oil and domain config

2026-04-15 05:02:10 +00:00 · 2026-03-30 23:51:45 -04:00 · 2026-03-30 23:51:45 -04:00 · 15d0faef95
commit 15d0faef95
parent 30ac6bc674
4 changed files with 152 additions and 147 deletions
--- a/config/nvim/lua/plugins/oil.lua
+++ b/config/nvim/lua/plugins/oil.lua
@ -1,92 +1,84 @@
-vim.pack.add({
-  "https://github.com/barrettruth/canola.nvim",
-  "https://github.com/barrettruth/canola-collection",
-}, { load = function() end })
-
-return {
-  {
-    "barrettruth/canola.nvim",
-    cmd = "Canola",
-    before = function()
-      vim.g.canola = {
-        columns = { "icon" },
-        delete = { wipe = false, recursive = true },
-        hidden = { enabled = false },
-        keymaps = {
-          ["g?"] = { callback = "actions.show_help", mode = "n" },
-          ["<CR>"] = "actions.select",
-          ["<C-v>"] = { callback = "actions.select", opts = { vertical = true } },
-          ["<C-x>"] = { callback = "actions.select", opts = { horizontal = true } },
-          ["<C-p>"] = "actions.preview",
-          ["<C-c>"] = { callback = "actions.close", mode = "n" },
-          ["-"] = { callback = "actions.parent", mode = "n" },
-          ["g."] = { callback = "actions.toggle_hidden", mode = "n" },
-          ["<C-t>"] = false,
-        },
-      }
-    end,
-    after = function()
-      vim.cmd.packadd "canola-collection"
-
-      local ns = vim.api.nvim_create_namespace "canola_git_trailing"
-      local symbols = {
-        M = { "M", "DiagnosticWarn" },
-        A = { "A", "DiagnosticOk" },
-        D = { "D", "DiagnosticError" },
-        R = { "R", "DiagnosticWarn" },
-        ["?"] = { "?", "DiagnosticInfo" },
-        ["!"] = { "!", "Comment" },
-      }
-
-      local function apply_git_status(buf)
-        if not vim.api.nvim_buf_is_valid(buf) then return end
-        vim.api.nvim_buf_clear_namespace(buf, ns, 0, -1)
-
-        local ok, canola = pcall(require, "canola")
-        if not ok then return end
-
-        local dir = canola.get_current_dir(buf)
-        if not dir then return end
-
-        local git_ok, git = pcall(require, "canola-git")
-        if not git_ok then return end
-
-        local dir_cache = git._cache[dir]
-        if not dir_cache or not dir_cache.status then return end
-
-        local lines = vim.api.nvim_buf_line_count(buf)
-        for lnum = 0, lines - 1 do
-          local entry = canola.get_entry_on_line(buf, lnum + 1)
-          if entry then
-            local status = dir_cache.status[entry.name]
-            if status then
-              local ch = status:sub(1, 1)
-              if ch == " " then ch = status:sub(2, 2) end
-              local sym = symbols[ch]
-              if sym then
-                vim.api.nvim_buf_set_extmark(buf, ns, lnum, 0, {
-                  virt_text = { { " " .. sym[1], sym[2] } },
-                  virt_text_pos = "eol",
-                  invalidate = true,
-                })
-              end
-            end
-          end
-        end
-      end
-
-      vim.api.nvim_create_autocmd("User", {
-        pattern = "CanolaReadPost",
-        callback = function(args)
-          local buf = args.buf
-          apply_git_status(buf)
-          vim.defer_fn(function() apply_git_status(buf) end, 500)
-        end,
-      })
-    end,
-    keys = {
-      { "-", "<cmd>Canola<cr>" },
-      { "<leader>e", "<cmd>Canola<cr>" },
-    },
+vim.g.canola = {
+  columns = { "icon" },
+  delete = { wipe = false, recursive = true },
+  hidden = { enabled = false },
+  keymaps = {
+    ["g?"] = { callback = "actions.show_help", mode = "n" },
+    ["<CR>"] = "actions.select",
+    ["<C-v>"] = { callback = "actions.select", opts = { vertical = true } },
+    ["<C-x>"] = { callback = "actions.select", opts = { horizontal = true } },
+    ["<C-p>"] = "actions.preview",
+    ["<C-c>"] = { callback = "actions.close", mode = "n" },
+    ["-"] = { callback = "actions.parent", mode = "n" },
+    ["g."] = { callback = "actions.toggle_hidden", mode = "n" },
+    ["<C-t>"] = false,
  },
 }
+
+vim.pack.add {
+  "https://github.com/barrettruth/canola.nvim",
+  "https://github.com/barrettruth/canola-collection",
+}
+
+vim.cmd.packadd "canola-collection"
+
+map("n", "-", "<cmd>Canola<cr>")
+map("n", "<leader>e", "<cmd>Canola<cr>")
+
+local ns = vim.api.nvim_create_namespace "canola_git_trailing"
+local symbols = {
+  M = { "M", "DiagnosticWarn" },
+  A = { "A", "DiagnosticOk" },
+  D = { "D", "DiagnosticError" },
+  R = { "R", "DiagnosticWarn" },
+  ["?"] = { "?", "DiagnosticInfo" },
+  ["!"] = { "!", "Comment" },
+}
+
+local function apply_git_status(buf)
+  if not vim.api.nvim_buf_is_valid(buf) then return end
+  vim.api.nvim_buf_clear_namespace(buf, ns, 0, -1)
+
+  local ok, canola = pcall(require, "canola")
+  if not ok then return end
+
+  local dir = canola.get_current_dir(buf)
+  if not dir then return end
+
+  local git_ok, git = pcall(require, "canola-git")
+  if not git_ok then return end
+
+  local dir_cache = git._cache[dir]
+  if not dir_cache or not dir_cache.status then return end
+
+  local lines = vim.api.nvim_buf_line_count(buf)
+  for lnum = 0, lines - 1 do
+    local entry = canola.get_entry_on_line(buf, lnum + 1)
+    if entry then
+      local status = dir_cache.status[entry.name]
+      if status then
+        local ch = status:sub(1, 1)
+        if ch == " " then ch = status:sub(2, 2) end
+        local sym = symbols[ch]
+        if sym then
+          vim.api.nvim_buf_set_extmark(buf, ns, lnum, 0, {
+            virt_text = { { " " .. sym[1], sym[2] } },
+            virt_text_pos = "eol",
+            invalidate = true,
+          })
+        end
+      end
+    end
+  end
+end
+
+vim.api.nvim_create_autocmd("User", {
+  pattern = "CanolaReadPost",
+  callback = function(args)
+    local buf = args.buf
+    apply_git_status(buf)
+    vim.defer_fn(function() apply_git_status(buf) end, 500)
+  end,
+})
+
+return { "barrettruth/canola.nvim" }
--- a/config/nvim/plugin/autocmds.lua
+++ b/config/nvim/plugin/autocmds.lua
@ -1,13 +1,6 @@
 local api = vim.api
 local augroup = api.nvim_create_augroup("UserAutocmds", { clear = true })

-local function maybe_load_canola(bufnr)
-  local name = api.nvim_buf_get_name(bufnr)
-  if name == "" or vim.fn.isdirectory(name) == 0 then return end
-
-  pcall(vim.cmd, "silent keepalt Canola " .. vim.fn.fnameescape(name))
-end
-
 api.nvim_create_autocmd("TextYankPost", {
  group = augroup,
  callback = function() vim.highlight.on_yank { higroup = "Visual", timeout = 200 } end,
@ -22,20 +15,6 @@ api.nvim_create_autocmd("BufReadPost", {
  end,
 })

-api.nvim_create_autocmd("BufEnter", {
-  group = augroup,
-  nested = true,
-  callback = function(args)
-    if vim.v.vim_did_enter == 1 then maybe_load_canola(args.buf) end
-  end,
-})
-
-api.nvim_create_autocmd("VimEnter", {
-  group = augroup,
-  nested = true,
-  callback = function() maybe_load_canola(0) end,
-})
-
 api.nvim_create_autocmd("VimResized", {
  group = augroup,
  callback = function()
--- a/hosts/netty/configuration.nix
+++ b/hosts/netty/configuration.nix
@ -9,6 +9,9 @@
 }:
 let
  packageSets = import ../../lib/package-sets.nix { inherit inputs lib pkgs; };
+  sandboxDomain = "netty.harivan.sh";
+  forgejoDomain = "git.harivan.sh";
+  forgejoApiUrl = "http://127.0.0.1:3000";
  sandboxAgentPackage = pkgs.callPackage ../../pkgs/sandbox-agent { };
  sandboxAgentDir = "/home/${username}/.config/sandbox-agent";
  sandboxAgentPath =
@ -203,13 +206,13 @@ in
    recommendedTlsSettings = true;
    clientMaxBodySize = "512m";

-    virtualHosts."netty.harivan.sh" = {
+    virtualHosts.${sandboxDomain} = {
      enableACME = true;
      forceSSL = true;
      locations."/".proxyPass = "http://127.0.0.1:2470";
    };

-    virtualHosts."git.example.dev" = {
+    virtualHosts.${forgejoDomain} = {
      enableACME = true;
      forceSSL = true;
      locations."/".proxyPass = "http://127.0.0.1:3000";
@ -231,10 +234,10 @@ in
    group = "git";
    settings = {
      server = {
-        DOMAIN = "git.example.dev";
-        ROOT_URL = "https://git.example.dev/";
+        DOMAIN = forgejoDomain;
+        ROOT_URL = "https://${forgejoDomain}/";
        HTTP_PORT = 3000;
-        SSH_DOMAIN = "git.example.dev";
+        SSH_DOMAIN = forgejoDomain;
      };
      service.DISABLE_REGISTRATION = true;
      session.COOKIE_SECURE = true;
@ -258,53 +261,84 @@ in
      pkgs.curl
      pkgs.jq
      pkgs.coreutils
+      pkgs.gnused
    ];
    script = ''
      set -euo pipefail

-      # Fetch all GitHub repos
+      api_call() {
+        local response http_code body
+        response=$(curl -sS -w "\n%{http_code}" "$@")
+        http_code=$(printf '%s\n' "$response" | tail -n1)
+        body=$(printf '%s\n' "$response" | sed '$d')
+        if [ "$http_code" -ge 400 ]; then
+          printf '[forgejo-mirror-sync] HTTP %s\n' "$http_code" >&2
+          printf '%s\n' "$body" >&2
+          return 1
+        fi
+        printf '%s' "$body"
+      }
+
+      gh_user=$(api_call -H "Authorization: token $GITHUB_TOKEN" \
+        "https://api.github.com/user" | jq -r '.login')
+
+      repos_file=$(mktemp)
+      trap 'rm -f "$repos_file"' EXIT
+
      page=1
-      repos=""
      while true; do
-        batch=$(curl -sf -H "Authorization: token $GITHUB_TOKEN" \
-          "https://api.github.com/user/repos?per_page=100&page=$page&affiliation=owner")
-        count=$(echo "$batch" | jq length)
+        batch=$(api_call -H "Authorization: token $GITHUB_TOKEN" \
+          "https://api.github.com/user/repos?per_page=100&page=$page&visibility=all&affiliation=owner,organization_member")
+        count=$(printf '%s' "$batch" | jq length)
        [ "$count" -eq 0 ] && break
-        repos="$repos$batch"
+        printf '%s' "$batch" | jq -r '.[] | [.full_name, .clone_url] | @tsv' >> "$repos_file"
        page=$((page + 1))
      done

-      echo "$repos" | jq -r '.[].clone_url' | while read -r clone_url; do
-        repo_name=$(basename "$clone_url" .git)
+      sort -u "$repos_file" -o "$repos_file"

-        # Check if mirror already exists in Forgejo
-        status=$(curl -sf -o /dev/null -w '%{http_code}' \
+      while IFS=$'\t' read -r full_name clone_url; do
+        repo_owner="''${full_name%%/*}"
+        repo_name="''${full_name#*/}"
+
+        if [ "$repo_owner" = "$gh_user" ]; then
+          forgejo_repo_name="$repo_name"
+        else
+          forgejo_repo_name="$repo_owner--$repo_name"
+        fi
+
+        status=$(curl -sS -o /dev/null -w '%{http_code}' \
          -H "Authorization: token $FORGEJO_TOKEN" \
-          "$FORGEJO_URL/api/v1/repos/$FORGEJO_OWNER/$repo_name")
+          "${forgejoApiUrl}/api/v1/repos/$FORGEJO_OWNER/$forgejo_repo_name" || true)

        if [ "$status" = "404" ]; then
-          # Create mirror
-          curl -sf -X POST \
+          api_call -X POST \
            -H "Authorization: token $FORGEJO_TOKEN" \
            -H "Content-Type: application/json" \
-            "$FORGEJO_URL/api/v1/repos/migrate" \
-            -d "{
-              \"clone_addr\": \"$clone_url\",
-              \"auth_token\": \"$GITHUB_TOKEN\",
-              \"uid\": $(curl -sf -H "Authorization: token $FORGEJO_TOKEN" "$FORGEJO_URL/api/v1/user" | jq .id),
-              \"repo_name\": \"$repo_name\",
-              \"mirror\": true,
-              \"service\": \"github\"
-            }"
-          echo "Created mirror: $repo_name"
+            "${forgejoApiUrl}/api/v1/repos/migrate" \
+            -d "$(jq -n \
+              --arg addr "$clone_url" \
+              --arg name "$forgejo_repo_name" \
+              --arg owner "$FORGEJO_OWNER" \
+              --arg token "$GITHUB_TOKEN" \
+              '{
+                clone_addr: $addr,
+                repo_name: $name,
+                repo_owner: $owner,
+                mirror: true,
+                auth_token: $token,
+                service: "github"
+              }')" \
+            > /dev/null
+          echo "Created mirror: $full_name -> $FORGEJO_OWNER/$forgejo_repo_name"
        else
-          # Trigger sync on existing mirror
-          curl -sf -X POST \
+          api_call -X POST \
            -H "Authorization: token $FORGEJO_TOKEN" \
-            "$FORGEJO_URL/api/v1/repos/$FORGEJO_OWNER/$repo_name/mirror-sync" || true
-          echo "Synced mirror: $repo_name"
+            "${forgejoApiUrl}/api/v1/repos/$FORGEJO_OWNER/$forgejo_repo_name/mirror-sync" \
+            > /dev/null
+          echo "Synced mirror: $full_name -> $FORGEJO_OWNER/$forgejo_repo_name"
        fi
-      done
+      done < "$repos_file"
    '';
  };

--- a/nix-maxxing.txt
+++ b/nix-maxxing.txt
@ -106,15 +106,15 @@ in zsh.nix for entries that need conditional logic.
 All in hosts/netty/configuration.nix:

 Nginx reverse proxy with ACME SSL:
-  - sandbox.example.dev -> 127.0.0.1:2470 (sandbox agent)
-  - git.example.dev -> 127.0.0.1:3000 (forgejo)
+  - netty.harivan.sh -> 127.0.0.1:2470 (sandbox agent)
+  - git.harivan.sh -> 127.0.0.1:3000 (forgejo)

 Forgejo:
  - Self-hosted git, registration disabled
  - Runs as git user on port 3000
  - GitHub mirror sync via hourly systemd timer
  - Requires /etc/forgejo-mirror.env with GITHUB_TOKEN, FORGEJO_TOKEN,
-    FORGEJO_URL, FORGEJO_OWNER
+    FORGEJO_OWNER

 Sandbox Agent:
  - System-level systemd services (not user units)