glance: fix pinchflat icon

vicinae: link config file instead of generating it
glance: add prometheus
2025-11-17 21:53:17 +01:00 · 2025-11-17 18:51:28 +01:00 · 2025-11-17 18:50:00 +01:00 · 2025-11-17 18:48:46 +01:00 · 2025-11-17 18:46:54 +01:00 · 2025-11-17 18:46:43 +01:00
338 changed files with 7483 additions and 932 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 /.direnv
 /result
--- a/README.md
+++ b/README.md
@@ -1,10 +1,22 @@
 # NixOS & Home Manager config
 This repository contains all my system configurations, mostly deployed using Nix and [Clan].
 ## Structure
- **home**: Home Manager modules
+- **home**: Dotfiles
- **hosts**: Host-specific configs
+- **machines**: Host-specific configs
 - **infra**: Terraform/OpenTofu files
- **secrets**: Age-encrypted secrets shared between multiple hosts.
+- **vars**: Encrypted secrets managed by clan
-  Host-specific secrets are stored in their own directories.
+- **modules**: NixOS modules
- **system**: Base NixOS modules shared among all hosts
+- **clanServices**: Custom [Clan Services](https://docs.clan.lol/reference/clanServices)
 ## Dotfiles
 ### Linking with dotbotc (for windows)
 ```sh
 dotbot -c ./dotbot/windows.yaml -d home
 ```
 [Clan]: https//clan.lol
--- a/clan/flake-module.nix
+++ b/clan/flake-module.nix
@@ -0,0 +1,180 @@
 { self, lib, ... }:
 {
  imports = [
    ./machines.nix
    ./monitoring.nix
    ./network.nix
  ];
  clan.meta.name = "blossom";
  clan.inventory.instances."rpqt-admin" = {
    module.input = "clan-core";
    module.name = "admin";
    roles.default.tags.server = { };
    roles.default.machines.haze = { };
    roles.default.settings.allowedKeys = {
      rpqt_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze";
      nixbld_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIyNC2sn5m7m52r4kVZqg0T7abqdz5xh/blU3cYtHKAE nixbld@haze";
    };
  };
  clan.inventory.instances."sshd" = {
    module.input = "clan-core";
    module.name = "sshd";
    roles.server.tags.all = { };
    roles.server.extraModules = [
      self.nixosModules.hardened-ssh-server
    ];
    roles.server.settings = {
      certificate.searchDomains = [
        "home.rpqt.fr"
      ];
    };
    roles.client.tags.all = { };
    roles.client.settings = {
      certificate.searchDomains = [
        "home.rpqt.fr"
      ];
    };
  };
  clan.inventory.instances.user-rpqt = {
    module.input = "clan-core";
    module.name = "users";
    roles.default.machines.haze = {
      settings = {
        user = "rpqt";
      };
    };
    roles.default.extraModules = [
      self.nixosModules.user-rpqt
    ];
  };
  clan.inventory.instances.common-config = {
    module = {
      input = "clan-core";
      name = "importer";
    };
    roles.default.tags.all = { };
    roles.default.extraModules = [ self.nixosModules.common ];
  };
  clan.inventory.instances.server-config = {
    module = {
      input = "clan-core";
      name = "importer";
    };
    roles.default.tags.server = { };
    roles.default.extraModules = [
      {
        nix.gc.automatic = lib.mkDefault true;
        nix.gc.dates = lib.mkDefault "Mon 3:15";
        nix.gc.randomizedDelaySec = lib.mkDefault "30min";
        nix.gc.options = lib.mkDefault "--delete-older-than 30d";
      }
    ];
  };
  clan.inventory.instances."garage" = {
    module.input = "clan-core";
    module.name = "garage";
    roles.default.tags.garage = { };
  };
  clan.inventory.instances."garage-config" = {
    module.input = "clan-core";
    module.name = "importer";
    roles.default.tags.garage = { };
    roles.default.extraModules = [ ../modules/garage.nix ];
  };
  clan.inventory.instances."trusted-nix-caches" = {
    module.input = "clan-core";
    module.name = "trusted-nix-caches";
    roles.default.tags.all = { };
  };
  clan.inventory.instances."borgbackup-storagebox" = {
    module.input = "clan-core";
    module.name = "borgbackup";
    roles.client.machines = lib.genAttrs [ "crocus" "genepi" "verbena" ] (
      machine:
      let
        config = self.nixosConfigurations.${machine}.config;
        user = "u422292";
        host = "${user}.your-storagebox.de";
      in
      {
        settings.destinations."storagebox-${config.networking.hostName}" = {
          repo = "${user}@${host}:./borgbackup/${config.networking.hostName}";
          rsh = "ssh -oPort=23 -i ${
            config.clan.core.vars.generators.borgbackup.files."borgbackup.ssh".path
          } -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null";
        };
      }
    );
    roles.client.extraModules = [
      ../modules/storagebox.nix
    ];
    roles.server.machines = { };
  };
  clan.inventory.instances.syncthing = {
    roles.peer.tags.syncthing = { };
    roles.peer.settings.folders = {
      Documents = {
        path = "~/Documents";
      };
      Music = {
        path = "~/Music";
      };
      Pictures = {
        path = "~/Pictures";
      };
      Videos = {
        path = "~/Videos";
      };
    };
    roles.peer.settings.extraDevices = {
      pixel-7a = {
        id = "IZE7B4Z-LKTJY6Q-77NN4JG-ADYRC77-TYPZTXE-Q35BWV2-AEO7Q3R-ZE63IAU";
        name = "Pixel 7a";
        addresses = [ "dynamic" ];
      };
    };
  };
  clan.inventory.instances.buildbot = {
    module.input = "self";
    module.name = "@rpqt/buildbot";
    roles.master.machines.verbena = {
      settings = {
        domain = "buildbot.turifer.dev";
        admins = [ "rpqt" ];
        topic = "buildbot-nix";
        gitea.instanceUrl = "https://git.turifer.dev";
      };
    };
    roles.master.extraModules = [
      {
        services.nginx.virtualHosts."buildbot.turifer.dev" = {
          enableACME = true;
          forceSSL = true;
        };
        security.acme.certs."buildbot.turifer.dev" = {
          email = "admin@turifer.dev";
        };
      }
    ];
    roles.worker.machines.verbena = { };
  };
 }
--- a/clan/machines.nix
+++ b/clan/machines.nix
@@ -0,0 +1,28 @@
 {
  clan.inventory.machines = {
    crocus = {
      tags = [
        "garage"
        "server"
      ];
    };
    genepi = {
      tags = [
        "garage"
        "server"
        "syncthing"
      ];
    };
    haze = {
      tags = [
        "syncthing"
      ];
    };
    verbena = {
      tags = [
        "garage"
        "server"
      ];
    };
  };
 }
--- a/clan/monitoring.nix
+++ b/clan/monitoring.nix
@@ -0,0 +1,46 @@
 { self, ... }:
 {
  clan.inventory.instances.prometheus = {
    module.input = "self";
    module.name = "@rpqt/prometheus";
    roles.scraper.machines.genepi = { };
    roles.scraper.settings = {
      extraScrapeConfigs = [
        {
          job_name = "garage";
          static_configs = [
            {
              labels.instance = "crocus";
              targets = [ "crocus.home.rpqt.fr:3903" ];
            }
            {
              labels.instance = "genepi";
              targets = [ "genepi.home.rpqt.fr:3903" ];
            }
            {
              labels.instance = "verbena";
              targets = [ "verbena.home.rpqt.fr:3903" ];
            }
          ];
          authorization = {
            type = "Bearer";
            credentials_file =
              self.nixosConfigurations.verbena.config.clan.core.vars.generators.garage.files.metrics_token.path;
          };
        }
      ];
    };
    roles.target.tags.server = { };
    roles.target.settings = {
      exporters = {
        node = {
          enabledCollectors = [
            "systemd"
          ];
        };
      };
    };
  };
 }
--- a/clan/network.nix
+++ b/clan/network.nix
@@ -0,0 +1,20 @@
 {
  clan.inventory.instances.zerotier = {
    roles.controller.machines.crocus = { };
    roles.moon.machines.crocus = {
      settings = {
        stableEndpoints = [
          "116.203.18.122"
          "2a01:4f8:1c1e:e415::/64"
        ];
      };
    };
    roles.peer.tags."all" = { };
  };
  clan.inventory.instances.internet = {
    roles.default.machines.verbena = {
      settings.host = "git.turifer.dev";
    };
  };
 }
--- a/clanServices/buildbot/default.nix
+++ b/clanServices/buildbot/default.nix
@@ -0,0 +1,158 @@
 { self, ... }:
 { lib, ... }:
 {
  _class = "clan.service";
  manifest.name = "buildbot";
  roles.master = {
    interface.options = {
      domain = lib.mkOption {
        type = lib.types.str;
        description = "Domain name under which the buildbot frontend is reachable";
        example = "https://buildbot.example.com";
      };
      admins = lib.mkOption {
        type = lib.types.listOf lib.types.str;
        description = "List of usernames allowed to authenticate to the buildbot frontend";
        example = [ "Mic92" ];
      };
      topic = lib.mkOption {
        type = lib.types.str;
        description = "Name of the topic attached to repositories that should be built";
        example = "buildbot-nix";
      };
      gitea.instanceUrl = lib.mkOption {
        type = lib.types.str;
        description = "URL of the Gitea instance";
        example = "https://git.example.com";
      };
    };
    perInstance =
      {
        settings,
        roles,
        ...
      }:
      {
        nixosModule =
          {
            config,
            lib,
            pkgs,
            ...
          }:
          {
            imports = [
              self.inputs.buildbot-nix.nixosModules.buildbot-master
            ];
            services.buildbot-nix.master = {
              enable = true;
              workersFile = config.clan.core.vars.generators.buildbot.files.workers-file.path;
              inherit (settings) domain admins;
              authBackend = "gitea";
              gitea = {
                enable = true;
                inherit (settings.gitea) instanceUrl;
                inherit (settings) topic;
                tokenFile = config.clan.core.vars.generators.buildbot.files.api-token.path;
                webhookSecretFile = config.clan.core.vars.generators.buildbot.files.webhook-secret.path;
                oauthId = config.clan.core.vars.generators.buildbot.files.oauth-id.value;
                oauthSecretFile = config.clan.core.vars.generators.buildbot.files.oauth-secret.path;
              };
            };
            clan.core.vars.generators.buildbot = {
              prompts.api-token = {
                description = "gitea API token";
                type = "hidden";
                persist = true;
              };
              prompts.webhook-secret = {
                description = "gitea webhook secret";
                type = "hidden";
                persist = true;
              };
              prompts.oauth-id = {
                description = "oauth client id";
                persist = true;
              };
              files.oauth-id.secret = false;
              prompts.oauth-secret = {
                description = "oauth secret";
                type = "hidden";
                persist = true;
              };
              dependencies = [ "buildbot-worker" ];
              files.workers-file.secret = true;
              runtimeInputs = [ pkgs.python3 ];
              script = ''
                python3 - << EOF                
                import os
                import json
                password_path = os.path.join(os.environ.get("in"), "buildbot-worker/worker-password")
                password = open(password_path).read().strip()
                workers = [
                  {
                    "name": "${config.networking.hostName}",
                    "pass": password,
                    "cores": 4,
                  },
                ];
                workers_file_path = os.path.join(os.environ.get("out"), "workers-file")
                with open(workers_file_path, "w") as workers_file:
                  workers_file.write(json.dumps(workers))
                EOF
              '';
            };
          };
      };
  };
  roles.worker = {
    perInstance =
      {
        settings,
        roles,
        ...
      }:
      {
        nixosModule =
          {
            config,
            lib,
            pkgs,
            ...
          }:
          {
            imports = [
              self.inputs.buildbot-nix.nixosModules.buildbot-worker
            ];
            services.buildbot-nix.worker = {
              enable = true;
              workerPasswordFile = config.clan.core.vars.generators.buildbot-worker.files.worker-password.path;
            };
            clan.core.vars.generators.buildbot-worker = {
              files.worker-password = { };
              runtimeInputs = [
                pkgs.openssl
              ];
              script = ''
                openssl rand -hex 32 > "$out"/worker-password
              '';
            };
          };
      };
  };
 }
--- a/clanServices/buildbot/flake-module.nix
+++ b/clanServices/buildbot/flake-module.nix
@@ -0,0 +1,4 @@
 { self, lib, ... }:
 {
  clan.modules."@rpqt/buildbot" = lib.modules.importApply ./default.nix { inherit self; };
 }
--- a/clanServices/flake-module.nix
+++ b/clanServices/flake-module.nix
@@ -0,0 +1,6 @@
 {
  imports = [
    ./buildbot/flake-module.nix
    ./prometheus/flake-module.nix
  ];
 }
--- a/clanServices/prometheus/README.md
+++ b/clanServices/prometheus/README.md
@@ -0,0 +1,38 @@
 This module enables collecting metrics from machines in clan, using Prometheus.
 There are two roles:
 - A `target` role for machines on which to collect and export metrics.
 - A `scraper` roles for machines that fetch metrics from `target` machines and
  store them in the long term.
 ```nix
 inventory = {
  machines = {
    server01.tags.server = {};
    server02.tags.server = {};
    metrics.tags.server = {}; # metrics collector
  };
  instances = {
    prometheus = {
      module.name = "@rpqt/prometheus";
      module.input = "self";
      roles.scraper.machines."metrics" = {};
      # Collect metrics on all servers
      roles.target.tags.server = {
        settings = {
          exporters = {
            # Enable the node-exporter metrics source
            node.enabledCollectors = [ "systemd" ];
          };
        };
      };
    };
  };
 };
 ```
--- a/clanServices/prometheus/default.nix
+++ b/clanServices/prometheus/default.nix
@@ -0,0 +1,114 @@
 { self, ... }:
 { lib, ... }:
 {
  _class = "clan.service";
  manifest.name = "prometheus";
  manifest.description = "Prometheus metrics collection across the clan network.";
  manifest.readme = builtins.readFile ./README.md;
  # Only works with zerotier (until a unified network module is ready)
  roles.scraper = {
    description = "A server that scrapes metrics from exporters of machines that have the 'target' role.";
    interface = {
      options.extraScrapeConfigs = lib.mkOption {
        type = lib.types.listOf lib.types.attrs;
        description = "A list of additional scrape configurations.";
      };
    };
    perInstance =
      {
        settings,
        roles,
        ...
      }:
      {
        nixosModule =
          { config, lib, ... }:
          {
            services.prometheus.enable = true;
            services.prometheus.scrapeConfigs =
              let
                allExporters = lib.unique (
                  lib.concatLists (
                    lib.map (machine: lib.attrNames machine.settings.exporters) (lib.attrValues roles.target.machines)
                  )
                );
                hasExporter =
                  exporter: machine: lib.hasAttr exporter roles.target.machines.${machine}.settings.exporters;
                mkScrapeConfig = (
                  exporter:
                  let
                    machinesWithExporter = lib.filter (hasExporter exporter) (lib.attrNames roles.target.machines);
                  in
                  {
                    job_name = exporter;
                    static_configs = lib.map (machineName: {
                      targets =
                        let
                          targetConfig = self.nixosConfigurations.${machineName}.config;
                          targetHost = targetConfig.clan.core.vars.generators.zerotier.files.zerotier-ip.value;
                        in
                        [
                          "[${targetHost}]:${toString targetConfig.services.prometheus.exporters.${exporter}.port}"
                        ];
                      labels.instance = machineName;
                    }) machinesWithExporter;
                  }
                );
              in
              (lib.map mkScrapeConfig allExporters) ++ settings.extraScrapeConfigs;
            clan.core.state.prometheus.folders = [ "/var/lib/${config.services.prometheus.stateDir}" ];
          };
      };
  };
  roles.target = {
    description = "A machine on which to collect and export metrics.";
    interface =
      { lib, ... }:
      {
        options = {
          exporters = lib.mkOption {
            type = lib.types.attrs;
            default = { };
            example = {
              node = {
                enabledCollectors = [ "systemd" ];
                port = 9002;
              };
            };
            description = "Attribute set of exporters to enable";
          };
        };
      };
    perInstance =
      {
        instanceName,
        settings,
        machine,
        roles,
        ...
      }:
      {
        nixosModule =
          { config, lib, ... }:
          {
            services.prometheus.exporters = builtins.mapAttrs (
              name: exporterSettings:
              exporterSettings
              // {
                enable = true;
              }
            ) settings.exporters;
            networking.firewall.interfaces."zts7mq7onf".allowedTCPPorts = lib.map (
              exporterName: config.services.prometheus.exporters.${exporterName}.port
            ) (lib.attrNames settings.exporters);
          };
      };
  };
 }
--- a/clanServices/prometheus/flake-module.nix
+++ b/clanServices/prometheus/flake-module.nix
@@ -0,0 +1,4 @@
 { self, lib, ... }:
 {
  clan.modules."@rpqt/prometheus" = lib.modules.importApply ./default.nix { inherit self; };
 }
--- a/devShells/flake-module.nix
+++ b/devShells/flake-module.nix
@@ -0,0 +1,26 @@
 {
  perSystem =
    {
      inputs',
      pkgs,
      ...
    }:
    {
      devShells.default = pkgs.mkShellNoCC {
        packages = [
          inputs'.clan-core.packages.clan-cli
          pkgs.garage
          pkgs.nil # Nix language server
          pkgs.nixfmt-rfc-style
          pkgs.opentofu
          pkgs.terraform-ls
          pkgs.deploy-rs
          pkgs.zsh
        ];
        shellHook = ''
          export GARAGE_RPC_SECRET=$(clan vars get crocus garage-shared/rpc_secret)
          export GARAGE_RPC_HOST=5d8249fe49264d36bc3532bd88400498bf9497b5cd4872245eb820d5d7797ed6@crocus.home.rpqt.fr:3901
        '';
      };
    };
 }
--- a/dotbot/windows.yaml
+++ b/dotbot/windows.yaml
@@ -0,0 +1,8 @@
 - defaults:
    link:
      relink: true
 - link:
    ~/AppData/Roaming/helix/config.toml: .config/helix/config.toml
    ~/AppData/Roaming/jj/config.toml: .config/jj/config.toml
    ~/AppData/Roaming/nushell/config.nu: .config/nushell/config.nu
--- a/flake.lock
+++ b/flake.lock
@@ -1,25 +1,25 @@
 {
  "nodes": {
-    "agenix": {
+    "buildbot-nix": {
      "inputs": {
-        "darwin": "darwin",
+        "flake-parts": "flake-parts",
-        "home-manager": "home-manager",
+        "hercules-ci-effects": "hercules-ci-effects",
        "nixpkgs": [
          "nixpkgs"
        ],
-        "systems": "systems"
+        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1745630506,
+        "lastModified": 1761641036,
-        "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=",
+        "narHash": "sha256-WyoAA5qBHimmWj0tuJMnkIq4o8dB01st6smx3ZzI/L0=",
-        "owner": "ryantm",
+        "owner": "nix-community",
-        "repo": "agenix",
+        "repo": "buildbot-nix",
-        "rev": "96e078c646b711aee04b82ba01aefbff87004ded",
+        "rev": "3cd0114c633815095fde7a3126e1dbd6ad2e673f",
        "type": "github"
      },
      "original": {
-        "owner": "ryantm",
+        "owner": "nix-community",
-        "repo": "agenix",
+        "repo": "buildbot-nix",
        "type": "github"
      }
    },
@@ -27,7 +27,9 @@
      "inputs": {
        "data-mesher": "data-mesher",
        "disko": "disko",
-        "flake-parts": "flake-parts",
+        "flake-parts": [
          "flake-parts"
        ],
        "nix-darwin": "nix-darwin",
        "nix-select": "nix-select",
        "nixos-facter-modules": "nixos-facter-modules",
@@ -35,15 +37,15 @@
          "nixpkgs"
        ],
        "sops-nix": "sops-nix",
-        "systems": "systems_2",
+        "systems": "systems",
-        "treefmt-nix": "treefmt-nix"
+        "treefmt-nix": "treefmt-nix_2"
      },
      "locked": {
-        "lastModified": 1747400548,
+        "lastModified": 1762423941,
-        "narHash": "sha256-zvBGXYkd8pZKkBXlLdcw0/nxSoGJOkwGbc6dz9NS4G8=",
+        "narHash": "sha256-2mahDC4N9CiR/VQR8EqHg0TZhf+ix8u4y2gbPr6qJ6w=",
        "ref": "refs/heads/main",
-        "rev": "56f3fd0a454635d0449330e6848a98bab6da020e",
+        "rev": "9ddcda8f10c96c790fb83cf4004899d95fae891d",
-        "revCount": 6979,
+        "revCount": 11011,
        "type": "git",
        "url": "https://git.clan.lol/clan/clan-core"
      },
@@ -52,25 +54,25 @@
        "url": "https://git.clan.lol/clan/clan-core"
      }
    },
-    "darwin": {
+    "dankMaterialShell": {
      "inputs": {
        "dgop": "dgop",
        "dms-cli": "dms-cli",
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1744478979,
+        "lastModified": 1762704668,
-        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
+        "narHash": "sha256-wrLa8ZoEpAhQjIt9uHcPb47LvVcceA8ok6S7BeUeaC4=",
-        "owner": "lnl7",
+        "owner": "AvengeMedia",
-        "repo": "nix-darwin",
+        "repo": "DankMaterialShell",
-        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
+        "rev": "392a1c03c53ce916ec8d2ba61e852d34d2e1b9cb",
        "type": "github"
      },
      "original": {
-        "owner": "lnl7",
+        "owner": "AvengeMedia",
-        "ref": "master",
+        "repo": "DankMaterialShell",
        "repo": "nix-darwin",
        "type": "github"
      }
    },
@@ -84,27 +86,44 @@
          "clan-core",
          "nixpkgs"
        ],
        "systems": [
          "clan-core",
          "systems"
        ],
        "treefmt-nix": [
          "clan-core",
          "treefmt-nix"
        ]
      },
      "locked": {
-        "lastModified": 1747329636,
+        "lastModified": 1760612273,
-        "narHash": "sha256-mmyx5trq5ZQp6uShbHNfqgSxdg9OeArcZGdZKtHjhqw=",
+        "narHash": "sha256-pP/bSqUHubxAOTI7IHD5ZBQ2Qm11Nb4pXXTPv334UEM=",
-        "rev": "7afcd6f322b9839699f6f31d5bed884c6dd412c4",
+        "rev": "0099739c78be750b215cbdefafc9ba1533609393",
        "type": "tarball",
-        "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/7afcd6f322b9839699f6f31d5bed884c6dd412c4.tar.gz"
+        "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/0099739c78be750b215cbdefafc9ba1533609393.tar.gz"
      },
      "original": {
        "type": "tarball",
        "url": "https://git.clan.lol/clan/data-mesher/archive/main.tar.gz"
      }
    },
    "dgop": {
      "inputs": {
        "nixpkgs": [
          "dankMaterialShell",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1762435535,
        "narHash": "sha256-QhzRn7pYN35IFpKjjxJAj3GPJECuC+VLhoGem3ezycc=",
        "owner": "AvengeMedia",
        "repo": "dgop",
        "rev": "6cf638dde818f9f8a2e26d0243179c43cb3458d7",
        "type": "github"
      },
      "original": {
        "owner": "AvengeMedia",
        "repo": "dgop",
        "type": "github"
      }
    },
    "disko": {
      "inputs": {
        "nixpkgs": [
@@ -113,11 +132,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747274630,
+        "lastModified": 1762276996,
-        "narHash": "sha256-87RJwXbfOHyzTB9LYagAQ6vOZhszCvd8Gvudu+gf3qo=",
+        "narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "ec7c109a4f794fce09aad87239eab7f66540b888",
+        "rev": "af087d076d3860760b3323f6b583f4d828c1ac17",
        "type": "github"
      },
      "original": {
@@ -133,11 +152,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747274630,
+        "lastModified": 1762276996,
-        "narHash": "sha256-87RJwXbfOHyzTB9LYagAQ6vOZhszCvd8Gvudu+gf3qo=",
+        "narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "ec7c109a4f794fce09aad87239eab7f66540b888",
+        "rev": "af087d076d3860760b3323f6b583f4d828c1ac17",
        "type": "github"
      },
      "original": {
@@ -146,19 +165,40 @@
        "type": "github"
      }
    },
    "dms-cli": {
      "inputs": {
        "nixpkgs": [
          "dankMaterialShell",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1762491516,
        "narHash": "sha256-oGLH5Gje/p2Hc1kO3m8P5eAZ7JldBI30EmwzEET4cNU=",
        "owner": "AvengeMedia",
        "repo": "danklinux",
        "rev": "050cf28a2963a7698ed4759736fe5fe77eee7cc2",
        "type": "github"
      },
      "original": {
        "owner": "AvengeMedia",
        "repo": "danklinux",
        "type": "github"
      }
    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
-          "clan-core",
+          "buildbot-nix",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1743550720,
+        "lastModified": 1756770412,
-        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
+        "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
+        "rev": "4524271976b625a4a605beefd893f270620fd751",
        "type": "github"
      },
      "original": {
@@ -167,19 +207,81 @@
        "type": "github"
      }
    },
    "flake-parts_2": {
      "inputs": {
        "nixpkgs-lib": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1762440070,
        "narHash": "sha256-xxdepIcb39UJ94+YydGP221rjnpkDZUlykKuF54PsqI=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "rev": "26d05891e14c88eb4a5d5bee659c0db5afb609d8",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "type": "github"
      }
    },
    "flake-utils": {
      "inputs": {
        "systems": "systems_3"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "hercules-ci-effects": {
      "inputs": {
        "flake-parts": [
          "buildbot-nix",
          "flake-parts"
        ],
        "nixpkgs": [
          "buildbot-nix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1758022363,
        "narHash": "sha256-ENUhCRWgSX4ni751HieNuQoq06dJvApV/Nm89kh+/A0=",
        "owner": "hercules-ci",
        "repo": "hercules-ci-effects",
        "rev": "1a3667d33e247ad35ca250698d63f49a5453d824",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "hercules-ci-effects",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1745494811,
+        "lastModified": 1762704774,
-        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
+        "narHash": "sha256-iodz4xQbULkHqetbPu5BCSWsVEzZiiNSv0/dzfH4XiE=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
+        "rev": "be4a9233dd3f6104c9b0fdd3d56f953eb519a4c7",
        "type": "github"
      },
      "original": {
@@ -188,23 +290,45 @@
        "type": "github"
      }
    },
-    "home-manager_2": {
+    "ignis": {
      "inputs": {
        "ignis-gvc": "ignis-gvc",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1747374689,
+        "lastModified": 1758101718,
-        "narHash": "sha256-JT/aBZqmK1LbExzwT9cPkvxKc0IC4i6tZKOPjsSWFbI=",
+        "narHash": "sha256-qxY1q6ppBK5zWueAWVibiQLXUKbmot3/Zlb+J6q7RS0=",
-        "owner": "nix-community",
+        "owner": "ignis-sh",
-        "repo": "home-manager",
+        "repo": "ignis",
-        "rev": "d2263ce5f4c251c0f7608330e8fdb7d1f01f0667",
+        "rev": "57017f8fbde4c4c67bdd4fa69c72589358882928",
        "type": "github"
      },
      "original": {
-        "owner": "nix-community",
+        "owner": "ignis-sh",
-        "repo": "home-manager",
+        "repo": "ignis",
        "type": "github"
      }
    },
    "ignis-gvc": {
      "inputs": {
        "nixpkgs": [
          "ignis",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1754064086,
        "narHash": "sha256-ft5KvY2OYrWF+jEsfBL/Zx8Iuo2C10C6COk8wHwZw34=",
        "owner": "ignis-sh",
        "repo": "ignis-gvc",
        "rev": "f2c9f10d8b49cc38106a2f07a51ea959c6aa4e63",
        "type": "github"
      },
      "original": {
        "owner": "ignis-sh",
        "repo": "ignis-gvc",
        "type": "github"
      }
    },
@@ -223,6 +347,27 @@
        "type": "github"
      }
    },
    "matugen": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ],
        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1762639445,
        "narHash": "sha256-5E9exwTb7Tr4+SCJLJl/giiouHDmNGFb+pobScH1TkY=",
        "owner": "InioX",
        "repo": "Matugen",
        "rev": "4c8c1dc6055853eb62b1f15be2920961194ef4cd",
        "type": "github"
      },
      "original": {
        "owner": "InioX",
        "repo": "Matugen",
        "type": "github"
      }
    },
    "nix-darwin": {
      "inputs": {
        "nixpkgs": [
@@ -231,11 +376,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747365160,
+        "lastModified": 1762304480,
-        "narHash": "sha256-4ZVr0x+ry6ybym/VhVYACj0HlJo44YxAaPGOxiS88Hg=",
+        "narHash": "sha256-ikVIPB/ea/BAODk6aksgkup9k2jQdrwr4+ZRXtBgmSs=",
        "owner": "nix-darwin",
        "repo": "nix-darwin",
-        "rev": "8817b00b0011750381d0d44bb94d61087349b6ba",
+        "rev": "b8c7ac030211f18bd1f41eae0b815571853db7a2",
        "type": "github"
      },
      "original": {
@@ -246,11 +391,11 @@
    },
    "nix-select": {
      "locked": {
-        "lastModified": 1745005516,
+        "lastModified": 1755887746,
-        "narHash": "sha256-IVaoOGDIvAa/8I0sdiiZuKptDldrkDWUNf/+ezIRhyc=",
+        "narHash": "sha256-lzWbpHKX0WAn/jJDoCijIDss3rqYIPawe46GDaE6U3g=",
-        "rev": "69d8bf596194c5c35a4e90dd02c52aa530caddf8",
+        "rev": "92c2574c5e113281591be01e89bb9ddb31d19156",
        "type": "tarball",
-        "url": "https://git.clan.lol/api/v1/repos/clan/nix-select/archive/69d8bf596194c5c35a4e90dd02c52aa530caddf8.tar.gz"
+        "url": "https://git.clan.lol/api/v1/repos/clan/nix-select/archive/92c2574c5e113281591be01e89bb9ddb31d19156.tar.gz"
      },
      "original": {
        "type": "tarball",
@@ -274,11 +419,11 @@
    },
    "nixos-facter-modules": {
      "locked": {
-        "lastModified": 1743671943,
+        "lastModified": 1762264948,
-        "narHash": "sha256-7sYig0+RcrR3sOL5M+2spbpFUHyEP7cnUvCaqFOBjyU=",
+        "narHash": "sha256-iaRf6n0KPl9hndnIft3blm1YTAyxSREV1oX0MFZ6Tk4=",
        "owner": "nix-community",
        "repo": "nixos-facter-modules",
-        "rev": "58ad9691670d293a15221d4a78818e0088d2e086",
+        "rev": "fa695bff9ec37fd5bbd7ee3181dbeb5f97f53c96",
        "type": "github"
      },
      "original": {
@@ -293,11 +438,11 @@
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1742568034,
+        "lastModified": 1751903740,
-        "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
+        "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
+        "rev": "032decf9db65efed428afd2fa39d80f7089085eb",
        "type": "github"
      },
      "original": {
@@ -308,11 +453,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1747129300,
+        "lastModified": 1762463231,
-        "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=",
+        "narHash": "sha256-hv1mG5j5PTbnWbtHHomzTus77pIxsc4x8VrMjc7+/YE=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "e81fd167b33121269149c57806599045fd33eeed",
+        "rev": "52113c4f5cfd1e823001310e56d9c8d0699a6226",
        "type": "github"
      },
      "original": {
@@ -340,11 +485,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1747179050,
+        "lastModified": 1762596750,
-        "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=",
+        "narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e",
+        "rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e",
        "type": "github"
      },
      "original": {
@@ -356,14 +501,20 @@
    },
    "root": {
      "inputs": {
-        "agenix": "agenix",
+        "buildbot-nix": "buildbot-nix",
        "clan-core": "clan-core",
        "dankMaterialShell": "dankMaterialShell",
        "disko": "disko_2",
-        "home-manager": "home-manager_2",
+        "flake-parts": "flake-parts_2",
        "home-manager": "home-manager",
        "ignis": "ignis",
        "impermanence": "impermanence",
        "matugen": "matugen",
        "nixos-generators": "nixos-generators",
        "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_2",
        "srvos": "srvos",
        "vicinae": "vicinae"
      }
    },
    "sops-nix": {
@@ -374,11 +525,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1746485181,
+        "lastModified": 1760998189,
-        "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=",
+        "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "e93ee1d900ad264d65e9701a5c6f895683433386",
+        "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",
        "type": "github"
      },
      "original": {
@@ -387,6 +538,26 @@
        "type": "github"
      }
    },
    "srvos": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1762630873,
        "narHash": "sha256-3oBDTcYuTFk2e5xINUvXkmGy/NCosajTeFFZIgyrpZE=",
        "owner": "nix-community",
        "repo": "srvos",
        "rev": "84e1e515d32e2d92098ed2a8d102d71ac58676e5",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "srvos",
        "type": "github"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
@@ -403,6 +574,21 @@
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1689347949,
        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
        "owner": "nix-systems",
        "repo": "default-linux",
        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default-linux",
        "type": "github"
      }
    },
    "systems_3": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -420,16 +606,16 @@
    "treefmt-nix": {
      "inputs": {
        "nixpkgs": [
-          "clan-core",
+          "buildbot-nix",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1747299117,
+        "lastModified": 1758728421,
-        "narHash": "sha256-JGjCVbxS+9t3tZ2IlPQ7sdqSM4c+KmIJOXVJPfWmVOU=",
+        "narHash": "sha256-ySNJ008muQAds2JemiyrWYbwbG+V7S5wg3ZVKGHSFu8=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "e758f27436367c23bcd63cd973fa5e39254b530e",
+        "rev": "5eda4ee8121f97b218f7cc73f5172098d458f1d1",
        "type": "github"
      },
      "original": {
@@ -437,6 +623,48 @@
        "repo": "treefmt-nix",
        "type": "github"
      }
    },
    "treefmt-nix_2": {
      "inputs": {
        "nixpkgs": [
          "clan-core",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1762366246,
        "narHash": "sha256-3xc/f/ZNb5ma9Fc9knIzEwygXotA+0BZFQ5V5XovSOQ=",
        "owner": "numtide",
        "repo": "treefmt-nix",
        "rev": "a82c779ca992190109e431d7d680860e6723e048",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "treefmt-nix",
        "type": "github"
      }
    },
    "vicinae": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1762684504,
        "narHash": "sha256-mpZcCsX2DyRtPiSRdYQBXuZQ+exguXRtXzdUgh+h+Pk=",
        "owner": "vicinaehq",
        "repo": "vicinae",
        "rev": "184387ffd4087de7313e7d1dca7477c7cfa61756",
        "type": "github"
      },
      "original": {
        "owner": "vicinaehq",
        "repo": "vicinae",
        "type": "github"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@@ -5,128 +5,68 @@
    inputs@{
      nixpkgs,
      clan-core,
      flake-parts,
      home-manager,
      impermanence,
      nixos-generators,
      nixos-hardware,
      self,
      ...
    }:
-    let
+    flake-parts.lib.mkFlake { inherit inputs; } ({
-      clan = clan-core.lib.buildClan {
+      imports = [
-        self = self;
+        inputs.clan-core.flakeModules.default
-        meta.name = "blossom";
+        ./clan/flake-module.nix
-        specialArgs = {
+        ./clanServices/flake-module.nix
-          inherit inputs self;
+        ./devShells/flake-module.nix
-          inherit (import ./parts) keys;
+        ./home-manager/flake-module.nix
-        };
+        ./modules/flake-module.nix
-        inventory = {
+        ./packages/flake-module.nix
          instances = {
            "rpqt-admin" = {
              module.input = "clan-core";
              module.name = "admin";
              roles.default.machines = {
                "crocus" = { };
                "genepi" = { };
                "haze" = { };
              };
              roles.default.settings.allowedKeys = {
                rpqt_haze = (import ./parts).keys.rpqt.haze;
              };
            };
          };
          services = {
            zerotier.default = {
              roles.controller.machines = [
                "crocus"
      ];
              roles.peer.machines = [
                "haze"
                "genepi"
              ];
            };
            sshd.default = {
              roles.server.machines = [ "crocus" ];
            };
            user-password.rpqt = {
              roles.default.machines = [
                "crocus"
                "genepi"
                "haze"
              ];
              config.user = "rpqt";
            };
          };
        };
      };
    in
    {
      inherit (clan) clanInternals nixosConfigurations;
-      devShells =
+      systems = [
-        let
+        "x86_64-linux"
-          system = "x86_64-linux";
+        "aarch64-linux"
          pkgs = import nixpkgs {
            inherit system;
          };
        in
        {
          "${system}".default = pkgs.mkShell {
            packages = [
              inputs.agenix.packages.${system}.default
              clan-core.packages.${system}.clan-cli
              pkgs.nil # Nix language server
              pkgs.nixfmt-rfc-style
              pkgs.opentofu
              pkgs.terraform-ls
              pkgs.deploy-rs
              pkgs.zsh
      ];
-            shellhook = ''
+    });
              exec zsh
            '';
          };
        };
    };
  inputs = {
-    nixpkgs = {
+    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
      url = "github:nixos/nixpkgs?ref=nixos-unstable";
    };
    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    impermanence = {
      url = "github:nix-community/impermanence";
    };
    nixos-hardware = {
      url = "github:NixOS/nixos-hardware/master";
    };
    nixos-generators = {
      url = "github:nix-community/nixos-generators";
    };
    agenix = {
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    clan-core = {
      url = "git+https://git.clan.lol/clan/clan-core";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
-  nixConfig = {
+    disko.url = "github:nix-community/disko";
-    extra-substituters = [
+    disko.inputs.nixpkgs.follows = "nixpkgs";
-      "https://cache.nixos.org"
+
-      "https://nix-community.cachix.org"
+    home-manager.url = "github:nix-community/home-manager";
-    ];
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
-    extra-trusted-public-keys = [
+
-      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+    impermanence.url = "github:nix-community/impermanence";
-    ];
+
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
    nixos-generators.url = "github:nix-community/nixos-generators";
    clan-core.url = "git+https://git.clan.lol/clan/clan-core";
    clan-core.inputs.nixpkgs.follows = "nixpkgs";
    clan-core.inputs.flake-parts.follows = "flake-parts";
    ignis.url = "github:ignis-sh/ignis";
    ignis.inputs.nixpkgs.follows = "nixpkgs";
    matugen.url = "github:InioX/Matugen";
    matugen.inputs.nixpkgs.follows = "nixpkgs";
    flake-parts.url = "github:hercules-ci/flake-parts";
    flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
    srvos.url = "github:nix-community/srvos";
    srvos.inputs.nixpkgs.follows = "nixpkgs";
    vicinae.url = "github:vicinaehq/vicinae";
    vicinae.inputs.nixpkgs.follows = "nixpkgs";
    buildbot-nix.url = "github:nix-community/buildbot-nix";
    buildbot-nix.inputs.nixpkgs.follows = "nixpkgs";
    dankMaterialShell.url = "github:AvengeMedia/DankMaterialShell";
    dankMaterialShell.inputs.nixpkgs.follows = "nixpkgs";
  };
 }
--- a/home-manager/chat.nix
+++ b/home-manager/chat.nix
@@ -1,5 +1,14 @@
 { config, pkgs, ... }:
 {
  self,
  config,
  pkgs,
  ...
 }:
 {
  imports = [
    self.homeManagerModules.dotfiles
  ];
  home.packages = with pkgs; [ senpai ];
  xdg.configFile."senpai".source = "${config.dotfiles.path}/.config/senpai";
--- a/home-manager/cli.nix
+++ b/home-manager/cli.nix
@@ -1,8 +1,18 @@
 { config, pkgs, ... }:
 {
  self,
  config,
  pkgs,
  ...
 }:
 {
  imports = [
    self.homeManagerModules.dotfiles
  ];
  home.packages = with pkgs; [
    bottom
    btop
    comma
    difftastic
    doggo
    duf
@@ -42,6 +52,7 @@
  };
  xdg.configFile."git".source = "${config.dotfiles.path}/.config/git";
  xdg.configFile."jj/config.toml".source = "${config.dotfiles.path}/.config/jj/config.toml";
  xdg.configFile."task/taskrc".source = "${config.dotfiles.path}/.config/task/taskrc";
  home.sessionPath = [ "${config.dotfiles.path}/bin" ];
--- a/home-manager/common.nix
+++ b/home-manager/common.nix
--- a/home-manager/desktop/dank.nix
+++ b/home-manager/desktop/dank.nix
@@ -0,0 +1,8 @@
 { inputs, ... }:
 {
  imports = [
    inputs.dankMaterialShell.homeModules.dankMaterialShell.default
  ];
  programs.dankMaterialShell.enable = true;
 }
--- a/home-manager/desktop/default.nix
+++ b/home-manager/desktop/default.nix
@@ -3,6 +3,7 @@
  imports = [
    ./fonts.nix
    ./pass.nix
    ./terminal.nix
    ./wayland.nix
  ];
@@ -20,4 +21,14 @@
  };
  gtk.enable = true;
  gtk.iconTheme = {
    name = "WhiteSur";
    package = pkgs.whitesur-icon-theme.override {
      alternativeIcons = true;
      boldPanelIcons = true;
    };
  };
  qt.enable = true;
  qt.platformTheme.name = "gtk";
 }
--- a/home-manager/desktop/fonts.nix
+++ b/home-manager/desktop/fonts.nix
--- a/home-manager/desktop/gnome.nix
+++ b/home-manager/desktop/gnome.nix
--- a/home-manager/desktop/ignis.nix
+++ b/home-manager/desktop/ignis.nix
@@ -0,0 +1,38 @@
 {
  self,
  config,
  inputs,
  pkgs,
  ...
 }:
 {
  imports = [
    self.homeManagerModules.dotfiles
    inputs.ignis.homeManagerModules.default
  ];
  home.packages = [
    pkgs.brightnessctl
    pkgs.swaybg
    pkgs.swaylock
    pkgs.tofi
    pkgs.wl-gammarelay-rs
    inputs.matugen.packages.${pkgs.system}.default
  ];
  programs.ignis = {
    enable = true;
    addToPythonEnv = false;
    sass.enable = true;
    sass.useDartSass = true;
    services.bluetooth.enable = true;
    services.audio.enable = true;
    services.network.enable = true;
  };
  xdg.configFile."ignis".source =
    config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/rep/heath";
 }
--- a/home-manager/desktop/niri.nix
+++ b/home-manager/desktop/niri.nix
@@ -0,0 +1,9 @@
 { self, config, ... }:
 {
  imports = [
    self.homeManagerModules.dotfiles
    ./wayland.nix
  ];
  xdg.configFile."niri".source = "${config.dotfiles.path}/.config/niri";
 }
--- a/home-manager/desktop/pass.nix
+++ b/home-manager/desktop/pass.nix
@@ -9,6 +9,6 @@
  programs.gpg.enable = true;
  services.gpg-agent = {
    enable = true;
-    pinentryPackage = pkgs.pinentry-gnome3;
+    pinentry.package = pkgs.pinentry-gnome3;
  };
 }
--- a/home-manager/desktop/sway.nix
+++ b/home-manager/desktop/sway.nix
@@ -1,11 +1,18 @@
 { config, pkgs, ... }:
 {
  self,
  config,
  pkgs,
  ...
 }:
 {
  imports = [
    self.homeManagerModules.dotfiles
    ./wayland.nix
  ];
  home.packages = with pkgs; [
    alacritty
    ghostty
    tofi
    i3status-rust
    mako
    wlsunset
    kanshi
    grim
@@ -22,9 +29,4 @@
    "i3status-rust".source = "${config.dotfiles.path}/.config/i3status-rust";
    "tofi/config".source = "${config.dotfiles.path}/.config/tofi/config";
  };
  programs.alacritty.enable = true;
  xdg.configFile."alacritty".source = "${config.dotfiles.path}/.config/alacritty";
  xdg.configFile."ghostty/config".source = "${config.dotfiles.path}/.config/ghostty/config";
 }
--- a/home-manager/desktop/terminal.nix
+++ b/home-manager/desktop/terminal.nix
@@ -0,0 +1,22 @@
 {
  config,
  pkgs,
  self,
  ...
 }:
 {
  imports = [
    self.homeManagerModules.dotfiles
  ];
  home.packages = [
    pkgs.alacritty
    pkgs.ghostty
  ];
  programs.alacritty.enable = true;
  xdg.configFile."alacritty/alacritty.toml".source =
    "${config.dotfiles.path}/.config/alacritty/alacritty.toml";
  xdg.configFile."ghostty/config".source = "${config.dotfiles.path}/.config/ghostty/config";
 }
--- a/home-manager/desktop/vicinae.nix
+++ b/home-manager/desktop/vicinae.nix
@@ -0,0 +1,23 @@
 {
  config,
  inputs,
  lib,
  ...
 }:
 {
  imports = [
    inputs.vicinae.homeManagerModules.default
  ];
  services.vicinae = {
    enable = true;
    autoStart = true;
  };
  xdg.configFile."vicinae/vicinae.json".source =
    lib.mkForce "${config.dotfiles.path}/.config/vicinae/vicinae.json";
  xdg.configFile."matugen/config.toml".source = "${config.dotfiles.path}/.config/matugen/config.toml";
  xdg.configFile."matugen/templates/vicinae.toml".source =
    "${config.dotfiles.path}/.config/matugen/templates/vicinae.toml";
 }
--- a/home-manager/desktop/wayland.nix
+++ b/home-manager/desktop/wayland.nix
@@ -1,7 +1,6 @@
 { pkgs, ... }:
 {
  home.packages = with pkgs; [
    waypaper
    wl-clipboard
  ];
 }
--- a/home-manager/dev.nix
+++ b/home-manager/dev.nix
@@ -1,13 +1,30 @@
 { config, pkgs, ... }:
 {
  self,
  config,
  pkgs,
  ...
 }:
 {
  imports = [
    ./cli.nix
    ./helix.nix
    self.homeManagerModules.dotfiles
  ];
  home.packages = with pkgs; [
    devenv
    direnv
    gh
    hut
    jujutsu
    nix-output-monitor
    python3
    radicle-desktop
    radicle-node
    radicle-tui
    typescript-language-server
    nil # Nix language server
    nixfmt-rfc-style
    nixpkgs-review
  ];
  programs.direnv = {
@@ -17,4 +34,5 @@
  };
  xdg.configFile."hut/config".source = "${config.dotfiles.path}/.config/hut/config";
  home.file.".ssh/config".source = "${config.dotfiles.path}/.ssh/config";
 }
--- a/home-manager/dotfiles.nix
+++ b/home-manager/dotfiles.nix
@@ -5,7 +5,7 @@
      path = lib.mkOption {
        type = lib.types.path;
        apply = toString;
-        default = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/rep/dotfiles";
+        default = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/rep/flocon/home";
        example = "${config.home.homeDirectory}/.dotfiles";
        description = "Location of the dotfiles working copy";
      };
--- a/home-manager/flake-module.nix
+++ b/home-manager/flake-module.nix
@@ -0,0 +1,5 @@
 {
  flake.homeManagerModules = {
    dotfiles.imports = [ ./dotfiles.nix ];
  };
 }
--- a/home-manager/helix.nix
+++ b/home-manager/helix.nix
@@ -0,0 +1,22 @@
 {
  self,
  config,
  pkgs,
  ...
 }:
 {
  imports = [
    self.homeManagerModules.dotfiles
  ];
  home.packages = [ pkgs.helix ];
  programs.helix = {
    enable = true;
    defaultEditor = true;
  };
  xdg.configFile."helix/config.toml".source = "${config.dotfiles.path}/.config/helix/config.toml";
  xdg.configFile."helix/languages.toml".source =
    "${config.dotfiles.path}/.config/helix/languages.toml";
 }
--- a/home-manager/mail/default.nix
+++ b/home-manager/mail/default.nix
@@ -15,7 +15,7 @@
      realName = "Romain Paquet";
      primary = true;
      flavor = "migadu.com";
-      thunderbird.enable = true;
+      thunderbird.enable = config.programs.thunderbird.enable;
    };
    "admin@rpqt.fr" = {
@@ -40,5 +40,36 @@
      };
      thunderbird.enable = config.programs.thunderbird.enable;
    };
    "admin@turifer.dev" = {
      address = "admin@turifer.dev";
      aliases = [ "postmaster@turifer.dev" ];
      realName = "Postmaster";
      flavor = "migadu.com";
      thunderbird.enable = config.programs.thunderbird.enable;
    };
    "romain@student.agh.edu.pl" = {
      address = "romain@student.agh.edu.pl";
      aliases = [ "382799@student.agh.edu.pl" ];
      realName = "Romain Paquet";
      userName = "romain@student.agh.edu.pl";
      imap = {
        host = "poczta.agh.edu.pl";
        port = 993;
      };
      smtp = {
        host = "poczta.agh.edu.pl";
        port = 465;
      };
      thunderbird.enable = config.programs.thunderbird.enable;
    };
    "romain.pqt@gmail.com" = {
      address = "romain.pqt@gmail.com";
      realName = "Romain Paquet";
      flavor = "gmail.com";
      thunderbird.enable = config.programs.thunderbird.enable;
    };
  };
 }
--- a/home-manager/minecraft.nix
+++ b/home-manager/minecraft.nix
--- a/home/.clang-format
+++ b/home/.clang-format
@@ -0,0 +1,16 @@
 BasedOnStyle: LLVM
 IndentWidth: 8
 TabWidth: 8
 UseTab: Always
 ColumnLimit: 80
 IndentCaseLabels: false
 IndentGotoLabels: false
 BreakBeforeBraces: Custom
 BraceWrapping:
  AfterFunction: false
 AlwaysBreakAfterDefinitionReturnType: false
--- a/home/.config/alacritty/alacritty.toml
+++ b/home/.config/alacritty/alacritty.toml
@@ -0,0 +1,37 @@
 [general]
 live_config_reload = false
 import = ["~/.config/alacritty/themes/kanagawa_wave.toml"]
 [font]
 size = 14
 [font.bold]
 family = "Jetbrains Mono NF"
 style = "Bold"
 [font.bold_italic]
 family = "Jetbrains Mono NF"
 style = "Bold Italic"
 [font.italic]
 family = "Jetbrains Mono NF"
 style = "Italic"
 [font.normal]
 family = "Jetbrains Mono NF"
 style = "Regular"
 [[keyboard.bindings]]
 action = "CreateNewWindow"
 key = "Return"
 mods = "Control|Shift"
 [mouse]
 hide_when_typing = true
 [window]
 opacity = 1.0
 [window.padding]
 x = 4
 y = 4
--- a/home/.config/alacritty/themes/kanagawa_lotus.toml
+++ b/home/.config/alacritty/themes/kanagawa_lotus.toml
@@ -0,0 +1,35 @@
 [colors.primary]
 background = '#f2ecbc'
 foreground = '#545464'
 [colors.normal]
 black = "#1f1f28"
 red = "#c84053"
 green = "#6f894e"
 yellow = "#77713f"
 blue = "#4d699b"
 magenta = "#b35b79"
 cyan = "#597b75"
 white = "#545464"
 [colors.bright]
 black = "#8a8980"
 red = "#d7474b"
 green = "#6e915f"
 yellow = "#836f4a"
 blue = "#6693bf"
 magenta = "#624c83"
 cyan = "#5e857a"
 white = "#43436c"
 [colors.selection]
 background = '#c9cbd1'
 foreground = '#dcd7ba'
 [[colors.indexed_colors]]
 index = 16
 color = '#e98a00'
 [[colors.indexed_colors]]
 index = 17
 color = '#e82424'
--- a/home/.config/alacritty/themes/kanagawa_wave.toml
+++ b/home/.config/alacritty/themes/kanagawa_wave.toml
@@ -0,0 +1,35 @@
 [[colors.indexed_colors]]
 color = "0xffa066"
 index = 16
 [[colors.indexed_colors]]
 color = "0xff5d62"
 index = 17
 [colors.bright]
 black = "0x727169"
 blue = "0x7fb4ca"
 cyan = "0x7aa89f"
 green = "0x98bb6c"
 magenta = "0x938aa9"
 red = "0xe82424"
 white = "0xdcd7ba"
 yellow = "0xe6c384"
 [colors.normal]
 black = "0x090618"
 blue = "0x7e9cd8"
 cyan = "0x6a9589"
 green = "0x76946a"
 magenta = "0x957fb8"
 red = "0xc34043"
 white = "0xc8c093"
 yellow = "0xc0a36e"
 [colors.primary]
 background = "0x1f1f28"
 foreground = "0xdcd7ba"
 [colors.selection]
 background = "0x2d4f67"
 foreground = "0xc8c093"
--- a/home/.config/bat/config
+++ b/home/.config/bat/config
@@ -0,0 +1 @@
 --theme gruvbox-dark
--- a/home/.config/dotfiles/clone.sh
+++ b/home/.config/dotfiles/clone.sh
@@ -0,0 +1,29 @@
 #!/bin/sh
 DOTFILES_GIT_URL='git@git.sr.ht:~rpqt/dotfiles'
 # The first argument can be the destination folder
 if [ $# -eq 1 ]; then
  DOTFILES_DIR="$1"
 else
  DOTFILES_DIR="$HOME/.dotfiles"
 fi
 echo "$DOTFILES_DIR" >> "$HOME/.gitignore"
 git clone --bare "$DOTFILES_GIT_URL" "$DOTFILES_DIR"
 alias dotfiles='/usr/bin/git --git-dir=$DOTFILES_DIR --work-tree=$HOME'
 dotfiles config --local status.showUntrackedFiles no
 dotfiles checkout
 tee "$HOME/.config/git/config" >/dev/null <<EOT
 [include]
  path = ~/.config/git/common.gitconfig
  path = ~/.config/git/local.gitconfig
 EOT
 unset DOTFILES_DIR
 unset DOTFILES_GIT_URL
--- a/home/.config/ghostty/config
+++ b/home/.config/ghostty/config
@@ -0,0 +1,6 @@
 theme = dark:Kanagawa Wave,light:Builtin Light
 font-feature = -liga
 font-feature = -calt
 font-feature = -dlig
 font-size = 14
 window-inherit-working-directory = false
--- a/home/.config/git/common.gitconfig
+++ b/home/.config/git/common.gitconfig
@@ -0,0 +1,54 @@
 [user]
 	email = rpqt@rpqt.fr
 	name = Romain Paquet
 [init]
 	defaultBranch = main
 [core]
 	excludesfile = ~/.config/git/ignore
 [filter "lfs"]
 	clean = git-lfs clean -- %f
 	smudge = git-lfs smudge -- %f
 	process = git-lfs filter-process
 	required = true
 [color]
 	ui = auto
 [sendemail]
 	smtpserver = smtp.migadu.com
 	smtpuser = rpqt@rpqt.fr
 	smtpencryption = ssl
 	smtpserverport = 465
 [diff]
 	colormoved = "default"
 	colormovedws = "allow-indentation-change"
 [alias]
 	a = add
 	s = status
 	c = commit
 	news = -c diff.external=difft log -p HEAD@{1}..HEAD@{0} --ext-diff
 	dlog = -c diff.external=difft log -p --ext-diff
 	dshow = -c diff.external=difft show --ext-diff
    dft = -c diff.external=difft diff
 	lg1 = log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%s%C(reset) %C(dim white)- %an%C(reset)%C(auto)%d%C(reset)' --all
 	lg2 = log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold cyan)%aD%C(reset) %C(bold green)(%ar)%C(reset)%C(auto)%d%C(reset)%n''          %C(white)%s%C(reset) %C(dim white)- %an%C(reset)'
 [column]
 	ui = auto
 [branch]
 	sort = -committerdate
 [tag]
 	sort = version:refname
 [push]
 	autoSetupRemote = true
 	followTags = true
 [help]
 	autocorrect = prompt
 [commit]
 	verbose = true
 [rerere]
 	enabled = true
 	autoupdate = true
 [rebase]
 	autoSquash = true
 	autoStash = true
 	updateRefs = true
 [pull]
 	rebase = true
--- a/home/.config/git/config
+++ b/home/.config/git/config
@@ -0,0 +1,5 @@
 [include]
  path = ~/.config/git/common.gitconfig
  path = ~/.config/git/local.gitconfig
 [includeIf "gitdir:~/imag/"]
 	path = ~/.config/git/ensimag.gitconfig
--- a/home/.config/git/ensimag.gitconfig
+++ b/home/.config/git/ensimag.gitconfig
@@ -0,0 +1,3 @@
 [user]
 	name = "Romain Paquet"
 	email = romain.paquet@grenoble-inp.org
--- a/home/.config/git/ignore
+++ b/home/.config/git/ignore
@@ -0,0 +1,4 @@
 /.direnv
 /.helix
 /.settings
 /.classpath
--- a/home/.config/helix/config.toml
+++ b/home/.config/helix/config.toml
@@ -0,0 +1,21 @@
 theme = "kanagawa"
 [editor]
 line-number = "absolute"
 auto-completion = true
 auto-format = true
 end-of-line-diagnostics = "hint"
 [editor.cursor-shape]
 insert = "bar"
 normal = "block"
 [editor.statusline]
 left = ["mode", "spinner", "file-name"]
 right = ["diagnostics", "file-encoding", "file-type", "position"]
 mode.normal = "NORMAL"
 mode.insert = "INSERT"
 mode.select = "SELECT"
 [editor.inline-diagnostics]
 cursor-line = "error"
--- a/home/.config/helix/languages.toml
+++ b/home/.config/helix/languages.toml
@@ -0,0 +1,60 @@
 [[language]]
 name = "c"
 scope = "source.c"
 file-types = ["c", "h"]
 indent = { tab-width = 4, unit = "\t" }
 auto-format = true
 language-servers = [ { name = "clangd" } ]
 [language-server.clangd]
 command = "clangd"
 args = ["--header-insertion=never"]
 [[language]]
 name = "rust"
 language-servers = [ "rust-analyzer" ]
 auto-format = true
 [language-server.rust-analyzer.config]
 check.command = "clippy"
 [language-server.deno-lsp]
 command = "deno"
 args = ["lsp"]
 [language-server.deno-lsp.config.deno]
 enable = true
 lint = true
 suggest.imports.hosts = { "https://deno.land" = true }
 [[language]]
 name = "typescript"
 file-types = ["ts"]
 language-servers = ["deno-lsp"]
 [[language]]
 name = "djot"
 scope = "source.djot"
 file-types = ["dj"]
 [[grammar]]
 name = "djot"
 source = { git = "https://github.com/treeman/tree-sitter-djot", rev = "master" }
 [[language]]
 name = "nix"
 formatter = { command = "nixfmt" }
 [[language]]
 name = "java"
 formatter = { command = "google-java-format", args = ["--aosp"] }
 auto-format = true
 [[language]]
 name = "hcl"
 formatter = { command = "tofu", args = ["fmt", "-"] }
 auto-format = true
 [[language]]
 name = "vento"
 indent = { tab-width = 2, unit = "\t" }
--- a/home/.config/hut/config
+++ b/home/.config/hut/config
@@ -0,0 +1,3 @@
 instance "sr.ht" {
 	access-token-cmd pass oauth/sr.ht-hut@haze
 }
--- a/home/.config/i3bar-river/bottom-config.toml
+++ b/home/.config/i3bar-river/bottom-config.toml
@@ -0,0 +1,6 @@
 font = "JetBrains Mono NF Bold 12"
 height = 24
 background = "#000000"
 command = "i3status-rs ~/.config/i3status-rust/bottom-config.toml"
 position = "bottom"
 show_tags = false
--- a/home/.config/i3bar-river/config.toml
+++ b/home/.config/i3bar-river/config.toml
@@ -0,0 +1,10 @@
 font = "JetBrains Mono NF Bold 12"
 height = 24
 background = "#000000"
 command = "i3status-rs"
 tags_margin = 0.0
 tags_padding = 8.0
 tag_fg = "#727169"
 tag_bg = "#000000"
 tag_focused_fg = "#dcd7ba"
 tag_focused_bg = "#000000"
--- a/home/.config/i3status-rust/bottom-config.toml
+++ b/home/.config/i3status-rust/bottom-config.toml
@@ -0,0 +1,53 @@
 [theme]
 theme = "kanagawa"
 [theme.overrides]
 separator = "<span size='13000'></span>"
 [icons]
 icons = "material-nf"
 [[block]]
 block = "privacy"
 [[block.driver]]
 name = "pipewire"
 [[block]]
 block = "music"
 format = " $icon {$combo.str(max_w:70) $prev $next |}"
 [[block.click]]
 button = "left"
 action = "play_pause"
 [[block]]
 block = "bluetooth"
 mac = "20:74:CF:B5:B7:7A"
 format = " $icon $name{ $percentage|} "
 disconnected_format = ""
 [[block]]
 block = "bluetooth"
 mac = "28:11:A5:6B:44:8B"
 format = " $icon $name{ $percentage|} "
 disconnected_format = ""
 [[block]]
 block = "bluetooth"
 mac = "00:1E:7C:50:24:8F"
 format = " $icon $name{ $percentage|} "
 disconnected_format = ""
 [[block]]
 block = "toggle"
 format = " $icon ensivpn "
 command_state = 'nmcli -f general.state con show Ensimag-VPN-ETU-udp | grep -v deactivated'
 command_on = "pass show web/ensimag.fr | head -n 1 | nmcli c up Ensimag-VPN-ETU-udp --ask"
 command_off = "nmcli c down Ensimag-VPN-ETU-udp"
 [[block]]
 block = "net"
 interval = 10
 device = "wlan0"
 format = " $icon {$ssid|$device} "
 [[block.click]]
 button = "left"
 cmd = "iwgtk"
--- a/home/.config/i3status-rust/config.toml
+++ b/home/.config/i3status-rust/config.toml
@@ -0,0 +1,78 @@
 [theme]
 theme = "kanagawa"
 [theme.overrides]
 separator = "<span size='17000'></span>"
 [icons]
 icons = "material-nf"
 [icons.overrides]
 sleep = "󰒲"
 no_sleep = "󰒳"
 [[block]]
 block = "toggle"
 format = " $icon  "
 command_state = "pgrep swayidle"
 command_on = "swaymsg 'exec swayidle -w'"
 command_off = "pkill swayidle"
 icon_on = "sleep"
 icon_off = "no_sleep"
 [[block]]
 block = "toggle"
 format = "  $icon  "
 command_state = 'if [ "$($HOME/bin/darkmode status)" = "dark" ]; then echo y; fi'
 command_on = "$HOME/bin/darkmode toggle"
 command_off = "$HOME/bin/darkmode toggle"
 [[block]]
 block = "hueshift"
 format = " 󱩌 {$temperature} "
 click_temp = 4000
 [[block]]
 block = "backlight"
 format = " $icon $brightness.eng(width:1) "
 step_width = 1
 minimum = 1
 [[block]]
 block = "sound"
 driver = "pulseaudio"
 headphones_indicator = true
 show_volume_when_muted = true
 format = " $icon $volume.eng(width:1) "
 [[block.click]]
 button = "left"
 cmd = "pavucontrol"
 [block.theme_overrides]
 warning_bg = { link = "idle_bg" }
 warning_fg = { link = "idle_fg"}
 idle_bg = { link = "info_bg" }
 idle_fg = { link = "info_fg"}
 [[block]]
 block = "battery"
 interval = 30
 format = " $icon $percentage "
 full_format = " $icon $percentage "
 [[block]]
 block = "keyboard_layout"
 driver = "sway"
 sway_kb_identifier = "1267:12613:ASUE140C:00_04F3:3145_Keyboard"
 format = "  $layout "
 [[block.click]]
 button = "left"
 cmd = "swaymsg input '1267:12613:ASUE140C:00_04F3:3145_Keyboard' xkb_switch_layout next"
 [block.mappings]
 "French (N/A)" = "fr"
 "English (Colemak-DH)" = "colemak-dh"
 "English (US)" = "en"
 [[block]]
 block = "time"
 interval = 10
 [block.format]
 full = " $icon $timestamp.datetime(f:'%a %d/%m/%y %R', l:fr_FR) "
 short = " $icon $timestamp.datetime(f:'%R')"
--- a/home/.config/i3status-rust/themes/kanagawa.toml
+++ b/home/.config/i3status-rust/themes/kanagawa.toml
@@ -0,0 +1,14 @@
 idle_bg = "#151515"
 idle_fg = "#dcd7ba"
 info_bg = "#2d4f67"
 info_fg = "#dcd7ba"
 good_bg = "#151515"
 good_fg = "#98971a"
 warning_bg = "#ff9e3b"
 warning_fg = "#16161D"
 critical_bg = "#e82424"
 critical_fg = "#dcd7ba"
 separator = "\ue0b2"
 separator_bg = "auto"
 separator_fg = "auto"
 alternating_tint_bg = "#151515"
--- a/home/.config/jj/config.toml
+++ b/home/.config/jj/config.toml
@@ -0,0 +1,54 @@
 "$schema" = "https://jj-vcs.github.io/jj/latest/config-schema.json"
 [ui]
 default-command = ["log", "--no-pager"]
 diff-formatter = ["difft", "--color=always", "$left", "$right"]
 diff-editor = ":builtin"
 [user]
 name = "Romain Paquet"
 email = "rpqt@rpqt.fr"
 [git]
 write-change-id-header = true
 [revset-aliases]
 'closest_pushable(to)' = 'heads(::to & mutable() & ~description(exact:"") & (~empty() | merges()))'
 [aliases]
 s = ["status", "--no-pager"]
 tug = ["bookmark", "move", "--from", "heads(::@ & bookmarks())", "--to", "closest_pushable(@)"]
 [[--scope]]
 --when.repositories = ["~/agh"]
 [--scope.user]
 email = "romain@student.agh.edu.pl"
 [[--scope]]
 --when.repositories = ["~/imag"]
 [--scope.user]
 email = "romain.paquet@grenoble-inp.org"
 # After this line everything is taken from https://andre.arko.net/2025/09/28/stupid-jj-tricks
 [templates]
 draft_commit_description = '''
  concat(
    coalesce(description, default_commit_description, "\n"),
    surround(
      "\nJJ: This commit contains the following changes:\n", "",
      indent("JJ:     ", diff.stat(72)),
    ),
    "\nJJ: ignore-rest\n",
    diff.git(),
  )
 '''
 log_node = '''
 if(self && !current_working_copy && !immutable && !conflict && in_branch(self),
  "◇",
  builtin_log_node
 )
 '''
 [template-aliases]
 "in_branch(commit)" = 'commit.contained_in("immutable_heads()..bookmarks()")'
--- a/home/.config/kanshi/config
+++ b/home/.config/kanshi/config
@@ -0,0 +1,5 @@
 profile mirror-hdmi {
    output eDP-1 enable mode 1920x1080 position 0,0
    output HDMI-A-1 enable mode 1920x1080 position 1920,0
    exec wl-present mirror eDP-1 --fullscreen-output HDMI-A-1 --fullscreen
 }
--- a/home/.config/kmonad/config.kbd
+++ b/home/.config/kmonad/config.kbd
@@ -0,0 +1,46 @@
 (defcfg
  input (device-file "/dev/input/by-path/platform-i8042-serio-0-event-kbd")
  output (uinput-sink "KMonad laptop keyboard output")
  fallthrough true
 )
 (defsrc
  esc  f1   f2   f3   f4   f5   f6   f7   f8   f9   f10  f11  f12  prnt ins  del
  grv  1    2    3    4    5    6    7    8    9    0    -    =    bspc home
  tab  q    w    e    r    t    y    u    i    o    p    [    ]    \    pgup
  caps a    s    d    f    g    h    j    k    l    ;    '    ret       pgdn
  lsft z    x    c    v    b    n    m    ,    .    /    rsft           end
  lctl      lmet lalt         spc         ralt rctl
 )
 (defalias
  maj (layer-toggle azerty-shift)
  agr (layer-toggle azerty-altgr)
 )
 (deflayer azerty
  esc  f1   f2   f3   f4   f5   f6   f7   f8   f9   f10  f11  f12  prnt ins  del
  grv  &    é    "    '    \(   -    è    \_   ç    à    \)   =    bspc home
  tab  a    z    e    r    t    y    u    i    o    p    ^    $    *    pgup
  caps q    s    d    f    g    h    j    k    l    m    ù    ret       pgdn
  @maj w    x    c    v    b    n    ,    ;    :    !    rsft           end
  lctl      lmet lalt         spc         @agr rctl
 )
 (deflayer azerty-shift
  _    _    _    _    _    _    _    _    _    _    _    _    _    _    _    _
  _    1    2    3    4    5    6    7    8    9    0    °    +    _    _
  _    a    _    _    _    _    _    _    _    _    _    _    £    µ    _
  _    _    _    _    _    _    _    _    _    _    _    %    _         _
  @maj _    _    _    _    _    _    ?    .    /    §    rsft           _
  lctl      lmet lalt         spc         ralt rctl
 )
 (deflayer azerty-altgr
  _    _    _    _    _    _    _    _    _    _    _    _    _    _    _    _
  _    _    ~    #    {    [    |    grv  \    ^    @    ]    }    _    _
  _    _    _    _    _    _    _    _    _    _    _    _    _    _    _
  _    _    _    _    _    _    _    _    _    _    _    _    _         _
  _    _    _    _    _    _    _    _    _    _    _    rsft           _
  lctl      lmet lalt         spc         @agr rctl
 )
--- a/home/.config/matugen/config.toml
+++ b/home/.config/matugen/config.toml
@@ -0,0 +1,6 @@
 [config]
 [templates.vicinae]
 input_path = '~/.config/matugen/templates/vicinae.toml'
 output_path = '~/.local/share/vicinae/themes/matugen.toml'
 post_hook = 'vicinae theme set matugen'
--- a/home/.config/matugen/templates/vicinae.toml
+++ b/home/.config/matugen/templates/vicinae.toml
@@ -0,0 +1,127 @@
 # Vicinae Matugen Theme Template
 # Used LLM for initial generation, then modified to a satisfactory level
 [meta]
 name = "Matugen"
 description = "Material You theme generated by Matugen - {{mode}} variant"
 variant = "{{mode}}"
 # ============================================================================
 # Core Colors
 # ============================================================================
 [colors.core]
 accent = "{{colors.primary.default.hex}}"
 accent_foreground = "{{colors.on_primary.default.hex}}"
 background = "{{colors.surface.default.hex}}"
 foreground = "{{colors.on_surface.default.hex}}"
 secondary_background = "{{colors.surface_container.default.hex}}"
 border = "{{colors.outline_variant.default.hex}}"
 # ============================================================================
 # Window Borders
 # ============================================================================
 [colors.main_window]
 border = "{{colors.outline_variant.default.hex}}"
 [colors.settings_window]
 border = "{{colors.outline.default.hex}}"
 # ============================================================================
 # Accent Palette
 # ============================================================================
 [colors.accents]
 blue = "{{colors.primary.default.hex}}"
 green = "{{colors.tertiary.default.hex}}"
 magenta = "{{colors.secondary.default.hex}}"
 orange = { name = "{{colors.error.default.hex}}", lighter = 40 }
 red = "{{colors.error.default.hex}}"
 yellow = { name = "{{colors.tertiary.default.hex}}", lighter = 80 }
 cyan = { name = "{{colors.primary.default.hex}}", lighter = 50 }
 purple = "{{colors.secondary.default.hex}}"
 # ============================================================================
 # Text System
 # ============================================================================
 [colors.text]
 default = "{{colors.on_surface.default.hex}}"
 muted = "{{colors.on_surface_variant.default.hex}}"
 danger = "{{colors.error.default.hex}}"
 success = "{{colors.tertiary.default.hex}}"
 placeholder = { name = "{{colors.on_surface_variant.default.hex}}", opacity = 0.6 }
 [colors.text.selection]
 background = "{{colors.primary.default.hex}}"
 foreground = "{{colors.on_primary.default.hex}}"
 [colors.text.links]
 default = "{{colors.primary.default.hex}}"
 visited = { name = "{{colors.tertiary.default.hex}}", darker = 20 }
 # ============================================================================
 # Input Fields
 # ============================================================================
 [colors.input]
 border = "{{colors.outline.default.hex}}"
 border_focus = "{{colors.primary.default.hex}}"
 border_error = "{{colors.error.default.hex}}"
 # ============================================================================
 # Buttons
 # ============================================================================
 [colors.button.primary]
 background = "{{colors.surface_container_high.default.hex}}"
 foreground = "{{colors.on_surface.default.hex}}"
 [colors.button.primary.hover]
 background = "{{colors.surface_container_highest.default.hex}}"  
 [colors.button.primary.focus]
 outline = "{{colors.primary.default.hex}}"
 # ============================================================================
 # Lists
 # ============================================================================
 [colors.list.item.hover]
 background = { name = "{{colors.primary_container.default.hex}}", opacity = 0.25 }  
 foreground = "{{colors.on_surface.default.hex}}"
 [colors.list.item.selection]
 background = { name = "{{colors.primary_container.default.hex}}", opacity = 0.50 }
 foreground = "{{colors.on_primary_container.default.hex}}"
 secondary_background = "{{colors.primary_container.default.hex}}"
 secondary_foreground = "{{colors.on_primary_container.default.hex}}"
 # ============================================================================
 # Grid Items
 # ============================================================================
 [colors.grid.item]
 background = "{{colors.surface_container.default.hex}}"
 [colors.grid.item.hover]
 outline = { name = "{{colors.secondary.default.hex}}", opacity = 0.8 }
 [colors.grid.item.selection]
 outline = { name = "{{colors.primary.default.hex}}" }
 # ============================================================================
 # Scrollbars
 # ============================================================================
 [colors.scrollbars]
 background = { name = "{{colors.primary.default.hex}}", opacity = 0.2 }
 # ============================================================================
 # Loading States
 # ============================================================================
 [colors.loading]
 bar = "{{colors.primary.default.hex}}"
 spinner = "{{colors.primary.default.hex}}"
--- a/home/.config/mpd/mpd.conf
+++ b/home/.config/mpd/mpd.conf
@@ -0,0 +1,10 @@
 music_directory "~/Music"
 playlist_directory "~/.config/mpd/playlists"
 db_file	"~/.config/mpd/database"
 restore_paused "yes"
 state_file "~/.local/state/mpd"
 audio_output {
 	type "pipewire"
 	name "pipewire"
 }
--- a/home/.config/niri/.gitignore
+++ b/home/.config/niri/.gitignore
@@ -0,0 +1 @@
 dms
--- a/home/.config/niri/config.kdl
+++ b/home/.config/niri/config.kdl
@@ -0,0 +1,361 @@
 input {
    keyboard {
        xkb {
            layout "fr,us(colemak_dh),us"
            options "grp:win_space_toggle"
        }
    }
    touchpad {
        tap
        natural-scroll
    }
    // Make the mouse warp to the center of newly focused windows.
    // warp-mouse-to-focus
    // Focus windows and outputs automatically when moving the mouse into them.
    // Setting max-scroll-amount="0%" makes it work only on windows already fully on screen.
    focus-follows-mouse max-scroll-amount="0%"
 }
 output "eDP-1" {
    mode "1920x1080@60.049"
    scale 1
    position x=360 y=1440
 }
 output "HDMI-A-1" {
    mode "3840x2160@60.000"
    scale 1.5
    position x=0 y=0
 }
 layout {
    gaps 8
    center-focused-column "never"
    // You can customize the widths that "switch-preset-column-width" (Mod+R) toggles between.
    preset-column-widths {
        // Proportion sets the width as a fraction of the output width, taking gaps into account.
        // For example, you can perfectly fit four windows sized "proportion 0.25" on an output.
        // The default preset widths are 1/3, 1/2 and 2/3 of the output.
        proportion 0.33333
        proportion 0.5
        proportion 0.66667
        // Fixed sets the width in logical pixels exactly.
        // fixed 1920
    }
    // You can also customize the heights that "switch-preset-window-height" (Mod+Shift+R) toggles between.
    // preset-window-heights { }
    // You can change the default width of the new windows.
    default-column-width { proportion 0.5; }
    // If you leave the brackets empty, the windows themselves will decide their initial width.
    // You can change how the focus ring looks.
    focus-ring {
        off
        // How many logical pixels the ring extends out from the windows.
        width 3
        // Color of the ring on the active monitor.
        active-color "#101010"
        // Color of the ring on inactive monitors.
        inactive-color "#505050"
    }
    border {
        width 2
        // Color of the ring on the active monitor.
        // active-color "#3d5f77"
        active-color "#101010"
        // Color of the ring on inactive monitors.
        inactive-color "#101010"
    }
    shadow {
        // on
        softness 10
        spread 5
        offset x=0 y=0
        draw-behind-window true
        color "#00000070"
    }
 }
 prefer-no-csd
 cursor {
    hide-when-typing
 }
 window-rule {
    match app-id=r#"^firefox$"#
    open-maximized true
    focus-ring {
        off
    }
 }
 window-rule {
    match app-id=r#"^thunderbird$"#
    open-maximized true
    focus-ring {
        off
    }
 }
 // Open the Firefox picture-in-picture player as floating by default.
 window-rule {
    // This app-id regular expression will work for both:
    // - host Firefox (app-id is "firefox")
    // - Flatpak Firefox (app-id is "org.mozilla.firefox")
    match app-id=r#"firefox$"# title="^Picture-in-Picture$"
    open-floating true
 }
 // Enable rounded corners for all windows.
 window-rule {
    geometry-corner-radius 10
    clip-to-geometry true
 }
 binds {
    // Keys consist of modifiers separated by + signs, followed by an XKB key name
    // in the end. To find an XKB name for a particular key, you may use a program
    // like wev.
    //
    // "Mod" is a special modifier equal to Super when running on a TTY, and to Alt
    // when running as a winit window.
    //
    // Most actions that you can bind here can also be invoked programmatically with
    // `niri msg action do-something`.
    // Show a list of important hotkeys.
    Mod+Shift+Comma { show-hotkey-overlay; }
    // Suggested binds for running programs: terminal, app launcher, screen locker.
    Mod+Return { spawn "ghostty" "+new-window"; }
    // Mod+D { spawn "dms" "ipc" "call" "spotlight" "toggle"; }
    Mod+D { spawn "vicinae" "toggle"; }
    Super+Alt+L hotkey-overlay-title="Lock session" { spawn "loginctl" "lock-session"; }
    XF86AudioRaiseVolume allow-when-locked=true { spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.05+"; }
    XF86AudioLowerVolume allow-when-locked=true { spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.05-"; }
    XF86AudioMute        allow-when-locked=true { spawn "wpctl" "set-mute" "@DEFAULT_AUDIO_SINK@" "toggle"; }
    XF86AudioMicMute     allow-when-locked=true { spawn "wpctl" "set-mute" "@DEFAULT_AUDIO_SOURCE@" "toggle"; }
    XF86MonBrightnessDown { spawn "brightnessctl" "set" "5%-"; }
    XF86MonBrightnessUp   { spawn "brightnessctl" "set" "+5%"; }
    // XF86MonBrightnessUp allow-when-locked=true {
       // spawn "dms" "ipc" "call" "brightness" "increment" "5" "";
    // }
    // XF86MonBrightnessDown allow-when-locked=true {
       // spawn "dms" "ipc" "call" "brightness" "decrement" "5" "";
    // }  
    XF86AudioPlay { spawn "playerctl" "play-pause"; }
    XF86AudioNext { spawn "playerctl" "next"; }
    XF86AudioPrev { spawn "playerctl" "previous"; }
    XF86Search    { spawn "tofi-drun" "--drun-launch=true"; }
    Mod+W { close-window; }
    Mod+Left  { focus-column-left; }
    Mod+Down  { focus-window-down; }
    Mod+Up    { focus-window-up; }
    Mod+Right { focus-column-right; }
    Mod+H     { focus-column-left; }
    Mod+J     { focus-window-down; }
    Mod+K     { focus-window-up; }
    Mod+L     { focus-column-right; }
    Mod+Ctrl+Left  { move-column-left; }
    Mod+Ctrl+Down  { move-window-down; }
    Mod+Ctrl+Up    { move-window-up; }
    Mod+Ctrl+Right { move-column-right; }
    Mod+Ctrl+H     { move-column-left; }
    Mod+Ctrl+J     { move-window-down; }
    Mod+Ctrl+K     { move-window-up; }
    Mod+Ctrl+L     { move-column-right; }
    // Alternative commands that move across workspaces when reaching
    // the first or last window in a column.
    // Mod+J     { focus-window-or-workspace-down; }
    // Mod+K     { focus-window-or-workspace-up; }
    // Mod+Ctrl+J     { move-window-down-or-to-workspace-down; }
    // Mod+Ctrl+K     { move-window-up-or-to-workspace-up; }
    Mod+Home { focus-column-first; }
    Mod+End  { focus-column-last; }
    Mod+Ctrl+Home { move-column-to-first; }
    Mod+Ctrl+End  { move-column-to-last; }
    Mod+Shift+Left  { focus-monitor-left; }
    Mod+Shift+Down  { focus-monitor-down; }
    Mod+Shift+Up    { focus-monitor-up; }
    Mod+Shift+Right { focus-monitor-right; }
    Mod+Shift+H     { focus-monitor-left; }
    Mod+Shift+J     { focus-monitor-down; }
    Mod+Shift+K     { focus-monitor-up; }
    Mod+Shift+L     { focus-monitor-right; }
    Mod+Shift+Ctrl+Left  { move-column-to-monitor-left; }
    Mod+Shift+Ctrl+Down  { move-column-to-monitor-down; }
    Mod+Shift+Ctrl+Up    { move-column-to-monitor-up; }
    Mod+Shift+Ctrl+Right { move-column-to-monitor-right; }
    Mod+Shift+Ctrl+H     { move-column-to-monitor-left; }
    Mod+Shift+Ctrl+J     { move-column-to-monitor-down; }
    Mod+Shift+Ctrl+K     { move-column-to-monitor-up; }
    Mod+Shift+Ctrl+L     { move-column-to-monitor-right; }
    // Alternatively, there are commands to move just a single window:
    // Mod+Shift+Ctrl+Left  { move-window-to-monitor-left; }
    // ...
    // And you can also move a whole workspace to another monitor:
    // Mod+Shift+Ctrl+Left  { move-workspace-to-monitor-left; }
    // ...
    Mod+Page_Down      { focus-workspace-down; }
    Mod+Page_Up        { focus-workspace-up; }
    Mod+U              { focus-workspace-down; }
    Mod+I              { focus-workspace-up; }
    Mod+Ctrl+Page_Down { move-column-to-workspace-down; }
    Mod+Ctrl+Page_Up   { move-column-to-workspace-up; }
    Mod+Ctrl+U         { move-column-to-workspace-down; }
    Mod+Ctrl+I         { move-column-to-workspace-up; }
    // Alternatively, there are commands to move just a single window:
    // Mod+Ctrl+Page_Down { move-window-to-workspace-down; }
    // ...
    Mod+Shift+Page_Down { move-workspace-down; }
    Mod+Shift+Page_Up   { move-workspace-up; }
    Mod+Shift+U         { move-workspace-down; }
    Mod+Shift+I         { move-workspace-up; }
    // You can bind mouse wheel scroll ticks using the following syntax.
    // These binds will change direction based on the natural-scroll setting.
    //
    // To avoid scrolling through workspaces really fast, you can use
    // the cooldown-ms property. The bind will be rate-limited to this value.
    // You can set a cooldown on any bind, but it's most useful for the wheel.
    Mod+WheelScrollDown      cooldown-ms=150 { focus-workspace-down; }
    Mod+WheelScrollUp        cooldown-ms=150 { focus-workspace-up; }
    Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; }
    Mod+Ctrl+WheelScrollUp   cooldown-ms=150 { move-column-to-workspace-up; }
    Mod+WheelScrollRight      { focus-column-right; }
    Mod+WheelScrollLeft       { focus-column-left; }
    Mod+Ctrl+WheelScrollRight { move-column-right; }
    Mod+Ctrl+WheelScrollLeft  { move-column-left; }
    // Usually scrolling up and down with Shift in applications results in
    // horizontal scrolling; these binds replicate that.
    Mod+Shift+WheelScrollDown      { focus-column-right; }
    Mod+Shift+WheelScrollUp        { focus-column-left; }
    Mod+Ctrl+Shift+WheelScrollDown { move-column-right; }
    Mod+Ctrl+Shift+WheelScrollUp   { move-column-left; }
    // You can refer to workspaces by index. However, keep in mind that
    // niri is a dynamic workspace system, so these commands are kind of
    // "best effort". Trying to refer to a workspace index bigger than
    // the current workspace count will instead refer to the bottommost
    // (empty) workspace.
    //
    // For example, with 2 workspaces + 1 empty, indices 3, 4, 5 and so on
    // will all refer to the 3rd workspace.
    Mod+ampersand { focus-workspace 1; }
    Mod+2 { focus-workspace 2; }
    Mod+quotedbl { focus-workspace 3; }
    Mod+apostrophe { focus-workspace 4; }
    Mod+parenleft { focus-workspace 5; }
    Mod+minus { focus-workspace 6; }
    Mod+7 { focus-workspace 7; }
    Mod+underscore { focus-workspace 8; }
    Mod+9 { focus-workspace 9; }
    Mod+Ctrl+1 { move-column-to-workspace 1; }
    Mod+Ctrl+2 { move-column-to-workspace 2; }
    Mod+Ctrl+3 { move-column-to-workspace 3; }
    Mod+Ctrl+4 { move-column-to-workspace 4; }
    Mod+Ctrl+5 { move-column-to-workspace 5; }
    Mod+Ctrl+6 { move-column-to-workspace 6; }
    Mod+Ctrl+7 { move-column-to-workspace 7; }
    Mod+Ctrl+8 { move-column-to-workspace 8; }
    Mod+Ctrl+9 { move-column-to-workspace 9; }
    // Switches focus between the current and the previous workspace.
    Mod+Tab { focus-workspace-previous; }
    // The following binds move the focused window in and out of a column.
    // If the window is alone, they will consume it into the nearby column to the side.
    // If the window is already in a column, they will expel it out.
    Mod+BracketLeft  { consume-or-expel-window-left; }
    Mod+BracketRight { consume-or-expel-window-right; }
    // Consume one window from the right to the bottom of the focused column.
    Mod+Comma  { consume-window-into-column; }
    // Expel the bottom window from the focused column to the right.
    Mod+Semicolon { expel-window-from-column; }
    Mod+R { switch-preset-column-width; }
    Mod+Shift+R { switch-preset-window-height; }
    Mod+Ctrl+R { reset-window-height; }
    Mod+F { maximize-column; }
    Mod+Shift+F { fullscreen-window; }
    Mod+C { center-column; }
    Mod+Escape { toggle-overview; }
    // Finer height adjustments when in column with other windows.
    Mod+Shift+Minus { set-window-height "-10%"; }
    Mod+Shift+Equal { set-window-height "+10%"; }
    // Move the focused window between the floating and the tiling layout.
    Mod+V       { toggle-window-floating; }
    Mod+Shift+V { switch-focus-between-floating-and-tiling; }
    Print { screenshot; }
    Ctrl+Print { screenshot-screen; }
    Alt+Print { screenshot-window; }
    // The quit action will show a confirmation dialog to avoid accidental exits.
    Mod+Shift+E { quit; }
    Ctrl+Alt+Delete { quit; }
    // Powers off the monitors. To turn them back on, do any input like
    // moving the mouse or pressing any other key.
    Mod+Shift+P { power-off-monitors; }
    Mod+N hotkey-overlay-title="Open notes" {
        spawn-sh "ghostty -e hx --working-dir ~/notes ~/notes/notes.dj:9999";
    }
 }
 screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png"
 spawn-at-startup "dms" "run"
 spawn-at-startup "kdeconnect-indicator"
 spawn-at-startup "~/rep/flocon/home/bin/monitor-dark-mode.sh"
 spawn-at-startup "xwayland-satellite"
 environment {
    DISPLAY ":0"
 }
 hotkey-overlay {
    skip-at-startup
 }
 layer-rule {
    match namespace="dms:blurwallpaper"
    place-within-backdrop true
 }
--- a/home/.config/nushell/config.nu
+++ b/home/.config/nushell/config.nu
@@ -0,0 +1,9 @@
 alias ls = eza
 alias ll = eza -l
 alias lla = eza -la
 alias h = hx
 alias g = git
 # Load starship prompt
 mkdir ($nu.data-dir | path join "vendor/autoload")
 starship init nu | save -f ($nu.data-dir | path join "vendor/autoload/starship.nu")
--- a/home/.config/senpai/senpai.scfg
+++ b/home/.config/senpai/senpai.scfg
@@ -0,0 +1,4 @@
 address chat.sr.ht
 nickname rpqt
 username rpqt
 password-cmd pass show oauth/sr.ht-senpai-irc
--- a/home/.config/sh/aliases.sh
+++ b/home/.config/sh/aliases.sh
@@ -0,0 +1,24 @@
 alias dotfiles="/usr/bin/git --git-dir=$HOME/.dotfiles/ --work-tree=$HOME"
 alias dots=dotfiles
 if command -v helix >/dev/null; then
  alias h='helix'
 else
  alias h='hx'
 fi
 if command -v eza >/dev/null; then
  alias ls='eza'
 else
  alias ls='ls --color -h'
 fi
 alias lsa='ls -A'
 alias ll='ls -l'
 alias lla='ls -lA'
 alias ..='cd ..'
 alias ...='cd ../..'
 alias bt='bluetoothctl'
 alias go='GOPROXY=direct go'
 alias ts='tree-sitter'
 alias g='git'
 alias c='cargo'
 alias MAKE='make clean && make'
 alias n='myrtle --notebook-dir=$HOME/notes'
--- a/home/.config/sh/path.sh
+++ b/home/.config/sh/path.sh
@@ -0,0 +1,4 @@
 #!/bin/sh
 # Personnal scripts
 export PATH="$PATH:$HOME/bin"
--- a/home/.config/sway/config
+++ b/home/.config/sway/config
@@ -0,0 +1,2 @@
 include ~/.config/sway/config.d/*
 include /etc/sway/config.d/*
--- a/home/.config/sway/config.d/bar
+++ b/home/.config/sway/config.d/bar
@@ -0,0 +1,37 @@
 include ~/.config/sway/kanagawa.sway
 set $font "JetBrains Mono NF Bold 12"
 set $background #000000
 bar {
 	id top_bar
 	status_command i3status-rs
 	position top
 	height 24
 	font $font
 	workspace_min_width 20
 	status_padding 0
 	status_edge_padding 0
 	colors {
 		background $background
 		focused_workspace #000000 #000000 $fujiWhite
 		active_workspace #000000 #000000 $fujiGray
 		inactive_workspace #000000 #000000 $fujiGray
 	}
 }
 bar {
 	id bottom_bar
 	status_command i3status-rs ~/.config/i3status-rust/bottom-config.toml
 	position bottom
 	height 24
 	font $font
 	workspace_buttons no
 	binding_mode_indicator no
 	tray_output none
 	colors {
 		background $background
 	}
 }
 # vim:ft=swayconfig
--- a/home/.config/sway/config.d/bindings
+++ b/home/.config/sway/config.d/bindings
@@ -0,0 +1,169 @@
 set $mod Mod4
 set $left h
 set $down j
 set $up k
 set $right l
 set $term alacritty msg create-window || alacritty
 set $launcher tofi-drun | xargs swaymsg exec --
 set $lock swaylock
 set $screenshots $HOME/Pictures/Screenshots
 floating_modifier $mod normal
 bindsym {
    # Start a terminal
    $mod+Return exec $term
    # Kill focused window
    $mod+Shift+q kill
 		$mod+w       kill
    # Application launcher
    $mod+d exec $launcher
    # Reload the configuration file
    $mod+Shift+c reload
    # Exit sway / log out
    $mod+Shift+e exec swaynag \
 		-t warning \
 		-m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' \
 		-B 'Yes, exit sway' 'swaymsg exit' \
 		--dismiss-button 'Cancel'
    # Move focus
    $mod+$left  focus left
    $mod+$down  focus down
    $mod+$up    focus up
    $mod+$right focus right
    $mod+Left   focus left
    $mod+Down   focus down
    $mod+Up     focus up
    $mod+Right  focus right
    # Move the focused window
    $mod+Shift+$left  move left
    $mod+Shift+$down  move down
    $mod+Shift+$up    move up
    $mod+Shift+$right move right
    $mod+Shift+Left  move left
    $mod+Shift+Down  move down
    $mod+Shift+Up    move up
    $mod+Shift+Right move right
 	--to-code {
 		# Switch to workspace
 		$mod+ampersand  workspace number 1
 		$mod+eacute     workspace number 2
 		$mod+quotedbl   workspace number 3
 		$mod+apostrophe workspace number 4
 		$mod+parenleft  workspace number 5
 		$mod+minus      workspace number 6
 		$mod+egrave     workspace number 7
 		$mod+underscore workspace number 8
 		$mod+ccedilla   workspace number 9
 		$mod+agrave     workspace number 10
 	}
 	# Move focused container to workspace
 	$mod+1 move container to workspace number 1
 	$mod+2 move container to workspace number 2
 	$mod+3 move container to workspace number 3
 	$mod+4 move container to workspace number 4
 	$mod+5 move container to workspace number 5
 	$mod+6 move container to workspace number 6
 	$mod+7 move container to workspace number 7
 	$mod+8 move container to workspace number 8
 	$mod+9 move container to workspace number 9
 	$mod+0 move container to workspace number 10
 	$mod+Shift+1 move container to workspace number 1
 	$mod+Shift+2 move container to workspace number 2
 	$mod+Shift+3 move container to workspace number 3
 	$mod+Shift+4 move container to workspace number 4
 	$mod+Shift+5 move container to workspace number 5
 	$mod+Shift+6 move container to workspace number 6
 	$mod+Shift+7 move container to workspace number 7
 	$mod+Shift+8 move container to workspace number 8
 	$mod+Shift+9 move container to workspace number 9
 	$mod+Shift+0 move container to workspace number 10
    # Split
    $mod+b splith
    $mod+v splitv
    # Switch the current container between different layout styles
    $mod+s layout stacking
    $mod+t layout tabbed
    $mod+m layout toggle split
    # Toggle fullscreen on the current focus
    $mod+f fullscreen
    # Toggle floating mode for current container
    $mod+Shift+f floating toggle
    # Move focus to the parent container
    $mod+a focus parent
    # Move the focused window to the scratchpad
    $mod+Shift+equal move scratchpad
 	# Cycle through scratchpad windows
    $mod+equal scratchpad show
 	# Volume
 	XF86AudioRaiseVolume exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ -l 1.0
 	XF86AudioLowerVolume exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%- -l 1.0
 	XF86AudioMute        exec wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle
 	XF86AudioMicMute     exec wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle
 	# Media
 	XF86AudioPlay exec playerctl play-pause
 	XF86AudioNext exec playerctl next
 	XF86AudioPrev exec playerctl previous
 	XF86Search    exec $launcher
 	# Brightness
 	--locked {
 		XF86MonBrightnessDown exec brightnessctl set 5%-
 		XF86MonBrightnessUp   exec brightnessctl set +5%
 	}
 	# Lock
 	Ctrl+Mod4+L exec $lock
 	# Screenshot
 	## Full screen capture
 	Print             exec grim "$screenshots/$(date +\"Screenshot from %Y-%m-%d %H-%M-%S.png\")"
 	## Select a zone and save
 	$mod+Shift+s      exec grim -g "$(slurp -d)" "$screenshots/$(date +\"Screenshot from %Y-%m-%d %H-%M-%S.png\")"
 	## Select a zone and copy to clipboard
 	$mod+Shift+Ctrl+s exec grim -g "$(slurp -d)" - | wl-copy
 }
 mode "resize" bindsym {
 		# Shrink or grow the container
 		$left resize shrink width 10px
 	    $down resize grow height 10px
 	    $up resize shrink height 10px
 	    $right resize grow width 10px
 	    # Same with arrow keys
 	    Left resize shrink width 10px
 	    Down resize grow height 10px
 	    Up resize shrink height 10px
 	    Right resize grow width 10px
 	    # Return to default mode
 	    Return mode "default"
 	    Escape mode "default"
 }
 bindsym $mod+r mode "resize"
--- a/home/.config/sway/config.d/input
+++ b/home/.config/sway/config.d/input
@@ -0,0 +1,17 @@
 input "1267:12613:ASUE140C:00_04F3:3145_Keyboard" {
    xkb_layout "fr,us(colemak_dh),us"
 	xkb_options grp:win_space_toggle
 }
 input "1:1:AT_Translated_Set_2_keyboard" {
    xkb_layout "fr,us(colemak_dh),us"
 	xkb_options grp:win_space_toggle
 }
 input type:touchpad {
    tap enabled
    natural_scroll enabled
 }
 bindgesture swipe:right workspace prev
 bindgesture swipe:left workspace next
--- a/home/.config/sway/config.d/programs
+++ b/home/.config/sway/config.d/programs
@@ -0,0 +1,16 @@
 # Directory for received taildrop files
 set $taildrop_inbox $HOME/Downloads
 # Screen temperature
 exec wlsunset -l 45 -L 6
 # Notifications
 exec mako
 # Output management
 exec kanshi
 # Auto receive taildrop files
 exec tailscale file get --loop --conflict=rename $taildrop_inbox
 exec swayidle -w
--- a/home/.config/sway/config.d/theme
+++ b/home/.config/sway/config.d/theme
@@ -0,0 +1,22 @@
 include ~/.config/sway/kanagawa.sway
 default_border pixel 3
 smart_borders on
 titlebar_border_thickness 2
 font "JetBrains Mono NF 11"
 gaps outer 0
 gaps inner 0
 set $waveBlue3 #3D5F77
 set $waveBlue4 #6D8FA7
 # class                  border     background text       indicator  child_border
 client.focused_inactive  $sumiInk2  $sumiInk1  $fujiWhite $sumiInk2  $sumiInk2
 client.unfocused         $sumiInk2  $sumiInk1  $fujiWhite $sumiInk2  $sumiInk2
 client.focused           $waveBlue3 $waveBlue2 $fujiWhite $waveBlue4 $waveBlue2
 client.focused_tab_title $waveBlue2 $waveBlue2 $fujiWhite
 for_window [app_id="firefox"] border none
 output * bg ~/.local/state/wallpaper fill
--- a/home/.config/sway/kanagawa.sway
+++ b/home/.config/sway/kanagawa.sway
@@ -0,0 +1,110 @@
 # Default foreground
 set $fujiWhite      #DCD7BA
 # Dark foreground (statuslines)
 set $oldWhite 	    #C8C093
 # Dark background (statuslines and floating windows)
 set $sumiInk0 	    #16161D
 # Default background
 set $sumiInk1 	    #1F1F28
 # Lighter background (colorcolumn, folds)
 set $sumiInk2 	    #2A2A37
 # Lighter background (cursorline)
 set $sumiInk3 	    #363646
 # Darker foreground (line numbers, fold column, non-text characters), float borders
 set $sumiInk4 	    #54546D
 # Popup background, visual selection background
 set $waveBlue1 	    #223249
 # Popup selection background, search background
 set $waveBlue2 	    #2D4F67
 # Diff Add (background)
 set $winterGreen    #2B3328
 # Diff Change (background)
 set $winterYellow   #49443C
 # Diff Deleted (background)
 set $winterRed 	    #43242B
 # Diff Line (background)
 set $winterBlue     #252535
 # Git Add
 set $autumnGreen    #76946A
 # Git Delete
 set $autumnRed 	    #C34043
 # Git Change
 set $autumnYellow   #DCA561
 # Diagnostic Error
 set $samuraiRed     #E82424
 # Diagnostic Warning
 set $roninYellow    #FF9E3B
 # Diagnostic Info
 set $waveAqua1 	    #6A9589
 # Diagnostic Hint
 set $dragonBlue     #658594
 # Comments
 set $fujiGray 	    #727169
 # Light foreground
 set $springViolet1  #938AA9
 # Statements and Keywords
 set $oniViolet 	    #957FB8
 # Functions and Titles
 set $crystalBlue    #7E9CD8
 # Brackets and punctuation
 set $springViolet2  #9CABCA
 # Specials and builtin functions
 set $springBlue     #7FB4CA
 # Not used
 set $lightBlue 	    #A3D4D5
 # Types
 set $waveAqua2 	    #7AA89F
 # Strings
 set $springGreen    #98BB6C
 # Not used
 set $boatYellow1    #938056
 # Operators, RegEx
 set $boatYellow2    #C0A36E
 # Identifiers
 set $carpYellow     #E6C384
 # Numbers
 set $sakuraPink     #D27E99
 # Standout specials 1 (builtin variables)
 set $waveRed 	    #E46876
 # Standout specials 2 (exception handling, return)
 set $peachRed 	    #FF5D62
 # Constants, imports, booleans
 set $surimiOrange   #FFA066
 # Deprecated
 set $katanaGray     #717C7C
--- a/home/.config/swayidle/config
+++ b/home/.config/swayidle/config
@@ -0,0 +1,10 @@
 # This will lock the screen after 300 seconds of inactivity.
 timeout 300 "swaylock -f"
 # Turn off all displays after another 300 seconds.
 # and turn them back on when resumed.
 timeout 600 "swaymsg 'output * dpms off'" resume "swaymsg 'output * dpms on'"
 # Lock the screen before the computer goes to sleep.
 before-sleep "playerctl pause"
 before-sleep "swaylock -f"
--- a/home/.config/swaylock/config
+++ b/home/.config/swaylock/config
@@ -0,0 +1,29 @@
 daemonize
 font=JetBrains Mono NF
 font-size=22
 image=~/.local/state/wallpaper
 ring-color=FFFFFF55
 ring-clear-color=FFFFFF55
 ring-ver-color=1885d4
 ring-wrong-color=FF0000
 key-hl-color=FFFFFF
 inside-color=00000000
 inside-clear-color=00000000
 inside-ver-color=00000000
 inside-wrong-color=00000000
 line-uses-inside
 separator-color=00000000
 layout-bg-color=00000000
 layout-text-color=FFFFFF
 text-color=FFFFFF
 text-clear-color=FFFFFF
 text-ver-color=FFFFFF
 text-wrong-color=FFFFFF
 indicator-radius=100
--- a/home/.config/task/taskrc
+++ b/home/.config/task/taskrc
@@ -0,0 +1,4 @@
 data.location=~/.local/share/task
 hooks.location=~/.config/task/hooks
 include ~/.config/task/sync
--- a/home/.config/tofi/config
+++ b/home/.config/tofi/config
@@ -0,0 +1,176 @@
 #
 ### Fonts
 #
 	# Font to use, either a path to a font file or a name.
 	#
 	# If a path is given, tofi will startup much quicker, but any
 	# characters not in the chosen font will fail to render.
 	#
 	# Otherwise, fonts are interpreted in Pango format.
 	font = "JetBrainsMono NF"
 	# Point size of text.
 	font-size = 15
 	# Perform font hinting. Only applies when a path to a font has been
 	# specified via `font`. Disabling font hinting speeds up text
 	# rendering appreciably, but will likely look poor at small font pixel
 	# sizes.
 	hint-font = true
 #
 ### Colors
 #
 	# Window background
 	background-color = #111111DD
 	# Border outlines
 	outline-color = #080800
 	# Border
 	border-color = #0981E3
 	# Default text
 	text-color = #C5C9C7
 	# Selection text
 	selection-color = #0981E3
 	# Matching portion of selection text
 	selection-match-color = #44BBFF
 	# Selection background
 	selection-background = #00000000
 #
 ### Text layout
 #
 	# Prompt to display.
 	prompt-text = "run: "
 	# Extra horizontal padding between prompt and input.
 	prompt-padding = 0
 	# Maximum number of results to display.
 	# If 0, tofi will draw as many results as it can fit in the window.
 	num-results = 0
 	# Spacing between results in pixels. Can be negative.
 	result-spacing = 8
 	# List results horizontally.
 	horizontal = false
 	# Minimum width of input in horizontal mode.
 	min-input-width = 0
 	# Extra horizontal padding of the selection background in pixels.
 	selection-background-padding = 0
 #
 ### Window layout
 #
 	# Width and height of the window. Can be pixels or a percentage.
 	width = 100%
 	height = 100%
 	# Width of the border outlines in pixels.
 	outline-width = 0
 	# Width of the border in pixels.
 	border-width = 0
 	# Radius of window corners in pixels.
 	corner-radius = 0
 	# Padding between borders and text. Can be pixels or a percentage.
 	padding-top = 200
 	padding-bottom = 0
 	padding-left = 35%
 	padding-right = 0
 	# Whether to scale the window by the output's scale factor.
 	scale = true
 #
 ### Window positioning
 #
 	# The name of the output to appear on. An empty string will use the
 	# default output chosen by the compositor.
 	output = ""
 	# Location on screen to anchor the window to.
 	#
 	# Supported values: top-left, top, top-right, right, bottom-right,
 	# bottom, bottom-left, left, center.
 	anchor = center
 	# Set the size of the exclusive zone.
 	#
 	# A value of -1 means ignore exclusive zones completely.
 	# A value of 0 will move tofi out of the way of other windows' zones.
 	# A value greater than 0 will set that much space as an exclusive zone.
 	#
 	# Values greater than 0 are only meaningful when tofi is anchored to a
 	# single edge.
 	exclusive-zone = -1
 	# Window offset from edge of screen. Only has an effect when anchored
 	# to the relevant edge. Can be pixels or a percentage.
 	margin-top = 0
 	margin-bottom = 0
 	margin-left = 0
 	margin-right = 0
 #
 ### Behaviour
 #
 	# Hide the cursor.
 	hide-cursor = false
 	# Sort results by number of usages in run and drun modes.
 	history = true
 	# Use fuzzy matching for searches.
 	fuzzy-match = false
 	# If true, require a match to allow a selection to be made. If false,
 	# making a selection with no matches will print input to stdout.
 	# In drun mode, this is always true.
 	require-match = true
 	# If true, typed input will be hidden, and what is displayed (if
 	# anything) is determined by the hidden-character option.
 	hide-input = false
 	# Replace displayed input characters with a character. If the empty
 	# string is given, input will be completely hidden.
 	# This option only has an effect when hide-input is set to true.
 	hidden-character = "*"
 	# If true, directly launch applications on selection when in drun mode.
 	# Otherwise, just print the command line to stdout.
 	drun-launch = false
 	# The terminal to run terminal programs in when in drun mode.
 	# This option has no effect if drun-launch is set to true.
 	# Defaults to the value of the TERMINAL environment variable.
 	# terminal = foot
 	# Delay keyboard initialisation until after the first draw to screen.
 	# This option is experimental, and will cause tofi to miss keypresses
 	# for a short time after launch. The only reason to use this option is
 	# performance on slow systems.
 	late-keyboard-init = false
 	# If true, allow multiple simultaneous processes.
 	# If false, create a lock file on startup to prevent multiple instances
 	# from running simultaneously.
 	multi-instance = false
 #
 ### Inclusion
 #
 	# Configs can be split between multiple files, and then included
 	# within each other.
 	# include = /path/to/config
--- a/home/.config/zsh/haze.zsh
+++ b/home/.config/zsh/haze.zsh
@@ -0,0 +1,2 @@
 # Highlight the executable in green if it is found
 source /usr/share/zsh/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.plugin.zsh
--- a/home/.config/zsh/hooks.sh
+++ b/home/.config/zsh/hooks.sh
@@ -0,0 +1,30 @@
 # Hook direnv if present
 if command -v direnv >/dev/null; then
  eval "$(direnv hook zsh)"
 fi
 # Prompt
 if command -v starship >/dev/null; then
  source <(starship init zsh)
 fi
 # Load opam config if present
 if [ -r ~/.opam/opam-init/init.zsh ]; then
  source ~/.opam/opam-init/init.zsh  > /dev/null 2> /dev/null
 fi
 # Launch atuin if it is installed
 if command -v atuin >/dev/null; then
  eval "$(atuin init zsh)"
 fi
 # Set ls/tree/fd theme using vivid if it is installed
 if command -v vivid >/dev/null; then
  export LS_COLORS="$(vivid generate gruvbox-dark-hard)"
 fi
 # Init zoxide if present and alias cd to it
 if command -v zoxide >/dev/null; then
  eval "$(zoxide init zsh)"
  alias cd=z
 fi
--- a/home/.gitignore
+++ b/home/.gitignore
@@ -0,0 +1 @@
 !/.config
--- a/home/.ssh/config
+++ b/home/.ssh/config
@@ -0,0 +1,8 @@
 Host crocus
 	User root
 Host verbena
 	User root
 Host genepi
 	User root
--- a/home/.zshrc
+++ b/home/.zshrc
@@ -0,0 +1,27 @@
 # Path
 source ~/.config/sh/path.sh
 # Aliases
 source ~/.config/sh/aliases.sh
 # Completion
 autoload -Uz compinit
 compinit
 # sudo completion
 zstyle ':completion::complete:*' gain-privileges 1
 # Line movement with special keys
 bindkey "^[[H" beginning-of-line
 bindkey "^[[F" end-of-line
 bindkey "^[[3~" delete-char
 source ~/.config/zsh/hooks.sh
 if [ -r ~/.profile ]; then
  source ~/.profile
 fi
 # Load machine-specific config
 if [ -r ~/.config/zsh/$HOST.zsh ]; then
  source ~/.config/zsh/$HOST.zsh
 fi
--- a/home/bin/monitor-dark-mode.sh
+++ b/home/bin/monitor-dark-mode.sh
@@ -0,0 +1,4 @@
 #!/usr/bin/env sh
 gsettings monitor org.gnome.desktop.interface color-scheme \
  | xargs -L1 "${HOME}/rep/flocon/home/bin/switch-helix-theme.sh"
--- a/home/bin/switch-helix-theme.sh
+++ b/home/bin/switch-helix-theme.sh
@@ -0,0 +1,15 @@
 #!/usr/bin/env bash
 set -euox pipefail
 HELIX_CONFIG_PATH=$(readlink -f "${HOME}/.config/helix/config.toml")
 HELIX_THEME_LIGHT="zed_onelight"
 HELIX_THEME_DARK="kanagawa"
 if [[ "$2" == "prefer-dark" ]]; then
  sed -i "s/^theme .*/theme = \"$HELIX_THEME_DARK\"/" "$HELIX_CONFIG_PATH"
 else
  sed -i "s/^theme .*/theme = \"$HELIX_THEME_LIGHT\"/" "$HELIX_CONFIG_PATH"
 fi
 pkill -USR1 hx || true
--- a/home/desktop/niri.nix
+++ b/home/desktop/niri.nix
@@ -1,5 +0,0 @@
 { config, ... }:
 {
  xdg.configFile."i3bar-river".source = "${config.dotfiles.path}/.config/i3bar-river";
  xdg.configFile."niri".source = "${config.dotfiles.path}/.config/niri";
 }
--- a/home/helix.nix
+++ b/home/helix.nix
@@ -1,12 +0,0 @@
 { config, pkgs, ... }:
 {
  home.packages = [ pkgs.helix ];
  programs.helix = {
    enable = true;
    defaultEditor = true;
  };
  xdg.configFile."helix".source = "${config.dotfiles.path}/.config/helix";
 }
--- a/infra/.terraform.lock.hcl
+++ b/infra/.terraform.lock.hcl
@@ -21,24 +21,63 @@ provider "registry.opentofu.org/go-gandi/gandi" {
  ]
 }
-provider "registry.opentofu.org/hetznercloud/hcloud" {
+provider "registry.opentofu.org/hashicorp/assert" {
-  version     = "1.49.1"
+  version = "0.16.0"
  constraints = "~> 1.45"
  hashes = [
-    "h1:FKGRNHVbcfQJd8EWrb8Ze5QHkaGr8zI+ZKxBMjvOwPk=",
+    "h1:2jeV46S9jN2rk0GXOa+HGNlVvyWzaB3wz0T65elbjOc=",
-    "zh:3d5f9773da4f8203cf625d04a5a0e4ff7e202684c010a801a945756140c61cde",
+    "zh:3c04d08d1bb4ae810b7972a219c8dd42a8ab901a9bc25197b250c38f3fa57033",
-    "zh:446305d492017cda91e5c15122ec16ff15bfe3ef4d3fd6bcea0cdf7742ab1b86",
+    "zh:46119bcc47b545809c0ee873a72d44f4f875cca4d7228605f5c7a8956a5e7d55",
-    "zh:44d4f9156ed8b4f0444bd4dc456825940be49048828565964a192286d28c9f20",
+    "zh:511949ee8a6ac8ff7296b4c9778deb2aec2783f5b85c4f27382a3b623fc50a4a",
-    "zh:492ad893d2f89bb17c9beb877c8ceb4a16caf39db1a79030fefeada6c7aa217f",
+    "zh:b4ebb8b832bae26443880d2e17493f754495db2d6c3f02c6d0070cbf5ae21598",
-    "zh:68dc552c19ad9d209ec6018445df6e06fb77a637513a53cc66ddce1b024082be",
+    "zh:bebed6c1873871eb824103f08e72055c077f01b10a40944760d19ffdd721d9ab",
-    "zh:7492495ffda6f6c49ab38b539bd2eb965b1150a63fb6b191a27dec07d17601cb",
+    "zh:e412855fd2fd81e0a847e45308bdbac99995315c503fdddf262ee59e1b7c5263",
-    "zh:850fe92005981ea00db86c3e49ba5b49732fdf1f7bd5530a68f6e272847059fc",
+    "zh:ed47c4fe28c6f148f11fa4098516abea008c49fa670c3cedd2ff94596cac0831",
-    "zh:8cb67f744c233acfb1d68a6c27686315439d944edf733b95f113b4aa63d86713",
+    "zh:edee914b1d12ac6db241a1fecaa5186c47f361f4ceb2deb23ad45d67bf95c7b1",
-    "zh:8e13dac46e8c2497772ed1baee701b1d1c26bcc95a63b5c4566c83468f504868",
+    "zh:eff5b2e1c2128217bdbc600eda4fe011831e5c655bf4acd84b6495fc20d128d3",
-    "zh:c44249c6a8ba931e208a334792686b5355ab2da465cadea03c1ea8e73c02db12",
+    "zh:ff64424784171a3361b1ea95d8cef334ec1c4a395812edd0a77a1ed6b4119b0f",
-    "zh:d103125a28a85c89aea0cb0c534fe3f504416c4d4fc75c37364b9ec5f66dd77d",
+  ]
-    "zh:ed8f64e826aa9bfca95b72892271678cb78411b40d7b404a52404141e05a4ab1",
+}
-    "zh:f40efad816de00b279bd1e2cbf62c76b0e5b2da150a0764f259984b318e30945",
+
-    "zh:f5e912d0873bf4ecc43feba4ceccdf158048080c76d557e47f34749139fdd452",
+provider "registry.opentofu.org/hetznercloud/hcloud" {
  version     = "1.52.0"
  constraints = "~> 1.45"
  hashes = [
    "h1:LTjrLuC+4F1Kv4TxS9e7LVVkG8/S4QQ7X4ORblvKTbc=",
    "zh:1e9bb6b6a2ea5f441638dbae2d60fbe04ff455f58a18c740b8b7913e2197d875",
    "zh:29c122e404ba331cfbadacc7f1294de5a31c9dfd60bdfe3e1b402271fc8e419c",
    "zh:2bd0ae2f0bb9f16b7753f59a08e57ac7230f9c471278d7882f81406b9426c8c7",
    "zh:4383206971873f6b5d81580a9a36e0158924f5816ebb6206b0cf2430e4e6a609",
    "zh:47e2ca1cfa18500e4952ab51dc357a0450d00a92da9ea03e452f1f3efe6bbf75",
    "zh:8e9fe90e3cea29bb7892b64da737642fc22b0106402df76c228a3cbe99663278",
    "zh:a2d69350a69c471ddb63bcc74e105e585319a0fc0f4d1b7f70569f6d2ece5824",
    "zh:a97abcc254e21c294e2d6b0fc9068acfd63614b097dda365f1c56ea8b0fd5f6b",
    "zh:aba8d72d4fe2e89c922d5446d329e5c23d00b28227b4666e6486ba18ea2ec278",
    "zh:ad36c333978c2d9e4bc43dcadcbff42fe771a8c5ef53d028bcacec8287bf78a7",
    "zh:cdb1e6903b9d2f0ad8845d4eb390fbe724ee2435fb045baeab38d4319e637682",
    "zh:df77b08757f3f36b8aadb33d73362320174047044414325c56a87983f48b5186",
    "zh:e07513d5ad387247092b5ae1c87e21a387fc51873b3f38eee616187e38b090a7",
    "zh:e2be02bdc59343ff4b9e26c3b93db7680aaf3e6ed13c8c4c4b144c74c2689915",
  ]
 }
 provider "registry.opentofu.org/ovh/ovh" {
  version     = "2.5.0"
  constraints = "2.5.0"
  hashes = [
    "h1:CrmFEWjczVhLWc2qzOktKSu8Q0U78uV8fnSHo54lMQg=",
    "zh:1a11c3bc191c3417b41af5c56a66ac7071980f7babb390096b43aab3ac60fe7c",
    "zh:1d46fa7c37468becb01d117463838f694a093e58a9b7d28347db2c377933db76",
    "zh:22b83b15e878a9627477fe49e03dada3f4cd4357cb91cdb621394da690238542",
    "zh:316541fc8bbf2fe14f4a484d878c63e4b949bd21a352e0ebf60d4848c96a338e",
    "zh:50e72847a4b1d532e7abd5669408832ac1b49dcfda266378b8e2419d97f0f49a",
    "zh:7582c8630edb3e83642e7a4b06fababeaf4833ce622c71220c38724d0e0231af",
    "zh:a26714d6bd8e04acbbc94c708b151405c4b6fc20dc7060e0daef8395f1bb9ce0",
    "zh:aa8be95462c5ca909c923cc3d44636eccc71cb25b51572fe7e2f68bc93c57612",
    "zh:b520c0661c514586b2aa3105c4345eda4d34ef08b62fda2cc20a2bcb8cb88ab2",
    "zh:be8125f1b6bc8aa93441ec9dd96db5f49d21b4dcc100c13028404b461da545c9",
    "zh:c6aab9b6b04fa8483aa10c194eaab8e4a1fbffc64ad495f5027d496e5b2da214",
    "zh:d537d85afc71c51d86b1031586c619c503df9462e0240d94984bc32273a03df2",
    "zh:eaa9f41d33fa7731c4a937e80554a1b6b2042d273705e4c8fc983ba251193206",
    "zh:f0d085065a0ada787ad080ddd6e7c646b8ca3a351712961de735d18c9d59af7c",
  ]
 }
--- a/infra/crocus.tf
+++ b/infra/crocus.tf
@@ -1,8 +1,20 @@
 resource "hcloud_server" "crocus_server" {
  name         = "crocus"
  server_type  = "cx22"
  datacenter   = "nbg1-dc3"
  image        = "ubuntu-20.04"
  firewall_ids = [hcloud_firewall.crocus_firewall.id]
  public_net {
    ipv4 = hcloud_primary_ip.crocus_ipv4.id
  }
 }
 resource "hcloud_primary_ip" "crocus_ipv4" {
  name          = "crocus_ipv4"
  type          = "ipv4"
  datacenter    = "nbg1-dc3"
  assignee_type = "server"
  auto_delete   = true
 }
 resource "hcloud_firewall" "crocus_firewall" {
--- a/infra/dns.tf
+++ b/infra/dns.tf
@@ -21,3 +21,46 @@ resource "gandi_livedns_record" "rpqt_fr_radicle_aaaa" {
    hcloud_server.crocus_server.ipv6_address,
  ]
 }
 resource "gandi_livedns_record" "rpqt_fr_cloud_a" {
  zone   = data.gandi_livedns_domain.rpqt_fr.id
  name   = "cloud"
  type   = "A"
  ttl    = 10800
  values = local.verbena_ipv4_addresses
 }
 resource "gandi_livedns_record" "rpqt_fr_cloud_aaaa" {
  zone   = data.gandi_livedns_domain.rpqt_fr.id
  name   = "cloud"
  type   = "AAAA"
  ttl    = 10800
  values = local.verbena_ipv6_addresses
 }
 data "ovh_vps" "verbena_vps" {
  service_name = "vps-7e78bac2.vps.ovh.net"
 }
 data "ovh_domain_zone" "turifer_dev" {
  name = "turifer.dev"
 }
 resource "ovh_domain_zone_import" "turifer_dev_import" {
  zone_name = "turifer.dev"
  zone_file = local.turifer_dev_zone_file
 }
 locals {
  verbena_ipv4_addresses = [for ip in data.ovh_vps.verbena_vps.ips : ip if provider::assert::ipv4(ip)]
  verbena_ipv6_addresses = [for ip in data.ovh_vps.verbena_vps.ips : ip if provider::assert::ipv6(ip)]
  turifer_dev_zone_file = templatefile("./templates/turifer.dev.zone", {
    crocus_ipv4_address = hcloud_server.crocus_server.ipv4_address
    crocus_ipv6_address = hcloud_server.crocus_server.ipv6_address
    verbena_ipv4_addresses = local.verbena_ipv4_addresses
    verbena_ipv6_addresses = local.verbena_ipv6_addresses
  })
 }
--- a/infra/main.tf
+++ b/infra/main.tf
@@ -8,5 +8,12 @@ terraform {
      source  = "hetznercloud/hcloud"
      version = "~> 1.45"
    }
    ovh = {
      source  = "ovh/ovh"
      version = "2.5.0"
    }
    assert = {
      source = "hashicorp/assert"
    }
  }
 }
--- a/infra/providers.tf
+++ b/infra/providers.tf
@@ -5,3 +5,9 @@ provider "gandi" {
 provider "hcloud" {
  token = var.hcloud_token
 }
 provider "ovh" {
  endpoint      = "ovh-eu"
  client_id     = var.ovh_client_id
  client_secret = var.ovh_client_secret
 }
--- a/infra/templates/turifer.dev.zone
+++ b/infra/templates/turifer.dev.zone
@@ -0,0 +1,32 @@
 $TTL 3600
@	IN SOA dns100.ovh.net. tech.ovh.net. (2025071505 86400 3600 3600000 60)
    IN NS     dns100.ovh.net.
 	IN NS     ns100.ovh.net.
 turifer.dev. 3000 IN TXT "hosted-email-verify=k5z4lcfc"
 turifer.dev. 3000 IN MX 10 aspmx1.migadu.com.
 turifer.dev. 3000 IN MX 20 aspmx2.migadu.com.
 turifer.dev. 3000 IN TXT "v=spf1 include:spf.migadu.com -all"
 key1._domainkey.turifer.dev. 3000 IN CNAME key1.turifer.dev._domainkey.migadu.com.
 key2._domainkey.turifer.dev. 3000 IN CNAME key2.turifer.dev._domainkey.migadu.com.
 key3._domainkey.turifer.dev. 3000 IN CNAME key3.turifer.dev._domainkey.migadu.com.
 _dmarc.turifer.dev. 3000 IN TXT "v=DMARC1; p=quarantine;"
 autoconfig.turifer.dev. 3000 IN CNAME autoconfig.migadu.com.
 _autodiscover._tcp.turifer.dev. 3000 IN SRV 0 1 443 autodiscover.migadu.com.
 _submissions._tcp.turifer.dev. 3000 IN SRV 0 1 465 smtp.migadu.com.
 _imaps._tcp.turifer.dev. 3000 IN SRV 0 1 993 imap.migadu.com.
 _pop3s._tcp.turifer.dev. 3000 IN SRV 0 1 995 pop.migadu.com.
 %{ for addr in verbena_ipv4_addresses ~}
 git.turifer.dev. 10800 IN A ${addr}
 %{ endfor ~}
 %{ for addr in verbena_ipv6_addresses ~}
 git.turifer.dev. 10800 IN AAAA ${addr}
 %{ endfor ~}
 %{ for addr in verbena_ipv4_addresses ~}
 buildbot.turifer.dev. 10800 IN A ${addr}
 %{ endfor ~}
 %{ for addr in verbena_ipv6_addresses ~}
 buildbot.turifer.dev. 10800 IN AAAA ${addr}
 %{ endfor ~}
--- a/infra/variables.tf
+++ b/infra/variables.tf
@@ -5,3 +5,11 @@ variable "gandi_token" {
 variable "hcloud_token" {
  sensitive = true
 }
 variable "ovh_client_id" {
  sensitive = true
 }
 variable "ovh_client_secret" {
  sensitive = true
 }
--- a/inventory.json
+++ b/inventory.json
@@ -0,0 +1,18 @@
 {
  "machines": {
    "verbena": {
      "installedAt": 1757633120
    },
    "crocus": {
      "installedAt": 1757633120
    },
    "haze": {
      "installedAt": 1757633120,
      "description": "Romain's laptop"
    },
    "genepi": {
      "installedAt": 1757633120,
      "description": "Raspberry Pi 4B"
    }
  }
 }
--- a/machines/README.md
+++ b/machines/README.md
@@ -3,3 +3,4 @@
 - **crocus**: Hetzner Cloud x86_64 VPS
 - **genepi**: Raspberry Pi 4B
 - **haze**: ASUS VivoBook Laptop
 - **verbena**: OVH Cloud x86_64 VPS
--- a/machines/crocus/configuration.nix
+++ b/machines/crocus/configuration.nix
@@ -1,23 +1,25 @@
 {
-  inputs,
+  self,
  modulesPath,
  config,
  ...
 }:
 {
  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
+    ./radicle.nix
-    # ./radicle.nix
+    self.nixosModules.nix-defaults
    ../../system
    inputs.clan-core.clanModules.state-version
    ../../modules/remote-builder.nix
-    ../../modules/borgbackup.nix
+    ../../modules/unbound.nix
    ../../modules/unbound-auth.nix
    self.inputs.srvos.nixosModules.server
    self.inputs.srvos.nixosModules.hardware-hetzner-cloud
  ];
  disabledModules = [
    self.inputs.srvos.nixosModules.mixins-cloud-init
  ];
  nixpkgs.hostPlatform = "x86_64-linux";
  networking.hostName = "crocus";
  clan.core.networking.targetHost = "root@crocus.local";
  networking.useDHCP = false;
  systemd.network.enable = true;
@@ -32,38 +34,34 @@
    ];
  };
-  services.avahi.enable = true;
+  fileSystems."/data1" = {
    device = "/dev/disk/by-id/scsi-0HC_Volume_103766469";
  };
-  disko.devices.disk.main.device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_48353082";
+  services.garage.settings.data_dir = [
    {
      path = "/var/lib/garage/data";
      capacity = "20G";
    }
    {
      path = "/data1/garage";
      capacity = "20G";
    }
  ];
  clan.core.settings.state-version.enable = true;
  clan.core.networking.buildHost = "root@haze";
  services.avahi.allowInterfaces = [
    "zts7mq7onf"
  ];
  boot.loader.grub = {
    efiSupport = true;
    efiInstallAsRemovable = true;
  };
  services.prometheus = {
    enable = true;
    port = 9001;
    exporters = {
      node = {
        enable = true;
        enabledCollectors = [ "systemd" ];
        port = 9002;
      };
    };
    scrapeConfigs = [
      {
        job_name = "crocus";
        static_configs = [
          {
            targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ];
          }
        ];
      }
    ];
  };
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
@@ -79,4 +77,6 @@
    acceptTerms = true;
    defaults.email = "admin@rpqt.fr";
  };
  services.tailscale.useRoutingFeatures = "server";
 }
--- a/machines/crocus/disko.nix
+++ b/machines/crocus/disko.nix
@@ -1,17 +1,8 @@
 {
  clan-core,
  config,
  ...
 }:
 let
  suffix = config.clan.core.vars.generators.disk-id.files.diskId.value;
 in
 {
  imports = [ clan-core.clanModules.disk-id ];
  disko.devices.disk.main = {
-    name = "main-" + suffix;
+    name = "main-dbca87cd30a5498488026c65b37eba60";
    type = "disk";
    device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_48353082";
    content = {
      type = "gpt";
      partitions = {
--- a/machines/crocus/radicle.nix
+++ b/machines/crocus/radicle.nix
@@ -1,9 +1,13 @@
-{ config, keys, ... }:
+{
  config,
  pkgs,
  ...
 }:
 {
  services.radicle = {
    enable = true;
-    privateKeyFile = config.age.secrets.radicle-private-key.path;
+    privateKeyFile = config.clan.core.vars.generators.radicle.files."id_ed25519".path;
-    publicKey = keys.services.radicle;
+    publicKey = config.clan.core.vars.generators.radicle.files."id_ed25519.pub".value;
    node = {
      openFirewall = true;
    };
@@ -15,7 +19,21 @@
        forceSSL = true;
      };
    };
    settings = {
      # FIXME: activation fails with rad saying the config is invalid
      # web.avatarUrl = "https://rpqt.fr/favicon.svg";
      # web.description = "rpqt's radicle node";
    };
  };
-  age.secrets.radicle-private-key.file = ../../secrets/radicle-private-key.age;
+  clan.core.vars.generators.radicle = {
    files."id_ed25519".secret = true;
    files."id_ed25519.pub".secret = false;
    runtimeInputs = [ pkgs.openssh ];
    script = ''
      ssh-keygen -t ed25519 -f "$out"/id_ed25519 -N "" -C "radicle"
    '';
  };
  clan.core.state.radicle.folders = [ "/var/lib/radicle" ];
 }
--- a/machines/genepi/acme.nix
+++ b/machines/genepi/acme.nix
@@ -1,21 +0,0 @@
 { config, ... }:
 {
  security.acme = {
    acceptTerms = true;
    defaults.email = "admin@rpqt.fr";
  };
  age.secrets.gandi.file = ../../secrets/gandi.age;
  security.acme = {
    certs."home.rpqt.fr" = {
      group = config.services.nginx.group;
      domain = "home.rpqt.fr";
      extraDomainNames = [ "*.home.rpqt.fr" ];
      dnsProvider = "gandiv5";
      dnsPropagationCheck = true;
      environmentFile = config.age.secrets.gandi.path;
    };
  };
 }
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1,2 @@`
							`include ~/.config/sway/config.d/*`
							`include /etc/sway/config.d/*`
		`@@ -0,0 +1,2 @@`
							`# Highlight the executable in green if it is found`
							`source /usr/share/zsh/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.plugin.zsh`