From 782ac7140df86b4d6674ea02450b00600284d35d Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 23 Jan 2026 13:31:31 +0100 Subject: [PATCH 01/27] Update vars via generator forgejo-s3-storage for machine verbena --- .../access-key-id/machines/verbena | 1 + .../forgejo-s3-storage/access-key-id/secret | 26 +++++++++++++++++++ .../access-key-id/users/rpqt | 1 + .../access-key-secret/machines/verbena | 1 + .../access-key-secret/secret | 26 +++++++++++++++++++ .../access-key-secret/users/rpqt | 1 + 6 files changed, 56 insertions(+) create mode 120000 vars/per-machine/verbena/forgejo-s3-storage/access-key-id/machines/verbena create mode 100644 vars/per-machine/verbena/forgejo-s3-storage/access-key-id/secret create mode 120000 vars/per-machine/verbena/forgejo-s3-storage/access-key-id/users/rpqt create mode 120000 vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/machines/verbena create mode 100644 vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/secret create mode 120000 vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/users/rpqt diff --git a/vars/per-machine/verbena/forgejo-s3-storage/access-key-id/machines/verbena b/vars/per-machine/verbena/forgejo-s3-storage/access-key-id/machines/verbena new file mode 120000 index 0000000..e061a4c --- /dev/null +++ b/vars/per-machine/verbena/forgejo-s3-storage/access-key-id/machines/verbena @@ -0,0 +1 @@ +../../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/per-machine/verbena/forgejo-s3-storage/access-key-id/secret b/vars/per-machine/verbena/forgejo-s3-storage/access-key-id/secret new file mode 100644 index 0000000..4c4a5ce --- /dev/null +++ b/vars/per-machine/verbena/forgejo-s3-storage/access-key-id/secret @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:lILPrDhV479Rju4cNbtcEGU0KhOM7Xirbvk=,iv:LVMTgLoV53cRoa7xP0kvWWZyRC3zL8N00UfQQ/dPafY=,tag:q7PoGHYjI5Sa/3h7xZ0kZg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTb3o4ejBZSUcvU1J4aDJ1\nMS8wVUFhaUZtSGlSZ3N6bUVSU1FxQ21DM0dnCjc4WDFmWWpra2lGMVBManpoSjVH\nSldZL3lBR2ZzSWd4VDZDUGtmSnpuRGsKLS0tIHVvcXVJUDZrekNxZFZtL0p0dUR0\nQ211dFpBQ0xEbWRNaisyVWU1TDZnbmMK3VhJbIlVy2jCbzEjSbR9PkN9oZNGjDfm\n7cSnYX8qLaHOJqAAj2isN7SeeYTpRE1IWiguXwKB9bhtij+1S6ymyA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBROWxkUGhUY3pVZk9EQVlO\ndnVKeUM0TThJeGZTOEV2MkVudCttQUVBdDI0CnZwWFBpYTVYR3l5L0RQb05HbTd2\nbndPaEpZWXFTOXl3VE5lWDFrV29mQ1EKLS0tIExMaVpVWXpORExxWWEyNDVia3RM\nMkxTQ0QzM21SeE9NUGlWeGJRMFE0SWcKRaL0GXuZ4/9NKeKFNmJIORpEsVOKBhR4\nzcnJGwY2QnteYkfHhUiZT7vBPIKC6xsCD2gtLAywjX1KUr+FZb4YaA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBeXZGMnBO\nZGRGRW02MXE1TXc0dEErejFQSURKSFo4SEUrQnJXZTdicE9hKwpCTUY1Q2hkT3BC\nV2xmWFR4Zjh5VWF5VzQ5azFkVEF2eS9Fcy9wVUVCYUs4Ci0tLSBLb3RSenEwcDUv\nTitHN3FpNDZHaDlpbWc2cDVkNzlxZCtXWkZGbUxLQnNFCoR/dPrE99WjUojR2Nl1\nC8ZHNnJE53jI1lQGvy5aSo3HmKt97dQwlYuJ0MvHu3CtL9DUenEAfe/OSL4PIb+p\nUZA=\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBM2tyQURp\ncGlwTlF1M1JTSXBVM1BlUXYrQ2d2dTRudUwwVDRUdXBubU5OdApmdG1sbS9UcnU0\nYjh0bGlGd2FSdU9pcmEyck9PWkUrUlBFRlR2SVBBLy9RCi0tLSBlL2hVeHRJL1lw\nN1ZVeGFOUGVtVmIwZzc4QzNCdUx1WGhTMGlkYjh6RDFNCqyR5iQ9aCIgCmi2mKDZ\nHPHlerB0TLlvU50w7WLUXzjPts+ZQVE3fMLHUrFi09D1zyKYrB0kDYDcSgcK9j7m\ncTY=\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-01-23T12:31:31Z", + "mac": "ENC[AES256_GCM,data:9s8Kfn08MtBUg9D3MjAfYgEVJ+tsLI3K5DzZec+dl4EzDh3RuF12OI2GbWMgzpAHcEVBcBC0mpvY+ITSTPViNlCu/YBWRzpO9QQPBKRO7VwlwlKIhydjIK+t71QCDiMfWUVEHC5vmYiZeF0uwXSuD/+1WMUFsFYG1LUauN0dhVA=,iv:3mvjAuOQMypsTmzLvBl2H7Pb5CcwHdV9hvZAoWcVOQ0=,tag:hJoTCtWVtC9wBPOn8WDofw==,type:str]", + "version": "3.11.0" + } +} diff --git a/vars/per-machine/verbena/forgejo-s3-storage/access-key-id/users/rpqt b/vars/per-machine/verbena/forgejo-s3-storage/access-key-id/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/forgejo-s3-storage/access-key-id/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/machines/verbena b/vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/machines/verbena new file mode 120000 index 0000000..e061a4c --- /dev/null +++ b/vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/machines/verbena @@ -0,0 +1 @@ +../../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/secret b/vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/secret new file mode 100644 index 0000000..e485937 --- /dev/null +++ b/vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/secret @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:aEG/3fHh4cJ1hheU4P6PFKgm9n9HJblURiqvKms0fnx1cTJSd74qaNejWVlnThuxqPFgi4kv8LIi9WzmpEWy8Q==,iv:zrPF2WvbXPxzQxxZ9p+v/BR1YfNfS02PVi/+5pMzamA=,tag:n96sdJSnBoBWD0ibmAYweQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5WkxjWFZrdE1iVFIxN2xw\ncXlhNGp3cDRKaitqdWNMZTRuNDNHNHVjTEhjCm9wWUswVGlKL2ducjhmQzNzcXps\nbGRMZmk4dm9pdXR2MjdpK1FxOFFkZkUKLS0tIGsydS91UTlGWjlNbytRVWZaamRj\nSXJKVWxhTXV3MmlhcnNMb3d4Vm8vWEkKiEbNBhLLFzNNGmrvGZEedvnX3EjAhJCW\nvTIi3W89nHdOV8pHJK+aIaUT5EhBSTdyCAF/Ecl1MtG6kXjc4G7a3Q==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKRkNkTjVtazhoSGM1dlB3\nN29hYWMxWjNUdVpkVDZQTzh5T2w5enQyKzE0CnpwUzlKZ3pERVhZbmFkQlVhd20y\ndHl2WU9CUDhGVjh4NlVSQmxHUFE3UWcKLS0tIDh6RWtURUE1QW04Q3NENDgvVGE2\nYXdYaEgrVlp6NEZSbmNkM3pYZUNvVGMK2PqzSlhUQhUcsQxNUG0XqjGHjctVvXSR\ncGXZZypty4jd5sWgQKVb4tJ5qu/BlssQnT6YailJEW/8XrhjSuddvg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbFROMGpQ\nYmlpaC83ZDc0b0NCcHI2UVBvQVkvQVI2cmtRbHpEUDFXTTFiaApyeHZ5Sk9jWUho\nUCsveWZoK1FCVGkwZ2hWMTVTZDdwT1BOdG91TWMwRGJnCi0tLSBOV3l0L1BmY0RR\nRWVzYXgwME95ZHMyRWxqdk5odm1zczMzUCtkRU13eUNRCpUjzMJdcOPbmM8aIA5I\nhDET4gkaq9Nm/W2+UhuwR9NcFj2mpSCKAc2BJX6wLJ3vTqOXb3yl4L2PQT6db7bt\nQ/c=\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBNkJGOHpK\nUnRzTE8yV1hsYzZXK1N6V09yc2JaMHVvVnV5bEJaZ1hId2tPbApzWC9oS3NzMytW\najVocEZEMTBGblpWV1lNaGh4bnpGRzMybkM2WHNvelZnCi0tLSBESEhJSWtYdW9U\nMmFES1pGY0tJN3hTQlZqeTRoZ3VvQTRxNVFBdVVkVnprCu6aApFJvusV0eJqgBDU\niDDTdsOsY6L7XQHJtiITwsCz9a3jwvgu0+p3TIFAi5NU+RbGWMhlo9OZ+e2hTGGe\nPRY=\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-01-23T12:31:31Z", + "mac": "ENC[AES256_GCM,data:849ki7N7EUxz8a7HnA6oljWx3WN5TbhyqOZSe8T7i931U4tZbzuchxjVQTVb7dGS0sIM5G3rPztP0mAvP9ata6HLPVqov4oTlPW9/+HfcPnlX9stC1uDfJ0AUYyQ6Q6Xavs615X0XE8N1ccGBXoyfOGFBQYcz5vz0aqH4OmbRLM=,iv:SZbVM6UntxRpE1SB7iepCdKUgNCJL+5q2wJA5u9n/4E=,tag:9FlUde54jxc1RKvKl1auBg==,type:str]", + "version": "3.11.0" + } +} diff --git a/vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/users/rpqt b/vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From fb136061cfda89e9b5a8177c58b6a64dd56883f5 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 02/27] add lanzaboote --- flake.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/flake.nix b/flake.nix index a3b99cd..aa62a31 100644 --- a/flake.nix +++ b/flake.nix @@ -60,5 +60,8 @@ terranix.url = "github:terranix/terranix"; terranix.inputs.nixpkgs.follows = "nixpkgs"; terranix.inputs.flake-parts.follows = "flake-parts"; + + lanzaboote.url = "github:nix-community/lanzaboote/v1.0.0"; + lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; }; } From d0c9fdb625dacd3b02a8c58810f86e112f243248 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 03/27] infra: fix migadu generator --- infra/lib.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/lib.nix b/infra/lib.nix index cf93e1e..1da2b19 100644 --- a/infra/lib.nix +++ b/infra/lib.nix @@ -24,7 +24,7 @@ in value = lib.tf.ref ''provider::hcloud::txt_record("v=spf1 include:spf.migadu.com -all")''; } { - value = lib.tf.ref ''provider::hcloud::txt_record("hosted-email-verify=pgeaq3bp")''; + value = lib.tf.ref ''provider::hcloud::txt_record("hosted-email-verify=${hostedEmailVerify}")''; } ]; }; From fc81d4ffc923c1b35c0a0a41a64ddcb886d6073e Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 04/27] add forgejo --- infra/web.nix | 14 ++++++ machines/genepi/glance-config.nix | 5 ++ machines/verbena/configuration.nix | 1 + modules/forgejo.nix | 75 ++++++++++++++++++++++++++++++ 4 files changed, 95 insertions(+) create mode 100644 modules/forgejo.nix diff --git a/infra/web.nix b/infra/web.nix index 2513a6a..bf529d6 100644 --- a/infra/web.nix +++ b/infra/web.nix @@ -51,6 +51,20 @@ records = [ { value = infra.machines.verbena.ipv6; } ]; }; + git_rpqt_fr_a = { + zone = config.resource.hcloud_zone.rpqt_fr "name"; + name = "git"; + type = "A"; + records = [ { value = infra.machines.verbena.ipv4; } ]; + }; + + git_rpqt_fr_aaaa = { + zone = config.resource.hcloud_zone.rpqt_fr "name"; + name = "git"; + type = "AAAA"; + records = [ { value = infra.machines.verbena.ipv6; } ]; + }; + buildbot_turifer_dev_a = { zone = config.resource.hcloud_zone.turifer_dev "name"; name = "buildbot"; diff --git a/machines/genepi/glance-config.nix b/machines/genepi/glance-config.nix index b8d2c17..2945049 100644 --- a/machines/genepi/glance-config.nix +++ b/machines/genepi/glance-config.nix @@ -65,6 +65,11 @@ url = "https://git.turifer.dev"; icon = "sh:gitea"; } + { + title = "Forgejo"; + url = "https://git.rpqt.fr"; + icon = "sh:forgejo"; + } { title = "Pinchflat"; url = "https://pinchflat.${tld}"; diff --git a/machines/verbena/configuration.nix b/machines/verbena/configuration.nix index 990a3bd..f68c616 100644 --- a/machines/verbena/configuration.nix +++ b/machines/verbena/configuration.nix @@ -4,6 +4,7 @@ self.nixosModules.nix-defaults self.nixosModules.nextcloud self.nixosModules.gitea + self.nixosModules.forgejo self.nixosModules.vaultwarden self.inputs.srvos.nixosModules.server diff --git a/modules/forgejo.nix b/modules/forgejo.nix new file mode 100644 index 0000000..4359240 --- /dev/null +++ b/modules/forgejo.nix @@ -0,0 +1,75 @@ +{ config, lib, ... }: +let + cfg = config.services.forgejo; +in +{ + services.forgejo = { + enable = true; + lfs.enable = true; + + settings = { + # storage = { + # }; + + server = { + ROOT_URL = "https://${cfg.settings.server.DOMAIN}"; + DOMAIN = "git.rpqt.fr"; + HTTP_PORT = 3001; + }; + + session.PROVIDER = "db"; + session.COOKIE_SECURE = true; + + service.DISABLE_REGISTRATION = true; + + # Create a repository by pushing to it + repository.ENABLE_PUSH_CREATE_USER = true; + }; + }; + + systemd.services.forgejo.environment = { + FORGEJO__storage__STORAGE_TYPE = "minio"; + FORGEJO__storage__MINIO_ENDPOINT = "localhost:3900"; + FORGEJO__storage__MINIO_BUCKET = "forgejo"; + FORGEJO__storage__MINIO_LOCATION = "garage"; + FORGEJO__storage__MINIO_USE_SSL = "false"; + }; + + systemd.services.forgejo.serviceConfig = { + LoadCredential = [ + "minio_access_key_id:${config.clan.core.vars.generators.forgejo-s3-storage.files.access-key-id.path}" + "minio_secret_access_key:${config.clan.core.vars.generators.forgejo-s3-storage.files.access-key-secret.path}" + ]; + Environment = [ + "FORGEJO__storage__MINIO_ACCESS_KEY_ID__FILE=%d/minio_access_key_id" + "FORGEJO__storage__MINIO_SECRET_ACCESS_KEY__FILE=%d/minio_secret_access_key" + ]; + }; + + clan.core.vars.generators.forgejo-s3-storage = { + prompts.access-key-id = { + description = "s3 access key id"; + type = "line"; + persist = true; + }; + prompts.access-key-secret = { + description = "s3 access key secret"; + type = "hidden"; + persist = true; + }; + }; + + clan.core.state.forgejo.folders = [ config.services.forgejo.stateDir ]; + + services.nginx.virtualHosts."git.rpqt.fr" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${builtins.toString (cfg.settings.server.HTTP_PORT)}"; + }; + }; + + security.acme.certs."git.rpqt.fr" = { + email = "admin@rpqt.fr"; + }; +} From 240cb89fb7716f947e75c22c5278b096e77eb34a Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 05/27] update flake inputs --- flake.lock | 234 ++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 178 insertions(+), 56 deletions(-) diff --git a/flake.lock b/flake.lock index e7e5916..0fdb379 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1768230255, - "narHash": "sha256-d98+nRSV2X86LcJUDZDAR9wvmmGG1uMzY5/zJdKH9pU=", + "lastModified": 1769313163, + "narHash": "sha256-pjYF+adGJBkMLgKFAhnMEMR0818OsCaZAZREYs/baPQ=", "owner": "nix-community", "repo": "buildbot-nix", - "rev": "6c62d4e0e82b607638b00d6f4f4ad06646342826", + "rev": "6c0fbf1425279800fd8f02796fdb567599587b7b", "type": "github" }, "original": { @@ -40,11 +40,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1768662392, - "narHash": "sha256-tE6k6yaQDF1n4YkTC4aH+BgKNQM36bYdhslP0udgMyY=", + "lastModified": 1769817905, + "narHash": "sha256-/Ktjya8b3TfYeskDPY+67/BXyOwz0EpZnIW4QY9Qd94=", "ref": "refs/heads/main", - "rev": "1f2f93239ef3638d4b7a2187d021b8d8fe6507b8", - "revCount": 12169, + "rev": "49c69a0dd6750bbce8ebc698879e3cb48f32ae6b", + "revCount": 12606, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -53,6 +53,21 @@ "url": "https://git.clan.lol/clan/clan-core" } }, + "crane": { + "locked": { + "lastModified": 1765145449, + "narHash": "sha256-aBVHGWWRzSpfL++LubA0CwOOQ64WNLegrYHwsVuVN7A=", + "owner": "ipetkov", + "repo": "crane", + "rev": "69f538cdce5955fcd47abfed4395dc6d5194c1c5", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "data-mesher": { "inputs": { "flake-parts": [ @@ -69,11 +84,11 @@ ] }, "locked": { - "lastModified": 1768383623, - "narHash": "sha256-X1jD5UvgYW50wWxdxJn9b8hiOvpSoLcO3ZC1AZx7+gQ=", - "rev": "82c2fbf84ea0162d95b4958f02499e68c9a843a6", + "lastModified": 1769701076, + "narHash": "sha256-ZquoXeXZ8fwMQ54UVgcGRKjzdK0deRHzm0a2jVbw4uw=", + "rev": "21655e76e84749d5ce3c9b3aaf9d86ba4016ba08", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/82c2fbf84ea0162d95b4958f02499e68c9a843a6.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/21655e76e84749d5ce3c9b3aaf9d86ba4016ba08.tar.gz" }, "original": { "type": "tarball", @@ -91,11 +106,11 @@ "treefmt-nix": "treefmt-nix_3" }, "locked": { - "lastModified": 1768657403, - "narHash": "sha256-YkbdCu2ZInQj72rQQLgVP2x1m8il8+DtwzypBiYrrfE=", + "lastModified": 1768707867, + "narHash": "sha256-bNHBR07JIJUMjDGqd3/KwhPsI7e43JkAoeczO2cQ8h8=", "owner": "Mic92", "repo": "direnv-instant", - "rev": "ab8c70c557f610e20008eb407d17cfd78b44ea1c", + "rev": "522eeea04ab1bc360464e51477963b0c3e18284a", "type": "github" }, "original": { @@ -112,11 +127,11 @@ ] }, "locked": { - "lastModified": 1766150702, - "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", + "lastModified": 1769524058, + "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=", "owner": "nix-community", "repo": "disko", - "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", + "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d", "type": "github" }, "original": { @@ -132,11 +147,11 @@ ] }, "locked": { - "lastModified": 1766150702, - "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", + "lastModified": 1769524058, + "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=", "owner": "nix-community", "repo": "disko", - "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", + "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d", "type": "github" }, "original": { @@ -145,6 +160,22 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -153,11 +184,11 @@ ] }, "locked": { - "lastModified": 1767609335, - "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "250481aafeb741edfe23d29195671c19b36b6dca", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { @@ -186,6 +217,28 @@ "type": "github" } }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "pre-commit", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "hercules-ci-effects": { "inputs": { "flake-parts": [ @@ -198,11 +251,11 @@ ] }, "locked": { - "lastModified": 1765774562, - "narHash": "sha256-UQhfCggNGDc7eam+EittlYmeW89CZVT1KkFIHZWBH7k=", + "lastModified": 1768476106, + "narHash": "sha256-V0YOJRum50gtKgwavsAfwXc9+XAsJCC7386YZx1sWGQ=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "edcbb19948b6caf1700434e369fde6ff9e6a3c93", + "rev": "c19e263e6e22ec7379d972f19e6a322f943c73fb", "type": "github" }, "original": { @@ -218,11 +271,11 @@ ] }, "locked": { - "lastModified": 1768598210, - "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=", + "lastModified": 1769813945, + "narHash": "sha256-9ABv9Lo9t6MrFjlnRnU8Zw1C6LVj2+R8PipQ/rxGLHk=", "owner": "nix-community", "repo": "home-manager", - "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6", + "rev": "475921375def3eb930e1f8883f619ff8609accb6", "type": "github" }, "original": { @@ -231,6 +284,30 @@ "type": "github" } }, + "lanzaboote": { + "inputs": { + "crane": "crane", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit": "pre-commit", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1765382359, + "narHash": "sha256-RJmgVDzjRI18BWVogG6wpsl1UCuV6ui8qr4DJ1LfWZ8=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "e8c096ade12ec9130ff931b0f0e25d2f1bc63607", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "v1.0.0", + "repo": "lanzaboote", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -239,11 +316,11 @@ ] }, "locked": { - "lastModified": 1768561867, - "narHash": "sha256-prGOZ+w3pZfGTRxworKcJliCNsewF0L4HUPjgU/6eaw=", + "lastModified": 1768764703, + "narHash": "sha256-5ulSDyOG1U+1sJhkJHYsUOWEsmtLl97O0NTVMvgIVyc=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "8b720b9662d4dd19048664b7e4216ce530591adc", + "rev": "0fc4e7ac670a0ed874abacf73c4b072a6a58064b", "type": "github" }, "original": { @@ -286,11 +363,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1764234087, - "narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=", + "lastModified": 1769813415, + "narHash": "sha256-nnVmNNKBi1YiBNPhKclNYDORoHkuKipoz7EtVnXO50A=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "032a1878682fafe829edfcf5fdfad635a2efe748", + "rev": "8946737ff703382fda7623b9fab071d037e897d5", "type": "github" }, "original": { @@ -301,11 +378,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1768584846, - "narHash": "sha256-IRPmIOV2tPwxbhP/I9M5AmwhTC0lMPtoPStC+8T6xl0=", + "lastModified": 1769302137, + "narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cce68f4a54fa4e3d633358364477f5cc1d782440", + "rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8", "type": "github" }, "original": { @@ -333,11 +410,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1768564909, - "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", + "lastModified": 1769461804, + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", "type": "github" }, "original": { @@ -347,6 +424,29 @@ "type": "github" } }, + "pre-commit": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1765016596, + "narHash": "sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "buildbot-nix": "buildbot-nix", @@ -355,6 +455,7 @@ "disko": "disko_2", "flake-parts": "flake-parts_2", "home-manager": "home-manager", + "lanzaboote": "lanzaboote", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", @@ -362,6 +463,27 @@ "terranix": "terranix" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1765075567, + "narHash": "sha256-KFDCdQcHJ0hE3Nt5Gm5enRIhmtEifAjpxgUQ3mzSJpA=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "769156779b41e8787a46ca3d7d76443aaf68be6f", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "sops-nix": { "inputs": { "nixpkgs": [ @@ -370,11 +492,11 @@ ] }, "locked": { - "lastModified": 1768481291, - "narHash": "sha256-NjKtkJraCZEnLHAJxLTI+BfdU//9coAz9p5TqveZwPU=", + "lastModified": 1769469829, + "narHash": "sha256-wFcr32ZqspCxk4+FvIxIL0AZktRs6DuF8oOsLt59YBU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e085e303dfcce21adcb5fec535d65aacb066f101", + "rev": "c5eebd4eb2e3372fe12a8d70a248a6ee9dd02eff", "type": "github" }, "original": { @@ -390,11 +512,11 @@ ] }, "locked": { - "lastModified": 1768523683, - "narHash": "sha256-UbkyPXPPAbz0gHIWvHZ+jrPTruZqkpuwTFo5JXPnIgU=", + "lastModified": 1769681123, + "narHash": "sha256-i29n0IDa5nR8O9w7QsajWNy/dfgfnGF7/nJY+/OdjEY=", "owner": "nix-community", "repo": "srvos", - "rev": "90e9331fd79d4c3bb5c1e7cd2df2e560565fe543", + "rev": "861710611463c47190345f09f6959c9230def555", "type": "github" }, "original": { @@ -465,11 +587,11 @@ ] }, "locked": { - "lastModified": 1768031762, - "narHash": "sha256-b2gJDJfi+TbA7Hu2sKip+1mWqya0GJaWrrXQjpbOVTU=", + "lastModified": 1768158989, + "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "0c445aa21b01fd1d4bb58927f7b268568af87b20", + "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca", "type": "github" }, "original": { @@ -486,11 +608,11 @@ ] }, "locked": { - "lastModified": 1768158989, - "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=", + "lastModified": 1769691507, + "narHash": "sha256-8aAYwyVzSSwIhP2glDhw/G0i5+wOrren3v6WmxkVonM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca", + "rev": "28b19c5844cc6e2257801d43f2772a4b4c050a1b", "type": "github" }, "original": { @@ -507,11 +629,11 @@ ] }, "locked": { - "lastModified": 1768031762, - "narHash": "sha256-b2gJDJfi+TbA7Hu2sKip+1mWqya0GJaWrrXQjpbOVTU=", + "lastModified": 1768158989, + "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "0c445aa21b01fd1d4bb58927f7b268568af87b20", + "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca", "type": "github" }, "original": { From 074738810565bef9068757e2d8cb6ff44194e0cb Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 06/27] nixfmt-rfc-style -> nixfmt --- home-manager/dev.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home-manager/dev.nix b/home-manager/dev.nix index 06c3332..f187d71 100644 --- a/home-manager/dev.nix +++ b/home-manager/dev.nix @@ -25,7 +25,7 @@ radicle-tui typescript-language-server nil # Nix language server - nixfmt-rfc-style + nixfmt nixpkgs-review ]; From 5bd14cffe98d057c062429bb130769e95ca65ee3 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 07/27] alacritty: auto switch dark/light theme --- home-manager/desktop/terminal.nix | 3 +- home/.config/alacritty/alacritty.toml | 4 +-- .../alacritty/themes/default_light.toml | 33 +++++++++++++++++++ home/bin/switch-helix-theme.sh | 18 ++++++++-- 4 files changed, 52 insertions(+), 6 deletions(-) create mode 100644 home/.config/alacritty/themes/default_light.toml diff --git a/home-manager/desktop/terminal.nix b/home-manager/desktop/terminal.nix index 46ce790..5f35837 100644 --- a/home-manager/desktop/terminal.nix +++ b/home-manager/desktop/terminal.nix @@ -15,8 +15,7 @@ ]; programs.alacritty.enable = true; - xdg.configFile."alacritty/alacritty.toml".source = - "${config.dotfiles.path}/.config/alacritty/alacritty.toml"; + xdg.configFile."alacritty".source = "${config.dotfiles.path}/.config/alacritty"; xdg.configFile."ghostty/config".source = "${config.dotfiles.path}/.config/ghostty/config"; } diff --git a/home/.config/alacritty/alacritty.toml b/home/.config/alacritty/alacritty.toml index 62b95bd..cc3c2f0 100644 --- a/home/.config/alacritty/alacritty.toml +++ b/home/.config/alacritty/alacritty.toml @@ -1,6 +1,6 @@ [general] -live_config_reload = false -import = ["~/.config/alacritty/themes/kanagawa_wave.toml"] +live_config_reload = true +import = ["~/.config/alacritty/themes/default_light.toml"] [font] size = 14 diff --git a/home/.config/alacritty/themes/default_light.toml b/home/.config/alacritty/themes/default_light.toml new file mode 100644 index 0000000..50b2dc0 --- /dev/null +++ b/home/.config/alacritty/themes/default_light.toml @@ -0,0 +1,33 @@ +# Colors (Builtin Light) + +[colors.bright] +black = '#555555' +blue = '#5555ff' +cyan = '#22cccc' +green = '#2fd92f' +magenta = '#ff55ff' +red = '#ff5555' +white = '#ffffff' +yellow = '#bfbf15' + +[colors.cursor] +cursor = '#000000' +text = '#ffffff' + +[colors.normal] +black = '#000000' +blue = '#0000bb' +cyan = '#00bbbb' +green = '#00bb00' +magenta = '#bb00bb' +red = '#bb0000' +white = '#bbbbbb' +yellow = '#bbbb00' + +[colors.primary] +background = '#ffffff' +foreground = '#000000' + +[colors.selection] +background = '#b5d5ff' +text = '#000000' diff --git a/home/bin/switch-helix-theme.sh b/home/bin/switch-helix-theme.sh index f11f803..3d21409 100755 --- a/home/bin/switch-helix-theme.sh +++ b/home/bin/switch-helix-theme.sh @@ -6,10 +6,24 @@ HELIX_CONFIG_PATH=$(readlink -f "${HOME}/.config/helix/config.toml") HELIX_THEME_LIGHT="zed_onelight" HELIX_THEME_DARK="kanagawa" +ALACRITTY_CONFIG_PATH=$(readlink -f "${HOME}/.config/alacritty/alacritty.toml") +ALACRITTY_THEME_LIGHT="default_light" +ALACRITTY_THEME_DARK="kanagawa_wave" + +set_helix_theme() { + sed -i "s/^theme .*/theme = \"$1\"/" "$HELIX_CONFIG_PATH" +} + +set_alacritty_theme() { + sed -i "s/^import .*/import = \[\"\~\/\.config\/alacritty\/themes\/$1\.toml\"\]/" "$ALACRITTY_CONFIG_PATH" +} + if [[ "$2" == "prefer-dark" ]]; then - sed -i "s/^theme .*/theme = \"$HELIX_THEME_DARK\"/" "$HELIX_CONFIG_PATH" + set_helix_theme "$HELIX_THEME_DARK" + sey_alacritty_theme "$HELIX_THEME_DARK" else - sed -i "s/^theme .*/theme = \"$HELIX_THEME_LIGHT\"/" "$HELIX_CONFIG_PATH" + set_helix_theme "$HELIX_THEME_LIGHT" + set_alacritty_theme "$HELIX_THEME_LIGHT" fi pkill -USR1 hx || true From 59458a3ba1bf06fb6a0fa2c79d27a1d3e6c88a10 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 08/27] haze: use lanzaboote --- machines/haze/configuration.nix | 1 + modules/lanzaboote.nix | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 modules/lanzaboote.nix diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index c0e7a59..8f8e7f0 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -18,6 +18,7 @@ self.nixosModules.desktop self.nixosModules.dev + self.nixosModules.lanzaboote self.nixosModules.nix-defaults self.inputs.home-manager.nixosModules.home-manager diff --git a/modules/lanzaboote.nix b/modules/lanzaboote.nix new file mode 100644 index 0000000..147d8db --- /dev/null +++ b/modules/lanzaboote.nix @@ -0,0 +1,23 @@ +{ + self, + lib, + pkgs, + ... +}: +{ + imports = [ + self.inputs.lanzaboote.nixosModules.lanzaboote + ]; + + environment.systemPackages = [ + # For debugging and troubleshooting Secure Boot. + pkgs.sbctl + ]; + + boot.loader.systemd-boot.enable = lib.mkForce false; + + boot.lanzaboote = { + enable = true; + pkiBundle = "/var/lib/sbctl"; + }; +} From a0234b7b6f2821839c10244c601a21b9a6dd9abb Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 09/27] nextcloud: add calendar and contacts apps --- modules/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 745cd30..5695204 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -34,7 +34,7 @@ in }; extraAppsEnable = true; extraApps = { - # inherit (pkgs.nextcloud32Packages.apps) tasks; + inherit (config.services.nextcloud.package.packages.apps) tasks contacts calendar; }; }; From dce405708341ebb9215fb12820e69416ea7ca67a Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 10/27] update readme --- README.md | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index aa927d4..d8c1f8c 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,18 @@ -# NixOS & Home Manager config +# Flocon This repository contains all my system configurations, mostly deployed using Nix and [Clan]. ## Structure -- **home**: Dotfiles -- **machines**: Host-specific configs -- **infra**: Terraform/OpenTofu files -- **vars**: Encrypted secrets managed by clan -- **modules**: NixOS modules +- **clan**: Clan configuration - **clanServices**: Custom [Clan Services](https://docs.clan.lol/reference/clanServices) +- **home**: Dotfiles +- **home-manager**: [Home Manager] modules +- **infra**: [Terranix] files (for Terraform/OpenTofu) +- **machines**: Per-host configurations +- **modules**: [NixOS] modules +- **packages**: Nix packages +- **vars**: Encrypted secrets managed by clan ## Dotfiles @@ -19,4 +22,7 @@ This repository contains all my system configurations, mostly deployed using Nix dotbot -c ./dotbot/windows.yaml -d home ``` -[Clan]: https//clan.lol +[Clan]: https://clan.lol +[Home Manager]: https://home-manager.dev +[NixOS]: https://nixos.org +[Terranix]: https://terranix.org From 5823e9b6f7f526343cb726711b19fbf84ed6de3a Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 11/27] fix alacritty dark theme switching --- home/bin/switch-helix-theme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home/bin/switch-helix-theme.sh b/home/bin/switch-helix-theme.sh index 3d21409..8eae4a0 100755 --- a/home/bin/switch-helix-theme.sh +++ b/home/bin/switch-helix-theme.sh @@ -20,10 +20,10 @@ set_alacritty_theme() { if [[ "$2" == "prefer-dark" ]]; then set_helix_theme "$HELIX_THEME_DARK" - sey_alacritty_theme "$HELIX_THEME_DARK" + set_alacritty_theme "$ALACRITTY_THEME_DARK" else set_helix_theme "$HELIX_THEME_LIGHT" - set_alacritty_theme "$HELIX_THEME_LIGHT" + set_alacritty_theme "$ALACRITTY_THEME_LIGHT" fi pkill -USR1 hx || true From fa7a1543e4c28cfd691a4f098ac1233dc413c914 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 12/27] forgejo: set landing page to repo list --- modules/forgejo.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/forgejo.nix b/modules/forgejo.nix index 4359240..c5a5c21 100644 --- a/modules/forgejo.nix +++ b/modules/forgejo.nix @@ -15,6 +15,7 @@ in ROOT_URL = "https://${cfg.settings.server.DOMAIN}"; DOMAIN = "git.rpqt.fr"; HTTP_PORT = 3001; + LANDING_PAGE = "explore"; }; session.PROVIDER = "db"; From 0f6434c71f4d42fc4270c91f5f31eb215a732948 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 13/27] update flake inputs --- flake.lock | 94 +++++++++++++++++++++++++++--------------------------- 1 file changed, 47 insertions(+), 47 deletions(-) diff --git a/flake.lock b/flake.lock index 0fdb379..a19a3d2 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1769313163, - "narHash": "sha256-pjYF+adGJBkMLgKFAhnMEMR0818OsCaZAZREYs/baPQ=", + "lastModified": 1770625627, + "narHash": "sha256-mjQp38qba98jsSVPCdLHPbIt+KSPECTGfq04qrDie/s=", "owner": "nix-community", "repo": "buildbot-nix", - "rev": "6c0fbf1425279800fd8f02796fdb567599587b7b", + "rev": "9104e3d8c1e63238e4c64f53c90c5eb1fd67268b", "type": "github" }, "original": { @@ -40,11 +40,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1769817905, - "narHash": "sha256-/Ktjya8b3TfYeskDPY+67/BXyOwz0EpZnIW4QY9Qd94=", + "lastModified": 1770649721, + "narHash": "sha256-4syGZZIi6sYvstH4d9+uoWai2JZclf+1xahZjr08/P0=", "ref": "refs/heads/main", - "rev": "49c69a0dd6750bbce8ebc698879e3cb48f32ae6b", - "revCount": 12606, + "rev": "c976a9743f9a4ea6e0915ef17c6a6ddb0652dce1", + "revCount": 12867, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -84,11 +84,11 @@ ] }, "locked": { - "lastModified": 1769701076, - "narHash": "sha256-ZquoXeXZ8fwMQ54UVgcGRKjzdK0deRHzm0a2jVbw4uw=", - "rev": "21655e76e84749d5ce3c9b3aaf9d86ba4016ba08", + "lastModified": 1770409579, + "narHash": "sha256-reWzIb3dxJnLcwBEuT6khzEDvCiBCVTiqBR9C4vH/jg=", + "rev": "5065ddc67a7009fb81a29f43aa056b2a4552ed96", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/21655e76e84749d5ce3c9b3aaf9d86ba4016ba08.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/5065ddc67a7009fb81a29f43aa056b2a4552ed96.tar.gz" }, "original": { "type": "tarball", @@ -106,11 +106,11 @@ "treefmt-nix": "treefmt-nix_3" }, "locked": { - "lastModified": 1768707867, - "narHash": "sha256-bNHBR07JIJUMjDGqd3/KwhPsI7e43JkAoeczO2cQ8h8=", + "lastModified": 1770621819, + "narHash": "sha256-2lc95nmYS9nic05NfuXyYTqsJqcPXNrDTqJd/nwoT2s=", "owner": "Mic92", "repo": "direnv-instant", - "rev": "522eeea04ab1bc360464e51477963b0c3e18284a", + "rev": "03b6fe502b6f9247aaf5df9dbab6eb102bce43ed", "type": "github" }, "original": { @@ -184,11 +184,11 @@ ] }, "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -204,11 +204,11 @@ ] }, "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -271,11 +271,11 @@ ] }, "locked": { - "lastModified": 1769813945, - "narHash": "sha256-9ABv9Lo9t6MrFjlnRnU8Zw1C6LVj2+R8PipQ/rxGLHk=", + "lastModified": 1770654520, + "narHash": "sha256-mg5WZMIPGsFu9MxSrUcuJUPMbfMsF77el5yb/7rc10k=", "owner": "nix-community", "repo": "home-manager", - "rev": "475921375def3eb930e1f8883f619ff8609accb6", + "rev": "6c4fdbe1ad198fac36c320fd45c5957324a80b8e", "type": "github" }, "original": { @@ -316,11 +316,11 @@ ] }, "locked": { - "lastModified": 1768764703, - "narHash": "sha256-5ulSDyOG1U+1sJhkJHYsUOWEsmtLl97O0NTVMvgIVyc=", + "lastModified": 1770184146, + "narHash": "sha256-DsqnN6LvXmohTRaal7tVZO/AKBuZ02kPBiZKSU4qa/k=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "0fc4e7ac670a0ed874abacf73c4b072a6a58064b", + "rev": "0d7874ef7e3ba02d58bebb871e6e29da36fa1b37", "type": "github" }, "original": { @@ -378,11 +378,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1769302137, - "narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=", + "lastModified": 1770631810, + "narHash": "sha256-b7iK/x+zOXbjhRqa+XBlYla4zFvPZyU5Ln2HJkiSnzc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8", + "rev": "2889685785848de940375bf7fea5e7c5a3c8d502", "type": "github" }, "original": { @@ -410,11 +410,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1769461804, - "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", "owner": "nixos", "repo": "nixpkgs", - "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", "type": "github" }, "original": { @@ -492,11 +492,11 @@ ] }, "locked": { - "lastModified": 1769469829, - "narHash": "sha256-wFcr32ZqspCxk4+FvIxIL0AZktRs6DuF8oOsLt59YBU=", + "lastModified": 1770526836, + "narHash": "sha256-xbvX5Ik+0inJcLJtJ/AajAt7xCk6FOCrm5ogpwwvVDg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c5eebd4eb2e3372fe12a8d70a248a6ee9dd02eff", + "rev": "d6e0e666048a5395d6ea4283143b7c9ac704720d", "type": "github" }, "original": { @@ -512,11 +512,11 @@ ] }, "locked": { - "lastModified": 1769681123, - "narHash": "sha256-i29n0IDa5nR8O9w7QsajWNy/dfgfnGF7/nJY+/OdjEY=", + "lastModified": 1770603164, + "narHash": "sha256-2jJNzobNvy307k/FJxDWR6aO6FmClILFdA78CzdW9zY=", "owner": "nix-community", "repo": "srvos", - "rev": "861710611463c47190345f09f6959c9230def555", + "rev": "aa7bed2868237fad33b5ba12fca8f4f7a4dc07c5", "type": "github" }, "original": { @@ -587,11 +587,11 @@ ] }, "locked": { - "lastModified": 1768158989, - "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=", + "lastModified": 1770228511, + "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca", + "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", "type": "github" }, "original": { @@ -608,11 +608,11 @@ ] }, "locked": { - "lastModified": 1769691507, - "narHash": "sha256-8aAYwyVzSSwIhP2glDhw/G0i5+wOrren3v6WmxkVonM=", + "lastModified": 1770228511, + "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "28b19c5844cc6e2257801d43f2772a4b4c050a1b", + "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", "type": "github" }, "original": { @@ -629,11 +629,11 @@ ] }, "locked": { - "lastModified": 1768158989, - "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=", + "lastModified": 1770228511, + "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca", + "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", "type": "github" }, "original": { From b9ea744435f109db044d8bedbb87d3146062cc34 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 14/27] add global direnv config --- home-manager/dev.nix | 2 ++ home/.config/direnv/direnv.toml | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 home/.config/direnv/direnv.toml diff --git a/home-manager/dev.nix b/home-manager/dev.nix index f187d71..2b2124b 100644 --- a/home-manager/dev.nix +++ b/home-manager/dev.nix @@ -37,6 +37,8 @@ programs.direnv-instant.enable = true; + xdg.configFile."direnv/direnv.toml".source = "${config.dotfiles.path}/.config/direnv/direnv.toml"; + xdg.configFile."hut/config".source = "${config.dotfiles.path}/.config/hut/config"; home.file.".ssh/config".source = "${config.dotfiles.path}/.ssh/config"; } diff --git a/home/.config/direnv/direnv.toml b/home/.config/direnv/direnv.toml new file mode 100644 index 0000000..bf458e0 --- /dev/null +++ b/home/.config/direnv/direnv.toml @@ -0,0 +1,2 @@ +[global] +hide_env_diff = true From b5ad8c5a325f7d22d719d7dfaf89fba92453b3f6 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 15/27] fix helix theme switch for dms --- home/bin/switch-helix-theme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home/bin/switch-helix-theme.sh b/home/bin/switch-helix-theme.sh index 8eae4a0..db526dc 100755 --- a/home/bin/switch-helix-theme.sh +++ b/home/bin/switch-helix-theme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -set -euox pipefail +set -eu HELIX_CONFIG_PATH=$(readlink -f "${HOME}/.config/helix/config.toml") HELIX_THEME_LIGHT="zed_onelight" @@ -18,7 +18,7 @@ set_alacritty_theme() { sed -i "s/^import .*/import = \[\"\~\/\.config\/alacritty\/themes\/$1\.toml\"\]/" "$ALACRITTY_CONFIG_PATH" } -if [[ "$2" == "prefer-dark" ]]; then +if [[ "$2" == "dark" || "$2" == "prefer-dark" ]]; then set_helix_theme "$HELIX_THEME_DARK" set_alacritty_theme "$ALACRITTY_THEME_DARK" else From 665b7ce43607419e31181633812c9c27e1e00ad5 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 16/27] add nixd --- home-manager/dev.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home-manager/dev.nix b/home-manager/dev.nix index 2b2124b..ccca27f 100644 --- a/home-manager/dev.nix +++ b/home-manager/dev.nix @@ -25,6 +25,7 @@ radicle-tui typescript-language-server nil # Nix language server + nixd nixfmt nixpkgs-review ]; From 7fdbb68b18bdb32afcbefaaf924e63d3fb4ea517 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 17/27] infra: add short deployment doc --- infra/README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/infra/README.md b/infra/README.md index 3c9e53d..3e15512 100644 --- a/infra/README.md +++ b/infra/README.md @@ -9,6 +9,11 @@ gandi_token = XXX hcloud_token = YYY ``` +## Deploying + +Apply configuration from the repository root with `nix run .#infra.apply` (runs `tofu apply`). +There is also `nix run .#infra.plan` for `tofu plan`, etc. + ## Importing To import already existent resources, use the `import` command: From a264d27ea7b7623c99ad1050a067277a53847d09 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 18/27] helix: use nixd --- home/.config/helix/languages.toml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/.config/helix/languages.toml b/home/.config/helix/languages.toml index 3befed1..81c2631 100644 --- a/home/.config/helix/languages.toml +++ b/home/.config/helix/languages.toml @@ -44,6 +44,8 @@ source = { git = "https://github.com/treeman/tree-sitter-djot", rev = "master" } [[language]] name = "nix" formatter = { command = "nixfmt" } +auto-format = true +language-servers = [ "nixd" ] [[language]] name = "java" From cc9d90a9eb937d47a11819f82ed647f71a80cbe3 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 19/27] niri: add more dms includes --- home/.config/niri/config.kdl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/.config/niri/config.kdl b/home/.config/niri/config.kdl index 41320b9..0a6f5a2 100644 --- a/home/.config/niri/config.kdl +++ b/home/.config/niri/config.kdl @@ -3,6 +3,8 @@ include "dms/binds.kdl" include "dms/colors.kdl" include "dms/layout.kdl" include "dms/wpblur.kdl" +include "dms/cursor.kdl" +include "dms/outputs.kdl" input { keyboard { From 032e72d80b66755ae69b0cfd869c21650b3622bf Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 20/27] add Inter font --- modules/desktop.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/desktop.nix b/modules/desktop.nix index 294ef56..a921b4d 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -9,6 +9,10 @@ pkgs.nautilus ]; + fonts.packages = [ + pkgs.inter + ]; + programs.firefox = { enable = true; nativeMessagingHosts.packages = [ pkgs.passff-host ]; From 3e06d9c73c88c0435f607745f73f59cb9e35157e Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 21/27] firefox: remove passff and add fr lang pack --- modules/desktop.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/desktop.nix b/modules/desktop.nix index a921b4d..55998c3 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -15,7 +15,7 @@ programs.firefox = { enable = true; - nativeMessagingHosts.packages = [ pkgs.passff-host ]; + languagePacks = [ "fr" ]; }; programs.thunderbird.enable = true; From e86df57dc849741493d4f0351808c71ddf104340 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 22/27] desktop: add sddm --- modules/desktop.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/modules/desktop.nix b/modules/desktop.nix index 55998c3..de98e67 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -26,4 +26,15 @@ }; services.pcscd.enable = true; + + services.displayManager = { + sddm.enable = true; + sddm.wayland.enable = true; + }; + + # Display manager keyboard layout + services.xserver = { + enable = true; + xkb.layout = "fr"; + }; } From 0603a85579511556b414a362291e42552d6f2e81 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 23/27] machines/haze: remove gnome --- machines/haze/configuration.nix | 1 - machines/haze/home.nix | 1 - 2 files changed, 2 deletions(-) diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index 8f8e7f0..ffa0c02 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -8,7 +8,6 @@ ./boot.nix ./chat.nix ./gimp.nix - ./gnome.nix ./hibernate.nix ./niri.nix ./ssh.nix diff --git a/machines/haze/home.nix b/machines/haze/home.nix index 79bea2e..92fffc4 100644 --- a/machines/haze/home.nix +++ b/machines/haze/home.nix @@ -8,7 +8,6 @@ ../../home-manager/mail ../../home-manager/minecraft.nix ../../home-manager/desktop - ../../home-manager/desktop/gnome.nix ../../home-manager/desktop/niri.nix ../../home-manager/desktop/vicinae.nix ]; From 4a870d4a18b3dfbdac20512c7fb2b9228ccb7686 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 24/27] refactor homeModules --- flake.nix | 9 ++--- flakeModules/atuin.nix | 16 +++++++++ flakeModules/flake-module.nix | 5 +++ home-manager/desktop/fonts.nix | 13 -------- home-manager/desktop/pass.nix | 14 -------- home-manager/flake-module.nix | 5 --- {home-manager => homeModules}/chat.nix | 2 +- {home-manager => homeModules}/cli.nix | 33 ++++++++++++++++--- {home-manager => homeModules}/common.nix | 0 .../desktop/default.nix | 0 homeModules/desktop/fonts.nix | 7 ++++ homeModules/desktop/pass.nix | 20 +++++++++++ .../desktop/terminal.nix | 2 +- .../desktop/wayland.nix | 0 {home-manager => homeModules}/dev.nix | 3 +- {home-manager => homeModules}/dotfiles.nix | 0 homeModules/flake-module.nix | 27 +++++++++++++++ .../desktop => homeModules}/gnome.nix | 0 {home-manager => homeModules}/helix.nix | 2 +- .../mail/default.nix | 0 {home-manager => homeModules}/minecraft.nix | 0 .../desktop => homeModules}/niri.nix | 3 +- .../desktop => homeModules}/vicinae.nix | 0 machines/haze/configuration.nix | 3 +- machines/haze/home.nix | 21 ++++++------ modules/dev.nix | 6 ---- 26 files changed, 126 insertions(+), 65 deletions(-) create mode 100644 flakeModules/atuin.nix create mode 100644 flakeModules/flake-module.nix delete mode 100644 home-manager/desktop/fonts.nix delete mode 100644 home-manager/desktop/pass.nix delete mode 100644 home-manager/flake-module.nix rename {home-manager => homeModules}/chat.nix (82%) rename {home-manager => homeModules}/cli.nix (64%) rename {home-manager => homeModules}/common.nix (100%) rename {home-manager => homeModules}/desktop/default.nix (100%) create mode 100644 homeModules/desktop/fonts.nix create mode 100644 homeModules/desktop/pass.nix rename {home-manager => homeModules}/desktop/terminal.nix (90%) rename {home-manager => homeModules}/desktop/wayland.nix (100%) rename {home-manager => homeModules}/dev.nix (92%) rename {home-manager => homeModules}/dotfiles.nix (100%) create mode 100644 homeModules/flake-module.nix rename {home-manager/desktop => homeModules}/gnome.nix (100%) rename {home-manager => homeModules}/helix.nix (91%) rename {home-manager => homeModules}/mail/default.nix (100%) rename {home-manager => homeModules}/minecraft.nix (100%) rename {home-manager/desktop => homeModules}/niri.nix (68%) rename {home-manager/desktop => homeModules}/vicinae.nix (100%) delete mode 100644 modules/dev.nix diff --git a/flake.nix b/flake.nix index aa62a31..044ab3c 100644 --- a/flake.nix +++ b/flake.nix @@ -3,29 +3,30 @@ outputs = inputs@{ - nixpkgs, clan-core, flake-parts, ... }: - flake-parts.lib.mkFlake { inherit inputs; } ({ + flake-parts.lib.mkFlake { inherit inputs; } { imports = [ clan-core.flakeModules.default + inputs.home-manager.flakeModules.home-manager inputs.terranix.flakeModule ./clan/flake-module.nix ./clanServices/flake-module.nix ./devShells/flake-module.nix - ./home-manager/flake-module.nix + ./homeModules/flake-module.nix ./infra/flake-module.nix ./modules/flake-module.nix ./packages/flake-module.nix + ./flakeModules/flake-module.nix ]; systems = [ "x86_64-linux" "aarch64-linux" ]; - }); + }; inputs = { nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; diff --git a/flakeModules/atuin.nix b/flakeModules/atuin.nix new file mode 100644 index 0000000..cb37c93 --- /dev/null +++ b/flakeModules/atuin.nix @@ -0,0 +1,16 @@ +{ + flake.nixosModules.atuin-config = { + clan.core.vars.generators.atuin = { + prompts.key.persist = true; + files.key.owner = "rpqt"; + }; + }; + + flake.homeModules.atuin-config = + { config, osConfig, ... }: + { + programs.atuin.enable = true; + xdg.dataFile."atuin/key".source = + config.lib.file.mkOutOfStoreSymlink osConfig.clan.core.vars.generators.atuin.files.key.path; + }; +} diff --git a/flakeModules/flake-module.nix b/flakeModules/flake-module.nix new file mode 100644 index 0000000..8fbf844 --- /dev/null +++ b/flakeModules/flake-module.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./atuin.nix + ]; +} diff --git a/home-manager/desktop/fonts.nix b/home-manager/desktop/fonts.nix deleted file mode 100644 index b987e69..0000000 --- a/home-manager/desktop/fonts.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs, ... }: -{ - home.packages = [ - pkgs.nerd-fonts.jetbrains-mono - pkgs.noto-fonts-color-emoji - ]; - - fonts.fontconfig.enable = true; - fonts.fontconfig.defaultFonts = { - sansSerif = [ "Adwaita Sans" ]; - monospace = [ "Adwaita Mono" ]; - }; -} diff --git a/home-manager/desktop/pass.nix b/home-manager/desktop/pass.nix deleted file mode 100644 index 3b60fee..0000000 --- a/home-manager/desktop/pass.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, ... }: -{ - home.packages = [ - pkgs.pass - pkgs.gnupg - pkgs.pinentry-gnome3 - ]; - - programs.gpg.enable = true; - services.gpg-agent = { - enable = true; - pinentry.package = pkgs.pinentry-gnome3; - }; -} diff --git a/home-manager/flake-module.nix b/home-manager/flake-module.nix deleted file mode 100644 index 4909227..0000000 --- a/home-manager/flake-module.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - flake.homeManagerModules = { - dotfiles.imports = [ ./dotfiles.nix ]; - }; -} diff --git a/home-manager/chat.nix b/homeModules/chat.nix similarity index 82% rename from home-manager/chat.nix rename to homeModules/chat.nix index 0b9cd4a..7cb9124 100644 --- a/home-manager/chat.nix +++ b/homeModules/chat.nix @@ -6,7 +6,7 @@ }: { imports = [ - self.homeManagerModules.dotfiles + self.homeModules.dotfiles ]; home.packages = with pkgs; [ senpai ]; diff --git a/home-manager/cli.nix b/homeModules/cli.nix similarity index 64% rename from home-manager/cli.nix rename to homeModules/cli.nix index 89ccda3..a678563 100644 --- a/home-manager/cli.nix +++ b/homeModules/cli.nix @@ -21,7 +21,7 @@ let in { imports = [ - self.homeManagerModules.dotfiles + self.homeModules.dotfiles ]; home.packages = with pkgs; [ @@ -53,10 +53,6 @@ in programs.starship.enable = true; programs.bat.enable = true; - programs.atuin.enable = true; - xdg.dataFile."atuin/key".source = - config.lib.file.mkOutOfStoreSymlink osConfig.clan.core.vars.generators.atuin.files.key.path; - programs.zsh = { enable = true; syntaxHighlighting.enable = true; @@ -68,6 +64,33 @@ in inherit shellAliases; }; + programs.zellij.enable = true; + + # programs.khal = { + # enable = true; + # }; + + # accounts.calendar.basePath = ".calendar"; + + # programs.pimsync.enable = true; + + # accounts.calendar.accounts.personal = { + # pimsync.enable = true; + # khal.enable = true; + # thunderbird.enable = true; + # remote = { + # url = "https://cloud.rpqt.fr/remote.php/dav/calendars/rpqt/personal/"; + + # type = "caldav"; + # userName = "rpqt@rpqt.fr"; + # passwordCommand = [ + # "sh" + # "-c" + # "passage web/cloud.rpqt.fr | head -n 1" + # ]; + # }; + # }; + xdg.configFile."git".source = "${config.dotfiles.path}/.config/git"; xdg.configFile."jj/config.toml".source = "${config.dotfiles.path}/.config/jj/config.toml"; xdg.configFile."task/taskrc".source = "${config.dotfiles.path}/.config/task/taskrc"; diff --git a/home-manager/common.nix b/homeModules/common.nix similarity index 100% rename from home-manager/common.nix rename to homeModules/common.nix diff --git a/home-manager/desktop/default.nix b/homeModules/desktop/default.nix similarity index 100% rename from home-manager/desktop/default.nix rename to homeModules/desktop/default.nix diff --git a/homeModules/desktop/fonts.nix b/homeModules/desktop/fonts.nix new file mode 100644 index 0000000..eae2c70 --- /dev/null +++ b/homeModules/desktop/fonts.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + home.packages = [ + pkgs.nerd-fonts.jetbrains-mono + pkgs.noto-fonts-color-emoji + ]; +} diff --git a/homeModules/desktop/pass.nix b/homeModules/desktop/pass.nix new file mode 100644 index 0000000..7aa6a0f --- /dev/null +++ b/homeModules/desktop/pass.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: +let + pass-alias = pkgs.writeShellScriptBin "pass" '' + exec ${pkgs.passage}/bin/passage "$@" + ''; +in +{ + home.packages = [ + # pkgs.pass + pass-alias + pkgs.gnupg + pkgs.pinentry-gnome3 + ]; + + # programs.gpg.enable = true; + services.gpg-agent = { + enable = false; + pinentry.package = pkgs.pinentry-gnome3; + }; +} diff --git a/home-manager/desktop/terminal.nix b/homeModules/desktop/terminal.nix similarity index 90% rename from home-manager/desktop/terminal.nix rename to homeModules/desktop/terminal.nix index 5f35837..cb68238 100644 --- a/home-manager/desktop/terminal.nix +++ b/homeModules/desktop/terminal.nix @@ -6,7 +6,7 @@ }: { imports = [ - self.homeManagerModules.dotfiles + self.homeModules.dotfiles ]; home.packages = [ diff --git a/home-manager/desktop/wayland.nix b/homeModules/desktop/wayland.nix similarity index 100% rename from home-manager/desktop/wayland.nix rename to homeModules/desktop/wayland.nix diff --git a/home-manager/dev.nix b/homeModules/dev.nix similarity index 92% rename from home-manager/dev.nix rename to homeModules/dev.nix index ccca27f..0868a12 100644 --- a/home-manager/dev.nix +++ b/homeModules/dev.nix @@ -8,8 +8,9 @@ imports = [ ./cli.nix ./helix.nix - self.homeManagerModules.dotfiles + self.homeModules.dotfiles self.inputs.direnv-instant.homeModules.direnv-instant + self.homeModules.atuin-config ]; home.packages = with pkgs; [ diff --git a/home-manager/dotfiles.nix b/homeModules/dotfiles.nix similarity index 100% rename from home-manager/dotfiles.nix rename to homeModules/dotfiles.nix diff --git a/homeModules/flake-module.nix b/homeModules/flake-module.nix new file mode 100644 index 0000000..ccb87ea --- /dev/null +++ b/homeModules/flake-module.nix @@ -0,0 +1,27 @@ +{ lib, ... }: +{ + flake.homeModules = + (builtins.readDir ./.) + |> lib.filterAttrs ( + path: type: + (type == "directory" && lib.filesystem.pathIsRegularFile (./${path}/default.nix)) + || (type == "regular" && (lib.hasSuffix ".nix" path)) + ) + |> lib.mapAttrs' ( + path: type: + if type == "directory" then + { + name = path; + value = { + imports = [ ./${path} ]; + }; + } + else + { + name = lib.removeSuffix ".nix" path; + value = { + imports = [ ./${path} ]; + }; + } + ); +} diff --git a/home-manager/desktop/gnome.nix b/homeModules/gnome.nix similarity index 100% rename from home-manager/desktop/gnome.nix rename to homeModules/gnome.nix diff --git a/home-manager/helix.nix b/homeModules/helix.nix similarity index 91% rename from home-manager/helix.nix rename to homeModules/helix.nix index 61aa5cb..25655af 100644 --- a/home-manager/helix.nix +++ b/homeModules/helix.nix @@ -6,7 +6,7 @@ }: { imports = [ - self.homeManagerModules.dotfiles + self.homeModules.dotfiles ]; home.packages = [ pkgs.helix ]; diff --git a/home-manager/mail/default.nix b/homeModules/mail/default.nix similarity index 100% rename from home-manager/mail/default.nix rename to homeModules/mail/default.nix diff --git a/home-manager/minecraft.nix b/homeModules/minecraft.nix similarity index 100% rename from home-manager/minecraft.nix rename to homeModules/minecraft.nix diff --git a/home-manager/desktop/niri.nix b/homeModules/niri.nix similarity index 68% rename from home-manager/desktop/niri.nix rename to homeModules/niri.nix index 9422dda..a98b421 100644 --- a/home-manager/desktop/niri.nix +++ b/homeModules/niri.nix @@ -1,8 +1,7 @@ { self, config, ... }: { imports = [ - self.homeManagerModules.dotfiles - ./wayland.nix + self.homeModules.dotfiles ]; xdg.configFile."niri".source = "${config.dotfiles.path}/.config/niri"; diff --git a/home-manager/desktop/vicinae.nix b/homeModules/vicinae.nix similarity index 100% rename from home-manager/desktop/vicinae.nix rename to homeModules/vicinae.nix diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index ffa0c02..6696305 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -15,8 +15,8 @@ ./network.nix ./syncthing.nix + self.nixosModules.atuin-config self.nixosModules.desktop - self.nixosModules.dev self.nixosModules.lanzaboote self.nixosModules.nix-defaults @@ -26,7 +26,6 @@ home-manager.useUserPackages = true; home-manager.users.rpqt = ./home.nix; home-manager.extraSpecialArgs = { - inherit (self) inputs; inherit self; }; } diff --git a/machines/haze/home.nix b/machines/haze/home.nix index 92fffc4..ac7941d 100644 --- a/machines/haze/home.nix +++ b/machines/haze/home.nix @@ -1,14 +1,15 @@ +{ self, ... }: { imports = [ - ../../home-manager/chat.nix - ../../home-manager/common.nix - ../../home-manager/desktop - ../../home-manager/dev.nix - ../../home-manager/helix.nix - ../../home-manager/mail - ../../home-manager/minecraft.nix - ../../home-manager/desktop - ../../home-manager/desktop/niri.nix - ../../home-manager/desktop/vicinae.nix + self.homeModules.chat + self.homeModules.common + self.homeModules.desktop + self.homeModules.dev + self.homeModules.helix + self.homeModules.mail + self.homeModules.minecraft + self.homeModules.desktop + self.homeModules.niri + self.homeModules.vicinae ]; } diff --git a/modules/dev.nix b/modules/dev.nix deleted file mode 100644 index 294bdfa..0000000 --- a/modules/dev.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - clan.core.vars.generators.atuin = { - prompts.key.persist = true; - files.key.owner = "rpqt"; - }; -} From 2eb4dc3730f5ff53ede01cc5b27dd83339419966 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 25/27] machines/haze: use autologin --- machines/haze/configuration.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index 6696305..514b199 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -85,4 +85,9 @@ }; services.tailscale.useRoutingFeatures = "client"; + + services.displayManager.autoLogin = { + enable = true; + user = "rpqt"; + }; } From 7062c95697f1707c9c32b8a0532f8c7d5c5fc43e Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 26/27] refactor: rename modules to nixosModules --- clan/flake-module.nix | 4 ++-- flake.nix | 2 +- machines/crocus/configuration.nix | 2 +- machines/genepi/builder.nix | 3 ++- machines/genepi/configuration.nix | 3 +-- {modules => nixosModules}/acme-home.nix | 0 {modules => nixosModules}/borgbackup.nix | 2 +- {modules => nixosModules}/desktop.nix | 13 +++++++++++++ {modules => nixosModules}/flake-module.nix | 0 {modules => nixosModules}/forgejo.nix | 0 {modules => nixosModules}/garage.nix | 0 {modules => nixosModules}/gitea.nix | 0 {modules => nixosModules}/hardened-ssh-server.nix | 0 {modules => nixosModules}/lanzaboote.nix | 0 {modules => nixosModules}/lounge.nix | 0 {modules => nixosModules}/motd.nix | 0 {modules => nixosModules}/nextcloud.nix | 0 {modules => nixosModules}/nix-defaults.nix | 0 {modules => nixosModules}/radicle.nix | 0 {modules => nixosModules}/remote-builder.nix | 0 {modules => nixosModules}/storagebox.nix | 0 {modules => nixosModules}/tailscale.nix | 0 {modules => nixosModules}/user-rpqt.nix | 0 {modules => nixosModules}/vaultwarden.nix | 0 24 files changed, 21 insertions(+), 8 deletions(-) rename {modules => nixosModules}/acme-home.nix (100%) rename {modules => nixosModules}/borgbackup.nix (93%) rename {modules => nixosModules}/desktop.nix (69%) rename {modules => nixosModules}/flake-module.nix (100%) rename {modules => nixosModules}/forgejo.nix (100%) rename {modules => nixosModules}/garage.nix (100%) rename {modules => nixosModules}/gitea.nix (100%) rename {modules => nixosModules}/hardened-ssh-server.nix (100%) rename {modules => nixosModules}/lanzaboote.nix (100%) rename {modules => nixosModules}/lounge.nix (100%) rename {modules => nixosModules}/motd.nix (100%) rename {modules => nixosModules}/nextcloud.nix (100%) rename {modules => nixosModules}/nix-defaults.nix (100%) rename {modules => nixosModules}/radicle.nix (100%) rename {modules => nixosModules}/remote-builder.nix (100%) rename {modules => nixosModules}/storagebox.nix (100%) rename {modules => nixosModules}/tailscale.nix (100%) rename {modules => nixosModules}/user-rpqt.nix (100%) rename {modules => nixosModules}/vaultwarden.nix (100%) diff --git a/clan/flake-module.nix b/clan/flake-module.nix index c15a957..44cdbb5 100644 --- a/clan/flake-module.nix +++ b/clan/flake-module.nix @@ -93,7 +93,7 @@ module.input = "clan-core"; module.name = "importer"; roles.default.tags.garage = { }; - roles.default.extraModules = [ ../modules/garage.nix ]; + roles.default.extraModules = [ self.nixosModules.garage ]; }; clan.inventory.instances."trusted-nix-caches" = { @@ -123,7 +123,7 @@ } ); roles.client.extraModules = [ - ../modules/storagebox.nix + self.nixosModules.storagebox ]; roles.server.machines = { }; }; diff --git a/flake.nix b/flake.nix index 044ab3c..a0b1791 100644 --- a/flake.nix +++ b/flake.nix @@ -17,7 +17,7 @@ ./devShells/flake-module.nix ./homeModules/flake-module.nix ./infra/flake-module.nix - ./modules/flake-module.nix + ./nixosModules/flake-module.nix ./packages/flake-module.nix ./flakeModules/flake-module.nix ]; diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index 50ca761..eebb568 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -6,7 +6,7 @@ imports = [ self.nixosModules.radicle self.nixosModules.nix-defaults - ../../modules/remote-builder.nix + self.nixosModules.remote-builder self.inputs.srvos.nixosModules.server self.inputs.srvos.nixosModules.hardware-hetzner-cloud ]; diff --git a/machines/genepi/builder.nix b/machines/genepi/builder.nix index 5e4a7e3..87aaf61 100644 --- a/machines/genepi/builder.nix +++ b/machines/genepi/builder.nix @@ -1,6 +1,7 @@ +{ self, ... }: { imports = [ - ../../modules/remote-builder.nix + self.nixosModules.remote-builder ]; roles.remote-builder = { diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index 1e48016..90f1be9 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -17,8 +17,7 @@ ./pinchflat.nix ./syncthing.nix - ../../modules/acme-home.nix - ../../modules/lounge.nix + self.nixosModules.lounge self.nixosModules.nix-defaults self.nixosModules.user-rpqt diff --git a/modules/acme-home.nix b/nixosModules/acme-home.nix similarity index 100% rename from modules/acme-home.nix rename to nixosModules/acme-home.nix diff --git a/modules/borgbackup.nix b/nixosModules/borgbackup.nix similarity index 93% rename from modules/borgbackup.nix rename to nixosModules/borgbackup.nix index 172e76e..ec5cdf9 100644 --- a/modules/borgbackup.nix +++ b/nixosModules/borgbackup.nix @@ -6,7 +6,7 @@ let in { imports = [ - ./storagebox.nix + self.nixosModules.storagebox self.inputs.clan-core.clanModules.borgbackup ]; diff --git a/modules/desktop.nix b/nixosModules/desktop.nix similarity index 69% rename from modules/desktop.nix rename to nixosModules/desktop.nix index de98e67..8ab690a 100644 --- a/modules/desktop.nix +++ b/nixosModules/desktop.nix @@ -25,8 +25,21 @@ terminal = "ghostty"; }; + # services.yubikey-agent.enable = true; + programs.gnupg.agent.pinentryPackage = pkgs.pinentry-gnome3; + services.pcscd.enable = true; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + hardware.bluetooth.enable = true; + services.displayManager = { sddm.enable = true; sddm.wayland.enable = true; diff --git a/modules/flake-module.nix b/nixosModules/flake-module.nix similarity index 100% rename from modules/flake-module.nix rename to nixosModules/flake-module.nix diff --git a/modules/forgejo.nix b/nixosModules/forgejo.nix similarity index 100% rename from modules/forgejo.nix rename to nixosModules/forgejo.nix diff --git a/modules/garage.nix b/nixosModules/garage.nix similarity index 100% rename from modules/garage.nix rename to nixosModules/garage.nix diff --git a/modules/gitea.nix b/nixosModules/gitea.nix similarity index 100% rename from modules/gitea.nix rename to nixosModules/gitea.nix diff --git a/modules/hardened-ssh-server.nix b/nixosModules/hardened-ssh-server.nix similarity index 100% rename from modules/hardened-ssh-server.nix rename to nixosModules/hardened-ssh-server.nix diff --git a/modules/lanzaboote.nix b/nixosModules/lanzaboote.nix similarity index 100% rename from modules/lanzaboote.nix rename to nixosModules/lanzaboote.nix diff --git a/modules/lounge.nix b/nixosModules/lounge.nix similarity index 100% rename from modules/lounge.nix rename to nixosModules/lounge.nix diff --git a/modules/motd.nix b/nixosModules/motd.nix similarity index 100% rename from modules/motd.nix rename to nixosModules/motd.nix diff --git a/modules/nextcloud.nix b/nixosModules/nextcloud.nix similarity index 100% rename from modules/nextcloud.nix rename to nixosModules/nextcloud.nix diff --git a/modules/nix-defaults.nix b/nixosModules/nix-defaults.nix similarity index 100% rename from modules/nix-defaults.nix rename to nixosModules/nix-defaults.nix diff --git a/modules/radicle.nix b/nixosModules/radicle.nix similarity index 100% rename from modules/radicle.nix rename to nixosModules/radicle.nix diff --git a/modules/remote-builder.nix b/nixosModules/remote-builder.nix similarity index 100% rename from modules/remote-builder.nix rename to nixosModules/remote-builder.nix diff --git a/modules/storagebox.nix b/nixosModules/storagebox.nix similarity index 100% rename from modules/storagebox.nix rename to nixosModules/storagebox.nix diff --git a/modules/tailscale.nix b/nixosModules/tailscale.nix similarity index 100% rename from modules/tailscale.nix rename to nixosModules/tailscale.nix diff --git a/modules/user-rpqt.nix b/nixosModules/user-rpqt.nix similarity index 100% rename from modules/user-rpqt.nix rename to nixosModules/user-rpqt.nix diff --git a/modules/vaultwarden.nix b/nixosModules/vaultwarden.nix similarity index 100% rename from modules/vaultwarden.nix rename to nixosModules/vaultwarden.nix From 0f6fc03ad7241cc6f5c7163d3c1e1b642c1582a2 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 27 Jan 2026 14:36:11 +0100 Subject: [PATCH 27/27] refactor: update readme for file structure --- README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d8c1f8c..908c269 100644 --- a/README.md +++ b/README.md @@ -4,13 +4,15 @@ This repository contains all my system configurations, mostly deployed using Nix ## Structure +The file hierarchy is based on the flake's structure, using [flake parts] conventions. + - **clan**: Clan configuration - **clanServices**: Custom [Clan Services](https://docs.clan.lol/reference/clanServices) - **home**: Dotfiles -- **home-manager**: [Home Manager] modules +- **homeModules**: [Home Manager] modules - **infra**: [Terranix] files (for Terraform/OpenTofu) - **machines**: Per-host configurations -- **modules**: [NixOS] modules +- **nixosModules**: [NixOS] modules - **packages**: Nix packages - **vars**: Encrypted secrets managed by clan @@ -26,3 +28,4 @@ dotbot -c ./dotbot/windows.yaml -d home [Home Manager]: https://home-manager.dev [NixOS]: https://nixos.org [Terranix]: https://terranix.org +[Flake parts]: https://flake.parts