atuin # Used in anywhere coreutils diff --git a/home-manager/zsh.nix b/home-manager/zsh.nix index 730f1e2cb..18be6879b 100644 --- a/home-manager/zsh.nix +++ b/home-manager/zsh.nix @@ -6,6 +6,7 @@ programs.zoxide.enableZshIntegration = true; programs.fzf.enableZshIntegration = true; programs.rtx.enableZshIntegration = true; + programs.atuin.enableZshIntegration = true; # https://nixos.wiki/wiki/Zsh # https://github.com/nix-community/home-manager/blob/master/modules/programs/zsh.nix From 2e9f6160cf0758373dda6c12ee13df5e325a6f3a Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 10 Aug 2023 22:17:10 +0900 Subject: [PATCH 02/33] Disable hijacking up-arrow by atuin --- home-manager/home.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/home-manager/home.nix b/home-manager/home.nix index 3231f0c7c..91295a08b 100644 --- a/home-manager/home.nix +++ b/home-manager/home.nix @@ -155,6 +155,11 @@ programs.atuin = { enable = true; + flags = [ + # https://github.com/atuinsh/atuin/issues/51 + "--disable-up-arrow" + ]; + settings = { sync_address = "https://127.0.0.1"; }; From 93c77547373f3e8154f5a9968c063c72fdf805e5 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Fri, 18 Jul 2025 22:21:10 +0900 Subject: [PATCH 03/33] Clarify testing the atuin ctrl+r --- home-manager/common.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home-manager/common.nix b/home-manager/common.nix index 65d38ea52..30d2330b5 100644 --- a/home-manager/common.nix +++ b/home-manager/common.nix @@ -220,6 +220,8 @@ flags = [ # https://github.com/atuinsh/atuin/issues/51 "--disable-up-arrow" + + # "--disable-ctrl-r" # TODO: Consider to choose fzf or atuin ]; settings = { From 6134b361dd905b8e0dec0e19175102a2473e573b Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Fri, 18 Jul 2025 22:26:13 +0900 Subject: [PATCH 04/33] Run atuin server on algae --- home-manager/common.nix | 3 ++- nixos/hosts/algae/default.nix | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/home-manager/common.nix b/home-manager/common.nix index 30d2330b5..8d603d11e 100644 --- a/home-manager/common.nix +++ b/home-manager/common.nix @@ -225,7 +225,8 @@ ]; settings = { - sync_address = "https://127.0.0.1"; + # auto_sync = true; # TODO: Consider enabling after test + sync_address = "https://algae"; }; }; } diff --git a/nixos/hosts/algae/default.nix b/nixos/hosts/algae/default.nix index 78224cde7..b1dbb0eef 100644 --- a/nixos/hosts/algae/default.nix +++ b/nixos/hosts/algae/default.nix @@ -66,6 +66,8 @@ AllowSuspendThenHibernate=no ''; + services.atuin.enable = true; + environment.systemPackages = with pkgs; [ # Available since https://github.com/NixOS/nixpkgs/pull/406363 (unstable.yaneuraou.override { From 1753a7050c92b53dffed00ca4f5de17da1e2389a Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Tue, 19 Aug 2025 03:52:29 +0900 Subject: [PATCH 05/33] Disable atuin on bash However brush recommends ble, I may reconsider it in future --- home-manager/bash.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home-manager/bash.nix b/home-manager/bash.nix index f1e807836..f649598aa 100644 --- a/home-manager/bash.nix +++ b/home-manager/bash.nix @@ -12,7 +12,7 @@ programs.fzf.enableBashIntegration = false; # GH-1192: Don't enable fzf integrations, it makes shell startup slower. Load only key-bindings if required. programs.television.enableBashIntegration = false; # Conflict with fzf by default programs.zellij.enableBashIntegration = false; # Intentionally disabled for keeping stable bash - programs.atuin.enableBashIntegration = true; + programs.atuin.enableBashIntegration = false; # Because of atuin depends on ble.sh # Used only in bash - https://unix.stackexchange.com/a/689403 # https://github.com/nix-community/home-manager/blob/release-24.11/modules/programs/readline.nix From 360f92bbe0eec07d62742478c5521709e33c244c Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Tue, 19 Aug 2025 04:01:29 +0900 Subject: [PATCH 06/33] Disable atuin ctrl-r --- home-manager/common.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home-manager/common.nix b/home-manager/common.nix index b8c881058..12d608dd6 100644 --- a/home-manager/common.nix +++ b/home-manager/common.nix @@ -219,7 +219,7 @@ # https://github.com/atuinsh/atuin/issues/51 "--disable-up-arrow" - # "--disable-ctrl-r" # TODO: Consider to choose fzf or atuin + "--disable-ctrl-r" # Keep fzf key-bindings ]; settings = { From f69082a603aa16e60ca01f98a49f238c3ba240e2 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Wed, 20 Aug 2025 15:15:00 +0900 Subject: [PATCH 07/33] Adjust atuin server config --- nixos/hosts/algae/default.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/nixos/hosts/algae/default.nix b/nixos/hosts/algae/default.nix index 5fe0506fe..1d2ce8295 100644 --- a/nixos/hosts/algae/default.nix +++ b/nixos/hosts/algae/default.nix @@ -68,7 +68,12 @@ AllowSuspendThenHibernate=no ''; - services.atuin.enable = true; + services.atuin = { + enable = true; + openFirewall = true; + # default 127.0.0.1 does not accept accesses from other hosts + host = "0.0.0.0"; + }; environment.systemPackages = with pkgs; [ # Available since https://github.com/NixOS/nixpkgs/pull/406363 From f655eed11035a8ba9ffaf3e69d4b1fb8ee6803cc Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 18 Sep 2025 14:24:35 +0900 Subject: [PATCH 08/33] atuin: openRegistration --- nixos/hosts/algae/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/hosts/algae/default.nix b/nixos/hosts/algae/default.nix index 1d2ce8295..4ee62eba6 100644 --- a/nixos/hosts/algae/default.nix +++ b/nixos/hosts/algae/default.nix @@ -73,6 +73,7 @@ openFirewall = true; # default 127.0.0.1 does not accept accesses from other hosts host = "0.0.0.0"; + openRegistration = true; }; environment.systemPackages = with pkgs; [ From 326a6e66d67be69ede05e902658a7f949cc60162 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 18 Sep 2025 14:27:52 +0900 Subject: [PATCH 09/33] Clarify port for self hosted atuin --- home-manager/common.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home-manager/common.nix b/home-manager/common.nix index d3e4a6ef6..02e6db226 100644 --- a/home-manager/common.nix +++ b/home-manager/common.nix @@ -234,7 +234,7 @@ settings = { # auto_sync = true; # TODO: Consider enabling after test - sync_address = "https://algae.local"; + sync_address = "https://algae.local:8888"; }; }; From f0d04680e8c7ad0eb3dca2c1f18eb22525ec7acc Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 18 Sep 2025 14:30:49 +0900 Subject: [PATCH 10/33] Test with http --- home-manager/common.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home-manager/common.nix b/home-manager/common.nix index 02e6db226..eda8a8f95 100644 --- a/home-manager/common.nix +++ b/home-manager/common.nix @@ -234,7 +234,7 @@ settings = { # auto_sync = true; # TODO: Consider enabling after test - sync_address = "https://algae.local:8888"; + sync_address = "http://algae.local:8888"; }; }; From 17c0110de0a0b559d5b8a16ebe8bbfa0a25755e3 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 18 Sep 2025 15:54:04 +0900 Subject: [PATCH 11/33] Enable SSH portforwarding for atuin --- home-manager/common.nix | 7 ++++++- home-manager/ssh.nix | 9 +++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/home-manager/common.nix b/home-manager/common.nix index eda8a8f95..4285255a3 100644 --- a/home-manager/common.nix +++ b/home-manager/common.nix @@ -234,7 +234,12 @@ settings = { # auto_sync = true; # TODO: Consider enabling after test - sync_address = "http://algae.local:8888"; + + # Don't use the actual address likely + # sync_address = "http://algae.local:8888"; + # Because TLS support is disabled now. NixOS module seems not accepting config files and TSL support for now + # Therefore using SSH forwarding for the HTTP instead of TLS support on atuin + sync_address = "http://localhost:8888"; }; }; diff --git a/home-manager/ssh.nix b/home-manager/ssh.nix index 9cf9f28fa..e3f087702 100644 --- a/home-manager/ssh.nix +++ b/home-manager/ssh.nix @@ -120,6 +120,15 @@ in StrictHostKeyChecking = "ask"; UserKnownHostsFile = "/dev/null"; }; + + localForwards = [ + # For atuin + { + bind.port = 8888; + host.address = "algae.local"; + host.port = 8888; + } + ]; }; # mDNS via avahi. From 79ce1a49aaa48ccb561cad06ccef613a6a26695f Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 18 Sep 2025 16:29:08 +0900 Subject: [PATCH 12/33] Update config around atuin --- home-manager/ssh.nix | 2 +- nixos/hosts/algae/default.nix | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/home-manager/ssh.nix b/home-manager/ssh.nix index e3f087702..5c5e8ef5e 100644 --- a/home-manager/ssh.nix +++ b/home-manager/ssh.nix @@ -135,7 +135,7 @@ in "*.local" = { extraOptions = { # NixOS rebuilds change the host key - StrictHostKeyChecking = "accept-new"; + StrictHostKeyChecking = "ask"; # Avoiding "accept-new" since accessing atuin via port forwarding }; }; }; diff --git a/nixos/hosts/algae/default.nix b/nixos/hosts/algae/default.nix index 4ee62eba6..538f4df63 100644 --- a/nixos/hosts/algae/default.nix +++ b/nixos/hosts/algae/default.nix @@ -70,9 +70,9 @@ services.atuin = { enable = true; - openFirewall = true; - # default 127.0.0.1 does not accept accesses from other hosts - host = "0.0.0.0"; + openFirewall = false; # Unnecessary to enable for SSH portforwarding + # default 127.0.0.1 does not accept accesses from other hosts. However it is okay for current SSH portforwarding use-case + host = "127.0.0.1"; openRegistration = true; }; From 9ae07b61bf2252eb44e79922ed0c22cb4bf82f31 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 18 Sep 2025 17:57:44 +0900 Subject: [PATCH 13/33] Use caddy for atuin server --- home-manager/ssh.nix | 18 +++++++++--------- nixos/hosts/algae/default.nix | 13 ++++++++++++- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/home-manager/ssh.nix b/home-manager/ssh.nix index 5c5e8ef5e..7fea27bf5 100644 --- a/home-manager/ssh.nix +++ b/home-manager/ssh.nix @@ -121,21 +121,21 @@ in UserKnownHostsFile = "/dev/null"; }; - localForwards = [ - # For atuin - { - bind.port = 8888; - host.address = "algae.local"; - host.port = 8888; - } - ]; + # localForwards = [ + # # For atuin + # { + # bind.port = 8888; + # host.address = "algae.local"; + # host.port = 8888; + # } + # ]; }; # mDNS via avahi. "*.local" = { extraOptions = { # NixOS rebuilds change the host key - StrictHostKeyChecking = "ask"; # Avoiding "accept-new" since accessing atuin via port forwarding + StrictHostKeyChecking = "accept-new"; }; }; }; diff --git a/nixos/hosts/algae/default.nix b/nixos/hosts/algae/default.nix index 538f4df63..88cdd49e0 100644 --- a/nixos/hosts/algae/default.nix +++ b/nixos/hosts/algae/default.nix @@ -2,6 +2,7 @@ lib, pkgs, inputs, + config, ... }: @@ -72,10 +73,20 @@ enable = true; openFirewall = false; # Unnecessary to enable for SSH portforwarding # default 127.0.0.1 does not accept accesses from other hosts. However it is okay for current SSH portforwarding use-case - host = "127.0.0.1"; + # host = "127.0.0.1"; openRegistration = true; }; + # https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/services/web-servers/caddy/default.nix + services.caddy.enable = true; + + services.caddy.virtualHosts.atuin = { + # inherit hostName; + extraConfig = '' + reverse_proxy 127.0.0.1:${toString config.services.atuin.port} + ''; + }; + environment.systemPackages = with pkgs; [ # Available since https://github.com/NixOS/nixpkgs/pull/406363 (unstable.yaneuraou.override { From 6df3dfc02a10c69a8dcea0f65e2aa14bf8aec34c Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 18 Sep 2025 23:57:01 +0900 Subject: [PATCH 14/33] Update config and comments about atuin [ci skip] --- home-manager/common.nix | 2 +- nixos/hosts/algae/default.nix | 26 +++++++++++++++++++------- 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/home-manager/common.nix b/home-manager/common.nix index 4285255a3..2c7070ad4 100644 --- a/home-manager/common.nix +++ b/home-manager/common.nix @@ -239,7 +239,7 @@ # sync_address = "http://algae.local:8888"; # Because TLS support is disabled now. NixOS module seems not accepting config files and TSL support for now # Therefore using SSH forwarding for the HTTP instead of TLS support on atuin - sync_address = "http://localhost:8888"; + sync_address = "https://algae.local:58888"; }; }; diff --git a/nixos/hosts/algae/default.nix b/nixos/hosts/algae/default.nix index 88cdd49e0..6768486b0 100644 --- a/nixos/hosts/algae/default.nix +++ b/nixos/hosts/algae/default.nix @@ -69,24 +69,36 @@ AllowSuspendThenHibernate=no ''; + # https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/services/misc/atuin.nix + # atuin module appears not supporting customizing server.toml: https://github.com/NixOS/nixpkgs/blob/e9b7f2ff62b35f711568b1f0866243c7c302028d/nixos/modules/services/misc/atuin.nix#L148 services.atuin = { enable = true; - openFirewall = false; # Unnecessary to enable for SSH portforwarding + # openFirewall = true; # Unnecessary to enable for SSH portforwarding # default 127.0.0.1 does not accept accesses from other hosts. However it is okay for current SSH portforwarding use-case # host = "127.0.0.1"; openRegistration = true; }; # https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/services/web-servers/caddy/default.nix - services.caddy.enable = true; + services.caddy = { + enable = true; + + acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; + email = "kachick1@gmail.com"; - services.caddy.virtualHosts.atuin = { - # inherit hostName; - extraConfig = '' - reverse_proxy 127.0.0.1:${toString config.services.atuin.port} - ''; + # - sub.hotsname.local by mDNS is not be supported in systemd-resolved: https://github.com/systemd/systemd/issues/34852 + # - Consider using tailscale. It is much useful, however it requires hiding tailnet name in public dotfiles, and should consider how to keep running `tailscale serve --bg --https=58888 127.0.0.1:8888` + virtualHosts."${config.networking.hostName}.local:58888" = { + extraConfig = '' + reverse_proxy http://${toString config.services.atuin.host}:${toString config.services.atuin.port} + ''; + }; }; + networking.firewall.allowedTCPPorts = [ + 58888 + ]; + environment.systemPackages = with pkgs; [ # Available since https://github.com/NixOS/nixpkgs/pull/406363 (unstable.yaneuraou.override { From 19f6c9dacf5f21315a444f740cc930decc0d0037 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Sat, 25 Oct 2025 15:31:56 +0900 Subject: [PATCH 15/33] Comment-out unused atuin code --- home-manager/common.nix | 18 +++++++++--------- nixos/hosts/algae/default.nix | 36 +++++++++++++++++------------------ 2 files changed, 27 insertions(+), 27 deletions(-) diff --git a/home-manager/common.nix b/home-manager/common.nix index 87dfc9422..215d50763 100644 --- a/home-manager/common.nix +++ b/home-manager/common.nix @@ -231,15 +231,15 @@ "--disable-ctrl-r" # Keep fzf key-bindings ]; - settings = { - # auto_sync = true; # TODO: Consider enabling after test - - # Don't use the actual address likely - # sync_address = "http://algae.local:8888"; - # Because TLS support is disabled now. NixOS module seems not accepting config files and TSL support for now - # Therefore using SSH forwarding for the HTTP instead of TLS support on atuin - sync_address = "https://algae.local:58888"; - }; + # settings = { + # # auto_sync = true; # TODO: Consider enabling after test + + # # Don't use the actual address likely + # # sync_address = "http://algae.local:8888"; + # # Because TLS support is disabled now. NixOS module seems not accepting config files and TSL support for now + # # Therefore using SSH forwarding for the HTTP instead of TLS support on atuin + # sync_address = "https://algae.local:58888"; + # }; }; # https://github.com/nix-community/home-manager/blob/release-25.05/modules/programs/yazi.nix diff --git a/nixos/hosts/algae/default.nix b/nixos/hosts/algae/default.nix index 0107e479c..3946bb9d5 100644 --- a/nixos/hosts/algae/default.nix +++ b/nixos/hosts/algae/default.nix @@ -79,25 +79,25 @@ openRegistration = true; }; - # https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/services/web-servers/caddy/default.nix - services.caddy = { - enable = true; - - acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; - email = "kachick1@gmail.com"; - - # - sub.hotsname.local by mDNS is not be supported in systemd-resolved: https://github.com/systemd/systemd/issues/34852 - # - Consider using tailscale. It is much useful, however it requires hiding tailnet name in public dotfiles, and should consider how to keep running `tailscale serve --bg --https=58888 127.0.0.1:8888` - virtualHosts."${config.networking.hostName}.local:58888" = { - extraConfig = '' - reverse_proxy http://${toString config.services.atuin.host}:${toString config.services.atuin.port} - ''; - }; - }; + # # https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/services/web-servers/caddy/default.nix + # services.caddy = { + # enable = true; + + # acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; + # email = "kachick1@gmail.com"; + + # # - sub.hotsname.local by mDNS is not be supported in systemd-resolved: https://github.com/systemd/systemd/issues/34852 + # # - Consider using tailscale. It is much useful, however it requires hiding tailnet name in public dotfiles, and should consider how to keep running `tailscale serve --bg --https=58888 127.0.0.1:8888` + # virtualHosts."${config.networking.hostName}.local:58888" = { + # extraConfig = '' + # reverse_proxy http://${toString config.services.atuin.host}:${toString config.services.atuin.port} + # ''; + # }; + # }; - networking.firewall.allowedTCPPorts = [ - 58888 - ]; + # networking.firewall.allowedTCPPorts = [ + # 58888 + # ]; environment.systemPackages = with pkgs; [ # Available since https://github.com/NixOS/nixpkgs/pull/406363 From 19ed2c73116f2a23239db05ac74b90f86e6f6d5a Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Sat, 25 Oct 2025 17:20:51 +0900 Subject: [PATCH 16/33] Run tailscale serve on systemd --- nixos/hosts/algae/default.nix | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/nixos/hosts/algae/default.nix b/nixos/hosts/algae/default.nix index 3946bb9d5..003745894 100644 --- a/nixos/hosts/algae/default.nix +++ b/nixos/hosts/algae/default.nix @@ -2,7 +2,6 @@ lib, pkgs, inputs, - config, ... }: @@ -99,6 +98,32 @@ # 58888 # ]; + systemd.services.tailscale-serve-atuin = { + description = "Support atuin server via tailscale. See GH-173 and GH-266"; + wantedBy = [ + "multi-user.target" + ]; + + after = [ + "tailscaled.service" + "atuin.service" + ]; + + requires = [ + "tailscaled.service" + "atuin.service" + ]; + + serviceConfig = { + Type = "simple"; + + ExecStart = "${pkgs.unstable.tailscale}/bin/tailscale serve 8888"; + + Restart = "on-failure"; + RestartSec = 5; + }; + }; + environment.systemPackages = with pkgs; [ # Available since https://github.com/NixOS/nixpkgs/pull/406363 (patched.yaneuraou.override { From 4b84368fa31744c30e75feabb3bb5fbff73bcb23 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Sat, 25 Oct 2025 17:23:52 +0900 Subject: [PATCH 17/33] Set user --- nixos/hosts/algae/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/hosts/algae/default.nix b/nixos/hosts/algae/default.nix index 003745894..33312ec8e 100644 --- a/nixos/hosts/algae/default.nix +++ b/nixos/hosts/algae/default.nix @@ -115,6 +115,7 @@ ]; serviceConfig = { + User = "kachick"; Type = "simple"; ExecStart = "${pkgs.unstable.tailscale}/bin/tailscale serve 8888"; From 77bd10b6aa5290b92bee849dc559cbc44e34d32d Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Sat, 25 Oct 2025 18:07:39 +0900 Subject: [PATCH 18/33] Ensure to avoid atuin default API --- nixos/configuration.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/nixos/configuration.nix b/nixos/configuration.nix index 18f813ad5..13ee3f92f 100644 --- a/nixos/configuration.nix +++ b/nixos/configuration.nix @@ -249,4 +249,12 @@ # https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/security/sudo-rs.nix security.sudo-rs.enable = true; + + networking.hosts = { + "127.0.0.1" = [ + # The motivation is: https://github.com/kachick/dotfiles/pull/266#discussion_r2462670847 + # Ensure to avoid the default URL in atuin connections + "api.atuin.sh" + ]; + }; } From 47227a49a1c18f4f91ea058de4f9af06703d19f5 Mon Sep 17 00:00:00 2001 From: "selfup-runner[bot]" <146065330+selfup-runner[bot]@users.noreply.github.com> Date: Mon, 27 Oct 2025 00:56:37 +0000 Subject: [PATCH 19/33] Bump flake.lock and related dependencies (#1320) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * flake.lock: Update Flake lock file updates: • Updated input 'edge-nixpkgs': 'https://releases.nixos.org/nixos/unstable/nixos-25.11pre880095.5e2a59a5b1a8/nixexprs.tar.xz?narHash=sha256-u0JUo46QSoXnjLaezAM75wRNuxVMVbm5OxHH122TeTY%3D' (2025-10-20) → 'https://releases.nixos.org/nixos/unstable/nixos-25.11pre883951.6a08e6bb4e46/nixexprs.tar.xz?narHash=sha256-5bRIcZ2GZ%2BWo3XrFVcFWGDIjycGp53B/9TNj1r4Iwsc%3D' (2025-10-26) • Updated input 'nixos-wsl': 'github:nix-community/NixOS-WSL/7014f72d94af88a6db845231a49f8566cbc70c3e?narHash=sha256-Ntp1XZdMpIykkAvYTOjX2jnO86RQ2YOjqVH4cD%2BHe24%3D' (2025-10-15) → 'github:nix-community/NixOS-WSL/25a1160f47e16c017cee93acf58f3649ad87c213?narHash=sha256-qJ2TP6WIT7YUL4oZSEvib5j19df4V55WS79OVGmX72s%3D' (2025-10-26) • Updated input 'nixpkgs': 'https://releases.nixos.org/nixos/25.05/nixos-25.05.811461.81b927b14b7b/nixexprs.tar.xz?narHash=sha256-H/cHnBjaol3hAwJwnShW48fIWbJeROctqovDHDlzcQw%3D' (2025-10-19) → 'https://releases.nixos.org/nixos/25.05/nixos-25.05.811621.c8aa8cc00a5c/nixexprs.tar.xz?narHash=sha256-/UR943qCkSDpSJrABtcHn56cglxJoX45ezW1LtEHpUw%3D' (2025-10-24) • Updated input 'nixpkgs-darwin': 'https://releases.nixos.org/nixpkgs/25.05-darwin/nixpkgs-darwin-25.05pre811497.33c6dca0c0cb/nixexprs.tar.xz?narHash=sha256-M8ivoTcUHC4q7fHubxKQCElzwM1qI1xy11v4NBSeMKM%3D' (1980-01-01) → 'https://releases.nixos.org/nixpkgs/25.05-darwin/nixpkgs-darwin-25.05pre811753.08478b816182/nixexprs.tar.xz?narHash=sha256-%2Btt3r2tb0a6yce59V48pQPn8exKGDu%2Br2WVPfN7ySsM%3D' (1980-01-01) * Update go.mod and go.sum --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- flake.lock | 28 ++++++++++++++-------------- go.mod | 2 +- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 6d4d9ef09..1e0f281cc 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "edge-nixpkgs": { "locked": { - "lastModified": 1760921689, - "narHash": "sha256-u0JUo46QSoXnjLaezAM75wRNuxVMVbm5OxHH122TeTY=", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "lastModified": 1761470712, + "narHash": "sha256-5bRIcZ2GZ+Wo3XrFVcFWGDIjycGp53B/9TNj1r4Iwsc=", + "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", "type": "tarball", - "url": "https://releases.nixos.org/nixos/unstable/nixos-25.11pre880095.5e2a59a5b1a8/nixexprs.tar.xz" + "url": "https://releases.nixos.org/nixos/unstable/nixos-25.11pre883951.6a08e6bb4e46/nixexprs.tar.xz" }, "original": { "type": "tarball", @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1760536327, - "narHash": "sha256-Ntp1XZdMpIykkAvYTOjX2jnO86RQ2YOjqVH4cD+He24=", + "lastModified": 1761449384, + "narHash": "sha256-qJ2TP6WIT7YUL4oZSEvib5j19df4V55WS79OVGmX72s=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "7014f72d94af88a6db845231a49f8566cbc70c3e", + "rev": "25a1160f47e16c017cee93acf58f3649ad87c213", "type": "github" }, "original": { @@ -134,11 +134,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1760882350, - "narHash": "sha256-H/cHnBjaol3hAwJwnShW48fIWbJeROctqovDHDlzcQw=", - "rev": "81b927b14b7b3988334d5282ef9cba802e193fe1", + "lastModified": 1761301304, + "narHash": "sha256-/UR943qCkSDpSJrABtcHn56cglxJoX45ezW1LtEHpUw=", + "rev": "c8aa8cc00a5cb57fada0851a038d35c08a36a2bb", "type": "tarball", - "url": "https://releases.nixos.org/nixos/25.05/nixos-25.05.811461.81b927b14b7b/nixexprs.tar.xz" + "url": "https://releases.nixos.org/nixos/25.05/nixos-25.05.811621.c8aa8cc00a5c/nixexprs.tar.xz" }, "original": { "type": "tarball", @@ -148,10 +148,10 @@ "nixpkgs-darwin": { "locked": { "lastModified": 315532800, - "narHash": "sha256-M8ivoTcUHC4q7fHubxKQCElzwM1qI1xy11v4NBSeMKM=", - "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c", + "narHash": "sha256-+tt3r2tb0a6yce59V48pQPn8exKGDu+r2WVPfN7ySsM=", + "rev": "08478b816182dc3cc208210b996294411690111d", "type": "tarball", - "url": "https://releases.nixos.org/nixpkgs/25.05-darwin/nixpkgs-darwin-25.05pre811497.33c6dca0c0cb/nixexprs.tar.xz" + "url": "https://releases.nixos.org/nixpkgs/25.05-darwin/nixpkgs-darwin-25.05pre811753.08478b816182/nixexprs.tar.xz" }, "original": { "type": "tarball", diff --git a/go.mod b/go.mod index 5d1c4ceb1..70d894c08 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/kachick/dotfiles -go 1.25.1 +go 1.25.2 require ( github.com/google/go-cmp v0.7.0 From 8bb40f16b99bfc94afe198a7b0190eaa3d4b174b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Oct 2025 22:47:35 +0900 Subject: [PATCH 20/33] Bump actions/upload-artifact from 4 to 5 (#1322) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-home.yml | 2 +- .github/workflows/windows.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci-home.yml b/.github/workflows/ci-home.yml index c085d70c2..09c49d159 100644 --- a/.github/workflows/ci-home.yml +++ b/.github/workflows/ci-home.yml @@ -88,7 +88,7 @@ jobs: run: | nix run .#archive-home-files home-manager-generation-home-files - name: Upload artifact - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: 'home-files-${{ github.sha }}-${{ matrix.runner }}' path: home-manager-generation-home-files.tar.gz diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index d0a974221..ab0185450 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -117,7 +117,7 @@ jobs: Get-ChildItem -Recurse .\dist - name: Upload artifact id: upload-artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: name: winit path: dist @@ -146,7 +146,7 @@ jobs: # Enable this section when you want to update logics and check it # - name: Upload artifact # id: upload-defender-log - # uses: actions/upload-artifact@v4 + # uses: actions/upload-artifact@v5 # with: # name: MpCmdRun-logs # path: MpCmdRun-logs/** From 04508c8072c314325262c1283dbea611f595e244 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Tue, 28 Oct 2025 03:01:55 +0900 Subject: [PATCH 21/33] Prevent access to external service with the customizing config --- home-manager/common.nix | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/home-manager/common.nix b/home-manager/common.nix index 215d50763..db1345ff9 100644 --- a/home-manager/common.nix +++ b/home-manager/common.nix @@ -231,15 +231,17 @@ "--disable-ctrl-r" # Keep fzf key-bindings ]; - # settings = { - # # auto_sync = true; # TODO: Consider enabling after test - - # # Don't use the actual address likely - # # sync_address = "http://algae.local:8888"; - # # Because TLS support is disabled now. NixOS module seems not accepting config files and TSL support for now - # # Therefore using SSH forwarding for the HTTP instead of TLS support on atuin - # sync_address = "https://algae.local:58888"; - # }; + settings = { + # auto_sync = true; # TODO: Consider enabling after test + + # Set a temporary value here to prevent using an external service like the default https://api.atuin.sh/. + # Current issues: + # - Atuin TLS support is disabled. + # - The NixOS module does not seem to accept config files or support TLS. + # Requirements before actual setup: Set ATUIN_SYNC_ADDRESS="https://algae.${TAILNET_DOMAIN}" on each device. + # Typically written to: "XDG_CONFIG_HOME/zsh/.zshenv.local" + sync_address = "http://algae.local:8888"; + }; }; # https://github.com/nix-community/home-manager/blob/release-25.05/modules/programs/yazi.nix From a1a9e4181388b9715c6b602f099ec3d4b4855b8d Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Tue, 28 Oct 2025 03:05:46 +0900 Subject: [PATCH 22/33] Enable ctrl+r on atuin --- home-manager/common.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home-manager/common.nix b/home-manager/common.nix index db1345ff9..f91ebf190 100644 --- a/home-manager/common.nix +++ b/home-manager/common.nix @@ -228,7 +228,7 @@ # https://github.com/atuinsh/atuin/issues/51 "--disable-up-arrow" - "--disable-ctrl-r" # Keep fzf key-bindings + # "--disable-ctrl-r" # If prefer fzf key-bindings ]; settings = { From 69437c54a891f1eaf14d51a55baab8f508eef4c2 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Tue, 28 Oct 2025 03:13:43 +0900 Subject: [PATCH 23/33] Update legacy comments --- home-manager/ssh.nix | 9 --------- nixos/hosts/algae/default.nix | 26 ++------------------------ 2 files changed, 2 insertions(+), 33 deletions(-) diff --git a/home-manager/ssh.nix b/home-manager/ssh.nix index b16d49b7b..8d04ebe61 100644 --- a/home-manager/ssh.nix +++ b/home-manager/ssh.nix @@ -120,15 +120,6 @@ in StrictHostKeyChecking = "ask"; UserKnownHostsFile = "/dev/null"; }; - - # localForwards = [ - # # For atuin - # { - # bind.port = 8888; - # host.address = "algae.local"; - # host.port = 8888; - # } - # ]; }; # mDNS via avahi. diff --git a/nixos/hosts/algae/default.nix b/nixos/hosts/algae/default.nix index 33312ec8e..31208dad5 100644 --- a/nixos/hosts/algae/default.nix +++ b/nixos/hosts/algae/default.nix @@ -72,32 +72,9 @@ # atuin module appears not supporting customizing server.toml: https://github.com/NixOS/nixpkgs/blob/e9b7f2ff62b35f711568b1f0866243c7c302028d/nixos/modules/services/misc/atuin.nix#L148 services.atuin = { enable = true; - # openFirewall = true; # Unnecessary to enable for SSH portforwarding - # default 127.0.0.1 does not accept accesses from other hosts. However it is okay for current SSH portforwarding use-case - # host = "127.0.0.1"; - openRegistration = true; + openRegistration = true; # Always allow to help the testing. It is okay, this server only useable on private networks }; - # # https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/services/web-servers/caddy/default.nix - # services.caddy = { - # enable = true; - - # acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; - # email = "kachick1@gmail.com"; - - # # - sub.hotsname.local by mDNS is not be supported in systemd-resolved: https://github.com/systemd/systemd/issues/34852 - # # - Consider using tailscale. It is much useful, however it requires hiding tailnet name in public dotfiles, and should consider how to keep running `tailscale serve --bg --https=58888 127.0.0.1:8888` - # virtualHosts."${config.networking.hostName}.local:58888" = { - # extraConfig = '' - # reverse_proxy http://${toString config.services.atuin.host}:${toString config.services.atuin.port} - # ''; - # }; - # }; - - # networking.firewall.allowedTCPPorts = [ - # 58888 - # ]; - systemd.services.tailscale-serve-atuin = { description = "Support atuin server via tailscale. See GH-173 and GH-266"; wantedBy = [ @@ -118,6 +95,7 @@ User = "kachick"; Type = "simple"; + # If run without systemd, `--bg` flag might helps ExecStart = "${pkgs.unstable.tailscale}/bin/tailscale serve 8888"; Restart = "on-failure"; From de6d2bf7d03ead28deede76e2c99e6d5660bc13f Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Tue, 28 Oct 2025 03:33:18 +0900 Subject: [PATCH 24/33] Share atuin port except home-manager --- nixos/hosts/algae/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/hosts/algae/default.nix b/nixos/hosts/algae/default.nix index 31208dad5..95086f32b 100644 --- a/nixos/hosts/algae/default.nix +++ b/nixos/hosts/algae/default.nix @@ -2,6 +2,7 @@ lib, pkgs, inputs, + config, ... }: @@ -96,7 +97,7 @@ Type = "simple"; # If run without systemd, `--bg` flag might helps - ExecStart = "${pkgs.unstable.tailscale}/bin/tailscale serve 8888"; + ExecStart = "${pkgs.unstable.tailscale}/bin/tailscale serve ${toString config.services.atuin.port}"; Restart = "on-failure"; RestartSec = 5; From 090d53d62d7f7f78f1b1a06a9e7fd6ed2855db91 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Tue, 28 Oct 2025 03:41:13 +0900 Subject: [PATCH 25/33] Prefer fzf again --- home-manager/common.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/home-manager/common.nix b/home-manager/common.nix index f91ebf190..9873435f6 100644 --- a/home-manager/common.nix +++ b/home-manager/common.nix @@ -228,7 +228,8 @@ # https://github.com/atuinsh/atuin/issues/51 "--disable-up-arrow" - # "--disable-ctrl-r" # If prefer fzf key-bindings + # NOTE: Add another keybind if I found suitable one + "--disable-ctrl-r" # Prefer fzf key-bindings. Use `atuin search --interactive` instead. ]; settings = { From 6e1dea47fc70cff9a0955a61c0672df2abbb7e6f Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Tue, 28 Oct 2025 11:13:50 +0900 Subject: [PATCH 26/33] Correct env in comment --- home-manager/common.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home-manager/common.nix b/home-manager/common.nix index 9873435f6..1ff518caf 100644 --- a/home-manager/common.nix +++ b/home-manager/common.nix @@ -240,7 +240,7 @@ # - Atuin TLS support is disabled. # - The NixOS module does not seem to accept config files or support TLS. # Requirements before actual setup: Set ATUIN_SYNC_ADDRESS="https://algae.${TAILNET_DOMAIN}" on each device. - # Typically written to: "XDG_CONFIG_HOME/zsh/.zshenv.local" + # Typically written to: "$XDG_CONFIG_HOME/zsh/.zshenv.local" sync_address = "http://algae.local:8888"; }; }; From a56e0515d7e5da8135e1ede8e6034466f1223898 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Tue, 28 Oct 2025 11:14:20 +0900 Subject: [PATCH 27/33] Relax systemd retry --- nixos/hosts/algae/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/hosts/algae/default.nix b/nixos/hosts/algae/default.nix index 95086f32b..41f565d55 100644 --- a/nixos/hosts/algae/default.nix +++ b/nixos/hosts/algae/default.nix @@ -100,7 +100,7 @@ ExecStart = "${pkgs.unstable.tailscale}/bin/tailscale serve ${toString config.services.atuin.port}"; Restart = "on-failure"; - RestartSec = 5; + RestartSec = 15; }; }; From 2c6b2010f536e5d00abc3cf21c11ce83117d067c Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Tue, 28 Oct 2025 11:16:46 +0900 Subject: [PATCH 28/33] Prefer nobody account for this role --- nixos/hosts/algae/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/hosts/algae/default.nix b/nixos/hosts/algae/default.nix index 41f565d55..286de267b 100644 --- a/nixos/hosts/algae/default.nix +++ b/nixos/hosts/algae/default.nix @@ -93,7 +93,7 @@ ]; serviceConfig = { - User = "kachick"; + User = "nobody"; Type = "simple"; # If run without systemd, `--bg` flag might helps From 580f4ef7201e4ccc319344cf08b8e917687f5940 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Tue, 28 Oct 2025 11:36:43 +0900 Subject: [PATCH 29/33] Clarify enter_accept --- home-manager/common.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home-manager/common.nix b/home-manager/common.nix index 1ff518caf..b70976d84 100644 --- a/home-manager/common.nix +++ b/home-manager/common.nix @@ -242,6 +242,8 @@ # Requirements before actual setup: Set ATUIN_SYNC_ADDRESS="https://algae.${TAILNET_DOMAIN}" on each device. # Typically written to: "$XDG_CONFIG_HOME/zsh/.zshenv.local" sync_address = "http://algae.local:8888"; + + enter_accept = false; # Ensure disabling even through it is the default. }; }; From 27c5b46fb590a6bd827182b2d0e2cc1f47e29a67 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Tue, 28 Oct 2025 11:37:33 +0900 Subject: [PATCH 30/33] Add comment about bash integrations --- home-manager/bash.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home-manager/bash.nix b/home-manager/bash.nix index edbb71182..ce3d68f97 100644 --- a/home-manager/bash.nix +++ b/home-manager/bash.nix @@ -12,7 +12,7 @@ programs.fzf.enableBashIntegration = false; # GH-1192: Don't enable fzf integrations, it makes shell startup slower. Load only key-bindings if required. programs.television.enableBashIntegration = false; # Conflict with fzf by default programs.zellij.enableBashIntegration = false; # Intentionally disabled for keeping stable bash - programs.atuin.enableBashIntegration = false; # Because of atuin depends on ble.sh + programs.atuin.enableBashIntegration = false; # Because of atuin depends on ble.sh. See also https://github.com/atuinsh/atuin/issues/1798 # Used only in bash - https://unix.stackexchange.com/a/689403 # https://github.com/nix-community/home-manager/blob/release-24.11/modules/programs/readline.nix From 058c9b2a902e5839af0a537607e501b0d5e2e401 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Sun, 2 Nov 2025 01:37:30 +0900 Subject: [PATCH 31/33] yaneuraou: 9.01-unstable -> 9.01 Diff: https://github.com/yaneurao/YaneuraOu/compare/33dce0bfa363f63d99977c29b3d6ab40ff896138...v9.01git --- .github/workflows/update-local-packages.yml | 2 +- overlays/default.nix | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/update-local-packages.yml b/.github/workflows/update-local-packages.yml index a3f4f9511..67d0b3c00 100644 --- a/.github/workflows/update-local-packages.yml +++ b/.github/workflows/update-local-packages.yml @@ -106,7 +106,7 @@ jobs: cachix-auth-token: '${{ secrets.CACHIX_AUTH_TOKEN }}' - name: Update packages shell: nix develop --command bash -eu -o pipefail {0} - # - Don't add yaneuraou for now. The tagging convention seems not fixed, so the updater will be flaky. + # - Don't add yaneuraou here. I don't know the tagging convention, and nix-update seems not supporting passthru.updateScript. So the updater will be flaky. run: | nix-update --commit --flake gemini-cli-bin nix-update --commit --flake filen-rclone-unwrapped diff --git a/overlays/default.nix b/overlays/default.nix index ef853d703..8b1829a01 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -135,17 +135,17 @@ } ); - # Wait for releasing stable version which including https://github.com/yaneurao/YaneuraOu/commit/33dce0bfa363f63d99977c29b3d6ab40ff896138 - # See https://github.com/yaneurao/YaneuraOu/issues/304#issuecomment-3405888952 for detail yaneuraou = prev.unstable.yaneuraou.overrideAttrs ( finalAttrs: previousAttrs: { - version = "9.01-unstable"; + # Require https://github.com/yaneurao/YaneuraOu/commit/33dce0bfa363f63d99977c29b3d6ab40ff896138 + # See https://github.com/yaneurao/YaneuraOu/issues/304#issuecomment-3405888952 for detail + version = "9.01"; src = prev.fetchFromGitHub { owner = "yaneurao"; repo = "YaneuraOu"; - rev = "33dce0bfa363f63d99977c29b3d6ab40ff896138"; - hash = "sha256-x0pHkCzby2HTGJoYN3/b9IiX1mIGrxjT2bTqB2lD0Q4="; + tag = "v${finalAttrs.version}git"; + hash = "sha256-1awnGCGIdeMAqAd0TWgoJr5spJo2mFBWdR3iMc2i4OM="; }; } ); From 070e70aa15819d0f0ec075995e2b16521d58c3b9 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Sun, 2 Nov 2025 01:52:31 +0900 Subject: [PATCH 32/33] Revert "Prefer nobody account for this role" This reverts commit 2c6b2010f536e5d00abc3cf21c11ce83117d067c. --- nixos/hosts/algae/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/hosts/algae/default.nix b/nixos/hosts/algae/default.nix index 286de267b..41f565d55 100644 --- a/nixos/hosts/algae/default.nix +++ b/nixos/hosts/algae/default.nix @@ -93,7 +93,7 @@ ]; serviceConfig = { - User = "nobody"; + User = "kachick"; Type = "simple"; # If run without systemd, `--bg` flag might helps From 878a87f632ec8fc01358bb19ca3dc5c8d239b514 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Sun, 2 Nov 2025 01:58:35 +0900 Subject: [PATCH 33/33] Reapply "Prefer nobody account for this role" This reverts commit 070e70aa15819d0f0ec075995e2b16521d58c3b9. --- nixos/hosts/algae/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/hosts/algae/default.nix b/nixos/hosts/algae/default.nix index 41f565d55..286de267b 100644 --- a/nixos/hosts/algae/default.nix +++ b/nixos/hosts/algae/default.nix @@ -93,7 +93,7 @@ ]; serviceConfig = { - User = "kachick"; + User = "nobody"; Type = "simple"; # If run without systemd, `--bg` flag might helps