rpqt/flocon
rpqt/flocon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: rpqt:main
Branches Tags
rpqt:main
rpqt:clan
..
compare: rpqt:clan
Branches Tags
rpqt:main
rpqt:clan

No commits in common. "main" and "clan" have entirely different histories.
main ... clan

405 changed files with 1378 additions and 8463 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1,2 +1 @@
/.direnv /.direnv
/result

22
README.md
View file

@ -1,22 +1,10 @@
# NixOS & Home Manager config # NixOS & Home Manager config
This repository contains all my system configurations, mostly deployed using Nix and [Clan].
## Structure ## Structure
- **home**: Dotfiles - **home**: Home Manager modules
- **machines**: Host-specific configs - **hosts**: Host-specific configs
- **infra**: Terraform/OpenTofu files - **infra**: Terraform/OpenTofu files
- **vars**: Encrypted secrets managed by clan - **secrets**: Age-encrypted secrets shared between multiple hosts.
- **modules**: NixOS modules Host-specific secrets are stored in their own directories.
- **clanServices**: Custom [Clan Services](https://docs.clan.lol/reference/clanServices) - **system**: Base NixOS modules shared among all hosts
## Dotfiles
### Linking with dotbotc (for windows)
```sh
dotbot -c ./dotbot/windows.yaml -d home
```
[Clan]: https//clan.lol

185
clan/flake-module.nix
View file

@ -1,185 +0,0 @@
{ self, lib, ... }:
{
imports = [
./machines.nix
./monitoring.nix
./network.nix
];
clan.meta.name = "blossom";
clan.meta.domain = "val";
clan.secrets.age.plugins = [
"age-plugin-yubikey"
];
clan.inventory.instances."rpqt-admin" = {
module.input = "clan-core";
module.name = "admin";
roles.default.tags.server = { };
roles.default.machines.haze = { };
roles.default.settings.allowedKeys = {
rpqt_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze";
nixbld_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIyNC2sn5m7m52r4kVZqg0T7abqdz5xh/blU3cYtHKAE nixbld@haze";
};
};
clan.inventory.instances."sshd" = {
module.input = "clan-core";
module.name = "sshd";
roles.server.tags.all = { };
roles.server.extraModules = [
self.nixosModules.hardened-ssh-server
];
roles.server.settings = {
certificate.searchDomains = [
"home.rpqt.fr"
];
};
roles.client.tags.all = { };
roles.client.settings = {
certificate.searchDomains = [
"home.rpqt.fr"
];
};
};
clan.inventory.instances.user-rpqt = {
module.input = "clan-core";
module.name = "users";
roles.default.machines.haze = {
settings = {
user = "rpqt";
};
};
roles.default.extraModules = [
self.nixosModules.user-rpqt
];
};
clan.inventory.instances.common-config = {
module = {
input = "clan-core";
name = "importer";
};
roles.default.tags.all = { };
roles.default.extraModules = [ self.nixosModules.common ];
};
clan.inventory.instances.server-config = {
module = {
input = "clan-core";
name = "importer";
};
roles.default.tags.server = { };
roles.default.extraModules = [
{
nix.gc.automatic = lib.mkDefault true;
nix.gc.dates = lib.mkDefault "Mon 3:15";
nix.gc.randomizedDelaySec = lib.mkDefault "30min";
nix.gc.options = lib.mkDefault "--delete-older-than 30d";
}
];
};
clan.inventory.instances."garage" = {
module.input = "clan-core";
module.name = "garage";
roles.default.tags.garage = { };
};
clan.inventory.instances."garage-config" = {
module.input = "clan-core";
module.name = "importer";
roles.default.tags.garage = { };
roles.default.extraModules = [ ../modules/garage.nix ];
};
clan.inventory.instances."trusted-nix-caches" = {
module.input = "clan-core";
module.name = "trusted-nix-caches";
roles.default.tags.all = { };
};
clan.inventory.instances."borgbackup-storagebox" = {
module.input = "clan-core";
module.name = "borgbackup";
roles.client.machines = lib.genAttrs [ "crocus" "genepi" "verbena" ] (
machine:
let
config = self.nixosConfigurations.${machine}.config;
user = "u422292";
host = "${user}.your-storagebox.de";
in
{
settings.destinations."storagebox-${config.networking.hostName}" = {
repo = "${user}@${host}:./borgbackup/${config.networking.hostName}";
rsh = "ssh -oPort=23 -i ${
config.clan.core.vars.generators.borgbackup.files."borgbackup.ssh".path
} -oStrictHostKeyChecking=accept-new";
};
}
);
roles.client.extraModules = [
../modules/storagebox.nix
];
roles.server.machines = { };
};
clan.inventory.instances.syncthing = {
roles.peer.tags.syncthing = { };
roles.peer.settings.folders = {
Documents = {
path = "~/Documents";
};
Music = {
path = "~/Music";
};
Pictures = {
path = "~/Pictures";
};
Videos = {
path = "~/Videos";
};
};
roles.peer.settings.extraDevices = {
pixel-7a = {
id = "IZE7B4Z-LKTJY6Q-77NN4JG-ADYRC77-TYPZTXE-Q35BWV2-AEO7Q3R-ZE63IAU";
name = "Pixel 7a";
addresses = [ "dynamic" ];
};
};
};
clan.inventory.instances.buildbot = {
module.input = "self";
module.name = "@rpqt/buildbot";
roles.master.machines.verbena = {
settings = {
domain = "buildbot.turifer.dev";
admins = [ "rpqt" ];
topic = "buildbot-nix";
gitea.instanceUrl = "https://git.turifer.dev";
};
};
roles.master.extraModules = [
{
services.nginx.virtualHosts."buildbot.turifer.dev" = {
enableACME = true;
forceSSL = true;
};
security.acme.certs."buildbot.turifer.dev" = {
email = "admin@turifer.dev";
};
}
];
roles.worker.machines.verbena = { };
};
}

28
clan/machines.nix
View file

@ -1,28 +0,0 @@
{
clan.inventory.machines = {
crocus = {
tags = [
"garage"
"server"
];
};
genepi = {
tags = [
"garage"
"server"
"syncthing"
];
};
haze = {
tags = [
"syncthing"
];
};
verbena = {
tags = [
"garage"
"server"
];
};
};
}

46
clan/monitoring.nix
View file

@ -1,46 +0,0 @@
{ self, ... }:
{
clan.inventory.instances.prometheus = {
module.input = "self";
module.name = "@rpqt/prometheus";
roles.scraper.machines.genepi = { };
roles.scraper.settings = {
extraScrapeConfigs = [
{
job_name = "garage";
static_configs = [
{
labels.instance = "crocus";
targets = [ "crocus.home.rpqt.fr:3903" ];
}
{
labels.instance = "genepi";
targets = [ "genepi.home.rpqt.fr:3903" ];
}
{
labels.instance = "verbena";
targets = [ "verbena.home.rpqt.fr:3903" ];
}
];
authorization = {
type = "Bearer";
credentials_file =
self.nixosConfigurations.verbena.config.clan.core.vars.generators.garage.files.metrics_token.path;
};
}
];
};
roles.target.tags.server = { };
roles.target.settings = {
exporters = {
node = {
enabledCollectors = [
"systemd"
];
};
};
};
};
}

87
clan/network.nix
View file

@ -1,87 +0,0 @@
{ self, ... }:
{
clan.inventory.instances.zerotier = {
roles.controller.machines.crocus = { };
roles.moon.machines.crocus = {
settings = {
stableEndpoints = [
"116.203.18.122"
"2a01:4f8:1c1e:e415::/64"
];
};
};
roles.peer.tags."all" = { };
};
clan.inventory.instances.internet = {
roles.default.machines.verbena.settings.host = self.infra.machines.verbena.ipv4;
roles.default.machines.crocus.settings.host = self.infra.machines.crocus.ipv4;
};
clan.inventory.instances.wireguard = {
module.name = "wireguard";
module.input = "clan-core";
roles.controller = {
machines.verbena.settings = {
endpoint = "wg1.turifer.dev";
};
};
roles.peer.machines = {
haze = { };
crocus = { };
genepi = { };
};
};
clan.inventory.instances.certificates = {
module.name = "certificates";
module.input = "clan-core";
roles.ca.machines.verbena = {
settings.acmeEmail = "admin@rpqt.fr";
settings.tlds = [ "val" ];
};
roles.default.tags.all = { };
roles.default.settings.acmeEmail = "admin@rpqt.fr";
};
# Temporarily patched version of clan-core/coredns for AAAA records support
clan.inventory.instances.coredns = {
module.name = "@rpqt/coredns";
module.input = "self";
roles.default.tags.all = { };
roles.server.machines.verbena = {
settings.ip = "fd28:387a:90:c400::1";
settings.dnsPort = 53;
};
roles.server.machines.crocus = {
settings.ip = "fd28:387a:90:c400:6db2:dfc3:c376:9956";
};
roles.server.settings = {
tld = "val";
};
roles.default.machines.verbena.settings = {
ip = "fd28:387a:90:c400::1";
services = [
"ca"
"vaultwarden"
];
};
roles.default.machines.genepi.settings = {
ip = "fd28:387a:90:c400:ab23:3d38:a148:f539"; # FIXME: IPv4 expected (A record)
services = [
"actual"
"assistant"
"glance"
"grafana"
"images"
"lounge"
"pinchflat"
"rss"
];
};
};
}

158
clanServices/buildbot/default.nix
View file

@ -1,158 +0,0 @@
{ self, ... }:
{ lib, ... }:
{
_class = "clan.service";
manifest.name = "buildbot";
roles.master = {
interface.options = {
domain = lib.mkOption {
type = lib.types.str;
description = "Domain name under which the buildbot frontend is reachable";
example = "https://buildbot.example.com";
};
admins = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "List of usernames allowed to authenticate to the buildbot frontend";
example = [ "Mic92" ];
};
topic = lib.mkOption {
type = lib.types.str;
description = "Name of the topic attached to repositories that should be built";
example = "buildbot-nix";
};
gitea.instanceUrl = lib.mkOption {
type = lib.types.str;
description = "URL of the Gitea instance";
example = "https://git.example.com";
};
};
perInstance =
{
settings,
roles,
...
}:
{
nixosModule =
{
config,
lib,
pkgs,
...
}:
{
imports = [
self.inputs.buildbot-nix.nixosModules.buildbot-master
];
services.buildbot-nix.master = {
enable = true;
workersFile = config.clan.core.vars.generators.buildbot.files.workers-file.path;
inherit (settings) domain admins;
authBackend = "gitea";
gitea = {
enable = true;
inherit (settings.gitea) instanceUrl;
inherit (settings) topic;
tokenFile = config.clan.core.vars.generators.buildbot.files.api-token.path;
webhookSecretFile = config.clan.core.vars.generators.buildbot.files.webhook-secret.path;
oauthId = config.clan.core.vars.generators.buildbot.files.oauth-id.value;
oauthSecretFile = config.clan.core.vars.generators.buildbot.files.oauth-secret.path;
};
};
clan.core.vars.generators.buildbot = {
prompts.api-token = {
description = "gitea API token";
type = "hidden";
persist = true;
};
prompts.webhook-secret = {
description = "gitea webhook secret";
type = "hidden";
persist = true;
};
prompts.oauth-id = {
description = "oauth client id";
persist = true;
};
files.oauth-id.secret = false;
prompts.oauth-secret = {
description = "oauth secret";
type = "hidden";
persist = true;
};
dependencies = [ "buildbot-worker" ];
files.workers-file.secret = true;
runtimeInputs = [ pkgs.python3 ];
script = ''
python3 - << EOF
import os
import json
password_path = os.path.join(os.environ.get("in"), "buildbot-worker/worker-password")
password = open(password_path).read().strip()
workers = [
{
"name": "${config.networking.hostName}",
"pass": password,
"cores": 4,
},
];
workers_file_path = os.path.join(os.environ.get("out"), "workers-file")
with open(workers_file_path, "w") as workers_file:
workers_file.write(json.dumps(workers))
EOF
'';
};
};
};
};
roles.worker = {
perInstance =
{
settings,
roles,
...
}:
{
nixosModule =
{
config,
lib,
pkgs,
...
}:
{
imports = [
self.inputs.buildbot-nix.nixosModules.buildbot-worker
];
services.buildbot-nix.worker = {
enable = true;
workerPasswordFile = config.clan.core.vars.generators.buildbot-worker.files.worker-password.path;
};
clan.core.vars.generators.buildbot-worker = {
files.worker-password = { };
runtimeInputs = [
pkgs.openssl
];
script = ''
openssl rand -hex 32 > "$out"/worker-password
'';
};
};
};
};
}

4
clanServices/buildbot/flake-module.nix
View file

@ -1,4 +0,0 @@
{ self, lib, ... }:
{
clan.modules."@rpqt/buildbot" = lib.modules.importApply ./default.nix { inherit self; };
}

73
clanServices/coredns/README.md
View file

@ -1,73 +0,0 @@
!!! Danger "Experimental"
This service is experimental and will change in the future.
This module enables hosting clan-internal services easily, which can be resolved
inside your VPN. This allows defining a custom top-level domain (e.g. `.clan`)
and exposing endpoints from a machine to others, which will be
accessible under `http://<service>.clan` in your browser.
The service consists of two roles:
- A `server` role: This is the DNS-server that will be queried when trying to
resolve clan-internal services. It defines the top-level domain.
- A `default` role: This does two things. First, it sets up the nameservers so
that clan-internal queries are resolved via the `server` machine, while
external queries are resolved as normal via DHCP. Second, it allows exposing
services (see example below).
## Example Usage
Here the machine `dnsserver` is designated as internal DNS-server for the TLD
`.foo`. `server01` will host an application that shall be reachable at
`http://one.foo` and `server02` is going to be reachable at `http://two.foo`.
`client` is any other machine that is part of the clan but does not host any
services.
When `client` tries to resolve `http://one.foo`, the DNS query will be
routed to `dnsserver`, which will answer with `192.168.1.3`. If it tries to
resolve some external domain (e.g. `https://clan.lol`), the query will not be
routed to `dnsserver` but resolved as before, via the nameservers advertised by
DHCP.
```nix
inventory = {
machines = {
dnsserver = { }; # 192.168.1.2
server01 = { }; # 192.168.1.3
server02 = { }; # 192.168.1.4
client = { }; # 192.168.1.5
};
instances = {
coredns = {
module.name = "@clan/coredns";
module.input = "self";
# Add the default role to all machines, including `client`
roles.default.tags.all = { };
# DNS server queries to http://<name>.foo are resolved here
roles.server.machines."dnsserver".settings = {
ip = "192.168.1.2";
tld = "foo";
};
# First service
# Registers http://one.foo will resolve to 192.168.1.3
# underlying service runs on server01
roles.default.machines."server01".settings = {
ip = "192.168.1.3";
services = [ "one" ];
};
# Second service
roles.default.machines."server02".settings = {
ip = "192.168.1.4";
services = [ "two" ];
};
};
};
};
```

235
clanServices/coredns/default.nix
View file

@ -1,235 +0,0 @@
{ ... }:
{
_class = "clan.service";
manifest.name = "coredns";
manifest.description = "Clan-internal DNS and service exposure";
manifest.categories = [ "Network" ];
manifest.readme = builtins.readFile ./README.md;
roles.server = {
description = "A DNS server that resolves services in the clan network.";
interface =
{ lib, ... }:
{
options.tld = lib.mkOption {
type = lib.types.str;
default = "clan";
description = ''
Top-level domain for this instance. All services below this will be
resolved internally.
'';
};
options.ip = lib.mkOption {
type = lib.types.str;
# TODO: Set a default
description = "IP for the DNS to listen on";
};
options.dnsPort = lib.mkOption {
type = lib.types.int;
default = 1053;
description = "Port of the clan-internal DNS server";
};
};
perInstance =
{
roles,
settings,
...
}:
{
nixosModule =
{
lib,
pkgs,
...
}:
let
hostServiceEntries =
host:
lib.strings.concatStringsSep "\n" (
map (
service:
let
ip = roles.default.machines.${host}.settings.ip;
isIPv4 = addr: (builtins.match "\\." addr) != null;
recordType = if (isIPv4 ip) then "A" else "AAAA";
in
"${service} IN ${recordType} ${ip} ; ${host}"
) roles.default.machines.${host}.settings.services
);
hostnameEntries = ''
crocus 10800 IN AAAA fd28:387a:90:c400:6db2:dfc3:c376:9956
genepi 10800 IN AAAA fd28:387a:90:c400:ab23:3d38:a148:f539
verbena 10800 IN AAAA fd28:387a:90:c400::1
haze 10800 IN AAAA fd28:387a:90:c400:840e:e9db:4c08:b920
'';
zonefile = builtins.toFile "${settings.tld}.zone" (
''
$TTL 3600 ; 1 Hour
$ORIGIN ${settings.tld}.
${settings.tld}. IN SOA ns1 admin.rpqt.fr. (
2025112300 ; serial
10800 ; refresh
3600 ; retry
604800 ; expire
300 ; minimum
)
${builtins.concatStringsSep "\n" (
lib.lists.imap1 (i: _m: "@ 1D IN NS ns${toString i}.${settings.tld}.") (
lib.attrNames roles.server.machines
)
)}
${builtins.concatStringsSep "\n" (
lib.lists.imap1 (i: m: "ns${toString i} 10800 IN CNAME ${m}.${settings.tld}.") (
lib.attrNames roles.server.machines
)
)}
''
+ hostnameEntries
+ "\n"
+ (lib.strings.concatStringsSep "\n" (
map (host: hostServiceEntries host) (lib.attrNames roles.default.machines)
))
);
in
{
networking.firewall.interfaces.wireguard = {
allowedTCPPorts = [ settings.dnsPort ];
allowedUDPPorts = [ settings.dnsPort ];
};
services.coredns = {
enable = true;
config =
let
dnsPort = builtins.toString settings.dnsPort;
in
''
.:${dnsPort} {
bind wireguard
forward . 1.1.1.1
cache 30
}
${settings.tld}:${dnsPort} {
bind wireguard
file ${zonefile}
}
'';
};
};
};
};
roles.default = {
description = "A machine that registers the 'server' role as resolver and registers services under the configured TLD in the resolver.";
interface =
{ lib, ... }:
{
options.services = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = ''
Service endpoints this host exposes (without TLD). Each entry will
be resolved to <entry>.<tld> using the configured top-level domain.
'';
};
options.ip = lib.mkOption {
type = lib.types.str;
# TODO: Set a default
description = "IP on which the services will listen";
};
options.dnsPort = lib.mkOption {
type = lib.types.int;
default = 1053;
description = "Port of the clan-internal DNS server";
};
};
perInstance =
{ roles, settings, ... }:
{
nixosModule =
{ config, lib, ... }:
{
networking.nameservers = map (
m:
let
port = config.services.unbound.settings.server.port or 53;
in
"127.0.0.1:${toString port}#${roles.server.machines.${m}.settings.tld}"
) (lib.attrNames roles.server.machines);
services.resolved.domains = map (m: "~${roles.server.machines.${m}.settings.tld}") (
lib.attrNames roles.server.machines
);
services.unbound = {
enable = true;
# resolveLocalQueries = true;
checkconf = true;
settings = {
server = {
port = 5353;
verbosity = 2;
interface = [ "127.0.0.1" ];
access-control = [ "127.0.0.0/8 allow" ];
do-not-query-localhost = "no";
domain-insecure = map (m: "${roles.server.machines.${m}.settings.tld}.") (
lib.attrNames roles.server.machines
);
};
# Default: forward everything else to DHCP-provided resolvers
# forward-zone = [
# {
# name = ".";
# forward-addr = "127.0.0.53@53"; # Forward to systemd-resolved
# }
# ];
forward-zone = [
{
name = ".";
forward-tls-upstream = true;
forward-addr = [
"9.9.9.9#dns.quad9.net"
"149.112.112.112#dns.quad9.net"
"1.1.1.1@853#cloudflare-dns.com"
"1.0.0.1@853#cloudflare-dns.com"
"2606:4700:4700::1111@853#cloudflare-dns.com"
"2606:4700:4700::1001@853#cloudflare-dns.com"
"8.8.8.8#dns.google"
"8.8.4.4#dns.google"
"2001:4860:4860::8888#dns.google"
"2001:4860:4860::8844#dns.google"
];
}
];
stub-zone = {
name = "${roles.server.machines.${(lib.head (lib.attrNames roles.server.machines))}.settings.tld}.";
stub-addr = map (
m: "${roles.server.machines.${m}.settings.ip}@${builtins.toString settings.dnsPort}"
) (lib.attrNames roles.server.machines);
};
};
};
};
};
};
}

18
clanServices/coredns/flake-module.nix
View file

@ -1,18 +0,0 @@
{ ... }:
let
module = ./default.nix;
in
{
clan.modules = {
"@rpqt/coredns" = module;
};
# perSystem =
# { ... }:
# {
# clan.nixosTests.coredns = {
# imports = [ ./tests/vm/default.nix ];
# clan.modules."@rpqt/coredns" = module;
# };
# };
}

7
clanServices/flake-module.nix
View file

@ -1,7 +0,0 @@
{
imports = [
./buildbot/flake-module.nix
./coredns/flake-module.nix
./prometheus/flake-module.nix
];
}

38
clanServices/prometheus/README.md
View file

@ -1,38 +0,0 @@
This module enables collecting metrics from machines in clan, using Prometheus.
There are two roles:
- A `target` role for machines on which to collect and export metrics.
- A `scraper` roles for machines that fetch metrics from `target` machines and
store them in the long term.
```nix
inventory = {
machines = {
server01.tags.server = {};
server02.tags.server = {};
metrics.tags.server = {}; # metrics collector
};
instances = {
prometheus = {
module.name = "@rpqt/prometheus";
module.input = "self";
roles.scraper.machines."metrics" = {};
# Collect metrics on all servers
roles.target.tags.server = {
settings = {
exporters = {
# Enable the node-exporter metrics source
node.enabledCollectors = [ "systemd" ];
};
};
};
};
};
};
```

114
clanServices/prometheus/default.nix
View file

@ -1,114 +0,0 @@
{ self, ... }:
{ lib, ... }:
{
_class = "clan.service";
manifest.name = "prometheus";
manifest.description = "Prometheus metrics collection across the clan network.";
manifest.readme = builtins.readFile ./README.md;
# Only works with zerotier (until a unified network module is ready)
roles.scraper = {
description = "A server that scrapes metrics from exporters of machines that have the 'target' role.";
interface = {
options.extraScrapeConfigs = lib.mkOption {
type = lib.types.listOf lib.types.attrs;
description = "A list of additional scrape configurations.";
};
};
perInstance =
{
settings,
roles,
...
}:
{
nixosModule =
{ config, lib, ... }:
{
services.prometheus.enable = true;
services.prometheus.scrapeConfigs =
let
allExporters = lib.unique (
lib.concatLists (
lib.map (machine: lib.attrNames machine.settings.exporters) (lib.attrValues roles.target.machines)
)
);
hasExporter =
exporter: machine: lib.hasAttr exporter roles.target.machines.${machine}.settings.exporters;
mkScrapeConfig = (
exporter:
let
machinesWithExporter = lib.filter (hasExporter exporter) (lib.attrNames roles.target.machines);
in
{
job_name = exporter;
static_configs = lib.map (machineName: {
targets =
let
targetConfig = self.nixosConfigurations.${machineName}.config;
targetHost = targetConfig.clan.core.vars.generators.zerotier.files.zerotier-ip.value;
in
[
"[${targetHost}]:${toString targetConfig.services.prometheus.exporters.${exporter}.port}"
];
labels.instance = machineName;
}) machinesWithExporter;
}
);
in
(lib.map mkScrapeConfig allExporters) ++ settings.extraScrapeConfigs;
clan.core.state.prometheus.folders = [ "/var/lib/${config.services.prometheus.stateDir}" ];
};
};
};
roles.target = {
description = "A machine on which to collect and export metrics.";
interface =
{ lib, ... }:
{
options = {
exporters = lib.mkOption {
type = lib.types.attrs;
default = { };
example = {
node = {
enabledCollectors = [ "systemd" ];
port = 9002;
};
};
description = "Attribute set of exporters to enable";
};
};
};
perInstance =
{
instanceName,
settings,
machine,
roles,
...
}:
{
nixosModule =
{ config, lib, ... }:
{
services.prometheus.exporters = builtins.mapAttrs (
name: exporterSettings:
exporterSettings
// {
enable = true;
}
) settings.exporters;
networking.firewall.interfaces."zts7mq7onf".allowedTCPPorts = lib.map (
exporterName: config.services.prometheus.exporters.${exporterName}.port
) (lib.attrNames settings.exporters);
};
};
};
}

4
clanServices/prometheus/flake-module.nix
View file

@ -1,4 +0,0 @@
{ self, lib, ... }:
{
clan.modules."@rpqt/prometheus" = lib.modules.importApply ./default.nix { inherit self; };
}

26
devShells/flake-module.nix
View file

@ -1,26 +0,0 @@
{
perSystem =
{
inputs',
pkgs,
...
}:
{
devShells.default = pkgs.mkShellNoCC {
packages = [
inputs'.clan-core.packages.clan-cli
pkgs.garage
pkgs.nil # Nix language server
pkgs.nixfmt
pkgs.opentofu
pkgs.terraform-ls
pkgs.deploy-rs
pkgs.zsh
];
shellHook = ''
export GARAGE_RPC_SECRET=$(clan vars get crocus garage-shared/rpc_secret)
export GARAGE_RPC_HOST=5d8249fe49264d36bc3532bd88400498bf9497b5cd4872245eb820d5d7797ed6@crocus.val:3901
'';
};
};
}

8
dotbot/windows.yaml
View file

@ -1,8 +0,0 @@
- defaults:
link:
relink: true
- link:
~/AppData/Roaming/helix/config.toml: .config/helix/config.toml
~/AppData/Roaming/jj/config.toml: .config/jj/config.toml
~/AppData/Roaming/nushell/config.nu: .config/nushell/config.nu

360
flake.lock generated
View file

@ -1,25 +1,25 @@
{ {
"nodes": { "nodes": {
"buildbot-nix": { "agenix": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "darwin": "darwin",
"hercules-ci-effects": "hercules-ci-effects", "home-manager": "home-manager",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"treefmt-nix": "treefmt-nix" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1768230255, "lastModified": 1745630506,
"narHash": "sha256-d98+nRSV2X86LcJUDZDAR9wvmmGG1uMzY5/zJdKH9pU=", "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=",
"owner": "nix-community", "owner": "ryantm",
"repo": "buildbot-nix", "repo": "agenix",
"rev": "6c62d4e0e82b607638b00d6f4f4ad06646342826", "rev": "96e078c646b711aee04b82ba01aefbff87004ded",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "ryantm",
"repo": "buildbot-nix", "repo": "agenix",
"type": "github" "type": "github"
} }
}, },
@ -27,24 +27,23 @@
"inputs": { "inputs": {
"data-mesher": "data-mesher", "data-mesher": "data-mesher",
"disko": "disko", "disko": "disko",
"flake-parts": [ "flake-parts": "flake-parts",
"flake-parts"
],
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
"nix-select": "nix-select", "nix-select": "nix-select",
"nixos-facter-modules": "nixos-facter-modules",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"systems": "systems", "systems": "systems_2",
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1768662392, "lastModified": 1747400548,
"narHash": "sha256-tE6k6yaQDF1n4YkTC4aH+BgKNQM36bYdhslP0udgMyY=", "narHash": "sha256-zvBGXYkd8pZKkBXlLdcw0/nxSoGJOkwGbc6dz9NS4G8=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "1f2f93239ef3638d4b7a2187d021b8d8fe6507b8", "rev": "56f3fd0a454635d0449330e6848a98bab6da020e",
"revCount": 12169, "revCount": 6979,
"type": "git", "type": "git",
"url": "https://git.clan.lol/clan/clan-core" "url": "https://git.clan.lol/clan/clan-core"
}, },
@ -53,6 +52,28 @@
"url": "https://git.clan.lol/clan/clan-core" "url": "https://git.clan.lol/clan/clan-core"
} }
}, },
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"data-mesher": { "data-mesher": {
"inputs": { "inputs": {
"flake-parts": [ "flake-parts": [
@ -63,47 +84,27 @@
"clan-core", "clan-core",
"nixpkgs" "nixpkgs"
], ],
"systems": [
"clan-core",
"systems"
],
"treefmt-nix": [ "treefmt-nix": [
"clan-core", "clan-core",
"treefmt-nix" "treefmt-nix"
] ]
}, },
"locked": { "locked": {
"lastModified": 1768383623, "lastModified": 1747329636,
"narHash": "sha256-X1jD5UvgYW50wWxdxJn9b8hiOvpSoLcO3ZC1AZx7+gQ=", "narHash": "sha256-mmyx5trq5ZQp6uShbHNfqgSxdg9OeArcZGdZKtHjhqw=",
"rev": "82c2fbf84ea0162d95b4958f02499e68c9a843a6", "rev": "7afcd6f322b9839699f6f31d5bed884c6dd412c4",
"type": "tarball", "type": "tarball",
"url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/82c2fbf84ea0162d95b4958f02499e68c9a843a6.tar.gz" "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/7afcd6f322b9839699f6f31d5bed884c6dd412c4.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://git.clan.lol/clan/data-mesher/archive/main.tar.gz" "url": "https://git.clan.lol/clan/data-mesher/archive/main.tar.gz"
} }
}, },
"direnv-instant": {
"inputs": {
"flake-parts": [
"flake-parts"
],
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix_3"
},
"locked": {
"lastModified": 1768657403,
"narHash": "sha256-YkbdCu2ZInQj72rQQLgVP2x1m8il8+DtwzypBiYrrfE=",
"owner": "Mic92",
"repo": "direnv-instant",
"rev": "ab8c70c557f610e20008eb407d17cfd78b44ea1c",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "direnv-instant",
"type": "github"
}
},
"disko": { "disko": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -112,11 +113,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1766150702, "lastModified": 1747274630,
"narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", "narHash": "sha256-87RJwXbfOHyzTB9LYagAQ6vOZhszCvd8Gvudu+gf3qo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", "rev": "ec7c109a4f794fce09aad87239eab7f66540b888",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -132,11 +133,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1766150702, "lastModified": 1747274630,
"narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", "narHash": "sha256-87RJwXbfOHyzTB9LYagAQ6vOZhszCvd8Gvudu+gf3qo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", "rev": "ec7c109a4f794fce09aad87239eab7f66540b888",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -148,16 +149,16 @@
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"buildbot-nix", "clan-core",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1767609335, "lastModified": 1743550720,
"narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "250481aafeb741edfe23d29195671c19b36b6dca", "rev": "c621e8422220273271f52058f618c94e405bb0f5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -166,63 +167,19 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1768135262,
"narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"hercules-ci-effects": {
"inputs": {
"flake-parts": [
"buildbot-nix",
"flake-parts"
],
"nixpkgs": [
"buildbot-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1765774562,
"narHash": "sha256-UQhfCggNGDc7eam+EittlYmeW89CZVT1KkFIHZWBH7k=",
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"rev": "edcbb19948b6caf1700434e369fde6ff9e6a3c93",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"agenix",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1768598210, "lastModified": 1745494811,
"narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=", "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "c47b2cc64a629f8e075de52e4742de688f930dc6", "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -231,6 +188,41 @@
"type": "github" "type": "github"
} }
}, },
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1747374689,
"narHash": "sha256-JT/aBZqmK1LbExzwT9cPkvxKc0IC4i6tZKOPjsSWFbI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "d2263ce5f4c251c0f7608330e8fdb7d1f01f0667",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1737831083,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"nix-darwin": { "nix-darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -239,11 +231,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1768561867, "lastModified": 1747365160,
"narHash": "sha256-prGOZ+w3pZfGTRxworKcJliCNsewF0L4HUPjgU/6eaw=", "narHash": "sha256-4ZVr0x+ry6ybym/VhVYACj0HlJo44YxAaPGOxiS88Hg=",
"owner": "nix-darwin", "owner": "nix-darwin",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "8b720b9662d4dd19048664b7e4216ce530591adc", "rev": "8817b00b0011750381d0d44bb94d61087349b6ba",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -254,11 +246,11 @@
}, },
"nix-select": { "nix-select": {
"locked": { "locked": {
"lastModified": 1763303120, "lastModified": 1745005516,
"narHash": "sha256-yxcNOha7Cfv2nhVpz9ZXSNKk0R7wt4AiBklJ8D24rVg=", "narHash": "sha256-IVaoOGDIvAa/8I0sdiiZuKptDldrkDWUNf/+ezIRhyc=",
"rev": "3d1e3860bef36857a01a2ddecba7cdb0a14c35a9", "rev": "69d8bf596194c5c35a4e90dd02c52aa530caddf8",
"type": "tarball", "type": "tarball",
"url": "https://git.clan.lol/api/v1/repos/clan/nix-select/archive/3d1e3860bef36857a01a2ddecba7cdb0a14c35a9.tar.gz" "url": "https://git.clan.lol/api/v1/repos/clan/nix-select/archive/69d8bf596194c5c35a4e90dd02c52aa530caddf8.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
@ -280,17 +272,32 @@
"type": "github" "type": "github"
} }
}, },
"nixos-facter-modules": {
"locked": {
"lastModified": 1743671943,
"narHash": "sha256-7sYig0+RcrR3sOL5M+2spbpFUHyEP7cnUvCaqFOBjyU=",
"owner": "nix-community",
"repo": "nixos-facter-modules",
"rev": "58ad9691670d293a15221d4a78818e0088d2e086",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-facter-modules",
"type": "github"
}
},
"nixos-generators": { "nixos-generators": {
"inputs": { "inputs": {
"nixlib": "nixlib", "nixlib": "nixlib",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1764234087, "lastModified": 1742568034,
"narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=", "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "032a1878682fafe829edfcf5fdfad635a2efe748", "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -301,11 +308,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1768584846, "lastModified": 1747129300,
"narHash": "sha256-IRPmIOV2tPwxbhP/I9M5AmwhTC0lMPtoPStC+8T6xl0=", "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "cce68f4a54fa4e3d633358364477f5cc1d782440", "rev": "e81fd167b33121269149c57806599045fd33eeed",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -333,11 +340,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1768564909, "lastModified": 1747179050,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -349,17 +356,14 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"buildbot-nix": "buildbot-nix", "agenix": "agenix",
"clan-core": "clan-core", "clan-core": "clan-core",
"direnv-instant": "direnv-instant",
"disko": "disko_2", "disko": "disko_2",
"flake-parts": "flake-parts_2", "home-manager": "home-manager_2",
"home-manager": "home-manager", "impermanence": "impermanence",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2"
"srvos": "srvos",
"terranix": "terranix"
} }
}, },
"sops-nix": { "sops-nix": {
@ -370,11 +374,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1768481291, "lastModified": 1746485181,
"narHash": "sha256-NjKtkJraCZEnLHAJxLTI+BfdU//9coAz9p5TqveZwPU=", "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "e085e303dfcce21adcb5fec535d65aacb066f101", "rev": "e93ee1d900ad264d65e9701a5c6f895683433386",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -383,26 +387,6 @@
"type": "github" "type": "github"
} }
}, },
"srvos": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1768523683,
"narHash": "sha256-UbkyPXPPAbz0gHIWvHZ+jrPTruZqkpuwTFo5JXPnIgU=",
"owner": "nix-community",
"repo": "srvos",
"rev": "90e9331fd79d4c3bb5c1e7cd2df2e560565fe543",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "srvos",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
@ -433,52 +417,7 @@
"type": "github" "type": "github"
} }
}, },
"terranix": {
"inputs": {
"flake-parts": [
"flake-parts"
],
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_2"
},
"locked": {
"lastModified": 1762472226,
"narHash": "sha256-iVS4sxVgGn+T74rGJjEJbzx+kjsuaP3wdQVXBNJ79A0=",
"owner": "terranix",
"repo": "terranix",
"rev": "3b5947a48da5694094b301a3b1ef7b22ec8b19fc",
"type": "github"
},
"original": {
"owner": "terranix",
"repo": "terranix",
"type": "github"
}
},
"treefmt-nix": { "treefmt-nix": {
"inputs": {
"nixpkgs": [
"buildbot-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1768031762,
"narHash": "sha256-b2gJDJfi+TbA7Hu2sKip+1mWqya0GJaWrrXQjpbOVTU=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "0c445aa21b01fd1d4bb58927f7b268568af87b20",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"clan-core", "clan-core",
@ -486,32 +425,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1768158989, "lastModified": 1747299117,
"narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=", "narHash": "sha256-JGjCVbxS+9t3tZ2IlPQ7sdqSM4c+KmIJOXVJPfWmVOU=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca", "rev": "e758f27436367c23bcd63cd973fa5e39254b530e",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_3": {
"inputs": {
"nixpkgs": [
"direnv-instant",
"nixpkgs"
]
},
"locked": {
"lastModified": 1768031762,
"narHash": "sha256-b2gJDJfi+TbA7Hu2sKip+1mWqya0GJaWrrXQjpbOVTU=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "0c445aa21b01fd1d4bb58927f7b268568af87b20",
"type": "github" "type": "github"
}, },
"original": { "original": {

162
flake.nix
View file

@ -5,60 +5,128 @@
inputs@{ inputs@{
nixpkgs, nixpkgs,
clan-core, clan-core,
flake-parts, home-manager,
impermanence,
nixos-generators,
nixos-hardware,
self,
... ...
}: }:
flake-parts.lib.mkFlake { inherit inputs; } ({ let
imports = [ clan = clan-core.lib.buildClan {
clan-core.flakeModules.default self = self;
inputs.terranix.flakeModule meta.name = "blossom";
./clan/flake-module.nix specialArgs = {
./clanServices/flake-module.nix inherit inputs self;
./devShells/flake-module.nix inherit (import ./parts) keys;
./home-manager/flake-module.nix };
./infra/flake-module.nix inventory = {
./modules/flake-module.nix instances = {
./packages/flake-module.nix "rpqt-admin" = {
module.input = "clan-core";
module.name = "admin";
roles.default.machines = {
"crocus" = { };
"genepi" = { };
"haze" = { };
};
roles.default.settings.allowedKeys = {
rpqt_haze = (import ./parts).keys.rpqt.haze;
};
};
};
services = {
zerotier.default = {
roles.controller.machines = [
"crocus"
]; ];
roles.peer.machines = [
"haze"
"genepi"
];
};
sshd.default = {
roles.server.machines = [ "crocus" ];
};
user-password.rpqt = {
roles.default.machines = [
"crocus"
"genepi"
"haze"
];
config.user = "rpqt";
};
};
};
};
in
{
inherit (clan) clanInternals nixosConfigurations;
systems = [ devShells =
"x86_64-linux" let
"aarch64-linux" system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
};
in
{
"${system}".default = pkgs.mkShell {
packages = [
inputs.agenix.packages.${system}.default
clan-core.packages.${system}.clan-cli
pkgs.nil # Nix language server
pkgs.nixfmt-rfc-style
pkgs.opentofu
pkgs.terraform-ls
pkgs.deploy-rs
pkgs.zsh
]; ];
}); shellhook = ''
exec zsh
'';
};
};
};
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; nixpkgs = {
url = "github:nixos/nixpkgs?ref=nixos-unstable";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
impermanence = {
url = "github:nix-community/impermanence";
};
nixos-hardware = {
url = "github:NixOS/nixos-hardware/master";
};
nixos-generators = {
url = "github:nix-community/nixos-generators";
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
clan-core = {
url = "git+https://git.clan.lol/clan/clan-core";
inputs.nixpkgs.follows = "nixpkgs";
};
};
disko.url = "github:nix-community/disko"; nixConfig = {
disko.inputs.nixpkgs.follows = "nixpkgs"; extra-substituters = [
"https://cache.nixos.org"
home-manager.url = "github:nix-community/home-manager"; "https://nix-community.cachix.org"
home-manager.inputs.nixpkgs.follows = "nixpkgs"; ];
extra-trusted-public-keys = [
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
nixos-generators.url = "github:nix-community/nixos-generators";
clan-core.url = "git+https://git.clan.lol/clan/clan-core";
clan-core.inputs.nixpkgs.follows = "nixpkgs";
clan-core.inputs.flake-parts.follows = "flake-parts";
flake-parts.url = "github:hercules-ci/flake-parts";
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
srvos.url = "github:nix-community/srvos";
srvos.inputs.nixpkgs.follows = "nixpkgs";
buildbot-nix.url = "github:nix-community/buildbot-nix";
buildbot-nix.inputs.nixpkgs.follows = "nixpkgs";
direnv-instant.url = "github:Mic92/direnv-instant";
direnv-instant.inputs.nixpkgs.follows = "nixpkgs";
direnv-instant.inputs.flake-parts.follows = "flake-parts";
terranix.url = "github:terranix/terranix";
terranix.inputs.nixpkgs.follows = "nixpkgs";
terranix.inputs.flake-parts.follows = "flake-parts";
}; };
} }

76
home-manager/cli.nix
View file

@ -1,76 +0,0 @@
{
self,
config,
osConfig,
pkgs,
...
}:
let
shellAliases = {
ls = "eza";
lsa = "ls -A";
ll = "ls -lh";
lla = "ls -lAh";
h = "hx";
g = "git";
cd = "z";
tree = "eza --tree";
".." = "cd ..";
"..." = "cd ../..";
};
in
{
imports = [
self.homeManagerModules.dotfiles
];
home.packages = with pkgs; [
age
age-plugin-yubikey
bottom
btop
comma
difftastic
doggo
duf
eza
fd
glow
jjui
lazygit
nh
passage
rage
ripgrep
skim
tealdeer
vivid
yazi
zoxide
];
programs.zoxide.enable = true;
programs.starship.enable = true;
programs.bat.enable = true;
programs.atuin.enable = true;
xdg.dataFile."atuin/key".source =
config.lib.file.mkOutOfStoreSymlink osConfig.clan.core.vars.generators.atuin.files.key.path;
programs.zsh = {
enable = true;
syntaxHighlighting.enable = true;
inherit shellAliases;
};
programs.fish = {
enable = true;
inherit shellAliases;
};
xdg.configFile."git".source = "${config.dotfiles.path}/.config/git";
xdg.configFile."jj/config.toml".source = "${config.dotfiles.path}/.config/jj/config.toml";
xdg.configFile."task/taskrc".source = "${config.dotfiles.path}/.config/task/taskrc";
home.sessionPath = [ "${config.dotfiles.path}/bin" ];
}

13
home-manager/desktop/gnome.nix
View file

@ -1,13 +0,0 @@
{ pkgs, ... }:
{
home.packages = with pkgs.gnomeExtensions; [
blur-my-shell
paperwm
];
dconf.settings = {
"org/gnome/nautilus/preferences" = {
show-image-thumbnails = "always";
};
};
}

9
home-manager/desktop/niri.nix
View file

@ -1,9 +0,0 @@
{ self, config, ... }:
{
imports = [
self.homeManagerModules.dotfiles
./wayland.nix
];
xdg.configFile."niri".source = "${config.dotfiles.path}/.config/niri";
}

22
home-manager/desktop/terminal.nix
View file

@ -1,22 +0,0 @@
{
config,
pkgs,
self,
...
}:
{
imports = [
self.homeManagerModules.dotfiles
];
home.packages = [
pkgs.alacritty
pkgs.ghostty
];
programs.alacritty.enable = true;
xdg.configFile."alacritty/alacritty.toml".source =
"${config.dotfiles.path}/.config/alacritty/alacritty.toml";
xdg.configFile."ghostty/config".source = "${config.dotfiles.path}/.config/ghostty/config";
}

19
home-manager/desktop/vicinae.nix
View file

@ -1,19 +0,0 @@
{
config,
lib,
...
}:
{
programs.vicinae = {
enable = true;
systemd.enable = true;
systemd.autoStart = true;
};
xdg.configFile."vicinae/vicinae.json".source =
lib.mkForce "${config.dotfiles.path}/.config/vicinae/vicinae.json";
xdg.configFile."matugen/config.toml".source = "${config.dotfiles.path}/.config/matugen/config.toml";
xdg.configFile."matugen/templates/vicinae.toml".source =
"${config.dotfiles.path}/.config/matugen/templates/vicinae.toml";
}

42
home-manager/dev.nix
View file

@ -1,42 +0,0 @@
{
self,
config,
pkgs,
...
}:
{
imports = [
./cli.nix
./helix.nix
self.homeManagerModules.dotfiles
self.inputs.direnv-instant.homeModules.direnv-instant
];
home.packages = with pkgs; [
delta
direnv
gh
hut
jujutsu
nix-output-monitor
python3
radicle-desktop
radicle-node
radicle-tui
typescript-language-server
nil # Nix language server
nixfmt-rfc-style
nixpkgs-review
];
programs.direnv = {
enable = true;
enableZshIntegration = true;
nix-direnv.enable = true;
};
programs.direnv-instant.enable = true;
xdg.configFile."hut/config".source = "${config.dotfiles.path}/.config/hut/config";
home.file.".ssh/config".source = "${config.dotfiles.path}/.ssh/config";
}

5
home-manager/flake-module.nix
View file

@ -1,5 +0,0 @@
{
flake.homeManagerModules = {
dotfiles.imports = [ ./dotfiles.nix ];
};
}

24
home-manager/helix.nix
View file

@ -1,24 +0,0 @@
{
self,
config,
pkgs,
...
}:
{
imports = [
self.homeManagerModules.dotfiles
];
home.packages = [ pkgs.helix ];
programs.helix = {
enable = true;
defaultEditor = true;
};
home.sessionVariables.EDITOR = "hx";
xdg.configFile."helix/config.toml".source = "${config.dotfiles.path}/.config/helix/config.toml";
xdg.configFile."helix/languages.toml".source =
"${config.dotfiles.path}/.config/helix/languages.toml";
}

110
home-manager/mail/default.nix
View file

@ -1,110 +0,0 @@
{ config, ... }:
let
pass = "passage";
in
{
programs.thunderbird = {
enable = true;
profiles = {
main = {
isDefault = true;
};
};
};
programs.aerc = {
enable = true;
# safe since the accounts file just contains commands for retrieving passwords and is readonly in the nix store
extraConfig.general.unsafe-accounts-conf = true;
};
accounts.email.accounts = {
"rpqt@rpqt.fr" = rec {
address = "rpqt@rpqt.fr";
realName = "Romain Paquet";
primary = true;
flavor = "migadu.com";
thunderbird.enable = config.programs.thunderbird.enable;
aerc.enable = config.programs.aerc.enable;
passwordCommand = [
pass
"show"
"mail/${address}"
];
folders.inbox = "INBOX";
};
"admin@rpqt.fr" = rec {
address = "admin@rpqt.fr";
aliases = [ "postmaster@rpqt.fr" ];
realName = "Postmaster";
flavor = "migadu.com";
thunderbird.enable = config.programs.thunderbird.enable;
aerc.enable = config.programs.aerc.enable;
passwordCommand = [
pass
"show"
"mail/${address}"
];
folders.inbox = "INBOX";
};
"romain.paquet@grenoble-inp.org" = rec {
address = "romain.paquet@grenoble-inp.org";
realName = "Romain Paquet";
userName = "romain.paquet@grenoble-inp.org";
imap = {
host = "imap.partage.renater.fr";
port = 993;
};
smtp = {
host = "smtp.partage.renater.fr";
port = 465;
};
thunderbird.enable = config.programs.thunderbird.enable;
aerc.enable = config.programs.aerc.enable;
passwordCommand = [
pass
"show"
"mail/${address}"
];
folders.inbox = "INBOX";
};
"admin@turifer.dev" = rec {
address = "admin@turifer.dev";
aliases = [ "postmaster@turifer.dev" ];
realName = "Postmaster";
flavor = "migadu.com";
thunderbird.enable = config.programs.thunderbird.enable;
aerc.enable = config.programs.aerc.enable;
passwordCommand = [
pass
"mail/${address}"
];
};
"romain@student.agh.edu.pl" = {
address = "romain@student.agh.edu.pl";
aliases = [ "382799@student.agh.edu.pl" ];
realName = "Romain Paquet";
userName = "romain@student.agh.edu.pl";
imap = {
host = "poczta.agh.edu.pl";
port = 993;
};
smtp = {
host = "poczta.agh.edu.pl";
port = 465;
};
thunderbird.enable = config.programs.thunderbird.enable;
};
"romain.pqt@gmail.com" = {
address = "romain.pqt@gmail.com";
realName = "Romain Paquet";
flavor = "gmail.com";
thunderbird.enable = config.programs.thunderbird.enable;
};
};
}

16
home/.clang-format
View file

@ -1,16 +0,0 @@
BasedOnStyle: LLVM
IndentWidth: 8
TabWidth: 8
UseTab: Always
ColumnLimit: 80
IndentCaseLabels: false
IndentGotoLabels: false
BreakBeforeBraces: Custom
BraceWrapping:
AfterFunction: false
AlwaysBreakAfterDefinitionReturnType: false

37
home/.config/alacritty/alacritty.toml
View file

@ -1,37 +0,0 @@
[general]
live_config_reload = false
import = ["~/.config/alacritty/themes/kanagawa_wave.toml"]
[font]
size = 14
[font.bold]
family = "Jetbrains Mono NF"
style = "Bold"
[font.bold_italic]
family = "Jetbrains Mono NF"
style = "Bold Italic"
[font.italic]
family = "Jetbrains Mono NF"
style = "Italic"
[font.normal]
family = "Jetbrains Mono NF"
style = "Regular"
[[keyboard.bindings]]
action = "CreateNewWindow"
key = "Return"
mods = "Control|Shift"
[mouse]
hide_when_typing = true
[window]
opacity = 1.0
[window.padding]
x = 4
y = 4

35
home/.config/alacritty/themes/kanagawa_lotus.toml
View file

@ -1,35 +0,0 @@
[colors.primary]
background = '#f2ecbc'
foreground = '#545464'
[colors.normal]
black = "#1f1f28"
red = "#c84053"
green = "#6f894e"
yellow = "#77713f"
blue = "#4d699b"
magenta = "#b35b79"
cyan = "#597b75"
white = "#545464"
[colors.bright]
black = "#8a8980"
red = "#d7474b"
green = "#6e915f"
yellow = "#836f4a"
blue = "#6693bf"
magenta = "#624c83"
cyan = "#5e857a"
white = "#43436c"
[colors.selection]
background = '#c9cbd1'
foreground = '#dcd7ba'
[[colors.indexed_colors]]
index = 16
color = '#e98a00'
[[colors.indexed_colors]]
index = 17
color = '#e82424'

35
home/.config/alacritty/themes/kanagawa_wave.toml
View file

@ -1,35 +0,0 @@
[[colors.indexed_colors]]
color = "0xffa066"
index = 16
[[colors.indexed_colors]]
color = "0xff5d62"
index = 17
[colors.bright]
black = "0x727169"
blue = "0x7fb4ca"
cyan = "0x7aa89f"
green = "0x98bb6c"
magenta = "0x938aa9"
red = "0xe82424"
white = "0xdcd7ba"
yellow = "0xe6c384"
[colors.normal]
black = "0x090618"
blue = "0x7e9cd8"
cyan = "0x6a9589"
green = "0x76946a"
magenta = "0x957fb8"
red = "0xc34043"
white = "0xc8c093"
yellow = "0xc0a36e"
[colors.primary]
background = "0x1f1f28"
foreground = "0xdcd7ba"
[colors.selection]
background = "0x2d4f67"
foreground = "0xc8c093"

1
home/.config/bat/config
View file

@ -1 +0,0 @@
--theme gruvbox-dark

6
home/.config/ghostty/config
View file

@ -1,6 +0,0 @@
theme = dark:Kanagawa Wave,light:Builtin Light
font-feature = -liga
font-feature = -calt
font-feature = -dlig
font-size = 14
window-inherit-working-directory = false

54
home/.config/git/common.gitconfig
View file

@ -1,54 +0,0 @@
[user]
email = rpqt@rpqt.fr
name = Romain Paquet
[init]
defaultBranch = main
[core]
excludesfile = ~/.config/git/ignore
[filter "lfs"]
clean = git-lfs clean -- %f
smudge = git-lfs smudge -- %f
process = git-lfs filter-process
required = true
[color]
ui = auto
[sendemail]
smtpserver = smtp.migadu.com
smtpuser = rpqt@rpqt.fr
smtpencryption = ssl
smtpserverport = 465
[diff]
colormoved = "default"
colormovedws = "allow-indentation-change"
[alias]
a = add
s = status
c = commit
news = -c diff.external=difft log -p HEAD@{1}..HEAD@{0} --ext-diff
dlog = -c diff.external=difft log -p --ext-diff
dshow = -c diff.external=difft show --ext-diff
dft = -c diff.external=difft diff
lg1 = log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%s%C(reset) %C(dim white)- %an%C(reset)%C(auto)%d%C(reset)' --all
lg2 = log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold cyan)%aD%C(reset) %C(bold green)(%ar)%C(reset)%C(auto)%d%C(reset)%n'' %C(white)%s%C(reset) %C(dim white)- %an%C(reset)'
[column]
ui = auto
[branch]
sort = -committerdate
[tag]
sort = version:refname
[push]
autoSetupRemote = true
followTags = true
[help]
autocorrect = prompt
[commit]
verbose = true
[rerere]
enabled = true
autoupdate = true
[rebase]
autoSquash = true
autoStash = true
updateRefs = true
[pull]
rebase = true

5
home/.config/git/config
View file

@ -1,5 +0,0 @@
[include]
path = ~/.config/git/common.gitconfig
path = ~/.config/git/local.gitconfig
[includeIf "gitdir:~/imag/"]
path = ~/.config/git/ensimag.gitconfig

3
home/.config/git/ensimag.gitconfig
View file

@ -1,3 +0,0 @@
[user]
name = "Romain Paquet"
email = romain.paquet@grenoble-inp.org

4
home/.config/git/ignore
View file

@ -1,4 +0,0 @@
/.direnv
/.helix
/.settings
/.classpath

21
home/.config/helix/config.toml
View file

@ -1,21 +0,0 @@
theme = "kanagawa"
[editor]
line-number = "absolute"
auto-completion = true
auto-format = true
end-of-line-diagnostics = "hint"
[editor.cursor-shape]
insert = "bar"
normal = "block"
[editor.statusline]
left = ["mode", "spinner", "file-name"]
right = ["diagnostics", "file-encoding", "file-type", "position"]
mode.normal = "NORMAL"
mode.insert = "INSERT"
mode.select = "SELECT"
[editor.inline-diagnostics]
cursor-line = "error"

64
home/.config/helix/languages.toml
View file

@ -1,64 +0,0 @@
[[language]]
name = "c"
scope = "source.c"
file-types = ["c", "h"]
indent = { tab-width = 4, unit = "\t" }
auto-format = true
language-servers = [ { name = "clangd" } ]
[language-server.clangd]
command = "clangd"
args = ["--header-insertion=never"]
[[language]]
name = "rust"
language-servers = [ "rust-analyzer" ]
auto-format = true
[language-server.rust-analyzer.config]
check.command = "clippy"
[language-server.deno-lsp]
command = "deno"
args = ["lsp"]
[language-server.deno-lsp.config.deno]
enable = true
lint = true
suggest.imports.hosts = { "https://deno.land" = true }
[[language]]
name = "typescript"
file-types = ["ts"]
language-servers = ["deno-lsp"]
[[language]]
name = "djot"
scope = "source.djot"
file-types = ["dj"]
[[grammar]]
name = "djot"
source = { git = "https://github.com/treeman/tree-sitter-djot", rev = "master" }
[[language]]
name = "nix"
formatter = { command = "nixfmt" }
[[language]]
name = "java"
formatter = { command = "google-java-format", args = ["--aosp"] }
auto-format = true
[[language]]
name = "hcl"
formatter = { command = "tofu", args = ["fmt", "-"] }
auto-format = true
[[language]]
name = "vento"
indent = { tab-width = 2, unit = "\t" }
[[language]]
name = "ocaml"
auto-format = true

3
home/.config/hut/config
View file

@ -1,3 +0,0 @@
instance "sr.ht" {
access-token-cmd pass oauth/sr.ht-hut@haze
}

53
home/.config/i3status-rust/bottom-config.toml
View file

@ -1,53 +0,0 @@
[theme]
theme = "kanagawa"
[theme.overrides]
separator = "<span size='13000'></span>"
[icons]
icons = "material-nf"
[[block]]
block = "privacy"
[[block.driver]]
name = "pipewire"
[[block]]
block = "music"
format = " $icon {$combo.str(max_w:70) $prev $next |}"
[[block.click]]
button = "left"
action = "play_pause"
[[block]]
block = "bluetooth"
mac = "20:74:CF:B5:B7:7A"
format = " $icon $name{ $percentage|} "
disconnected_format = ""
[[block]]
block = "bluetooth"
mac = "28:11:A5:6B:44:8B"
format = " $icon $name{ $percentage|} "
disconnected_format = ""
[[block]]
block = "bluetooth"
mac = "00:1E:7C:50:24:8F"
format = " $icon $name{ $percentage|} "
disconnected_format = ""
[[block]]
block = "toggle"
format = " $icon ensivpn "
command_state = 'nmcli -f general.state con show Ensimag-VPN-ETU-udp | grep -v deactivated'
command_on = "pass show web/ensimag.fr | head -n 1 | nmcli c up Ensimag-VPN-ETU-udp --ask"
command_off = "nmcli c down Ensimag-VPN-ETU-udp"
[[block]]
block = "net"
interval = 10
device = "wlan0"
format = " $icon {$ssid|$device} "
[[block.click]]
button = "left"
cmd = "iwgtk"

78
home/.config/i3status-rust/config.toml
View file

@ -1,78 +0,0 @@
[theme]
theme = "kanagawa"
[theme.overrides]
separator = "<span size='17000'></span>"
[icons]
icons = "material-nf"
[icons.overrides]
sleep = "󰒲"
no_sleep = "󰒳"
[[block]]
block = "toggle"
format = " $icon "
command_state = "pgrep swayidle"
command_on = "swaymsg 'exec swayidle -w'"
command_off = "pkill swayidle"
icon_on = "sleep"
icon_off = "no_sleep"
[[block]]
block = "toggle"
format = "  $icon "
command_state = 'if [ "$($HOME/bin/darkmode status)" = "dark" ]; then echo y; fi'
command_on = "$HOME/bin/darkmode toggle"
command_off = "$HOME/bin/darkmode toggle"
[[block]]
block = "hueshift"
format = " 󱩌 {$temperature} "
click_temp = 4000
[[block]]
block = "backlight"
format = " $icon $brightness.eng(width:1) "
step_width = 1
minimum = 1
[[block]]
block = "sound"
driver = "pulseaudio"
headphones_indicator = true
show_volume_when_muted = true
format = " $icon $volume.eng(width:1) "
[[block.click]]
button = "left"
cmd = "pavucontrol"
[block.theme_overrides]
warning_bg = { link = "idle_bg" }
warning_fg = { link = "idle_fg"}
idle_bg = { link = "info_bg" }
idle_fg = { link = "info_fg"}
[[block]]
block = "battery"
interval = 30
format = " $icon $percentage "
full_format = " $icon $percentage "
[[block]]
block = "keyboard_layout"
driver = "sway"
sway_kb_identifier = "1267:12613:ASUE140C:00_04F3:3145_Keyboard"
format = "  $layout "
[[block.click]]
button = "left"
cmd = "swaymsg input '1267:12613:ASUE140C:00_04F3:3145_Keyboard' xkb_switch_layout next"
[block.mappings]
"French (N/A)" = "fr"
"English (Colemak-DH)" = "colemak-dh"
"English (US)" = "en"
[[block]]
block = "time"
interval = 10
[block.format]
full = " $icon $timestamp.datetime(f:'%a %d/%m/%y %R', l:fr_FR) "
short = " $icon $timestamp.datetime(f:'%R')"

14
home/.config/i3status-rust/themes/kanagawa.toml
View file

@ -1,14 +0,0 @@
idle_bg = "#151515"
idle_fg = "#dcd7ba"
info_bg = "#2d4f67"
info_fg = "#dcd7ba"
good_bg = "#151515"
good_fg = "#98971a"
warning_bg = "#ff9e3b"
warning_fg = "#16161D"
critical_bg = "#e82424"
critical_fg = "#dcd7ba"
separator = "\ue0b2"
separator_bg = "auto"
separator_fg = "auto"
alternating_tint_bg = "#151515"

54
home/.config/jj/config.toml
View file

@ -1,54 +0,0 @@
"$schema" = "https://jj-vcs.github.io/jj/latest/config-schema.json"
[ui]
default-command = ["log", "--no-pager"]
diff-formatter = ["difft", "--color=always", "$left", "$right"]
diff-editor = ":builtin"
[user]
name = "Romain Paquet"
email = "rpqt@rpqt.fr"
[git]
write-change-id-header = true
[revset-aliases]
'closest_pushable(to)' = 'heads(::to & mutable() & ~description(exact:"") & (~empty() | merges()))'
[aliases]
s = ["status", "--no-pager"]
tug = ["bookmark", "move", "--from", "heads(::@ & bookmarks())", "--to", "closest_pushable(@)"]
[[--scope]]
--when.repositories = ["~/agh"]
[--scope.user]
email = "romain@student.agh.edu.pl"
[[--scope]]
--when.repositories = ["~/imag"]
[--scope.user]
email = "romain.paquet@grenoble-inp.org"
# After this line everything is taken from https://andre.arko.net/2025/09/28/stupid-jj-tricks
[templates]
draft_commit_description = '''
concat(
coalesce(description, default_commit_description, "\n"),
surround(
"\nJJ: This commit contains the following changes:\n", "",
indent("JJ: ", diff.stat(72)),
),
"\nJJ: ignore-rest\n",
diff.git(),
)
'''
log_node = '''
if(self && !current_working_copy && !immutable && !conflict && in_branch(self),
"◇",
builtin_log_node
)
'''
[template-aliases]
"in_branch(commit)" = 'commit.contained_in("immutable_heads()..bookmarks()")'

46
home/.config/kmonad/config.kbd
View file

@ -1,46 +0,0 @@
(defcfg
input (device-file "/dev/input/by-path/platform-i8042-serio-0-event-kbd")
output (uinput-sink "KMonad laptop keyboard output")
fallthrough true
)
(defsrc
esc f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 prnt ins del
grv 1 2 3 4 5 6 7 8 9 0 - = bspc home
tab q w e r t y u i o p [ ] \ pgup
caps a s d f g h j k l ; ' ret pgdn
lsft z x c v b n m , . / rsft end
lctl lmet lalt spc ralt rctl
)
(defalias
maj (layer-toggle azerty-shift)
agr (layer-toggle azerty-altgr)
)
(deflayer azerty
esc f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 prnt ins del
grv & é " ' \( - è \_ ç à \) = bspc home
tab a z e r t y u i o p ^ $ * pgup
caps q s d f g h j k l m ù ret pgdn
@maj w x c v b n , ; : ! rsft end
lctl lmet lalt spc @agr rctl
)
(deflayer azerty-shift
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ 1 2 3 4 5 6 7 8 9 0 ° + _ _
_ a _ _ _ _ _ _ _ _ _ _ £ µ _
_ _ _ _ _ _ _ _ _ _ _ % _ _
@maj _ _ _ _ _ _ ? . / § rsft _
lctl lmet lalt spc ralt rctl
)
(deflayer azerty-altgr
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ ~ # { [ | grv \ ^ @ ] } _ _
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _ _ _ _ _ _ _ _ rsft _
lctl lmet lalt spc @agr rctl
)

6
home/.config/matugen/config.toml
View file

@ -1,6 +0,0 @@
[config]
[templates.vicinae]
input_path = '~/.config/matugen/templates/vicinae.toml'
output_path = '~/.local/share/vicinae/themes/matugen.toml'
post_hook = 'vicinae theme set matugen'

127
home/.config/matugen/templates/vicinae.toml
View file

@ -1,127 +0,0 @@
# Vicinae Matugen Theme Template
# Used LLM for initial generation, then modified to a satisfactory level
[meta]
name = "Matugen"
description = "Material You theme generated by Matugen - {{mode}} variant"
variant = "{{mode}}"
# ============================================================================
# Core Colors
# ============================================================================
[colors.core]
accent = "{{colors.primary.default.hex}}"
accent_foreground = "{{colors.on_primary.default.hex}}"
background = "{{colors.surface.default.hex}}"
foreground = "{{colors.on_surface.default.hex}}"
secondary_background = "{{colors.surface_container.default.hex}}"
border = "{{colors.outline_variant.default.hex}}"
# ============================================================================
# Window Borders
# ============================================================================
[colors.main_window]
border = "{{colors.outline_variant.default.hex}}"
[colors.settings_window]
border = "{{colors.outline.default.hex}}"
# ============================================================================
# Accent Palette
# ============================================================================
[colors.accents]
blue = "{{colors.primary.default.hex}}"
green = "{{colors.tertiary.default.hex}}"
magenta = "{{colors.secondary.default.hex}}"
orange = { name = "{{colors.error.default.hex}}", lighter = 40 }
red = "{{colors.error.default.hex}}"
yellow = { name = "{{colors.tertiary.default.hex}}", lighter = 80 }
cyan = { name = "{{colors.primary.default.hex}}", lighter = 50 }
purple = "{{colors.secondary.default.hex}}"
# ============================================================================
# Text System
# ============================================================================
[colors.text]
default = "{{colors.on_surface.default.hex}}"
muted = "{{colors.on_surface_variant.default.hex}}"
danger = "{{colors.error.default.hex}}"
success = "{{colors.tertiary.default.hex}}"
placeholder = { name = "{{colors.on_surface_variant.default.hex}}", opacity = 0.6 }
[colors.text.selection]
background = "{{colors.primary.default.hex}}"
foreground = "{{colors.on_primary.default.hex}}"
[colors.text.links]
default = "{{colors.primary.default.hex}}"
visited = { name = "{{colors.tertiary.default.hex}}", darker = 20 }
# ============================================================================
# Input Fields
# ============================================================================
[colors.input]
border = "{{colors.outline.default.hex}}"
border_focus = "{{colors.primary.default.hex}}"
border_error = "{{colors.error.default.hex}}"
# ============================================================================
# Buttons
# ============================================================================
[colors.button.primary]
background = "{{colors.surface_container_high.default.hex}}"
foreground = "{{colors.on_surface.default.hex}}"
[colors.button.primary.hover]
background = "{{colors.surface_container_highest.default.hex}}"
[colors.button.primary.focus]
outline = "{{colors.primary.default.hex}}"
# ============================================================================
# Lists
# ============================================================================
[colors.list.item.hover]
background = { name = "{{colors.primary_container.default.hex}}", opacity = 0.25 }
foreground = "{{colors.on_surface.default.hex}}"
[colors.list.item.selection]
background = { name = "{{colors.primary_container.default.hex}}", opacity = 0.50 }
foreground = "{{colors.on_primary_container.default.hex}}"
secondary_background = "{{colors.primary_container.default.hex}}"
secondary_foreground = "{{colors.on_primary_container.default.hex}}"
# ============================================================================
# Grid Items
# ============================================================================
[colors.grid.item]
background = "{{colors.surface_container.default.hex}}"
[colors.grid.item.hover]
outline = { name = "{{colors.secondary.default.hex}}", opacity = 0.8 }
[colors.grid.item.selection]
outline = { name = "{{colors.primary.default.hex}}" }
# ============================================================================
# Scrollbars
# ============================================================================
[colors.scrollbars]
background = { name = "{{colors.primary.default.hex}}", opacity = 0.2 }
# ============================================================================
# Loading States
# ============================================================================
[colors.loading]
bar = "{{colors.primary.default.hex}}"
spinner = "{{colors.primary.default.hex}}"

10
home/.config/mpd/mpd.conf
View file

@ -1,10 +0,0 @@
music_directory "~/Music"
playlist_directory "~/.config/mpd/playlists"
db_file "~/.config/mpd/database"
restore_paused "yes"
state_file "~/.local/state/mpd"
audio_output {
type "pipewire"
name "pipewire"
}

312
home/.config/niri/config.kdl
View file

@ -1,312 +0,0 @@
include "dms/alttab.kdl"
include "dms/binds.kdl"
include "dms/colors.kdl"
include "dms/layout.kdl"
include "dms/wpblur.kdl"
input {
keyboard {
xkb {
layout "fr,us(colemak_dh),us"
options "grp:win_space_toggle"
}
}
touchpad {
tap
natural-scroll
}
// Make the mouse warp to the center of newly focused windows.
// warp-mouse-to-focus
// Focus windows and outputs automatically when moving the mouse into them.
// Setting max-scroll-amount="0%" makes it work only on windows already fully on screen.
focus-follows-mouse max-scroll-amount="0%"
}
workspace "browser" {
}
output "eDP-1" {
mode "1920x1080@60.049"
scale 1
position x=360 y=1440
}
output "HDMI-A-1" {
mode "3840x2160@60.000"
scale 1.5
position x=0 y=0
}
layout {
gaps 8
center-focused-column "never"
// You can customize the widths that "switch-preset-column-width" (Mod+R) toggles between.
preset-column-widths {
// Proportion sets the width as a fraction of the output width, taking gaps into account.
// For example, you can perfectly fit four windows sized "proportion 0.25" on an output.
// The default preset widths are 1/3, 1/2 and 2/3 of the output.
proportion 0.33333
proportion 0.5
proportion 0.66667
// Fixed sets the width in logical pixels exactly.
// fixed 1920
}
// You can also customize the heights that "switch-preset-window-height" (Mod+Shift+R) toggles between.
// preset-window-heights { }
// You can change the default width of the new windows.
default-column-width { proportion 0.5; }
// If you leave the brackets empty, the windows themselves will decide their initial width.
}
prefer-no-csd
cursor {
hide-when-typing
}
window-rule {
match app-id=r#"^firefox$"#
open-maximized true
open-on-workspace "browser"
focus-ring {
off
}
}
window-rule {
match app-id=r#"^thunderbird$"#
open-maximized true
focus-ring {
off
}
}
// Open the Firefox picture-in-picture player as floating by default.
window-rule {
// This app-id regular expression will work for both:
// - host Firefox (app-id is "firefox")
// - Flatpak Firefox (app-id is "org.mozilla.firefox")
match app-id=r#"firefox$"# title="^Picture-in-Picture$"
open-floating true
}
binds {
// Keys consist of modifiers separated by + signs, followed by an XKB key name
// in the end. To find an XKB name for a particular key, you may use a program
// like wev.
//
// "Mod" is a special modifier equal to Super when running on a TTY, and to Alt
// when running as a winit window.
//
// Most actions that you can bind here can also be invoked programmatically with
// `niri msg action do-something`.
// Show a list of important hotkeys.
Mod+Shift+Comma { show-hotkey-overlay; }
// Suggested binds for running programs: terminal, app launcher, screen locker.
Mod+Return { spawn "ghostty" "+new-window"; }
// Mod+D { spawn "dms" "ipc" "call" "spotlight" "toggle"; }
Mod+D { spawn "vicinae" "toggle"; }
Super+Alt+L hotkey-overlay-title="Lock session" { spawn "loginctl" "lock-session"; }
XF86AudioPlay { spawn "playerctl" "play-pause"; }
XF86AudioNext { spawn "playerctl" "next"; }
XF86AudioPrev { spawn "playerctl" "previous"; }
XF86Search { spawn "tofi-drun" "--drun-launch=true"; }
Mod+W { close-window; }
Mod+Left { focus-column-left; }
Mod+Down { focus-window-down; }
Mod+Up { focus-window-up; }
Mod+Right { focus-column-right; }
Mod+H { focus-column-left; }
Mod+J { focus-window-down; }
Mod+K { focus-window-up; }
Mod+L { focus-column-right; }
Mod+Ctrl+Left { move-column-left; }
Mod+Ctrl+Down { move-window-down; }
Mod+Ctrl+Up { move-window-up; }
Mod+Ctrl+Right { move-column-right; }
Mod+Ctrl+H { move-column-left; }
Mod+Ctrl+J { move-window-down; }
Mod+Ctrl+K { move-window-up; }
Mod+Ctrl+L { move-column-right; }
// Alternative commands that move across workspaces when reaching
// the first or last window in a column.
// Mod+J { focus-window-or-workspace-down; }
// Mod+K { focus-window-or-workspace-up; }
// Mod+Ctrl+J { move-window-down-or-to-workspace-down; }
// Mod+Ctrl+K { move-window-up-or-to-workspace-up; }
Mod+Home { focus-column-first; }
Mod+End { focus-column-last; }
Mod+Ctrl+Home { move-column-to-first; }
Mod+Ctrl+End { move-column-to-last; }
Mod+Shift+Left { focus-monitor-left; }
Mod+Shift+Down { focus-monitor-down; }
Mod+Shift+Up { focus-monitor-up; }
Mod+Shift+Right { focus-monitor-right; }
Mod+Shift+H { focus-monitor-left; }
Mod+Shift+J { focus-monitor-down; }
Mod+Shift+K { focus-monitor-up; }
Mod+Shift+L { focus-monitor-right; }
Mod+Shift+Ctrl+Left { move-column-to-monitor-left; }
Mod+Shift+Ctrl+Down { move-column-to-monitor-down; }
Mod+Shift+Ctrl+Up { move-column-to-monitor-up; }
Mod+Shift+Ctrl+Right { move-column-to-monitor-right; }
Mod+Shift+Ctrl+H { move-column-to-monitor-left; }
Mod+Shift+Ctrl+J { move-column-to-monitor-down; }
Mod+Shift+Ctrl+K { move-column-to-monitor-up; }
Mod+Shift+Ctrl+L { move-column-to-monitor-right; }
// Alternatively, there are commands to move just a single window:
// Mod+Shift+Ctrl+Left { move-window-to-monitor-left; }
// ...
// And you can also move a whole workspace to another monitor:
// Mod+Shift+Ctrl+Left { move-workspace-to-monitor-left; }
// ...
Mod+Page_Down { focus-workspace-down; }
Mod+Page_Up { focus-workspace-up; }
Mod+U { focus-workspace-down; }
Mod+I { focus-workspace-up; }
Mod+Ctrl+Page_Down { move-column-to-workspace-down; }
Mod+Ctrl+Page_Up { move-column-to-workspace-up; }
Mod+Ctrl+U { move-column-to-workspace-down; }
Mod+Ctrl+I { move-column-to-workspace-up; }
// Alternatively, there are commands to move just a single window:
// Mod+Ctrl+Page_Down { move-window-to-workspace-down; }
// ...
Mod+Shift+Page_Down { move-workspace-down; }
Mod+Shift+Page_Up { move-workspace-up; }
Mod+Shift+U { move-workspace-down; }
Mod+Shift+I { move-workspace-up; }
// You can bind mouse wheel scroll ticks using the following syntax.
// These binds will change direction based on the natural-scroll setting.
//
// To avoid scrolling through workspaces really fast, you can use
// the cooldown-ms property. The bind will be rate-limited to this value.
// You can set a cooldown on any bind, but it's most useful for the wheel.
Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; }
Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; }
Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; }
Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; }
Mod+WheelScrollRight { focus-column-right; }
Mod+WheelScrollLeft { focus-column-left; }
Mod+Ctrl+WheelScrollRight { move-column-right; }
Mod+Ctrl+WheelScrollLeft { move-column-left; }
// Usually scrolling up and down with Shift in applications results in
// horizontal scrolling; these binds replicate that.
Mod+Shift+WheelScrollDown { focus-column-right; }
Mod+Shift+WheelScrollUp { focus-column-left; }
Mod+Ctrl+Shift+WheelScrollDown { move-column-right; }
Mod+Ctrl+Shift+WheelScrollUp { move-column-left; }
// You can refer to workspaces by index. However, keep in mind that
// niri is a dynamic workspace system, so these commands are kind of
// "best effort". Trying to refer to a workspace index bigger than
// the current workspace count will instead refer to the bottommost
// (empty) workspace.
//
// For example, with 2 workspaces + 1 empty, indices 3, 4, 5 and so on
// will all refer to the 3rd workspace.
Mod+ampersand { focus-workspace 1; }
Mod+2 { focus-workspace 2; }
Mod+quotedbl { focus-workspace 3; }
Mod+apostrophe { focus-workspace 4; }
Mod+parenleft { focus-workspace 5; }
Mod+minus { focus-workspace 6; }
Mod+7 { focus-workspace 7; }
Mod+underscore { focus-workspace 8; }
Mod+9 { focus-workspace 9; }
Mod+Ctrl+1 { move-column-to-workspace 1; }
Mod+Ctrl+2 { move-column-to-workspace 2; }
Mod+Ctrl+3 { move-column-to-workspace 3; }
Mod+Ctrl+4 { move-column-to-workspace 4; }
Mod+Ctrl+5 { move-column-to-workspace 5; }
Mod+Ctrl+6 { move-column-to-workspace 6; }
Mod+Ctrl+7 { move-column-to-workspace 7; }
Mod+Ctrl+8 { move-column-to-workspace 8; }
Mod+Ctrl+9 { move-column-to-workspace 9; }
// Switches focus between the current and the previous workspace.
Mod+Tab { focus-workspace-previous; }
// The following binds move the focused window in and out of a column.
// If the window is alone, they will consume it into the nearby column to the side.
// If the window is already in a column, they will expel it out.
Mod+BracketLeft { consume-or-expel-window-left; }
Mod+BracketRight { consume-or-expel-window-right; }
// Consume one window from the right to the bottom of the focused column.
Mod+Comma { consume-window-into-column; }
// Expel the bottom window from the focused column to the right.
Mod+Semicolon { expel-window-from-column; }
Mod+R { switch-preset-column-width; }
Mod+Shift+R { switch-preset-window-height; }
Mod+Ctrl+R { reset-window-height; }
Mod+F { maximize-column; }
Mod+Shift+F { fullscreen-window; }
Mod+C { center-column; }
Mod+Escape { toggle-overview; }
// Finer height adjustments when in column with other windows.
Mod+Shift+Minus { set-window-height "-10%"; }
Mod+Shift+Equal { set-window-height "+10%"; }
// Move the focused window between the floating and the tiling layout.
Mod+V { toggle-window-floating; }
Mod+Shift+V { switch-focus-between-floating-and-tiling; }
Print { screenshot; }
Ctrl+Print { screenshot-screen; }
Alt+Print { screenshot-window; }
// The quit action will show a confirmation dialog to avoid accidental exits.
Mod+Shift+E { quit; }
Ctrl+Alt+Delete { quit; }
// Powers off the monitors. To turn them back on, do any input like
// moving the mouse or pressing any other key.
Mod+Shift+P { power-off-monitors; }
Mod+N hotkey-overlay-title="Open notes" {
spawn-sh "ghostty -e hx --working-dir ~/notes ~/notes/notes.dj:9999";
}
}
screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png"
spawn-at-startup "kdeconnect-indicator"
spawn-at-startup "~/rep/flocon/home/bin/monitor-dark-mode.sh"
spawn-at-startup "xwayland-satellite"
environment {
DISPLAY ":0"
}
hotkey-overlay {
skip-at-startup
}

5
home/.config/niri/dms/alttab.kdl
View file

@ -1,5 +0,0 @@
recent-windows {
highlight {
corner-radius 12
}
}

55
home/.config/niri/dms/binds.kdl
View file

@ -1,55 +0,0 @@
binds {
Mod+Shift+D hotkey-overlay-title="Application Launcher" {
spawn "dms" "ipc" "call" "spotlight" "toggle";
}
Mod+V hotkey-overlay-title="Clipboard Manager" {
spawn "dms" "ipc" "call" "clipboard" "toggle";
}
Mod+M hotkey-overlay-title="Task Manager" {
spawn "dms" "ipc" "call" "processlist" "toggle";
}
Mod+Comma hotkey-overlay-title="Settings" {
spawn "dms" "ipc" "call" "settings" "toggle";
}
Mod+N hotkey-overlay-title="Notification Center" {
spawn "dms" "ipc" "call" "notifications" "toggle";
}
Mod+Shift+N hotkey-overlay-title="Notepad" {
spawn "dms" "ipc" "call" "notepad" "toggle";
}
Mod+Alt+L hotkey-overlay-title="Lock Screen" {
spawn "dms" "ipc" "call" "lock" "lock";
}
Ctrl+Alt+Delete hotkey-overlay-title="Task Manager" {
spawn "dms" "ipc" "call" "processlist" "toggle";
}
// Audio
XF86AudioRaiseVolume allow-when-locked=true {
spawn "dms" "ipc" "call" "audio" "increment" "3";
}
XF86AudioLowerVolume allow-when-locked=true {
spawn "dms" "ipc" "call" "audio" "decrement" "3";
}
XF86AudioMute allow-when-locked=true {
spawn "dms" "ipc" "call" "audio" "mute";
}
XF86AudioMicMute allow-when-locked=true {
spawn "dms" "ipc" "call" "audio" "micmute";
}
// BL
XF86MonBrightnessUp allow-when-locked=true {
spawn "dms" "ipc" "call" "brightness" "increment" "5" "";
}
XF86MonBrightnessDown allow-when-locked=true {
spawn "dms" "ipc" "call" "brightness" "decrement" "5" "";
}
}

36
home/.config/niri/dms/colors.kdl
View file

@ -1,36 +0,0 @@
layout {
background-color "transparent"
focus-ring {
active-color "#5c5891"
inactive-color "#787680"
urgent-color "#ba1a1a"
}
border {
active-color "#5c5891"
inactive-color "#787680"
urgent-color "#ba1a1a"
}
shadow {
color "#00000070"
}
tab-indicator {
active-color "#5c5891"
inactive-color "#787680"
urgent-color "#ba1a1a"
}
insert-hint {
color "#5c589180"
}
}
recent-windows {
highlight {
active-color "#444078"
urgent-color "#ba1a1a"
}
}

17
home/.config/niri/dms/layout.kdl
View file

@ -1,17 +0,0 @@
layout {
gaps 4
border {
width 2
}
focus-ring {
width 2
}
}
window-rule {
geometry-corner-radius 12
clip-to-geometry true
tiled-state true
draw-border-with-background false
}

4
home/.config/niri/dms/wpblur.kdl
View file

@ -1,4 +0,0 @@
layer-rule {
match namespace="dms:blurwallpaper"
place-within-backdrop true
}

9
home/.config/nushell/config.nu
View file

@ -1,9 +0,0 @@
alias ls = eza
alias ll = eza -l
alias lla = eza -la
alias h = hx
alias g = git
# Load starship prompt
mkdir ($nu.data-dir | path join "vendor/autoload")
starship init nu | save -f ($nu.data-dir | path join "vendor/autoload/starship.nu")

4
home/.config/senpai/senpai.scfg
View file

@ -1,4 +0,0 @@
address chat.sr.ht
nickname rpqt
username rpqt
password-cmd pass show oauth/sr.ht-senpai-irc

24
home/.config/sh/aliases.sh
View file

@ -1,24 +0,0 @@
alias dotfiles="/usr/bin/git --git-dir=$HOME/.dotfiles/ --work-tree=$HOME"
alias dots=dotfiles
if command -v helix >/dev/null; then
alias h='helix'
else
alias h='hx'
fi
if command -v eza >/dev/null; then
alias ls='eza'
else
alias ls='ls --color -h'
fi
alias lsa='ls -A'
alias ll='ls -l'
alias lla='ls -lA'
alias ..='cd ..'
alias ...='cd ../..'
alias bt='bluetoothctl'
alias go='GOPROXY=direct go'
alias ts='tree-sitter'
alias g='git'
alias c='cargo'
alias MAKE='make clean && make'
alias n='myrtle --notebook-dir=$HOME/notes'

4
home/.config/sh/path.sh
View file

@ -1,4 +0,0 @@
#!/bin/sh
# Personnal scripts
export PATH="$PATH:$HOME/bin"

23
home/.config/vicinae/vicinae.json
View file

@ -1,23 +0,0 @@
{
"closeOnFocusLoss": false,
"considerPreedit": false,
"faviconService": "twenty",
"font": {
"size": 12
},
"keybinding": "default",
"keybinds": {
},
"popToRootOnClose": true,
"rootSearch": {
"searchFiles": true
},
"theme": {
"name": "matugen"
},
"window": {
"csd": true,
"opacity": 1,
"rounding": 10
}
}

2
home/.config/zsh/haze.zsh
View file

@ -1,2 +0,0 @@
# Highlight the executable in green if it is found
source /usr/share/zsh/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.plugin.zsh

30
home/.config/zsh/hooks.sh
View file

@ -1,30 +0,0 @@
# Hook direnv if present
if command -v direnv >/dev/null; then
eval "$(direnv hook zsh)"
fi
# Prompt
if command -v starship >/dev/null; then
source <(starship init zsh)
fi
# Load opam config if present
if [ -r ~/.opam/opam-init/init.zsh ]; then
source ~/.opam/opam-init/init.zsh > /dev/null 2> /dev/null
fi
# Launch atuin if it is installed
if command -v atuin >/dev/null; then
eval "$(atuin init zsh)"
fi
# Set ls/tree/fd theme using vivid if it is installed
if command -v vivid >/dev/null; then
export LS_COLORS="$(vivid generate gruvbox-dark-hard)"
fi
# Init zoxide if present and alias cd to it
if command -v zoxide >/dev/null; then
eval "$(zoxide init zsh)"
alias cd=z
fi

1
home/.gitignore vendored
View file

@ -1 +0,0 @@
!/.config

11
home/.ssh/config
View file

@ -1,11 +0,0 @@
Host crocus
HostName crocus.val
User root
Host verbena
HostName verbena.val
User root
Host genepi
HostName genepi.val
User root

27
home/.zshrc
View file

@ -1,27 +0,0 @@
# Path
source ~/.config/sh/path.sh
# Aliases
source ~/.config/sh/aliases.sh
# Completion
autoload -Uz compinit
compinit
# sudo completion
zstyle ':completion::complete:*' gain-privileges 1
# Line movement with special keys
bindkey "^[[H" beginning-of-line
bindkey "^[[F" end-of-line
bindkey "^[[3~" delete-char
source ~/.config/zsh/hooks.sh
if [ -r ~/.profile ]; then
source ~/.profile
fi
# Load machine-specific config
if [ -r ~/.config/zsh/$HOST.zsh ]; then
source ~/.config/zsh/$HOST.zsh
fi

4
home/bin/monitor-dark-mode.sh
View file

@ -1,4 +0,0 @@
#!/usr/bin/env sh
gsettings monitor org.gnome.desktop.interface color-scheme \
| xargs -L1 "${HOME}/rep/flocon/home/bin/switch-helix-theme.sh"

15
home/bin/switch-helix-theme.sh
View file

@ -1,15 +0,0 @@
#!/usr/bin/env bash
set -euox pipefail
HELIX_CONFIG_PATH=$(readlink -f "${HOME}/.config/helix/config.toml")
HELIX_THEME_LIGHT="zed_onelight"
HELIX_THEME_DARK="kanagawa"
if [[ "$2" == "prefer-dark" ]]; then
sed -i "s/^theme .*/theme = \"$HELIX_THEME_DARK\"/" "$HELIX_CONFIG_PATH"
else
sed -i "s/^theme .*/theme = \"$HELIX_THEME_LIGHT\"/" "$HELIX_CONFIG_PATH"
fi
pkill -USR1 hx || true

11
home-manager/chat.nix → home/chat.nix
View file

@ -1,14 +1,5 @@
{ config, pkgs, ... }:
{ {
self,
config,
pkgs,
...
}:
{
imports = [
self.homeManagerModules.dotfiles
];
home.packages = with pkgs; [ senpai ]; home.packages = with pkgs; [ senpai ];
xdg.configFile."senpai".source = "${config.dotfiles.path}/.config/senpai"; xdg.configFile."senpai".source = "${config.dotfiles.path}/.config/senpai";

48
home/cli.nix Normal file
View file

@ -0,0 +1,48 @@
{ config, pkgs, ... }:
{
home.packages = with pkgs; [
bottom
btop
difftastic
doggo
duf
eza
fd
glow
lazygit
nh
ripgrep
skim
taskwarrior3
tealdeer
vivid
zoxide
];
programs.zoxide.enable = true;
programs.starship.enable = true;
programs.atuin.enable = true;
programs.bat.enable = true;
programs.zsh = {
enable = true;
syntaxHighlighting.enable = true;
shellAliases = {
ls = "eza";
lsa = "ls -A";
ll = "ls -lh";
lla = "ls -lAh";
h = "hx";
g = "git";
cd = "z";
tree = "eza --tree";
".." = "cd ..";
"..." = "cd ../..";
};
};
xdg.configFile."git".source = "${config.dotfiles.path}/.config/git";
xdg.configFile."task/taskrc".source = "${config.dotfiles.path}/.config/task/taskrc";
home.sessionPath = [ "${config.dotfiles.path}/bin" ];
}

0
home-manager/common.nix → home/common.nix
View file

12
home-manager/desktop/default.nix → home/desktop/default.nix
View file

@ -3,13 +3,13 @@
imports = [ imports = [
./fonts.nix ./fonts.nix
./pass.nix ./pass.nix
./terminal.nix
./wayland.nix ./wayland.nix
]; ];
home.packages = with pkgs; [ home.packages = with pkgs; [
discord discord
seahorse seahorse
wofi-emoji
]; ];
home.pointerCursor = { home.pointerCursor = {
@ -20,14 +20,4 @@
}; };
gtk.enable = true; gtk.enable = true;
gtk.iconTheme = {
name = "WhiteSur";
package = pkgs.whitesur-icon-theme.override {
alternativeIcons = true;
boldPanelIcons = true;
};
};
qt.enable = true;
qt.platformTheme.name = "gtk";
} }

4
home-manager/desktop/fonts.nix → home/desktop/fonts.nix
View file

@ -6,8 +6,4 @@
]; ];
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;
fonts.fontconfig.defaultFonts = {
sansSerif = [ "Adwaita Sans" ];
monospace = [ "Adwaita Mono" ];
};
} }

7
home/desktop/gnome.nix Normal file
View file

@ -0,0 +1,7 @@
{ pkgs, ... }:
{
home.packages = with pkgs.gnomeExtensions; [
blur-my-shell
paperwm
];
}

5
home/desktop/niri.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, ... }:
{
xdg.configFile."i3bar-river".source = "${config.dotfiles.path}/.config/i3bar-river";
xdg.configFile."niri".source = "${config.dotfiles.path}/.config/niri";
}

2
home-manager/desktop/pass.nix → home/desktop/pass.nix
View file

@ -9,6 +9,6 @@
programs.gpg.enable = true; programs.gpg.enable = true;
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
pinentry.package = pkgs.pinentry-gnome3; pinentryPackage = pkgs.pinentry-gnome3;
}; };
} }

30
home/desktop/sway.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, pkgs, ... }:
{
home.packages = with pkgs; [
alacritty
ghostty
tofi
i3status-rust
mako
wlsunset
kanshi
grim
slurp
playerctl
swaybg
];
xdg.configFile = {
"sway".source = "${config.dotfiles.path}/.config/sway";
"swaylock".source = "${config.dotfiles.path}/.config/swaylock";
"swayidle".source = "${config.dotfiles.path}/.config/swayidle";
"kanshi".source = "${config.dotfiles.path}/.config/kanshi";
"i3status-rust".source = "${config.dotfiles.path}/.config/i3status-rust";
"tofi/config".source = "${config.dotfiles.path}/.config/tofi/config";
};
programs.alacritty.enable = true;
xdg.configFile."alacritty".source = "${config.dotfiles.path}/.config/alacritty";
xdg.configFile."ghostty/config".source = "${config.dotfiles.path}/.config/ghostty/config";
}

1
home-manager/desktop/wayland.nix → home/desktop/wayland.nix
View file

@ -1,6 +1,7 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
waypaper
wl-clipboard wl-clipboard
]; ];
} }

20
home/dev.nix Normal file
View file

@ -0,0 +1,20 @@
{ config, pkgs, ... }:
{
home.packages = with pkgs; [
devenv
direnv
hut
radicle-node
typescript-language-server
nil # Nix language server
nixfmt-rfc-style
];
programs.direnv = {
enable = true;
enableZshIntegration = true;
nix-direnv.enable = true;
};
xdg.configFile."hut/config".source = "${config.dotfiles.path}/.config/hut/config";
}

2
home-manager/dotfiles.nix → home/dotfiles.nix
View file

@ -5,7 +5,7 @@
path = lib.mkOption { path = lib.mkOption {
type = lib.types.path; type = lib.types.path;
apply = toString; apply = toString;
default = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/rep/flocon/home"; default = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/rep/dotfiles";
example = "${config.home.homeDirectory}/.dotfiles"; example = "${config.home.homeDirectory}/.dotfiles";
description = "Location of the dotfiles working copy"; description = "Location of the dotfiles working copy";
}; };

12
home/helix.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, pkgs, ... }:
{
home.packages = [ pkgs.helix ];
programs.helix = {
enable = true;
defaultEditor = true;
};
xdg.configFile."helix".source = "${config.dotfiles.path}/.config/helix";
}

44
home/mail/default.nix Normal file
View file

@ -0,0 +1,44 @@
{ config, ... }:
{
programs.thunderbird = {
enable = true;
profiles = {
main = {
isDefault = true;
};
};
};
accounts.email.accounts = {
"rpqt@rpqt.fr" = {
address = "rpqt@rpqt.fr";
realName = "Romain Paquet";
primary = true;
flavor = "migadu.com";
thunderbird.enable = true;
};
"admin@rpqt.fr" = {
address = "admin@rpqt.fr";
aliases = [ "postmaster@rpqt.fr" ];
realName = "Postmaster";
flavor = "migadu.com";
thunderbird.enable = config.programs.thunderbird.enable;
};
"romain.paquet@grenoble-inp.org" = {
address = "romain.paquet@grenoble-inp.org";
realName = "Romain Paquet";
userName = "romain.paquet@grenoble-inp.org";
imap = {
host = "imap.partage.renater.fr";
port = 993;
};
smtp = {
host = "smtp.partage.renater.fr";
port = 465;
};
thunderbird.enable = config.programs.thunderbird.enable;
};
};
}

0
home-manager/minecraft.nix → home/minecraft.nix
View file

38
infra/.terraform.lock.hcl generated
View file

@ -1,16 +1,44 @@
# This file is maintained automatically by "tofu init". # This file is maintained automatically by "tofu init".
# Manual edits may be lost in future updates. # Manual edits may be lost in future updates.
provider "registry.opentofu.org/hashicorp/external" { provider "registry.opentofu.org/go-gandi/gandi" {
version = "2.3.5" version = "2.3.0"
constraints = "2.3.0"
hashes = [ hashes = [
"h1:en/2hMK/W/2hKtsEkbxGiiYwi/pSPS/UoGDILHIHjmw=", "h1:9kqWL+eFk/ogrQSltL9zVqjMcOqbvs3EgIJEeyNPb8U=",
"zh:0936d011cf75bb5162c6027d00575a586807adc9008f4152def157b6ad22bae9",
"zh:2170e671f04d3346ea416fcc404be6d05f637eab7df77e289a6898a928885f0b",
"zh:250329baae3cb09cfb88dd004d45f003ba76fbe7b8daf9d18fd640b93a2b7252",
"zh:2ccd9f253424738ca5fbbcb2127bf3713c20e87bfb3829f8c4565569424fd0bd",
"zh:3607b48bc4691cd209528f9ffe16a6cc666bd284b0d0bdfe8c4e1d538559a408",
"zh:3bc1d2b770fe0f50027da59c405b2468d1322243235367014f75f765124f458d",
"zh:6c8a9092847ee2e2890825432b54424c456638d494e49b7d1845f055214714f5",
"zh:8e0b62a330876005d52bcd65d7b1d9a679a7ac79c626e0f86661519e8f9b5698",
"zh:8f44f4d52583ff249e2001ea2a8b8841010489dd43e1a01a9ec3a6813d121c28",
"zh:9a617927d4a3a2897ff10999a19a6d1f0ef634b8c6b8fc3be12cf53948cfd9cf",
"zh:cab3c82c54e38e6001eed5b80a2d16b7824921f8f8b3909049e174c48e6e8804",
"zh:f78cc685aa4ba5056ea53a7f8ce585f87a911f0a8a387a44a33d7dfb69db7663",
] ]
} }
provider "registry.opentofu.org/hetznercloud/hcloud" { provider "registry.opentofu.org/hetznercloud/hcloud" {
version = "1.58.0" version = "1.49.1"
constraints = "~> 1.45"
hashes = [ hashes = [
"h1:6C2LNEvCyGPyWgALDAFTNbRp+5Iuikd4Ju1Xejh+aeg=", "h1:FKGRNHVbcfQJd8EWrb8Ze5QHkaGr8zI+ZKxBMjvOwPk=",
"zh:3d5f9773da4f8203cf625d04a5a0e4ff7e202684c010a801a945756140c61cde",
"zh:446305d492017cda91e5c15122ec16ff15bfe3ef4d3fd6bcea0cdf7742ab1b86",
"zh:44d4f9156ed8b4f0444bd4dc456825940be49048828565964a192286d28c9f20",
"zh:492ad893d2f89bb17c9beb877c8ceb4a16caf39db1a79030fefeada6c7aa217f",
"zh:68dc552c19ad9d209ec6018445df6e06fb77a637513a53cc66ddce1b024082be",
"zh:7492495ffda6f6c49ab38b539bd2eb965b1150a63fb6b191a27dec07d17601cb",
"zh:850fe92005981ea00db86c3e49ba5b49732fdf1f7bd5530a68f6e272847059fc",
"zh:8cb67f744c233acfb1d68a6c27686315439d944edf733b95f113b4aa63d86713",
"zh:8e13dac46e8c2497772ed1baee701b1d1c26bcc95a63b5c4566c83468f504868",
"zh:c44249c6a8ba931e208a334792686b5355ab2da465cadea03c1ea8e73c02db12",
"zh:d103125a28a85c89aea0cb0c534fe3f504416c4d4fc75c37364b9ec5f66dd77d",
"zh:ed8f64e826aa9bfca95b72892271678cb78411b40d7b404a52404141e05a4ab1",
"zh:f40efad816de00b279bd1e2cbf62c76b0e5b2da150a0764f259984b318e30945",
"zh:f5e912d0873bf4ecc43feba4ceccdf158048080c76d557e47f34749139fdd452",
] ]
} }

5
infra/README.md
View file

@ -19,8 +19,3 @@ tofu import hcloud_firewall.hcloud_firewall YYY
``` ```
For Hetzner Cloud, the resource IDs can be found in the URL of the admin console. For Hetzner Cloud, the resource IDs can be found in the URL of the admin console.
## Outputs
The nix configuration reads some values from the `outputs.json` file.
When modifying these, the file should be regenerated with `tofu output -json > outputs.json`.

24
infra/base.nix
View file

@ -1,24 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
terraform.required_providers.hcloud.source = "hetznercloud/hcloud";
data.external.hcloud-token = {
program = [
(lib.getExe (
pkgs.writeShellApplication {
name = "get-clan-secret";
text = ''
jq -n --arg secret "$(clan secrets get hcloud-token)" '{"secret":$secret}'
'';
}
))
];
};
provider.hcloud.token = config.data.external.hcloud-token "result.secret";
}

52
infra/crocus.tf Normal file
View file

@ -0,0 +1,52 @@
resource "hcloud_server" "crocus_server" {
name = "crocus"
server_type = "cx22"
image = "ubuntu-20.04"
firewall_ids = [hcloud_firewall.crocus_firewall.id]
}
resource "hcloud_firewall" "crocus_firewall" {
name = "crocus-firewall"
rule {
direction = "in"
protocol = "icmp"
source_ips = ["0.0.0.0/0", "::/0"]
}
rule {
direction = "in"
protocol = "tcp"
port = "22"
source_ips = ["0.0.0.0/0", "::/0"]
}
rule {
direction = "in"
protocol = "tcp"
port = "22"
source_ips = ["0.0.0.0/0", "::/0"]
}
rule {
direction = "in"
protocol = "tcp"
port = "80"
source_ips = ["0.0.0.0/0", "::/0"]
}
rule {
direction = "in"
protocol = "tcp"
port = "443"
source_ips = ["0.0.0.0/0", "::/0"]
}
# radicle-node
rule {
direction = "in"
protocol = "tcp"
port = "8776"
source_ips = ["0.0.0.0/0", "::/0"]
}
}

20
infra/dns.nix
View file

@ -1,20 +0,0 @@
{ config, ... }:
{
resource.hcloud_zone.rpqt_fr = {
name = "rpqt.fr";
mode = "primary";
};
resource.hcloud_zone.turifer_dev = {
name = "turifer.dev";
mode = "primary";
};
output.rpqt_fr_zone_name = {
value = config.resource.hcloud_zone.rpqt_fr "name";
};
output.turifer_dev_zone_name = {
value = config.resource.hcloud_zone.turifer_dev "name";
};
}

23
infra/dns.tf Normal file
View file

@ -0,0 +1,23 @@
data "gandi_livedns_domain" "rpqt_fr" {
name = "rpqt.fr"
}
resource "gandi_livedns_record" "rpqt_fr_radicle_a" {
zone = data.gandi_livedns_domain.rpqt_fr.id
name = "radicle"
type = "A"
ttl = 10800
values = [
hcloud_server.crocus_server.ipv4_address,
]
}
resource "gandi_livedns_record" "rpqt_fr_radicle_aaaa" {
zone = data.gandi_livedns_domain.rpqt_fr.id
name = "radicle"
type = "AAAA"
ttl = 10800
values = [
hcloud_server.crocus_server.ipv6_address,
]
}

40
infra/flake-module.nix
View file

@ -1,40 +0,0 @@
{ self, ... }:
{
perSystem =
{ pkgs, ... }:
{
terranix.terranixConfigurations.infra = {
terraformWrapper.package = pkgs.opentofu.withPlugins (p: [
p.hashicorp_external
p.hetznercloud_hcloud
]);
extraArgs = { inherit (self) infra; };
modules = [
./base.nix
./dns.nix
./mail.nix
./radicle.nix
./web.nix
];
};
};
flake.infra =
let
tf_outputs = builtins.fromJSON (builtins.readFile ./outputs.json);
in
{
machines = {
verbena = {
ipv4 = tf_outputs.verbena_ipv4.value;
ipv6 = tf_outputs.verbena_ipv6.value;
gateway6 = tf_outputs.verbena_gateway6.value;
};
crocus = {
ipv4 = tf_outputs.crocus_ipv4.value;
ipv6 = "2a01:4f8:1c1e:e415::1";
};
};
};
}

88
infra/lib.nix
View file

@ -1,88 +0,0 @@
{ lib, ... }:
let
mkMigaduDkim = zone: name: {
inherit zone;
name = "${name}._domainkey";
type = "CNAME";
records = [
{ value = "${name}.${zone}._domainkey.migadu.com."; }
];
};
in
{
mkMigadu_hcloud_zone_rrset = zone: hostedEmailVerify: {
dkim_1 = mkMigaduDkim zone "key1";
dkim_2 = mkMigaduDkim zone "key2";
dkim_3 = mkMigaduDkim zone "key3";
spf = {
inherit zone;
name = "@";
type = "TXT";
records = [
{
value = lib.tf.ref ''provider::hcloud::txt_record("v=spf1 include:spf.migadu.com -all")'';
}
{
value = lib.tf.ref ''provider::hcloud::txt_record("hosted-email-verify=pgeaq3bp")'';
}
];
};
dmarc = {
inherit zone;
name = "_dmarc";
type = "TXT";
records = [
{
value = lib.tf.ref ''provider::hcloud::txt_record("v=DMARC1; p=quarantine;")'';
}
];
};
mx = {
inherit zone;
name = "@";
type = "MX";
records = [
{ value = "10 aspmx1.migadu.com."; }
{ value = "20 aspmx2.migadu.com."; }
];
};
autoconfig = {
inherit zone;
name = "autoconfig";
type = "CNAME";
records = [ { value = "autoconfig.migadu.com."; } ];
};
autodiscover = {
inherit zone;
name = "_autodiscover._tcp";
type = "SRV";
records = [ { value = "0 1 443 autodiscover.migadu.com."; } ];
};
submissions = {
inherit zone;
name = "_submissions._tcp";
type = "SRV";
records = [ { value = "0 1 465 smtp.migadu.com."; } ];
};
imaps = {
inherit zone;
name = "_imaps._tcp";
type = "SRV";
records = [ { value = "0 1 993 imap.migadu.com."; } ];
};
pop3s = {
inherit zone;
name = "_pop3s._tcp";
type = "SRV";
records = [ { value = "0 1 995 pop.migadu.com."; } ];
};
};
}

15
infra/mail.nix
View file

@ -1,15 +0,0 @@
{ config, lib, ... }:
let
inherit (import ./lib.nix { inherit lib; })
mkMigadu_hcloud_zone_rrset
;
rpqt_fr = mkMigadu_hcloud_zone_rrset (config.resource.hcloud_zone.rpqt_fr "name") "pgeaq3bp";
# Prefix resource names with zone name to avoid collision
turifer_dev = lib.mapAttrs' (name: value: lib.nameValuePair "turifer_dev_${name}" value) (
mkMigadu_hcloud_zone_rrset (config.resource.hcloud_zone.turifer_dev "name") "k5z4lcfc"
);
in
{
resource.hcloud_zone_rrset = rpqt_fr // turifer_dev;
}

12
infra/main.tf Normal file
View file

@ -0,0 +1,12 @@
terraform {
required_providers {
gandi = {
source = "go-gandi/gandi"
version = "2.3.0"
}
hcloud = {
source = "hetznercloud/hcloud"
version = "~> 1.45"
}
}
}

22
infra/outputs.json
View file

@ -1,22 +0,0 @@
{
"crocus_ipv4": {
"sensitive": false,
"type": "string",
"value": "116.203.18.122"
},
"verbena_gateway6": {
"sensitive": false,
"type": "string",
"value": "2001:41d0:305:2100::1"
},
"verbena_ipv4": {
"sensitive": false,
"type": "string",
"value": "51.68.122.153"
},
"verbena_ipv6": {
"sensitive": false,
"type": "string",
"value": "2001:41d0:305:2100::271e"
}
}

7
infra/providers.tf Normal file
View file

@ -0,0 +1,7 @@
provider "gandi" {
personal_access_token = var.gandi_token
}
provider "hcloud" {
token = var.hcloud_token
}

52
infra/radicle.nix
View file

@ -1,52 +0,0 @@
{
config,
infra,
lib,
...
}:
{
resource.hcloud_zone_rrset =
let
zone = config.resource.hcloud_zone.rpqt_fr "name";
in
{
radicle_a = {
inherit zone;
name = "radicle";
type = "A";
records = [ { value = infra.machines.crocus.ipv4; } ];
};
radicle_aaaa = {
inherit zone;
name = "radicle";
type = "AAAA";
records = [ { value = infra.machines.crocus.ipv6; } ];
};
radicles_srv = {
inherit zone;
name = "seed._radicle-node._tcp";
type = "SRV";
records = [ { value = "32767 32767 58776 radicle.rpqt.fr."; } ];
};
radicles_nid = {
inherit zone;
name = "seed._radicle-node._tcp";
type = "TXT";
records = [
{
value = lib.tf.ref ''provider::hcloud::txt_record("nid=z6MkuivFHDPg6Bd25v4bEWm7T7qLUYMWk1eVTE7exvum5Rvd")'';
}
];
};
radicle_ptr = {
inherit zone;
name = "_radicle-node._tcp";
type = "PTR";
records = [ { value = "seed._radicle-node._tcp.radicle.rpqt.fr."; } ];
};
};
}

7
infra/variables.tf Normal file
View file

@ -0,0 +1,7 @@
variable "gandi_token" {
sensitive = true
}
variable "hcloud_token" {
sensitive = true
}

82
infra/web.nix
View file

@ -1,82 +0,0 @@
{ config, infra, ... }:
{
resource.hcloud_zone_rrset =
let
sourcehut_pages = {
ipv4 = "46.23.81.157";
ipv6 = "2a03:6000:1813:1337::157";
};
zone = config.resource.hcloud_zone.rpqt_fr "name";
in
{
a = {
inherit zone;
name = "@";
type = "A";
records = [ { value = sourcehut_pages.ipv4; } ];
};
aaaa = {
inherit zone;
name = "@";
type = "AAAA";
records = [ { value = sourcehut_pages.ipv6; } ];
};
cloud_a = {
inherit zone;
name = "cloud";
type = "A";
records = [ { value = infra.machines.verbena.ipv4; } ];
};
cloud_aaaa = {
inherit zone;
name = "cloud";
type = "AAAA";
records = [ { value = infra.machines.verbena.ipv6; } ];
};
git_turifer_dev_a = {
zone = config.resource.hcloud_zone.turifer_dev "name";
name = "git";
type = "A";
records = [ { value = infra.machines.verbena.ipv4; } ];
};
git_turifer_dev_aaaa = {
zone = config.resource.hcloud_zone.turifer_dev "name";
name = "git";
type = "AAAA";
records = [ { value = infra.machines.verbena.ipv6; } ];
};
buildbot_turifer_dev_a = {
zone = config.resource.hcloud_zone.turifer_dev "name";
name = "buildbot";
type = "A";
records = [ { value = infra.machines.verbena.ipv4; } ];
};
buildbot_turifer_dev_aaaa = {
zone = config.resource.hcloud_zone.turifer_dev "name";
name = "buildbot";
type = "AAAA";
records = [ { value = infra.machines.verbena.ipv6; } ];
};
wg1_turifer_dev_a = {
zone = config.resource.hcloud_zone.turifer_dev "name";
name = "wg1";
type = "A";
records = [ { value = infra.machines.verbena.ipv4; } ];
};
wg1_turifer_dev_aaaa = {
zone = config.resource.hcloud_zone.turifer_dev "name";
name = "wg1";
type = "AAAA";
records = [ { value = infra.machines.verbena.ipv6; } ];
};
};
}

18
inventory.json
View file

@ -1,18 +0,0 @@
{
"machines": {
"verbena": {
"installedAt": 1757633120
},
"crocus": {
"installedAt": 1757633120
},
"haze": {
"installedAt": 1757633120,
"description": "Romain's laptop"
},
"genepi": {
"installedAt": 1757633120,
"description": "Raspberry Pi 4B"
}
}
}

1
machines/README.md
View file

@ -3,4 +3,3 @@
- **crocus**: Hetzner Cloud x86_64 VPS - **crocus**: Hetzner Cloud x86_64 VPS
- **genepi**: Raspberry Pi 4B - **genepi**: Raspberry Pi 4B
- **haze**: ASUS VivoBook Laptop - **haze**: ASUS VivoBook Laptop
- **verbena**: OVH Cloud x86_64 VPS

66
machines/crocus/configuration.nix
View file

@ -1,23 +1,23 @@
{ {
self, inputs,
modulesPath,
config,
... ...
}: }:
{ {
imports = [ imports = [
self.nixosModules.radicle (modulesPath + "/profiles/qemu-guest.nix")
self.nixosModules.nix-defaults # ./radicle.nix
../../system
inputs.clan-core.clanModules.state-version
../../modules/remote-builder.nix ../../modules/remote-builder.nix
self.inputs.srvos.nixosModules.server ../../modules/borgbackup.nix
self.inputs.srvos.nixosModules.hardware-hetzner-cloud
];
disabledModules = [
self.inputs.srvos.nixosModules.mixins-cloud-init
]; ];
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
networking.hostName = "crocus"; networking.hostName = "crocus";
clan.core.networking.targetHost = "root@crocus.local";
networking.useDHCP = false; networking.useDHCP = false;
systemd.network.enable = true; systemd.network.enable = true;
@ -32,34 +32,38 @@
]; ];
}; };
fileSystems."/data1" = { services.avahi.enable = true;
device = "/dev/disk/by-id/scsi-0HC_Volume_103766469";
};
services.garage.settings.data_dir = [ disko.devices.disk.main.device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_48353082";
{
path = "/var/lib/garage/data";
capacity = "20G";
}
{
path = "/data1/garage";
capacity = "20G";
}
];
clan.core.settings.state-version.enable = true;
clan.core.networking.buildHost = "root@haze";
services.avahi.allowInterfaces = [
"zts7mq7onf"
];
boot.loader.grub = { boot.loader.grub = {
efiSupport = true; efiSupport = true;
efiInstallAsRemovable = true; efiInstallAsRemovable = true;
}; };
services.prometheus = {
enable = true;
port = 9001;
exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" ];
port = 9002;
};
};
scrapeConfigs = [
{
job_name = "crocus";
static_configs = [
{
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ];
}
];
}
];
};
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
@ -75,6 +79,4 @@
acceptTerms = true; acceptTerms = true;
defaults.email = "admin@rpqt.fr"; defaults.email = "admin@rpqt.fr";
}; };
services.tailscale.useRoutingFeatures = "server";
} }

Some files were not shown because too many files have changed in this diff Show more