rpqt/flocon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: rpqt:2d8bf05283553db5fb159ebc8e2a2eed26d61a21
Branches Tags
rpqt:main rpqt:clan
..
compare: rpqt:main
Branches Tags
rpqt:main rpqt:clan

47 Commits
2d8bf05283 ... main

Author SHA1 Message Date
Romain Paquet
dce4057083 update readme 2026-01-31 14:57:10 +01:00
Romain Paquet
a0234b7b6f nextcloud: add calendar and contacts apps 2026-01-31 14:43:31 +01:00
Romain Paquet
59458a3ba1 haze: use lanzaboote 2026-01-31 14:43:31 +01:00
Romain Paquet
5bd14cffe9 alacritty: auto switch dark/light theme 2026-01-31 14:43:31 +01:00
Romain Paquet
0747388105 nixfmt-rfc-style -> nixfmt 2026-01-31 14:31:38 +01:00
Romain Paquet
240cb89fb7 update flake inputs 2026-01-31 14:31:27 +01:00
Romain Paquet
fc81d4ffc9 add forgejo 2026-01-31 14:31:15 +01:00
Romain Paquet
d0c9fdb625 infra: fix migadu generator 2026-01-31 14:30:05 +01:00
Romain Paquet
fb136061cf add lanzaboote 2026-01-31 14:28:44 +01:00
Romain Paquet
782ac7140d Update vars via generator forgejo-s3-storage for machine verbena 2026-01-23 13:31:31 +01:00
Romain Paquet
01f9ce7503 infra: add missing wireguard dns records 2026-01-20 15:52:31 +01:00
Romain Paquet
1ef49241b4 remove wofi-emoji 2026-01-20 15:32:04 +01:00
Romain Paquet
3d5695c9b3 helix: auto-format ocaml 2026-01-19 22:40:41 +01:00
Romain Paquet
de32fe0db0 migrate infra to terranix 2026-01-19 22:38:28 +01:00
Romain Paquet
32c4eeb2f8 add terranix 2026-01-19 22:37:34 +01:00
Romain Paquet
f1e06aaead Update secret hcloud-token 2026-01-19 15:49:10 +01:00
Romain Paquet
93b923c146 rename nixfmt-rfc-style -> nixfmt 2026-01-18 17:06:18 +01:00
Romain Paquet
123c3edb0e update flake inputs 2026-01-18 14:11:52 +01:00
Romain Paquet
6bb5625bc7 enable nix pipe-operators 2026-01-17 17:32:25 +01:00
Romain Paquet
65792b7ad4 add rage 2026-01-17 17:30:57 +01:00
Romain Paquet
8b9ab0b215 change default user shell to fish 2026-01-17 17:30:00 +01:00
Romain Paquet
f3d5f8e5d7 update flake inputs 2026-01-17 17:27:23 +01:00
Romain Paquet
a8d52b0473 update garage crocus hostname 2026-01-10 13:04:58 +01:00
Romain Paquet
a36f64cb93 add direnv-instant 2026-01-10 13:03:55 +01:00
Romain Paquet
1e8e04bf24 enable pcscd for yubikey 2026-01-06 15:51:35 +01:00
Romain Paquet
87e589e690 add .val search domain 2026-01-06 15:50:45 +01:00
Romain Paquet
c9953d269b remove gandi acme 2026-01-06 15:48:51 +01:00
Romain Paquet
d162591696 infra: allow more recent ovh versions 2026-01-06 15:47:03 +01:00
Romain Paquet
4ce5811615 update flake inputs 2026-01-06 15:46:21 +01:00
Romain Paquet
600e2c26c9 add vaultwarden 2026-01-06 15:46:18 +01:00
Romain Paquet
d3201fbca9 move coredns to port 53 to allow access on android 2026-01-06 15:43:40 +01:00
Romain Paquet
2063550f93 setup internal CA 2026-01-06 15:43:17 +01:00
Romain Paquet
dda8ca5d0f move services to internal clan tld 2026-01-06 15:43:17 +01:00
Romain Paquet
9e3d99231d infra: allow more recent version of ovh provider 2026-01-03 23:43:01 +01:00
Romain Paquet
c79df328de infra: fix terrible copypasta 2026-01-03 23:41:23 +01:00
Romain Paquet
7a8b12bba4 infra: remove gandi 2026-01-03 23:41:11 +01:00
Romain Paquet
caa0179f1d refactor nix module list 2026-01-03 22:57:19 +01:00
Romain Paquet
d2c624fe9c genepi: remove mpd 2026-01-03 22:26:56 +01:00
Romain Paquet
3a2dd0cc0b configure email for aerc 2026-01-03 22:24:11 +01:00
Romain Paquet
afb8dd50f4 niri: reserve first workspace for web 2026-01-03 22:21:52 +01:00
Romain Paquet
82a559e81a remove deleted vars 2026-01-03 22:21:28 +01:00
Romain Paquet
f8fb7a2480 add passage 2026-01-03 22:20:52 +01:00
Romain Paquet
410f63eb31 add jjui 2026-01-03 22:20:36 +01:00
Romain Paquet
2b2b5d30c7 migrate rpqt.fr domain to OVH 2026-01-03 22:17:25 +01:00
Romain Paquet
964b9b5b4e add age-plugin-yubikey for clan vars 2026-01-03 22:15:49 +01:00
Romain Paquet
010c53b6ad remove sway config and outdated dotfiles 2026-01-03 22:11:35 +01:00
Romain Paquet
e7ce8dba6d cleanup flake inputs 2026-01-03 22:11:35 +01:00
86 changed files with 1099 additions and 1313 deletions
Expand all files Collapse all files

20
README.md
View File

@@ -1,15 +1,18 @@
# NixOS & Home Manager config
# Flocon
This repository contains all my system configurations, mostly deployed using Nix and [Clan].
## Structure
- **home**: Dotfiles
- **machines**: Host-specific configs
- **infra**: Terraform/OpenTofu files
- **vars**: Encrypted secrets managed by clan
- **modules**: NixOS modules
- **clan**: Clan configuration
- **clanServices**: Custom [Clan Services](https://docs.clan.lol/reference/clanServices)
- **home**: Dotfiles
- **home-manager**: [Home Manager] modules
- **infra**: [Terranix] files (for Terraform/OpenTofu)
- **machines**: Per-host configurations
- **modules**: [NixOS] modules
- **packages**: Nix packages
- **vars**: Encrypted secrets managed by clan
## Dotfiles
@@ -19,4 +22,7 @@ This repository contains all my system configurations, mostly deployed using Nix
dotbot -c ./dotbot/windows.yaml -d home
```
[Clan]: https//clan.lol
[Clan]: https://clan.lol
[Home Manager]: https://home-manager.dev
[NixOS]: https://nixos.org
[Terranix]: https://terranix.org

4
clan/flake-module.nix
View File

@@ -9,6 +9,10 @@
clan.meta.name = "blossom";
clan.meta.domain = "val";
clan.secrets.age.plugins = [
"age-plugin-yubikey"
];
clan.inventory.instances."rpqt-admin" = {
module.input = "clan-core";
module.name = "admin";

30
clan/network.nix
View File

@@ -33,16 +33,17 @@
};
};
# clan.inventory.instances.certificates = {
# module.name = "certificates";
# module.input = "clan-core";
clan.inventory.instances.certificates = {
module.name = "certificates";
module.input = "clan-core";
# roles.ca.machines.verbena = {
# settings.acmeEmail = "admin@rpqt.fr";
# };
# roles.default.tags.all = { };
# roles.default.settings.acmeEmail = "admin@rpqt.fr";
# };
roles.ca.machines.verbena = {
settings.acmeEmail = "admin@rpqt.fr";
settings.tlds = [ "val" ];
};
roles.default.tags.all = { };
roles.default.settings.acmeEmail = "admin@rpqt.fr";
};
# Temporarily patched version of clan-core/coredns for AAAA records support
clan.inventory.instances.coredns = {
@@ -52,12 +53,21 @@
roles.default.tags.all = { };
roles.server.machines.verbena = {
settings.ip = "fd28:387a:90:c400::1";
settings.dnsPort = 53;
};
roles.server.machines.crocus = {
settings.ip = "fd28:387a:90:c400:6db2:dfc3:c376:9956";
};
roles.server.settings = {
tld = "home.rpqt.fr";
tld = "val";
};
roles.default.machines.verbena.settings = {
ip = "fd28:387a:90:c400::1";
services = [
"ca"
"vaultwarden"
];
};
roles.default.machines.genepi.settings = {

8
clanServices/coredns/default.nix
View File

@@ -118,11 +118,13 @@
''
.:${dnsPort} {
bind wireguard
forward . 1.1.1.1
cache 30
}
${settings.tld}:${dnsPort} {
bind wireguard
file ${zonefile}
}
'';
@@ -168,7 +170,7 @@
networking.nameservers = map (
m:
let
port = config.services.unbound.settings.port or 53;
port = config.services.unbound.settings.server.port or 53;
in
"127.0.0.1:${toString port}#${roles.server.machines.${m}.settings.tld}"
) (lib.attrNames roles.server.machines);
@@ -179,11 +181,11 @@
services.unbound = {
enable = true;
resolveLocalQueries = true;
# resolveLocalQueries = true;
checkconf = true;
settings = {
server = {
# port = 5353;
port = 5353;
verbosity = 2;
interface = [ "127.0.0.1" ];
access-control = [ "127.0.0.0/8 allow" ];

4
devShells/flake-module.nix
View File

@@ -11,7 +11,7 @@
inputs'.clan-core.packages.clan-cli
pkgs.garage
pkgs.nil # Nix language server
pkgs.nixfmt-rfc-style
pkgs.nixfmt
pkgs.opentofu
pkgs.terraform-ls
pkgs.deploy-rs
@@ -19,7 +19,7 @@
];
shellHook = ''
export GARAGE_RPC_SECRET=$(clan vars get crocus garage-shared/rpc_secret)
export GARAGE_RPC_HOST=5d8249fe49264d36bc3532bd88400498bf9497b5cd4872245eb820d5d7797ed6@crocus.home.rpqt.fr:3901
export GARAGE_RPC_HOST=5d8249fe49264d36bc3532bd88400498bf9497b5cd4872245eb820d5d7797ed6@crocus.val:3901
'';
};
};

341
flake.lock generated
View File

@@ -10,11 +10,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1765893949,
"narHash": "sha256-5wn3/cMZ6cQ7BHaoTkeDiMxgjZUV/8FPGplCJ/P6Idc=",
"lastModified": 1769313163,
"narHash": "sha256-pjYF+adGJBkMLgKFAhnMEMR0818OsCaZAZREYs/baPQ=",
"owner": "nix-community",
"repo": "buildbot-nix",
"rev": "39896cb5a1a6ad52d1feb6634913087e11059454",
"rev": "6c0fbf1425279800fd8f02796fdb567599587b7b",
"type": "github"
},
"original": {
@@ -32,7 +32,6 @@
],
"nix-darwin": "nix-darwin",
"nix-select": "nix-select",
"nixos-facter-modules": "nixos-facter-modules",
"nixpkgs": [
"nixpkgs"
],
@@ -41,11 +40,11 @@
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1766058975,
"narHash": "sha256-HBnRRq9wLq7UfJxMM55wR10lZFK1F0lNyRgUwwOby6s=",
"lastModified": 1769817905,
"narHash": "sha256-/Ktjya8b3TfYeskDPY+67/BXyOwz0EpZnIW4QY9Qd94=",
"ref": "refs/heads/main",
"rev": "9032d11a0e31641808ef1427150aac0f40e2e0b9",
"revCount": 11671,
"rev": "49c69a0dd6750bbce8ebc698879e3cb48f32ae6b",
"revCount": 12606,
"type": "git",
"url": "https://git.clan.lol/clan/clan-core"
},
@@ -54,6 +53,21 @@
"url": "https://git.clan.lol/clan/clan-core"
}
},
"crane": {
"locked": {
"lastModified": 1765145449,
"narHash": "sha256-aBVHGWWRzSpfL++LubA0CwOOQ64WNLegrYHwsVuVN7A=",
"owner": "ipetkov",
"repo": "crane",
"rev": "69f538cdce5955fcd47abfed4395dc6d5194c1c5",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"data-mesher": {
"inputs": {
"flake-parts": [
@@ -70,17 +84,41 @@
]
},
"locked": {
"lastModified": 1765768061,
"narHash": "sha256-RZ/ocDUJ3WPr2KcDc2MB6Fu+ZPqzwsMKQ16XxqrPi+o=",
"rev": "53351f9953ecf9dbe18795b4784abe53b14e6eee",
"lastModified": 1769701076,
"narHash": "sha256-ZquoXeXZ8fwMQ54UVgcGRKjzdK0deRHzm0a2jVbw4uw=",
"rev": "21655e76e84749d5ce3c9b3aaf9d86ba4016ba08",
"type": "tarball",
"url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/53351f9953ecf9dbe18795b4784abe53b14e6eee.tar.gz"
"url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/21655e76e84749d5ce3c9b3aaf9d86ba4016ba08.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://git.clan.lol/clan/data-mesher/archive/main.tar.gz"
}
},
"direnv-instant": {
"inputs": {
"flake-parts": [
"flake-parts"
],
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix_3"
},
"locked": {
"lastModified": 1768707867,
"narHash": "sha256-bNHBR07JIJUMjDGqd3/KwhPsI7e43JkAoeczO2cQ8h8=",
"owner": "Mic92",
"repo": "direnv-instant",
"rev": "522eeea04ab1bc360464e51477963b0c3e18284a",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "direnv-instant",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
@@ -89,11 +127,11 @@
]
},
"locked": {
"lastModified": 1765794845,
"narHash": "sha256-YD5QWlGnusNbZCqR3pxG8tRxx9yUXayLZfAJRWspq2s=",
"lastModified": 1769524058,
"narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
"owner": "nix-community",
"repo": "disko",
"rev": "7194cfe5b7a3660726b0fe7296070eaef601cae9",
"rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
"type": "github"
},
"original": {
@@ -109,11 +147,11 @@
]
},
"locked": {
"lastModified": 1765794845,
"narHash": "sha256-YD5QWlGnusNbZCqR3pxG8tRxx9yUXayLZfAJRWspq2s=",
"lastModified": 1769524058,
"narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
"owner": "nix-community",
"repo": "disko",
"rev": "7194cfe5b7a3660726b0fe7296070eaef601cae9",
"rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
"type": "github"
},
"original": {
@@ -122,6 +160,22 @@
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1761588595,
"narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
@@ -130,11 +184,11 @@
]
},
"locked": {
"lastModified": 1765835352,
"narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
"lastModified": 1768135262,
"narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "a34fae9c08a15ad73f295041fec82323541400a9",
"rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
"type": "github"
},
"original": {
@@ -150,11 +204,11 @@
]
},
"locked": {
"lastModified": 1765835352,
"narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
"lastModified": 1768135262,
"narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "a34fae9c08a15ad73f295041fec82323541400a9",
"rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
"type": "github"
},
"original": {
@@ -163,6 +217,28 @@
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"hercules-ci-effects": {
"inputs": {
"flake-parts": [
@@ -175,11 +251,11 @@
]
},
"locked": {
"lastModified": 1765774562,
"narHash": "sha256-UQhfCggNGDc7eam+EittlYmeW89CZVT1KkFIHZWBH7k=",
"lastModified": 1768476106,
"narHash": "sha256-V0YOJRum50gtKgwavsAfwXc9+XAsJCC7386YZx1sWGQ=",
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"rev": "edcbb19948b6caf1700434e369fde6ff9e6a3c93",
"rev": "c19e263e6e22ec7379d972f19e6a322f943c73fb",
"type": "github"
},
"original": {
@@ -195,11 +271,11 @@
]
},
"locked": {
"lastModified": 1765980955,
"narHash": "sha256-rB45jv4uwC90vM9UZ70plfvY/2Kdygs+zlQ07dGQFk4=",
"lastModified": 1769813945,
"narHash": "sha256-9ABv9Lo9t6MrFjlnRnU8Zw1C6LVj2+R8PipQ/rxGLHk=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "89c9508bbe9b40d36b3dc206c2483ef176f15173",
"rev": "475921375def3eb930e1f8883f619ff8609accb6",
"type": "github"
},
"original": {
@@ -208,39 +284,27 @@
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1737831083,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"matugen": {
"lanzaboote": {
"inputs": {
"crane": "crane",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_2"
"pre-commit": "pre-commit",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1765981892,
"narHash": "sha256-c7VKaNiBUkwGsTq398EQSM4K7skPacmOz8NeLj67M7s=",
"owner": "InioX",
"repo": "Matugen",
"rev": "e405cd9de87510dd40c1328bcf06e0daf3d1a5bf",
"lastModified": 1765382359,
"narHash": "sha256-RJmgVDzjRI18BWVogG6wpsl1UCuV6ui8qr4DJ1LfWZ8=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "e8c096ade12ec9130ff931b0f0e25d2f1bc63607",
"type": "github"
},
"original": {
"owner": "InioX",
"repo": "Matugen",
"owner": "nix-community",
"ref": "v1.0.0",
"repo": "lanzaboote",
"type": "github"
}
},
@@ -252,11 +316,11 @@
]
},
"locked": {
"lastModified": 1764161084,
"narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=",
"lastModified": 1768764703,
"narHash": "sha256-5ulSDyOG1U+1sJhkJHYsUOWEsmtLl97O0NTVMvgIVyc=",
"owner": "nix-darwin",
"repo": "nix-darwin",
"rev": "e95de00a471d07435e0527ff4db092c84998698e",
"rev": "0fc4e7ac670a0ed874abacf73c4b072a6a58064b",
"type": "github"
},
"original": {
@@ -293,32 +357,17 @@
"type": "github"
}
},
"nixos-facter-modules": {
"locked": {
"lastModified": 1765442039,
"narHash": "sha256-k3lYQ+A1F7aTz8HnlU++bd9t/x/NP2A4v9+x6opcVg0=",
"owner": "nix-community",
"repo": "nixos-facter-modules",
"rev": "9dd775ee92de63f14edd021d59416e18ac2c00f1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-facter-modules",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1764234087,
"narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=",
"lastModified": 1769813415,
"narHash": "sha256-nnVmNNKBi1YiBNPhKclNYDORoHkuKipoz7EtVnXO50A=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "032a1878682fafe829edfcf5fdfad635a2efe748",
"rev": "8946737ff703382fda7623b9fab071d037e897d5",
"type": "github"
},
"original": {
@@ -329,11 +378,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1764440730,
"narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",
"lastModified": 1769302137,
"narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",
"rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8",
"type": "github"
},
"original": {
@@ -361,11 +410,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1765779637,
"narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=",
"lastModified": 1769461804,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1306659b587dc277866c7b69eb97e5f07864d8c4",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
"type": "github"
},
"original": {
@@ -375,19 +424,64 @@
"type": "github"
}
},
"pre-commit": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1765016596,
"narHash": "sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"buildbot-nix": "buildbot-nix",
"clan-core": "clan-core",
"direnv-instant": "direnv-instant",
"disko": "disko_2",
"flake-parts": "flake-parts_2",
"home-manager": "home-manager",
"impermanence": "impermanence",
"matugen": "matugen",
"lanzaboote": "lanzaboote",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
"srvos": "srvos"
"srvos": "srvos",
"terranix": "terranix"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1765075567,
"narHash": "sha256-KFDCdQcHJ0hE3Nt5Gm5enRIhmtEifAjpxgUQ3mzSJpA=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "769156779b41e8787a46ca3d7d76443aaf68be6f",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"sops-nix": {
@@ -398,11 +492,11 @@
]
},
"locked": {
"lastModified": 1765836173,
"narHash": "sha256-hWRYfdH2ONI7HXbqZqW8Q1y9IRbnXWvtvt/ONZovSNY=",
"lastModified": 1769469829,
"narHash": "sha256-wFcr32ZqspCxk4+FvIxIL0AZktRs6DuF8oOsLt59YBU=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "443a7f2e7e118c4fc63b7fae05ab3080dd0e5c63",
"rev": "c5eebd4eb2e3372fe12a8d70a248a6ee9dd02eff",
"type": "github"
},
"original": {
@@ -418,11 +512,11 @@
]
},
"locked": {
"lastModified": 1766020451,
"narHash": "sha256-Jy7rX7sMbSJEX0KKwvNcGUfRVZ0SDWo3Zk2e5LGyqw0=",
"lastModified": 1769681123,
"narHash": "sha256-i29n0IDa5nR8O9w7QsajWNy/dfgfnGF7/nJY+/OdjEY=",
"owner": "nix-community",
"repo": "srvos",
"rev": "5ecd4a56da963480db305e56ab3a42d13597c0a7",
"rev": "861710611463c47190345f09f6959c9230def555",
"type": "github"
},
"original": {
@@ -448,16 +542,40 @@
},
"systems_2": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"repo": "default",
"type": "github"
}
},
"terranix": {
"inputs": {
"flake-parts": [
"flake-parts"
],
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_2"
},
"locked": {
"lastModified": 1762472226,
"narHash": "sha256-iVS4sxVgGn+T74rGJjEJbzx+kjsuaP3wdQVXBNJ79A0=",
"owner": "terranix",
"repo": "terranix",
"rev": "3b5947a48da5694094b301a3b1ef7b22ec8b19fc",
"type": "github"
},
"original": {
"owner": "terranix",
"repo": "terranix",
"type": "github"
}
},
@@ -469,11 +587,11 @@
]
},
"locked": {
"lastModified": 1762938485,
"narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=",
"lastModified": 1768158989,
"narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4",
"rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca",
"type": "github"
},
"original": {
@@ -490,11 +608,32 @@
]
},
"locked": {
"lastModified": 1766000401,
"narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=",
"lastModified": 1769691507,
"narHash": "sha256-8aAYwyVzSSwIhP2glDhw/G0i5+wOrren3v6WmxkVonM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd",
"rev": "28b19c5844cc6e2257801d43f2772a4b4c050a1b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_3": {
"inputs": {
"nixpkgs": [
"direnv-instant",
"nixpkgs"
]
},
"locked": {
"lastModified": 1768158989,
"narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca",
"type": "github"
},
"original": {

23
flake.nix
View File

@@ -6,15 +6,12 @@
nixpkgs,
clan-core,
flake-parts,
home-manager,
impermanence,
nixos-hardware,
self,
...
}:
flake-parts.lib.mkFlake { inherit inputs; } ({
imports = [
inputs.clan-core.flakeModules.default
clan-core.flakeModules.default
inputs.terranix.flakeModule
./clan/flake-module.nix
./clanServices/flake-module.nix
./devShells/flake-module.nix
@@ -39,8 +36,6 @@
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
impermanence.url = "github:nix-community/impermanence";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
nixos-generators.url = "github:nix-community/nixos-generators";
@@ -49,9 +44,6 @@
clan-core.inputs.nixpkgs.follows = "nixpkgs";
clan-core.inputs.flake-parts.follows = "flake-parts";
matugen.url = "github:InioX/Matugen";
matugen.inputs.nixpkgs.follows = "nixpkgs";
flake-parts.url = "github:hercules-ci/flake-parts";
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
@@ -60,5 +52,16 @@
buildbot-nix.url = "github:nix-community/buildbot-nix";
buildbot-nix.inputs.nixpkgs.follows = "nixpkgs";
direnv-instant.url = "github:Mic92/direnv-instant";
direnv-instant.inputs.nixpkgs.follows = "nixpkgs";
direnv-instant.inputs.flake-parts.follows = "flake-parts";
terranix.url = "github:terranix/terranix";
terranix.inputs.nixpkgs.follows = "nixpkgs";
terranix.inputs.flake-parts.follows = "flake-parts";
lanzaboote.url = "github:nix-community/lanzaboote/v1.0.0";
lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
};
}

37
home-manager/cli.nix
View File

@@ -5,12 +5,28 @@
pkgs,
...
}:
let
shellAliases = {
ls = "eza";
lsa = "ls -A";
ll = "ls -lh";
lla = "ls -lAh";
h = "hx";
g = "git";
cd = "z";
tree = "eza --tree";
".." = "cd ..";
"..." = "cd ../..";
};
in
{
imports = [
self.homeManagerModules.dotfiles
];
home.packages = with pkgs; [
age
age-plugin-yubikey
bottom
btop
comma
@@ -20,8 +36,11 @@
eza
fd
glow
jjui
lazygit
nh
passage
rage
ripgrep
skim
tealdeer
@@ -41,18 +60,12 @@
programs.zsh = {
enable = true;
syntaxHighlighting.enable = true;
shellAliases = {
ls = "eza";
lsa = "ls -A";
ll = "ls -lh";
lla = "ls -lAh";
h = "hx";
g = "git";
cd = "z";
tree = "eza --tree";
".." = "cd ..";
"..." = "cd ../..";
};
inherit shellAliases;
};
programs.fish = {
enable = true;
inherit shellAliases;
};
xdg.configFile."git".source = "${config.dotfiles.path}/.config/git";

1
home-manager/desktop/default.nix
View File

@@ -10,7 +10,6 @@
home.packages = with pkgs; [
discord
seahorse
wofi-emoji
];
home.pointerCursor = {

32
home-manager/desktop/sway.nix
View File

@@ -1,32 +0,0 @@
{
self,
config,
pkgs,
...
}:
{
imports = [
self.homeManagerModules.dotfiles
./wayland.nix
];
home.packages = with pkgs; [
tofi
i3status-rust
wlsunset
kanshi
grim
slurp
playerctl
swaybg
];
xdg.configFile = {
"sway".source = "${config.dotfiles.path}/.config/sway";
"swaylock".source = "${config.dotfiles.path}/.config/swaylock";
"swayidle".source = "${config.dotfiles.path}/.config/swayidle";
"kanshi".source = "${config.dotfiles.path}/.config/kanshi";
"i3status-rust".source = "${config.dotfiles.path}/.config/i3status-rust";
"tofi/config".source = "${config.dotfiles.path}/.config/tofi/config";
};
}

3
home-manager/desktop/terminal.nix
View File

@@ -15,8 +15,7 @@
];
programs.alacritty.enable = true;
xdg.configFile."alacritty/alacritty.toml".source =
"${config.dotfiles.path}/.config/alacritty/alacritty.toml";
xdg.configFile."alacritty".source = "${config.dotfiles.path}/.config/alacritty";
xdg.configFile."ghostty/config".source = "${config.dotfiles.path}/.config/ghostty/config";
}

5
home-manager/dev.nix
View File

@@ -9,6 +9,7 @@
./cli.nix
./helix.nix
self.homeManagerModules.dotfiles
self.inputs.direnv-instant.homeModules.direnv-instant
];
home.packages = with pkgs; [
@@ -24,7 +25,7 @@
radicle-tui
typescript-language-server
nil # Nix language server
nixfmt-rfc-style
nixfmt
nixpkgs-review
];
@@ -34,6 +35,8 @@
nix-direnv.enable = true;
};
programs.direnv-instant.enable = true;
xdg.configFile."hut/config".source = "${config.dotfiles.path}/.config/hut/config";
home.file.".ssh/config".source = "${config.dotfiles.path}/.ssh/config";
}

43
home-manager/mail/default.nix
View File

@@ -1,4 +1,7 @@
{ config, ... }:
let
pass = "passage";
in
{
programs.thunderbird = {
enable = true;
@@ -9,24 +12,44 @@
};
};
programs.aerc = {
enable = true;
# safe since the accounts file just contains commands for retrieving passwords and is readonly in the nix store
extraConfig.general.unsafe-accounts-conf = true;
};
accounts.email.accounts = {
"rpqt@rpqt.fr" = {
"rpqt@rpqt.fr" = rec {
address = "rpqt@rpqt.fr";
realName = "Romain Paquet";
primary = true;
flavor = "migadu.com";
thunderbird.enable = config.programs.thunderbird.enable;
aerc.enable = config.programs.aerc.enable;
passwordCommand = [
pass
"show"
"mail/${address}"
];
folders.inbox = "INBOX";
};
"admin@rpqt.fr" = {
"admin@rpqt.fr" = rec {
address = "admin@rpqt.fr";
aliases = [ "postmaster@rpqt.fr" ];
realName = "Postmaster";
flavor = "migadu.com";
thunderbird.enable = config.programs.thunderbird.enable;
aerc.enable = config.programs.aerc.enable;
passwordCommand = [
pass
"show"
"mail/${address}"
];
folders.inbox = "INBOX";
};
"romain.paquet@grenoble-inp.org" = {
"romain.paquet@grenoble-inp.org" = rec {
address = "romain.paquet@grenoble-inp.org";
realName = "Romain Paquet";
userName = "romain.paquet@grenoble-inp.org";
@@ -39,14 +62,26 @@
port = 465;
};
thunderbird.enable = config.programs.thunderbird.enable;
aerc.enable = config.programs.aerc.enable;
passwordCommand = [
pass
"show"
"mail/${address}"
];
folders.inbox = "INBOX";
};
"admin@turifer.dev" = {
"admin@turifer.dev" = rec {
address = "admin@turifer.dev";
aliases = [ "postmaster@turifer.dev" ];
realName = "Postmaster";
flavor = "migadu.com";
thunderbird.enable = config.programs.thunderbird.enable;
aerc.enable = config.programs.aerc.enable;
passwordCommand = [
pass
"mail/${address}"
];
};
"romain@student.agh.edu.pl" = {

4
home/.config/alacritty/alacritty.toml
View File

@@ -1,6 +1,6 @@
[general]
live_config_reload = false
import = ["~/.config/alacritty/themes/kanagawa_wave.toml"]
live_config_reload = true
import = ["~/.config/alacritty/themes/default_light.toml"]
[font]
size = 14

33
home/.config/alacritty/themes/default_light.toml Normal file
View File

@@ -0,0 +1,33 @@
# Colors (Builtin Light)
[colors.bright]
black = '#555555'
blue = '#5555ff'
cyan = '#22cccc'
green = '#2fd92f'
magenta = '#ff55ff'
red = '#ff5555'
white = '#ffffff'
yellow = '#bfbf15'
[colors.cursor]
cursor = '#000000'
text = '#ffffff'
[colors.normal]
black = '#000000'
blue = '#0000bb'
cyan = '#00bbbb'
green = '#00bb00'
magenta = '#bb00bb'
red = '#bb0000'
white = '#bbbbbb'
yellow = '#bbbb00'
[colors.primary]
background = '#ffffff'
foreground = '#000000'
[colors.selection]
background = '#b5d5ff'
text = '#000000'

29
home/.config/dotfiles/clone.sh
View File

@@ -1,29 +0,0 @@
#!/bin/sh
DOTFILES_GIT_URL='git@git.sr.ht:~rpqt/dotfiles'
# The first argument can be the destination folder
if [ $# -eq 1 ]; then
DOTFILES_DIR="$1"
else
DOTFILES_DIR="$HOME/.dotfiles"
fi
echo "$DOTFILES_DIR" >> "$HOME/.gitignore"
git clone --bare "$DOTFILES_GIT_URL" "$DOTFILES_DIR"
alias dotfiles='/usr/bin/git --git-dir=$DOTFILES_DIR --work-tree=$HOME'
dotfiles config --local status.showUntrackedFiles no
dotfiles checkout
tee "$HOME/.config/git/config" >/dev/null <<EOT
[include]
path = ~/.config/git/common.gitconfig
path = ~/.config/git/local.gitconfig
EOT
unset DOTFILES_DIR
unset DOTFILES_GIT_URL

4
home/.config/helix/languages.toml
View File

@@ -58,3 +58,7 @@ auto-format = true
[[language]]
name = "vento"
indent = { tab-width = 2, unit = "\t" }
[[language]]
name = "ocaml"
auto-format = true

6
home/.config/i3bar-river/bottom-config.toml
View File

@@ -1,6 +0,0 @@
font = "JetBrains Mono NF Bold 12"
height = 24
background = "#000000"
command = "i3status-rs ~/.config/i3status-rust/bottom-config.toml"
position = "bottom"
show_tags = false

10
home/.config/i3bar-river/config.toml
View File

@@ -1,10 +0,0 @@
font = "JetBrains Mono NF Bold 12"
height = 24
background = "#000000"
command = "i3status-rs"
tags_margin = 0.0
tags_padding = 8.0
tag_fg = "#727169"
tag_bg = "#000000"
tag_focused_fg = "#dcd7ba"
tag_focused_bg = "#000000"

5
home/.config/kanshi/config
View File

@@ -1,5 +0,0 @@
profile mirror-hdmi {
output eDP-1 enable mode 1920x1080 position 0,0
output HDMI-A-1 enable mode 1920x1080 position 1920,0
exec wl-present mirror eDP-1 --fullscreen-output HDMI-A-1 --fullscreen
}

4
home/.config/niri/config.kdl
View File

@@ -25,6 +25,9 @@ input {
focus-follows-mouse max-scroll-amount="0%"
}
workspace "browser" {
}
output "eDP-1" {
mode "1920x1080@60.049"
scale 1
@@ -72,6 +75,7 @@ cursor {
window-rule {
match app-id=r#"^firefox$"#
open-maximized true
open-on-workspace "browser"
focus-ring {
off
}

2
home/.config/sway/config
View File

@@ -1,2 +0,0 @@
include ~/.config/sway/config.d/*
include /etc/sway/config.d/*

37
home/.config/sway/config.d/bar
View File

@@ -1,37 +0,0 @@
include ~/.config/sway/kanagawa.sway
set $font "JetBrains Mono NF Bold 12"
set $background #000000
bar {
id top_bar
status_command i3status-rs
position top
height 24
font $font
workspace_min_width 20
status_padding 0
status_edge_padding 0
colors {
background $background
focused_workspace #000000 #000000 $fujiWhite
active_workspace #000000 #000000 $fujiGray
inactive_workspace #000000 #000000 $fujiGray
}
}
bar {
id bottom_bar
status_command i3status-rs ~/.config/i3status-rust/bottom-config.toml
position bottom
height 24
font $font
workspace_buttons no
binding_mode_indicator no
tray_output none
colors {
background $background
}
}
# vim:ft=swayconfig

169
home/.config/sway/config.d/bindings
View File

@@ -1,169 +0,0 @@
set $mod Mod4
set $left h
set $down j
set $up k
set $right l
set $term alacritty msg create-window || alacritty
set $launcher tofi-drun | xargs swaymsg exec --
set $lock swaylock
set $screenshots $HOME/Pictures/Screenshots
floating_modifier $mod normal
bindsym {
# Start a terminal
$mod+Return exec $term
# Kill focused window
$mod+Shift+q kill
$mod+w kill
# Application launcher
$mod+d exec $launcher
# Reload the configuration file
$mod+Shift+c reload
# Exit sway / log out
$mod+Shift+e exec swaynag \
-t warning \
-m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' \
-B 'Yes, exit sway' 'swaymsg exit' \
--dismiss-button 'Cancel'
# Move focus
$mod+$left focus left
$mod+$down focus down
$mod+$up focus up
$mod+$right focus right
$mod+Left focus left
$mod+Down focus down
$mod+Up focus up
$mod+Right focus right
# Move the focused window
$mod+Shift+$left move left
$mod+Shift+$down move down
$mod+Shift+$up move up
$mod+Shift+$right move right
$mod+Shift+Left move left
$mod+Shift+Down move down
$mod+Shift+Up move up
$mod+Shift+Right move right
--to-code {
# Switch to workspace
$mod+ampersand workspace number 1
$mod+eacute workspace number 2
$mod+quotedbl workspace number 3
$mod+apostrophe workspace number 4
$mod+parenleft workspace number 5
$mod+minus workspace number 6
$mod+egrave workspace number 7
$mod+underscore workspace number 8
$mod+ccedilla workspace number 9
$mod+agrave workspace number 10
}
# Move focused container to workspace
$mod+1 move container to workspace number 1
$mod+2 move container to workspace number 2
$mod+3 move container to workspace number 3
$mod+4 move container to workspace number 4
$mod+5 move container to workspace number 5
$mod+6 move container to workspace number 6
$mod+7 move container to workspace number 7
$mod+8 move container to workspace number 8
$mod+9 move container to workspace number 9
$mod+0 move container to workspace number 10
$mod+Shift+1 move container to workspace number 1
$mod+Shift+2 move container to workspace number 2
$mod+Shift+3 move container to workspace number 3
$mod+Shift+4 move container to workspace number 4
$mod+Shift+5 move container to workspace number 5
$mod+Shift+6 move container to workspace number 6
$mod+Shift+7 move container to workspace number 7
$mod+Shift+8 move container to workspace number 8
$mod+Shift+9 move container to workspace number 9
$mod+Shift+0 move container to workspace number 10
# Split
$mod+b splith
$mod+v splitv
# Switch the current container between different layout styles
$mod+s layout stacking
$mod+t layout tabbed
$mod+m layout toggle split
# Toggle fullscreen on the current focus
$mod+f fullscreen
# Toggle floating mode for current container
$mod+Shift+f floating toggle
# Move focus to the parent container
$mod+a focus parent
# Move the focused window to the scratchpad
$mod+Shift+equal move scratchpad
# Cycle through scratchpad windows
$mod+equal scratchpad show
# Volume
XF86AudioRaiseVolume exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ -l 1.0
XF86AudioLowerVolume exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%- -l 1.0
XF86AudioMute exec wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle
XF86AudioMicMute exec wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle
# Media
XF86AudioPlay exec playerctl play-pause
XF86AudioNext exec playerctl next
XF86AudioPrev exec playerctl previous
XF86Search exec $launcher
# Brightness
--locked {
XF86MonBrightnessDown exec brightnessctl set 5%-
XF86MonBrightnessUp exec brightnessctl set +5%
}
# Lock
Ctrl+Mod4+L exec $lock
# Screenshot
## Full screen capture
Print exec grim "$screenshots/$(date +\"Screenshot from %Y-%m-%d %H-%M-%S.png\")"
## Select a zone and save
$mod+Shift+s exec grim -g "$(slurp -d)" "$screenshots/$(date +\"Screenshot from %Y-%m-%d %H-%M-%S.png\")"
## Select a zone and copy to clipboard
$mod+Shift+Ctrl+s exec grim -g "$(slurp -d)" - | wl-copy
}
mode "resize" bindsym {
# Shrink or grow the container
$left resize shrink width 10px
$down resize grow height 10px
$up resize shrink height 10px
$right resize grow width 10px
# Same with arrow keys
Left resize shrink width 10px
Down resize grow height 10px
Up resize shrink height 10px
Right resize grow width 10px
# Return to default mode
Return mode "default"
Escape mode "default"
}
bindsym $mod+r mode "resize"

17
home/.config/sway/config.d/input
View File

@@ -1,17 +0,0 @@
input "1267:12613:ASUE140C:00_04F3:3145_Keyboard" {
xkb_layout "fr,us(colemak_dh),us"
xkb_options grp:win_space_toggle
}
input "1:1:AT_Translated_Set_2_keyboard" {
xkb_layout "fr,us(colemak_dh),us"
xkb_options grp:win_space_toggle
}
input type:touchpad {
tap enabled
natural_scroll enabled
}
bindgesture swipe:right workspace prev
bindgesture swipe:left workspace next

16
home/.config/sway/config.d/programs
View File

@@ -1,16 +0,0 @@
# Directory for received taildrop files
set $taildrop_inbox $HOME/Downloads
# Screen temperature
exec wlsunset -l 45 -L 6
# Notifications
exec mako
# Output management
exec kanshi
# Auto receive taildrop files
exec tailscale file get --loop --conflict=rename $taildrop_inbox
exec swayidle -w

22
home/.config/sway/config.d/theme
View File

@@ -1,22 +0,0 @@
include ~/.config/sway/kanagawa.sway
default_border pixel 3
smart_borders on
titlebar_border_thickness 2
font "JetBrains Mono NF 11"
gaps outer 0
gaps inner 0
set $waveBlue3 #3D5F77
set $waveBlue4 #6D8FA7
# class border background text indicator child_border
client.focused_inactive $sumiInk2 $sumiInk1 $fujiWhite $sumiInk2 $sumiInk2
client.unfocused $sumiInk2 $sumiInk1 $fujiWhite $sumiInk2 $sumiInk2
client.focused $waveBlue3 $waveBlue2 $fujiWhite $waveBlue4 $waveBlue2
client.focused_tab_title $waveBlue2 $waveBlue2 $fujiWhite
for_window [app_id="firefox"] border none
output * bg ~/.local/state/wallpaper fill

110
home/.config/sway/kanagawa.sway
View File

@@ -1,110 +0,0 @@
# Default foreground
set $fujiWhite #DCD7BA
# Dark foreground (statuslines)
set $oldWhite #C8C093
# Dark background (statuslines and floating windows)
set $sumiInk0 #16161D
# Default background
set $sumiInk1 #1F1F28
# Lighter background (colorcolumn, folds)
set $sumiInk2 #2A2A37
# Lighter background (cursorline)
set $sumiInk3 #363646
# Darker foreground (line numbers, fold column, non-text characters), float borders
set $sumiInk4 #54546D
# Popup background, visual selection background
set $waveBlue1 #223249
# Popup selection background, search background
set $waveBlue2 #2D4F67
# Diff Add (background)
set $winterGreen #2B3328
# Diff Change (background)
set $winterYellow #49443C
# Diff Deleted (background)
set $winterRed #43242B
# Diff Line (background)
set $winterBlue #252535
# Git Add
set $autumnGreen #76946A
# Git Delete
set $autumnRed #C34043
# Git Change
set $autumnYellow #DCA561
# Diagnostic Error
set $samuraiRed #E82424
# Diagnostic Warning
set $roninYellow #FF9E3B
# Diagnostic Info
set $waveAqua1 #6A9589
# Diagnostic Hint
set $dragonBlue #658594
# Comments
set $fujiGray #727169
# Light foreground
set $springViolet1 #938AA9
# Statements and Keywords
set $oniViolet #957FB8
# Functions and Titles
set $crystalBlue #7E9CD8
# Brackets and punctuation
set $springViolet2 #9CABCA
# Specials and builtin functions
set $springBlue #7FB4CA
# Not used
set $lightBlue #A3D4D5
# Types
set $waveAqua2 #7AA89F
# Strings
set $springGreen #98BB6C
# Not used
set $boatYellow1 #938056
# Operators, RegEx
set $boatYellow2 #C0A36E
# Identifiers
set $carpYellow #E6C384
# Numbers
set $sakuraPink #D27E99
# Standout specials 1 (builtin variables)
set $waveRed #E46876
# Standout specials 2 (exception handling, return)
set $peachRed #FF5D62
# Constants, imports, booleans
set $surimiOrange #FFA066
# Deprecated
set $katanaGray #717C7C

10
home/.config/swayidle/config
View File

@@ -1,10 +0,0 @@
# This will lock the screen after 300 seconds of inactivity.
timeout 300 "swaylock -f"
# Turn off all displays after another 300 seconds.
# and turn them back on when resumed.
timeout 600 "swaymsg 'output * dpms off'" resume "swaymsg 'output * dpms on'"
# Lock the screen before the computer goes to sleep.
before-sleep "playerctl pause"
before-sleep "swaylock -f"

29
home/.config/swaylock/config
View File

@@ -1,29 +0,0 @@
daemonize
font=JetBrains Mono NF
font-size=22
image=~/.local/state/wallpaper
ring-color=FFFFFF55
ring-clear-color=FFFFFF55
ring-ver-color=1885d4
ring-wrong-color=FF0000
key-hl-color=FFFFFF
inside-color=00000000
inside-clear-color=00000000
inside-ver-color=00000000
inside-wrong-color=00000000
line-uses-inside
separator-color=00000000
layout-bg-color=00000000
layout-text-color=FFFFFF
text-color=FFFFFF
text-clear-color=FFFFFF
text-ver-color=FFFFFF
text-wrong-color=FFFFFF
indicator-radius=100

4
home/.config/task/taskrc
View File

@@ -1,4 +0,0 @@
data.location=~/.local/share/task
hooks.location=~/.config/task/hooks
include ~/.config/task/sync

176
home/.config/tofi/config
View File

@@ -1,176 +0,0 @@
#
### Fonts
#
# Font to use, either a path to a font file or a name.
#
# If a path is given, tofi will startup much quicker, but any
# characters not in the chosen font will fail to render.
#
# Otherwise, fonts are interpreted in Pango format.
font = "JetBrainsMono NF"
# Point size of text.
font-size = 15
# Perform font hinting. Only applies when a path to a font has been
# specified via `font`. Disabling font hinting speeds up text
# rendering appreciably, but will likely look poor at small font pixel
# sizes.
hint-font = true
#
### Colors
#
# Window background
background-color = #111111DD
# Border outlines
outline-color = #080800
# Border
border-color = #0981E3
# Default text
text-color = #C5C9C7
# Selection text
selection-color = #0981E3
# Matching portion of selection text
selection-match-color = #44BBFF
# Selection background
selection-background = #00000000
#
### Text layout
#
# Prompt to display.
prompt-text = "run: "
# Extra horizontal padding between prompt and input.
prompt-padding = 0
# Maximum number of results to display.
# If 0, tofi will draw as many results as it can fit in the window.
num-results = 0
# Spacing between results in pixels. Can be negative.
result-spacing = 8
# List results horizontally.
horizontal = false
# Minimum width of input in horizontal mode.
min-input-width = 0
# Extra horizontal padding of the selection background in pixels.
selection-background-padding = 0
#
### Window layout
#
# Width and height of the window. Can be pixels or a percentage.
width = 100%
height = 100%
# Width of the border outlines in pixels.
outline-width = 0
# Width of the border in pixels.
border-width = 0
# Radius of window corners in pixels.
corner-radius = 0
# Padding between borders and text. Can be pixels or a percentage.
padding-top = 200
padding-bottom = 0
padding-left = 35%
padding-right = 0
# Whether to scale the window by the output's scale factor.
scale = true
#
### Window positioning
#
# The name of the output to appear on. An empty string will use the
# default output chosen by the compositor.
output = ""
# Location on screen to anchor the window to.
#
# Supported values: top-left, top, top-right, right, bottom-right,
# bottom, bottom-left, left, center.
anchor = center
# Set the size of the exclusive zone.
#
# A value of -1 means ignore exclusive zones completely.
# A value of 0 will move tofi out of the way of other windows' zones.
# A value greater than 0 will set that much space as an exclusive zone.
#
# Values greater than 0 are only meaningful when tofi is anchored to a
# single edge.
exclusive-zone = -1
# Window offset from edge of screen. Only has an effect when anchored
# to the relevant edge. Can be pixels or a percentage.
margin-top = 0
margin-bottom = 0
margin-left = 0
margin-right = 0
#
### Behaviour
#
# Hide the cursor.
hide-cursor = false
# Sort results by number of usages in run and drun modes.
history = true
# Use fuzzy matching for searches.
fuzzy-match = false
# If true, require a match to allow a selection to be made. If false,
# making a selection with no matches will print input to stdout.
# In drun mode, this is always true.
require-match = true
# If true, typed input will be hidden, and what is displayed (if
# anything) is determined by the hidden-character option.
hide-input = false
# Replace displayed input characters with a character. If the empty
# string is given, input will be completely hidden.
# This option only has an effect when hide-input is set to true.
hidden-character = "*"
# If true, directly launch applications on selection when in drun mode.
# Otherwise, just print the command line to stdout.
drun-launch = false
# The terminal to run terminal programs in when in drun mode.
# This option has no effect if drun-launch is set to true.
# Defaults to the value of the TERMINAL environment variable.
# terminal = foot
# Delay keyboard initialisation until after the first draw to screen.
# This option is experimental, and will cause tofi to miss keypresses
# for a short time after launch. The only reason to use this option is
# performance on slow systems.
late-keyboard-init = false
# If true, allow multiple simultaneous processes.
# If false, create a lock file on startup to prevent multiple instances
# from running simultaneously.
multi-instance = false
#
### Inclusion
#
# Configs can be split between multiple files, and then included
# within each other.
# include = /path/to/config

6
home/.ssh/config
View File

@@ -1,11 +1,11 @@
Host crocus
HostName crocus.home.rpqt.fr
HostName crocus.val
User root
Host verbena
HostName verbena.home.rpqt.fr
HostName verbena.val
User root
Host genepi
HostName genepi.home.rpqt.fr
HostName genepi.val
User root

18
home/bin/switch-helix-theme.sh
View File

@@ -6,10 +6,24 @@ HELIX_CONFIG_PATH=$(readlink -f "${HOME}/.config/helix/config.toml")
HELIX_THEME_LIGHT="zed_onelight"
HELIX_THEME_DARK="kanagawa"
ALACRITTY_CONFIG_PATH=$(readlink -f "${HOME}/.config/alacritty/alacritty.toml")
ALACRITTY_THEME_LIGHT="default_light"
ALACRITTY_THEME_DARK="kanagawa_wave"
set_helix_theme() {
sed -i "s/^theme .*/theme = \"$1\"/" "$HELIX_CONFIG_PATH"
}
set_alacritty_theme() {
sed -i "s/^import .*/import = \[\"\~\/\.config\/alacritty\/themes\/$1\.toml\"\]/" "$ALACRITTY_CONFIG_PATH"
}
if [[ "$2" == "prefer-dark" ]]; then
sed -i "s/^theme .*/theme = \"$HELIX_THEME_DARK\"/" "$HELIX_CONFIG_PATH"
set_helix_theme "$HELIX_THEME_DARK"
sey_alacritty_theme "$HELIX_THEME_DARK"
else
sed -i "s/^theme .*/theme = \"$HELIX_THEME_LIGHT\"/" "$HELIX_CONFIG_PATH"
set_helix_theme "$HELIX_THEME_LIGHT"
set_alacritty_theme "$HELIX_THEME_LIGHT"
fi
pkill -USR1 hx || true

77
infra/.terraform.lock.hcl generated
View File

@@ -1,83 +1,16 @@
# This file is maintained automatically by "tofu init".
# Manual edits may be lost in future updates.
provider "registry.opentofu.org/go-gandi/gandi" {
version = "2.3.0"
constraints = "2.3.0"
provider "registry.opentofu.org/hashicorp/external" {
version = "2.3.5"
hashes = [
"h1:9kqWL+eFk/ogrQSltL9zVqjMcOqbvs3EgIJEeyNPb8U=",
"zh:0936d011cf75bb5162c6027d00575a586807adc9008f4152def157b6ad22bae9",
"zh:2170e671f04d3346ea416fcc404be6d05f637eab7df77e289a6898a928885f0b",
"zh:250329baae3cb09cfb88dd004d45f003ba76fbe7b8daf9d18fd640b93a2b7252",
"zh:2ccd9f253424738ca5fbbcb2127bf3713c20e87bfb3829f8c4565569424fd0bd",
"zh:3607b48bc4691cd209528f9ffe16a6cc666bd284b0d0bdfe8c4e1d538559a408",
"zh:3bc1d2b770fe0f50027da59c405b2468d1322243235367014f75f765124f458d",
"zh:6c8a9092847ee2e2890825432b54424c456638d494e49b7d1845f055214714f5",
"zh:8e0b62a330876005d52bcd65d7b1d9a679a7ac79c626e0f86661519e8f9b5698",
"zh:8f44f4d52583ff249e2001ea2a8b8841010489dd43e1a01a9ec3a6813d121c28",
"zh:9a617927d4a3a2897ff10999a19a6d1f0ef634b8c6b8fc3be12cf53948cfd9cf",
"zh:cab3c82c54e38e6001eed5b80a2d16b7824921f8f8b3909049e174c48e6e8804",
"zh:f78cc685aa4ba5056ea53a7f8ce585f87a911f0a8a387a44a33d7dfb69db7663",
]
}
provider "registry.opentofu.org/hashicorp/assert" {
version = "0.16.0"
hashes = [
"h1:2jeV46S9jN2rk0GXOa+HGNlVvyWzaB3wz0T65elbjOc=",
"zh:3c04d08d1bb4ae810b7972a219c8dd42a8ab901a9bc25197b250c38f3fa57033",
"zh:46119bcc47b545809c0ee873a72d44f4f875cca4d7228605f5c7a8956a5e7d55",
"zh:511949ee8a6ac8ff7296b4c9778deb2aec2783f5b85c4f27382a3b623fc50a4a",
"zh:b4ebb8b832bae26443880d2e17493f754495db2d6c3f02c6d0070cbf5ae21598",
"zh:bebed6c1873871eb824103f08e72055c077f01b10a40944760d19ffdd721d9ab",
"zh:e412855fd2fd81e0a847e45308bdbac99995315c503fdddf262ee59e1b7c5263",
"zh:ed47c4fe28c6f148f11fa4098516abea008c49fa670c3cedd2ff94596cac0831",
"zh:edee914b1d12ac6db241a1fecaa5186c47f361f4ceb2deb23ad45d67bf95c7b1",
"zh:eff5b2e1c2128217bdbc600eda4fe011831e5c655bf4acd84b6495fc20d128d3",
"zh:ff64424784171a3361b1ea95d8cef334ec1c4a395812edd0a77a1ed6b4119b0f",
"h1:en/2hMK/W/2hKtsEkbxGiiYwi/pSPS/UoGDILHIHjmw=",
]
}
provider "registry.opentofu.org/hetznercloud/hcloud" {
version = "1.52.0"
constraints = "~> 1.45"
version = "1.58.0"
hashes = [
"h1:LTjrLuC+4F1Kv4TxS9e7LVVkG8/S4QQ7X4ORblvKTbc=",
"zh:1e9bb6b6a2ea5f441638dbae2d60fbe04ff455f58a18c740b8b7913e2197d875",
"zh:29c122e404ba331cfbadacc7f1294de5a31c9dfd60bdfe3e1b402271fc8e419c",
"zh:2bd0ae2f0bb9f16b7753f59a08e57ac7230f9c471278d7882f81406b9426c8c7",
"zh:4383206971873f6b5d81580a9a36e0158924f5816ebb6206b0cf2430e4e6a609",
"zh:47e2ca1cfa18500e4952ab51dc357a0450d00a92da9ea03e452f1f3efe6bbf75",
"zh:8e9fe90e3cea29bb7892b64da737642fc22b0106402df76c228a3cbe99663278",
"zh:a2d69350a69c471ddb63bcc74e105e585319a0fc0f4d1b7f70569f6d2ece5824",
"zh:a97abcc254e21c294e2d6b0fc9068acfd63614b097dda365f1c56ea8b0fd5f6b",
"zh:aba8d72d4fe2e89c922d5446d329e5c23d00b28227b4666e6486ba18ea2ec278",
"zh:ad36c333978c2d9e4bc43dcadcbff42fe771a8c5ef53d028bcacec8287bf78a7",
"zh:cdb1e6903b9d2f0ad8845d4eb390fbe724ee2435fb045baeab38d4319e637682",
"zh:df77b08757f3f36b8aadb33d73362320174047044414325c56a87983f48b5186",
"zh:e07513d5ad387247092b5ae1c87e21a387fc51873b3f38eee616187e38b090a7",
"zh:e2be02bdc59343ff4b9e26c3b93db7680aaf3e6ed13c8c4c4b144c74c2689915",
]
}
provider "registry.opentofu.org/ovh/ovh" {
version = "2.5.0"
constraints = "2.5.0"
hashes = [
"h1:CrmFEWjczVhLWc2qzOktKSu8Q0U78uV8fnSHo54lMQg=",
"zh:1a11c3bc191c3417b41af5c56a66ac7071980f7babb390096b43aab3ac60fe7c",
"zh:1d46fa7c37468becb01d117463838f694a093e58a9b7d28347db2c377933db76",
"zh:22b83b15e878a9627477fe49e03dada3f4cd4357cb91cdb621394da690238542",
"zh:316541fc8bbf2fe14f4a484d878c63e4b949bd21a352e0ebf60d4848c96a338e",
"zh:50e72847a4b1d532e7abd5669408832ac1b49dcfda266378b8e2419d97f0f49a",
"zh:7582c8630edb3e83642e7a4b06fababeaf4833ce622c71220c38724d0e0231af",
"zh:a26714d6bd8e04acbbc94c708b151405c4b6fc20dc7060e0daef8395f1bb9ce0",
"zh:aa8be95462c5ca909c923cc3d44636eccc71cb25b51572fe7e2f68bc93c57612",
"zh:b520c0661c514586b2aa3105c4345eda4d34ef08b62fda2cc20a2bcb8cb88ab2",
"zh:be8125f1b6bc8aa93441ec9dd96db5f49d21b4dcc100c13028404b461da545c9",
"zh:c6aab9b6b04fa8483aa10c194eaab8e4a1fbffc64ad495f5027d496e5b2da214",
"zh:d537d85afc71c51d86b1031586c619c503df9462e0240d94984bc32273a03df2",
"zh:eaa9f41d33fa7731c4a937e80554a1b6b2042d273705e4c8fc983ba251193206",
"zh:f0d085065a0ada787ad080ddd6e7c646b8ca3a351712961de735d18c9d59af7c",
"h1:6C2LNEvCyGPyWgALDAFTNbRp+5Iuikd4Ju1Xejh+aeg=",
]
}

24
infra/base.nix Normal file
View File

@@ -0,0 +1,24 @@
{
config,
lib,
pkgs,
...
}:
{
terraform.required_providers.hcloud.source = "hetznercloud/hcloud";
data.external.hcloud-token = {
program = [
(lib.getExe (
pkgs.writeShellApplication {
name = "get-clan-secret";
text = ''
jq -n --arg secret "$(clan secrets get hcloud-token)" '{"secret":$secret}'
'';
}
))
];
};
provider.hcloud.token = config.data.external.hcloud-token "result.secret";
}

68
infra/crocus.tf
View File

@@ -1,68 +0,0 @@
resource "hcloud_server" "crocus_server" {
name = "crocus"
server_type = "cx22"
datacenter = "nbg1-dc3"
image = "ubuntu-20.04"
firewall_ids = [hcloud_firewall.crocus_firewall.id]
public_net {
ipv4 = hcloud_primary_ip.crocus_ipv4.id
}
}
resource "hcloud_primary_ip" "crocus_ipv4" {
name = "crocus_ipv4"
type = "ipv4"
datacenter = "nbg1-dc3"
assignee_type = "server"
auto_delete = true
}
resource "hcloud_firewall" "crocus_firewall" {
name = "crocus-firewall"
rule {
direction = "in"
protocol = "icmp"
source_ips = ["0.0.0.0/0", "::/0"]
}
rule {
direction = "in"
protocol = "tcp"
port = "22"
source_ips = ["0.0.0.0/0", "::/0"]
}
rule {
direction = "in"
protocol = "tcp"
port = "22"
source_ips = ["0.0.0.0/0", "::/0"]
}
rule {
direction = "in"
protocol = "tcp"
port = "80"
source_ips = ["0.0.0.0/0", "::/0"]
}
rule {
direction = "in"
protocol = "tcp"
port = "443"
source_ips = ["0.0.0.0/0", "::/0"]
}
# radicle-node
rule {
direction = "in"
protocol = "tcp"
port = "8776"
source_ips = ["0.0.0.0/0", "::/0"]
}
}
output "crocus_ipv4" {
value = hcloud_primary_ip.crocus_ipv4.ip_address
}

20
infra/dns.nix Normal file
View File

@@ -0,0 +1,20 @@
{ config, ... }:
{
resource.hcloud_zone.rpqt_fr = {
name = "rpqt.fr";
mode = "primary";
};
resource.hcloud_zone.turifer_dev = {
name = "turifer.dev";
mode = "primary";
};
output.rpqt_fr_zone_name = {
value = config.resource.hcloud_zone.rpqt_fr "name";
};
output.turifer_dev_zone_name = {
value = config.resource.hcloud_zone.turifer_dev "name";
};
}

66
infra/dns.tf
View File

@@ -1,66 +0,0 @@
data "gandi_livedns_domain" "rpqt_fr" {
name = "rpqt.fr"
}
resource "gandi_livedns_record" "rpqt_fr_radicle_a" {
zone = data.gandi_livedns_domain.rpqt_fr.id
name = "radicle"
type = "A"
ttl = 10800
values = [
hcloud_server.crocus_server.ipv4_address,
]
}
resource "gandi_livedns_record" "rpqt_fr_radicle_aaaa" {
zone = data.gandi_livedns_domain.rpqt_fr.id
name = "radicle"
type = "AAAA"
ttl = 10800
values = [
hcloud_server.crocus_server.ipv6_address,
]
}
resource "gandi_livedns_record" "rpqt_fr_cloud_a" {
zone = data.gandi_livedns_domain.rpqt_fr.id
name = "cloud"
type = "A"
ttl = 10800
values = local.verbena_ipv4_addresses
}
resource "gandi_livedns_record" "rpqt_fr_cloud_aaaa" {
zone = data.gandi_livedns_domain.rpqt_fr.id
name = "cloud"
type = "AAAA"
ttl = 10800
values = local.verbena_ipv6_addresses
}
data "ovh_vps" "verbena_vps" {
service_name = "vps-7e78bac2.vps.ovh.net"
}
data "ovh_domain_zone" "turifer_dev" {
name = "turifer.dev"
}
resource "ovh_domain_zone_import" "turifer_dev_import" {
zone_name = "turifer.dev"
zone_file = local.turifer_dev_zone_file
}
locals {
verbena_ipv4_addresses = [for ip in data.ovh_vps.verbena_vps.ips : ip if provider::assert::ipv4(ip)]
verbena_ipv6_addresses = [for ip in data.ovh_vps.verbena_vps.ips : ip if provider::assert::ipv6(ip)]
turifer_dev_zone_file = templatefile("./templates/turifer.dev.zone", {
crocus_ipv4_address = hcloud_server.crocus_server.ipv4_address
crocus_ipv6_address = hcloud_server.crocus_server.ipv6_address
verbena_ipv4_addresses = local.verbena_ipv4_addresses
verbena_ipv6_addresses = local.verbena_ipv6_addresses
})
}

24
infra/flake-module.nix
View File

@@ -1,7 +1,28 @@
{ self, ... }:
{
perSystem =
{ pkgs, ... }:
{
terranix.terranixConfigurations.infra = {
terraformWrapper.package = pkgs.opentofu.withPlugins (p: [
p.hashicorp_external
p.hetznercloud_hcloud
]);
extraArgs = { inherit (self) infra; };
modules = [
./base.nix
./dns.nix
./mail.nix
./radicle.nix
./web.nix
];
};
};
flake.infra =
let
tf_outputs = builtins.fromJSON (builtins.readFile ../infra/outputs.json);
tf_outputs = builtins.fromJSON (builtins.readFile ./outputs.json);
in
{
machines = {
@@ -12,6 +33,7 @@
};
crocus = {
ipv4 = tf_outputs.crocus_ipv4.value;
ipv6 = "2a01:4f8:1c1e:e415::1";
};
};
};

88
infra/lib.nix Normal file
View File

@@ -0,0 +1,88 @@
{ lib, ... }:
let
mkMigaduDkim = zone: name: {
inherit zone;
name = "${name}._domainkey";
type = "CNAME";
records = [
{ value = "${name}.${zone}._domainkey.migadu.com."; }
];
};
in
{
mkMigadu_hcloud_zone_rrset = zone: hostedEmailVerify: {
dkim_1 = mkMigaduDkim zone "key1";
dkim_2 = mkMigaduDkim zone "key2";
dkim_3 = mkMigaduDkim zone "key3";
spf = {
inherit zone;
name = "@";
type = "TXT";
records = [
{
value = lib.tf.ref ''provider::hcloud::txt_record("v=spf1 include:spf.migadu.com -all")'';
}
{
value = lib.tf.ref ''provider::hcloud::txt_record("hosted-email-verify=${hostedEmailVerify}")'';
}
];
};
dmarc = {
inherit zone;
name = "_dmarc";
type = "TXT";
records = [
{
value = lib.tf.ref ''provider::hcloud::txt_record("v=DMARC1; p=quarantine;")'';
}
];
};
mx = {
inherit zone;
name = "@";
type = "MX";
records = [
{ value = "10 aspmx1.migadu.com."; }
{ value = "20 aspmx2.migadu.com."; }
];
};
autoconfig = {
inherit zone;
name = "autoconfig";
type = "CNAME";
records = [ { value = "autoconfig.migadu.com."; } ];
};
autodiscover = {
inherit zone;
name = "_autodiscover._tcp";
type = "SRV";
records = [ { value = "0 1 443 autodiscover.migadu.com."; } ];
};
submissions = {
inherit zone;
name = "_submissions._tcp";
type = "SRV";
records = [ { value = "0 1 465 smtp.migadu.com."; } ];
};
imaps = {
inherit zone;
name = "_imaps._tcp";
type = "SRV";
records = [ { value = "0 1 993 imap.migadu.com."; } ];
};
pop3s = {
inherit zone;
name = "_pop3s._tcp";
type = "SRV";
records = [ { value = "0 1 995 pop.migadu.com."; } ];
};
};
}

15
infra/mail.nix Normal file
View File

@@ -0,0 +1,15 @@
{ config, lib, ... }:
let
inherit (import ./lib.nix { inherit lib; })
mkMigadu_hcloud_zone_rrset
;
rpqt_fr = mkMigadu_hcloud_zone_rrset (config.resource.hcloud_zone.rpqt_fr "name") "pgeaq3bp";
# Prefix resource names with zone name to avoid collision
turifer_dev = lib.mapAttrs' (name: value: lib.nameValuePair "turifer_dev_${name}" value) (
mkMigadu_hcloud_zone_rrset (config.resource.hcloud_zone.turifer_dev "name") "k5z4lcfc"
);
in
{
resource.hcloud_zone_rrset = rpqt_fr // turifer_dev;
}

19
infra/main.tf
View File

@@ -1,19 +0,0 @@
terraform {
required_providers {
gandi = {
source = "go-gandi/gandi"
version = "2.3.0"
}
hcloud = {
source = "hetznercloud/hcloud"
version = "~> 1.45"
}
ovh = {
source = "ovh/ovh"
version = "2.5.0"
}
assert = {
source = "hashicorp/assert"
}
}
}

13
infra/providers.tf
View File

@@ -1,13 +0,0 @@
provider "gandi" {
personal_access_token = var.gandi_token
}
provider "hcloud" {
token = var.hcloud_token
}
provider "ovh" {
endpoint = "ovh-eu"
client_id = var.ovh_client_id
client_secret = var.ovh_client_secret
}

52
infra/radicle.nix Normal file
View File

@@ -0,0 +1,52 @@
{
config,
infra,
lib,
...
}:
{
resource.hcloud_zone_rrset =
let
zone = config.resource.hcloud_zone.rpqt_fr "name";
in
{
radicle_a = {
inherit zone;
name = "radicle";
type = "A";
records = [ { value = infra.machines.crocus.ipv4; } ];
};
radicle_aaaa = {
inherit zone;
name = "radicle";
type = "AAAA";
records = [ { value = infra.machines.crocus.ipv6; } ];
};
radicles_srv = {
inherit zone;
name = "seed._radicle-node._tcp";
type = "SRV";
records = [ { value = "32767 32767 58776 radicle.rpqt.fr."; } ];
};
radicles_nid = {
inherit zone;
name = "seed._radicle-node._tcp";
type = "TXT";
records = [
{
value = lib.tf.ref ''provider::hcloud::txt_record("nid=z6MkuivFHDPg6Bd25v4bEWm7T7qLUYMWk1eVTE7exvum5Rvd")'';
}
];
};
radicle_ptr = {
inherit zone;
name = "_radicle-node._tcp";
type = "PTR";
records = [ { value = "seed._radicle-node._tcp.radicle.rpqt.fr."; } ];
};
};
}

39
infra/templates/turifer.dev.zone
View File

@@ -1,39 +0,0 @@
$TTL 3600
@ IN SOA dns100.ovh.net. tech.ovh.net. (2025071505 86400 3600 3600000 60)
IN NS dns100.ovh.net.
IN NS ns100.ovh.net.
turifer.dev. 3000 IN TXT "hosted-email-verify=k5z4lcfc"
turifer.dev. 3000 IN MX 10 aspmx1.migadu.com.
turifer.dev. 3000 IN MX 20 aspmx2.migadu.com.
turifer.dev. 3000 IN TXT "v=spf1 include:spf.migadu.com -all"
key1._domainkey.turifer.dev. 3000 IN CNAME key1.turifer.dev._domainkey.migadu.com.
key2._domainkey.turifer.dev. 3000 IN CNAME key2.turifer.dev._domainkey.migadu.com.
key3._domainkey.turifer.dev. 3000 IN CNAME key3.turifer.dev._domainkey.migadu.com.
_dmarc.turifer.dev. 3000 IN TXT "v=DMARC1; p=quarantine;"
autoconfig.turifer.dev. 3000 IN CNAME autoconfig.migadu.com.
_autodiscover._tcp.turifer.dev. 3000 IN SRV 0 1 443 autodiscover.migadu.com.
_submissions._tcp.turifer.dev. 3000 IN SRV 0 1 465 smtp.migadu.com.
_imaps._tcp.turifer.dev. 3000 IN SRV 0 1 993 imap.migadu.com.
_pop3s._tcp.turifer.dev. 3000 IN SRV 0 1 995 pop.migadu.com.
%{ for addr in verbena_ipv4_addresses ~}
git.turifer.dev. 10800 IN A ${addr}
%{ endfor ~}
%{ for addr in verbena_ipv6_addresses ~}
git.turifer.dev. 10800 IN AAAA ${addr}
%{ endfor ~}
%{ for addr in verbena_ipv4_addresses ~}
buildbot.turifer.dev. 10800 IN A ${addr}
%{ endfor ~}
%{ for addr in verbena_ipv6_addresses ~}
buildbot.turifer.dev. 10800 IN AAAA ${addr}
%{ endfor ~}
%{ for addr in verbena_ipv4_addresses ~}
wg1.turifer.dev. 10800 IN A ${addr}
%{ endfor ~}
%{ for addr in verbena_ipv6_addresses ~}
wg1.turifer.dev. 10800 IN AAAA ${addr}
%{ endfor ~}

15
infra/variables.tf
View File

@@ -1,15 +0,0 @@
variable "gandi_token" {
sensitive = true
}
variable "hcloud_token" {
sensitive = true
}
variable "ovh_client_id" {
sensitive = true
}
variable "ovh_client_secret" {
sensitive = true
}

20
infra/verbena.tf
View File

@@ -1,20 +0,0 @@
output "verbena_ipv4" {
value = local.verbena_ipv4_addresses[0]
}
output "verbena_ipv6" {
value = local.verbena_ipv6_addresses[0]
}
output "verbena_gateway6" {
value = local.gateway6
}
locals {
hextets = 4
parts = split(":", local.verbena_ipv6_addresses[0])
prefix_parts = slice(local.parts, 0, local.hextets)
prefix_str = join(":", local.prefix_parts)
gateway6 = "${local.prefix_str}::1"
}

96
infra/web.nix Normal file
View File

@@ -0,0 +1,96 @@
{ config, infra, ... }:
{
resource.hcloud_zone_rrset =
let
sourcehut_pages = {
ipv4 = "46.23.81.157";
ipv6 = "2a03:6000:1813:1337::157";
};
zone = config.resource.hcloud_zone.rpqt_fr "name";
in
{
a = {
inherit zone;
name = "@";
type = "A";
records = [ { value = sourcehut_pages.ipv4; } ];
};
aaaa = {
inherit zone;
name = "@";
type = "AAAA";
records = [ { value = sourcehut_pages.ipv6; } ];
};
cloud_a = {
inherit zone;
name = "cloud";
type = "A";
records = [ { value = infra.machines.verbena.ipv4; } ];
};
cloud_aaaa = {
inherit zone;
name = "cloud";
type = "AAAA";
records = [ { value = infra.machines.verbena.ipv6; } ];
};
git_turifer_dev_a = {
zone = config.resource.hcloud_zone.turifer_dev "name";
name = "git";
type = "A";
records = [ { value = infra.machines.verbena.ipv4; } ];
};
git_turifer_dev_aaaa = {
zone = config.resource.hcloud_zone.turifer_dev "name";
name = "git";
type = "AAAA";
records = [ { value = infra.machines.verbena.ipv6; } ];
};
git_rpqt_fr_a = {
zone = config.resource.hcloud_zone.rpqt_fr "name";
name = "git";
type = "A";
records = [ { value = infra.machines.verbena.ipv4; } ];
};
git_rpqt_fr_aaaa = {
zone = config.resource.hcloud_zone.rpqt_fr "name";
name = "git";
type = "AAAA";
records = [ { value = infra.machines.verbena.ipv6; } ];
};
buildbot_turifer_dev_a = {
zone = config.resource.hcloud_zone.turifer_dev "name";
name = "buildbot";
type = "A";
records = [ { value = infra.machines.verbena.ipv4; } ];
};
buildbot_turifer_dev_aaaa = {
zone = config.resource.hcloud_zone.turifer_dev "name";
name = "buildbot";
type = "AAAA";
records = [ { value = infra.machines.verbena.ipv6; } ];
};
wg1_turifer_dev_a = {
zone = config.resource.hcloud_zone.turifer_dev "name";
name = "wg1";
type = "A";
records = [ { value = infra.machines.verbena.ipv4; } ];
};
wg1_turifer_dev_aaaa = {
zone = config.resource.hcloud_zone.turifer_dev "name";
name = "wg1";
type = "AAAA";
records = [ { value = infra.machines.verbena.ipv6; } ];
};
};
}

11
machines/genepi/actual.nix
View File

@@ -1,4 +1,7 @@
{ config, ... }:
let
domain = "actual.val";
in
{
services.actual = {
enable = true;
@@ -8,12 +11,14 @@
};
};
services.nginx.virtualHosts."actual.home.rpqt.fr" = {
services.nginx.virtualHosts.${domain} = {
forceSSL = true;
useACMEHost = "home.rpqt.fr";
enableACME = true;
locations."/".proxyPass =
"http://127.0.0.1:${builtins.toString config.services.actual.settings.port}";
};
clan.core.state.acutal.folders = [ "/var/lib/actual" ];
security.acme.certs.${domain}.server = "https://ca.val/acme/acme/directory";
clan.core.state.actual.folders = [ "/var/lib/actual" ];
}

1
machines/genepi/configuration.nix
View File

@@ -12,7 +12,6 @@
./homeassistant.nix
./immich.nix
./monitoring
./mpd.nix
./network.nix
./nginx.nix
./pinchflat.nix

12
machines/genepi/freshrss.nix
View File

@@ -1,13 +1,13 @@
{ config, ... }:
let
domain = "home.rpqt.fr";
subdomain = "rss.${domain}";
tld = "val";
domain = "rss.${tld}";
in
{
services.freshrss = {
enable = true;
baseUrl = "https://${subdomain}";
virtualHost = "${subdomain}";
baseUrl = "https://${domain}";
virtualHost = "${domain}";
defaultUser = "rpqt";
passwordFile = config.clan.core.vars.generators.freshrss.files.freshrss-password.path;
@@ -15,9 +15,11 @@ in
services.nginx.virtualHosts.${config.services.freshrss.virtualHost} = {
forceSSL = true;
useACMEHost = "${domain}";
enableACME = true;
};
security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory";
clan.core.vars.generators.freshrss = {
prompts.freshrss-password = {
description = "freshrss default user password";

26
machines/genepi/glance-config.nix
View File

@@ -1,3 +1,4 @@
{ tld }:
{
theme = {
light = true;
@@ -41,22 +42,22 @@
sites = [
{
title = "Immich";
url = "https://images.home.rpqt.fr";
url = "https://images.${tld}";
icon = "sh:immich";
}
{
title = "FreshRSS";
url = "https://rss.home.rpqt.fr";
url = "https://rss.${tld}";
icon = "sh:freshrss";
}
{
title = "Syncthing";
url = "https://genepi.home.rpqt.fr/syncthing";
url = "https://genepi.${tld}/syncthing";
icon = "sh:syncthing";
}
{
title = "Actual Budget";
url = "https://actual.home.rpqt.fr";
url = "https://actual.${tld}";
icon = "sh:actual-budget";
}
{
@@ -64,14 +65,19 @@
url = "https://git.turifer.dev";
icon = "sh:gitea";
}
{
title = "Forgejo";
url = "https://git.rpqt.fr";
icon = "sh:forgejo";
}
{
title = "Pinchflat";
url = "https://pinchflat.home.rpqt.fr";
url = "https://pinchflat.${tld}";
icon = "https://cdn.jsdelivr.net/gh/selfhst/icons/png/pinchflat.png";
}
{
title = "Home Assistant";
url = "https://assistant.home.rpqt.fr";
url = "https://assistant.${tld}";
icon = "sh:home-assistant";
}
{
@@ -98,12 +104,12 @@
sites = [
{
title = "Grafana";
url = "https://grafana.home.rpqt.fr";
url = "https://grafana.${tld}";
icon = "sh:grafana";
}
{
title = "Prometheus";
url = "http://genepi.home.rpqt.fr:9090";
url = "http://genepi.${tld}:9090";
icon = "sh:prometheus";
}
];
@@ -115,7 +121,7 @@
sites = [
{
title = "Lounge";
url = "https://lounge.home.rpqt.fr";
url = "https://lounge.${tld}";
icon = "si:html5";
}
{
@@ -178,7 +184,7 @@
cache = "12h";
feeds = [
{
url = "https://rss.home.rpqt.fr/api/query.php?user=rpqt&t=74HfeLZ6Wu9h4MmjNR38Rz&f=rss";
url = "https://rss.${tld}/api/query.php?user=rpqt&t=74HfeLZ6Wu9h4MmjNR38Rz&f=rss";
}
];
}

12
machines/genepi/glance.nix
View File

@@ -1,18 +1,20 @@
{ config, ... }:
let
domain = "home.rpqt.fr";
subdomain = "glance.${domain}";
tld = "val";
domain = "glance.${tld}";
in
{
services.glance = {
enable = true;
settings = ./glance-config.nix;
settings = (import ./glance-config.nix) { inherit tld; };
};
services.nginx.virtualHosts.${subdomain} = {
services.nginx.virtualHosts.${domain} = {
forceSSL = true;
useACMEHost = "${domain}";
enableACME = true;
locations."/".proxyPass =
"http://127.0.0.1:${toString config.services.glance.settings.server.port}";
};
security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory";
}

10
machines/genepi/homeassistant.nix
View File

@@ -1,7 +1,7 @@
{ config, ... }:
let
domain = "home.rpqt.fr";
subdomain = "assistant.${domain}";
tld = "val";
domain = "assistant.${tld}";
in
{
services.home-assistant = {
@@ -26,9 +26,9 @@ in
};
};
services.nginx.virtualHosts.${subdomain} = {
services.nginx.virtualHosts.${domain} = {
forceSSL = true;
useACMEHost = "${domain}";
enableACME = true;
extraConfig = ''
proxy_buffering off;
'';
@@ -37,4 +37,6 @@ in
proxyWebsockets = true;
};
};
security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory";
}

12
machines/genepi/immich.nix
View File

@@ -1,19 +1,19 @@
{ config, ... }:
let
domain = "home.rpqt.fr";
subdomain = "images.${domain}";
tld = "val";
domain = "images.${tld}";
in
{
services.immich = {
enable = true;
settings = {
server.externalDomain = "https://${subdomain}";
server.externalDomain = "https://${domain}";
};
};
services.nginx.virtualHosts.${subdomain} = {
services.nginx.virtualHosts.${domain} = {
forceSSL = true;
useACMEHost = "${domain}";
enableACME = true;
locations."/" = {
proxyPass = "http://${toString config.services.immich.host}:${toString config.services.immich.port}";
proxyWebsockets = true;
@@ -26,5 +26,7 @@ in
};
};
security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory";
clan.core.state.immich.folders = [ "/var/lib/immich" ];
}

9
machines/genepi/monitoring/grafana.nix
View File

@@ -1,6 +1,6 @@
{ config, ... }:
let
domain = "home.rpqt.fr";
tld = "val";
in
{
services.grafana = {
@@ -8,7 +8,7 @@ in
settings = {
server = {
http_port = 3000;
domain = "grafana.${domain}";
domain = "grafana.${tld}";
};
};
provision = {
@@ -31,10 +31,13 @@ in
services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = {
forceSSL = true;
useACMEHost = "${domain}";
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true;
};
};
security.acme.certs.${config.services.grafana.settings.server.domain}.server =
"https://ca.${tld}/acme/acme/directory";
}

27
machines/genepi/mpd.nix
View File

@@ -1,27 +0,0 @@
{ config, ... }:
{
services.mpd = {
enable = true;
musicDirectory = "/home/rpqt/Media/Music";
extraConfig = ''
audio_output {
type "pulse"
name "Pulse Audio"
}
'';
network.listenAddress = "any";
};
services.pulseaudio.enable = true;
# Workaround: run PulseAudio system-wide so that the mpd user can access it
services.pulseaudio.systemWide = true;
# Fixes the stutter when changing volume (found this randomly)
services.pulseaudio.daemon.config.flat-volumes = "no";
users.users.${config.services.mpd.user}.extraGroups = [ "pulse-access" ];
users.users.rpqt.homeMode = "755";
}

10
machines/genepi/pinchflat.nix
View File

@@ -3,6 +3,10 @@
pkgs,
...
}:
let
tld = "val";
domain = "pinchflat.${tld}";
in
{
services.pinchflat = {
enable = true;
@@ -23,9 +27,11 @@
clan.core.state.pinchflat.folders = [ "/var/lib/pinchflat" ];
services.nginx.virtualHosts."pinchflat.home.rpqt.fr" = {
services.nginx.virtualHosts.${domain} = {
forceSSL = true;
useACMEHost = "home.rpqt.fr";
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:${builtins.toString config.services.pinchflat.port}";
};
security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory";
}

20
machines/genepi/syncthing.nix
View File

@@ -1,31 +1,41 @@
{
config,
lib,
pkgs,
...
}:
let
user = "rpqt";
home = config.users.users.${user}.home;
domain = "home.rpqt.fr";
subdomain = "genepi.${domain}";
tld = "val";
domain = "genepi.${tld}";
in
{
services.nginx.virtualHosts.${subdomain} = {
services.nginx.virtualHosts.${domain} = {
forceSSL = true;
useACMEHost = "${domain}";
locations."/syncthing".proxyPass = "http://${config.services.syncthing.guiAddress}";
enableACME = true;
locations."/syncthing" = {
proxyPass = "http://${config.services.syncthing.guiAddress}";
};
};
security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory";
services.syncthing = {
enable = true;
user = user;
group = lib.mkForce "users";
dataDir = home;
configDir = lib.mkForce "${home}/.config/syncthing";
guiAddress = "0.0.0.0:8384";
guiPasswordFile = config.clan.core.vars.generators.syncthing-gui.files.password.path;
};
networking.firewall.interfaces.wireguard = {
allowedTCPPorts = [ 8384 ];
};
clan.core.vars.generators.syncthing-gui = {
files.password = {
secret = true;

4
machines/haze/configuration.nix
View File

@@ -18,6 +18,7 @@
self.nixosModules.desktop
self.nixosModules.dev
self.nixosModules.lanzaboote
self.nixosModules.nix-defaults
self.inputs.home-manager.nixosModules.home-manager
@@ -36,7 +37,8 @@
clan.core.networking.targetHost = "rpqt@haze.local";
networking.search = [
"home.rpqt.fr"
"val"
"wireguard"
];
time.timeZone = "Europe/Paris";

11
machines/haze/sway.nix
View File

@@ -1,11 +0,0 @@
{
services.gnome.gnome-keyring.enable = true;
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
users.users."rpqt".extraGroups = [ "video" ];
programs.light.enable = true;
}

2
machines/verbena/configuration.nix
View File

@@ -4,6 +4,8 @@
self.nixosModules.nix-defaults
self.nixosModules.nextcloud
self.nixosModules.gitea
self.nixosModules.forgejo
self.nixosModules.vaultwarden
self.inputs.srvos.nixosModules.server

44
modules/acme-home.nix
View File

@@ -1,26 +1,34 @@
{ config, lib, ... }:
{
imports = [
./gandi.nix
];
config,
lib,
pkgs,
...
}:
{
security.acme = {
acceptTerms = true;
defaults.email = lib.mkDefault "admin@rpqt.fr";
};
security.acme = {
certs."home.rpqt.fr" = {
group = config.services.nginx.group;
domain = "home.rpqt.fr";
extraDomainNames = [ "*.home.rpqt.fr" ];
dnsProvider = "gandiv5";
dnsPropagationCheck = true;
environmentFile = config.clan.core.vars.generators.gandi.files.gandi-env.path;
email = "admin@rpqt.fr";
dnsResolver = "1.1.1.1:53";
};
};
# security.acme = {
# certs."home.rpqt.fr" = {
# group = config.services.nginx.group;
# domain = "home.rpqt.fr";
# extraDomainNames = [ "*.home.rpqt.fr" ];
# dnsProvider = "rfc2136";
# dnsPropagationCheck = true;
# credentialFiles = {
# RFC2136_TSIG_SECRET_FILE = config.clan.core.vars.generators.coredns.files.tsig-key.path;
# };
# environmentFile = pkgs.writeFile ''
# RFC2136_NAMESERVER=fd28:387a:90:c400::1
# '';
# email = "admin@rpqt.fr";
# dnsResolver = "1.1.1.1:53";
# server = "https://acme-staging-v02.api.letsencrypt.org/directory"; # TODO: use production api
# };
# };
clan.core.vars.generators.gandi.files.gandi-env.owner = "acme";
# clan.core.vars.generators.coredns.files.tsig-key.group = "acme";
# clan.core.vars.generators.coredns.files.tsig-key.mode = "0440";
}

2
modules/desktop.nix
View File

@@ -20,4 +20,6 @@
enable = true;
terminal = "ghostty";
};
services.pcscd.enable = true;
}

51
modules/flake-module.nix
View File

@@ -1,31 +1,28 @@
{ lib, ... }:
{
flake.nixosModules = {
gitea.imports = [
./gitea.nix
];
flake.nixosModules =
(
(builtins.readDir ./.)
|> lib.filterAttrs (path: type: type == "regular" && (lib.hasSuffix ".nix" path))
|> lib.mapAttrs' (
path: _: {
name = lib.removeSuffix ".nix" path;
value = {
imports = [ ./${path} ];
};
}
)
)
// {
server.imports = [
./motd.nix
];
desktop.imports = [
./desktop.nix
];
dev.imports = [ ./dev.nix ];
nix-defaults.imports = [ ./nix-defaults.nix ];
tailscale.imports = [ ./tailscale.nix ];
user-rpqt.imports = [ ./user-rpqt.nix ];
hardened-ssh-server.imports = [ ./hardened-ssh-server.nix ];
nextcloud.imports = [ ./nextcloud.nix ];
radicle.imports = [ ./radicle.nix ];
server.imports = [
./motd.nix
];
common.imports = [
{
users.mutableUsers = lib.mkDefault false;
services.userborn.enable = lib.mkDefault true;
}
];
};
common.imports = [
{
users.mutableUsers = lib.mkDefault false;
services.userborn.enable = lib.mkDefault true;
}
];
};
}

75
modules/forgejo.nix Normal file
View File

@@ -0,0 +1,75 @@
{ config, lib, ... }:
let
cfg = config.services.forgejo;
in
{
services.forgejo = {
enable = true;
lfs.enable = true;
settings = {
# storage = {
# };
server = {
ROOT_URL = "https://${cfg.settings.server.DOMAIN}";
DOMAIN = "git.rpqt.fr";
HTTP_PORT = 3001;
};
session.PROVIDER = "db";
session.COOKIE_SECURE = true;
service.DISABLE_REGISTRATION = true;
# Create a repository by pushing to it
repository.ENABLE_PUSH_CREATE_USER = true;
};
};
systemd.services.forgejo.environment = {
FORGEJO__storage__STORAGE_TYPE = "minio";
FORGEJO__storage__MINIO_ENDPOINT = "localhost:3900";
FORGEJO__storage__MINIO_BUCKET = "forgejo";
FORGEJO__storage__MINIO_LOCATION = "garage";
FORGEJO__storage__MINIO_USE_SSL = "false";
};
systemd.services.forgejo.serviceConfig = {
LoadCredential = [
"minio_access_key_id:${config.clan.core.vars.generators.forgejo-s3-storage.files.access-key-id.path}"
"minio_secret_access_key:${config.clan.core.vars.generators.forgejo-s3-storage.files.access-key-secret.path}"
];
Environment = [
"FORGEJO__storage__MINIO_ACCESS_KEY_ID__FILE=%d/minio_access_key_id"
"FORGEJO__storage__MINIO_SECRET_ACCESS_KEY__FILE=%d/minio_secret_access_key"
];
};
clan.core.vars.generators.forgejo-s3-storage = {
prompts.access-key-id = {
description = "s3 access key id";
type = "line";
persist = true;
};
prompts.access-key-secret = {
description = "s3 access key secret";
type = "hidden";
persist = true;
};
};
clan.core.state.forgejo.folders = [ config.services.forgejo.stateDir ];
services.nginx.virtualHosts."git.rpqt.fr" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${builtins.toString (cfg.settings.server.HTTP_PORT)}";
};
};
security.acme.certs."git.rpqt.fr" = {
email = "admin@rpqt.fr";
};
}

15
modules/gandi.nix
View File

@@ -1,15 +0,0 @@
{
clan.core.vars.generators.gandi = {
prompts.gandi-token = {
description = "gandi access token";
type = "hidden";
};
files.gandi-env = {
secret = true;
};
script = ''
printf %s "GANDIV5_PERSONAL_ACCESS_TOKEN=" >> $out/gandi-env
cat $prompts/gandi-token >> $out/gandi-env
'';
};
}

23
modules/lanzaboote.nix Normal file
View File

@@ -0,0 +1,23 @@
{
self,
lib,
pkgs,
...
}:
{
imports = [
self.inputs.lanzaboote.nixosModules.lanzaboote
];
environment.systemPackages = [
# For debugging and troubleshooting Secure Boot.
pkgs.sbctl
];
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
}

10
modules/lounge.nix
View File

@@ -1,7 +1,13 @@
let
tld = "val";
domain = "lounge.${tld}";
in
{
services.nginx.virtualHosts."lounge.home.rpqt.fr" = {
useACMEHost = "home.rpqt.fr";
services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
root = "/var/www/lounge";
};
security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory";
}

2
modules/nextcloud.nix
View File

@@ -34,7 +34,7 @@ in
};
extraAppsEnable = true;
extraApps = {
# inherit (pkgs.nextcloud32Packages.apps) tasks;
inherit (config.services.nextcloud.package.packages.apps) tasks contacts calendar;
};
};

1
modules/nix-defaults.nix
View File

@@ -9,6 +9,7 @@
experimental-features = [
"nix-command"
"flakes"
"pipe-operators"
];
trusted-users = [

4
modules/user-rpqt.nix
View File

@@ -8,7 +8,7 @@
description = "Romain Paquet";
shell = pkgs.zsh;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze"
@@ -17,5 +17,5 @@
extraGroups = [ "wheel" ];
};
programs.zsh.enable = true;
programs.fish.enable = true;
}

18
modules/vaultwarden.nix Normal file
View File

@@ -0,0 +1,18 @@
{
config,
...
}:
{
services.vaultwarden = {
enable = true;
domain = "vaultwarden.val";
configureNginx = true;
};
services.nginx.virtualHosts.${config.services.vaultwarden.domain} = {
enableACME = true;
};
security.acme.certs.${config.services.vaultwarden.domain}.server =
"https://ca.val/acme/acme/directory";
}

22
sops/secrets/hcloud-token/secret Normal file
View File

@@ -0,0 +1,22 @@
{
"data": "ENC[AES256_GCM,data:Jw4huyAI4yZT/24rImVh//JaFvUlwuIRrzP3nzLBqts+U2bs3wcv0LVavSEhECoJveUwYyS29++ewlnw+wiSrQ==,iv:O2ISIPnIJ3677VswqMjphwV30W24SNciPwIzd/AWm/w=,tag:ORMMkAtGyvzlINQ4fbtTjQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFTXMyczVuc3ZwUHJIUlUr\nSTFObW0wNjBGQXBhS1FCSDNCVFJpT05DZzM4CmdscVg4dzJJVDZ6aVpiUHNydXhK\nK0tQTy9uZmJyM3d1OHVXT1FlYnhLck0KLS0tIHJGT1IxWTdJL01XWUE5NEhtcGhs\nZWlUZkx1L2cwd3dpakNCOGY0M3BZazQKZrK9JoWAJk9BOCPWfwxthR4sdNvF4bYj\nbnw5HBmXHPuV4pObDE0RwnoMVBXSfTof41HfogvsM16GWR577+CgMg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdHhYQkMx\nb2xTUXB3dkZuajB0aHIwbllmcVJwOHY3eXphR21MRUdDdWorMApkcHVxQ1FRQ3ZQ\nSnpOYk9ZanJPZ1EvWUpoZHQ1K2VVUVBVMVphVlYweGg0Ci0tLSBiQmQ5YnJpKzJv\nY2lmOFpZSEVJeHNCb3F1SjFzNzBabHN0andFczRYTlFnCkSFxvQ47FvKcCh06tRd\nCb12wKSm12yMs5BR9Bv40YDB9C0/oqo17gDmVworyZKuK2dDfRaSLjoD4Cg2ww+A\nwS0=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBaG9kZWdz\nWVloZGxVZW5lVHpkN292MVFjVC9wWkNWS2hJTWZiLzk0SkdmZwpSZTZkOTFadWxo\naHMzZlVGV3hCY3pyQ1BIczA0ekpIWXZRSFZtN1lZMzZFCi0tLSBlSkRCNkNtbjFs\nd2IvSlRISlRydVh4M1I2bVFFZ1ZJUFFNc1dtbGUrZWtvCiiFUjKkBp4eyI7YV1AY\nk3tqfqsoQyHPYhL4mxU5bDBPTwKpIwPZNzfVDxgiTwQq5s4TEoDYnl4rhEc6ONem\nx84=\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-01-19T14:49:10Z",
"mac": "ENC[AES256_GCM,data:fWo9KS5W4A7UNM58G+KtCzAQAiM0qFVJwf42/eSQC+yAMfZJfbq17JDeow37CbnYo4GaXJuPQHbUqnrFHfqxRXAOP8GfQ02MRf3xSpmzwLQeKtZHwGG8+Ez9x+FnYUJcX8QIHpf25NKpe57h8STtC+Uz66lMp1EFXzJzgOvTY9w=,iv:Eya9bRyBUXv7ddSa7PVNYej6shnXTSdd3NvPPyRfezY=,tag:FH6YK+dfoPyQwgMNTqKQmg==,type:str]",
"version": "3.11.0"
}
}

1
sops/secrets/hcloud-token/users/rpqt Symbolic link
View File

@@ -0,0 +1 @@
../../../users/rpqt

1
vars/per-machine/verbena/forgejo-s3-storage/access-key-id/machines/verbena Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/machines/verbena

26
vars/per-machine/verbena/forgejo-s3-storage/access-key-id/secret Normal file
View File

@@ -0,0 +1,26 @@
{
"data": "ENC[AES256_GCM,data:lILPrDhV479Rju4cNbtcEGU0KhOM7Xirbvk=,iv:LVMTgLoV53cRoa7xP0kvWWZyRC3zL8N00UfQQ/dPafY=,tag:q7PoGHYjI5Sa/3h7xZ0kZg==,type:str]",
"sops": {
"age": [
{
"recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTb3o4ejBZSUcvU1J4aDJ1\nMS8wVUFhaUZtSGlSZ3N6bUVSU1FxQ21DM0dnCjc4WDFmWWpra2lGMVBManpoSjVH\nSldZL3lBR2ZzSWd4VDZDUGtmSnpuRGsKLS0tIHVvcXVJUDZrekNxZFZtL0p0dUR0\nQ211dFpBQ0xEbWRNaisyVWU1TDZnbmMK3VhJbIlVy2jCbzEjSbR9PkN9oZNGjDfm\n7cSnYX8qLaHOJqAAj2isN7SeeYTpRE1IWiguXwKB9bhtij+1S6ymyA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBROWxkUGhUY3pVZk9EQVlO\ndnVKeUM0TThJeGZTOEV2MkVudCttQUVBdDI0CnZwWFBpYTVYR3l5L0RQb05HbTd2\nbndPaEpZWXFTOXl3VE5lWDFrV29mQ1EKLS0tIExMaVpVWXpORExxWWEyNDVia3RM\nMkxTQ0QzM21SeE9NUGlWeGJRMFE0SWcKRaL0GXuZ4/9NKeKFNmJIORpEsVOKBhR4\nzcnJGwY2QnteYkfHhUiZT7vBPIKC6xsCD2gtLAywjX1KUr+FZb4YaA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBeXZGMnBO\nZGRGRW02MXE1TXc0dEErejFQSURKSFo4SEUrQnJXZTdicE9hKwpCTUY1Q2hkT3BC\nV2xmWFR4Zjh5VWF5VzQ5azFkVEF2eS9Fcy9wVUVCYUs4Ci0tLSBLb3RSenEwcDUv\nTitHN3FpNDZHaDlpbWc2cDVkNzlxZCtXWkZGbUxLQnNFCoR/dPrE99WjUojR2Nl1\nC8ZHNnJE53jI1lQGvy5aSo3HmKt97dQwlYuJ0MvHu3CtL9DUenEAfe/OSL4PIb+p\nUZA=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBM2tyQURp\ncGlwTlF1M1JTSXBVM1BlUXYrQ2d2dTRudUwwVDRUdXBubU5OdApmdG1sbS9UcnU0\nYjh0bGlGd2FSdU9pcmEyck9PWkUrUlBFRlR2SVBBLy9RCi0tLSBlL2hVeHRJL1lw\nN1ZVeGFOUGVtVmIwZzc4QzNCdUx1WGhTMGlkYjh6RDFNCqyR5iQ9aCIgCmi2mKDZ\nHPHlerB0TLlvU50w7WLUXzjPts+ZQVE3fMLHUrFi09D1zyKYrB0kDYDcSgcK9j7m\ncTY=\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-01-23T12:31:31Z",
"mac": "ENC[AES256_GCM,data:9s8Kfn08MtBUg9D3MjAfYgEVJ+tsLI3K5DzZec+dl4EzDh3RuF12OI2GbWMgzpAHcEVBcBC0mpvY+ITSTPViNlCu/YBWRzpO9QQPBKRO7VwlwlKIhydjIK+t71QCDiMfWUVEHC5vmYiZeF0uwXSuD/+1WMUFsFYG1LUauN0dhVA=,iv:3mvjAuOQMypsTmzLvBl2H7Pb5CcwHdV9hvZAoWcVOQ0=,tag:hJoTCtWVtC9wBPOn8WDofw==,type:str]",
"version": "3.11.0"
}
}

1
vars/per-machine/verbena/forgejo-s3-storage/access-key-id/users/rpqt Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/users/rpqt

1
vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/machines/verbena Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/machines/verbena

26
vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/secret Normal file
View File

@@ -0,0 +1,26 @@
{
"data": "ENC[AES256_GCM,data:aEG/3fHh4cJ1hheU4P6PFKgm9n9HJblURiqvKms0fnx1cTJSd74qaNejWVlnThuxqPFgi4kv8LIi9WzmpEWy8Q==,iv:zrPF2WvbXPxzQxxZ9p+v/BR1YfNfS02PVi/+5pMzamA=,tag:n96sdJSnBoBWD0ibmAYweQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5WkxjWFZrdE1iVFIxN2xw\ncXlhNGp3cDRKaitqdWNMZTRuNDNHNHVjTEhjCm9wWUswVGlKL2ducjhmQzNzcXps\nbGRMZmk4dm9pdXR2MjdpK1FxOFFkZkUKLS0tIGsydS91UTlGWjlNbytRVWZaamRj\nSXJKVWxhTXV3MmlhcnNMb3d4Vm8vWEkKiEbNBhLLFzNNGmrvGZEedvnX3EjAhJCW\nvTIi3W89nHdOV8pHJK+aIaUT5EhBSTdyCAF/Ecl1MtG6kXjc4G7a3Q==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKRkNkTjVtazhoSGM1dlB3\nN29hYWMxWjNUdVpkVDZQTzh5T2w5enQyKzE0CnpwUzlKZ3pERVhZbmFkQlVhd20y\ndHl2WU9CUDhGVjh4NlVSQmxHUFE3UWcKLS0tIDh6RWtURUE1QW04Q3NENDgvVGE2\nYXdYaEgrVlp6NEZSbmNkM3pYZUNvVGMK2PqzSlhUQhUcsQxNUG0XqjGHjctVvXSR\ncGXZZypty4jd5sWgQKVb4tJ5qu/BlssQnT6YailJEW/8XrhjSuddvg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbFROMGpQ\nYmlpaC83ZDc0b0NCcHI2UVBvQVkvQVI2cmtRbHpEUDFXTTFiaApyeHZ5Sk9jWUho\nUCsveWZoK1FCVGkwZ2hWMTVTZDdwT1BOdG91TWMwRGJnCi0tLSBOV3l0L1BmY0RR\nRWVzYXgwME95ZHMyRWxqdk5odm1zczMzUCtkRU13eUNRCpUjzMJdcOPbmM8aIA5I\nhDET4gkaq9Nm/W2+UhuwR9NcFj2mpSCKAc2BJX6wLJ3vTqOXb3yl4L2PQT6db7bt\nQ/c=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBNkJGOHpK\nUnRzTE8yV1hsYzZXK1N6V09yc2JaMHVvVnV5bEJaZ1hId2tPbApzWC9oS3NzMytW\najVocEZEMTBGblpWV1lNaGh4bnpGRzMybkM2WHNvelZnCi0tLSBESEhJSWtYdW9U\nMmFES1pGY0tJN3hTQlZqeTRoZ3VvQTRxNVFBdVVkVnprCu6aApFJvusV0eJqgBDU\niDDTdsOsY6L7XQHJtiITwsCz9a3jwvgu0+p3TIFAi5NU+RbGWMhlo9OZ+e2hTGGe\nPRY=\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-01-23T12:31:31Z",
"mac": "ENC[AES256_GCM,data:849ki7N7EUxz8a7HnA6oljWx3WN5TbhyqOZSe8T7i931U4tZbzuchxjVQTVb7dGS0sIM5G3rPztP0mAvP9ata6HLPVqov4oTlPW9/+HfcPnlX9stC1uDfJ0AUYyQ6Q6Xavs615X0XE8N1ccGBXoyfOGFBQYcz5vz0aqH4OmbRLM=,iv:SZbVM6UntxRpE1SB7iepCdKUgNCJL+5q2wJA5u9n/4E=,tag:9FlUde54jxc1RKvKl1auBg==,type:str]",
"version": "3.11.0"
}
}

1
vars/per-machine/verbena/forgejo-s3-storage/access-key-secret/users/rpqt Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/users/rpqt

1
vars/shared/openssh-ca/id_ed25519/machines/crocus
View File

@@ -1 +0,0 @@
../../../../../sops/machines/crocus

1
vars/shared/openssh-ca/id_ed25519/machines/genepi
View File

@@ -1 +0,0 @@
../../../../../sops/machines/genepi

1
vars/shared/openssh-ca/id_ed25519/machines/verbena
View File

@@ -1 +0,0 @@
../../../../../sops/machines/verbena

20
vars/shared/openssh-ca/id_ed25519/secret
View File

@@ -3,28 +3,16 @@
"sops": {
"age": [
{
"recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0VG4xcmdBQVJHUXY0enRY\nNmFaZ2RPUWRNYXllMWFucllicDVUTkNuQkh3Ck5uK3prYlRxL2s5MzFqZXRuR3Jv\nLys5RnlVZFBUdTcvRHdYYnlDVlhCSWcKLS0tIFdQY29WZVFYNTRwWXVucUU2RWFL\nOTkyWlc5L3NwUnNXUHRKTzBwZnhhRzAK9f+zmgmEA6ZoD+6ACPmaJuEXCC99fOqb\nKorQurVtUZEGPCYI8hPE26qpITJdwB5g61jXHcobuU8Cy9wemnrWjg==\n-----END AGE ENCRYPTED FILE-----\n"
"recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBeDczWEw4\ndGQydE1DN3RRRFpDQm1RWUcrOExaY0w3dEtLN2wzL0RDU0NkRQoydVBFOFY2eHpD\nUWk0T2V6cUNxZFZBZ1U4NS9adzc2ZXlUcWVRZGNscURzCi0tLSBpZ3VoYXhGdldS\nMVFralNzaTRQMEhVT0xRdEJDcUxPNHFOY29NUnh2K2ZvCjflIFoO8/97HXz0893D\nnNc5EVMRMNhJbDb/Nj4MCafNrf3JeN3jWmCX1IA5AZqMt2Nq2SB1Itx8iaIcRq0t\nlTY=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdjA4Tllj\nVVh4Y1lOeU8wUHFZa3k2VEZpdWRMaHdXQmRUazFqbUJQWHpRZQp3SjJaSzNOaVVQ\nZVpqdVd6U3J1ODNKRTBoRnRJZzNJMVRDU1JGeitIM2MwCi0tLSBZZEVsUzRiOWdT\nRzVoSlQ2RkVLV1JSamRlUDdjeVFCQlFVMGpxM3pKVjE0CvpAOL+lnUcv/BrlKqiE\nIdnv3DqHUgQv0lxuqtgM9ykyqOYX1GoHLH2pX0Zce55V7u4Dh+IWnjta/i7HT2aH\ndDI=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBNEdaY1pT\nYVQxckJjS3NIU2RZTlhuV25Pc01FeGNnbUZvWDJWZktPOTJ6dgpzcUlIWkh5WENH\ndWh3VXNuWlUxMGw4TU1tQnA3VFc4ZHQyQlBvVzFoSHZVCi0tLSBqUWFJM2JOYXds\nc0x0RS9EZ2pYSkdhSWs1djFjVXprTHRndExWTlBYTmJ3CijN/D3rZJMGeKOvosvQ\n2SEDmYfeSlCcOyTGO1zAw54R2sEpNWnKphrC9NI77v45UsCwXO69AfiIqWIhoyc8\nwXU=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQUlFUL2Y2SnZqRVFyajF6\na3hYMi84Qml4MUlERkRJT000VUZZNWZmaERJClZ6N203OFYxZkwxYzVOeVNSc0Zi\nR2xkZEpFTklBRG9xK3UyR2ZYWXVxUjQKLS0tICtYcnZrTWJ0Y2lYVzdEMSs4clM4\nTU5PbjNKRllLckNEOFJkSGF1bS96VmMKIa0co34KtiHG7403j2UsS/rRLs4di0Ek\ngbjv1lvPmEQOl9CrYrMRt24NdPm1JQc00mwgVDvWGwTXbdp9LV8XwQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVa0FRTDVlS2xMc1llUUtn\nRFhocWc5R3FKaHJCUUZHclVlMXNvcytEeEZZCnB6WU5MSzB1SU5Lb2xKTjBTb25R\naGVpOTluRk5Hc0FCakh2QWdNSEF4YjQKLS0tIDYyaVVQUExhM1QyZE03b2NLYWZt\nKy9IVyt6VlJYSWRZK3BRUE9VSXNnMmcK0TL1tXGqyrOawPzEisws2MtFxE/3RJeP\nZBAZ/8ryUUddgmZ4vosgKZ1B1Dc8adc9HsI+vR/PpNvJkU3hH+QHHQ==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBaURsSGZ3\neFRLVCtjYW90bytBcG1MUHpXdVpYZHVZK01tcVpJOWRBYitsUgp3RTE1UUFOUjVV\nRGcvbFJ0MUpFdnVUYmVuN2pUVkdEdDdjSFlwRGZPWVhJCi0tLSB4WWNRMEM3ZDVX\nMUVXUklPbkFVcjBGcU14WjZpTTY0RlFvYXB2STRtSEpZCmTYPzBXojpndrIeuMi+\nj4oGZRPWKkx0EMORJFBIR1YQJhjjVrnrv7BbWYRGPkcS1mJZH2x4IgmUz7ZTfN5F\njuw=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYODNZWGRSYUF6NWJDWjRW\neGJNYi9uSzhORW1BaDNaY2JwWHB6TTdLT2dBCjhwVTBVVmlaeEtnVE9nU3pSa2h0\ndjJtUERadmVXenpkSG5CT3ZmbktTNm8KLS0tIE5MMmtwc2Z5SFB1cWVXNlZhbVBY\ndTNmZGhXVXJZeW1rb0tMT3BIaFA4WEkK2sWALInkeLsTsA4szuRgeSdQAOfFgCl/\n4v8zdn2TfuIHa0iGEJL3Fn1pUPS7E6OJV8M9ua/LgZfuczkbxJr4yA==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByY1pvaWhUSnZqeFl4blo1\nNGtRN2g2Tit1OFFxTnVvV1VSVFFjVlpjUVNvClRBTldvb2NEaHA3Vi80L3pnTzly\nOFBYMUUyLzhtdmNraXJCQmJ5bGxIWlEKLS0tIGVRcFJ6MmdjL2VuVUdVbCtnM1Bi\nbW9Bdm5OdWJRSUwwYWdaSXFEbzhsOW8K5dda6d6wkUvMYU3PpTLG65RWxdH/3ewB\n+yakGuatvZP1nJo7THhHXyZ9dQ2CMOnnOFi0W8W4hVcgBNWc8HR2xg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-10-15T14:18:28Z",