freshlybakedca.ke
commits
There are some libraries that were updated in nixpkgs 25.11 but which
Collabora gtimelog doesn't support newer versions of. Building gtimelog
from 25.11 will get you an error that looks like this
Traceback (most recent call last):
File "/nix/store/akvr4z3wjiw2gizz6jnbb3f29wa29h8a-python3.13-pygobject-3.54.5/lib/python3.13/site-packages/gi/importer.py", line 137, in create_module
introspection_module = get_introspection_module(namespace)
File "/nix/store/akvr4z3wjiw2gizz6jnbb3f29wa29h8a-python3.13-pygobject-3.54.5/lib/python3.13/site-packages/gi/module.py", line 244, in get_introspection_module
module = IntrospectionModule(namespace, version)
File "/nix/store/akvr4z3wjiw2gizz6jnbb3f29wa29h8a-python3.13-pygobject-3.54.5/lib/python3.13/site-packages/gi/module.py", line 104, in __init__
repository.require(namespace, version)
~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^
gi.RepositoryError: Typelib file for namespace 'cairo', version '1.0' not found
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/nix/store/bmy9cw4hbnrq00cc29sza5083yamw74s-gtimelog-0.12.0/bin/.gtimelog-wrapped", line 6, in <module>
from gtimelog.main import main
File "/nix/store/bmy9cw4hbnrq00cc29sza5083yamw74s-gtimelog-0.12.0/lib/python3.13/site-packages/gtimelog/main.py", line 72, in <module>
from gi.repository import Gdk, Gio, GLib, GObject, Gtk, Pango, Soup # noqa: E402
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/nix/store/akvr4z3wjiw2gizz6jnbb3f29wa29h8a-python3.13-pygobject-3.54.5/lib/python3.13/site-packages/gi/importer.py", line 139, in create_module
raise ImportError(e) from e
ImportError: Typelib file for namespace 'cairo', version '1.0' not found
From using nix-locate we can see that cairo-1.0.typelib is in gobject
introspection 1.84.0...
$ nix-locate cairo-1.0.typelib
gobject-introspection.out 0 s /nix/store/i6asc7b7ws92inj5bqvmdbcs3n77dknz-gobject-introspection-wrapped-1.84.0/lib/girepository-1.0/cairo-1.0.typelib
gobject-introspection-unwrapped.out 14,740 r /nix/store/dpwppqwbm76q7h1gk8mv0mg4ylf4b551-gobject-introspection-1.84.0/lib/girepository-1.0/cairo-1.0.typelib
...but search.nixos.org tells us that gobject-introspection is at 1.86.0
Downgrading to 25.05 fixes this issue...
We're seeing some issues with jobs choking up when we have a
long-waiting maintenance service
Instead, we think it might be better to have this run every 30 seconds
for at most 30 seconds, thus causing stuck jobs not to cause trouble...
Since https://github.com/NixOS/nixpkgs/commit/2d0a48912550cdc39a64e71d09d2c838973871ad,
ACME certificates have been issued using a different set of services.
The missinghost.invalid configuration here ended up breaking the nginx
startup by making it so no selfsigned certificate was ever generated,
getting nginx to die on a missing certificate.
Additonally, also as a result of this ACME rework, Stalwart was waiting
on a bunch of nonexistent things and now no longer is
CategoryWatch looks like it's going to work when you load it, but
at runtime there is an error which prevents category reindexes. To
workaround this, we can remove the extension entirely...
It's not good if our links are case sensitive as different
capitalizations aren't that distinct really. It's still important to
make sure we don't mess up capitalization in the UI or when forwarding
to search engines/etc., though
BREAKING-CHANGE: If you're using links that were made with capitals, those links will stop working
By default, there's no good mobile skin for Mediawiki. You can load
"minerva", which appears to come bundled but not by-default-enabled, but
there's no auto-switching to it when on mobile devices.
The MobileFrontend plugin (as used on Wikipedia) fixes this by using
minerva on mobile devices and a different theme on desktop.
There are some repositories where there's no "main" or "master" branch.
In this case, it would be nice to use "truck" as the main branch
We have some drives in umber that should be set up as a software RAID.
To do that, we need to enable this in the hardware config
I want a private file host for things I can't put on our main copyparty
instance. I'll host that on umber
Grocy is a stock tracking application for groceries. I'd like to use it
to keep track of some of my stuff, so let's host it on umber!
There's no need for us to be listening for silverbullet on our
clicks.domains host, nor should we be listening for plain HTTP anymore
We previously returned One Of The Websites when nginx was accessed from
a host that we didn't know about. That included direct IP address access
as well as things which have been CNAMEd to us (either through a starred
record or due to past services) but which aren't actually hosted by us.
This leads to a number of undesireable effects:
- User confusion ("why does the aux docs website have Stalwart?")
- Incorrect SSL certificates ("your blog seems to have an invalid
certificate")
- SSL being offered via direct IPs, which isn't possible to sign on the
public internet
We can block this by making a default server to take control whenever
nothing matches, and setting that default server to block all
connections and reject all SSL handshakes
We need to have a certificate for this, but it needn't actually be valid
for anything so let's self sign stuff...
I've chatted with Coded, and we think it's better to run the same
shortener on all our short domains than to have separate shorteners for
separate domains. Therefore, let's extend menu to starry.sk
It's only basic routes for now - but this is effectively a first
prototype of a golinks server. We still need to make everything
beautiful, but it should be in a workable state when deployed on teal as
of now...
This needs some changes on packetmix to set up a database as well, so
let's make those here too...
Doing this as a oneshot means that on switch-ing configuration, the
service never "comes up" (as it gets stuck in the --wait). It's far
better to just have a standard service that is restarted by a timer when
it exits rather than a oneshot here...
We have an extension called Cargo which lets you query through pages.
As well as letting you add arbitrary data to select pages, you can also
have a table which is auto-filled with standard page data. By default,
the table doesn't store much info about each page. It might be nice for
querying if we had various other fields enabled!
The network plugin lets you visualize the relationship between
pages in a graph - similar to what Obsidian Graph View does, say:
https://help.obsidian.md/plugins/graph
Hyperneutrino requested it, and it's not a particularly difficult plugin
to install so hyperneutrino gets it :)
menu is the golinks provider and URL shortener that we're writing. So we
can start using it right away, it would be good to host it on teal ASAP
If we want to use menu on teal, it needs to be packaged for Nix. Let's
do that!
We're going to need some routes to fallback to when we hit a URL that
doesn't yet exist. I've added some basic ones - which means we can
deploy this project as soon as it's packaged, as even if it's not
really ready to use yet, switching your search engine to it won't cause
problems
Our josh files and combined project pieces have been a mess for a while.
As I'm creating a new project, I thought it was high time to tidy them
up so they pull out the right files and we can share things like our
inputs.
For fixing the warning
> trace: evaluation warning: 'system' has been renamed to/replaced by 'stdenv.hostPlatform.system'
There's a few bits and pieces in upstream libraries, which have been
updated to unreleased (or unmerged) versions - I'm putting this through
because it's so critical, with approval from Coded - we will need to
upstream, verify, etc. these changes more properly to consider this
"fixed". This is a "good enough for now"
From https://www.mediawiki.org/wiki/Manual:CategoryMembershipChanges,
under https://creativecommons.org/licenses/by-sa/4.0/
> Catwatch is a MediaWiki feature that tracks category membership
> changes. It is possible to view these changes in the recent changes
> and watchlists.
We would previously get this error when fetching on new machines
… while fetching the input 'git+https://gerrit.wikimedia.org/r/mediawiki/extensions/AdvancedSearch?rev=398c9fa782843d8b3aeaa5ebb1c1b3db35c3382f'
error: Cannot find Git revision '398c9fa782843d8b3aeaa5ebb1c1b3db35c3382f' in ref 'refs/heads/master' of repository 'https://gerrit.wikimedia.org/r/mediawiki/extensions/AdvancedSearch'! Please make sure that the rev exists on the ref you've specified or add allRefs = true; to fetchGit.
Now, this is what I'd expect - because we're not meant to be fetching
master of this extension - we're meant to be fetching a branch! This
seems to be an issue with npins' fetchgit call, which misses out the ref
Due to a nilla bug, fetching dependencies is required for evaluation
so this prevented any evaluation
We don't have anything licensed under GPL-3.0-or-later anymore (I think
we previously had a patch under it). We need to remove it...
Pinea has decided to leave packetmix. Their modules are quite different
from ours anyway, so we can no longer maintain KDE and suchlike. Let's
remove the modules from the tree.
I think this may be due to the recent 25.11 updates, but I'm not
entirely sure.
sshd started to create forwarded agents under $HOME. This broke Josh
since as home was /var/empty, so forwarding was impossible, resulting in
this error:
debug1: Requesting authentication agent forwarding.
... 8< -- snip -- 8< ...
debug1: Remote: Agent forwarding disabled: couldn't create listener socket
Creating a home for Josh fixes this
This was added before Stalwart was our live mailserver. At that point,
we could only access it over Tailscale. Nowadays, we can access it
without this record, so it's better to avoid it as it only serves to
make the Tailscale network different to the live internet.
Hyperneutrino is a friend of mine, and they have asked for access to the
headscale instance. Let's give them the standard permissions...
In the copyparty code, we previously hid a header before overriding it.
Hiding a header hides it from the client when the server sends it.
There's no point to it here. It isn't actively harmful, since as we set
the header after anyway, but it's also not required and could be
confusing.
We run Tailscale, which sometimes has internal routes to things. These
override all DNS address entries for specified domains, which breaks
verifying ACME TXT records, which prevents us fetching certificates.
Resolving ACME using Cloudflare avoids the issue...
In https://github.com/josh-project/josh/pull/1704 I fixed the way Josh
works with redirects. Since as that's not yet in a release, we'll need
to pull in Josh's master for it to be effective.
The bug prevented Josh working entirely with Tangled, since as Tangled
redirects .git -> bare in repo URLs rather than the other way around. As
we use Josh with Tangled, there was a period of time where we couldn't
clone or pull through it at all. This had a multitude of knock-on
effects including making it difficult for me to upstream patches (so I
often didn't bother) and entirely breaking our auto-sync mechanism
(which relies on Josh to pull out packetmix from patisserie)
We run silverbullet on teal, and it's a great piece of software. It's
not ideal for us, however, as it doesn't support multiple users the best
and we've had various sync conflicts/delays/etc. even with 1 user. We
also don't need all of its features - for example it seems to be leaning
heavily into offline mode which we don't need...
...insetad, mediawiki. It's heavier, uses wikitext rather than markdown,
etc. but for collaborative features, history, etc. it far exceeds
SilverBullet
We hadn't set up client routing on our personal machines, which stopped
us from using exit nodes/routes/etc.
I've just switched over to a new, larger, SSD. This led to a repartition
which means my drive UUIDs became wrong. Rather than copy down the new
UUIDs, I decided it was nicer to use the drive labels - which also works
I have some apps that I want to install via flatpak, so let's get and
persist flatpak :)
I'm using https://github.com/juliusknorr/nextcloud-docker-dev to test
some changes to a nextcloud plugin, as the plugin needs a more recent
version of Nextcloud than is in nixpkgs.
To be available, I need to set up my hosts file correctly and forward
this over nginx for my other devices.
provokateurin is a GitHub user who works for Nextcloud, so I end up
interacting with her/seeing her commits around sometimes. It'd be nice
to verify them...
I'm doing some development using leptos. There are some recommended
options for rust-analyzer in its book:
https://book.leptos.dev/getting_started/leptos_dx.html
Co-Authored-By: Skyler Grey <sky@a.starrysky.fyi>
deadnix finds unused nix code, some versions were giving us trouble
as we rely on some unused parameters to be introspected by callers...
though not all of them
Previously we were running in to a race condition where OIDC wouldn't
start early enough, so kavita would load without it. As we have turned
off passwords entirely, this would cause the instance to be unusable
I've copied this wait code directly from our oauth2-proxy stuff, which
has the same problem. We should consider if there's a better way to do
this...
Without these, Kavita cannot access files in the library properly
Previously we had our libraries in a subdirectory of /var/lib/copyparty
While that's an OK idea in theory, in practice it'd require us to make
every directory on the way to /var/lib/copyparty/data/groups/library
+rx to kavita. That's something we're unwilling to do. The true fix is
to move this out so we don't have to meddle with permissions except
those which are directly on this directory
Midnight hosts cache.freshlybakedca.ke, so there are problems (errors)
if it tries to use it too.
Since as there's no process to filter out of a list of values without
losing the rest of the list (*except evaluating twice through scalpel
like processes), we need to disable this at the source. That means it's
best to pull this out into an ingredient and detect whether the
ingredient is enabled for turning the cache on/off...
In our ongoing quest to move away from configuration.nix, this commit
moves printing over to redhead (which to-my-knowledge is the only
machine we want to print on). To store printer configurations (and be
useful in the first place) redhead needs the CUPS directory persisted,
so let's do that...
I have my work dock monitors here, but that's not the only place I dock
my laptop at work: there's also a monitor in our conference room. The
auto layout places it at [0, 0] (due to the laptop monitor needing to be
placed further out so there aren't issues with xwayland...). Therefore,
I need to set it up manually or I will not be able to move windows to it
or otherwise use it.
Co-Authored-By: Skyler Grey <sky@a.starrysy.fyi>
previously, back(@, 1) == @. That feels very weird, so instead now
back(@, 0) == @. Since as back(@, n) was used in the rangediff script,
I also had to update that script to cope with this (it had the correct
behavior already...)
We've had to do some interesting finagling to get this to happen, since
as AFAICT there is no way to do maths in the revset language (so no
way to add 1). Instead, we've done revision- to go back 1 already, so
our argument operates on a revision already 1 in the past.
Of course, 0 isn't going to bring us forward again so we instead have
to coalesce and return the current revision if we have no changes. Again
the revset language gets in our way since as there isn't a way to tell
if we have 0 as a quantity directly. Fortunately, for 0 we can make
a set that is always guarenteed to have the whole repo as members if
and only if our number was 0, and logically-and that with our current
revision to conditionally return it.
We also replaced our heads call with `ancestors(foo-) & ~ancestors(foo)`
- normally equivalent, but better if we've reached the end of our
commits, for example if we do `fwd(5)` when in reality we only have 2
more commits ontop of us. Previously that would return the last commit,
now it returns nothing
Finally, we've added some aliases to `fwd(n)` which default to using `@`
since as that seems to be a very common case.
I missed some timecodes when I made my initial espanso set. I'd rather
like shortenings for everything I use, so here are some for these
We wrote these initially before metaedit existed. Now that metaedit does
exist, the `jj describe --reset-author --no-edit` command is deprecated
and posts some warnings about it...
This IP was changed in the release and treefmt workflows, but we missed
it in the build workflow
The power to umber turns off at midnight. Therefore, we should shut it
down beforehand to make sure it shuts down cleanly
Bluesky PDS was trying to remove a specific version of atproto. This
meant that as the version was bumped, the build would break. If we use
find to check the right version to remove, this won't break anymore
unless the build does actually need to change
Nix has a behavior where if you provide a hash, even if the recipe for
a derivation changes nix will not recompute the derivation - provided
it's still in the store. This was causing us trouble with our pds
dependencies after the recent npins bump
There are some libraries that were updated in nixpkgs 25.11 but which
Collabora gtimelog doesn't support newer versions of. Building gtimelog
from 25.11 will get you an error that looks like this
Traceback (most recent call last):
File "/nix/store/akvr4z3wjiw2gizz6jnbb3f29wa29h8a-python3.13-pygobject-3.54.5/lib/python3.13/site-packages/gi/importer.py", line 137, in create_module
introspection_module = get_introspection_module(namespace)
File "/nix/store/akvr4z3wjiw2gizz6jnbb3f29wa29h8a-python3.13-pygobject-3.54.5/lib/python3.13/site-packages/gi/module.py", line 244, in get_introspection_module
module = IntrospectionModule(namespace, version)
File "/nix/store/akvr4z3wjiw2gizz6jnbb3f29wa29h8a-python3.13-pygobject-3.54.5/lib/python3.13/site-packages/gi/module.py", line 104, in __init__
repository.require(namespace, version)
~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^
gi.RepositoryError: Typelib file for namespace 'cairo', version '1.0' not found
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/nix/store/bmy9cw4hbnrq00cc29sza5083yamw74s-gtimelog-0.12.0/bin/.gtimelog-wrapped", line 6, in <module>
from gtimelog.main import main
File "/nix/store/bmy9cw4hbnrq00cc29sza5083yamw74s-gtimelog-0.12.0/lib/python3.13/site-packages/gtimelog/main.py", line 72, in <module>
from gi.repository import Gdk, Gio, GLib, GObject, Gtk, Pango, Soup # noqa: E402
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/nix/store/akvr4z3wjiw2gizz6jnbb3f29wa29h8a-python3.13-pygobject-3.54.5/lib/python3.13/site-packages/gi/importer.py", line 139, in create_module
raise ImportError(e) from e
ImportError: Typelib file for namespace 'cairo', version '1.0' not found
From using nix-locate we can see that cairo-1.0.typelib is in gobject
introspection 1.84.0...
$ nix-locate cairo-1.0.typelib
gobject-introspection.out 0 s /nix/store/i6asc7b7ws92inj5bqvmdbcs3n77dknz-gobject-introspection-wrapped-1.84.0/lib/girepository-1.0/cairo-1.0.typelib
gobject-introspection-unwrapped.out 14,740 r /nix/store/dpwppqwbm76q7h1gk8mv0mg4ylf4b551-gobject-introspection-1.84.0/lib/girepository-1.0/cairo-1.0.typelib
...but search.nixos.org tells us that gobject-introspection is at 1.86.0
Downgrading to 25.05 fixes this issue...
Since https://github.com/NixOS/nixpkgs/commit/2d0a48912550cdc39a64e71d09d2c838973871ad,
ACME certificates have been issued using a different set of services.
The missinghost.invalid configuration here ended up breaking the nginx
startup by making it so no selfsigned certificate was ever generated,
getting nginx to die on a missing certificate.
Additonally, also as a result of this ACME rework, Stalwart was waiting
on a bunch of nonexistent things and now no longer is
It's not good if our links are case sensitive as different
capitalizations aren't that distinct really. It's still important to
make sure we don't mess up capitalization in the UI or when forwarding
to search engines/etc., though
BREAKING-CHANGE: If you're using links that were made with capitals, those links will stop working
By default, there's no good mobile skin for Mediawiki. You can load
"minerva", which appears to come bundled but not by-default-enabled, but
there's no auto-switching to it when on mobile devices.
The MobileFrontend plugin (as used on Wikipedia) fixes this by using
minerva on mobile devices and a different theme on desktop.
We previously returned One Of The Websites when nginx was accessed from
a host that we didn't know about. That included direct IP address access
as well as things which have been CNAMEd to us (either through a starred
record or due to past services) but which aren't actually hosted by us.
This leads to a number of undesireable effects:
- User confusion ("why does the aux docs website have Stalwart?")
- Incorrect SSL certificates ("your blog seems to have an invalid
certificate")
- SSL being offered via direct IPs, which isn't possible to sign on the
public internet
We can block this by making a default server to take control whenever
nothing matches, and setting that default server to block all
connections and reject all SSL handshakes
We need to have a certificate for this, but it needn't actually be valid
for anything so let's self sign stuff...
It's only basic routes for now - but this is effectively a first
prototype of a golinks server. We still need to make everything
beautiful, but it should be in a workable state when deployed on teal as
of now...
This needs some changes on packetmix to set up a database as well, so
let's make those here too...
We have an extension called Cargo which lets you query through pages.
As well as letting you add arbitrary data to select pages, you can also
have a table which is auto-filled with standard page data. By default,
the table doesn't store much info about each page. It might be nice for
querying if we had various other fields enabled!
For fixing the warning
> trace: evaluation warning: 'system' has been renamed to/replaced by 'stdenv.hostPlatform.system'
There's a few bits and pieces in upstream libraries, which have been
updated to unreleased (or unmerged) versions - I'm putting this through
because it's so critical, with approval from Coded - we will need to
upstream, verify, etc. these changes more properly to consider this
"fixed". This is a "good enough for now"
We would previously get this error when fetching on new machines
… while fetching the input 'git+https://gerrit.wikimedia.org/r/mediawiki/extensions/AdvancedSearch?rev=398c9fa782843d8b3aeaa5ebb1c1b3db35c3382f'
error: Cannot find Git revision '398c9fa782843d8b3aeaa5ebb1c1b3db35c3382f' in ref 'refs/heads/master' of repository 'https://gerrit.wikimedia.org/r/mediawiki/extensions/AdvancedSearch'! Please make sure that the rev exists on the ref you've specified or add allRefs = true; to fetchGit.
Now, this is what I'd expect - because we're not meant to be fetching
master of this extension - we're meant to be fetching a branch! This
seems to be an issue with npins' fetchgit call, which misses out the ref
Due to a nilla bug, fetching dependencies is required for evaluation
so this prevented any evaluation
I think this may be due to the recent 25.11 updates, but I'm not
entirely sure.
sshd started to create forwarded agents under $HOME. This broke Josh
since as home was /var/empty, so forwarding was impossible, resulting in
this error:
debug1: Requesting authentication agent forwarding.
... 8< -- snip -- 8< ...
debug1: Remote: Agent forwarding disabled: couldn't create listener socket
Creating a home for Josh fixes this
In https://github.com/josh-project/josh/pull/1704 I fixed the way Josh
works with redirects. Since as that's not yet in a release, we'll need
to pull in Josh's master for it to be effective.
The bug prevented Josh working entirely with Tangled, since as Tangled
redirects .git -> bare in repo URLs rather than the other way around. As
we use Josh with Tangled, there was a period of time where we couldn't
clone or pull through it at all. This had a multitude of knock-on
effects including making it difficult for me to upstream patches (so I
often didn't bother) and entirely breaking our auto-sync mechanism
(which relies on Josh to pull out packetmix from patisserie)
We run silverbullet on teal, and it's a great piece of software. It's
not ideal for us, however, as it doesn't support multiple users the best
and we've had various sync conflicts/delays/etc. even with 1 user. We
also don't need all of its features - for example it seems to be leaning
heavily into offline mode which we don't need...
...insetad, mediawiki. It's heavier, uses wikitext rather than markdown,
etc. but for collaborative features, history, etc. it far exceeds
SilverBullet
Previously we were running in to a race condition where OIDC wouldn't
start early enough, so kavita would load without it. As we have turned
off passwords entirely, this would cause the instance to be unusable
I've copied this wait code directly from our oauth2-proxy stuff, which
has the same problem. We should consider if there's a better way to do
this...
Previously we had our libraries in a subdirectory of /var/lib/copyparty
While that's an OK idea in theory, in practice it'd require us to make
every directory on the way to /var/lib/copyparty/data/groups/library
+rx to kavita. That's something we're unwilling to do. The true fix is
to move this out so we don't have to meddle with permissions except
those which are directly on this directory
Midnight hosts cache.freshlybakedca.ke, so there are problems (errors)
if it tries to use it too.
Since as there's no process to filter out of a list of values without
losing the rest of the list (*except evaluating twice through scalpel
like processes), we need to disable this at the source. That means it's
best to pull this out into an ingredient and detect whether the
ingredient is enabled for turning the cache on/off...
I have my work dock monitors here, but that's not the only place I dock
my laptop at work: there's also a monitor in our conference room. The
auto layout places it at [0, 0] (due to the laptop monitor needing to be
placed further out so there aren't issues with xwayland...). Therefore,
I need to set it up manually or I will not be able to move windows to it
or otherwise use it.
previously, back(@, 1) == @. That feels very weird, so instead now
back(@, 0) == @. Since as back(@, n) was used in the rangediff script,
I also had to update that script to cope with this (it had the correct
behavior already...)
We've had to do some interesting finagling to get this to happen, since
as AFAICT there is no way to do maths in the revset language (so no
way to add 1). Instead, we've done revision- to go back 1 already, so
our argument operates on a revision already 1 in the past.
Of course, 0 isn't going to bring us forward again so we instead have
to coalesce and return the current revision if we have no changes. Again
the revset language gets in our way since as there isn't a way to tell
if we have 0 as a quantity directly. Fortunately, for 0 we can make
a set that is always guarenteed to have the whole repo as members if
and only if our number was 0, and logically-and that with our current
revision to conditionally return it.
We also replaced our heads call with `ancestors(foo-) & ~ancestors(foo)`
- normally equivalent, but better if we've reached the end of our
commits, for example if we do `fwd(5)` when in reality we only have 2
more commits ontop of us. Previously that would return the last commit,
now it returns nothing
Finally, we've added some aliases to `fwd(n)` which default to using `@`
since as that seems to be a very common case.