dms: use nixpkgs version

update flake inputs
niri: use dms generated config files
2025-12-18 17:43:03 +01:00 · 2025-12-18 17:43:03 +01:00 · 2025-12-18 17:42:59 +01:00 · 2025-12-18 16:46:06 +01:00 · 2025-12-12 23:24:00 +01:00 · 2025-12-12 23:23:00 +01:00
386 changed files with 7985 additions and 998 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 /.direnv
 /result
--- a/README.md
+++ b/README.md
@@ -1,10 +1,22 @@
 # NixOS & Home Manager config
 This repository contains all my system configurations, mostly deployed using Nix and [Clan].
 ## Structure
- **home**: Home Manager modules
+- **home**: Dotfiles
- **hosts**: Host-specific configs
+- **machines**: Host-specific configs
 - **infra**: Terraform/OpenTofu files
- **secrets**: Age-encrypted secrets shared between multiple hosts.
+- **vars**: Encrypted secrets managed by clan
-  Host-specific secrets are stored in their own directories.
+- **modules**: NixOS modules
- **system**: Base NixOS modules shared among all hosts
+- **clanServices**: Custom [Clan Services](https://docs.clan.lol/reference/clanServices)
 ## Dotfiles
 ### Linking with dotbotc (for windows)
 ```sh
 dotbot -c ./dotbot/windows.yaml -d home
 ```
 [Clan]: https//clan.lol
--- a/clan/flake-module.nix
+++ b/clan/flake-module.nix
@@ -0,0 +1,181 @@
 { self, lib, ... }:
 {
  imports = [
    ./machines.nix
    ./monitoring.nix
    ./network.nix
  ];
  clan.meta.name = "blossom";
  clan.meta.domain = "val";
  clan.inventory.instances."rpqt-admin" = {
    module.input = "clan-core";
    module.name = "admin";
    roles.default.tags.server = { };
    roles.default.machines.haze = { };
    roles.default.settings.allowedKeys = {
      rpqt_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze";
      nixbld_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIyNC2sn5m7m52r4kVZqg0T7abqdz5xh/blU3cYtHKAE nixbld@haze";
    };
  };
  clan.inventory.instances."sshd" = {
    module.input = "clan-core";
    module.name = "sshd";
    roles.server.tags.all = { };
    roles.server.extraModules = [
      self.nixosModules.hardened-ssh-server
    ];
    roles.server.settings = {
      certificate.searchDomains = [
        "home.rpqt.fr"
      ];
    };
    roles.client.tags.all = { };
    roles.client.settings = {
      certificate.searchDomains = [
        "home.rpqt.fr"
      ];
    };
  };
  clan.inventory.instances.user-rpqt = {
    module.input = "clan-core";
    module.name = "users";
    roles.default.machines.haze = {
      settings = {
        user = "rpqt";
      };
    };
    roles.default.extraModules = [
      self.nixosModules.user-rpqt
    ];
  };
  clan.inventory.instances.common-config = {
    module = {
      input = "clan-core";
      name = "importer";
    };
    roles.default.tags.all = { };
    roles.default.extraModules = [ self.nixosModules.common ];
  };
  clan.inventory.instances.server-config = {
    module = {
      input = "clan-core";
      name = "importer";
    };
    roles.default.tags.server = { };
    roles.default.extraModules = [
      {
        nix.gc.automatic = lib.mkDefault true;
        nix.gc.dates = lib.mkDefault "Mon 3:15";
        nix.gc.randomizedDelaySec = lib.mkDefault "30min";
        nix.gc.options = lib.mkDefault "--delete-older-than 30d";
      }
    ];
  };
  clan.inventory.instances."garage" = {
    module.input = "clan-core";
    module.name = "garage";
    roles.default.tags.garage = { };
  };
  clan.inventory.instances."garage-config" = {
    module.input = "clan-core";
    module.name = "importer";
    roles.default.tags.garage = { };
    roles.default.extraModules = [ ../modules/garage.nix ];
  };
  clan.inventory.instances."trusted-nix-caches" = {
    module.input = "clan-core";
    module.name = "trusted-nix-caches";
    roles.default.tags.all = { };
  };
  clan.inventory.instances."borgbackup-storagebox" = {
    module.input = "clan-core";
    module.name = "borgbackup";
    roles.client.machines = lib.genAttrs [ "crocus" "genepi" "verbena" ] (
      machine:
      let
        config = self.nixosConfigurations.${machine}.config;
        user = "u422292";
        host = "${user}.your-storagebox.de";
      in
      {
        settings.destinations."storagebox-${config.networking.hostName}" = {
          repo = "${user}@${host}:./borgbackup/${config.networking.hostName}";
          rsh = "ssh -oPort=23 -i ${
            config.clan.core.vars.generators.borgbackup.files."borgbackup.ssh".path
          } -oStrictHostKeyChecking=accept-new";
        };
      }
    );
    roles.client.extraModules = [
      ../modules/storagebox.nix
    ];
    roles.server.machines = { };
  };
  clan.inventory.instances.syncthing = {
    roles.peer.tags.syncthing = { };
    roles.peer.settings.folders = {
      Documents = {
        path = "~/Documents";
      };
      Music = {
        path = "~/Music";
      };
      Pictures = {
        path = "~/Pictures";
      };
      Videos = {
        path = "~/Videos";
      };
    };
    roles.peer.settings.extraDevices = {
      pixel-7a = {
        id = "IZE7B4Z-LKTJY6Q-77NN4JG-ADYRC77-TYPZTXE-Q35BWV2-AEO7Q3R-ZE63IAU";
        name = "Pixel 7a";
        addresses = [ "dynamic" ];
      };
    };
  };
  clan.inventory.instances.buildbot = {
    module.input = "self";
    module.name = "@rpqt/buildbot";
    roles.master.machines.verbena = {
      settings = {
        domain = "buildbot.turifer.dev";
        admins = [ "rpqt" ];
        topic = "buildbot-nix";
        gitea.instanceUrl = "https://git.turifer.dev";
      };
    };
    roles.master.extraModules = [
      {
        services.nginx.virtualHosts."buildbot.turifer.dev" = {
          enableACME = true;
          forceSSL = true;
        };
        security.acme.certs."buildbot.turifer.dev" = {
          email = "admin@turifer.dev";
        };
      }
    ];
    roles.worker.machines.verbena = { };
  };
 }
--- a/clan/machines.nix
+++ b/clan/machines.nix
@@ -0,0 +1,28 @@
 {
  clan.inventory.machines = {
    crocus = {
      tags = [
        "garage"
        "server"
      ];
    };
    genepi = {
      tags = [
        "garage"
        "server"
        "syncthing"
      ];
    };
    haze = {
      tags = [
        "syncthing"
      ];
    };
    verbena = {
      tags = [
        "garage"
        "server"
      ];
    };
  };
 }
--- a/clan/monitoring.nix
+++ b/clan/monitoring.nix
@@ -0,0 +1,46 @@
 { self, ... }:
 {
  clan.inventory.instances.prometheus = {
    module.input = "self";
    module.name = "@rpqt/prometheus";
    roles.scraper.machines.genepi = { };
    roles.scraper.settings = {
      extraScrapeConfigs = [
        {
          job_name = "garage";
          static_configs = [
            {
              labels.instance = "crocus";
              targets = [ "crocus.home.rpqt.fr:3903" ];
            }
            {
              labels.instance = "genepi";
              targets = [ "genepi.home.rpqt.fr:3903" ];
            }
            {
              labels.instance = "verbena";
              targets = [ "verbena.home.rpqt.fr:3903" ];
            }
          ];
          authorization = {
            type = "Bearer";
            credentials_file =
              self.nixosConfigurations.verbena.config.clan.core.vars.generators.garage.files.metrics_token.path;
          };
        }
      ];
    };
    roles.target.tags.server = { };
    roles.target.settings = {
      exporters = {
        node = {
          enabledCollectors = [
            "systemd"
          ];
        };
      };
    };
  };
 }
--- a/clan/network.nix
+++ b/clan/network.nix
@@ -0,0 +1,77 @@
 { self, ... }:
 {
  clan.inventory.instances.zerotier = {
    roles.controller.machines.crocus = { };
    roles.moon.machines.crocus = {
      settings = {
        stableEndpoints = [
          "116.203.18.122"
          "2a01:4f8:1c1e:e415::/64"
        ];
      };
    };
    roles.peer.tags."all" = { };
  };
  clan.inventory.instances.internet = {
    roles.default.machines.verbena.settings.host = self.infra.machines.verbena.ipv4;
    roles.default.machines.crocus.settings.host = self.infra.machines.crocus.ipv4;
  };
  clan.inventory.instances.wireguard = {
    module.name = "wireguard";
    module.input = "clan-core";
    roles.controller = {
      machines.verbena.settings = {
        endpoint = "wg1.turifer.dev";
      };
    };
    roles.peer.machines = {
      haze = { };
      crocus = { };
      genepi = { };
    };
  };
  # clan.inventory.instances.certificates = {
  #   module.name = "certificates";
  #   module.input = "clan-core";
  #   roles.ca.machines.verbena = {
  #     settings.acmeEmail = "admin@rpqt.fr";
  #   };
  #   roles.default.tags.all = { };
  #   roles.default.settings.acmeEmail = "admin@rpqt.fr";
  # };
  # Temporarily patched version of clan-core/coredns for AAAA records support
  clan.inventory.instances.coredns = {
    module.name = "@rpqt/coredns";
    module.input = "self";
    roles.default.tags.all = { };
    roles.server.machines.verbena = {
      settings.ip = "fd28:387a:90:c400::1";
    };
    roles.server.machines.crocus = {
      settings.ip = "fd28:387a:90:c400:6db2:dfc3:c376:9956";
    };
    roles.server.settings = {
      tld = "home.rpqt.fr";
    };
    roles.default.machines.genepi.settings = {
      ip = "fd28:387a:90:c400:ab23:3d38:a148:f539"; # FIXME: IPv4 expected (A record)
      services = [
        "actual"
        "assistant"
        "glance"
        "grafana"
        "images"
        "lounge"
        "pinchflat"
        "rss"
      ];
    };
  };
 }
--- a/clanServices/buildbot/default.nix
+++ b/clanServices/buildbot/default.nix
@@ -0,0 +1,158 @@
 { self, ... }:
 { lib, ... }:
 {
  _class = "clan.service";
  manifest.name = "buildbot";
  roles.master = {
    interface.options = {
      domain = lib.mkOption {
        type = lib.types.str;
        description = "Domain name under which the buildbot frontend is reachable";
        example = "https://buildbot.example.com";
      };
      admins = lib.mkOption {
        type = lib.types.listOf lib.types.str;
        description = "List of usernames allowed to authenticate to the buildbot frontend";
        example = [ "Mic92" ];
      };
      topic = lib.mkOption {
        type = lib.types.str;
        description = "Name of the topic attached to repositories that should be built";
        example = "buildbot-nix";
      };
      gitea.instanceUrl = lib.mkOption {
        type = lib.types.str;
        description = "URL of the Gitea instance";
        example = "https://git.example.com";
      };
    };
    perInstance =
      {
        settings,
        roles,
        ...
      }:
      {
        nixosModule =
          {
            config,
            lib,
            pkgs,
            ...
          }:
          {
            imports = [
              self.inputs.buildbot-nix.nixosModules.buildbot-master
            ];
            services.buildbot-nix.master = {
              enable = true;
              workersFile = config.clan.core.vars.generators.buildbot.files.workers-file.path;
              inherit (settings) domain admins;
              authBackend = "gitea";
              gitea = {
                enable = true;
                inherit (settings.gitea) instanceUrl;
                inherit (settings) topic;
                tokenFile = config.clan.core.vars.generators.buildbot.files.api-token.path;
                webhookSecretFile = config.clan.core.vars.generators.buildbot.files.webhook-secret.path;
                oauthId = config.clan.core.vars.generators.buildbot.files.oauth-id.value;
                oauthSecretFile = config.clan.core.vars.generators.buildbot.files.oauth-secret.path;
              };
            };
            clan.core.vars.generators.buildbot = {
              prompts.api-token = {
                description = "gitea API token";
                type = "hidden";
                persist = true;
              };
              prompts.webhook-secret = {
                description = "gitea webhook secret";
                type = "hidden";
                persist = true;
              };
              prompts.oauth-id = {
                description = "oauth client id";
                persist = true;
              };
              files.oauth-id.secret = false;
              prompts.oauth-secret = {
                description = "oauth secret";
                type = "hidden";
                persist = true;
              };
              dependencies = [ "buildbot-worker" ];
              files.workers-file.secret = true;
              runtimeInputs = [ pkgs.python3 ];
              script = ''
                python3 - << EOF                
                import os
                import json
                password_path = os.path.join(os.environ.get("in"), "buildbot-worker/worker-password")
                password = open(password_path).read().strip()
                workers = [
                  {
                    "name": "${config.networking.hostName}",
                    "pass": password,
                    "cores": 4,
                  },
                ];
                workers_file_path = os.path.join(os.environ.get("out"), "workers-file")
                with open(workers_file_path, "w") as workers_file:
                  workers_file.write(json.dumps(workers))
                EOF
              '';
            };
          };
      };
  };
  roles.worker = {
    perInstance =
      {
        settings,
        roles,
        ...
      }:
      {
        nixosModule =
          {
            config,
            lib,
            pkgs,
            ...
          }:
          {
            imports = [
              self.inputs.buildbot-nix.nixosModules.buildbot-worker
            ];
            services.buildbot-nix.worker = {
              enable = true;
              workerPasswordFile = config.clan.core.vars.generators.buildbot-worker.files.worker-password.path;
            };
            clan.core.vars.generators.buildbot-worker = {
              files.worker-password = { };
              runtimeInputs = [
                pkgs.openssl
              ];
              script = ''
                openssl rand -hex 32 > "$out"/worker-password
              '';
            };
          };
      };
  };
 }
--- a/clanServices/buildbot/flake-module.nix
+++ b/clanServices/buildbot/flake-module.nix
@@ -0,0 +1,4 @@
 { self, lib, ... }:
 {
  clan.modules."@rpqt/buildbot" = lib.modules.importApply ./default.nix { inherit self; };
 }
--- a/clanServices/coredns/README.md
+++ b/clanServices/coredns/README.md
@@ -0,0 +1,73 @@
 !!! Danger "Experimental"
    This service is experimental and will change in the future.
 This module enables hosting clan-internal services easily, which can be resolved
 inside your VPN. This allows defining a custom top-level domain (e.g. `.clan`)
 and exposing endpoints from a machine to others, which will be
 accessible under `http://<service>.clan` in your browser.
 The service consists of two roles:
 - A `server` role: This is the DNS-server that will be queried when trying to
  resolve clan-internal services. It defines the top-level domain.
 - A `default` role: This does two things. First, it sets up the nameservers so
  that clan-internal queries are resolved via the `server` machine, while
  external queries are resolved as normal via DHCP. Second, it allows exposing
  services (see example below).
 ## Example Usage
 Here the machine `dnsserver` is designated as internal DNS-server for the TLD
 `.foo`. `server01` will host an application that shall be reachable at
 `http://one.foo` and `server02` is going to be reachable at `http://two.foo`.
 `client` is any other machine that is part of the clan but does not host any
 services.
 When `client` tries to resolve `http://one.foo`, the DNS query will be
 routed to `dnsserver`, which will answer with `192.168.1.3`. If it tries to
 resolve some external domain (e.g. `https://clan.lol`), the query will not be
 routed to `dnsserver` but resolved as before, via the nameservers advertised by
 DHCP.
 ```nix
 inventory = {
  machines = {
    dnsserver = { }; # 192.168.1.2
    server01 = { };  # 192.168.1.3
    server02 = { };  # 192.168.1.4
    client = { };    # 192.168.1.5
  };
  instances = {
    coredns = {
      module.name = "@clan/coredns";
      module.input = "self";
      # Add the default role to all machines, including `client`
      roles.default.tags.all = { };
      # DNS server queries to http://<name>.foo are resolved here
      roles.server.machines."dnsserver".settings = {
        ip = "192.168.1.2";
        tld = "foo";
      };
      # First service
      # Registers http://one.foo will resolve to 192.168.1.3
      # underlying service runs on server01
      roles.default.machines."server01".settings = {
        ip = "192.168.1.3";
        services = [ "one" ];
      };
      # Second service
      roles.default.machines."server02".settings = {
        ip = "192.168.1.4";
        services = [ "two" ];
      };
    };
  };
 };
 ```
--- a/clanServices/coredns/default.nix
+++ b/clanServices/coredns/default.nix
@@ -0,0 +1,233 @@
 { ... }:
 {
  _class = "clan.service";
  manifest.name = "coredns";
  manifest.description = "Clan-internal DNS and service exposure";
  manifest.categories = [ "Network" ];
  manifest.readme = builtins.readFile ./README.md;
  roles.server = {
    description = "A DNS server that resolves services in the clan network.";
    interface =
      { lib, ... }:
      {
        options.tld = lib.mkOption {
          type = lib.types.str;
          default = "clan";
          description = ''
            Top-level domain for this instance. All services below this will be
            resolved internally.
          '';
        };
        options.ip = lib.mkOption {
          type = lib.types.str;
          # TODO: Set a default
          description = "IP for the DNS to listen on";
        };
        options.dnsPort = lib.mkOption {
          type = lib.types.int;
          default = 1053;
          description = "Port of the clan-internal DNS server";
        };
      };
    perInstance =
      {
        roles,
        settings,
        ...
      }:
      {
        nixosModule =
          {
            lib,
            pkgs,
            ...
          }:
          let
            hostServiceEntries =
              host:
              lib.strings.concatStringsSep "\n" (
                map (
                  service:
                  let
                    ip = roles.default.machines.${host}.settings.ip;
                    isIPv4 = addr: (builtins.match "\\." addr) != null;
                    recordType = if (isIPv4 ip) then "A" else "AAAA";
                  in
                  "${service} IN ${recordType} ${ip}   ; ${host}"
                ) roles.default.machines.${host}.settings.services
              );
            hostnameEntries = ''
              crocus 10800 IN AAAA fd28:387a:90:c400:6db2:dfc3:c376:9956
              genepi 10800 IN AAAA fd28:387a:90:c400:ab23:3d38:a148:f539
              verbena 10800 IN AAAA fd28:387a:90:c400::1
              haze 10800 IN AAAA fd28:387a:90:c400:840e:e9db:4c08:b920
            '';
            zonefile = builtins.toFile "${settings.tld}.zone" (
              ''
                $TTL 3600 ; 1 Hour
                $ORIGIN ${settings.tld}.
                ${settings.tld}. IN SOA ns1 admin.rpqt.fr. (
                	2025112300 ; serial
                	10800 ; refresh
                	3600 ; retry
                	604800 ; expire
                	300 ; minimum
                )
                ${builtins.concatStringsSep "\n" (
                  lib.lists.imap1 (i: _m: "@ 1D IN NS ns${toString i}.${settings.tld}.") (
                    lib.attrNames roles.server.machines
                  )
                )}
                ${builtins.concatStringsSep "\n" (
                  lib.lists.imap1 (i: m: "ns${toString i} 10800 IN CNAME ${m}.${settings.tld}.") (
                    lib.attrNames roles.server.machines
                  )
                )}
              ''
              + hostnameEntries
              + "\n"
              + (lib.strings.concatStringsSep "\n" (
                map (host: hostServiceEntries host) (lib.attrNames roles.default.machines)
              ))
            );
          in
          {
            networking.firewall.interfaces.wireguard = {
              allowedTCPPorts = [ settings.dnsPort ];
              allowedUDPPorts = [ settings.dnsPort ];
            };
            services.coredns = {
              enable = true;
              config =
                let
                  dnsPort = builtins.toString settings.dnsPort;
                in
                ''
                  .:${dnsPort} {
                      forward . 1.1.1.1
                      cache 30
                  }
                  ${settings.tld}:${dnsPort} {
                      file ${zonefile}
                  }
                '';
            };
          };
      };
  };
  roles.default = {
    description = "A machine that registers the 'server' role as resolver and registers services under the configured TLD in the resolver.";
    interface =
      { lib, ... }:
      {
        options.services = lib.mkOption {
          type = lib.types.listOf lib.types.str;
          default = [ ];
          description = ''
            Service endpoints this host exposes (without TLD). Each entry will
            be resolved to <entry>.<tld> using the configured top-level domain.
          '';
        };
        options.ip = lib.mkOption {
          type = lib.types.str;
          # TODO: Set a default
          description = "IP on which the services will listen";
        };
        options.dnsPort = lib.mkOption {
          type = lib.types.int;
          default = 1053;
          description = "Port of the clan-internal DNS server";
        };
      };
    perInstance =
      { roles, settings, ... }:
      {
        nixosModule =
          { config, lib, ... }:
          {
            networking.nameservers = map (
              m:
              let
                port = config.services.unbound.settings.port or 53;
              in
              "127.0.0.1:${toString port}#${roles.server.machines.${m}.settings.tld}"
            ) (lib.attrNames roles.server.machines);
            services.resolved.domains = map (m: "~${roles.server.machines.${m}.settings.tld}") (
              lib.attrNames roles.server.machines
            );
            services.unbound = {
              enable = true;
              resolveLocalQueries = true;
              checkconf = true;
              settings = {
                server = {
                  # port = 5353;
                  verbosity = 2;
                  interface = [ "127.0.0.1" ];
                  access-control = [ "127.0.0.0/8 allow" ];
                  do-not-query-localhost = "no";
                  domain-insecure = map (m: "${roles.server.machines.${m}.settings.tld}.") (
                    lib.attrNames roles.server.machines
                  );
                };
                # Default: forward everything else to DHCP-provided resolvers
                # forward-zone = [
                #   {
                #     name = ".";
                #     forward-addr = "127.0.0.53@53"; # Forward to systemd-resolved
                #   }
                # ];
                forward-zone = [
                  {
                    name = ".";
                    forward-tls-upstream = true;
                    forward-addr = [
                      "9.9.9.9#dns.quad9.net"
                      "149.112.112.112#dns.quad9.net"
                      "1.1.1.1@853#cloudflare-dns.com"
                      "1.0.0.1@853#cloudflare-dns.com"
                      "2606:4700:4700::1111@853#cloudflare-dns.com"
                      "2606:4700:4700::1001@853#cloudflare-dns.com"
                      "8.8.8.8#dns.google"
                      "8.8.4.4#dns.google"
                      "2001:4860:4860::8888#dns.google"
                      "2001:4860:4860::8844#dns.google"
                    ];
                  }
                ];
                stub-zone = {
                  name = "${roles.server.machines.${(lib.head (lib.attrNames roles.server.machines))}.settings.tld}.";
                  stub-addr = map (
                    m: "${roles.server.machines.${m}.settings.ip}@${builtins.toString settings.dnsPort}"
                  ) (lib.attrNames roles.server.machines);
                };
              };
            };
          };
      };
  };
 }
--- a/clanServices/coredns/flake-module.nix
+++ b/clanServices/coredns/flake-module.nix
@@ -0,0 +1,18 @@
 { ... }:
 let
  module = ./default.nix;
 in
 {
  clan.modules = {
    "@rpqt/coredns" = module;
  };
  # perSystem =
  #   { ... }:
  #   {
  #     clan.nixosTests.coredns = {
  #       imports = [ ./tests/vm/default.nix ];
  #       clan.modules."@rpqt/coredns" = module;
  #     };
  #   };
 }
--- a/clanServices/flake-module.nix
+++ b/clanServices/flake-module.nix
@@ -0,0 +1,7 @@
 {
  imports = [
    ./buildbot/flake-module.nix
    ./coredns/flake-module.nix
    ./prometheus/flake-module.nix
  ];
 }
--- a/clanServices/prometheus/README.md
+++ b/clanServices/prometheus/README.md
@@ -0,0 +1,38 @@
 This module enables collecting metrics from machines in clan, using Prometheus.
 There are two roles:
 - A `target` role for machines on which to collect and export metrics.
 - A `scraper` roles for machines that fetch metrics from `target` machines and
  store them in the long term.
 ```nix
 inventory = {
  machines = {
    server01.tags.server = {};
    server02.tags.server = {};
    metrics.tags.server = {}; # metrics collector
  };
  instances = {
    prometheus = {
      module.name = "@rpqt/prometheus";
      module.input = "self";
      roles.scraper.machines."metrics" = {};
      # Collect metrics on all servers
      roles.target.tags.server = {
        settings = {
          exporters = {
            # Enable the node-exporter metrics source
            node.enabledCollectors = [ "systemd" ];
          };
        };
      };
    };
  };
 };
 ```
--- a/clanServices/prometheus/default.nix
+++ b/clanServices/prometheus/default.nix
@@ -0,0 +1,114 @@
 { self, ... }:
 { lib, ... }:
 {
  _class = "clan.service";
  manifest.name = "prometheus";
  manifest.description = "Prometheus metrics collection across the clan network.";
  manifest.readme = builtins.readFile ./README.md;
  # Only works with zerotier (until a unified network module is ready)
  roles.scraper = {
    description = "A server that scrapes metrics from exporters of machines that have the 'target' role.";
    interface = {
      options.extraScrapeConfigs = lib.mkOption {
        type = lib.types.listOf lib.types.attrs;
        description = "A list of additional scrape configurations.";
      };
    };
    perInstance =
      {
        settings,
        roles,
        ...
      }:
      {
        nixosModule =
          { config, lib, ... }:
          {
            services.prometheus.enable = true;
            services.prometheus.scrapeConfigs =
              let
                allExporters = lib.unique (
                  lib.concatLists (
                    lib.map (machine: lib.attrNames machine.settings.exporters) (lib.attrValues roles.target.machines)
                  )
                );
                hasExporter =
                  exporter: machine: lib.hasAttr exporter roles.target.machines.${machine}.settings.exporters;
                mkScrapeConfig = (
                  exporter:
                  let
                    machinesWithExporter = lib.filter (hasExporter exporter) (lib.attrNames roles.target.machines);
                  in
                  {
                    job_name = exporter;
                    static_configs = lib.map (machineName: {
                      targets =
                        let
                          targetConfig = self.nixosConfigurations.${machineName}.config;
                          targetHost = targetConfig.clan.core.vars.generators.zerotier.files.zerotier-ip.value;
                        in
                        [
                          "[${targetHost}]:${toString targetConfig.services.prometheus.exporters.${exporter}.port}"
                        ];
                      labels.instance = machineName;
                    }) machinesWithExporter;
                  }
                );
              in
              (lib.map mkScrapeConfig allExporters) ++ settings.extraScrapeConfigs;
            clan.core.state.prometheus.folders = [ "/var/lib/${config.services.prometheus.stateDir}" ];
          };
      };
  };
  roles.target = {
    description = "A machine on which to collect and export metrics.";
    interface =
      { lib, ... }:
      {
        options = {
          exporters = lib.mkOption {
            type = lib.types.attrs;
            default = { };
            example = {
              node = {
                enabledCollectors = [ "systemd" ];
                port = 9002;
              };
            };
            description = "Attribute set of exporters to enable";
          };
        };
      };
    perInstance =
      {
        instanceName,
        settings,
        machine,
        roles,
        ...
      }:
      {
        nixosModule =
          { config, lib, ... }:
          {
            services.prometheus.exporters = builtins.mapAttrs (
              name: exporterSettings:
              exporterSettings
              // {
                enable = true;
              }
            ) settings.exporters;
            networking.firewall.interfaces."zts7mq7onf".allowedTCPPorts = lib.map (
              exporterName: config.services.prometheus.exporters.${exporterName}.port
            ) (lib.attrNames settings.exporters);
          };
      };
  };
 }
--- a/clanServices/prometheus/flake-module.nix
+++ b/clanServices/prometheus/flake-module.nix
@@ -0,0 +1,4 @@
 { self, lib, ... }:
 {
  clan.modules."@rpqt/prometheus" = lib.modules.importApply ./default.nix { inherit self; };
 }
--- a/devShells/flake-module.nix
+++ b/devShells/flake-module.nix
@@ -0,0 +1,26 @@
 {
  perSystem =
    {
      inputs',
      pkgs,
      ...
    }:
    {
      devShells.default = pkgs.mkShellNoCC {
        packages = [
          inputs'.clan-core.packages.clan-cli
          pkgs.garage
          pkgs.nil # Nix language server
          pkgs.nixfmt-rfc-style
          pkgs.opentofu
          pkgs.terraform-ls
          pkgs.deploy-rs
          pkgs.zsh
        ];
        shellHook = ''
          export GARAGE_RPC_SECRET=$(clan vars get crocus garage-shared/rpc_secret)
          export GARAGE_RPC_HOST=5d8249fe49264d36bc3532bd88400498bf9497b5cd4872245eb820d5d7797ed6@crocus.home.rpqt.fr:3901
        '';
      };
    };
 }
--- a/dotbot/windows.yaml
+++ b/dotbot/windows.yaml
@@ -0,0 +1,8 @@
 - defaults:
    link:
      relink: true
 - link:
    ~/AppData/Roaming/helix/config.toml: .config/helix/config.toml
    ~/AppData/Roaming/jj/config.toml: .config/jj/config.toml
    ~/AppData/Roaming/nushell/config.nu: .config/nushell/config.nu
--- a/flake.lock
+++ b/flake.lock
@@ -1,25 +1,25 @@
 {
  "nodes": {
-    "agenix": {
+    "buildbot-nix": {
      "inputs": {
-        "darwin": "darwin",
+        "flake-parts": "flake-parts",
-        "home-manager": "home-manager",
+        "hercules-ci-effects": "hercules-ci-effects",
        "nixpkgs": [
          "nixpkgs"
        ],
-        "systems": "systems"
+        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1745630506,
+        "lastModified": 1765893949,
-        "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=",
+        "narHash": "sha256-5wn3/cMZ6cQ7BHaoTkeDiMxgjZUV/8FPGplCJ/P6Idc=",
-        "owner": "ryantm",
+        "owner": "nix-community",
-        "repo": "agenix",
+        "repo": "buildbot-nix",
-        "rev": "96e078c646b711aee04b82ba01aefbff87004ded",
+        "rev": "39896cb5a1a6ad52d1feb6634913087e11059454",
        "type": "github"
      },
      "original": {
-        "owner": "ryantm",
+        "owner": "nix-community",
-        "repo": "agenix",
+        "repo": "buildbot-nix",
        "type": "github"
      }
    },
@@ -27,7 +27,9 @@
      "inputs": {
        "data-mesher": "data-mesher",
        "disko": "disko",
-        "flake-parts": "flake-parts",
+        "flake-parts": [
          "flake-parts"
        ],
        "nix-darwin": "nix-darwin",
        "nix-select": "nix-select",
        "nixos-facter-modules": "nixos-facter-modules",
@@ -35,15 +37,15 @@
          "nixpkgs"
        ],
        "sops-nix": "sops-nix",
-        "systems": "systems_2",
+        "systems": "systems",
-        "treefmt-nix": "treefmt-nix"
+        "treefmt-nix": "treefmt-nix_2"
      },
      "locked": {
-        "lastModified": 1747400548,
+        "lastModified": 1766058975,
-        "narHash": "sha256-zvBGXYkd8pZKkBXlLdcw0/nxSoGJOkwGbc6dz9NS4G8=",
+        "narHash": "sha256-HBnRRq9wLq7UfJxMM55wR10lZFK1F0lNyRgUwwOby6s=",
        "ref": "refs/heads/main",
-        "rev": "56f3fd0a454635d0449330e6848a98bab6da020e",
+        "rev": "9032d11a0e31641808ef1427150aac0f40e2e0b9",
-        "revCount": 6979,
+        "revCount": 11671,
        "type": "git",
        "url": "https://git.clan.lol/clan/clan-core"
      },
@@ -52,28 +54,6 @@
        "url": "https://git.clan.lol/clan/clan-core"
      }
    },
    "darwin": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1744478979,
        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
        "owner": "lnl7",
        "repo": "nix-darwin",
        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
        "type": "github"
      },
      "original": {
        "owner": "lnl7",
        "ref": "master",
        "repo": "nix-darwin",
        "type": "github"
      }
    },
    "data-mesher": {
      "inputs": {
        "flake-parts": [
@@ -84,21 +64,17 @@
          "clan-core",
          "nixpkgs"
        ],
        "systems": [
          "clan-core",
          "systems"
        ],
        "treefmt-nix": [
          "clan-core",
          "treefmt-nix"
        ]
      },
      "locked": {
-        "lastModified": 1747329636,
+        "lastModified": 1765768061,
-        "narHash": "sha256-mmyx5trq5ZQp6uShbHNfqgSxdg9OeArcZGdZKtHjhqw=",
+        "narHash": "sha256-RZ/ocDUJ3WPr2KcDc2MB6Fu+ZPqzwsMKQ16XxqrPi+o=",
-        "rev": "7afcd6f322b9839699f6f31d5bed884c6dd412c4",
+        "rev": "53351f9953ecf9dbe18795b4784abe53b14e6eee",
        "type": "tarball",
-        "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/7afcd6f322b9839699f6f31d5bed884c6dd412c4.tar.gz"
+        "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/53351f9953ecf9dbe18795b4784abe53b14e6eee.tar.gz"
      },
      "original": {
        "type": "tarball",
@@ -113,11 +89,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747274630,
+        "lastModified": 1765794845,
-        "narHash": "sha256-87RJwXbfOHyzTB9LYagAQ6vOZhszCvd8Gvudu+gf3qo=",
+        "narHash": "sha256-YD5QWlGnusNbZCqR3pxG8tRxx9yUXayLZfAJRWspq2s=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "ec7c109a4f794fce09aad87239eab7f66540b888",
+        "rev": "7194cfe5b7a3660726b0fe7296070eaef601cae9",
        "type": "github"
      },
      "original": {
@@ -133,11 +109,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747274630,
+        "lastModified": 1765794845,
-        "narHash": "sha256-87RJwXbfOHyzTB9LYagAQ6vOZhszCvd8Gvudu+gf3qo=",
+        "narHash": "sha256-YD5QWlGnusNbZCqR3pxG8tRxx9yUXayLZfAJRWspq2s=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "ec7c109a4f794fce09aad87239eab7f66540b888",
+        "rev": "7194cfe5b7a3660726b0fe7296070eaef601cae9",
        "type": "github"
      },
      "original": {
@@ -149,16 +125,16 @@
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
-          "clan-core",
+          "buildbot-nix",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1743550720,
+        "lastModified": 1765835352,
-        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
+        "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
+        "rev": "a34fae9c08a15ad73f295041fec82323541400a9",
        "type": "github"
      },
      "original": {
@@ -167,39 +143,63 @@
        "type": "github"
      }
    },
    "flake-parts_2": {
      "inputs": {
        "nixpkgs-lib": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1765835352,
        "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "rev": "a34fae9c08a15ad73f295041fec82323541400a9",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "type": "github"
      }
    },
    "hercules-ci-effects": {
      "inputs": {
        "flake-parts": [
          "buildbot-nix",
          "flake-parts"
        ],
        "nixpkgs": [
          "buildbot-nix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1765774562,
        "narHash": "sha256-UQhfCggNGDc7eam+EittlYmeW89CZVT1KkFIHZWBH7k=",
        "owner": "hercules-ci",
        "repo": "hercules-ci-effects",
        "rev": "edcbb19948b6caf1700434e369fde6ff9e6a3c93",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "hercules-ci-effects",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1745494811,
+        "lastModified": 1765980955,
-        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
+        "narHash": "sha256-rB45jv4uwC90vM9UZ70plfvY/2Kdygs+zlQ07dGQFk4=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
+        "rev": "89c9508bbe9b40d36b3dc206c2483ef176f15173",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "home-manager_2": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1747374689,
        "narHash": "sha256-JT/aBZqmK1LbExzwT9cPkvxKc0IC4i6tZKOPjsSWFbI=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "d2263ce5f4c251c0f7608330e8fdb7d1f01f0667",
        "type": "github"
      },
      "original": {
@@ -223,6 +223,27 @@
        "type": "github"
      }
    },
    "matugen": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ],
        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1765981892,
        "narHash": "sha256-c7VKaNiBUkwGsTq398EQSM4K7skPacmOz8NeLj67M7s=",
        "owner": "InioX",
        "repo": "Matugen",
        "rev": "e405cd9de87510dd40c1328bcf06e0daf3d1a5bf",
        "type": "github"
      },
      "original": {
        "owner": "InioX",
        "repo": "Matugen",
        "type": "github"
      }
    },
    "nix-darwin": {
      "inputs": {
        "nixpkgs": [
@@ -231,11 +252,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747365160,
+        "lastModified": 1764161084,
-        "narHash": "sha256-4ZVr0x+ry6ybym/VhVYACj0HlJo44YxAaPGOxiS88Hg=",
+        "narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=",
        "owner": "nix-darwin",
        "repo": "nix-darwin",
-        "rev": "8817b00b0011750381d0d44bb94d61087349b6ba",
+        "rev": "e95de00a471d07435e0527ff4db092c84998698e",
        "type": "github"
      },
      "original": {
@@ -246,11 +267,11 @@
    },
    "nix-select": {
      "locked": {
-        "lastModified": 1745005516,
+        "lastModified": 1763303120,
-        "narHash": "sha256-IVaoOGDIvAa/8I0sdiiZuKptDldrkDWUNf/+ezIRhyc=",
+        "narHash": "sha256-yxcNOha7Cfv2nhVpz9ZXSNKk0R7wt4AiBklJ8D24rVg=",
-        "rev": "69d8bf596194c5c35a4e90dd02c52aa530caddf8",
+        "rev": "3d1e3860bef36857a01a2ddecba7cdb0a14c35a9",
        "type": "tarball",
-        "url": "https://git.clan.lol/api/v1/repos/clan/nix-select/archive/69d8bf596194c5c35a4e90dd02c52aa530caddf8.tar.gz"
+        "url": "https://git.clan.lol/api/v1/repos/clan/nix-select/archive/3d1e3860bef36857a01a2ddecba7cdb0a14c35a9.tar.gz"
      },
      "original": {
        "type": "tarball",
@@ -274,11 +295,11 @@
    },
    "nixos-facter-modules": {
      "locked": {
-        "lastModified": 1743671943,
+        "lastModified": 1765442039,
-        "narHash": "sha256-7sYig0+RcrR3sOL5M+2spbpFUHyEP7cnUvCaqFOBjyU=",
+        "narHash": "sha256-k3lYQ+A1F7aTz8HnlU++bd9t/x/NP2A4v9+x6opcVg0=",
        "owner": "nix-community",
        "repo": "nixos-facter-modules",
-        "rev": "58ad9691670d293a15221d4a78818e0088d2e086",
+        "rev": "9dd775ee92de63f14edd021d59416e18ac2c00f1",
        "type": "github"
      },
      "original": {
@@ -293,11 +314,11 @@
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1742568034,
+        "lastModified": 1764234087,
-        "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
+        "narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
+        "rev": "032a1878682fafe829edfcf5fdfad635a2efe748",
        "type": "github"
      },
      "original": {
@@ -308,11 +329,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1747129300,
+        "lastModified": 1764440730,
-        "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=",
+        "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "e81fd167b33121269149c57806599045fd33eeed",
+        "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",
        "type": "github"
      },
      "original": {
@@ -340,11 +361,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1747179050,
+        "lastModified": 1765779637,
-        "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=",
+        "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e",
+        "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4",
        "type": "github"
      },
      "original": {
@@ -356,14 +377,17 @@
    },
    "root": {
      "inputs": {
-        "agenix": "agenix",
+        "buildbot-nix": "buildbot-nix",
        "clan-core": "clan-core",
        "disko": "disko_2",
-        "home-manager": "home-manager_2",
+        "flake-parts": "flake-parts_2",
        "home-manager": "home-manager",
        "impermanence": "impermanence",
        "matugen": "matugen",
        "nixos-generators": "nixos-generators",
        "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_2",
        "srvos": "srvos"
      }
    },
    "sops-nix": {
@@ -374,11 +398,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1746485181,
+        "lastModified": 1765836173,
-        "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=",
+        "narHash": "sha256-hWRYfdH2ONI7HXbqZqW8Q1y9IRbnXWvtvt/ONZovSNY=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "e93ee1d900ad264d65e9701a5c6f895683433386",
+        "rev": "443a7f2e7e118c4fc63b7fae05ab3080dd0e5c63",
        "type": "github"
      },
      "original": {
@@ -387,6 +411,26 @@
        "type": "github"
      }
    },
    "srvos": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1766020451,
        "narHash": "sha256-Jy7rX7sMbSJEX0KKwvNcGUfRVZ0SDWo3Zk2e5LGyqw0=",
        "owner": "nix-community",
        "repo": "srvos",
        "rev": "5ecd4a56da963480db305e56ab3a42d13597c0a7",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "srvos",
        "type": "github"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
@@ -404,20 +448,41 @@
    },
    "systems_2": {
      "locked": {
-        "lastModified": 1681028828,
+        "lastModified": 1689347949,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
        "owner": "nix-systems",
-        "repo": "default",
+        "repo": "default-linux",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
-        "repo": "default",
+        "repo": "default-linux",
        "type": "github"
      }
    },
    "treefmt-nix": {
      "inputs": {
        "nixpkgs": [
          "buildbot-nix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1762938485,
        "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=",
        "owner": "numtide",
        "repo": "treefmt-nix",
        "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "treefmt-nix",
        "type": "github"
      }
    },
    "treefmt-nix_2": {
      "inputs": {
        "nixpkgs": [
          "clan-core",
@@ -425,11 +490,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747299117,
+        "lastModified": 1766000401,
-        "narHash": "sha256-JGjCVbxS+9t3tZ2IlPQ7sdqSM4c+KmIJOXVJPfWmVOU=",
+        "narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "e758f27436367c23bcd63cd973fa5e39254b530e",
+        "rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -5,128 +5,60 @@
    inputs@{
      nixpkgs,
      clan-core,
      flake-parts,
      home-manager,
      impermanence,
      nixos-generators,
      nixos-hardware,
      self,
      ...
    }:
-    let
+    flake-parts.lib.mkFlake { inherit inputs; } ({
-      clan = clan-core.lib.buildClan {
+      imports = [
-        self = self;
+        inputs.clan-core.flakeModules.default
-        meta.name = "blossom";
+        ./clan/flake-module.nix
-        specialArgs = {
+        ./clanServices/flake-module.nix
-          inherit inputs self;
+        ./devShells/flake-module.nix
-          inherit (import ./parts) keys;
+        ./home-manager/flake-module.nix
-        };
+        ./infra/flake-module.nix
-        inventory = {
+        ./modules/flake-module.nix
-          instances = {
+        ./packages/flake-module.nix
-            "rpqt-admin" = {
+      ];
              module.input = "clan-core";
              module.name = "admin";
              roles.default.machines = {
                "crocus" = { };
                "genepi" = { };
                "haze" = { };
              };
              roles.default.settings.allowedKeys = {
                rpqt_haze = (import ./parts).keys.rpqt.haze;
              };
            };
          };
          services = {
            zerotier.default = {
              roles.controller.machines = [
                "crocus"
              ];
              roles.peer.machines = [
                "haze"
                "genepi"
              ];
            };
            sshd.default = {
              roles.server.machines = [ "crocus" ];
            };
            user-password.rpqt = {
              roles.default.machines = [
                "crocus"
                "genepi"
                "haze"
              ];
              config.user = "rpqt";
            };
          };
        };
      };
    in
    {
      inherit (clan) clanInternals nixosConfigurations;
-      devShells =
+      systems = [
-        let
+        "x86_64-linux"
-          system = "x86_64-linux";
+        "aarch64-linux"
-          pkgs = import nixpkgs {
+      ];
-            inherit system;
+    });
          };
        in
        {
          "${system}".default = pkgs.mkShell {
            packages = [
              inputs.agenix.packages.${system}.default
              clan-core.packages.${system}.clan-cli
              pkgs.nil # Nix language server
              pkgs.nixfmt-rfc-style
              pkgs.opentofu
              pkgs.terraform-ls
              pkgs.deploy-rs
              pkgs.zsh
            ];
            shellhook = ''
              exec zsh
            '';
          };
        };
    };
  inputs = {
-    nixpkgs = {
+    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
      url = "github:nixos/nixpkgs?ref=nixos-unstable";
    };
    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    impermanence = {
      url = "github:nix-community/impermanence";
    };
    nixos-hardware = {
      url = "github:NixOS/nixos-hardware/master";
    };
    nixos-generators = {
      url = "github:nix-community/nixos-generators";
    };
    agenix = {
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    clan-core = {
      url = "git+https://git.clan.lol/clan/clan-core";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
-  nixConfig = {
+    disko.url = "github:nix-community/disko";
-    extra-substituters = [
+    disko.inputs.nixpkgs.follows = "nixpkgs";
-      "https://cache.nixos.org"
+
-      "https://nix-community.cachix.org"
+    home-manager.url = "github:nix-community/home-manager";
-    ];
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
-    extra-trusted-public-keys = [
+
-      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+    impermanence.url = "github:nix-community/impermanence";
-    ];
+
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
    nixos-generators.url = "github:nix-community/nixos-generators";
    clan-core.url = "git+https://git.clan.lol/clan/clan-core";
    clan-core.inputs.nixpkgs.follows = "nixpkgs";
    clan-core.inputs.flake-parts.follows = "flake-parts";
    matugen.url = "github:InioX/Matugen";
    matugen.inputs.nixpkgs.follows = "nixpkgs";
    flake-parts.url = "github:hercules-ci/flake-parts";
    flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
    srvos.url = "github:nix-community/srvos";
    srvos.inputs.nixpkgs.follows = "nixpkgs";
    buildbot-nix.url = "github:nix-community/buildbot-nix";
    buildbot-nix.inputs.nixpkgs.follows = "nixpkgs";
  };
 }
--- a/home-manager/chat.nix
+++ b/home-manager/chat.nix
@@ -1,5 +1,14 @@
 { config, pkgs, ... }:
 {
  self,
  config,
  pkgs,
  ...
 }:
 {
  imports = [
    self.homeManagerModules.dotfiles
  ];
  home.packages = with pkgs; [ senpai ];
  xdg.configFile."senpai".source = "${config.dotfiles.path}/.config/senpai";
--- a/home-manager/cli.nix
+++ b/home-manager/cli.nix
@@ -1,8 +1,19 @@
 { config, pkgs, ... }:
 {
  self,
  config,
  osConfig,
  pkgs,
  ...
 }:
 {
  imports = [
    self.homeManagerModules.dotfiles
  ];
  home.packages = with pkgs; [
    bottom
    btop
    comma
    difftastic
    doggo
    duf
@@ -16,14 +27,18 @@
    taskwarrior3
    tealdeer
    vivid
    yazi
    zoxide
  ];
  programs.zoxide.enable = true;
  programs.starship.enable = true;
  programs.atuin.enable = true;
  programs.bat.enable = true;
  programs.atuin.enable = true;
  xdg.dataFile."atuin/key".source =
    config.lib.file.mkOutOfStoreSymlink osConfig.clan.core.vars.generators.atuin.files.key.path;
  programs.zsh = {
    enable = true;
    syntaxHighlighting.enable = true;
@@ -42,6 +57,7 @@
  };
  xdg.configFile."git".source = "${config.dotfiles.path}/.config/git";
  xdg.configFile."jj/config.toml".source = "${config.dotfiles.path}/.config/jj/config.toml";
  xdg.configFile."task/taskrc".source = "${config.dotfiles.path}/.config/task/taskrc";
  home.sessionPath = [ "${config.dotfiles.path}/bin" ];
--- a/home-manager/common.nix
+++ b/home-manager/common.nix
--- a/home-manager/desktop/default.nix
+++ b/home-manager/desktop/default.nix
@@ -3,6 +3,7 @@
  imports = [
    ./fonts.nix
    ./pass.nix
    ./terminal.nix
    ./wayland.nix
  ];
@@ -20,4 +21,14 @@
  };
  gtk.enable = true;
  gtk.iconTheme = {
    name = "WhiteSur";
    package = pkgs.whitesur-icon-theme.override {
      alternativeIcons = true;
      boldPanelIcons = true;
    };
  };
  qt.enable = true;
  qt.platformTheme.name = "gtk";
 }
--- a/home-manager/desktop/fonts.nix
+++ b/home-manager/desktop/fonts.nix
@@ -6,4 +6,8 @@
  ];
  fonts.fontconfig.enable = true;
  fonts.fontconfig.defaultFonts = {
    sansSerif = [ "Adwaita Sans" ];
    monospace = [ "Adwaita Mono" ];
  };
 }
--- a/home-manager/desktop/gnome.nix
+++ b/home-manager/desktop/gnome.nix
@@ -0,0 +1,13 @@
 { pkgs, ... }:
 {
  home.packages = with pkgs.gnomeExtensions; [
    blur-my-shell
    paperwm
  ];
  dconf.settings = {
    "org/gnome/nautilus/preferences" = {
      show-image-thumbnails = "always";
    };
  };
 }
--- a/home-manager/desktop/niri.nix
+++ b/home-manager/desktop/niri.nix
@@ -0,0 +1,9 @@
 { self, config, ... }:
 {
  imports = [
    self.homeManagerModules.dotfiles
    ./wayland.nix
  ];
  xdg.configFile."niri".source = "${config.dotfiles.path}/.config/niri";
 }
--- a/home-manager/desktop/pass.nix
+++ b/home-manager/desktop/pass.nix
@@ -9,6 +9,6 @@
  programs.gpg.enable = true;
  services.gpg-agent = {
    enable = true;
-    pinentryPackage = pkgs.pinentry-gnome3;
+    pinentry.package = pkgs.pinentry-gnome3;
  };
 }
--- a/home-manager/desktop/sway.nix
+++ b/home-manager/desktop/sway.nix
@@ -1,11 +1,18 @@
 { config, pkgs, ... }:
 {
  self,
  config,
  pkgs,
  ...
 }:
 {
  imports = [
    self.homeManagerModules.dotfiles
    ./wayland.nix
  ];
  home.packages = with pkgs; [
    alacritty
    ghostty
    tofi
    i3status-rust
    mako
    wlsunset
    kanshi
    grim
@@ -22,9 +29,4 @@
    "i3status-rust".source = "${config.dotfiles.path}/.config/i3status-rust";
    "tofi/config".source = "${config.dotfiles.path}/.config/tofi/config";
  };
  programs.alacritty.enable = true;
  xdg.configFile."alacritty".source = "${config.dotfiles.path}/.config/alacritty";
  xdg.configFile."ghostty/config".source = "${config.dotfiles.path}/.config/ghostty/config";
 }
--- a/home-manager/desktop/terminal.nix
+++ b/home-manager/desktop/terminal.nix
@@ -0,0 +1,22 @@
 {
  config,
  pkgs,
  self,
  ...
 }:
 {
  imports = [
    self.homeManagerModules.dotfiles
  ];
  home.packages = [
    pkgs.alacritty
    pkgs.ghostty
  ];
  programs.alacritty.enable = true;
  xdg.configFile."alacritty/alacritty.toml".source =
    "${config.dotfiles.path}/.config/alacritty/alacritty.toml";
  xdg.configFile."ghostty/config".source = "${config.dotfiles.path}/.config/ghostty/config";
 }
--- a/home-manager/desktop/vicinae.nix
+++ b/home-manager/desktop/vicinae.nix
@@ -0,0 +1,19 @@
 {
  config,
  lib,
  ...
 }:
 {
  programs.vicinae = {
    enable = true;
    systemd.enable = true;
    systemd.autoStart = true;
  };
  xdg.configFile."vicinae/vicinae.json".source =
    lib.mkForce "${config.dotfiles.path}/.config/vicinae/vicinae.json";
  xdg.configFile."matugen/config.toml".source = "${config.dotfiles.path}/.config/matugen/config.toml";
  xdg.configFile."matugen/templates/vicinae.toml".source =
    "${config.dotfiles.path}/.config/matugen/templates/vicinae.toml";
 }
--- a/home-manager/desktop/wayland.nix
+++ b/home-manager/desktop/wayland.nix
@@ -1,7 +1,6 @@
 { pkgs, ... }:
 {
  home.packages = with pkgs; [
    waypaper
    wl-clipboard
  ];
 }
--- a/home-manager/dev.nix
+++ b/home-manager/dev.nix
@@ -1,13 +1,30 @@
 { config, pkgs, ... }:
 {
  self,
  config,
  pkgs,
  ...
 }:
 {
  imports = [
    ./cli.nix
    ./helix.nix
    self.homeManagerModules.dotfiles
  ];
  home.packages = with pkgs; [
    devenv
    direnv
    gh
    hut
    jujutsu
    nix-output-monitor
    python3
    radicle-desktop
    radicle-node
    radicle-tui
    typescript-language-server
    nil # Nix language server
    nixfmt-rfc-style
    nixpkgs-review
  ];
  programs.direnv = {
@@ -17,4 +34,5 @@
  };
  xdg.configFile."hut/config".source = "${config.dotfiles.path}/.config/hut/config";
  home.file.".ssh/config".source = "${config.dotfiles.path}/.ssh/config";
 }
--- a/home-manager/dotfiles.nix
+++ b/home-manager/dotfiles.nix
@@ -5,7 +5,7 @@
      path = lib.mkOption {
        type = lib.types.path;
        apply = toString;
-        default = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/rep/dotfiles";
+        default = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/rep/flocon/home";
        example = "${config.home.homeDirectory}/.dotfiles";
        description = "Location of the dotfiles working copy";
      };
--- a/home-manager/flake-module.nix
+++ b/home-manager/flake-module.nix
@@ -0,0 +1,5 @@
 {
  flake.homeManagerModules = {
    dotfiles.imports = [ ./dotfiles.nix ];
  };
 }
--- a/home-manager/helix.nix
+++ b/home-manager/helix.nix
@@ -0,0 +1,24 @@
 {
  self,
  config,
  pkgs,
  ...
 }:
 {
  imports = [
    self.homeManagerModules.dotfiles
  ];
  home.packages = [ pkgs.helix ];
  programs.helix = {
    enable = true;
    defaultEditor = true;
  };
  home.sessionVariables.EDITOR = "hx";
  xdg.configFile."helix/config.toml".source = "${config.dotfiles.path}/.config/helix/config.toml";
  xdg.configFile."helix/languages.toml".source =
    "${config.dotfiles.path}/.config/helix/languages.toml";
 }
--- a/home-manager/mail/default.nix
+++ b/home-manager/mail/default.nix
@@ -15,7 +15,7 @@
      realName = "Romain Paquet";
      primary = true;
      flavor = "migadu.com";
-      thunderbird.enable = true;
+      thunderbird.enable = config.programs.thunderbird.enable;
    };
    "admin@rpqt.fr" = {
@@ -40,5 +40,36 @@
      };
      thunderbird.enable = config.programs.thunderbird.enable;
    };
    "admin@turifer.dev" = {
      address = "admin@turifer.dev";
      aliases = [ "postmaster@turifer.dev" ];
      realName = "Postmaster";
      flavor = "migadu.com";
      thunderbird.enable = config.programs.thunderbird.enable;
    };
    "romain@student.agh.edu.pl" = {
      address = "romain@student.agh.edu.pl";
      aliases = [ "382799@student.agh.edu.pl" ];
      realName = "Romain Paquet";
      userName = "romain@student.agh.edu.pl";
      imap = {
        host = "poczta.agh.edu.pl";
        port = 993;
      };
      smtp = {
        host = "poczta.agh.edu.pl";
        port = 465;
      };
      thunderbird.enable = config.programs.thunderbird.enable;
    };
    "romain.pqt@gmail.com" = {
      address = "romain.pqt@gmail.com";
      realName = "Romain Paquet";
      flavor = "gmail.com";
      thunderbird.enable = config.programs.thunderbird.enable;
    };
  };
 }
--- a/home-manager/minecraft.nix
+++ b/home-manager/minecraft.nix
--- a/home/.clang-format
+++ b/home/.clang-format
@@ -0,0 +1,16 @@
 BasedOnStyle: LLVM
 IndentWidth: 8
 TabWidth: 8
 UseTab: Always
 ColumnLimit: 80
 IndentCaseLabels: false
 IndentGotoLabels: false
 BreakBeforeBraces: Custom
 BraceWrapping:
  AfterFunction: false
 AlwaysBreakAfterDefinitionReturnType: false
--- a/home/.config/alacritty/alacritty.toml
+++ b/home/.config/alacritty/alacritty.toml
@@ -0,0 +1,37 @@
 [general]
 live_config_reload = false
 import = ["~/.config/alacritty/themes/kanagawa_wave.toml"]
 [font]
 size = 14
 [font.bold]
 family = "Jetbrains Mono NF"
 style = "Bold"
 [font.bold_italic]
 family = "Jetbrains Mono NF"
 style = "Bold Italic"
 [font.italic]
 family = "Jetbrains Mono NF"
 style = "Italic"
 [font.normal]
 family = "Jetbrains Mono NF"
 style = "Regular"
 [[keyboard.bindings]]
 action = "CreateNewWindow"
 key = "Return"
 mods = "Control|Shift"
 [mouse]
 hide_when_typing = true
 [window]
 opacity = 1.0
 [window.padding]
 x = 4
 y = 4
--- a/home/.config/alacritty/themes/kanagawa_lotus.toml
+++ b/home/.config/alacritty/themes/kanagawa_lotus.toml
@@ -0,0 +1,35 @@
 [colors.primary]
 background = '#f2ecbc'
 foreground = '#545464'
 [colors.normal]
 black = "#1f1f28"
 red = "#c84053"
 green = "#6f894e"
 yellow = "#77713f"
 blue = "#4d699b"
 magenta = "#b35b79"
 cyan = "#597b75"
 white = "#545464"
 [colors.bright]
 black = "#8a8980"
 red = "#d7474b"
 green = "#6e915f"
 yellow = "#836f4a"
 blue = "#6693bf"
 magenta = "#624c83"
 cyan = "#5e857a"
 white = "#43436c"
 [colors.selection]
 background = '#c9cbd1'
 foreground = '#dcd7ba'
 [[colors.indexed_colors]]
 index = 16
 color = '#e98a00'
 [[colors.indexed_colors]]
 index = 17
 color = '#e82424'
--- a/home/.config/alacritty/themes/kanagawa_wave.toml
+++ b/home/.config/alacritty/themes/kanagawa_wave.toml
@@ -0,0 +1,35 @@
 [[colors.indexed_colors]]
 color = "0xffa066"
 index = 16
 [[colors.indexed_colors]]
 color = "0xff5d62"
 index = 17
 [colors.bright]
 black = "0x727169"
 blue = "0x7fb4ca"
 cyan = "0x7aa89f"
 green = "0x98bb6c"
 magenta = "0x938aa9"
 red = "0xe82424"
 white = "0xdcd7ba"
 yellow = "0xe6c384"
 [colors.normal]
 black = "0x090618"
 blue = "0x7e9cd8"
 cyan = "0x6a9589"
 green = "0x76946a"
 magenta = "0x957fb8"
 red = "0xc34043"
 white = "0xc8c093"
 yellow = "0xc0a36e"
 [colors.primary]
 background = "0x1f1f28"
 foreground = "0xdcd7ba"
 [colors.selection]
 background = "0x2d4f67"
 foreground = "0xc8c093"
--- a/home/.config/bat/config
+++ b/home/.config/bat/config
@@ -0,0 +1 @@
 --theme gruvbox-dark
--- a/home/.config/dotfiles/clone.sh
+++ b/home/.config/dotfiles/clone.sh
@@ -0,0 +1,29 @@
 #!/bin/sh
 DOTFILES_GIT_URL='git@git.sr.ht:~rpqt/dotfiles'
 # The first argument can be the destination folder
 if [ $# -eq 1 ]; then
  DOTFILES_DIR="$1"
 else
  DOTFILES_DIR="$HOME/.dotfiles"
 fi
 echo "$DOTFILES_DIR" >> "$HOME/.gitignore"
 git clone --bare "$DOTFILES_GIT_URL" "$DOTFILES_DIR"
 alias dotfiles='/usr/bin/git --git-dir=$DOTFILES_DIR --work-tree=$HOME'
 dotfiles config --local status.showUntrackedFiles no
 dotfiles checkout
 tee "$HOME/.config/git/config" >/dev/null <<EOT
 [include]
  path = ~/.config/git/common.gitconfig
  path = ~/.config/git/local.gitconfig
 EOT
 unset DOTFILES_DIR
 unset DOTFILES_GIT_URL
--- a/home/.config/ghostty/config
+++ b/home/.config/ghostty/config
@@ -0,0 +1,6 @@
 theme = dark:Kanagawa Wave,light:Builtin Light
 font-feature = -liga
 font-feature = -calt
 font-feature = -dlig
 font-size = 14
 window-inherit-working-directory = false
--- a/home/.config/git/common.gitconfig
+++ b/home/.config/git/common.gitconfig
@@ -0,0 +1,54 @@
 [user]
 	email = rpqt@rpqt.fr
 	name = Romain Paquet
 [init]
 	defaultBranch = main
 [core]
 	excludesfile = ~/.config/git/ignore
 [filter "lfs"]
 	clean = git-lfs clean -- %f
 	smudge = git-lfs smudge -- %f
 	process = git-lfs filter-process
 	required = true
 [color]
 	ui = auto
 [sendemail]
 	smtpserver = smtp.migadu.com
 	smtpuser = rpqt@rpqt.fr
 	smtpencryption = ssl
 	smtpserverport = 465
 [diff]
 	colormoved = "default"
 	colormovedws = "allow-indentation-change"
 [alias]
 	a = add
 	s = status
 	c = commit
 	news = -c diff.external=difft log -p HEAD@{1}..HEAD@{0} --ext-diff
 	dlog = -c diff.external=difft log -p --ext-diff
 	dshow = -c diff.external=difft show --ext-diff
    dft = -c diff.external=difft diff
 	lg1 = log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%s%C(reset) %C(dim white)- %an%C(reset)%C(auto)%d%C(reset)' --all
 	lg2 = log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold cyan)%aD%C(reset) %C(bold green)(%ar)%C(reset)%C(auto)%d%C(reset)%n''          %C(white)%s%C(reset) %C(dim white)- %an%C(reset)'
 [column]
 	ui = auto
 [branch]
 	sort = -committerdate
 [tag]
 	sort = version:refname
 [push]
 	autoSetupRemote = true
 	followTags = true
 [help]
 	autocorrect = prompt
 [commit]
 	verbose = true
 [rerere]
 	enabled = true
 	autoupdate = true
 [rebase]
 	autoSquash = true
 	autoStash = true
 	updateRefs = true
 [pull]
 	rebase = true
--- a/home/.config/git/config
+++ b/home/.config/git/config
@@ -0,0 +1,5 @@
 [include]
  path = ~/.config/git/common.gitconfig
  path = ~/.config/git/local.gitconfig
 [includeIf "gitdir:~/imag/"]
 	path = ~/.config/git/ensimag.gitconfig
--- a/home/.config/git/ensimag.gitconfig
+++ b/home/.config/git/ensimag.gitconfig
@@ -0,0 +1,3 @@
 [user]
 	name = "Romain Paquet"
 	email = romain.paquet@grenoble-inp.org
--- a/home/.config/git/ignore
+++ b/home/.config/git/ignore
@@ -0,0 +1,4 @@
 /.direnv
 /.helix
 /.settings
 /.classpath
--- a/home/.config/helix/config.toml
+++ b/home/.config/helix/config.toml
@@ -0,0 +1,21 @@
 theme = "kanagawa"
 [editor]
 line-number = "absolute"
 auto-completion = true
 auto-format = true
 end-of-line-diagnostics = "hint"
 [editor.cursor-shape]
 insert = "bar"
 normal = "block"
 [editor.statusline]
 left = ["mode", "spinner", "file-name"]
 right = ["diagnostics", "file-encoding", "file-type", "position"]
 mode.normal = "NORMAL"
 mode.insert = "INSERT"
 mode.select = "SELECT"
 [editor.inline-diagnostics]
 cursor-line = "error"
--- a/home/.config/helix/languages.toml
+++ b/home/.config/helix/languages.toml
@@ -0,0 +1,60 @@
 [[language]]
 name = "c"
 scope = "source.c"
 file-types = ["c", "h"]
 indent = { tab-width = 4, unit = "\t" }
 auto-format = true
 language-servers = [ { name = "clangd" } ]
 [language-server.clangd]
 command = "clangd"
 args = ["--header-insertion=never"]
 [[language]]
 name = "rust"
 language-servers = [ "rust-analyzer" ]
 auto-format = true
 [language-server.rust-analyzer.config]
 check.command = "clippy"
 [language-server.deno-lsp]
 command = "deno"
 args = ["lsp"]
 [language-server.deno-lsp.config.deno]
 enable = true
 lint = true
 suggest.imports.hosts = { "https://deno.land" = true }
 [[language]]
 name = "typescript"
 file-types = ["ts"]
 language-servers = ["deno-lsp"]
 [[language]]
 name = "djot"
 scope = "source.djot"
 file-types = ["dj"]
 [[grammar]]
 name = "djot"
 source = { git = "https://github.com/treeman/tree-sitter-djot", rev = "master" }
 [[language]]
 name = "nix"
 formatter = { command = "nixfmt" }
 [[language]]
 name = "java"
 formatter = { command = "google-java-format", args = ["--aosp"] }
 auto-format = true
 [[language]]
 name = "hcl"
 formatter = { command = "tofu", args = ["fmt", "-"] }
 auto-format = true
 [[language]]
 name = "vento"
 indent = { tab-width = 2, unit = "\t" }
--- a/home/.config/hut/config
+++ b/home/.config/hut/config
@@ -0,0 +1,3 @@
 instance "sr.ht" {
 	access-token-cmd pass oauth/sr.ht-hut@haze
 }
--- a/home/.config/i3bar-river/bottom-config.toml
+++ b/home/.config/i3bar-river/bottom-config.toml
@@ -0,0 +1,6 @@
 font = "JetBrains Mono NF Bold 12"
 height = 24
 background = "#000000"
 command = "i3status-rs ~/.config/i3status-rust/bottom-config.toml"
 position = "bottom"
 show_tags = false
--- a/home/.config/i3bar-river/config.toml
+++ b/home/.config/i3bar-river/config.toml
@@ -0,0 +1,10 @@
 font = "JetBrains Mono NF Bold 12"
 height = 24
 background = "#000000"
 command = "i3status-rs"
 tags_margin = 0.0
 tags_padding = 8.0
 tag_fg = "#727169"
 tag_bg = "#000000"
 tag_focused_fg = "#dcd7ba"
 tag_focused_bg = "#000000"
--- a/home/.config/i3status-rust/bottom-config.toml
+++ b/home/.config/i3status-rust/bottom-config.toml
@@ -0,0 +1,53 @@
 [theme]
 theme = "kanagawa"
 [theme.overrides]
 separator = "<span size='13000'></span>"
 [icons]
 icons = "material-nf"
 [[block]]
 block = "privacy"
 [[block.driver]]
 name = "pipewire"
 [[block]]
 block = "music"
 format = " $icon {$combo.str(max_w:70) $prev $next |}"
 [[block.click]]
 button = "left"
 action = "play_pause"
 [[block]]
 block = "bluetooth"
 mac = "20:74:CF:B5:B7:7A"
 format = " $icon $name{ $percentage|} "
 disconnected_format = ""
 [[block]]
 block = "bluetooth"
 mac = "28:11:A5:6B:44:8B"
 format = " $icon $name{ $percentage|} "
 disconnected_format = ""
 [[block]]
 block = "bluetooth"
 mac = "00:1E:7C:50:24:8F"
 format = " $icon $name{ $percentage|} "
 disconnected_format = ""
 [[block]]
 block = "toggle"
 format = " $icon ensivpn "
 command_state = 'nmcli -f general.state con show Ensimag-VPN-ETU-udp | grep -v deactivated'
 command_on = "pass show web/ensimag.fr | head -n 1 | nmcli c up Ensimag-VPN-ETU-udp --ask"
 command_off = "nmcli c down Ensimag-VPN-ETU-udp"
 [[block]]
 block = "net"
 interval = 10
 device = "wlan0"
 format = " $icon {$ssid|$device} "
 [[block.click]]
 button = "left"
 cmd = "iwgtk"
--- a/home/.config/i3status-rust/config.toml
+++ b/home/.config/i3status-rust/config.toml
@@ -0,0 +1,78 @@
 [theme]
 theme = "kanagawa"
 [theme.overrides]
 separator = "<span size='17000'></span>"
 [icons]
 icons = "material-nf"
 [icons.overrides]
 sleep = "󰒲"
 no_sleep = "󰒳"
 [[block]]
 block = "toggle"
 format = " $icon  "
 command_state = "pgrep swayidle"
 command_on = "swaymsg 'exec swayidle -w'"
 command_off = "pkill swayidle"
 icon_on = "sleep"
 icon_off = "no_sleep"
 [[block]]
 block = "toggle"
 format = "  $icon  "
 command_state = 'if [ "$($HOME/bin/darkmode status)" = "dark" ]; then echo y; fi'
 command_on = "$HOME/bin/darkmode toggle"
 command_off = "$HOME/bin/darkmode toggle"
 [[block]]
 block = "hueshift"
 format = " 󱩌 {$temperature} "
 click_temp = 4000
 [[block]]
 block = "backlight"
 format = " $icon $brightness.eng(width:1) "
 step_width = 1
 minimum = 1
 [[block]]
 block = "sound"
 driver = "pulseaudio"
 headphones_indicator = true
 show_volume_when_muted = true
 format = " $icon $volume.eng(width:1) "
 [[block.click]]
 button = "left"
 cmd = "pavucontrol"
 [block.theme_overrides]
 warning_bg = { link = "idle_bg" }
 warning_fg = { link = "idle_fg"}
 idle_bg = { link = "info_bg" }
 idle_fg = { link = "info_fg"}
 [[block]]
 block = "battery"
 interval = 30
 format = " $icon $percentage "
 full_format = " $icon $percentage "
 [[block]]
 block = "keyboard_layout"
 driver = "sway"
 sway_kb_identifier = "1267:12613:ASUE140C:00_04F3:3145_Keyboard"
 format = "  $layout "
 [[block.click]]
 button = "left"
 cmd = "swaymsg input '1267:12613:ASUE140C:00_04F3:3145_Keyboard' xkb_switch_layout next"
 [block.mappings]
 "French (N/A)" = "fr"
 "English (Colemak-DH)" = "colemak-dh"
 "English (US)" = "en"
 [[block]]
 block = "time"
 interval = 10
 [block.format]
 full = " $icon $timestamp.datetime(f:'%a %d/%m/%y %R', l:fr_FR) "
 short = " $icon $timestamp.datetime(f:'%R')"
--- a/home/.config/i3status-rust/themes/kanagawa.toml
+++ b/home/.config/i3status-rust/themes/kanagawa.toml
@@ -0,0 +1,14 @@
 idle_bg = "#151515"
 idle_fg = "#dcd7ba"
 info_bg = "#2d4f67"
 info_fg = "#dcd7ba"
 good_bg = "#151515"
 good_fg = "#98971a"
 warning_bg = "#ff9e3b"
 warning_fg = "#16161D"
 critical_bg = "#e82424"
 critical_fg = "#dcd7ba"
 separator = "\ue0b2"
 separator_bg = "auto"
 separator_fg = "auto"
 alternating_tint_bg = "#151515"
--- a/home/.config/jj/config.toml
+++ b/home/.config/jj/config.toml
@@ -0,0 +1,54 @@
 "$schema" = "https://jj-vcs.github.io/jj/latest/config-schema.json"
 [ui]
 default-command = ["log", "--no-pager"]
 diff-formatter = ["difft", "--color=always", "$left", "$right"]
 diff-editor = ":builtin"
 [user]
 name = "Romain Paquet"
 email = "rpqt@rpqt.fr"
 [git]
 write-change-id-header = true
 [revset-aliases]
 'closest_pushable(to)' = 'heads(::to & mutable() & ~description(exact:"") & (~empty() | merges()))'
 [aliases]
 s = ["status", "--no-pager"]
 tug = ["bookmark", "move", "--from", "heads(::@ & bookmarks())", "--to", "closest_pushable(@)"]
 [[--scope]]
 --when.repositories = ["~/agh"]
 [--scope.user]
 email = "romain@student.agh.edu.pl"
 [[--scope]]
 --when.repositories = ["~/imag"]
 [--scope.user]
 email = "romain.paquet@grenoble-inp.org"
 # After this line everything is taken from https://andre.arko.net/2025/09/28/stupid-jj-tricks
 [templates]
 draft_commit_description = '''
  concat(
    coalesce(description, default_commit_description, "\n"),
    surround(
      "\nJJ: This commit contains the following changes:\n", "",
      indent("JJ:     ", diff.stat(72)),
    ),
    "\nJJ: ignore-rest\n",
    diff.git(),
  )
 '''
 log_node = '''
 if(self && !current_working_copy && !immutable && !conflict && in_branch(self),
  "◇",
  builtin_log_node
 )
 '''
 [template-aliases]
 "in_branch(commit)" = 'commit.contained_in("immutable_heads()..bookmarks()")'
--- a/home/.config/kanshi/config
+++ b/home/.config/kanshi/config
@@ -0,0 +1,5 @@
 profile mirror-hdmi {
    output eDP-1 enable mode 1920x1080 position 0,0
    output HDMI-A-1 enable mode 1920x1080 position 1920,0
    exec wl-present mirror eDP-1 --fullscreen-output HDMI-A-1 --fullscreen
 }
--- a/home/.config/kmonad/config.kbd
+++ b/home/.config/kmonad/config.kbd
@@ -0,0 +1,46 @@
 (defcfg
  input (device-file "/dev/input/by-path/platform-i8042-serio-0-event-kbd")
  output (uinput-sink "KMonad laptop keyboard output")
  fallthrough true
 )
 (defsrc
  esc  f1   f2   f3   f4   f5   f6   f7   f8   f9   f10  f11  f12  prnt ins  del
  grv  1    2    3    4    5    6    7    8    9    0    -    =    bspc home
  tab  q    w    e    r    t    y    u    i    o    p    [    ]    \    pgup
  caps a    s    d    f    g    h    j    k    l    ;    '    ret       pgdn
  lsft z    x    c    v    b    n    m    ,    .    /    rsft           end
  lctl      lmet lalt         spc         ralt rctl
 )
 (defalias
  maj (layer-toggle azerty-shift)
  agr (layer-toggle azerty-altgr)
 )
 (deflayer azerty
  esc  f1   f2   f3   f4   f5   f6   f7   f8   f9   f10  f11  f12  prnt ins  del
  grv  &    é    "    '    \(   -    è    \_   ç    à    \)   =    bspc home
  tab  a    z    e    r    t    y    u    i    o    p    ^    $    *    pgup
  caps q    s    d    f    g    h    j    k    l    m    ù    ret       pgdn
  @maj w    x    c    v    b    n    ,    ;    :    !    rsft           end
  lctl      lmet lalt         spc         @agr rctl
 )
 (deflayer azerty-shift
  _    _    _    _    _    _    _    _    _    _    _    _    _    _    _    _
  _    1    2    3    4    5    6    7    8    9    0    °    +    _    _
  _    a    _    _    _    _    _    _    _    _    _    _    £    µ    _
  _    _    _    _    _    _    _    _    _    _    _    %    _         _
  @maj _    _    _    _    _    _    ?    .    /    §    rsft           _
  lctl      lmet lalt         spc         ralt rctl
 )
 (deflayer azerty-altgr
  _    _    _    _    _    _    _    _    _    _    _    _    _    _    _    _
  _    _    ~    #    {    [    |    grv  \    ^    @    ]    }    _    _
  _    _    _    _    _    _    _    _    _    _    _    _    _    _    _
  _    _    _    _    _    _    _    _    _    _    _    _    _         _
  _    _    _    _    _    _    _    _    _    _    _    rsft           _
  lctl      lmet lalt         spc         @agr rctl
 )
--- a/home/.config/matugen/config.toml
+++ b/home/.config/matugen/config.toml
@@ -0,0 +1,6 @@
 [config]
 [templates.vicinae]
 input_path = '~/.config/matugen/templates/vicinae.toml'
 output_path = '~/.local/share/vicinae/themes/matugen.toml'
 post_hook = 'vicinae theme set matugen'
--- a/home/.config/matugen/templates/vicinae.toml
+++ b/home/.config/matugen/templates/vicinae.toml
@@ -0,0 +1,127 @@
 # Vicinae Matugen Theme Template
 # Used LLM for initial generation, then modified to a satisfactory level
 [meta]
 name = "Matugen"
 description = "Material You theme generated by Matugen - {{mode}} variant"
 variant = "{{mode}}"
 # ============================================================================
 # Core Colors
 # ============================================================================
 [colors.core]
 accent = "{{colors.primary.default.hex}}"
 accent_foreground = "{{colors.on_primary.default.hex}}"
 background = "{{colors.surface.default.hex}}"
 foreground = "{{colors.on_surface.default.hex}}"
 secondary_background = "{{colors.surface_container.default.hex}}"
 border = "{{colors.outline_variant.default.hex}}"
 # ============================================================================
 # Window Borders
 # ============================================================================
 [colors.main_window]
 border = "{{colors.outline_variant.default.hex}}"
 [colors.settings_window]
 border = "{{colors.outline.default.hex}}"
 # ============================================================================
 # Accent Palette
 # ============================================================================
 [colors.accents]
 blue = "{{colors.primary.default.hex}}"
 green = "{{colors.tertiary.default.hex}}"
 magenta = "{{colors.secondary.default.hex}}"
 orange = { name = "{{colors.error.default.hex}}", lighter = 40 }
 red = "{{colors.error.default.hex}}"
 yellow = { name = "{{colors.tertiary.default.hex}}", lighter = 80 }
 cyan = { name = "{{colors.primary.default.hex}}", lighter = 50 }
 purple = "{{colors.secondary.default.hex}}"
 # ============================================================================
 # Text System
 # ============================================================================
 [colors.text]
 default = "{{colors.on_surface.default.hex}}"
 muted = "{{colors.on_surface_variant.default.hex}}"
 danger = "{{colors.error.default.hex}}"
 success = "{{colors.tertiary.default.hex}}"
 placeholder = { name = "{{colors.on_surface_variant.default.hex}}", opacity = 0.6 }
 [colors.text.selection]
 background = "{{colors.primary.default.hex}}"
 foreground = "{{colors.on_primary.default.hex}}"
 [colors.text.links]
 default = "{{colors.primary.default.hex}}"
 visited = { name = "{{colors.tertiary.default.hex}}", darker = 20 }
 # ============================================================================
 # Input Fields
 # ============================================================================
 [colors.input]
 border = "{{colors.outline.default.hex}}"
 border_focus = "{{colors.primary.default.hex}}"
 border_error = "{{colors.error.default.hex}}"
 # ============================================================================
 # Buttons
 # ============================================================================
 [colors.button.primary]
 background = "{{colors.surface_container_high.default.hex}}"
 foreground = "{{colors.on_surface.default.hex}}"
 [colors.button.primary.hover]
 background = "{{colors.surface_container_highest.default.hex}}"  
 [colors.button.primary.focus]
 outline = "{{colors.primary.default.hex}}"
 # ============================================================================
 # Lists
 # ============================================================================
 [colors.list.item.hover]
 background = { name = "{{colors.primary_container.default.hex}}", opacity = 0.25 }  
 foreground = "{{colors.on_surface.default.hex}}"
 [colors.list.item.selection]
 background = { name = "{{colors.primary_container.default.hex}}", opacity = 0.50 }
 foreground = "{{colors.on_primary_container.default.hex}}"
 secondary_background = "{{colors.primary_container.default.hex}}"
 secondary_foreground = "{{colors.on_primary_container.default.hex}}"
 # ============================================================================
 # Grid Items
 # ============================================================================
 [colors.grid.item]
 background = "{{colors.surface_container.default.hex}}"
 [colors.grid.item.hover]
 outline = { name = "{{colors.secondary.default.hex}}", opacity = 0.8 }
 [colors.grid.item.selection]
 outline = { name = "{{colors.primary.default.hex}}" }
 # ============================================================================
 # Scrollbars
 # ============================================================================
 [colors.scrollbars]
 background = { name = "{{colors.primary.default.hex}}", opacity = 0.2 }
 # ============================================================================
 # Loading States
 # ============================================================================
 [colors.loading]
 bar = "{{colors.primary.default.hex}}"
 spinner = "{{colors.primary.default.hex}}"
--- a/home/.config/mpd/mpd.conf
+++ b/home/.config/mpd/mpd.conf
@@ -0,0 +1,10 @@
 music_directory "~/Music"
 playlist_directory "~/.config/mpd/playlists"
 db_file	"~/.config/mpd/database"
 restore_paused "yes"
 state_file "~/.local/state/mpd"
 audio_output {
 	type "pipewire"
 	name "pipewire"
 }
--- a/home/.config/niri/config.kdl
+++ b/home/.config/niri/config.kdl
@@ -0,0 +1,308 @@
 include "dms/alttab.kdl"
 include "dms/binds.kdl"
 include "dms/colors.kdl"
 include "dms/layout.kdl"
 include "dms/wpblur.kdl"
 input {
    keyboard {
        xkb {
            layout "fr,us(colemak_dh),us"
            options "grp:win_space_toggle"
        }
    }
    touchpad {
        tap
        natural-scroll
    }
    // Make the mouse warp to the center of newly focused windows.
    // warp-mouse-to-focus
    // Focus windows and outputs automatically when moving the mouse into them.
    // Setting max-scroll-amount="0%" makes it work only on windows already fully on screen.
    focus-follows-mouse max-scroll-amount="0%"
 }
 output "eDP-1" {
    mode "1920x1080@60.049"
    scale 1
    position x=360 y=1440
 }
 output "HDMI-A-1" {
    mode "3840x2160@60.000"
    scale 1.5
    position x=0 y=0
 }
 layout {
    gaps 8
    center-focused-column "never"
    // You can customize the widths that "switch-preset-column-width" (Mod+R) toggles between.
    preset-column-widths {
        // Proportion sets the width as a fraction of the output width, taking gaps into account.
        // For example, you can perfectly fit four windows sized "proportion 0.25" on an output.
        // The default preset widths are 1/3, 1/2 and 2/3 of the output.
        proportion 0.33333
        proportion 0.5
        proportion 0.66667
        // Fixed sets the width in logical pixels exactly.
        // fixed 1920
    }
    // You can also customize the heights that "switch-preset-window-height" (Mod+Shift+R) toggles between.
    // preset-window-heights { }
    // You can change the default width of the new windows.
    default-column-width { proportion 0.5; }
    // If you leave the brackets empty, the windows themselves will decide their initial width.
 }
 prefer-no-csd
 cursor {
    hide-when-typing
 }
 window-rule {
    match app-id=r#"^firefox$"#
    open-maximized true
    focus-ring {
        off
    }
 }
 window-rule {
    match app-id=r#"^thunderbird$"#
    open-maximized true
    focus-ring {
        off
    }
 }
 // Open the Firefox picture-in-picture player as floating by default.
 window-rule {
    // This app-id regular expression will work for both:
    // - host Firefox (app-id is "firefox")
    // - Flatpak Firefox (app-id is "org.mozilla.firefox")
    match app-id=r#"firefox$"# title="^Picture-in-Picture$"
    open-floating true
 }
 binds {
    // Keys consist of modifiers separated by + signs, followed by an XKB key name
    // in the end. To find an XKB name for a particular key, you may use a program
    // like wev.
    //
    // "Mod" is a special modifier equal to Super when running on a TTY, and to Alt
    // when running as a winit window.
    //
    // Most actions that you can bind here can also be invoked programmatically with
    // `niri msg action do-something`.
    // Show a list of important hotkeys.
    Mod+Shift+Comma { show-hotkey-overlay; }
    // Suggested binds for running programs: terminal, app launcher, screen locker.
    Mod+Return { spawn "ghostty" "+new-window"; }
    // Mod+D { spawn "dms" "ipc" "call" "spotlight" "toggle"; }
    Mod+D { spawn "vicinae" "toggle"; }
    Super+Alt+L hotkey-overlay-title="Lock session" { spawn "loginctl" "lock-session"; }
    XF86AudioPlay { spawn "playerctl" "play-pause"; }
    XF86AudioNext { spawn "playerctl" "next"; }
    XF86AudioPrev { spawn "playerctl" "previous"; }
    XF86Search    { spawn "tofi-drun" "--drun-launch=true"; }
    Mod+W { close-window; }
    Mod+Left  { focus-column-left; }
    Mod+Down  { focus-window-down; }
    Mod+Up    { focus-window-up; }
    Mod+Right { focus-column-right; }
    Mod+H     { focus-column-left; }
    Mod+J     { focus-window-down; }
    Mod+K     { focus-window-up; }
    Mod+L     { focus-column-right; }
    Mod+Ctrl+Left  { move-column-left; }
    Mod+Ctrl+Down  { move-window-down; }
    Mod+Ctrl+Up    { move-window-up; }
    Mod+Ctrl+Right { move-column-right; }
    Mod+Ctrl+H     { move-column-left; }
    Mod+Ctrl+J     { move-window-down; }
    Mod+Ctrl+K     { move-window-up; }
    Mod+Ctrl+L     { move-column-right; }
    // Alternative commands that move across workspaces when reaching
    // the first or last window in a column.
    // Mod+J     { focus-window-or-workspace-down; }
    // Mod+K     { focus-window-or-workspace-up; }
    // Mod+Ctrl+J     { move-window-down-or-to-workspace-down; }
    // Mod+Ctrl+K     { move-window-up-or-to-workspace-up; }
    Mod+Home { focus-column-first; }
    Mod+End  { focus-column-last; }
    Mod+Ctrl+Home { move-column-to-first; }
    Mod+Ctrl+End  { move-column-to-last; }
    Mod+Shift+Left  { focus-monitor-left; }
    Mod+Shift+Down  { focus-monitor-down; }
    Mod+Shift+Up    { focus-monitor-up; }
    Mod+Shift+Right { focus-monitor-right; }
    Mod+Shift+H     { focus-monitor-left; }
    Mod+Shift+J     { focus-monitor-down; }
    Mod+Shift+K     { focus-monitor-up; }
    Mod+Shift+L     { focus-monitor-right; }
    Mod+Shift+Ctrl+Left  { move-column-to-monitor-left; }
    Mod+Shift+Ctrl+Down  { move-column-to-monitor-down; }
    Mod+Shift+Ctrl+Up    { move-column-to-monitor-up; }
    Mod+Shift+Ctrl+Right { move-column-to-monitor-right; }
    Mod+Shift+Ctrl+H     { move-column-to-monitor-left; }
    Mod+Shift+Ctrl+J     { move-column-to-monitor-down; }
    Mod+Shift+Ctrl+K     { move-column-to-monitor-up; }
    Mod+Shift+Ctrl+L     { move-column-to-monitor-right; }
    // Alternatively, there are commands to move just a single window:
    // Mod+Shift+Ctrl+Left  { move-window-to-monitor-left; }
    // ...
    // And you can also move a whole workspace to another monitor:
    // Mod+Shift+Ctrl+Left  { move-workspace-to-monitor-left; }
    // ...
    Mod+Page_Down      { focus-workspace-down; }
    Mod+Page_Up        { focus-workspace-up; }
    Mod+U              { focus-workspace-down; }
    Mod+I              { focus-workspace-up; }
    Mod+Ctrl+Page_Down { move-column-to-workspace-down; }
    Mod+Ctrl+Page_Up   { move-column-to-workspace-up; }
    Mod+Ctrl+U         { move-column-to-workspace-down; }
    Mod+Ctrl+I         { move-column-to-workspace-up; }
    // Alternatively, there are commands to move just a single window:
    // Mod+Ctrl+Page_Down { move-window-to-workspace-down; }
    // ...
    Mod+Shift+Page_Down { move-workspace-down; }
    Mod+Shift+Page_Up   { move-workspace-up; }
    Mod+Shift+U         { move-workspace-down; }
    Mod+Shift+I         { move-workspace-up; }
    // You can bind mouse wheel scroll ticks using the following syntax.
    // These binds will change direction based on the natural-scroll setting.
    //
    // To avoid scrolling through workspaces really fast, you can use
    // the cooldown-ms property. The bind will be rate-limited to this value.
    // You can set a cooldown on any bind, but it's most useful for the wheel.
    Mod+WheelScrollDown      cooldown-ms=150 { focus-workspace-down; }
    Mod+WheelScrollUp        cooldown-ms=150 { focus-workspace-up; }
    Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; }
    Mod+Ctrl+WheelScrollUp   cooldown-ms=150 { move-column-to-workspace-up; }
    Mod+WheelScrollRight      { focus-column-right; }
    Mod+WheelScrollLeft       { focus-column-left; }
    Mod+Ctrl+WheelScrollRight { move-column-right; }
    Mod+Ctrl+WheelScrollLeft  { move-column-left; }
    // Usually scrolling up and down with Shift in applications results in
    // horizontal scrolling; these binds replicate that.
    Mod+Shift+WheelScrollDown      { focus-column-right; }
    Mod+Shift+WheelScrollUp        { focus-column-left; }
    Mod+Ctrl+Shift+WheelScrollDown { move-column-right; }
    Mod+Ctrl+Shift+WheelScrollUp   { move-column-left; }
    // You can refer to workspaces by index. However, keep in mind that
    // niri is a dynamic workspace system, so these commands are kind of
    // "best effort". Trying to refer to a workspace index bigger than
    // the current workspace count will instead refer to the bottommost
    // (empty) workspace.
    //
    // For example, with 2 workspaces + 1 empty, indices 3, 4, 5 and so on
    // will all refer to the 3rd workspace.
    Mod+ampersand { focus-workspace 1; }
    Mod+2 { focus-workspace 2; }
    Mod+quotedbl { focus-workspace 3; }
    Mod+apostrophe { focus-workspace 4; }
    Mod+parenleft { focus-workspace 5; }
    Mod+minus { focus-workspace 6; }
    Mod+7 { focus-workspace 7; }
    Mod+underscore { focus-workspace 8; }
    Mod+9 { focus-workspace 9; }
    Mod+Ctrl+1 { move-column-to-workspace 1; }
    Mod+Ctrl+2 { move-column-to-workspace 2; }
    Mod+Ctrl+3 { move-column-to-workspace 3; }
    Mod+Ctrl+4 { move-column-to-workspace 4; }
    Mod+Ctrl+5 { move-column-to-workspace 5; }
    Mod+Ctrl+6 { move-column-to-workspace 6; }
    Mod+Ctrl+7 { move-column-to-workspace 7; }
    Mod+Ctrl+8 { move-column-to-workspace 8; }
    Mod+Ctrl+9 { move-column-to-workspace 9; }
    // Switches focus between the current and the previous workspace.
    Mod+Tab { focus-workspace-previous; }
    // The following binds move the focused window in and out of a column.
    // If the window is alone, they will consume it into the nearby column to the side.
    // If the window is already in a column, they will expel it out.
    Mod+BracketLeft  { consume-or-expel-window-left; }
    Mod+BracketRight { consume-or-expel-window-right; }
    // Consume one window from the right to the bottom of the focused column.
    Mod+Comma  { consume-window-into-column; }
    // Expel the bottom window from the focused column to the right.
    Mod+Semicolon { expel-window-from-column; }
    Mod+R { switch-preset-column-width; }
    Mod+Shift+R { switch-preset-window-height; }
    Mod+Ctrl+R { reset-window-height; }
    Mod+F { maximize-column; }
    Mod+Shift+F { fullscreen-window; }
    Mod+C { center-column; }
    Mod+Escape { toggle-overview; }
    // Finer height adjustments when in column with other windows.
    Mod+Shift+Minus { set-window-height "-10%"; }
    Mod+Shift+Equal { set-window-height "+10%"; }
    // Move the focused window between the floating and the tiling layout.
    Mod+V       { toggle-window-floating; }
    Mod+Shift+V { switch-focus-between-floating-and-tiling; }
    Print { screenshot; }
    Ctrl+Print { screenshot-screen; }
    Alt+Print { screenshot-window; }
    // The quit action will show a confirmation dialog to avoid accidental exits.
    Mod+Shift+E { quit; }
    Ctrl+Alt+Delete { quit; }
    // Powers off the monitors. To turn them back on, do any input like
    // moving the mouse or pressing any other key.
    Mod+Shift+P { power-off-monitors; }
    Mod+N hotkey-overlay-title="Open notes" {
        spawn-sh "ghostty -e hx --working-dir ~/notes ~/notes/notes.dj:9999";
    }
 }
 screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png"
 spawn-at-startup "kdeconnect-indicator"
 spawn-at-startup "~/rep/flocon/home/bin/monitor-dark-mode.sh"
 spawn-at-startup "xwayland-satellite"
 environment {
    DISPLAY ":0"
 }
 hotkey-overlay {
    skip-at-startup
 }
--- a/home/.config/niri/dms/alttab.kdl
+++ b/home/.config/niri/dms/alttab.kdl
@@ -0,0 +1,5 @@
 recent-windows {
    highlight {
        corner-radius 12
    }
 }
--- a/home/.config/niri/dms/binds.kdl
+++ b/home/.config/niri/dms/binds.kdl
@@ -0,0 +1,55 @@
 binds {
    Mod+Shift+D hotkey-overlay-title="Application Launcher" { 
        spawn "dms" "ipc" "call" "spotlight" "toggle"; 
    }
    Mod+V hotkey-overlay-title="Clipboard Manager" { 
        spawn "dms" "ipc" "call" "clipboard" "toggle"; 
    }
    Mod+M hotkey-overlay-title="Task Manager" { 
        spawn "dms" "ipc" "call" "processlist" "toggle"; 
    }
    Mod+Comma hotkey-overlay-title="Settings" { 
        spawn "dms" "ipc" "call" "settings" "toggle"; 
    }
    Mod+N hotkey-overlay-title="Notification Center" {
        spawn "dms" "ipc" "call" "notifications" "toggle"; 
    }
    Mod+Shift+N hotkey-overlay-title="Notepad" {
      spawn "dms" "ipc" "call" "notepad" "toggle";  
    }
    Mod+Alt+L hotkey-overlay-title="Lock Screen" { 
        spawn "dms" "ipc" "call" "lock" "lock"; 
    }
    Ctrl+Alt+Delete hotkey-overlay-title="Task Manager" { 
        spawn "dms" "ipc" "call" "processlist" "toggle"; 
    }    
    // Audio
    XF86AudioRaiseVolume allow-when-locked=true {
        spawn "dms" "ipc" "call" "audio" "increment" "3";
    }
    XF86AudioLowerVolume allow-when-locked=true {
        spawn "dms" "ipc" "call" "audio" "decrement" "3";
    }
    XF86AudioMute allow-when-locked=true {
        spawn "dms" "ipc" "call" "audio" "mute";
    }
    XF86AudioMicMute allow-when-locked=true {
        spawn "dms" "ipc" "call" "audio" "micmute";
    }
    // BL
    XF86MonBrightnessUp allow-when-locked=true {
       spawn "dms" "ipc" "call" "brightness" "increment" "5" "";
    }
    XF86MonBrightnessDown allow-when-locked=true {
       spawn "dms" "ipc" "call" "brightness" "decrement" "5" "";
    }  
 }
--- a/home/.config/niri/dms/colors.kdl
+++ b/home/.config/niri/dms/colors.kdl
@@ -0,0 +1,36 @@
 layout {
    background-color "transparent"
    focus-ring {
        active-color   "#5c5891"
        inactive-color "#787680"
        urgent-color   "#ba1a1a"
    }
    border {
        active-color   "#5c5891"
        inactive-color "#787680"
        urgent-color   "#ba1a1a"
    }
    shadow {
        color "#00000070"
    }
    tab-indicator {
        active-color   "#5c5891"
        inactive-color "#787680"
        urgent-color   "#ba1a1a"
    }
    insert-hint {
        color "#5c589180"
    }
 }
 recent-windows {
    highlight {
        active-color   "#444078"
        urgent-color   "#ba1a1a"
    }
 }
--- a/home/.config/niri/dms/layout.kdl
+++ b/home/.config/niri/dms/layout.kdl
@@ -0,0 +1,17 @@
 layout {
    gaps 4
    border {
        width 2
    }
    focus-ring {
        width 2
    }
 }
 window-rule {
    geometry-corner-radius 12
    clip-to-geometry true
    tiled-state true
    draw-border-with-background false
 }
--- a/home/.config/niri/dms/wpblur.kdl
+++ b/home/.config/niri/dms/wpblur.kdl
@@ -0,0 +1,4 @@
 layer-rule {
    match namespace="dms:blurwallpaper"
    place-within-backdrop true
 }
--- a/home/.config/nushell/config.nu
+++ b/home/.config/nushell/config.nu
@@ -0,0 +1,9 @@
 alias ls = eza
 alias ll = eza -l
 alias lla = eza -la
 alias h = hx
 alias g = git
 # Load starship prompt
 mkdir ($nu.data-dir | path join "vendor/autoload")
 starship init nu | save -f ($nu.data-dir | path join "vendor/autoload/starship.nu")
--- a/home/.config/senpai/senpai.scfg
+++ b/home/.config/senpai/senpai.scfg
@@ -0,0 +1,4 @@
 address chat.sr.ht
 nickname rpqt
 username rpqt
 password-cmd pass show oauth/sr.ht-senpai-irc
--- a/home/.config/sh/aliases.sh
+++ b/home/.config/sh/aliases.sh
@@ -0,0 +1,24 @@
 alias dotfiles="/usr/bin/git --git-dir=$HOME/.dotfiles/ --work-tree=$HOME"
 alias dots=dotfiles
 if command -v helix >/dev/null; then
  alias h='helix'
 else
  alias h='hx'
 fi
 if command -v eza >/dev/null; then
  alias ls='eza'
 else
  alias ls='ls --color -h'
 fi
 alias lsa='ls -A'
 alias ll='ls -l'
 alias lla='ls -lA'
 alias ..='cd ..'
 alias ...='cd ../..'
 alias bt='bluetoothctl'
 alias go='GOPROXY=direct go'
 alias ts='tree-sitter'
 alias g='git'
 alias c='cargo'
 alias MAKE='make clean && make'
 alias n='myrtle --notebook-dir=$HOME/notes'
--- a/home/.config/sh/path.sh
+++ b/home/.config/sh/path.sh
@@ -0,0 +1,4 @@
 #!/bin/sh
 # Personnal scripts
 export PATH="$PATH:$HOME/bin"
--- a/home/.config/sway/config
+++ b/home/.config/sway/config
@@ -0,0 +1,2 @@
 include ~/.config/sway/config.d/*
 include /etc/sway/config.d/*
--- a/home/.config/sway/config.d/bar
+++ b/home/.config/sway/config.d/bar
@@ -0,0 +1,37 @@
 include ~/.config/sway/kanagawa.sway
 set $font "JetBrains Mono NF Bold 12"
 set $background #000000
 bar {
 	id top_bar
 	status_command i3status-rs
 	position top
 	height 24
 	font $font
 	workspace_min_width 20
 	status_padding 0
 	status_edge_padding 0
 	colors {
 		background $background
 		focused_workspace #000000 #000000 $fujiWhite
 		active_workspace #000000 #000000 $fujiGray
 		inactive_workspace #000000 #000000 $fujiGray
 	}
 }
 bar {
 	id bottom_bar
 	status_command i3status-rs ~/.config/i3status-rust/bottom-config.toml
 	position bottom
 	height 24
 	font $font
 	workspace_buttons no
 	binding_mode_indicator no
 	tray_output none
 	colors {
 		background $background
 	}
 }
 # vim:ft=swayconfig
--- a/home/.config/sway/config.d/bindings
+++ b/home/.config/sway/config.d/bindings
@@ -0,0 +1,169 @@
 set $mod Mod4
 set $left h
 set $down j
 set $up k
 set $right l
 set $term alacritty msg create-window || alacritty
 set $launcher tofi-drun | xargs swaymsg exec --
 set $lock swaylock
 set $screenshots $HOME/Pictures/Screenshots
 floating_modifier $mod normal
 bindsym {
    # Start a terminal
    $mod+Return exec $term
    # Kill focused window
    $mod+Shift+q kill
 		$mod+w       kill
    # Application launcher
    $mod+d exec $launcher
    # Reload the configuration file
    $mod+Shift+c reload
    # Exit sway / log out
    $mod+Shift+e exec swaynag \
 		-t warning \
 		-m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' \
 		-B 'Yes, exit sway' 'swaymsg exit' \
 		--dismiss-button 'Cancel'
    # Move focus
    $mod+$left  focus left
    $mod+$down  focus down
    $mod+$up    focus up
    $mod+$right focus right
    $mod+Left   focus left
    $mod+Down   focus down
    $mod+Up     focus up
    $mod+Right  focus right
    # Move the focused window
    $mod+Shift+$left  move left
    $mod+Shift+$down  move down
    $mod+Shift+$up    move up
    $mod+Shift+$right move right
    $mod+Shift+Left  move left
    $mod+Shift+Down  move down
    $mod+Shift+Up    move up
    $mod+Shift+Right move right
 	--to-code {
 		# Switch to workspace
 		$mod+ampersand  workspace number 1
 		$mod+eacute     workspace number 2
 		$mod+quotedbl   workspace number 3
 		$mod+apostrophe workspace number 4
 		$mod+parenleft  workspace number 5
 		$mod+minus      workspace number 6
 		$mod+egrave     workspace number 7
 		$mod+underscore workspace number 8
 		$mod+ccedilla   workspace number 9
 		$mod+agrave     workspace number 10
 	}
 	# Move focused container to workspace
 	$mod+1 move container to workspace number 1
 	$mod+2 move container to workspace number 2
 	$mod+3 move container to workspace number 3
 	$mod+4 move container to workspace number 4
 	$mod+5 move container to workspace number 5
 	$mod+6 move container to workspace number 6
 	$mod+7 move container to workspace number 7
 	$mod+8 move container to workspace number 8
 	$mod+9 move container to workspace number 9
 	$mod+0 move container to workspace number 10
 	$mod+Shift+1 move container to workspace number 1
 	$mod+Shift+2 move container to workspace number 2
 	$mod+Shift+3 move container to workspace number 3
 	$mod+Shift+4 move container to workspace number 4
 	$mod+Shift+5 move container to workspace number 5
 	$mod+Shift+6 move container to workspace number 6
 	$mod+Shift+7 move container to workspace number 7
 	$mod+Shift+8 move container to workspace number 8
 	$mod+Shift+9 move container to workspace number 9
 	$mod+Shift+0 move container to workspace number 10
    # Split
    $mod+b splith
    $mod+v splitv
    # Switch the current container between different layout styles
    $mod+s layout stacking
    $mod+t layout tabbed
    $mod+m layout toggle split
    # Toggle fullscreen on the current focus
    $mod+f fullscreen
    # Toggle floating mode for current container
    $mod+Shift+f floating toggle
    # Move focus to the parent container
    $mod+a focus parent
    # Move the focused window to the scratchpad
    $mod+Shift+equal move scratchpad
 	# Cycle through scratchpad windows
    $mod+equal scratchpad show
 	# Volume
 	XF86AudioRaiseVolume exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ -l 1.0
 	XF86AudioLowerVolume exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%- -l 1.0
 	XF86AudioMute        exec wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle
 	XF86AudioMicMute     exec wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle
 	# Media
 	XF86AudioPlay exec playerctl play-pause
 	XF86AudioNext exec playerctl next
 	XF86AudioPrev exec playerctl previous
 	XF86Search    exec $launcher
 	# Brightness
 	--locked {
 		XF86MonBrightnessDown exec brightnessctl set 5%-
 		XF86MonBrightnessUp   exec brightnessctl set +5%
 	}
 	# Lock
 	Ctrl+Mod4+L exec $lock
 	# Screenshot
 	## Full screen capture
 	Print             exec grim "$screenshots/$(date +\"Screenshot from %Y-%m-%d %H-%M-%S.png\")"
 	## Select a zone and save
 	$mod+Shift+s      exec grim -g "$(slurp -d)" "$screenshots/$(date +\"Screenshot from %Y-%m-%d %H-%M-%S.png\")"
 	## Select a zone and copy to clipboard
 	$mod+Shift+Ctrl+s exec grim -g "$(slurp -d)" - | wl-copy
 }
 mode "resize" bindsym {
 		# Shrink or grow the container
 		$left resize shrink width 10px
 	    $down resize grow height 10px
 	    $up resize shrink height 10px
 	    $right resize grow width 10px
 	    # Same with arrow keys
 	    Left resize shrink width 10px
 	    Down resize grow height 10px
 	    Up resize shrink height 10px
 	    Right resize grow width 10px
 	    # Return to default mode
 	    Return mode "default"
 	    Escape mode "default"
 }
 bindsym $mod+r mode "resize"
--- a/home/.config/sway/config.d/input
+++ b/home/.config/sway/config.d/input
@@ -0,0 +1,17 @@
 input "1267:12613:ASUE140C:00_04F3:3145_Keyboard" {
    xkb_layout "fr,us(colemak_dh),us"
 	xkb_options grp:win_space_toggle
 }
 input "1:1:AT_Translated_Set_2_keyboard" {
    xkb_layout "fr,us(colemak_dh),us"
 	xkb_options grp:win_space_toggle
 }
 input type:touchpad {
    tap enabled
    natural_scroll enabled
 }
 bindgesture swipe:right workspace prev
 bindgesture swipe:left workspace next
--- a/home/.config/sway/config.d/programs
+++ b/home/.config/sway/config.d/programs
@@ -0,0 +1,16 @@
 # Directory for received taildrop files
 set $taildrop_inbox $HOME/Downloads
 # Screen temperature
 exec wlsunset -l 45 -L 6
 # Notifications
 exec mako
 # Output management
 exec kanshi
 # Auto receive taildrop files
 exec tailscale file get --loop --conflict=rename $taildrop_inbox
 exec swayidle -w
--- a/home/.config/sway/config.d/theme
+++ b/home/.config/sway/config.d/theme
@@ -0,0 +1,22 @@
 include ~/.config/sway/kanagawa.sway
 default_border pixel 3
 smart_borders on
 titlebar_border_thickness 2
 font "JetBrains Mono NF 11"
 gaps outer 0
 gaps inner 0
 set $waveBlue3 #3D5F77
 set $waveBlue4 #6D8FA7
 # class                  border     background text       indicator  child_border
 client.focused_inactive  $sumiInk2  $sumiInk1  $fujiWhite $sumiInk2  $sumiInk2
 client.unfocused         $sumiInk2  $sumiInk1  $fujiWhite $sumiInk2  $sumiInk2
 client.focused           $waveBlue3 $waveBlue2 $fujiWhite $waveBlue4 $waveBlue2
 client.focused_tab_title $waveBlue2 $waveBlue2 $fujiWhite
 for_window [app_id="firefox"] border none
 output * bg ~/.local/state/wallpaper fill
--- a/home/.config/sway/kanagawa.sway
+++ b/home/.config/sway/kanagawa.sway
@@ -0,0 +1,110 @@
 # Default foreground
 set $fujiWhite      #DCD7BA
 # Dark foreground (statuslines)
 set $oldWhite 	    #C8C093
 # Dark background (statuslines and floating windows)
 set $sumiInk0 	    #16161D
 # Default background
 set $sumiInk1 	    #1F1F28
 # Lighter background (colorcolumn, folds)
 set $sumiInk2 	    #2A2A37
 # Lighter background (cursorline)
 set $sumiInk3 	    #363646
 # Darker foreground (line numbers, fold column, non-text characters), float borders
 set $sumiInk4 	    #54546D
 # Popup background, visual selection background
 set $waveBlue1 	    #223249
 # Popup selection background, search background
 set $waveBlue2 	    #2D4F67
 # Diff Add (background)
 set $winterGreen    #2B3328
 # Diff Change (background)
 set $winterYellow   #49443C
 # Diff Deleted (background)
 set $winterRed 	    #43242B
 # Diff Line (background)
 set $winterBlue     #252535
 # Git Add
 set $autumnGreen    #76946A
 # Git Delete
 set $autumnRed 	    #C34043
 # Git Change
 set $autumnYellow   #DCA561
 # Diagnostic Error
 set $samuraiRed     #E82424
 # Diagnostic Warning
 set $roninYellow    #FF9E3B
 # Diagnostic Info
 set $waveAqua1 	    #6A9589
 # Diagnostic Hint
 set $dragonBlue     #658594
 # Comments
 set $fujiGray 	    #727169
 # Light foreground
 set $springViolet1  #938AA9
 # Statements and Keywords
 set $oniViolet 	    #957FB8
 # Functions and Titles
 set $crystalBlue    #7E9CD8
 # Brackets and punctuation
 set $springViolet2  #9CABCA
 # Specials and builtin functions
 set $springBlue     #7FB4CA
 # Not used
 set $lightBlue 	    #A3D4D5
 # Types
 set $waveAqua2 	    #7AA89F
 # Strings
 set $springGreen    #98BB6C
 # Not used
 set $boatYellow1    #938056
 # Operators, RegEx
 set $boatYellow2    #C0A36E
 # Identifiers
 set $carpYellow     #E6C384
 # Numbers
 set $sakuraPink     #D27E99
 # Standout specials 1 (builtin variables)
 set $waveRed 	    #E46876
 # Standout specials 2 (exception handling, return)
 set $peachRed 	    #FF5D62
 # Constants, imports, booleans
 set $surimiOrange   #FFA066
 # Deprecated
 set $katanaGray     #717C7C
--- a/home/.config/swayidle/config
+++ b/home/.config/swayidle/config
@@ -0,0 +1,10 @@
 # This will lock the screen after 300 seconds of inactivity.
 timeout 300 "swaylock -f"
 # Turn off all displays after another 300 seconds.
 # and turn them back on when resumed.
 timeout 600 "swaymsg 'output * dpms off'" resume "swaymsg 'output * dpms on'"
 # Lock the screen before the computer goes to sleep.
 before-sleep "playerctl pause"
 before-sleep "swaylock -f"
--- a/home/.config/swaylock/config
+++ b/home/.config/swaylock/config
@@ -0,0 +1,29 @@
 daemonize
 font=JetBrains Mono NF
 font-size=22
 image=~/.local/state/wallpaper
 ring-color=FFFFFF55
 ring-clear-color=FFFFFF55
 ring-ver-color=1885d4
 ring-wrong-color=FF0000
 key-hl-color=FFFFFF
 inside-color=00000000
 inside-clear-color=00000000
 inside-ver-color=00000000
 inside-wrong-color=00000000
 line-uses-inside
 separator-color=00000000
 layout-bg-color=00000000
 layout-text-color=FFFFFF
 text-color=FFFFFF
 text-clear-color=FFFFFF
 text-ver-color=FFFFFF
 text-wrong-color=FFFFFF
 indicator-radius=100
--- a/home/.config/task/taskrc
+++ b/home/.config/task/taskrc
@@ -0,0 +1,4 @@
 data.location=~/.local/share/task
 hooks.location=~/.config/task/hooks
 include ~/.config/task/sync
--- a/home/.config/tofi/config
+++ b/home/.config/tofi/config
@@ -0,0 +1,176 @@
 #
 ### Fonts
 #
 	# Font to use, either a path to a font file or a name.
 	#
 	# If a path is given, tofi will startup much quicker, but any
 	# characters not in the chosen font will fail to render.
 	#
 	# Otherwise, fonts are interpreted in Pango format.
 	font = "JetBrainsMono NF"
 	# Point size of text.
 	font-size = 15
 	# Perform font hinting. Only applies when a path to a font has been
 	# specified via `font`. Disabling font hinting speeds up text
 	# rendering appreciably, but will likely look poor at small font pixel
 	# sizes.
 	hint-font = true
 #
 ### Colors
 #
 	# Window background
 	background-color = #111111DD
 	# Border outlines
 	outline-color = #080800
 	# Border
 	border-color = #0981E3
 	# Default text
 	text-color = #C5C9C7
 	# Selection text
 	selection-color = #0981E3
 	# Matching portion of selection text
 	selection-match-color = #44BBFF
 	# Selection background
 	selection-background = #00000000
 #
 ### Text layout
 #
 	# Prompt to display.
 	prompt-text = "run: "
 	# Extra horizontal padding between prompt and input.
 	prompt-padding = 0
 	# Maximum number of results to display.
 	# If 0, tofi will draw as many results as it can fit in the window.
 	num-results = 0
 	# Spacing between results in pixels. Can be negative.
 	result-spacing = 8
 	# List results horizontally.
 	horizontal = false
 	# Minimum width of input in horizontal mode.
 	min-input-width = 0
 	# Extra horizontal padding of the selection background in pixels.
 	selection-background-padding = 0
 #
 ### Window layout
 #
 	# Width and height of the window. Can be pixels or a percentage.
 	width = 100%
 	height = 100%
 	# Width of the border outlines in pixels.
 	outline-width = 0
 	# Width of the border in pixels.
 	border-width = 0
 	# Radius of window corners in pixels.
 	corner-radius = 0
 	# Padding between borders and text. Can be pixels or a percentage.
 	padding-top = 200
 	padding-bottom = 0
 	padding-left = 35%
 	padding-right = 0
 	# Whether to scale the window by the output's scale factor.
 	scale = true
 #
 ### Window positioning
 #
 	# The name of the output to appear on. An empty string will use the
 	# default output chosen by the compositor.
 	output = ""
 	# Location on screen to anchor the window to.
 	#
 	# Supported values: top-left, top, top-right, right, bottom-right,
 	# bottom, bottom-left, left, center.
 	anchor = center
 	# Set the size of the exclusive zone.
 	#
 	# A value of -1 means ignore exclusive zones completely.
 	# A value of 0 will move tofi out of the way of other windows' zones.
 	# A value greater than 0 will set that much space as an exclusive zone.
 	#
 	# Values greater than 0 are only meaningful when tofi is anchored to a
 	# single edge.
 	exclusive-zone = -1
 	# Window offset from edge of screen. Only has an effect when anchored
 	# to the relevant edge. Can be pixels or a percentage.
 	margin-top = 0
 	margin-bottom = 0
 	margin-left = 0
 	margin-right = 0
 #
 ### Behaviour
 #
 	# Hide the cursor.
 	hide-cursor = false
 	# Sort results by number of usages in run and drun modes.
 	history = true
 	# Use fuzzy matching for searches.
 	fuzzy-match = false
 	# If true, require a match to allow a selection to be made. If false,
 	# making a selection with no matches will print input to stdout.
 	# In drun mode, this is always true.
 	require-match = true
 	# If true, typed input will be hidden, and what is displayed (if
 	# anything) is determined by the hidden-character option.
 	hide-input = false
 	# Replace displayed input characters with a character. If the empty
 	# string is given, input will be completely hidden.
 	# This option only has an effect when hide-input is set to true.
 	hidden-character = "*"
 	# If true, directly launch applications on selection when in drun mode.
 	# Otherwise, just print the command line to stdout.
 	drun-launch = false
 	# The terminal to run terminal programs in when in drun mode.
 	# This option has no effect if drun-launch is set to true.
 	# Defaults to the value of the TERMINAL environment variable.
 	# terminal = foot
 	# Delay keyboard initialisation until after the first draw to screen.
 	# This option is experimental, and will cause tofi to miss keypresses
 	# for a short time after launch. The only reason to use this option is
 	# performance on slow systems.
 	late-keyboard-init = false
 	# If true, allow multiple simultaneous processes.
 	# If false, create a lock file on startup to prevent multiple instances
 	# from running simultaneously.
 	multi-instance = false
 #
 ### Inclusion
 #
 	# Configs can be split between multiple files, and then included
 	# within each other.
 	# include = /path/to/config
--- a/home/.config/vicinae/vicinae.json
+++ b/home/.config/vicinae/vicinae.json
@@ -0,0 +1,23 @@
 {
    "closeOnFocusLoss": false,
    "considerPreedit": false,
    "faviconService": "twenty",
    "font": {
        "size": 12
    },
    "keybinding": "default",
    "keybinds": {
    },
    "popToRootOnClose": true,
    "rootSearch": {
        "searchFiles": true
    },
    "theme": {
        "name": "matugen"
    },
    "window": {
        "csd": true,
        "opacity": 1,
        "rounding": 10
    }
 }
--- a/home/.config/zsh/haze.zsh
+++ b/home/.config/zsh/haze.zsh
@@ -0,0 +1,2 @@
 # Highlight the executable in green if it is found
 source /usr/share/zsh/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.plugin.zsh
--- a/home/.config/zsh/hooks.sh
+++ b/home/.config/zsh/hooks.sh
@@ -0,0 +1,30 @@
 # Hook direnv if present
 if command -v direnv >/dev/null; then
  eval "$(direnv hook zsh)"
 fi
 # Prompt
 if command -v starship >/dev/null; then
  source <(starship init zsh)
 fi
 # Load opam config if present
 if [ -r ~/.opam/opam-init/init.zsh ]; then
  source ~/.opam/opam-init/init.zsh  > /dev/null 2> /dev/null
 fi
 # Launch atuin if it is installed
 if command -v atuin >/dev/null; then
  eval "$(atuin init zsh)"
 fi
 # Set ls/tree/fd theme using vivid if it is installed
 if command -v vivid >/dev/null; then
  export LS_COLORS="$(vivid generate gruvbox-dark-hard)"
 fi
 # Init zoxide if present and alias cd to it
 if command -v zoxide >/dev/null; then
  eval "$(zoxide init zsh)"
  alias cd=z
 fi
--- a/home/.gitignore
+++ b/home/.gitignore
@@ -0,0 +1 @@
 !/.config
--- a/home/.ssh/config
+++ b/home/.ssh/config
@@ -0,0 +1,11 @@
 Host crocus
 	HostName crocus.home.rpqt.fr
 	User root
 Host verbena
 	HostName verbena.home.rpqt.fr
 	User root
 Host genepi
 	HostName genepi.home.rpqt.fr
 	User root
--- a/home/.zshrc
+++ b/home/.zshrc
@@ -0,0 +1,27 @@
 # Path
 source ~/.config/sh/path.sh
 # Aliases
 source ~/.config/sh/aliases.sh
 # Completion
 autoload -Uz compinit
 compinit
 # sudo completion
 zstyle ':completion::complete:*' gain-privileges 1
 # Line movement with special keys
 bindkey "^[[H" beginning-of-line
 bindkey "^[[F" end-of-line
 bindkey "^[[3~" delete-char
 source ~/.config/zsh/hooks.sh
 if [ -r ~/.profile ]; then
  source ~/.profile
 fi
 # Load machine-specific config
 if [ -r ~/.config/zsh/$HOST.zsh ]; then
  source ~/.config/zsh/$HOST.zsh
 fi
--- a/home/bin/monitor-dark-mode.sh
+++ b/home/bin/monitor-dark-mode.sh
@@ -0,0 +1,4 @@
 #!/usr/bin/env sh
 gsettings monitor org.gnome.desktop.interface color-scheme \
  | xargs -L1 "${HOME}/rep/flocon/home/bin/switch-helix-theme.sh"
--- a/home/bin/switch-helix-theme.sh
+++ b/home/bin/switch-helix-theme.sh
@@ -0,0 +1,15 @@
 #!/usr/bin/env bash
 set -euox pipefail
 HELIX_CONFIG_PATH=$(readlink -f "${HOME}/.config/helix/config.toml")
 HELIX_THEME_LIGHT="zed_onelight"
 HELIX_THEME_DARK="kanagawa"
 if [[ "$2" == "prefer-dark" ]]; then
  sed -i "s/^theme .*/theme = \"$HELIX_THEME_DARK\"/" "$HELIX_CONFIG_PATH"
 else
  sed -i "s/^theme .*/theme = \"$HELIX_THEME_LIGHT\"/" "$HELIX_CONFIG_PATH"
 fi
 pkill -USR1 hx || true
--- a/home/desktop/gnome.nix
+++ b/home/desktop/gnome.nix
@@ -1,7 +0,0 @@
 { pkgs, ... }:
 {
  home.packages = with pkgs.gnomeExtensions; [
    blur-my-shell
    paperwm
  ];
 }
--- a/home/desktop/niri.nix
+++ b/home/desktop/niri.nix
@@ -1,5 +0,0 @@
 { config, ... }:
 {
  xdg.configFile."i3bar-river".source = "${config.dotfiles.path}/.config/i3bar-river";
  xdg.configFile."niri".source = "${config.dotfiles.path}/.config/niri";
 }
--- a/home/helix.nix
+++ b/home/helix.nix
@@ -1,12 +0,0 @@
 { config, pkgs, ... }:
 {
  home.packages = [ pkgs.helix ];
  programs.helix = {
    enable = true;
    defaultEditor = true;
  };
  xdg.configFile."helix".source = "${config.dotfiles.path}/.config/helix";
 }
--- a/infra/.terraform.lock.hcl
+++ b/infra/.terraform.lock.hcl
@@ -21,24 +21,63 @@ provider "registry.opentofu.org/go-gandi/gandi" {
  ]
 }
-provider "registry.opentofu.org/hetznercloud/hcloud" {
+provider "registry.opentofu.org/hashicorp/assert" {
-  version     = "1.49.1"
+  version = "0.16.0"
  constraints = "~> 1.45"
  hashes = [
-    "h1:FKGRNHVbcfQJd8EWrb8Ze5QHkaGr8zI+ZKxBMjvOwPk=",
+    "h1:2jeV46S9jN2rk0GXOa+HGNlVvyWzaB3wz0T65elbjOc=",
-    "zh:3d5f9773da4f8203cf625d04a5a0e4ff7e202684c010a801a945756140c61cde",
+    "zh:3c04d08d1bb4ae810b7972a219c8dd42a8ab901a9bc25197b250c38f3fa57033",
-    "zh:446305d492017cda91e5c15122ec16ff15bfe3ef4d3fd6bcea0cdf7742ab1b86",
+    "zh:46119bcc47b545809c0ee873a72d44f4f875cca4d7228605f5c7a8956a5e7d55",
-    "zh:44d4f9156ed8b4f0444bd4dc456825940be49048828565964a192286d28c9f20",
+    "zh:511949ee8a6ac8ff7296b4c9778deb2aec2783f5b85c4f27382a3b623fc50a4a",
-    "zh:492ad893d2f89bb17c9beb877c8ceb4a16caf39db1a79030fefeada6c7aa217f",
+    "zh:b4ebb8b832bae26443880d2e17493f754495db2d6c3f02c6d0070cbf5ae21598",
-    "zh:68dc552c19ad9d209ec6018445df6e06fb77a637513a53cc66ddce1b024082be",
+    "zh:bebed6c1873871eb824103f08e72055c077f01b10a40944760d19ffdd721d9ab",
-    "zh:7492495ffda6f6c49ab38b539bd2eb965b1150a63fb6b191a27dec07d17601cb",
+    "zh:e412855fd2fd81e0a847e45308bdbac99995315c503fdddf262ee59e1b7c5263",
-    "zh:850fe92005981ea00db86c3e49ba5b49732fdf1f7bd5530a68f6e272847059fc",
+    "zh:ed47c4fe28c6f148f11fa4098516abea008c49fa670c3cedd2ff94596cac0831",
-    "zh:8cb67f744c233acfb1d68a6c27686315439d944edf733b95f113b4aa63d86713",
+    "zh:edee914b1d12ac6db241a1fecaa5186c47f361f4ceb2deb23ad45d67bf95c7b1",
-    "zh:8e13dac46e8c2497772ed1baee701b1d1c26bcc95a63b5c4566c83468f504868",
+    "zh:eff5b2e1c2128217bdbc600eda4fe011831e5c655bf4acd84b6495fc20d128d3",
-    "zh:c44249c6a8ba931e208a334792686b5355ab2da465cadea03c1ea8e73c02db12",
+    "zh:ff64424784171a3361b1ea95d8cef334ec1c4a395812edd0a77a1ed6b4119b0f",
-    "zh:d103125a28a85c89aea0cb0c534fe3f504416c4d4fc75c37364b9ec5f66dd77d",
+  ]
-    "zh:ed8f64e826aa9bfca95b72892271678cb78411b40d7b404a52404141e05a4ab1",
+}
-    "zh:f40efad816de00b279bd1e2cbf62c76b0e5b2da150a0764f259984b318e30945",
+
-    "zh:f5e912d0873bf4ecc43feba4ceccdf158048080c76d557e47f34749139fdd452",
+provider "registry.opentofu.org/hetznercloud/hcloud" {
  version     = "1.52.0"
  constraints = "~> 1.45"
  hashes = [
    "h1:LTjrLuC+4F1Kv4TxS9e7LVVkG8/S4QQ7X4ORblvKTbc=",
    "zh:1e9bb6b6a2ea5f441638dbae2d60fbe04ff455f58a18c740b8b7913e2197d875",
    "zh:29c122e404ba331cfbadacc7f1294de5a31c9dfd60bdfe3e1b402271fc8e419c",
    "zh:2bd0ae2f0bb9f16b7753f59a08e57ac7230f9c471278d7882f81406b9426c8c7",
    "zh:4383206971873f6b5d81580a9a36e0158924f5816ebb6206b0cf2430e4e6a609",
    "zh:47e2ca1cfa18500e4952ab51dc357a0450d00a92da9ea03e452f1f3efe6bbf75",
    "zh:8e9fe90e3cea29bb7892b64da737642fc22b0106402df76c228a3cbe99663278",
    "zh:a2d69350a69c471ddb63bcc74e105e585319a0fc0f4d1b7f70569f6d2ece5824",
    "zh:a97abcc254e21c294e2d6b0fc9068acfd63614b097dda365f1c56ea8b0fd5f6b",
    "zh:aba8d72d4fe2e89c922d5446d329e5c23d00b28227b4666e6486ba18ea2ec278",
    "zh:ad36c333978c2d9e4bc43dcadcbff42fe771a8c5ef53d028bcacec8287bf78a7",
    "zh:cdb1e6903b9d2f0ad8845d4eb390fbe724ee2435fb045baeab38d4319e637682",
    "zh:df77b08757f3f36b8aadb33d73362320174047044414325c56a87983f48b5186",
    "zh:e07513d5ad387247092b5ae1c87e21a387fc51873b3f38eee616187e38b090a7",
    "zh:e2be02bdc59343ff4b9e26c3b93db7680aaf3e6ed13c8c4c4b144c74c2689915",
  ]
 }
 provider "registry.opentofu.org/ovh/ovh" {
  version     = "2.5.0"
  constraints = "2.5.0"
  hashes = [
    "h1:CrmFEWjczVhLWc2qzOktKSu8Q0U78uV8fnSHo54lMQg=",
    "zh:1a11c3bc191c3417b41af5c56a66ac7071980f7babb390096b43aab3ac60fe7c",
    "zh:1d46fa7c37468becb01d117463838f694a093e58a9b7d28347db2c377933db76",
    "zh:22b83b15e878a9627477fe49e03dada3f4cd4357cb91cdb621394da690238542",
    "zh:316541fc8bbf2fe14f4a484d878c63e4b949bd21a352e0ebf60d4848c96a338e",
    "zh:50e72847a4b1d532e7abd5669408832ac1b49dcfda266378b8e2419d97f0f49a",
    "zh:7582c8630edb3e83642e7a4b06fababeaf4833ce622c71220c38724d0e0231af",
    "zh:a26714d6bd8e04acbbc94c708b151405c4b6fc20dc7060e0daef8395f1bb9ce0",
    "zh:aa8be95462c5ca909c923cc3d44636eccc71cb25b51572fe7e2f68bc93c57612",
    "zh:b520c0661c514586b2aa3105c4345eda4d34ef08b62fda2cc20a2bcb8cb88ab2",
    "zh:be8125f1b6bc8aa93441ec9dd96db5f49d21b4dcc100c13028404b461da545c9",
    "zh:c6aab9b6b04fa8483aa10c194eaab8e4a1fbffc64ad495f5027d496e5b2da214",
    "zh:d537d85afc71c51d86b1031586c619c503df9462e0240d94984bc32273a03df2",
    "zh:eaa9f41d33fa7731c4a937e80554a1b6b2042d273705e4c8fc983ba251193206",
    "zh:f0d085065a0ada787ad080ddd6e7c646b8ca3a351712961de735d18c9d59af7c",
  ]
 }
--- a/infra/README.md
+++ b/infra/README.md
@@ -19,3 +19,8 @@ tofu import hcloud_firewall.hcloud_firewall YYY
 ```
 For Hetzner Cloud, the resource IDs can be found in the URL of the admin console.
 ## Outputs
 The nix configuration reads some values from the `outputs.json` file.
 When modifying these, the file should be regenerated with `tofu output -json > outputs.json`.
--- a/infra/crocus.tf
+++ b/infra/crocus.tf
@@ -1,8 +1,20 @@
 resource "hcloud_server" "crocus_server" {
  name         = "crocus"
  server_type  = "cx22"
  datacenter   = "nbg1-dc3"
  image        = "ubuntu-20.04"
  firewall_ids = [hcloud_firewall.crocus_firewall.id]
  public_net {
    ipv4 = hcloud_primary_ip.crocus_ipv4.id
  }
 }
 resource "hcloud_primary_ip" "crocus_ipv4" {
  name          = "crocus_ipv4"
  type          = "ipv4"
  datacenter    = "nbg1-dc3"
  assignee_type = "server"
  auto_delete   = true
 }
 resource "hcloud_firewall" "crocus_firewall" {
@@ -50,3 +62,7 @@ resource "hcloud_firewall" "crocus_firewall" {
    source_ips = ["0.0.0.0/0", "::/0"]
  }
 }
 output "crocus_ipv4" {
  value = hcloud_primary_ip.crocus_ipv4.ip_address
 }
--- a/infra/dns.tf
+++ b/infra/dns.tf
@@ -21,3 +21,46 @@ resource "gandi_livedns_record" "rpqt_fr_radicle_aaaa" {
    hcloud_server.crocus_server.ipv6_address,
  ]
 }
 resource "gandi_livedns_record" "rpqt_fr_cloud_a" {
  zone   = data.gandi_livedns_domain.rpqt_fr.id
  name   = "cloud"
  type   = "A"
  ttl    = 10800
  values = local.verbena_ipv4_addresses
 }
 resource "gandi_livedns_record" "rpqt_fr_cloud_aaaa" {
  zone   = data.gandi_livedns_domain.rpqt_fr.id
  name   = "cloud"
  type   = "AAAA"
  ttl    = 10800
  values = local.verbena_ipv6_addresses
 }
 data "ovh_vps" "verbena_vps" {
  service_name = "vps-7e78bac2.vps.ovh.net"
 }
 data "ovh_domain_zone" "turifer_dev" {
  name = "turifer.dev"
 }
 resource "ovh_domain_zone_import" "turifer_dev_import" {
  zone_name = "turifer.dev"
  zone_file = local.turifer_dev_zone_file
 }
 locals {
  verbena_ipv4_addresses = [for ip in data.ovh_vps.verbena_vps.ips : ip if provider::assert::ipv4(ip)]
  verbena_ipv6_addresses = [for ip in data.ovh_vps.verbena_vps.ips : ip if provider::assert::ipv6(ip)]
  turifer_dev_zone_file = templatefile("./templates/turifer.dev.zone", {
    crocus_ipv4_address = hcloud_server.crocus_server.ipv4_address
    crocus_ipv6_address = hcloud_server.crocus_server.ipv6_address
    verbena_ipv4_addresses = local.verbena_ipv4_addresses
    verbena_ipv6_addresses = local.verbena_ipv6_addresses
  })
 }
--- a/infra/flake-module.nix
+++ b/infra/flake-module.nix
@@ -0,0 +1,18 @@
 {
  flake.infra =
    let
      tf_outputs = builtins.fromJSON (builtins.readFile ../infra/outputs.json);
    in
    {
      machines = {
        verbena = {
          ipv4 = tf_outputs.verbena_ipv4.value;
          ipv6 = tf_outputs.verbena_ipv6.value;
          gateway6 = tf_outputs.verbena_gateway6.value;
        };
        crocus = {
          ipv4 = tf_outputs.crocus_ipv4.value;
        };
      };
    };
 }
--- a/infra/main.tf
+++ b/infra/main.tf
@@ -8,5 +8,12 @@ terraform {
      source  = "hetznercloud/hcloud"
      version = "~> 1.45"
    }
    ovh = {
      source  = "ovh/ovh"
      version = "2.5.0"
    }
    assert = {
      source = "hashicorp/assert"
    }
  }
 }
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1,2 @@`
							`include ~/.config/sway/config.d/*`
							`include /etc/sway/config.d/*`
		`@@ -0,0 +1,2 @@`
							`# Highlight the executable in green if it is found`
							`source /usr/share/zsh/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.plugin.zsh`