update readme

nextcloud: add calendar and contacts apps
haze: use lanzaboote
2026-01-31 14:57:10 +01:00 · 2026-01-31 14:43:31 +01:00 · 2026-01-31 14:43:31 +01:00 · 2026-01-31 14:43:31 +01:00 · 2026-01-31 14:31:38 +01:00 · 2026-01-31 14:31:27 +01:00
41 changed files with 821 additions and 378 deletions
--- a/README.md
+++ b/README.md
@@ -1,15 +1,18 @@
-# NixOS & Home Manager config
+# Flocon
 This repository contains all my system configurations, mostly deployed using Nix and [Clan].
 ## Structure
- **home**: Dotfiles
+- **clan**: Clan configuration
 - **machines**: Host-specific configs
 - **infra**: Terraform/OpenTofu files
 - **vars**: Encrypted secrets managed by clan
 - **modules**: NixOS modules
 - **clanServices**: Custom [Clan Services](https://docs.clan.lol/reference/clanServices)
 - **home**: Dotfiles
 - **home-manager**: [Home Manager] modules
 - **infra**: [Terranix] files (for Terraform/OpenTofu)
 - **machines**: Per-host configurations
 - **modules**: [NixOS] modules
 - **packages**: Nix packages
 - **vars**: Encrypted secrets managed by clan
 ## Dotfiles
@@ -19,4 +22,7 @@ This repository contains all my system configurations, mostly deployed using Nix
 dotbot -c ./dotbot/windows.yaml -d home
 ```
-[Clan]: https//clan.lol
+[Clan]: https://clan.lol
 [Home Manager]: https://home-manager.dev
 [NixOS]: https://nixos.org
 [Terranix]: https://terranix.org
--- a/devShells/flake-module.nix
+++ b/devShells/flake-module.nix
@@ -11,7 +11,7 @@
          inputs'.clan-core.packages.clan-cli
          pkgs.garage
          pkgs.nil # Nix language server
-          pkgs.nixfmt-rfc-style
+          pkgs.nixfmt
          pkgs.opentofu
          pkgs.terraform-ls
          pkgs.deploy-rs
--- a/flake.lock
+++ b/flake.lock
@@ -10,11 +10,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1768230255,
+        "lastModified": 1769313163,
-        "narHash": "sha256-d98+nRSV2X86LcJUDZDAR9wvmmGG1uMzY5/zJdKH9pU=",
+        "narHash": "sha256-pjYF+adGJBkMLgKFAhnMEMR0818OsCaZAZREYs/baPQ=",
        "owner": "nix-community",
        "repo": "buildbot-nix",
-        "rev": "6c62d4e0e82b607638b00d6f4f4ad06646342826",
+        "rev": "6c0fbf1425279800fd8f02796fdb567599587b7b",
        "type": "github"
      },
      "original": {
@@ -40,11 +40,11 @@
        "treefmt-nix": "treefmt-nix_2"
      },
      "locked": {
-        "lastModified": 1768662392,
+        "lastModified": 1769817905,
-        "narHash": "sha256-tE6k6yaQDF1n4YkTC4aH+BgKNQM36bYdhslP0udgMyY=",
+        "narHash": "sha256-/Ktjya8b3TfYeskDPY+67/BXyOwz0EpZnIW4QY9Qd94=",
        "ref": "refs/heads/main",
-        "rev": "1f2f93239ef3638d4b7a2187d021b8d8fe6507b8",
+        "rev": "49c69a0dd6750bbce8ebc698879e3cb48f32ae6b",
-        "revCount": 12169,
+        "revCount": 12606,
        "type": "git",
        "url": "https://git.clan.lol/clan/clan-core"
      },
@@ -53,6 +53,21 @@
        "url": "https://git.clan.lol/clan/clan-core"
      }
    },
    "crane": {
      "locked": {
        "lastModified": 1765145449,
        "narHash": "sha256-aBVHGWWRzSpfL++LubA0CwOOQ64WNLegrYHwsVuVN7A=",
        "owner": "ipetkov",
        "repo": "crane",
        "rev": "69f538cdce5955fcd47abfed4395dc6d5194c1c5",
        "type": "github"
      },
      "original": {
        "owner": "ipetkov",
        "repo": "crane",
        "type": "github"
      }
    },
    "data-mesher": {
      "inputs": {
        "flake-parts": [
@@ -69,11 +84,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768383623,
+        "lastModified": 1769701076,
-        "narHash": "sha256-X1jD5UvgYW50wWxdxJn9b8hiOvpSoLcO3ZC1AZx7+gQ=",
+        "narHash": "sha256-ZquoXeXZ8fwMQ54UVgcGRKjzdK0deRHzm0a2jVbw4uw=",
-        "rev": "82c2fbf84ea0162d95b4958f02499e68c9a843a6",
+        "rev": "21655e76e84749d5ce3c9b3aaf9d86ba4016ba08",
        "type": "tarball",
-        "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/82c2fbf84ea0162d95b4958f02499e68c9a843a6.tar.gz"
+        "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/21655e76e84749d5ce3c9b3aaf9d86ba4016ba08.tar.gz"
      },
      "original": {
        "type": "tarball",
@@ -91,11 +106,11 @@
        "treefmt-nix": "treefmt-nix_3"
      },
      "locked": {
-        "lastModified": 1768657403,
+        "lastModified": 1768707867,
-        "narHash": "sha256-YkbdCu2ZInQj72rQQLgVP2x1m8il8+DtwzypBiYrrfE=",
+        "narHash": "sha256-bNHBR07JIJUMjDGqd3/KwhPsI7e43JkAoeczO2cQ8h8=",
        "owner": "Mic92",
        "repo": "direnv-instant",
-        "rev": "ab8c70c557f610e20008eb407d17cfd78b44ea1c",
+        "rev": "522eeea04ab1bc360464e51477963b0c3e18284a",
        "type": "github"
      },
      "original": {
@@ -112,11 +127,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1766150702,
+        "lastModified": 1769524058,
-        "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",
+        "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",
+        "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
        "type": "github"
      },
      "original": {
@@ -132,11 +147,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1766150702,
+        "lastModified": 1769524058,
-        "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",
+        "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",
+        "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
        "type": "github"
      },
      "original": {
@@ -145,6 +160,22 @@
        "type": "github"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
        "lastModified": 1761588595,
        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
@@ -153,11 +184,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1767609335,
+        "lastModified": 1768135262,
-        "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=",
+        "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "250481aafeb741edfe23d29195671c19b36b6dca",
+        "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
        "type": "github"
      },
      "original": {
@@ -186,6 +217,28 @@
        "type": "github"
      }
    },
    "gitignore": {
      "inputs": {
        "nixpkgs": [
          "lanzaboote",
          "pre-commit",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1709087332,
        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "type": "github"
      }
    },
    "hercules-ci-effects": {
      "inputs": {
        "flake-parts": [
@@ -198,11 +251,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1765774562,
+        "lastModified": 1768476106,
-        "narHash": "sha256-UQhfCggNGDc7eam+EittlYmeW89CZVT1KkFIHZWBH7k=",
+        "narHash": "sha256-V0YOJRum50gtKgwavsAfwXc9+XAsJCC7386YZx1sWGQ=",
        "owner": "hercules-ci",
        "repo": "hercules-ci-effects",
-        "rev": "edcbb19948b6caf1700434e369fde6ff9e6a3c93",
+        "rev": "c19e263e6e22ec7379d972f19e6a322f943c73fb",
        "type": "github"
      },
      "original": {
@@ -218,11 +271,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768598210,
+        "lastModified": 1769813945,
-        "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=",
+        "narHash": "sha256-9ABv9Lo9t6MrFjlnRnU8Zw1C6LVj2+R8PipQ/rxGLHk=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6",
+        "rev": "475921375def3eb930e1f8883f619ff8609accb6",
        "type": "github"
      },
      "original": {
@@ -231,6 +284,30 @@
        "type": "github"
      }
    },
    "lanzaboote": {
      "inputs": {
        "crane": "crane",
        "nixpkgs": [
          "nixpkgs"
        ],
        "pre-commit": "pre-commit",
        "rust-overlay": "rust-overlay"
      },
      "locked": {
        "lastModified": 1765382359,
        "narHash": "sha256-RJmgVDzjRI18BWVogG6wpsl1UCuV6ui8qr4DJ1LfWZ8=",
        "owner": "nix-community",
        "repo": "lanzaboote",
        "rev": "e8c096ade12ec9130ff931b0f0e25d2f1bc63607",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "v1.0.0",
        "repo": "lanzaboote",
        "type": "github"
      }
    },
    "nix-darwin": {
      "inputs": {
        "nixpkgs": [
@@ -239,11 +316,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768561867,
+        "lastModified": 1768764703,
-        "narHash": "sha256-prGOZ+w3pZfGTRxworKcJliCNsewF0L4HUPjgU/6eaw=",
+        "narHash": "sha256-5ulSDyOG1U+1sJhkJHYsUOWEsmtLl97O0NTVMvgIVyc=",
        "owner": "nix-darwin",
        "repo": "nix-darwin",
-        "rev": "8b720b9662d4dd19048664b7e4216ce530591adc",
+        "rev": "0fc4e7ac670a0ed874abacf73c4b072a6a58064b",
        "type": "github"
      },
      "original": {
@@ -286,11 +363,11 @@
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1764234087,
+        "lastModified": 1769813415,
-        "narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=",
+        "narHash": "sha256-nnVmNNKBi1YiBNPhKclNYDORoHkuKipoz7EtVnXO50A=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "032a1878682fafe829edfcf5fdfad635a2efe748",
+        "rev": "8946737ff703382fda7623b9fab071d037e897d5",
        "type": "github"
      },
      "original": {
@@ -301,11 +378,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1768584846,
+        "lastModified": 1769302137,
-        "narHash": "sha256-IRPmIOV2tPwxbhP/I9M5AmwhTC0lMPtoPStC+8T6xl0=",
+        "narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "cce68f4a54fa4e3d633358364477f5cc1d782440",
+        "rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8",
        "type": "github"
      },
      "original": {
@@ -333,11 +410,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1768564909,
+        "lastModified": 1769461804,
-        "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
+        "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
+        "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
        "type": "github"
      },
      "original": {
@@ -347,6 +424,29 @@
        "type": "github"
      }
    },
    "pre-commit": {
      "inputs": {
        "flake-compat": "flake-compat",
        "gitignore": "gitignore",
        "nixpkgs": [
          "lanzaboote",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1765016596,
        "narHash": "sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
        "rev": "548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c",
        "type": "github"
      },
      "original": {
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "buildbot-nix": "buildbot-nix",
@@ -355,10 +455,33 @@
        "disko": "disko_2",
        "flake-parts": "flake-parts_2",
        "home-manager": "home-manager",
        "lanzaboote": "lanzaboote",
        "nixos-generators": "nixos-generators",
        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs_2",
-        "srvos": "srvos"
+        "srvos": "srvos",
        "terranix": "terranix"
      }
    },
    "rust-overlay": {
      "inputs": {
        "nixpkgs": [
          "lanzaboote",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1765075567,
        "narHash": "sha256-KFDCdQcHJ0hE3Nt5Gm5enRIhmtEifAjpxgUQ3mzSJpA=",
        "owner": "oxalica",
        "repo": "rust-overlay",
        "rev": "769156779b41e8787a46ca3d7d76443aaf68be6f",
        "type": "github"
      },
      "original": {
        "owner": "oxalica",
        "repo": "rust-overlay",
        "type": "github"
      }
    },
    "sops-nix": {
@@ -369,11 +492,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768481291,
+        "lastModified": 1769469829,
-        "narHash": "sha256-NjKtkJraCZEnLHAJxLTI+BfdU//9coAz9p5TqveZwPU=",
+        "narHash": "sha256-wFcr32ZqspCxk4+FvIxIL0AZktRs6DuF8oOsLt59YBU=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "e085e303dfcce21adcb5fec535d65aacb066f101",
+        "rev": "c5eebd4eb2e3372fe12a8d70a248a6ee9dd02eff",
        "type": "github"
      },
      "original": {
@@ -389,11 +512,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768523683,
+        "lastModified": 1769681123,
-        "narHash": "sha256-UbkyPXPPAbz0gHIWvHZ+jrPTruZqkpuwTFo5JXPnIgU=",
+        "narHash": "sha256-i29n0IDa5nR8O9w7QsajWNy/dfgfnGF7/nJY+/OdjEY=",
        "owner": "nix-community",
        "repo": "srvos",
-        "rev": "90e9331fd79d4c3bb5c1e7cd2df2e560565fe543",
+        "rev": "861710611463c47190345f09f6959c9230def555",
        "type": "github"
      },
      "original": {
@@ -417,6 +540,45 @@
        "type": "github"
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "terranix": {
      "inputs": {
        "flake-parts": [
          "flake-parts"
        ],
        "nixpkgs": [
          "nixpkgs"
        ],
        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1762472226,
        "narHash": "sha256-iVS4sxVgGn+T74rGJjEJbzx+kjsuaP3wdQVXBNJ79A0=",
        "owner": "terranix",
        "repo": "terranix",
        "rev": "3b5947a48da5694094b301a3b1ef7b22ec8b19fc",
        "type": "github"
      },
      "original": {
        "owner": "terranix",
        "repo": "terranix",
        "type": "github"
      }
    },
    "treefmt-nix": {
      "inputs": {
        "nixpkgs": [
@@ -424,27 +586,6 @@
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1768031762,
        "narHash": "sha256-b2gJDJfi+TbA7Hu2sKip+1mWqya0GJaWrrXQjpbOVTU=",
        "owner": "numtide",
        "repo": "treefmt-nix",
        "rev": "0c445aa21b01fd1d4bb58927f7b268568af87b20",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "treefmt-nix",
        "type": "github"
      }
    },
    "treefmt-nix_2": {
      "inputs": {
        "nixpkgs": [
          "clan-core",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1768158989,
        "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=",
@@ -459,6 +600,27 @@
        "type": "github"
      }
    },
    "treefmt-nix_2": {
      "inputs": {
        "nixpkgs": [
          "clan-core",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1769691507,
        "narHash": "sha256-8aAYwyVzSSwIhP2glDhw/G0i5+wOrren3v6WmxkVonM=",
        "owner": "numtide",
        "repo": "treefmt-nix",
        "rev": "28b19c5844cc6e2257801d43f2772a4b4c050a1b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "treefmt-nix",
        "type": "github"
      }
    },
    "treefmt-nix_3": {
      "inputs": {
        "nixpkgs": [
@@ -467,11 +629,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768031762,
+        "lastModified": 1768158989,
-        "narHash": "sha256-b2gJDJfi+TbA7Hu2sKip+1mWqya0GJaWrrXQjpbOVTU=",
+        "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "0c445aa21b01fd1d4bb58927f7b268568af87b20",
+        "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -11,6 +11,7 @@
    flake-parts.lib.mkFlake { inherit inputs; } ({
      imports = [
        clan-core.flakeModules.default
        inputs.terranix.flakeModule
        ./clan/flake-module.nix
        ./clanServices/flake-module.nix
        ./devShells/flake-module.nix
@@ -55,5 +56,12 @@
    direnv-instant.url = "github:Mic92/direnv-instant";
    direnv-instant.inputs.nixpkgs.follows = "nixpkgs";
    direnv-instant.inputs.flake-parts.follows = "flake-parts";
    terranix.url = "github:terranix/terranix";
    terranix.inputs.nixpkgs.follows = "nixpkgs";
    terranix.inputs.flake-parts.follows = "flake-parts";
    lanzaboote.url = "github:nix-community/lanzaboote/v1.0.0";
    lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
  };
 }
--- a/home-manager/desktop/default.nix
+++ b/home-manager/desktop/default.nix
@@ -10,7 +10,6 @@
  home.packages = with pkgs; [
    discord
    seahorse
    wofi-emoji
  ];
  home.pointerCursor = {
--- a/home-manager/desktop/terminal.nix
+++ b/home-manager/desktop/terminal.nix
@@ -15,8 +15,7 @@
  ];
  programs.alacritty.enable = true;
-  xdg.configFile."alacritty/alacritty.toml".source =
+  xdg.configFile."alacritty".source = "${config.dotfiles.path}/.config/alacritty";
    "${config.dotfiles.path}/.config/alacritty/alacritty.toml";
  xdg.configFile."ghostty/config".source = "${config.dotfiles.path}/.config/ghostty/config";
 }
--- a/home-manager/dev.nix
+++ b/home-manager/dev.nix
@@ -25,7 +25,7 @@
    radicle-tui
    typescript-language-server
    nil # Nix language server
-    nixfmt-rfc-style
+    nixfmt
    nixpkgs-review
  ];
--- a/home/.config/alacritty/alacritty.toml
+++ b/home/.config/alacritty/alacritty.toml
@@ -1,6 +1,6 @@
 [general]
-live_config_reload = false
+live_config_reload = true
-import = ["~/.config/alacritty/themes/kanagawa_wave.toml"]
+import = ["~/.config/alacritty/themes/default_light.toml"]
 [font]
 size = 14
--- a/home/.config/alacritty/themes/default_light.toml
+++ b/home/.config/alacritty/themes/default_light.toml
@@ -0,0 +1,33 @@
 # Colors (Builtin Light)
 [colors.bright]
 black = '#555555'
 blue = '#5555ff'
 cyan = '#22cccc'
 green = '#2fd92f'
 magenta = '#ff55ff'
 red = '#ff5555'
 white = '#ffffff'
 yellow = '#bfbf15'
 [colors.cursor]
 cursor = '#000000'
 text = '#ffffff'
 [colors.normal]
 black = '#000000'
 blue = '#0000bb'
 cyan = '#00bbbb'
 green = '#00bb00'
 magenta = '#bb00bb'
 red = '#bb0000'
 white = '#bbbbbb'
 yellow = '#bbbb00'
 [colors.primary]
 background = '#ffffff'
 foreground = '#000000'
 [colors.selection]
 background = '#b5d5ff'
 text = '#000000'
--- a/home/.config/helix/languages.toml
+++ b/home/.config/helix/languages.toml
@@ -58,3 +58,7 @@ auto-format = true
 [[language]]
 name = "vento"
 indent = { tab-width = 2, unit = "\t" }
 [[language]]
 name = "ocaml"
 auto-format = true
--- a/home/bin/switch-helix-theme.sh
+++ b/home/bin/switch-helix-theme.sh
@@ -6,10 +6,24 @@ HELIX_CONFIG_PATH=$(readlink -f "${HOME}/.config/helix/config.toml")
 HELIX_THEME_LIGHT="zed_onelight"
 HELIX_THEME_DARK="kanagawa"
 ALACRITTY_CONFIG_PATH=$(readlink -f "${HOME}/.config/alacritty/alacritty.toml")
 ALACRITTY_THEME_LIGHT="default_light"
 ALACRITTY_THEME_DARK="kanagawa_wave"
 set_helix_theme() {
  sed -i "s/^theme .*/theme = \"$1\"/" "$HELIX_CONFIG_PATH"
 }
 set_alacritty_theme() {
  sed -i "s/^import .*/import = \[\"\~\/\.config\/alacritty\/themes\/$1\.toml\"\]/" "$ALACRITTY_CONFIG_PATH"
 }
 if [[ "$2" == "prefer-dark" ]]; then
-  sed -i "s/^theme .*/theme = \"$HELIX_THEME_DARK\"/" "$HELIX_CONFIG_PATH"
+  set_helix_theme "$HELIX_THEME_DARK"
  sey_alacritty_theme "$HELIX_THEME_DARK"
 else
-  sed -i "s/^theme .*/theme = \"$HELIX_THEME_LIGHT\"/" "$HELIX_CONFIG_PATH"
+  set_helix_theme "$HELIX_THEME_LIGHT"
  set_alacritty_theme "$HELIX_THEME_LIGHT"
 fi
 pkill -USR1 hx || true
--- a/infra/.terraform.lock.hcl
+++ b/infra/.terraform.lock.hcl
@@ -1,62 +1,16 @@
 # This file is maintained automatically by "tofu init".
 # Manual edits may be lost in future updates.
-provider "registry.opentofu.org/hashicorp/assert" {
+provider "registry.opentofu.org/hashicorp/external" {
-  version = "0.16.0"
+  version = "2.3.5"
  hashes = [
-    "h1:2jeV46S9jN2rk0GXOa+HGNlVvyWzaB3wz0T65elbjOc=",
+    "h1:en/2hMK/W/2hKtsEkbxGiiYwi/pSPS/UoGDILHIHjmw=",
    "zh:3c04d08d1bb4ae810b7972a219c8dd42a8ab901a9bc25197b250c38f3fa57033",
    "zh:46119bcc47b545809c0ee873a72d44f4f875cca4d7228605f5c7a8956a5e7d55",
    "zh:511949ee8a6ac8ff7296b4c9778deb2aec2783f5b85c4f27382a3b623fc50a4a",
    "zh:b4ebb8b832bae26443880d2e17493f754495db2d6c3f02c6d0070cbf5ae21598",
    "zh:bebed6c1873871eb824103f08e72055c077f01b10a40944760d19ffdd721d9ab",
    "zh:e412855fd2fd81e0a847e45308bdbac99995315c503fdddf262ee59e1b7c5263",
    "zh:ed47c4fe28c6f148f11fa4098516abea008c49fa670c3cedd2ff94596cac0831",
    "zh:edee914b1d12ac6db241a1fecaa5186c47f361f4ceb2deb23ad45d67bf95c7b1",
    "zh:eff5b2e1c2128217bdbc600eda4fe011831e5c655bf4acd84b6495fc20d128d3",
    "zh:ff64424784171a3361b1ea95d8cef334ec1c4a395812edd0a77a1ed6b4119b0f",
  ]
 }
 provider "registry.opentofu.org/hetznercloud/hcloud" {
-  version     = "1.57.0"
+  version = "1.58.0"
  constraints = "~> 1.45"
  hashes = [
-    "h1:Xk+Whn6wnhEJEeiO/mPII/mOL+buHLj05AKy4TbDz3U=",
+    "h1:6C2LNEvCyGPyWgALDAFTNbRp+5Iuikd4Ju1Xejh+aeg=",
    "zh:016ecc39328f34f6c0ffa413598f354824f7878c89cd031f123edb4bc8a687a2",
    "zh:10b362dc0847200c987214b129b5f85e2f7d8ad417261a1d2dd04ab74de15603",
    "zh:194647d9a61dca4f411f44580316b88a11095d7a99679d445f9b0f2c1ba976c4",
    "zh:1d8aafe2ce7890696385bb3a0c3286e7ee3020416d337f59935406e4c6f91de6",
    "zh:594585616210fb232fad4ebda2387ecd3f483931e00eff988fca83add6ce7cfc",
    "zh:65e50be33ffb85580546f119839e1293591cc6d4db729d809931d0408b6ae408",
    "zh:7d4ed5bd8c477ec304142e2160203a76a0d09c93d224950bda253172b2571038",
    "zh:90a70a70a266b78c8216903e711904e6969b3957d182602b5d788602ec9ef323",
    "zh:abb8e28e96fb8de270995873de980896b7cb53cfc550f02c50eaa42884624ba9",
    "zh:bbf34dca2de6e105ca7204222162a0402d8e9e9a28e1de5ffbaa2c0d6270a059",
    "zh:c1a9edb693d632dcb5c3c9ee84c97138e08eadb9354e28592efd581f68ac0385",
    "zh:dadbf1368fae314fe8dcb99ebefbc78409f3fc0e3808cd92ea573b8eee1cae98",
    "zh:e713e00ca27348abd18da2eeff861905e84050e3e7e008f14a0c63c70ab2ff84",
  ]
 }
 provider "registry.opentofu.org/ovh/ovh" {
  version     = "2.10.0"
  constraints = "> 2.5.0"
  hashes = [
    "h1:6CHM/tHZ7vAvQKtdqurs6ExO+46gpFooZ0zdaW74DKE=",
    "zh:1582485c59b5e25fa407417de3040dfc31bfec3f9b884d51953f6625b930d2f6",
    "zh:15b425716d5e05992cb1d68a49d58f0e9e0cbd7dbaa35ea9793404fa1ec45bed",
    "zh:1c1547ff469c2f772d478f67d148d08b38468d43c9517b723b622a085625d949",
    "zh:2491be291a8876da2dc1e71490428706cdca39002a1e89d10dd060474f59ce19",
    "zh:2d9c7589764f838f04d38a87a0e6c9db6b560b6c5b510b69eabf2d67caa38d2b",
    "zh:56c5b16a55dc4ac5f3eed69072e5ae74aafac2a4a8a84ba27fa06528320037cc",
    "zh:629d2c7f709fc01adabba1c8b98ec7485dfebcc4b9f72f4bd4d36509166eb42c",
    "zh:82f4b8b35a31a468d7a2a5aa4630f432ef64d9abfed8066afdaab0502886a72a",
    "zh:84c5e65122efaee5e34c266cd750576969bd788c2bdbb804a7ffc08728ac3987",
    "zh:85db08f3e1b27fda723b080bc5132069b6b7ba9699567cd44fb0a2207456a76c",
    "zh:a84c043c96a01230e570163706f58c33ee59699fcc857d3db0f6e0b2a6b08bc6",
    "zh:ad984516009930efc6ec465046287c6b293b6b219e3167aa4c0b900b903c6a50",
    "zh:bd0114d45ec72134cf930a7619b70b0068e439759febba5717abb76219b85800",
    "zh:f243a50dcf87687881972fcaba9226b4247588b6dc7368b0ef98168f643ee159",
  ]
 }
--- a/infra/base.nix
+++ b/infra/base.nix
@@ -0,0 +1,24 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  terraform.required_providers.hcloud.source = "hetznercloud/hcloud";
  data.external.hcloud-token = {
    program = [
      (lib.getExe (
        pkgs.writeShellApplication {
          name = "get-clan-secret";
          text = ''
            jq -n --arg secret "$(clan secrets get hcloud-token)" '{"secret":$secret}'
          '';
        }
      ))
    ];
  };
  provider.hcloud.token = config.data.external.hcloud-token "result.secret";
 }
--- a/infra/crocus.tf
+++ b/infra/crocus.tf
@@ -1,68 +0,0 @@
 resource "hcloud_server" "crocus_server" {
  name         = "crocus"
  server_type  = "cx22"
  datacenter   = "nbg1-dc3"
  image        = "ubuntu-20.04"
  firewall_ids = [hcloud_firewall.crocus_firewall.id]
  public_net {
    ipv4 = hcloud_primary_ip.crocus_ipv4.id
  }
 }
 resource "hcloud_primary_ip" "crocus_ipv4" {
  name          = "crocus_ipv4"
  type          = "ipv4"
  datacenter    = "nbg1-dc3"
  assignee_type = "server"
  auto_delete   = true
 }
 resource "hcloud_firewall" "crocus_firewall" {
  name = "crocus-firewall"
  rule {
    direction  = "in"
    protocol   = "icmp"
    source_ips = ["0.0.0.0/0", "::/0"]
  }
  rule {
    direction  = "in"
    protocol   = "tcp"
    port       = "22"
    source_ips = ["0.0.0.0/0", "::/0"]
  }
  rule {
    direction  = "in"
    protocol   = "tcp"
    port       = "22"
    source_ips = ["0.0.0.0/0", "::/0"]
  }
  rule {
    direction  = "in"
    protocol   = "tcp"
    port       = "80"
    source_ips = ["0.0.0.0/0", "::/0"]
  }
  rule {
    direction  = "in"
    protocol   = "tcp"
    port       = "443"
    source_ips = ["0.0.0.0/0", "::/0"]
  }
  # radicle-node
  rule {
    direction  = "in"
    protocol   = "tcp"
    port       = "8776"
    source_ips = ["0.0.0.0/0", "::/0"]
  }
 }
 output "crocus_ipv4" {
  value = hcloud_primary_ip.crocus_ipv4.ip_address
 }
--- a/infra/dns.nix
+++ b/infra/dns.nix
@@ -0,0 +1,20 @@
 { config, ... }:
 {
  resource.hcloud_zone.rpqt_fr = {
    name = "rpqt.fr";
    mode = "primary";
  };
  resource.hcloud_zone.turifer_dev = {
    name = "turifer.dev";
    mode = "primary";
  };
  output.rpqt_fr_zone_name = {
    value = config.resource.hcloud_zone.rpqt_fr "name";
  };
  output.turifer_dev_zone_name = {
    value = config.resource.hcloud_zone.turifer_dev "name";
  };
 }
--- a/infra/dns.tf
+++ b/infra/dns.tf
@@ -1,44 +0,0 @@
 data "ovh_vps" "verbena_vps" {
  service_name = "vps-7e78bac2.vps.ovh.net"
 }
 data "ovh_domain_zone" "rpqt_fr" {
  name = "rpqt.fr"
 }
 resource "ovh_domain_zone_import" "rpqt_fr_import" {
  zone_name = "rpqt.fr"
  zone_file = local.rpqt_fr_zone_file
 }
 data "ovh_domain_zone" "turifer_dev" {
  name = "turifer.dev"
 }
 resource "ovh_domain_zone_import" "turifer_dev_import" {
  zone_name = "turifer.dev"
  zone_file = local.turifer_dev_zone_file
 }
 locals {
  verbena_ipv4_addresses = [for ip in data.ovh_vps.verbena_vps.ips : ip if provider::assert::ipv4(ip)]
  verbena_ipv6_addresses = [for ip in data.ovh_vps.verbena_vps.ips : ip if provider::assert::ipv6(ip)]
  turifer_dev_zone_file = templatefile("./templates/turifer.dev.zone", {
    crocus_ipv4_address = hcloud_server.crocus_server.ipv4_address
    crocus_ipv6_address = hcloud_server.crocus_server.ipv6_address
    verbena_ipv4_addresses = local.verbena_ipv4_addresses
    verbena_ipv6_addresses = local.verbena_ipv6_addresses
  })
  rpqt_fr_zone_file = templatefile("./templates/rpqt.fr.zone", {
    crocus_ipv4_address = hcloud_server.crocus_server.ipv4_address
    crocus_ipv6_address = hcloud_server.crocus_server.ipv6_address
    verbena_ipv4_addresses = local.verbena_ipv4_addresses
    verbena_ipv6_addresses = local.verbena_ipv6_addresses
  })
 }
--- a/infra/flake-module.nix
+++ b/infra/flake-module.nix
@@ -1,7 +1,28 @@
 { self, ... }:
 {
  perSystem =
    { pkgs, ... }:
    {
      terranix.terranixConfigurations.infra = {
        terraformWrapper.package = pkgs.opentofu.withPlugins (p: [
          p.hashicorp_external
          p.hetznercloud_hcloud
        ]);
        extraArgs = { inherit (self) infra; };
        modules = [
          ./base.nix
          ./dns.nix
          ./mail.nix
          ./radicle.nix
          ./web.nix
        ];
      };
    };
  flake.infra =
    let
-      tf_outputs = builtins.fromJSON (builtins.readFile ../infra/outputs.json);
+      tf_outputs = builtins.fromJSON (builtins.readFile ./outputs.json);
    in
    {
      machines = {
@@ -12,6 +33,7 @@
        };
        crocus = {
          ipv4 = tf_outputs.crocus_ipv4.value;
          ipv6 = "2a01:4f8:1c1e:e415::1";
        };
      };
    };
--- a/infra/lib.nix
+++ b/infra/lib.nix
@@ -0,0 +1,88 @@
 { lib, ... }:
 let
  mkMigaduDkim = zone: name: {
    inherit zone;
    name = "${name}._domainkey";
    type = "CNAME";
    records = [
      { value = "${name}.${zone}._domainkey.migadu.com."; }
    ];
  };
 in
 {
  mkMigadu_hcloud_zone_rrset = zone: hostedEmailVerify: {
    dkim_1 = mkMigaduDkim zone "key1";
    dkim_2 = mkMigaduDkim zone "key2";
    dkim_3 = mkMigaduDkim zone "key3";
    spf = {
      inherit zone;
      name = "@";
      type = "TXT";
      records = [
        {
          value = lib.tf.ref ''provider::hcloud::txt_record("v=spf1 include:spf.migadu.com -all")'';
        }
        {
          value = lib.tf.ref ''provider::hcloud::txt_record("hosted-email-verify=${hostedEmailVerify}")'';
        }
      ];
    };
    dmarc = {
      inherit zone;
      name = "_dmarc";
      type = "TXT";
      records = [
        {
          value = lib.tf.ref ''provider::hcloud::txt_record("v=DMARC1; p=quarantine;")'';
        }
      ];
    };
    mx = {
      inherit zone;
      name = "@";
      type = "MX";
      records = [
        { value = "10 aspmx1.migadu.com."; }
        { value = "20 aspmx2.migadu.com."; }
      ];
    };
    autoconfig = {
      inherit zone;
      name = "autoconfig";
      type = "CNAME";
      records = [ { value = "autoconfig.migadu.com."; } ];
    };
    autodiscover = {
      inherit zone;
      name = "_autodiscover._tcp";
      type = "SRV";
      records = [ { value = "0 1 443 autodiscover.migadu.com."; } ];
    };
    submissions = {
      inherit zone;
      name = "_submissions._tcp";
      type = "SRV";
      records = [ { value = "0 1 465 smtp.migadu.com."; } ];
    };
    imaps = {
      inherit zone;
      name = "_imaps._tcp";
      type = "SRV";
      records = [ { value = "0 1 993 imap.migadu.com."; } ];
    };
    pop3s = {
      inherit zone;
      name = "_pop3s._tcp";
      type = "SRV";
      records = [ { value = "0 1 995 pop.migadu.com."; } ];
    };
  };
 }
--- a/infra/mail.nix
+++ b/infra/mail.nix
@@ -0,0 +1,15 @@
 { config, lib, ... }:
 let
  inherit (import ./lib.nix { inherit lib; })
    mkMigadu_hcloud_zone_rrset
    ;
  rpqt_fr = mkMigadu_hcloud_zone_rrset (config.resource.hcloud_zone.rpqt_fr "name") "pgeaq3bp";
  # Prefix resource names with zone name to avoid collision
  turifer_dev = lib.mapAttrs' (name: value: lib.nameValuePair "turifer_dev_${name}" value) (
    mkMigadu_hcloud_zone_rrset (config.resource.hcloud_zone.turifer_dev "name") "k5z4lcfc"
  );
 in
 {
  resource.hcloud_zone_rrset = rpqt_fr // turifer_dev;
 }
--- a/infra/main.tf
+++ b/infra/main.tf
@@ -1,15 +0,0 @@
 terraform {
  required_providers {
    hcloud = {
      source  = "hetznercloud/hcloud"
      version = "~> 1.45"
    }
    ovh = {
      source  = "ovh/ovh"
      version = "> 2.5.0"
    }
    assert = {
      source = "hashicorp/assert"
    }
  }
 }
--- a/infra/providers.tf
+++ b/infra/providers.tf
@@ -1,9 +0,0 @@
 provider "hcloud" {
  token = var.hcloud_token
 }
 provider "ovh" {
  endpoint      = "ovh-eu"
  client_id     = var.ovh_client_id
  client_secret = var.ovh_client_secret
 }
--- a/infra/radicle.nix
+++ b/infra/radicle.nix
@@ -0,0 +1,52 @@
 {
  config,
  infra,
  lib,
  ...
 }:
 {
  resource.hcloud_zone_rrset =
    let
      zone = config.resource.hcloud_zone.rpqt_fr "name";
    in
    {
      radicle_a = {
        inherit zone;
        name = "radicle";
        type = "A";
        records = [ { value = infra.machines.crocus.ipv4; } ];
      };
      radicle_aaaa = {
        inherit zone;
        name = "radicle";
        type = "AAAA";
        records = [ { value = infra.machines.crocus.ipv6; } ];
      };
      radicles_srv = {
        inherit zone;
        name = "seed._radicle-node._tcp";
        type = "SRV";
        records = [ { value = "32767 32767 58776 radicle.rpqt.fr."; } ];
      };
      radicles_nid = {
        inherit zone;
        name = "seed._radicle-node._tcp";
        type = "TXT";
        records = [
          {
            value = lib.tf.ref ''provider::hcloud::txt_record("nid=z6MkuivFHDPg6Bd25v4bEWm7T7qLUYMWk1eVTE7exvum5Rvd")'';
          }
        ];
      };
      radicle_ptr = {
        inherit zone;
        name = "_radicle-node._tcp";
        type = "PTR";
        records = [ { value = "seed._radicle-node._tcp.radicle.rpqt.fr."; } ];
      };
    };
 }
--- a/infra/templates/rpqt.fr.zone
+++ b/infra/templates/rpqt.fr.zone
@@ -1,31 +0,0 @@
 $TTL 3600
@	IN SOA dns100.ovh.net. tech.ovh.net. (2026010123 86400 3600 3600000 60)
    IN NS     dns100.ovh.net.
 	IN NS     ns100.ovh.net.
 rpqt.fr. 3000 IN TXT "hosted-email-verify=pgeaq3bp"
 rpqt.fr. 3000 IN MX 10 aspmx1.migadu.com.
 rpqt.fr. 3000 IN MX 20 aspmx2.migadu.com.
 rpqt.fr. 3000 IN TXT "v=spf1 include:spf.migadu.com -all"
 key1._domainkey.rpqt.fr. 3000 IN CNAME key1.rpqt.fr._domainkey.migadu.com.
 key2._domainkey.rpqt.fr. 3000 IN CNAME key2.rpqt.fr._domainkey.migadu.com.
 key3._domainkey.rpqt.fr. 3000 IN CNAME key3.rpqt.fr._domainkey.migadu.com.
 _dmarc.rpqt.fr. 3000 IN TXT "v=DMARC1; p=quarantine;"
 autoconfig.rpqt.fr. 3000 IN CNAME autoconfig.migadu.com.
 _autodiscover._tcp.rpqt.fr. 3000 IN SRV 0 1 443 autodiscover.migadu.com.
 _submissions._tcp.rpqt.fr. 3000 IN SRV 0 1 465 smtp.migadu.com.
 _imaps._tcp.rpqt.fr. 3000 IN SRV 0 1 993 imap.migadu.com.
 _pop3s._tcp.rpqt.fr. 3000 IN SRV 0 1 995 pop.migadu.com.
@ 10800 IN A 46.23.81.157
@ 10800 IN AAAA 2a03:6000:1813:1337::157
 %{ for addr in verbena_ipv4_addresses ~}
 cloud 10800 IN A ${addr}
 %{ endfor ~}
 %{ for addr in verbena_ipv6_addresses ~}
 cloud 10800 IN AAAA ${addr}
 %{ endfor ~}
 radicle 10800 IN A ${crocus_ipv4_address}
 radicle 10800 IN AAAA ${crocus_ipv6_address}
--- a/infra/templates/turifer.dev.zone
+++ b/infra/templates/turifer.dev.zone
@@ -1,39 +0,0 @@
 $TTL 3600
@	IN SOA dns100.ovh.net. tech.ovh.net. (2025071505 86400 3600 3600000 60)
    IN NS     dns100.ovh.net.
 	IN NS     ns100.ovh.net.
 turifer.dev. 3000 IN TXT "hosted-email-verify=k5z4lcfc"
 turifer.dev. 3000 IN MX 10 aspmx1.migadu.com.
 turifer.dev. 3000 IN MX 20 aspmx2.migadu.com.
 turifer.dev. 3000 IN TXT "v=spf1 include:spf.migadu.com -all"
 key1._domainkey.turifer.dev. 3000 IN CNAME key1.turifer.dev._domainkey.migadu.com.
 key2._domainkey.turifer.dev. 3000 IN CNAME key2.turifer.dev._domainkey.migadu.com.
 key3._domainkey.turifer.dev. 3000 IN CNAME key3.turifer.dev._domainkey.migadu.com.
 _dmarc.turifer.dev. 3000 IN TXT "v=DMARC1; p=quarantine;"
 autoconfig.turifer.dev. 3000 IN CNAME autoconfig.migadu.com.
 _autodiscover._tcp.turifer.dev. 3000 IN SRV 0 1 443 autodiscover.migadu.com.
 _submissions._tcp.turifer.dev. 3000 IN SRV 0 1 465 smtp.migadu.com.
 _imaps._tcp.turifer.dev. 3000 IN SRV 0 1 993 imap.migadu.com.
 _pop3s._tcp.turifer.dev. 3000 IN SRV 0 1 995 pop.migadu.com.
 %{ for addr in verbena_ipv4_addresses ~}
 git.turifer.dev. 10800 IN A ${addr}
 %{ endfor ~}
 %{ for addr in verbena_ipv6_addresses ~}
 git.turifer.dev. 10800 IN AAAA ${addr}
 %{ endfor ~}
 %{ for addr in verbena_ipv4_addresses ~}
 buildbot.turifer.dev. 10800 IN A ${addr}
 %{ endfor ~}
 %{ for addr in verbena_ipv6_addresses ~}
 buildbot.turifer.dev. 10800 IN AAAA ${addr}
 %{ endfor ~}
 %{ for addr in verbena_ipv4_addresses ~}
 wg1.turifer.dev. 10800 IN A ${addr}
 %{ endfor ~}
 %{ for addr in verbena_ipv6_addresses ~}
 wg1.turifer.dev. 10800 IN AAAA ${addr}
 %{ endfor ~}
--- a/infra/variables.tf
+++ b/infra/variables.tf
@@ -1,11 +0,0 @@
 variable "hcloud_token" {
  sensitive = true
 }
 variable "ovh_client_id" {
  sensitive = true
 }
 variable "ovh_client_secret" {
  sensitive = true
 }
--- a/infra/verbena.tf
+++ b/infra/verbena.tf
@@ -1,20 +0,0 @@
 output "verbena_ipv4" {
  value = local.verbena_ipv4_addresses[0]
 }
 output "verbena_ipv6" {
  value = local.verbena_ipv6_addresses[0]
 }
 output "verbena_gateway6" {
  value = local.gateway6
 }
 locals {
  hextets      = 4
  parts        = split(":", local.verbena_ipv6_addresses[0])
  prefix_parts = slice(local.parts, 0, local.hextets)
  prefix_str   = join(":", local.prefix_parts)
  gateway6     = "${local.prefix_str}::1"
 }
--- a/infra/web.nix
+++ b/infra/web.nix
@@ -0,0 +1,96 @@
 { config, infra, ... }:
 {
  resource.hcloud_zone_rrset =
    let
      sourcehut_pages = {
        ipv4 = "46.23.81.157";
        ipv6 = "2a03:6000:1813:1337::157";
      };
      zone = config.resource.hcloud_zone.rpqt_fr "name";
    in
    {
      a = {
        inherit zone;
        name = "@";
        type = "A";
        records = [ { value = sourcehut_pages.ipv4; } ];
      };
      aaaa = {
        inherit zone;
        name = "@";
        type = "AAAA";
        records = [ { value = sourcehut_pages.ipv6; } ];
      };
      cloud_a = {
        inherit zone;
        name = "cloud";
        type = "A";
        records = [ { value = infra.machines.verbena.ipv4; } ];
      };
      cloud_aaaa = {
        inherit zone;
        name = "cloud";
        type = "AAAA";
        records = [ { value = infra.machines.verbena.ipv6; } ];
      };
      git_turifer_dev_a = {
        zone = config.resource.hcloud_zone.turifer_dev "name";
        name = "git";
        type = "A";
        records = [ { value = infra.machines.verbena.ipv4; } ];
      };
      git_turifer_dev_aaaa = {
        zone = config.resource.hcloud_zone.turifer_dev "name";
        name = "git";
        type = "AAAA";
        records = [ { value = infra.machines.verbena.ipv6; } ];
      };
      git_rpqt_fr_a = {
        zone = config.resource.hcloud_zone.rpqt_fr "name";
        name = "git";
        type = "A";
        records = [ { value = infra.machines.verbena.ipv4; } ];
      };
      git_rpqt_fr_aaaa = {
        zone = config.resource.hcloud_zone.rpqt_fr "name";
        name = "git";
        type = "AAAA";
        records = [ { value = infra.machines.verbena.ipv6; } ];
      };
      buildbot_turifer_dev_a = {
        zone = config.resource.hcloud_zone.turifer_dev "name";
        name = "buildbot";
        type = "A";
        records = [ { value = infra.machines.verbena.ipv4; } ];
      };
      buildbot_turifer_dev_aaaa = {
        zone = config.resource.hcloud_zone.turifer_dev "name";
        name = "buildbot";
        type = "AAAA";
        records = [ { value = infra.machines.verbena.ipv6; } ];
      };
      wg1_turifer_dev_a = {
        zone = config.resource.hcloud_zone.turifer_dev "name";
        name = "wg1";
        type = "A";
        records = [ { value = infra.machines.verbena.ipv4; } ];
      };
      wg1_turifer_dev_aaaa = {
        zone = config.resource.hcloud_zone.turifer_dev "name";
        name = "wg1";
        type = "AAAA";
        records = [ { value = infra.machines.verbena.ipv6; } ];
      };
    };
 }
--- a/machines/genepi/glance-config.nix
+++ b/machines/genepi/glance-config.nix
@@ -65,6 +65,11 @@
                  url = "https://git.turifer.dev";
                  icon = "sh:gitea";
                }
                {
                  title = "Forgejo";
                  url = "https://git.rpqt.fr";
                  icon = "sh:forgejo";
                }
                {
                  title = "Pinchflat";
                  url = "https://pinchflat.${tld}";
--- a/machines/haze/configuration.nix
+++ b/machines/haze/configuration.nix
@@ -18,6 +18,7 @@
    self.nixosModules.desktop
    self.nixosModules.dev
    self.nixosModules.lanzaboote
    self.nixosModules.nix-defaults
    self.inputs.home-manager.nixosModules.home-manager
--- a/machines/verbena/configuration.nix
+++ b/machines/verbena/configuration.nix
@@ -4,6 +4,7 @@
    self.nixosModules.nix-defaults
    self.nixosModules.nextcloud
    self.nixosModules.gitea
    self.nixosModules.forgejo
    self.nixosModules.vaultwarden
    self.inputs.srvos.nixosModules.server
--- a/modules/forgejo.nix
+++ b/modules/forgejo.nix
@@ -0,0 +1,75 @@
 { config, lib, ... }:
 let
  cfg = config.services.forgejo;
 in
 {
  services.forgejo = {
    enable = true;
    lfs.enable = true;
    settings = {
      # storage = {
      # };
      server = {
        ROOT_URL = "https://${cfg.settings.server.DOMAIN}";
        DOMAIN = "git.rpqt.fr";
        HTTP_PORT = 3001;
      };
      session.PROVIDER = "db";
      session.COOKIE_SECURE = true;
      service.DISABLE_REGISTRATION = true;
      # Create a repository by pushing to it
      repository.ENABLE_PUSH_CREATE_USER = true;
    };
  };
  systemd.services.forgejo.environment = {
    FORGEJO__storage__STORAGE_TYPE = "minio";
    FORGEJO__storage__MINIO_ENDPOINT = "localhost:3900";
    FORGEJO__storage__MINIO_BUCKET = "forgejo";
    FORGEJO__storage__MINIO_LOCATION = "garage";
    FORGEJO__storage__MINIO_USE_SSL = "false";
  };
  systemd.services.forgejo.serviceConfig = {
    LoadCredential = [
      "minio_access_key_id:${config.clan.core.vars.generators.forgejo-s3-storage.files.access-key-id.path}"
      "minio_secret_access_key:${config.clan.core.vars.generators.forgejo-s3-storage.files.access-key-secret.path}"
    ];
    Environment = [
      "FORGEJO__storage__MINIO_ACCESS_KEY_ID__FILE=%d/minio_access_key_id"
      "FORGEJO__storage__MINIO_SECRET_ACCESS_KEY__FILE=%d/minio_secret_access_key"
    ];
  };
  clan.core.vars.generators.forgejo-s3-storage = {
    prompts.access-key-id = {
      description = "s3 access key id";
      type = "line";
      persist = true;
    };
    prompts.access-key-secret = {
      description = "s3 access key secret";
      type = "hidden";
      persist = true;
    };
  };
  clan.core.state.forgejo.folders = [ config.services.forgejo.stateDir ];
  services.nginx.virtualHosts."git.rpqt.fr" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://localhost:${builtins.toString (cfg.settings.server.HTTP_PORT)}";
    };
  };
  security.acme.certs."git.rpqt.fr" = {
    email = "admin@rpqt.fr";
  };
 }
--- a/modules/lanzaboote.nix
+++ b/modules/lanzaboote.nix
@@ -0,0 +1,23 @@
 {
  self,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [
    self.inputs.lanzaboote.nixosModules.lanzaboote
  ];
  environment.systemPackages = [
    # For debugging and troubleshooting Secure Boot.
    pkgs.sbctl
  ];
  boot.loader.systemd-boot.enable = lib.mkForce false;
  boot.lanzaboote = {
    enable = true;
    pkiBundle = "/var/lib/sbctl";
  };
 }
--- a/modules/nextcloud.nix
+++ b/modules/nextcloud.nix
@@ -34,7 +34,7 @@ in
    };
    extraAppsEnable = true;
    extraApps = {
-      # inherit (pkgs.nextcloud32Packages.apps) tasks;
+      inherit (config.services.nextcloud.package.packages.apps) tasks contacts calendar;
    };
  };
--- a/sops/secrets/hcloud-token/secret
+++ b/sops/secrets/hcloud-token/secret
@@ -0,0 +1,22 @@
 {
 	"data": "ENC[AES256_GCM,data:Jw4huyAI4yZT/24rImVh//JaFvUlwuIRrzP3nzLBqts+U2bs3wcv0LVavSEhECoJveUwYyS29++ewlnw+wiSrQ==,iv:O2ISIPnIJ3677VswqMjphwV30W24SNciPwIzd/AWm/w=,tag:ORMMkAtGyvzlINQ4fbtTjQ==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFTXMyczVuc3ZwUHJIUlUr\nSTFObW0wNjBGQXBhS1FCSDNCVFJpT05DZzM4CmdscVg4dzJJVDZ6aVpiUHNydXhK\nK0tQTy9uZmJyM3d1OHVXT1FlYnhLck0KLS0tIHJGT1IxWTdJL01XWUE5NEhtcGhs\nZWlUZkx1L2cwd3dpakNCOGY0M3BZazQKZrK9JoWAJk9BOCPWfwxthR4sdNvF4bYj\nbnw5HBmXHPuV4pObDE0RwnoMVBXSfTof41HfogvsM16GWR577+CgMg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdHhYQkMx\nb2xTUXB3dkZuajB0aHIwbllmcVJwOHY3eXphR21MRUdDdWorMApkcHVxQ1FRQ3ZQ\nSnpOYk9ZanJPZ1EvWUpoZHQ1K2VVUVBVMVphVlYweGg0Ci0tLSBiQmQ5YnJpKzJv\nY2lmOFpZSEVJeHNCb3F1SjFzNzBabHN0andFczRYTlFnCkSFxvQ47FvKcCh06tRd\nCb12wKSm12yMs5BR9Bv40YDB9C0/oqo17gDmVworyZKuK2dDfRaSLjoD4Cg2ww+A\nwS0=\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBaG9kZWdz\nWVloZGxVZW5lVHpkN292MVFjVC9wWkNWS2hJTWZiLzk0SkdmZwpSZTZkOTFadWxo\naHMzZlVGV3hCY3pyQ1BIczA0ekpIWXZRSFZtN1lZMzZFCi0tLSBlSkRCNkNtbjFs\nd2IvSlRISlRydVh4M1I2bVFFZ1ZJUFFNc1dtbGUrZWtvCiiFUjKkBp4eyI7YV1AY\nk3tqfqsoQyHPYhL4mxU5bDBPTwKpIwPZNzfVDxgiTwQq5s4TEoDYnl4rhEc6ONem\nx84=\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
 		"lastmodified": "2026-01-19T14:49:10Z",
 		"mac": "ENC[AES256_GCM,data:fWo9KS5W4A7UNM58G+KtCzAQAiM0qFVJwf42/eSQC+yAMfZJfbq17JDeow37CbnYo4GaXJuPQHbUqnrFHfqxRXAOP8GfQ02MRf3xSpmzwLQeKtZHwGG8+Ez9x+FnYUJcX8QIHpf25NKpe57h8STtC+Uz66lMp1EFXzJzgOvTY9w=,iv:Eya9bRyBUXv7ddSa7PVNYej6shnXTSdd3NvPPyRfezY=,tag:FH6YK+dfoPyQwgMNTqKQmg==,type:str]",
 		"version": "3.11.0"
 	}
 }
--- a/sops/secrets/hcloud-token/users/rpqt
+++ b/sops/secrets/hcloud-token/users/rpqt
@@ -0,0 +1 @@
 ../../../users/rpqt
--- a/vars/per-machine/verbena/forgejo-s3-storage/access-key-id/machines/verbena
+++ b/vars/per-machine/verbena/forgejo-s3-storage/access-key-id/machines/verbena
@@ -0,0 +1 @@
 ../../../../../../sops/machines/verbena
--- a/vars/per-machine/verbena/forgejo-s3-storage/access-key-id/secret
+++ b/vars/per-machine/verbena/forgejo-s3-storage/access-key-id/secret
@@ -0,0 +1,26 @@
 {
 	"data": "ENC[AES256_GCM,data:lILPrDhV479Rju4cNbtcEGU0KhOM7Xirbvk=,iv:LVMTgLoV53cRoa7xP0kvWWZyRC3zL8N00UfQQ/dPafY=,tag:q7PoGHYjI5Sa/3h7xZ0kZg==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTb3o4ejBZSUcvU1J4aDJ1\nMS8wVUFhaUZtSGlSZ3N6bUVSU1FxQ21DM0dnCjc4WDFmWWpra2lGMVBManpoSjVH\nSldZL3lBR2ZzSWd4VDZDUGtmSnpuRGsKLS0tIHVvcXVJUDZrekNxZFZtL0p0dUR0\nQ211dFpBQ0xEbWRNaisyVWU1TDZnbmMK3VhJbIlVy2jCbzEjSbR9PkN9oZNGjDfm\n7cSnYX8qLaHOJqAAj2isN7SeeYTpRE1IWiguXwKB9bhtij+1S6ymyA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBROWxkUGhUY3pVZk9EQVlO\ndnVKeUM0TThJeGZTOEV2MkVudCttQUVBdDI0CnZwWFBpYTVYR3l5L0RQb05HbTd2\nbndPaEpZWXFTOXl3VE5lWDFrV29mQ1EKLS0tIExMaVpVWXpORExxWWEyNDVia3RM\nMkxTQ0QzM21SeE9NUGlWeGJRMFE0SWcKRaL0GXuZ4/9NKeKFNmJIORpEsVOKBhR4\nzcnJGwY2QnteYkfHhUiZT7vBPIKC6xsCD2gtLAywjX1KUr+FZb4YaA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBeXZGMnBO\nZGRGRW02MXE1TXc0dEErejFQSURKSFo4SEUrQnJXZTdicE9hKwpCTUY1Q2hkT3BC\nV2xmWFR4Zjh5VWF5VzQ5azFkVEF2eS9Fcy9wVUVCYUs4Ci0tLSBLb3RSenEwcDUv\nTitHN3FpNDZHaDlpbWc2cDVkNzlxZCtXWkZGbUxLQnNFCoR/dPrE99WjUojR2Nl1\nC8ZHNnJE53jI1lQGvy5aSo3HmKt97dQwlYuJ0MvHu3CtL9DUenEAfe/OSL4PIb+p\nUZA=\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBM2tyQURp\ncGlwTlF1M1JTSXBVM1BlUXYrQ2d2dTRudUwwVDRUdXBubU5OdApmdG1sbS9UcnU0\nYjh0bGlGd2FSdU9pcmEyck9PWkUrUlBFRlR2SVBBLy9RCi0tLSBlL2hVeHRJL1lw\nN1ZVeGFOUGVtVmIwZzc4QzNCdUx1WGhTMGlkYjh6RDFNCqyR5iQ9aCIgCmi2mKDZ\nHPHlerB0TLlvU50w7WLUXzjPts+ZQVE3fMLHUrFi09D1zyKYrB0kDYDcSgcK9j7m\ncTY=\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
 		"lastmodified": "2026-01-23T12:31:31Z",
 		"mac": "ENC[AES256_GCM,data:9s8Kfn08MtBUg9D3MjAfYgEVJ+tsLI3K5DzZec+dl4EzDh3RuF12OI2GbWMgzpAHcEVBcBC0mpvY+ITSTPViNlCu/YBWRzpO9QQPBKRO7VwlwlKIhydjIK+t71QCDiMfWUVEHC5vmYiZeF0uwXSuD/+1WMUFsFYG1LUauN0dhVA=,iv:3mvjAuOQMypsTmzLvBl2H7Pb5CcwHdV9hvZAoWcVOQ0=,tag:hJoTCtWVtC9wBPOn8WDofw==,type:str]",
 		"version": "3.11.0"
 	}
 }
--- a/vars/per-machine/verbena/forgejo-s3-storage/access-key-id/users/rpqt
+++ b/vars/per-machine/verbena/forgejo-s3-storage/access-key-id/users/rpqt
@@ -0,0 +1 @@
 ../../../../../../sops/users/rpqt
--- a/vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/machines/verbena
+++ b/vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/machines/verbena
@@ -0,0 +1 @@
 ../../../../../../sops/machines/verbena
--- a/vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/secret
+++ b/vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/secret
@@ -0,0 +1,26 @@
 {
 	"data": "ENC[AES256_GCM,data:aEG/3fHh4cJ1hheU4P6PFKgm9n9HJblURiqvKms0fnx1cTJSd74qaNejWVlnThuxqPFgi4kv8LIi9WzmpEWy8Q==,iv:zrPF2WvbXPxzQxxZ9p+v/BR1YfNfS02PVi/+5pMzamA=,tag:n96sdJSnBoBWD0ibmAYweQ==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5WkxjWFZrdE1iVFIxN2xw\ncXlhNGp3cDRKaitqdWNMZTRuNDNHNHVjTEhjCm9wWUswVGlKL2ducjhmQzNzcXps\nbGRMZmk4dm9pdXR2MjdpK1FxOFFkZkUKLS0tIGsydS91UTlGWjlNbytRVWZaamRj\nSXJKVWxhTXV3MmlhcnNMb3d4Vm8vWEkKiEbNBhLLFzNNGmrvGZEedvnX3EjAhJCW\nvTIi3W89nHdOV8pHJK+aIaUT5EhBSTdyCAF/Ecl1MtG6kXjc4G7a3Q==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKRkNkTjVtazhoSGM1dlB3\nN29hYWMxWjNUdVpkVDZQTzh5T2w5enQyKzE0CnpwUzlKZ3pERVhZbmFkQlVhd20y\ndHl2WU9CUDhGVjh4NlVSQmxHUFE3UWcKLS0tIDh6RWtURUE1QW04Q3NENDgvVGE2\nYXdYaEgrVlp6NEZSbmNkM3pYZUNvVGMK2PqzSlhUQhUcsQxNUG0XqjGHjctVvXSR\ncGXZZypty4jd5sWgQKVb4tJ5qu/BlssQnT6YailJEW/8XrhjSuddvg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbFROMGpQ\nYmlpaC83ZDc0b0NCcHI2UVBvQVkvQVI2cmtRbHpEUDFXTTFiaApyeHZ5Sk9jWUho\nUCsveWZoK1FCVGkwZ2hWMTVTZDdwT1BOdG91TWMwRGJnCi0tLSBOV3l0L1BmY0RR\nRWVzYXgwME95ZHMyRWxqdk5odm1zczMzUCtkRU13eUNRCpUjzMJdcOPbmM8aIA5I\nhDET4gkaq9Nm/W2+UhuwR9NcFj2mpSCKAc2BJX6wLJ3vTqOXb3yl4L2PQT6db7bt\nQ/c=\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBNkJGOHpK\nUnRzTE8yV1hsYzZXK1N6V09yc2JaMHVvVnV5bEJaZ1hId2tPbApzWC9oS3NzMytW\najVocEZEMTBGblpWV1lNaGh4bnpGRzMybkM2WHNvelZnCi0tLSBESEhJSWtYdW9U\nMmFES1pGY0tJN3hTQlZqeTRoZ3VvQTRxNVFBdVVkVnprCu6aApFJvusV0eJqgBDU\niDDTdsOsY6L7XQHJtiITwsCz9a3jwvgu0+p3TIFAi5NU+RbGWMhlo9OZ+e2hTGGe\nPRY=\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
 		"lastmodified": "2026-01-23T12:31:31Z",
 		"mac": "ENC[AES256_GCM,data:849ki7N7EUxz8a7HnA6oljWx3WN5TbhyqOZSe8T7i931U4tZbzuchxjVQTVb7dGS0sIM5G3rPztP0mAvP9ata6HLPVqov4oTlPW9/+HfcPnlX9stC1uDfJ0AUYyQ6Q6Xavs615X0XE8N1ccGBXoyfOGFBQYcz5vz0aqH4OmbRLM=,iv:SZbVM6UntxRpE1SB7iepCdKUgNCJL+5q2wJA5u9n/4E=,tag:9FlUde54jxc1RKvKl1auBg==,type:str]",
 		"version": "3.11.0"
 	}
 }
--- a/vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/users/rpqt
+++ b/vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/users/rpqt
@@ -0,0 +1 @@
 ../../../../../../sops/users/rpqt
Author	SHA1	Message	Date
Romain Paquet	dce4057083	update readme	2026-01-31 14:57:10 +01:00
Romain Paquet	a0234b7b6f	nextcloud: add calendar and contacts apps	2026-01-31 14:43:31 +01:00
Romain Paquet	59458a3ba1	haze: use lanzaboote	2026-01-31 14:43:31 +01:00
Romain Paquet	5bd14cffe9	alacritty: auto switch dark/light theme	2026-01-31 14:43:31 +01:00
Romain Paquet	0747388105	nixfmt-rfc-style -> nixfmt	2026-01-31 14:31:38 +01:00
Romain Paquet	240cb89fb7	update flake inputs	2026-01-31 14:31:27 +01:00
Romain Paquet	fc81d4ffc9	add forgejo	2026-01-31 14:31:15 +01:00
Romain Paquet	d0c9fdb625	infra: fix migadu generator	2026-01-31 14:30:05 +01:00
Romain Paquet	fb136061cf	add lanzaboote	2026-01-31 14:28:44 +01:00
Romain Paquet	782ac7140d	Update vars via generator forgejo-s3-storage for machine verbena	2026-01-23 13:31:31 +01:00
Romain Paquet	01f9ce7503	infra: add missing wireguard dns records	2026-01-20 15:52:31 +01:00
Romain Paquet	1ef49241b4	remove wofi-emoji	2026-01-20 15:32:04 +01:00
Romain Paquet	3d5695c9b3	helix: auto-format ocaml	2026-01-19 22:40:41 +01:00
Romain Paquet	de32fe0db0	migrate infra to terranix	2026-01-19 22:38:28 +01:00
Romain Paquet	32c4eeb2f8	add terranix	2026-01-19 22:37:34 +01:00
Romain Paquet	f1e06aaead	Update secret hcloud-token	2026-01-19 15:49:10 +01:00
Romain Paquet	93b923c146	rename nixfmt-rfc-style -> nixfmt	2026-01-18 17:06:18 +01:00