feat(emacs): auctex

hosts/deertopia/configuration.nix

@@ -49,7 +49,6 @@
 
     deertopia = {
       authelia.enable = true;
-      atticd.enable = true;
       gitea.enable = true;
       quiver.enable = true;
       www.enable = true;

modules/home/users/msyds/emacs/init.el

@@ -49,6 +49,7 @@
     syd/direnv
     syd/ligature
     syd/clojure
+    syd/auctex
     syd/lisp
     syd/minibuffer
     syd/auto-save

modules/home/users/msyds/emacs/lisp/syd/auctex.el

@@ -0,0 +1,11 @@
+;;; -*- lexical-binding: t; -*-
+
+(require 'syd/base)
+
+(use-package auctex
+  :config
+  (add-to-list 'TeX-view-program-selection '(output-pdf "Sioyek")))
+
+(use-package auctex-latexmk)
+
+(provide 'syd/auctex)

modules/nixos/deertopia/atticd.nix

@@ -1,40 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let cfg = config.sydnix.deertopia.atticd;
-in {
-  options.sydnix.deertopia.atticd = {
-    enable = lib.mkEnableOption "Atticd";
-    port = lib.mkOption {
-      default = 8012;
-      type = lib.types.port;
-    };
-  };
-
-  # sudo atticd-atticadm make-token --sub msyds --validity '1 year' --pull 'msyds-*' --push 'msyds-*' --create-cache 'msyds-*' --configure-cache 'msyds-*'
-  config = lib.mkIf cfg.enable {
-    sydnix.sops.secrets.atticd-environment-file = {
-      # owner = config.services.atticd.user;
-      # group = config.services.atticd.group;
-    };
-
-    services.atticd = {
-      enable = true;
-      environmentFile =
-	config.sops.secrets.atticd-environment-file.path;
-      settings = {
-	api-endpoint = "https://attic.deertopia.net/";
-	listen = "[::]:${toString cfg.port}";
-	garbage-collection = {
-	  default-retention-period = "3 months";
-	};
-      };
-    };
-
-    sydnix.deertopia.nginx.vhosts."attic".vhost = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/".proxyPass =
-        "http://127.0.0.1:${toString cfg.port}";
-    };
-  };
-}

modules/nixos/gitea-actions-runner.nix

@@ -3,13 +3,51 @@
 
 let
   cfg = config.sydnix.gitea-actions-runner;
-  container-name = "gitea-actions-runner";
-  gitea-actions-runner-uid = 991;
-  gitea-actions-runner-gid = 989;
   token-file = config.sops.secrets.gitea-actions-runner-token.path;
 in {
   options.sydnix.gitea-actions-runner = {
     enable = lib.mkEnableOption "Gitea actions runner";
+    instance-name = lib.mkOption {
+      type = lib.types.str;
+      default = config.networking.hostName;
+      description = ''
+	The name of the runner instance name.
+      '';
+    };
+    user.name = lib.mkOption {
+      type = lib.types.str;
+      default = "gitea-actions-runner";
+      description = ''
+	The name of the user gitea-actions-runner should run under.
+      '';
+    };
+    user.uid = lib.mkOption {
+      type = lib.types.int;
+      default = 991;
+      description = ''
+	The UID of the user gitea-actions-runner should run under.
+	This must be known at evaluation time so that the same UID can
+	be used both on the host and in the container, allowing the
+	container to access the host's nix-daemon.
+      '';
+    };
+    group.name = lib.mkOption {
+      type = lib.types.str;
+      default = "gitea-actions-runner";
+      description = ''
+	The name of the group gitea-actions-runner should run under.
+      '';
+    };
+    group.gid = lib.mkOption {
+      type = lib.types.int;
+      default = 989;
+      description = ''
+	The GID of the group gitea-actions-runner should run under.
+	This must be known at evaluation time so that the same GID can
+	be used both on the host and in the container, allowing the
+	container to access the host's nix-daemon.
+      '';
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -17,7 +55,7 @@ in {
 
     sydnix.impermanence.directories = [ "/var/lib/gitea-actions-runner" ];
 
-    containers.${container-name} = {
+    containers."gitea-actions-runner" = {
       autoStart = true;
       ephemeral = true;
 
@@ -35,9 +73,9 @@ in {
       config = { config, lib, pkgs, ... }: {
         system.stateVersion = "25.11";
 
-        services.gitea-actions-runner.instances.sydpc = {
+        services.gitea-actions-runner.instances.${cfg.instance-name} = {
           enable = true;
-          name = "sydpc";
+          name = cfg.instance-name;
           url = "https://git.deertopia.net/";
           tokenFile = token-file;
           labels = [ "nixos:host" ];
@@ -56,23 +94,27 @@ in {
 
         # Disable dynamic user so runner state persists via bind mount
 	assertions = [{
-	  assertion = config.systemd.services.gitea-actions-runner-sydpc.enable;
+	  assertion =
+	    config.systemd.services.gitea-actions-runner-sydpc.enable;
 	  message = ''
-	    Expected systemd service 'gitea-actions-runner-sydpc' is not
+	    Expected systemd service 'gitea-actions-runner-sydpc' is
-	    enabled — the gitea-actions-runner module may have changed
+	    not enabled — the gitea-actions-runner NixOS module may
-	    its naming scheme.
+	    have changed its naming scheme.
 	  '';
 	}];
+
         systemd.services.gitea-actions-runner-sydpc.serviceConfig.DynamicUser
 	  = lib.mkForce false;
-        users.users.gitea-actions-runner = {
+
-          uid = gitea-actions-runner-uid;
+        users.users.${cfg.user.name} = {
+          uid = cfg.user.uid;
           home = "/var/lib/gitea-actions-runner";
-          group = "gitea-actions-runner";
+          group = cfg.group.name;
           isSystemUser = true;
           createHome = true;
         };
-        users.groups.gitea-actions-runner.gid = gitea-actions-runner-gid;
+
+        users.groups.gitea-actions-runner.gid = cfg.group.gid;
 
         nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
@@ -81,23 +123,27 @@ in {
           nodejs
           jq
           attic-client
+	  omnix
         ];
       };
     };
 
     # Needs to be outside of the container because container uses's
     # the host's nix-daemon
-    nix.settings.trusted-users = [ "gitea-actions-runner" ];
+    nix.settings.trusted-users = [
+      cfg.user.name
+    ];
 
-    # Matching user on host — the container's gitea-actions-runner UID must be
+    # Matching user on host — the container's gitea-actions-runner UID
-    # recognized by the host's nix-daemon as trusted (shared UID namespace)
+    # must be recognized by the host's nix-daemon as trusted (shared
-    users.users.gitea-actions-runner = {
+    # UID namespace)
-      uid = gitea-actions-runner-uid;
+    users.users.${cfg.user.name} = {
+      uid = cfg.user.uid;
       home = "/var/lib/gitea-actions-runner";
-      group = "gitea-actions-runner";
+      group = cfg.group.name;
       isSystemUser = true;
       createHome = true;
     };
-    users.groups.gitea-actions-runner.gid = gitea-actions-runner-gid;
+    users.groups.${cfg.group.name}.gid = cfg.group.gid;
   };
 }

modules/nixos/impermanence.nix

@@ -70,10 +70,6 @@ in {
     };
 
     # O_O what the fuck did i write this for.... CONCERNING.
-    #
-    # oh because of these types of errors:
-    #   Directory "/var/lib/private" already exists, but has mode 0755
-    #   that is too permissive (0700 was requested), refusing.
     systemd.tmpfiles.settings."10-varlibprivate" = {
       "/var/lib/private" = {
         z.group = "root";
@@ -82,13 +78,6 @@ in {
       };
     };
 
-    # Workaround for https://github.com/nix-community/impermanence/issues/254.
-    systemd.services."systemd-tmpfiles-resetup" = {
-      serviceConfig = {
-        RemainAfterExit = lib.mkForce false;
-      };
-    };
-
     # Permit members of `cfg.persistGroupName` to read, write, and execute
     # /persist.
     systemd.tmpfiles.settings."10-persist" = {