nextcloud: add calendar and contacts apps

haze: use lanzaboote
alacritty: auto switch dark/light theme
2026-01-31 14:43:31 +01:00 · 2026-01-31 14:43:31 +01:00 · 2026-01-31 14:43:31 +01:00 · 2026-01-31 14:31:38 +01:00 · 2026-01-31 14:31:27 +01:00 · 2026-01-31 14:31:15 +01:00
21 changed files with 411 additions and 65 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -10,11 +10,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1768230255,
+        "lastModified": 1769313163,
-        "narHash": "sha256-d98+nRSV2X86LcJUDZDAR9wvmmGG1uMzY5/zJdKH9pU=",
+        "narHash": "sha256-pjYF+adGJBkMLgKFAhnMEMR0818OsCaZAZREYs/baPQ=",
        "owner": "nix-community",
        "repo": "buildbot-nix",
-        "rev": "6c62d4e0e82b607638b00d6f4f4ad06646342826",
+        "rev": "6c0fbf1425279800fd8f02796fdb567599587b7b",
        "type": "github"
      },
      "original": {
@@ -40,11 +40,11 @@
        "treefmt-nix": "treefmt-nix_2"
      },
      "locked": {
-        "lastModified": 1768662392,
+        "lastModified": 1769817905,
-        "narHash": "sha256-tE6k6yaQDF1n4YkTC4aH+BgKNQM36bYdhslP0udgMyY=",
+        "narHash": "sha256-/Ktjya8b3TfYeskDPY+67/BXyOwz0EpZnIW4QY9Qd94=",
        "ref": "refs/heads/main",
-        "rev": "1f2f93239ef3638d4b7a2187d021b8d8fe6507b8",
+        "rev": "49c69a0dd6750bbce8ebc698879e3cb48f32ae6b",
-        "revCount": 12169,
+        "revCount": 12606,
        "type": "git",
        "url": "https://git.clan.lol/clan/clan-core"
      },
@@ -53,6 +53,21 @@
        "url": "https://git.clan.lol/clan/clan-core"
      }
    },
    "crane": {
      "locked": {
        "lastModified": 1765145449,
        "narHash": "sha256-aBVHGWWRzSpfL++LubA0CwOOQ64WNLegrYHwsVuVN7A=",
        "owner": "ipetkov",
        "repo": "crane",
        "rev": "69f538cdce5955fcd47abfed4395dc6d5194c1c5",
        "type": "github"
      },
      "original": {
        "owner": "ipetkov",
        "repo": "crane",
        "type": "github"
      }
    },
    "data-mesher": {
      "inputs": {
        "flake-parts": [
@@ -69,11 +84,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768383623,
+        "lastModified": 1769701076,
-        "narHash": "sha256-X1jD5UvgYW50wWxdxJn9b8hiOvpSoLcO3ZC1AZx7+gQ=",
+        "narHash": "sha256-ZquoXeXZ8fwMQ54UVgcGRKjzdK0deRHzm0a2jVbw4uw=",
-        "rev": "82c2fbf84ea0162d95b4958f02499e68c9a843a6",
+        "rev": "21655e76e84749d5ce3c9b3aaf9d86ba4016ba08",
        "type": "tarball",
-        "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/82c2fbf84ea0162d95b4958f02499e68c9a843a6.tar.gz"
+        "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/21655e76e84749d5ce3c9b3aaf9d86ba4016ba08.tar.gz"
      },
      "original": {
        "type": "tarball",
@@ -91,11 +106,11 @@
        "treefmt-nix": "treefmt-nix_3"
      },
      "locked": {
-        "lastModified": 1768657403,
+        "lastModified": 1768707867,
-        "narHash": "sha256-YkbdCu2ZInQj72rQQLgVP2x1m8il8+DtwzypBiYrrfE=",
+        "narHash": "sha256-bNHBR07JIJUMjDGqd3/KwhPsI7e43JkAoeczO2cQ8h8=",
        "owner": "Mic92",
        "repo": "direnv-instant",
-        "rev": "ab8c70c557f610e20008eb407d17cfd78b44ea1c",
+        "rev": "522eeea04ab1bc360464e51477963b0c3e18284a",
        "type": "github"
      },
      "original": {
@@ -112,11 +127,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1766150702,
+        "lastModified": 1769524058,
-        "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",
+        "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",
+        "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
        "type": "github"
      },
      "original": {
@@ -132,11 +147,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1766150702,
+        "lastModified": 1769524058,
-        "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",
+        "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",
+        "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
        "type": "github"
      },
      "original": {
@@ -145,6 +160,22 @@
        "type": "github"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
        "lastModified": 1761588595,
        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
@@ -153,11 +184,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1767609335,
+        "lastModified": 1768135262,
-        "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=",
+        "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "250481aafeb741edfe23d29195671c19b36b6dca",
+        "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
        "type": "github"
      },
      "original": {
@@ -186,6 +217,28 @@
        "type": "github"
      }
    },
    "gitignore": {
      "inputs": {
        "nixpkgs": [
          "lanzaboote",
          "pre-commit",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1709087332,
        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "type": "github"
      }
    },
    "hercules-ci-effects": {
      "inputs": {
        "flake-parts": [
@@ -198,11 +251,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1765774562,
+        "lastModified": 1768476106,
-        "narHash": "sha256-UQhfCggNGDc7eam+EittlYmeW89CZVT1KkFIHZWBH7k=",
+        "narHash": "sha256-V0YOJRum50gtKgwavsAfwXc9+XAsJCC7386YZx1sWGQ=",
        "owner": "hercules-ci",
        "repo": "hercules-ci-effects",
-        "rev": "edcbb19948b6caf1700434e369fde6ff9e6a3c93",
+        "rev": "c19e263e6e22ec7379d972f19e6a322f943c73fb",
        "type": "github"
      },
      "original": {
@@ -218,11 +271,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768598210,
+        "lastModified": 1769813945,
-        "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=",
+        "narHash": "sha256-9ABv9Lo9t6MrFjlnRnU8Zw1C6LVj2+R8PipQ/rxGLHk=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6",
+        "rev": "475921375def3eb930e1f8883f619ff8609accb6",
        "type": "github"
      },
      "original": {
@@ -231,6 +284,30 @@
        "type": "github"
      }
    },
    "lanzaboote": {
      "inputs": {
        "crane": "crane",
        "nixpkgs": [
          "nixpkgs"
        ],
        "pre-commit": "pre-commit",
        "rust-overlay": "rust-overlay"
      },
      "locked": {
        "lastModified": 1765382359,
        "narHash": "sha256-RJmgVDzjRI18BWVogG6wpsl1UCuV6ui8qr4DJ1LfWZ8=",
        "owner": "nix-community",
        "repo": "lanzaboote",
        "rev": "e8c096ade12ec9130ff931b0f0e25d2f1bc63607",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "v1.0.0",
        "repo": "lanzaboote",
        "type": "github"
      }
    },
    "nix-darwin": {
      "inputs": {
        "nixpkgs": [
@@ -239,11 +316,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768561867,
+        "lastModified": 1768764703,
-        "narHash": "sha256-prGOZ+w3pZfGTRxworKcJliCNsewF0L4HUPjgU/6eaw=",
+        "narHash": "sha256-5ulSDyOG1U+1sJhkJHYsUOWEsmtLl97O0NTVMvgIVyc=",
        "owner": "nix-darwin",
        "repo": "nix-darwin",
-        "rev": "8b720b9662d4dd19048664b7e4216ce530591adc",
+        "rev": "0fc4e7ac670a0ed874abacf73c4b072a6a58064b",
        "type": "github"
      },
      "original": {
@@ -286,11 +363,11 @@
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1764234087,
+        "lastModified": 1769813415,
-        "narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=",
+        "narHash": "sha256-nnVmNNKBi1YiBNPhKclNYDORoHkuKipoz7EtVnXO50A=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "032a1878682fafe829edfcf5fdfad635a2efe748",
+        "rev": "8946737ff703382fda7623b9fab071d037e897d5",
        "type": "github"
      },
      "original": {
@@ -301,11 +378,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1768584846,
+        "lastModified": 1769302137,
-        "narHash": "sha256-IRPmIOV2tPwxbhP/I9M5AmwhTC0lMPtoPStC+8T6xl0=",
+        "narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "cce68f4a54fa4e3d633358364477f5cc1d782440",
+        "rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8",
        "type": "github"
      },
      "original": {
@@ -333,11 +410,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1768564909,
+        "lastModified": 1769461804,
-        "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
+        "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
+        "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
        "type": "github"
      },
      "original": {
@@ -347,6 +424,29 @@
        "type": "github"
      }
    },
    "pre-commit": {
      "inputs": {
        "flake-compat": "flake-compat",
        "gitignore": "gitignore",
        "nixpkgs": [
          "lanzaboote",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1765016596,
        "narHash": "sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
        "rev": "548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c",
        "type": "github"
      },
      "original": {
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "buildbot-nix": "buildbot-nix",
@@ -355,6 +455,7 @@
        "disko": "disko_2",
        "flake-parts": "flake-parts_2",
        "home-manager": "home-manager",
        "lanzaboote": "lanzaboote",
        "nixos-generators": "nixos-generators",
        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs_2",
@@ -362,6 +463,27 @@
        "terranix": "terranix"
      }
    },
    "rust-overlay": {
      "inputs": {
        "nixpkgs": [
          "lanzaboote",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1765075567,
        "narHash": "sha256-KFDCdQcHJ0hE3Nt5Gm5enRIhmtEifAjpxgUQ3mzSJpA=",
        "owner": "oxalica",
        "repo": "rust-overlay",
        "rev": "769156779b41e8787a46ca3d7d76443aaf68be6f",
        "type": "github"
      },
      "original": {
        "owner": "oxalica",
        "repo": "rust-overlay",
        "type": "github"
      }
    },
    "sops-nix": {
      "inputs": {
        "nixpkgs": [
@@ -370,11 +492,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768481291,
+        "lastModified": 1769469829,
-        "narHash": "sha256-NjKtkJraCZEnLHAJxLTI+BfdU//9coAz9p5TqveZwPU=",
+        "narHash": "sha256-wFcr32ZqspCxk4+FvIxIL0AZktRs6DuF8oOsLt59YBU=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "e085e303dfcce21adcb5fec535d65aacb066f101",
+        "rev": "c5eebd4eb2e3372fe12a8d70a248a6ee9dd02eff",
        "type": "github"
      },
      "original": {
@@ -390,11 +512,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768523683,
+        "lastModified": 1769681123,
-        "narHash": "sha256-UbkyPXPPAbz0gHIWvHZ+jrPTruZqkpuwTFo5JXPnIgU=",
+        "narHash": "sha256-i29n0IDa5nR8O9w7QsajWNy/dfgfnGF7/nJY+/OdjEY=",
        "owner": "nix-community",
        "repo": "srvos",
-        "rev": "90e9331fd79d4c3bb5c1e7cd2df2e560565fe543",
+        "rev": "861710611463c47190345f09f6959c9230def555",
        "type": "github"
      },
      "original": {
@@ -465,11 +587,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768031762,
+        "lastModified": 1768158989,
-        "narHash": "sha256-b2gJDJfi+TbA7Hu2sKip+1mWqya0GJaWrrXQjpbOVTU=",
+        "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "0c445aa21b01fd1d4bb58927f7b268568af87b20",
+        "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca",
        "type": "github"
      },
      "original": {
@@ -486,11 +608,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768158989,
+        "lastModified": 1769691507,
-        "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=",
+        "narHash": "sha256-8aAYwyVzSSwIhP2glDhw/G0i5+wOrren3v6WmxkVonM=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca",
+        "rev": "28b19c5844cc6e2257801d43f2772a4b4c050a1b",
        "type": "github"
      },
      "original": {
@@ -507,11 +629,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768031762,
+        "lastModified": 1768158989,
-        "narHash": "sha256-b2gJDJfi+TbA7Hu2sKip+1mWqya0GJaWrrXQjpbOVTU=",
+        "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "0c445aa21b01fd1d4bb58927f7b268568af87b20",
+        "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -60,5 +60,8 @@
    terranix.url = "github:terranix/terranix";
    terranix.inputs.nixpkgs.follows = "nixpkgs";
    terranix.inputs.flake-parts.follows = "flake-parts";
    lanzaboote.url = "github:nix-community/lanzaboote/v1.0.0";
    lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
  };
 }
--- a/home-manager/desktop/terminal.nix
+++ b/home-manager/desktop/terminal.nix
@@ -15,8 +15,7 @@
  ];
  programs.alacritty.enable = true;
-  xdg.configFile."alacritty/alacritty.toml".source =
+  xdg.configFile."alacritty".source = "${config.dotfiles.path}/.config/alacritty";
    "${config.dotfiles.path}/.config/alacritty/alacritty.toml";
  xdg.configFile."ghostty/config".source = "${config.dotfiles.path}/.config/ghostty/config";
 }
--- a/home-manager/dev.nix
+++ b/home-manager/dev.nix
@@ -25,7 +25,7 @@
    radicle-tui
    typescript-language-server
    nil # Nix language server
-    nixfmt-rfc-style
+    nixfmt
    nixpkgs-review
  ];
--- a/home/.config/alacritty/alacritty.toml
+++ b/home/.config/alacritty/alacritty.toml
@@ -1,6 +1,6 @@
 [general]
-live_config_reload = false
+live_config_reload = true
-import = ["~/.config/alacritty/themes/kanagawa_wave.toml"]
+import = ["~/.config/alacritty/themes/default_light.toml"]
 [font]
 size = 14
--- a/home/.config/alacritty/themes/default_light.toml
+++ b/home/.config/alacritty/themes/default_light.toml
@@ -0,0 +1,33 @@
 # Colors (Builtin Light)
 [colors.bright]
 black = '#555555'
 blue = '#5555ff'
 cyan = '#22cccc'
 green = '#2fd92f'
 magenta = '#ff55ff'
 red = '#ff5555'
 white = '#ffffff'
 yellow = '#bfbf15'
 [colors.cursor]
 cursor = '#000000'
 text = '#ffffff'
 [colors.normal]
 black = '#000000'
 blue = '#0000bb'
 cyan = '#00bbbb'
 green = '#00bb00'
 magenta = '#bb00bb'
 red = '#bb0000'
 white = '#bbbbbb'
 yellow = '#bbbb00'
 [colors.primary]
 background = '#ffffff'
 foreground = '#000000'
 [colors.selection]
 background = '#b5d5ff'
 text = '#000000'
--- a/home/bin/switch-helix-theme.sh
+++ b/home/bin/switch-helix-theme.sh
@@ -6,10 +6,24 @@ HELIX_CONFIG_PATH=$(readlink -f "${HOME}/.config/helix/config.toml")
 HELIX_THEME_LIGHT="zed_onelight"
 HELIX_THEME_DARK="kanagawa"
 ALACRITTY_CONFIG_PATH=$(readlink -f "${HOME}/.config/alacritty/alacritty.toml")
 ALACRITTY_THEME_LIGHT="default_light"
 ALACRITTY_THEME_DARK="kanagawa_wave"
 set_helix_theme() {
  sed -i "s/^theme .*/theme = \"$1\"/" "$HELIX_CONFIG_PATH"
 }
 set_alacritty_theme() {
  sed -i "s/^import .*/import = \[\"\~\/\.config\/alacritty\/themes\/$1\.toml\"\]/" "$ALACRITTY_CONFIG_PATH"
 }
 if [[ "$2" == "prefer-dark" ]]; then
-  sed -i "s/^theme .*/theme = \"$HELIX_THEME_DARK\"/" "$HELIX_CONFIG_PATH"
+  set_helix_theme "$HELIX_THEME_DARK"
  sey_alacritty_theme "$HELIX_THEME_DARK"
 else
-  sed -i "s/^theme .*/theme = \"$HELIX_THEME_LIGHT\"/" "$HELIX_CONFIG_PATH"
+  set_helix_theme "$HELIX_THEME_LIGHT"
  set_alacritty_theme "$HELIX_THEME_LIGHT"
 fi
 pkill -USR1 hx || true
--- a/infra/lib.nix
+++ b/infra/lib.nix
@@ -24,7 +24,7 @@ in
          value = lib.tf.ref ''provider::hcloud::txt_record("v=spf1 include:spf.migadu.com -all")'';
        }
        {
-          value = lib.tf.ref ''provider::hcloud::txt_record("hosted-email-verify=pgeaq3bp")'';
+          value = lib.tf.ref ''provider::hcloud::txt_record("hosted-email-verify=${hostedEmailVerify}")'';
        }
      ];
    };
--- a/infra/web.nix
+++ b/infra/web.nix
@@ -51,6 +51,20 @@
        records = [ { value = infra.machines.verbena.ipv6; } ];
      };
      git_rpqt_fr_a = {
        zone = config.resource.hcloud_zone.rpqt_fr "name";
        name = "git";
        type = "A";
        records = [ { value = infra.machines.verbena.ipv4; } ];
      };
      git_rpqt_fr_aaaa = {
        zone = config.resource.hcloud_zone.rpqt_fr "name";
        name = "git";
        type = "AAAA";
        records = [ { value = infra.machines.verbena.ipv6; } ];
      };
      buildbot_turifer_dev_a = {
        zone = config.resource.hcloud_zone.turifer_dev "name";
        name = "buildbot";
--- a/machines/genepi/glance-config.nix
+++ b/machines/genepi/glance-config.nix
@@ -65,6 +65,11 @@
                  url = "https://git.turifer.dev";
                  icon = "sh:gitea";
                }
                {
                  title = "Forgejo";
                  url = "https://git.rpqt.fr";
                  icon = "sh:forgejo";
                }
                {
                  title = "Pinchflat";
                  url = "https://pinchflat.${tld}";
--- a/machines/haze/configuration.nix
+++ b/machines/haze/configuration.nix
@@ -18,6 +18,7 @@
    self.nixosModules.desktop
    self.nixosModules.dev
    self.nixosModules.lanzaboote
    self.nixosModules.nix-defaults
    self.inputs.home-manager.nixosModules.home-manager
--- a/machines/verbena/configuration.nix
+++ b/machines/verbena/configuration.nix
@@ -4,6 +4,7 @@
    self.nixosModules.nix-defaults
    self.nixosModules.nextcloud
    self.nixosModules.gitea
    self.nixosModules.forgejo
    self.nixosModules.vaultwarden
    self.inputs.srvos.nixosModules.server
--- a/modules/forgejo.nix
+++ b/modules/forgejo.nix
@@ -0,0 +1,75 @@
 { config, lib, ... }:
 let
  cfg = config.services.forgejo;
 in
 {
  services.forgejo = {
    enable = true;
    lfs.enable = true;
    settings = {
      # storage = {
      # };
      server = {
        ROOT_URL = "https://${cfg.settings.server.DOMAIN}";
        DOMAIN = "git.rpqt.fr";
        HTTP_PORT = 3001;
      };
      session.PROVIDER = "db";
      session.COOKIE_SECURE = true;
      service.DISABLE_REGISTRATION = true;
      # Create a repository by pushing to it
      repository.ENABLE_PUSH_CREATE_USER = true;
    };
  };
  systemd.services.forgejo.environment = {
    FORGEJO__storage__STORAGE_TYPE = "minio";
    FORGEJO__storage__MINIO_ENDPOINT = "localhost:3900";
    FORGEJO__storage__MINIO_BUCKET = "forgejo";
    FORGEJO__storage__MINIO_LOCATION = "garage";
    FORGEJO__storage__MINIO_USE_SSL = "false";
  };
  systemd.services.forgejo.serviceConfig = {
    LoadCredential = [
      "minio_access_key_id:${config.clan.core.vars.generators.forgejo-s3-storage.files.access-key-id.path}"
      "minio_secret_access_key:${config.clan.core.vars.generators.forgejo-s3-storage.files.access-key-secret.path}"
    ];
    Environment = [
      "FORGEJO__storage__MINIO_ACCESS_KEY_ID__FILE=%d/minio_access_key_id"
      "FORGEJO__storage__MINIO_SECRET_ACCESS_KEY__FILE=%d/minio_secret_access_key"
    ];
  };
  clan.core.vars.generators.forgejo-s3-storage = {
    prompts.access-key-id = {
      description = "s3 access key id";
      type = "line";
      persist = true;
    };
    prompts.access-key-secret = {
      description = "s3 access key secret";
      type = "hidden";
      persist = true;
    };
  };
  clan.core.state.forgejo.folders = [ config.services.forgejo.stateDir ];
  services.nginx.virtualHosts."git.rpqt.fr" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://localhost:${builtins.toString (cfg.settings.server.HTTP_PORT)}";
    };
  };
  security.acme.certs."git.rpqt.fr" = {
    email = "admin@rpqt.fr";
  };
 }
--- a/modules/lanzaboote.nix
+++ b/modules/lanzaboote.nix
@@ -0,0 +1,23 @@
 {
  self,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [
    self.inputs.lanzaboote.nixosModules.lanzaboote
  ];
  environment.systemPackages = [
    # For debugging and troubleshooting Secure Boot.
    pkgs.sbctl
  ];
  boot.loader.systemd-boot.enable = lib.mkForce false;
  boot.lanzaboote = {
    enable = true;
    pkiBundle = "/var/lib/sbctl";
  };
 }
--- a/modules/nextcloud.nix
+++ b/modules/nextcloud.nix
@@ -34,7 +34,7 @@ in
    };
    extraAppsEnable = true;
    extraApps = {
-      # inherit (pkgs.nextcloud32Packages.apps) tasks;
+      inherit (config.services.nextcloud.package.packages.apps) tasks contacts calendar;
    };
  };
--- a/vars/per-machine/verbena/forgejo-s3-storage/access-key-id/machines/verbena
+++ b/vars/per-machine/verbena/forgejo-s3-storage/access-key-id/machines/verbena
@@ -0,0 +1 @@
 ../../../../../../sops/machines/verbena
--- a/vars/per-machine/verbena/forgejo-s3-storage/access-key-id/secret
+++ b/vars/per-machine/verbena/forgejo-s3-storage/access-key-id/secret
@@ -0,0 +1,26 @@
 {
 	"data": "ENC[AES256_GCM,data:lILPrDhV479Rju4cNbtcEGU0KhOM7Xirbvk=,iv:LVMTgLoV53cRoa7xP0kvWWZyRC3zL8N00UfQQ/dPafY=,tag:q7PoGHYjI5Sa/3h7xZ0kZg==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTb3o4ejBZSUcvU1J4aDJ1\nMS8wVUFhaUZtSGlSZ3N6bUVSU1FxQ21DM0dnCjc4WDFmWWpra2lGMVBManpoSjVH\nSldZL3lBR2ZzSWd4VDZDUGtmSnpuRGsKLS0tIHVvcXVJUDZrekNxZFZtL0p0dUR0\nQ211dFpBQ0xEbWRNaisyVWU1TDZnbmMK3VhJbIlVy2jCbzEjSbR9PkN9oZNGjDfm\n7cSnYX8qLaHOJqAAj2isN7SeeYTpRE1IWiguXwKB9bhtij+1S6ymyA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBROWxkUGhUY3pVZk9EQVlO\ndnVKeUM0TThJeGZTOEV2MkVudCttQUVBdDI0CnZwWFBpYTVYR3l5L0RQb05HbTd2\nbndPaEpZWXFTOXl3VE5lWDFrV29mQ1EKLS0tIExMaVpVWXpORExxWWEyNDVia3RM\nMkxTQ0QzM21SeE9NUGlWeGJRMFE0SWcKRaL0GXuZ4/9NKeKFNmJIORpEsVOKBhR4\nzcnJGwY2QnteYkfHhUiZT7vBPIKC6xsCD2gtLAywjX1KUr+FZb4YaA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBeXZGMnBO\nZGRGRW02MXE1TXc0dEErejFQSURKSFo4SEUrQnJXZTdicE9hKwpCTUY1Q2hkT3BC\nV2xmWFR4Zjh5VWF5VzQ5azFkVEF2eS9Fcy9wVUVCYUs4Ci0tLSBLb3RSenEwcDUv\nTitHN3FpNDZHaDlpbWc2cDVkNzlxZCtXWkZGbUxLQnNFCoR/dPrE99WjUojR2Nl1\nC8ZHNnJE53jI1lQGvy5aSo3HmKt97dQwlYuJ0MvHu3CtL9DUenEAfe/OSL4PIb+p\nUZA=\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBM2tyQURp\ncGlwTlF1M1JTSXBVM1BlUXYrQ2d2dTRudUwwVDRUdXBubU5OdApmdG1sbS9UcnU0\nYjh0bGlGd2FSdU9pcmEyck9PWkUrUlBFRlR2SVBBLy9RCi0tLSBlL2hVeHRJL1lw\nN1ZVeGFOUGVtVmIwZzc4QzNCdUx1WGhTMGlkYjh6RDFNCqyR5iQ9aCIgCmi2mKDZ\nHPHlerB0TLlvU50w7WLUXzjPts+ZQVE3fMLHUrFi09D1zyKYrB0kDYDcSgcK9j7m\ncTY=\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
 		"lastmodified": "2026-01-23T12:31:31Z",
 		"mac": "ENC[AES256_GCM,data:9s8Kfn08MtBUg9D3MjAfYgEVJ+tsLI3K5DzZec+dl4EzDh3RuF12OI2GbWMgzpAHcEVBcBC0mpvY+ITSTPViNlCu/YBWRzpO9QQPBKRO7VwlwlKIhydjIK+t71QCDiMfWUVEHC5vmYiZeF0uwXSuD/+1WMUFsFYG1LUauN0dhVA=,iv:3mvjAuOQMypsTmzLvBl2H7Pb5CcwHdV9hvZAoWcVOQ0=,tag:hJoTCtWVtC9wBPOn8WDofw==,type:str]",
 		"version": "3.11.0"
 	}
 }
--- a/vars/per-machine/verbena/forgejo-s3-storage/access-key-id/users/rpqt
+++ b/vars/per-machine/verbena/forgejo-s3-storage/access-key-id/users/rpqt
@@ -0,0 +1 @@
 ../../../../../../sops/users/rpqt
--- a/vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/machines/verbena
+++ b/vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/machines/verbena
@@ -0,0 +1 @@
 ../../../../../../sops/machines/verbena
--- a/vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/secret
+++ b/vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/secret
@@ -0,0 +1,26 @@
 {
 	"data": "ENC[AES256_GCM,data:aEG/3fHh4cJ1hheU4P6PFKgm9n9HJblURiqvKms0fnx1cTJSd74qaNejWVlnThuxqPFgi4kv8LIi9WzmpEWy8Q==,iv:zrPF2WvbXPxzQxxZ9p+v/BR1YfNfS02PVi/+5pMzamA=,tag:n96sdJSnBoBWD0ibmAYweQ==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5WkxjWFZrdE1iVFIxN2xw\ncXlhNGp3cDRKaitqdWNMZTRuNDNHNHVjTEhjCm9wWUswVGlKL2ducjhmQzNzcXps\nbGRMZmk4dm9pdXR2MjdpK1FxOFFkZkUKLS0tIGsydS91UTlGWjlNbytRVWZaamRj\nSXJKVWxhTXV3MmlhcnNMb3d4Vm8vWEkKiEbNBhLLFzNNGmrvGZEedvnX3EjAhJCW\nvTIi3W89nHdOV8pHJK+aIaUT5EhBSTdyCAF/Ecl1MtG6kXjc4G7a3Q==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKRkNkTjVtazhoSGM1dlB3\nN29hYWMxWjNUdVpkVDZQTzh5T2w5enQyKzE0CnpwUzlKZ3pERVhZbmFkQlVhd20y\ndHl2WU9CUDhGVjh4NlVSQmxHUFE3UWcKLS0tIDh6RWtURUE1QW04Q3NENDgvVGE2\nYXdYaEgrVlp6NEZSbmNkM3pYZUNvVGMK2PqzSlhUQhUcsQxNUG0XqjGHjctVvXSR\ncGXZZypty4jd5sWgQKVb4tJ5qu/BlssQnT6YailJEW/8XrhjSuddvg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbFROMGpQ\nYmlpaC83ZDc0b0NCcHI2UVBvQVkvQVI2cmtRbHpEUDFXTTFiaApyeHZ5Sk9jWUho\nUCsveWZoK1FCVGkwZ2hWMTVTZDdwT1BOdG91TWMwRGJnCi0tLSBOV3l0L1BmY0RR\nRWVzYXgwME95ZHMyRWxqdk5odm1zczMzUCtkRU13eUNRCpUjzMJdcOPbmM8aIA5I\nhDET4gkaq9Nm/W2+UhuwR9NcFj2mpSCKAc2BJX6wLJ3vTqOXb3yl4L2PQT6db7bt\nQ/c=\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBNkJGOHpK\nUnRzTE8yV1hsYzZXK1N6V09yc2JaMHVvVnV5bEJaZ1hId2tPbApzWC9oS3NzMytW\najVocEZEMTBGblpWV1lNaGh4bnpGRzMybkM2WHNvelZnCi0tLSBESEhJSWtYdW9U\nMmFES1pGY0tJN3hTQlZqeTRoZ3VvQTRxNVFBdVVkVnprCu6aApFJvusV0eJqgBDU\niDDTdsOsY6L7XQHJtiITwsCz9a3jwvgu0+p3TIFAi5NU+RbGWMhlo9OZ+e2hTGGe\nPRY=\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
 		"lastmodified": "2026-01-23T12:31:31Z",
 		"mac": "ENC[AES256_GCM,data:849ki7N7EUxz8a7HnA6oljWx3WN5TbhyqOZSe8T7i931U4tZbzuchxjVQTVb7dGS0sIM5G3rPztP0mAvP9ata6HLPVqov4oTlPW9/+HfcPnlX9stC1uDfJ0AUYyQ6Q6Xavs615X0XE8N1ccGBXoyfOGFBQYcz5vz0aqH4OmbRLM=,iv:SZbVM6UntxRpE1SB7iepCdKUgNCJL+5q2wJA5u9n/4E=,tag:9FlUde54jxc1RKvKl1auBg==,type:str]",
 		"version": "3.11.0"
 	}
 }
--- a/vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/users/rpqt
+++ b/vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/users/rpqt
@@ -0,0 +1 @@
 ../../../../../../sops/users/rpqt
Author	SHA1	Message	Date
Romain Paquet	a0234b7b6f	nextcloud: add calendar and contacts apps	2026-01-31 14:43:31 +01:00
Romain Paquet	59458a3ba1	haze: use lanzaboote	2026-01-31 14:43:31 +01:00
Romain Paquet	5bd14cffe9	alacritty: auto switch dark/light theme	2026-01-31 14:43:31 +01:00
Romain Paquet	0747388105	nixfmt-rfc-style -> nixfmt	2026-01-31 14:31:38 +01:00
Romain Paquet	240cb89fb7	update flake inputs	2026-01-31 14:31:27 +01:00
Romain Paquet	fc81d4ffc9	add forgejo	2026-01-31 14:31:15 +01:00
Romain Paquet	d0c9fdb625	infra: fix migadu generator	2026-01-31 14:30:05 +01:00
Romain Paquet	fb136061cf	add lanzaboote	2026-01-31 14:28:44 +01:00
Romain Paquet	782ac7140d	Update vars via generator forgejo-s3-storage for machine verbena	2026-01-23 13:31:31 +01:00