flake: home-manager: export NixOS homes

And here is what the last few commits were building up to.

This is neat, but won't be useful *very* often.

.envrc

@@ -1,3 +1,4 @@
+# shellcheck shell=bash
 if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then
     source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg="
 fi

.woodpecker/check.yml

@@ -7,17 +7,17 @@ steps:
   commands:
   - nix flake check
 
-- name: notifiy
+- name: notify
   image: bash
-  secrets:
-  - source: matrix_homeserver
-    target: address
-  - source: matrix_roomid
-    target: room
-  - source: matrix_username
-    target: user
-  - source: matrix_password
-    target: pass
+  environment:
+    ADDRESS:
+      from_secret: matrix_homeserver
+    ROOM:
+      from_secret: matrix_roomid
+    USER:
+      from_secret: matrix_username
+    PASS:
+      from_secret: matrix_password
   commands:
   - nix run '.#matrix-notifier'
   when:

flake.lock

@@ -14,11 +14,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1703433843,
-        "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=",
+        "lastModified": 1750173260,
+        "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "417caa847f9383e111d1397039c9d4337d024bf0",
+        "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
         "type": "github"
       },
       "original": {
@@ -36,11 +36,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1700795494,
-        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
+        "lastModified": 1744478979,
+        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
+        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
         "type": "github"
       },
       "original": {
@@ -53,11 +53,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1673956053,
-        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
         "type": "github"
       },
       "original": {
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1704152458,
-        "narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=",
+        "lastModified": 1751413152,
+        "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "88a2cd8166694ba0b6cb374700799cec53aef527",
+        "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5",
         "type": "github"
       },
       "original": {
@@ -94,11 +94,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1701680307,
-        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
         "type": "github"
       },
       "original": {
@@ -108,19 +108,42 @@
         "type": "github"
       }
     },
-    "gitignore": {
+    "git-hooks": {
       "inputs": {
+        "flake-compat": "flake-compat",
+        "gitignore": "gitignore",
         "nixpkgs": [
-          "pre-commit-hooks",
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1660459072,
-        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
+        "lastModified": 1750779888,
+        "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "ref": "master",
+        "repo": "git-hooks.nix",
+        "type": "github"
+      }
+    },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "git-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1709087332,
+        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
         "owner": "hercules-ci",
         "repo": "gitignore.nix",
-        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
+        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
         "type": "github"
       },
       "original": {
@@ -136,11 +159,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1704276313,
-        "narHash": "sha256-4eD4RaAKHLj0ztw5pQcNFs3hGpxrsYb0e9Qir+Ute+w=",
+        "lastModified": 1751429452,
+        "narHash": "sha256-4s5vRtaqdNhVBnbOWOzBNKrRa0ShQTLoEPjJp3joeNI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "4d8f90205c6c90be2e81d94d0e5eedf71c1ba34e",
+        "rev": "df12269039dcf752600b1bcc176bacf2786ec384",
         "type": "github"
       },
       "original": {
@@ -152,11 +175,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1703961334,
-        "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
+        "lastModified": 1751271578,
+        "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
+        "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df",
         "type": "github"
       },
       "original": {
@@ -167,47 +190,27 @@
       }
     },
     "nur": {
-      "locked": {
-        "lastModified": 1704289500,
-        "narHash": "sha256-SMoojjdEMgf6GtPh5vzofdeev4nyM+vBi2J6Z/Sufco=",
-        "owner": "nix-community",
-        "repo": "NUR",
-        "rev": "a18213c74e43dd6e941c41d77382377938c77caf",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "ref": "master",
-        "repo": "NUR",
-        "type": "github"
-      }
-    },
-    "pre-commit-hooks": {
       "inputs": {
-        "flake-compat": "flake-compat",
-        "flake-utils": [
-          "futils"
+        "flake-parts": [
+          "flake-parts"
         ],
-        "gitignore": "gitignore",
         "nixpkgs": [
           "nixpkgs"
         ],
-        "nixpkgs-stable": [
-          "nixpkgs"
-        ]
+        "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1703939133,
-        "narHash": "sha256-Gxe+mfOT6bL7wLC/tuT2F+V+Sb44jNr8YsJ3cyIl4Mo=",
-        "owner": "cachix",
-        "repo": "pre-commit-hooks.nix",
-        "rev": "9d3d7e18c6bc4473d7520200d4ddab12f8402d38",
+        "lastModified": 1741294988,
+        "narHash": "sha256-3408u6q615kVTb23WtDriHRmCBBpwX7iau6rvfipcu4=",
+        "owner": "nix-community",
+        "repo": "NUR",
+        "rev": "b30c245e2c44c7352a27485bfd5bc483df660f0e",
         "type": "github"
       },
       "original": {
-        "owner": "cachix",
+        "owner": "nix-community",
         "ref": "master",
-        "repo": "pre-commit-hooks.nix",
+        "repo": "NUR",
         "type": "github"
       }
     },
@@ -216,10 +219,10 @@
         "agenix": "agenix",
         "flake-parts": "flake-parts",
         "futils": "futils",
+        "git-hooks": "git-hooks",
         "home-manager": "home-manager",
         "nixpkgs": "nixpkgs",
         "nur": "nur",
-        "pre-commit-hooks": "pre-commit-hooks",
         "systems": "systems"
       }
     },
@@ -238,6 +241,27 @@
         "repo": "default",
         "type": "github"
       }
+    },
+    "treefmt-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nur",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1733222881,
+        "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "49717b5af6f80172275d47a418c9719a31a78b53",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -55,17 +55,19 @@
       owner = "nix-community";
       repo = "NUR";
       ref = "master";
+      inputs = {
+        flake-parts.follows = "flake-parts";
+        nixpkgs.follows = "nixpkgs";
+      };
     };
 
-    pre-commit-hooks = {
+    git-hooks = {
       type = "github";
       owner = "cachix";
-      repo = "pre-commit-hooks.nix";
+      repo = "git-hooks.nix";
       ref = "master";
       inputs = {
-        flake-utils.follows = "futils";
         nixpkgs.follows = "nixpkgs";
-        nixpkgs-stable.follows = "nixpkgs";
       };
     };
 

flake/checks.nix

@@ -1,7 +1,7 @@
 { inputs, ... }:
 {
   imports = [
-    inputs.pre-commit-hooks.flakeModule
+    inputs.git-hooks.flakeModule
   ];
 
   perSystem = { ... }: {

flake/default.nix

@@ -1,9 +1,9 @@
 { flake-parts
-, futils
+, systems
 , ...
 } @ inputs:
 let
-  mySystems = futils.lib.defaultSystems;
+  mySystems = import systems;
 in
 flake-parts.lib.mkFlake { inherit inputs; } {
   systems = mySystems;
@@ -13,6 +13,7 @@ flake-parts.lib.mkFlake { inherit inputs; } {
     ./checks.nix
     ./dev-shells.nix
     ./home-manager.nix
+    ./hosts.nix
     ./lib.nix
     ./nixos.nix
     ./overlays.nix

flake/dev-shells.nix

@@ -6,7 +6,6 @@
         name = "NixOS-config";
 
         nativeBuildInputs = with pkgs; [
-          gitAndTools.pre-commit
           nixpkgs-fmt
         ];
 

flake/home-manager.nix

@@ -1,8 +1,15 @@
-{ self, inputs, lib, ... }:
+{ self, config, inputs, lib, ... }:
 let
+  inherit (config) hosts;
+
   defaultModules = [
     # Include generic settings
     "${self}/modules/home"
+    {
+      nixpkgs.overlays = (lib.attrValues self.overlays) ++ [
+        inputs.nur.overlays.default
+      ];
+    }
     {
       # Basic user information defaults
       home.username = lib.mkDefault "ambroisie";
@@ -14,24 +21,17 @@ let
       # Enable home-manager
       programs.home-manager.enable = true;
     }
+    # Import common modules
+    "${self}/modules/common"
   ];
 
-  mkHome = name: system: inputs.home-manager.lib.homeManagerConfiguration {
-    # Work-around for home-manager
-    # * not letting me set `lib` as an extraSpecialArgs
-    # * not respecting `nixpkgs.overlays` [1]
-    # [1]: https://github.com/nix-community/home-manager/issues/2954
-    pkgs = import inputs.nixpkgs {
-      inherit system;
+  mkHomeCommon = mainModules: system: inputs.home-manager.lib.homeManagerConfiguration {
+    pkgs = inputs.nixpkgs.legacyPackages.${system};
 
-      overlays = (lib.attrValues self.overlays) ++ [
-        inputs.nur.overlay
-      ];
-    };
+    modules = defaultModules ++ mainModules;
 
-    modules = defaultModules ++ [
-      "${self}/hosts/homes/${name}"
-    ];
+    # Use my extended lib in NixOS configuration
+    inherit (self) lib;
 
     extraSpecialArgs = {
       # Inject inputs to use them in global registry
@@ -39,24 +39,41 @@ let
     };
   };
 
-  homes = {
+  mkHome = name: mkHomeCommon [ "${self}/hosts/homes/${name}" ];
+
+  mkNixosHome = name: mkHomeCommon [
+    "${self}/hosts/nixos/${name}/home.nix"
+    "${self}/hosts/nixos/${name}/profiles.nix"
+  ];
+in
+{
+  hosts.homes = {
     "ambroisie@bazin" = "x86_64-linux";
     "ambroisie@mousqueton" = "x86_64-linux";
   };
-in
-{
+
   perSystem = { system, ... }: {
     # Work-around for https://github.com/nix-community/home-manager/issues/3075
     legacyPackages = {
       homeConfigurations =
         let
-          filteredHomes = lib.filterAttrs (_: v: v == system) homes;
+          filteredHomes = lib.filterAttrs (_: v: v == system) hosts.homes;
           allHomes = filteredHomes // {
             # Default configuration
             ambroisie = system;
           };
+          homeManagerHomes = lib.mapAttrs mkHome allHomes;
+
+          filteredNixosHosts = lib.filterAttrs (_: v: v == system) hosts.nixos;
+          nixosHomes' = lib.mapAttrs mkNixosHome filteredNixosHosts;
+          nixosHomeUsername = (host: self.nixosConfigurations.${host}.config.my.user.name);
+          nixosHomes = lib.mapAttrs' (host: lib.nameValuePair "${nixosHomeUsername host}@${host}") nixosHomes';
         in
-        lib.mapAttrs mkHome allHomes;
+        lib.foldl' lib.mergeAttrs { }
+          [
+            homeManagerHomes
+            nixosHomes
+          ];
     };
   };
 }

flake/hosts.nix

@@ -0,0 +1,21 @@
+# Define `hosts.{darwin,home,nixos}` options for consumption in other modules
+{ lib, ... }:
+let
+  mkHostsOption = description: lib.mkOption {
+    inherit description;
+    type = with lib.types; attrsOf str;
+    default = { };
+    example = { name = "x86_64-linux"; };
+  };
+in
+{
+  options = {
+    hosts = {
+      darwin = mkHostsOption "Darwin hosts";
+
+      homes = mkHostsOption "Home Manager hosts";
+
+      nixos = mkHostsOption "NixOS hosts";
+    };
+  };
+}

flake/nixos.nix

@@ -1,22 +1,26 @@
-{ self, inputs, lib, ... }:
+{ self, config, inputs, lib, ... }:
 let
   defaultModules = [
     {
       # Let 'nixos-version --json' know about the Git revision
-      system.configurationRevision = self.rev or "dirty";
+      system.configurationRevision = self.rev or self.dirtyRev or "dirty";
     }
     {
       nixpkgs.overlays = (lib.attrValues self.overlays) ++ [
-        inputs.nur.overlay
+        inputs.nur.overlays.default
       ];
     }
     # Include generic settings
     "${self}/modules/nixos"
+    # Import common modules
+    "${self}/modules/common"
   ];
 
   buildHost = name: system: lib.nixosSystem {
-    inherit system;
     modules = defaultModules ++ [
+      {
+        nixpkgs.hostPlatform = system;
+      }
       "${self}/hosts/nixos/${name}"
     ];
     specialArgs = {
@@ -28,8 +32,12 @@ let
   };
 in
 {
-  flake.nixosConfigurations = lib.mapAttrs buildHost {
-    aramis = "x86_64-linux";
-    porthos = "x86_64-linux";
+  config = {
+    hosts.nixos = {
+      aramis = "x86_64-linux";
+      porthos = "x86_64-linux";
+    };
+
+    flake.nixosConfigurations = lib.mapAttrs buildHost config.hosts.nixos;
   };
 }

hosts/homes/ambroisie@bazin/default.nix

@@ -1,9 +1,23 @@
-# Google Cloudtop configuration
-{ lib, pkgs, ... }:
+# Google Laptop configuration
+{ lib, options, pkgs, ... }:
 {
   services.gpg-agent.enable = lib.mkForce false;
 
   my.home = {
+    atuin = {
+      package = pkgs.stdenv.mkDerivation {
+        pname = "atuin";
+        version = "18.4.0";
+
+        buildCommand = ''
+          mkdir -p $out/bin
+          ln -s /usr/bin/atuin $out/bin/atuin
+        '';
+
+        meta.mainProgram = "atuin";
+      };
+    };
+
     git = {
       package = pkgs.emptyDirectory;
     };
@@ -12,8 +26,10 @@
       # I use scripts that use the passthrough sequence often on this host
       enablePassthrough = true;
 
-      # HTerm uses `xterm-256color` as its `$TERM`, so use that here
-      trueColorTerminals = [ "xterm-256color" ];
+      terminalFeatures = {
+        # HTerm uses `xterm-256color` as its `$TERM`, so use that here
+        xterm-256color = { };
+      };
     };
 
     ssh = {
@@ -21,5 +37,21 @@
         package = pkgs.emptyDirectory;
       };
     };
+
+    zsh = {
+      notify = {
+        enable = true;
+
+        exclude = options.my.home.zsh.notify.exclude.default ++ [
+          "adb shell$" # Only interactive shell sessions
+        ];
+
+        ssh = {
+          enable = true;
+          # `notify-send` is proxied to the ChromeOS layer
+          useOsc777 = false;
+        };
+      };
+    };
   };
 }

hosts/homes/ambroisie@mousqueton/default.nix

@@ -7,6 +7,20 @@
   services.gpg-agent.enable = lib.mkForce false;
 
   my.home = {
+    atuin = {
+      package = pkgs.stdenv.mkDerivation {
+        pname = "atuin";
+        version = "18.4.0";
+
+        buildCommand = ''
+          mkdir -p $out/bin
+          ln -s /usr/bin/atuin $out/bin/atuin
+        '';
+
+        meta.mainProgram = "atuin";
+      };
+    };
+
     git = {
       package = pkgs.emptyDirectory;
     };
@@ -15,8 +29,13 @@
       # I use scripts that use the passthrough sequence often on this host
       enablePassthrough = true;
 
-      # HTerm uses `xterm-256color` as its `$TERM`, so use that here
-      trueColorTerminals = [ "xterm-256color" ];
+      # Frequent reboots mean that session persistence can be handy
+      enableResurrect = true;
+
+      terminalFeatures = {
+        # HTerm uses `xterm-256color` as its `$TERM`, so use that here
+        xterm-256color = { };
+      };
     };
   };
 }

hosts/nixos/aramis/hardware.nix

@@ -26,6 +26,12 @@
     firmware = {
       cpuFlavor = "intel";
     };
+
+    graphics = {
+      enable = true;
+
+      gpuFlavor = "intel";
+    };
   };
 
   hardware = {

hosts/nixos/aramis/home.nix

@@ -2,7 +2,7 @@
 {
   my.home = {
     # Use graphical pinentry
-    bitwarden.pinentry = "qt";
+    bitwarden.pinentry = pkgs.pinentry-gtk2;
     # Ebook library
     calibre.enable = true;
     # Some amount of social life
@@ -14,13 +14,13 @@
     # Blue light filter
     gammastep.enable = true;
     # Use a small popup to enter passwords
-    gpg.pinentry = "qt";
+    gpg.pinentry = pkgs.pinentry-gtk2;
     # Machine specific packages
     packages.additionalPackages = with pkgs; [
       element-desktop # Matrix client
       jellyfin-media-player # Wraps the webui and mpv together
       pavucontrol # Audio mixer GUI
-      transgui # Transmission remote
+      trgui-ng # Transmission remote
     ];
     # Minimal video player
     mpv.enable = true;

hosts/nixos/porthos/boot.nix

@@ -3,15 +3,14 @@
 
 {
   boot = {
-    # Use the GRUB 2 boot loader.
-    loader.grub = {
-      enable = true;
-      # Define on which hard drive you want to install Grub.
-      device = "/dev/disk/by-id/ata-HGST_HUS724020ALA640_PN2181P6J58M1P";
+    # Use the systemd-boot EFI boot loader.
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
     };
 
     initrd = {
-      availableKernelModules = [ "uhci_hcd" "ahci" "usbhid" ];
+      availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "usbhid" "sd_mod" ];
       kernelModules = [ "dm-snapshot" ];
     };
 

hosts/nixos/porthos/default.nix

@@ -7,6 +7,7 @@
     ./hardware.nix
     ./home.nix
     ./networking.nix
+    ./profiles.nix
     ./secrets
     ./services.nix
     ./system.nix
@@ -16,11 +17,5 @@
   # Set your time zone.
   time.timeZone = "Europe/Paris";
 
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "20.09"; # Did you read the comment?
+  system.stateVersion = "24.05"; # Did you read the comment?
 }

hosts/nixos/porthos/hardware.nix

@@ -1,5 +1,5 @@
 # Hardware configuration
-{ lib, modulesPath, ... }:
+{ modulesPath, ... }:
 
 {
   imports = [
@@ -11,9 +11,18 @@
     fsType = "ext4";
   };
 
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/boot";
+    fsType = "vfat";
+  };
+
   swapDevices = [
     { device = "/dev/disk/by-label/swap"; }
   ];
 
-  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+  my.hardware = {
+    firmware = {
+      cpuFlavor = "intel";
+    };
+  };
 }

hosts/nixos/porthos/home.nix

@@ -1,11 +1,18 @@
 { ... }:
 {
   my.home = {
-    # Allow using 24bit color when SSH-ing from various clients
-    tmux.trueColorTerminals = [
+    nix = {
+      cache = {
+        # This server is the one serving the cache, don't try to query it
+        selfHosted = false;
+      };
+    };
+
+    # Allow using extended features when SSH-ing from various clients
+    tmux.terminalFeatures = {
       # My usual terminal, e.g: on laptop
-      "alacritty"
-    ];
+      alacritty = { };
+    };
 
     # Always start a tmux session when opening a shell session
     zsh.launchTmux = true;

hosts/nixos/porthos/install.sh

@@ -3,7 +3,7 @@
 SWAP_SIZE=16GiB
 
 parted /dev/sda --script -- \
-    mklabel msdos \
+    mklabel gpt \
     mkpart primary 512MiB -$SWAP_SIZE \
     mkpart primary linux-swap -$SWAP_SIZE 100% \
     mkpart ESP fat32 1MiB 512MiB \
@@ -11,14 +11,24 @@ parted /dev/sda --script -- \
 
 parted /dev/sdb --script -- \
     mklabel gpt \
-    mkpart primary 0MiB 100%
+    mkpart primary 0% 100%
+parted /dev/sdc --script -- \
+    mklabel gpt \
+    mkpart primary 0% 100%
+parted /dev/sdd --script -- \
+    mklabel gpt \
+    mkpart primary 0% 100%
 
 mkfs.ext4 -L media1 /dev/sda1
 mkfs.ext4 -L media2 /dev/sdb1
+mkfs.ext4 -L media3 /dev/sdc1
+mkfs.ext4 -L media4 /dev/sdd1
 
 pvcreate /dev/sda1
 pvcreate /dev/sdb1
-vgcreate lvm /dev/sda1 /dev/sdb1
+pvcreate /dev/sdc1
+pvcreate /dev/sdd1
+vgcreate lvm /dev/sda1 /dev/sdb1 /dev/sdc1 /dev/sdd1
 lvcreate -l 100%FREE -n media lvm
 
 mkfs.ext4 -L nixos /dev/mapper/lvm-media
@@ -27,17 +37,17 @@ mkfs.fat -F 32 -n boot /dev/sda3
 
 mount /dev/disk/by-label/nixos /mnt
 swapon /dev/sda2
+mkdir -p /mnt/boot
+mount /dev/disk/by-label/boot /mnt/boot
 
 apt install sudo
 useradd -m -G sudo setupuser
-# shellcheck disable=2117
-su setupuser
 
 cat << EOF
 # Run the following commands as setup user
-curl -L https://nixos.org/nix/install | sh
-. $HOME/.nix-profile/etc/profile.d/nix.sh
-nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs
+curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
+. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
+nix profile install nixpkgs#nixos-install-tools
 sudo "$(which nixos-generate-config)" --root /mnt
 
 # Change uuids to labels
@@ -54,3 +64,6 @@ git crypt unlock
 
 nixos-install --root /mnt --flake '.#<hostname>'
 EOF
+
+# shellcheck disable=2117
+su setupuser

hosts/nixos/porthos/networking.nix

@@ -6,30 +6,17 @@
     hostName = "porthos"; # Define your hostname.
     domain = "belanyi.fr"; # Define your domain.
 
-
-    # The global useDHCP flag is deprecated, therefore explicitly set to false here.
-    # Per-interface useDHCP will be mandatory in the future, so this generated config
-    # replicates the default behaviour.
-    useDHCP = false;
-
+    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+    # (the default) this is the recommended approach. When using systemd-networkd it's
+    # still possible to use this option, but it's recommended to use it in conjunction
+    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+    useDHCP = true;
     interfaces = {
-      bond0.useDHCP = true;
-      bonding_masters.useDHCP = true;
-      dummy0.useDHCP = true;
-      erspan0.useDHCP = true;
-      eth0.useDHCP = true;
-      eth1.useDHCP = true;
-      gre0.useDHCP = true;
-      gretap0.useDHCP = true;
-      ifb0.useDHCP = true;
-      ifb1.useDHCP = true;
-      ip6tnl0.useDHCP = true;
-      sit0.useDHCP = true;
-      teql0.useDHCP = true;
-      tunl0.useDHCP = true;
+      eno1.useDHCP = true;
+      eno2.useDHCP = true;
     };
   };
 
   # Which interface is used to connect to the internet
-  my.hardware.networking.externalInterface = "eth0";
+  my.hardware.networking.externalInterface = "eno1";
 }

hosts/nixos/porthos/profiles.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  # Nothing
+}

hosts/nixos/porthos/secrets/acme/dns-key.age

@@ -1,10 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg 0bz3W8QcGaulxy+kDmM717jTthQpFOCwV9HkenFJEyo
-NKeh1/JkX4WAWbOjUeKLMbsyCevnDf3a70FfYUav26c
--> ssh-ed25519 jPowng Q59ybJMMteOSB6hZ5m6UPP0N2p8jrDSu5vBYwPgGcRw
-j420on2jSsfMsv4MDtiOTMIFjaXV7sIsrS+g4iab+68
--> z}.q-grease s2W<qM_Z t
-n1Yfs/gmNsl/n9HtuKBIIT8iwIjYca2yxlh7Q1XAT1B+RZ8oGjW8yCPj1unbDGZL
-e5BfLO3zgkEZnQ
---- FSgNKEdDeeTjCx9jN9UtOFl58mC/Lbu1PAYRGK0CZW4
-U€¿+æ©jïÝ{gø`GŽ›ÆàˆR¾Qk]šóïdÐ6å˜ú‚y5T²$Äñs~Ùh‰Ä£òÔ<C3B2>Fº¢ç%°vöÌm<C38C>
+-> ssh-ed25519 cKojmg Ec0xt1uJTva8MxUdoTVX5m3uWaIiRlodf345FEM7Uzs
+aJIneWFJPB5HVeoUGp57agXih9YeZ6xMEbyQ+zJtWQY
+-> ssh-ed25519 jPowng B5XotRgv7s/FUegGhceBj7EoukewNUOIFl4TFRQf1EQ
+PgGCBd/Pqwp7ayqi7okHBGF1SfFpwT4KlHJ/np6p2uQ
+--- AeLgwGz6k3OABb53cXNaCU/sgI4FlU1s6p8PhAaFOlg
+1ÌÉCÔ¹ð¤ŽULfI1¸Hm»Ûòb}m”” ÁÅ¡ìg•ß0¦¢–¤`X<16>G>\>¹8rŽz+Š›Y ™¼`—Ê¢.JBUÏ!z¸Z50ú*õ¡ÙŸ¤×ÖÇ®I<C2AE>ôÔ]¹
‹ÏåI
+ĵ<18>¿–oÒÛ°…g„®„ÒêÁ³Â¿Ÿt’©nƒºãcz[»{
+jçå&ÁõõNæ°Nÿo{õš½‚
-eP¾=L‰™
6¦.SP:»e¶–

hosts/nixos/porthos/secrets/aria/rpc-token.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 cKojmg fpiyZo1AR5hCfk/KtbgWCTzz+05/VOUnnaHhWgXQRwc
+d2w9IX/kq/T6OwQ1zImsCmzIX2yfFD8hQDbs0IW3ZIA
+-> ssh-ed25519 jPowng E9R7p9NCubUQrymjnrNfEjSNIIAXrBQLogNkWsOx8xc
+MrWEE5LNtOqAjnwA6byfSa1udnbUtqBy4FhdxipuA+g
+--- fKgerjgGs+brvNKnrWdpmOadl34LipMT6Msqse2g3E0
+Œ¡E9³ï¬‚KYRL-‡„°¡Ç·\E–ŸK{ÃÜ7âço»ïò²XÂGx<0E>ÍT’Î)Ëœôä<C3B4>6°%ˆ­LO€Tðÿ*‰™*8\£É@G

hosts/nixos/porthos/secrets/backup/password.age

@@ -1,8 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg dgS4bezgtDi44R1A8am+J6zh80kUVYTo1heaxJCtzX4
-F3w/62xwtqYa40NU7OvF9pnZzYz/5hACAGJfMA4e2zw
--> ssh-ed25519 jPowng lx81CK3yeNp9RjHCUFJeKYZlRzxBmXuADVBvRc13zCI
-P7e75t8xU+ZkYmeQ8mmMfyZZsRdG1J8yrvSUkiWzkFQ
--> *z4/`-grease S/)a{e sFd";=
---- 15FVhqRTkoPFEeETRRyFQhsv4Fn19Ozlax0u8Zy9mNA
-õ#+¥àÎvøSÈ4èá}<7D>§Rì%‹Î¯F4fnDœ˜J¹¤Z‹¸A¥Û™,_
+-> ssh-ed25519 cKojmg O3DMSSPQP9/ehXmzs0xcCGllu7VSzhd6b4Pii8t2vWQ
+Ys1nMv2384elWWGW9C8HabvwUeWu52VsQpxx9L/4/dM
+-> ssh-ed25519 jPowng ft/9SX5fpG7+7gHMubaFtb+50/gfNgmaofOVq5UjRUE
+xMwdFjFdkH0Li+PikaFt0WAZbFUu5daHgkfN8aQQumo
+--- 7DVINvXIXdE1MRwIkeajonYsy1cp4HugCxfTeub5SXU
+<¥ö¡Ãñ<ýØ{VÇ?ñfk/¤áI®"<22>ï×/5K"Š¸(ì¢ùiÃÔôìñ

hosts/nixos/porthos/secrets/drone/secret.age

@@ -1,9 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg 1+cLlzctgcM0FnVDwMPOAqBkvMcDBRg8SvCw4djI93Y
-oV2XI4f1AvM9P591kZZ6NgJXa+SDtqGzCSgc4psOmxM
--> ssh-ed25519 jPowng Ufjfh1p350XxRPg95+/DHdmnl4lC0bbzUUlaxd1Bmxc
-/RHwFDSn2ov+60r1uHUigrsn99+GmmKmlk4h4T2gbA0
--> *Lc$@-grease
-pzVJAHy1qRq3jUrnFV0DDO7/hwV1US4Ogf0RsrVfX0xzbr73uJ003YjieVB25LqN
---- ME7/iVevyiguyhXugbkVFGzJV0yDccyKNlWbEZa/FmY
-YžŠXjb2uþnd;i0íýX]…§é0–þjé’L„PÔT~óú ƒÙ^kc”$D×ÚÛr¹úu³¶fr€e¸OÕ¸þ<C2B8>+p•¨<E280A2><C2A8>&ãw®öϨ
+-> ssh-ed25519 cKojmg 0J8FMcVRf78LYG+dTOFzu3luXwhOjdOg0sx4Jxdccj4
+tdrCcfcYbTZYhL18RG3goiqtyhu3NTn+fJhdIAnU5uA
+-> ssh-ed25519 jPowng qlF8nkSEg5fZgai0VP5eTSlZOHyj5IcalTf+QNWITVo
+O5aiZX0AJD76ixsu6i9xnnFBQANdsu3h6XzdTQ6KtKU
+--- ByMQt9bnbzd8YO0Y93FIYF/lmdbYcOydkYdKxpRQujM
++堍6JNm裶遁[Eb1p)vD究侖PL9捦€z逡<7A>煸!縺贿噮'嘥閍顖卷赿5︰:[控d肯峈撟M抪庱zj<7A>

hosts/nixos/porthos/secrets/forgejo/mail-password.age

@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 cKojmg Lhgx43wR8PtAMf5v1eJxKlUBSAoOLdOOn/QaQrwF8zA
+jfUCpgNzkHCNTWCqtErDaLMmg1Oy+s9zUra1JLCi+J4
+-> ssh-ed25519 jPowng kSeQ/SmMrzd8ByVu3YHWeZyKmqFZvQSBnDunkB8e6wc
+WRmnfrV5xcRXA9t0ZXx6YvbRl0sX4PTrw63VVKX4Ei4
+--- a+LLM1gP9g1AbUapbeeKaS4cEcRBmPo3MHU2DSWTAds
+Ò,FÜÒ6”â⬘ixÌ<78>°Øe|
«
+²
+ÌÏœ,{†
ˆõvª!–†‰zÜ$P;ãé©TØÆÉKW
+ qGô

hosts/nixos/porthos/secrets/gitea/mail-password.age

@@ -1,9 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 jPowng BkIjie2KrwDLaZYYIguCs7TPA/wQy+YPguikuhfye0M
-7viTA/EGYB/jRKQm6fFd86DMd4j+Jxsaw/xQ1T8ZKNo
--> ssh-ed25519 cKojmg t1Y8bZvPccNAX8vWQLTfCyOJIBXN515vyfFrEI2EVww
-bJEjpIWrKeQrA/JfY7FRdB6hpHwR/aG4Vya1ChFNBKs
--> jK/-grease Oz.R ?;)G ],
-AuHk9TcC9kl0dg8/L6UfHIk3e9fgGwSTJAJpVgInhok
---- 47z9lol5MtpX0IsO/0ggLDMcNVfl4lNNvoHUSwOU/18
-)gЪeuÞ!œš-
ÞTì¥YAðM+ˆãGbMe@­|A,è&ãÆE!܆p=P²=û9¹ÙP¹!Üö’Q|Ðä r
+-> ssh-ed25519 cKojmg 46BI3ItrXRWMivmd/K8bmkKlrYFSr8cbehAkmwCskig
+gTjYquH1hDEZ2zWD5P7gN/ejTCH8JJb8bC/VLZ3koeg
+-> ssh-ed25519 jPowng 5MqfJlasDbbqlI0dX98NZzHxmYmnnpveyBxa4z48V0o
+r7Yiv4+SZiDncD0Xzp5eFSP4f2yjGBOILKxEO1iT3Os
+--- l43+JtT28i1YDhNX3hE3Qb7swskOBc5ghDqiyh3rU2s
+Ž+)´”¯ÛPô¢nåWT,.<2E>‹²e
ÚNW€Îñ YƱkç
ÿF4Ê#=˜)üîò™6Ö±ÛmȵîJ‹<4A>ª#

hosts/nixos/porthos/secrets/matrix/mail.age

@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg lmu3MinmydRHD0A/YVRRtopermfoBC8M8cTHfVanY1s
-ygrtpZZJ7aeQTblNazpoP7DdifmDxHsE3DFJsIrWX5M
--> ssh-ed25519 jPowng X0cihOc+fBtmtrkEivIHQngdYIobezXEF1x+pHqNzAw
-/+sw9x1NWY0anZhDMpAywBPrR0F4XCHaF9e8j/Yo/kI
--> 32;%1s-grease
-JafjuSZty6a4NSO/y4y5wHWL8Mw
---- dwCl66vdpsL0MR5NWWvg3JUnQ2QZQBeW0Dj0l5tvOKY
-oi,`ÓÜ#uÄwW%PoubÚ­cy8<79>ó
ƒÃÉ><¿F‰Ååq…ÂKÂÇk0Çk/<2F>hÀ¥Ÿ5势ÝF+ýu‡ •e€<06>¾Ÿ²óôbãè>1QŠ2®ñwn˜WbÖ–B˜âî<C3A2>iŸ^xurâ†-/llùÒÀÀ-ã=°7;jã0»I×%Fi¼<69>í€ø‹™A;Y†ìUd]KÅI0(½ ”øAg£Ðóž^†uG:äpkJ’Ÿ:q<>¢šWSaLw¯¿Ô!ïM
³4ã L/ùZŇ®¢D¶-XéUb»‘vÊbP‚ó›0ÇÅfÂ9êú<08> †âJ`ÃX°ôÐOÅ!s›{ÙÄQAšc€c;ÏÃÑ‹4öMíچݹlxH&ïéöé{é}ÁäÛzZ¦œ‚9ûÊXžÜ“g‰]Vϱ•0gt¡¿…žw·
+-> ssh-ed25519 cKojmg u+5VWUy7eFq4boAIOhuKXZYD4mhczaUAcjz4+coVggA
+QlBHHgz7uY3TVgex59yZA0XgsIeHi2WN2S+UleC7bMg
+-> ssh-ed25519 jPowng IyeI6WUjF8wxe92xD3xY++4ZqXtY8divB39eLWfAtm8
+eGj8w5X2ydS1LJvNSmo56xzRVoUB0iAKKs2NHX968Yc
+--- hsYH9lUl3wIErJmBKzlWV+gIR5v6vgPIcNDgd0hiRGc
+¹Ã@Úl<C39A>ôQûsÈ„ÿ×£©Dƒ}^{ºžá¾X)¸nYóJhXhg8wƒž´ ­ “ú°˜Ó¨Ç‚Çw–‡y(œ–aè¸ìê.0>|ÚPSlOÃ|ÈÊE‰õÂÙé°€¡<E282AC>BWó_ˆ³ÜÌ)|x4©„šºë\_F¶
+ZÒo0=dts –j<E28093>[ùŽõ0O+ÑÕRž8±‡ÕiüËçŽÜ»ˆõŒæÆdÀ«ß8j»â©ê
+‚g¹©‘–$xŒÿò¥Æbâ÷í<C3B7>­˜äX·¢gÂ^¼íùG¼Êô¤Ž$UÏûB*ö°é²¡£ÈÔ)[t¶ÃHa•vŸ7<>ÌÑj£âD.z¸+¬[~–õÁÃé9Ùý<C399>àz¼øô`sé¶,_!^YÓïʯ2H¹øS‹¿¼©øÅ<C3B8>øý*âñó@êj
Z^ˆôæÎv~غ¶@ò<>

hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age

@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 cKojmg N182xey8TWRVUWTRP16rT0zlhYZNr/pOZVR7YRnlIkk
-HVqAag55z1cKLgjR3WsUj2wvaVjxm169JcDRJGRvCVU
--> ssh-ed25519 jPowng Dc+aaUTxDsMTY+oOst0SC3ldq1e6zX8F5A5uBL5RHhc
-JWZou6+VaFc5f2OLRIrmFFWg3Er6WSY+TloXU0mP1K8
--> |9_9Aqh%-grease $ X8Mn|5 aKnl' fl<D{T-
-+fAc0cajqxhYWu55HCY
---- SrmtWXQXGYxNTabSrb5tBRXHnK1F22Qoiy7hKYrrF+0
-ñD·û²:,õn0i<>½Àß^ÆŠ`üÔ2Æ#y'ý9ÖñÓÒŽéÿæ<C3BF>r]ÀØ›¹x“³S=ú°ˆôuJéEÛóc€lH Ê~eÅ‚›ŸKtévo'êv+

hosts/nixos/porthos/secrets/monitoring/password.age

@@ -1,10 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg OdLtFHbHbc28rUn47vgsVvXxFNg9nF+9y9R6XOK390Y
-yQQYUPQGjN2+xrSqqBYa7/zS618KrVjX5Amw2MFuSLg
--> ssh-ed25519 jPowng NwUjiLtiXVi6XFmht5l1CxEs3gm0oN4vHYwDZyda7Q4
-di6znVjNRO6QdqteVNkeot5Ko2NwWLe6v+zVR3f+o10
--> 4Vx%\(-grease ^^Z>EC91 R 2BJ d48Wip*s
-yPiBgChRF31XgxccQFLO3MzRL7+5s29sfRoF3W1yUX6Bu59MpxD4D+n/jhLcxSH/
-CxW7KaiOctNmPm5tWh6qjmgQ+V4bcAji5vo4FKs40l56cfyueEJj+Q
---- WUGF28zqK9E1AlOeeCtSHxFg6ikRy85gOoLtBd4m0y0
-.|…rr>©†ðìì1ÅÆ2SÉž.×hw<12>wqºš%i˜øé	‚*U^­)Öè'qžµ›O2ÓœümòQÝ7˜¯m`
+-> ssh-ed25519 cKojmg l5lOlGnbvQ4D2kaSj1dd8Xr+btlNbTkT0SxSz02Vr1E
+Cjy73yKL1N8LnjRXXLpxX+wIOFCa8wrG44VjXUND1lI
+-> ssh-ed25519 jPowng nYHfkP9dRkxu4Fqh8MgrbdZAc8gk+VGDyxIV6RsSeEM
+rKKi1NDoKMMzQ+kUs5ZX4zMqRBI0QwGY7q6K/L9+dLI
+--- Umv3UCtXlApug7uuqmwbQN38i8Lx9/b0uhLgbc3OdZM
+äBLsś ‹?ÖsÓ“s<E2809C>2Îy
+R0ą‘!<fü9txB7dň<13>™ÚŠň^©ô É‡LJ&ń
W
€<©e]
+ţ/$$

hosts/nixos/porthos/secrets/paperless/password.age

@@ -1,10 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg zhpo89xef68JoeOFWzhdFshrj2BXXUCFPMLVJzv6EyE
-fmJxJi5rmyai9qGwDo7iHg4BrObGre96KCpl+g91O6I
--> ssh-ed25519 jPowng INA6EZdy4J1p3QY5mfVOQXiLdOjIDaZR+CZMP+GfkXM
-8Nf5soaxY5SEzeJca5kaJkx7ByOvc4NkJVetB7wpEmo
--> xjK'w-grease
-f5v0cvlt4JbHlAwDOob86qOInWdlN/oohTg
---- NTGv4rr+MhJ/YeZhVHOjoS1V+zCHFf2itJYfK36R+wE
-š×—®JÚ dő– oŞę'YFUź@
-r7”ă“_N$‰˙Ź–č‡>‚ˇę]hq»-¨FŰ°qX˙?Î|?µĘ
+-> ssh-ed25519 cKojmg 1hbRAuAGrTy6nmkAq+UWua8weywphZsTIGF68YQEOlQ
+92Q7uIKv1EiO73wMh53jrTuEkzP6ziBmX9SWXCl4d3w
+-> ssh-ed25519 jPowng aPb9v/S/mLW95Qom+swvasqY878RxpxxOkMJA2wb6nY
+qu/dzcqciqKzNc28HqFMHA1XnrJy+/wWgbfM1+BrlkE
+--- 8PXOozvZzNZQD2OT4a+0XuIQauzUGSvovdfDugmp+bc
+x²Ž‚ê Ã>ùý²ç¦©ðóÁÇ_ÏC9d™T5ŸûKzЄqØcZ©°É¾pŒš¾¡ ใºv
+)Œ³õ²¥

hosts/nixos/porthos/secrets/paperless/secret-key.age

@@ -1,10 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg tZwn2usN6K62oS4vBa6boh9zEp/+cS4chP8boXG6SH4
-Fr3kV8gUDoiDqMxPYWsHyww8umYhQEKhqbVBiVw5NeI
--> ssh-ed25519 jPowng wRbJl4G85obH/GluQBBsXE7MOvooEui65eqHfurvuQs
-KqVZMBSyHhkayEdwI6ocmA4qhHY9zYJvg1CEKM1SOa0
--> 2E"/OFW-grease o Qp3HFe^
-bGhCNicPqt7txqxUiEWXCFs1OuQLqOqHmjHSqYQv919dqYep/xBXzi/aRf3dsdvh
-TCJCTvZG31Qxvikp
---- xKJGbdVp+Z5h0vCBleSF2zYYYd2S5i0y4szNqjRwrDY
-Tª
/N¯<4E>¨¹i7m4‚#³MhiñP¹šÒÞ›Á¥-ÏgI÷ñ±%@E†(›i
ÿ7·ý©ýYg¦k±´"+㸠Àª(þ]o¨¸–ý†ð<E280A0>@báÊÞ§+Ï[‚Y"ÿ‘ÌBóóCR[ >-Ë.4d…¤b9v
+-> ssh-ed25519 cKojmg r3ZUTfSNcHc1TS2fVtk99Y2xJMMunkwkcR0dQIdiCi4
+LICSnzAaooGy6x4wt0vNM6YtQ4S17QohZNt7lfVrD6Q
+-> ssh-ed25519 jPowng KLU68ws4lemr0wWHxm8H8pf1SQAoUZTN4QSPzk2PyHk
+6pjH1pI956oaf9ZIHPPq8p3g/mZC5GxWhWkT54Wohf0
+--- cAQbniTwwtTftfXU/dGtA69yF/hh8iB97vHxvkIZMMo
+°c#Ž=^Ì~?5ú-w—NT†Ì¡<C38C>¨+¶¨Ä!z¥<7A> "’ Zö"2ºëðù×M!pž5×V¬ÈÛjçΡѡŽâ¥âL¹ÁÌyóÐŹúš›n÷ÄŠ8zQö°+¨ËÁØ©9WSµ§<C2B5>Æ0¨u}YÚ

hosts/nixos/porthos/secrets/pdf-edit/login.age

@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 cKojmg VYlHgHSLpfKb5bn1XA3aCpfX7M23DgbraLxxOfo9PDk
+Rj+mDvAsWX3WwpuhTrOubmo17j/aud5+P87df5bosBA
+-> ssh-ed25519 jPowng o9ZFaYrITZ6DjWw07Vk/+TkuU187/ytlEK4sw7G32G4
+zmxlpDvDDEgQFqBVARXeX1ABhvfJ4uAHfa6mIxXzjAY
+--- k/d9FWW8/OSo8EllwOBV74pZyX918u54jEljGk3ATUc
+ü4+ø2{‘hE7!Ò­GA`×<>_@Íß—´
¡R_ý§6J„ñL4v,‚6%ô‡øó#^®	Ù¹
åB­§OøF‚|’7ܽÉL]œÙjR¨
+BþóÛ¾éaòs]xS<78>Î	pbÞo#¬J1QŸ=t}5Õ>Oï‘{+¼.
M"7e»yý÷—

hosts/nixos/porthos/secrets/podgrab/password.age

@@ -1,9 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg 8rcBI7fYHuA3jO6EzJNFaAj2niIApKDt1HQEv61AKTs
-ANxkIX/CeI7t7Zqp6wmjt/D194Z+xpeiidb+qvYzoQU
--> ssh-ed25519 jPowng oruewwTM9X/HjjcmOPcQVdp02rQBlgJPdzvlAffs3T0
-MrO0kaNhjgOkNHuz3NrIMWXNrXOHH9dT/Fk6hoQNKyY
--> COK%H7-grease
-6yfI90QurOKlM+kgpW8KZ/iBzDYD9yhNmjG1LQ
---- uArz8eHg8sLO0sdlkM6cELFh+FHiI5BrM0+iXJxxiDo
-¿vývû´ÊNÊbæ@Ÿ¡Â<C2A1>FÛMMíYËÆíÌ&‰’/%¤¹Ñm¨®ØtÁÖ“ªd†h„­|¡ðŒß©8¼Ž Ú½¨9‚®<11>Cã¯/Å
+-> ssh-ed25519 cKojmg bICZUDqk/C2divEZu2lxUDsrtS1inSbDbS8hxJSJfHc
+FsfueyP6WCesAu5EcXIxxtvbb8RX09qNTN9GvuhYuTw
+-> ssh-ed25519 jPowng Uujsu6c+QTXqCNi6c+zxk5tf0UQcG+Qm/SZF4dzSKCY
+RPVNNNauz73A8kWA0VSQiMWCerUkxPoXG2MUrFly3Bc
+--- 8h4hGasOwZxk+i5aQfg6AzdA1G4wROhxz2rmM9u41b8
+{Rﾜ<>ﾗ=42<34>
y<>咨ｯ眺ﾃj嚀廁<E59A80>WQ▽隯%畊ｽ宅	顕褜返<E8A49C>弁K<E5BC81>ﾄ蘊ﾏFｮﾓ?埴膕K歯｢

hosts/nixos/porthos/secrets/pyload/credentials.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 cKojmg nJbOfp0/wmFOZLzcWjoGB7wEB8e56aO1NntSmn5KomU
+/Vio4Z/t7IPJrdzdwUPidVH3wrouSkwRzNHP0T4z3x0
+-> ssh-ed25519 jPowng QXg/xqs7/VfkYQg3X77w4i53q64bL9oYeTxqb9NVhiQ
+sMHIXlmrIxtIr+s0X4lBqev/PPd3AKD5P7AP5K4NeJg
+--- gzTn+6+aa4Ptic1lsvSt+r3IEBysHrvMMIyONogMDF0
+<EFBFBD>ÏÂ<EFBFBD>Ë®UE_í</¯çQ·Ü+U“AГMÄÿ/kï×dAL/”úÕįÍoæ\XïEDÇÑfã\ièÄ‘½àpF„`#¬n4è–x1î<31>ûÞèDëàÂË5CéЦ&fòB»q${Gg…Aqˆ³@üVu!Cc…R\ªÖ¨

hosts/nixos/porthos/secrets/secrets.nix

@@ -12,6 +12,8 @@ in
 {
   "acme/dns-key.age".publicKeys = all;
 
+  "aria/rpc-token.age".publicKeys = all;
+
   "backup/password.age".publicKeys = all;
   "backup/credentials.age".publicKeys = all;
 
@@ -19,13 +21,24 @@ in
   "drone/secret.age".publicKeys = all;
   "drone/ssh/private-key.age".publicKeys = all;
 
+  "forgejo/mail-password.age" = {
+    owner = "git";
+    publicKeys = all;
+  };
+
   "gitea/mail-password.age" = {
     owner = "git";
     publicKeys = all;
   };
 
-  "lohr/secret.age".publicKeys = all;
-  "lohr/ssh-key.age".publicKeys = all;
+  "lohr/secret.age" = {
+    owner = "lohr";
+    publicKeys = all;
+  };
+  "lohr/ssh-key.age" = {
+    owner = "lohr";
+    publicKeys = all;
+  };
 
   "matrix/mail.age" = {
     owner = "matrix-synapse";
@@ -35,7 +48,8 @@ in
     owner = "matrix-synapse";
     publicKeys = all;
   };
-  "matrix/sliding-sync-secret.age" = {
+
+  "mealie/mail.age" = {
     publicKeys = all;
   };
 
@@ -60,11 +74,27 @@ in
   "paperless/password.age".publicKeys = all;
   "paperless/secret-key.age".publicKeys = all;
 
+  "pdf-edit/login.age".publicKeys = all;
+
   "podgrab/password.age".publicKeys = all;
 
-  "sso/auth-key.age".publicKeys = all;
-  "sso/ambroisie/password-hash.age".publicKeys = all;
-  "sso/ambroisie/totp-secret.age".publicKeys = all;
+  "pyload/credentials.age".publicKeys = all;
+
+  "servarr/autobrr/session-secret.age".publicKeys = all;
+  "servarr/cross-seed/configuration.json.age".publicKeys = all;
+
+  "sso/auth-key.age" = {
+    owner = "nginx-sso";
+    publicKeys = all;
+  };
+  "sso/ambroisie/password-hash.age" = {
+    owner = "nginx-sso";
+    publicKeys = all;
+  };
+  "sso/ambroisie/totp-secret.age" = {
+    owner = "nginx-sso";
+    publicKeys = all;
+  };
 
   "tandoor-recipes/secret-key.age".publicKeys = all;
 

hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 cKojmg bu09lB+fjaPP31cUQZP6EqSPuseucgNK7k9vAS08iS0
++NGL+b2QD/qGo6hqHvosAXzHZtDvfodmPdcgnrKlD1o
+-> ssh-ed25519 jPowng QDCdRBGWhtdvvMCiDH52cZHz1/W7aomhTatZ4+9IKwI
+Ou3jjV/O55G1CPgGS33l3eWhhYWrVdwVNPSiE14d5rE
+--- q0ssmpG50OX1WaNSInc2hbtH3DbTwQGDU74VGEoMh94
+ ¯mCùº<C3B9>Æ‘'hK.Ðì/™Xu(€«Õ×g$½'¼šM{fK˜”!ÛMZ²oR÷®ˆüÎÕ<C38E>ÍŸö;yb

hosts/nixos/porthos/secrets/transmission/credentials.age

@@ -1,10 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg mP2H3PWJN6Pv3q6C2wci3KnXjtFAIiuGy0YH0sGIy2g
-f43QqyUQfTYznszub47kgc2Mz95zVScTDkwnG3INi9U
--> ssh-ed25519 jPowng fENbu7+FZ1mnQQHQCLm1spLHmsQGlRoJResUJtGzYkY
-hX+AqCkLCca6m/aKtGCThi7/mCCz/TZQNJNOlOmlqyA
--> J<-grease
-n7+CPRr4oazWnE7yzpJN2ZAI4QrGsAerloP4wNeebjQDx8+IxJq1JE0g3Yi0RxzN
-chDccuSPLYk45Ov+SD/qqqFZlQ
---- p81HYw3LFj+qz2kiZsDcevM4ZBfvN743P9Jdi7J9XkM
-‚¢ìÛ±S·7 <EFBFBD>‘ý£÷ÜãV»»Bðßâø±³ˆ¶ïO‰lEt˜‹Á…šqý</Ç—Ø©9²ã(ØP†$Wƒ0h;÷‰±àJy¯feø‚ >·_D,PºVFp\æ"AM}èg?<3F>ÿ<EFBFBD>Ý/\²Ä;ùy’¬Óš(<28>ÑSñKË
+-> ssh-ed25519 cKojmg Froxrdh4H2Bsj4X2xicyBXHPRlbkRJAOztoTfzxItSM
+FnsLS2QYm8mJUO+c152FieLCFkALxxwQLnY4PAj8zsU
+-> ssh-ed25519 jPowng pKl4p02M+U5JsiOnM2wXL5bkPwsI3IHjlTutlvez3zM
+NSuOFsyV8JqtTq97lNzacJnJ3YZgWp53XxU3mjUlcMQ
+--- 2TK2ViFblmDheaYdat/GF0ze1wVsla1EPLaeRdMM4Gs
+®àµÕ¨ENÜžäm›Û2uÂ~Ju¼b´´t[Ý$Tñþ^‘2–°<E28093>½jœÙÜi@xªÒ¸*Ä°
g[MÞH½½Xš!”‰6Áez¼…¥DW]ÓÕ<‰–`XÛâêÁÜÄPóéý÷ÃÞ›
+¶¥q*Îo¼½ÃÑ$‚åÓ<²

hosts/nixos/porthos/secrets/wireguard/private-key.age

@@ -1,10 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg +WwRpd2MzycutQFXyLsr2+GzSgF67Z6UuvyqYZaLd3w
-sppt8HzaZP3yxnvnhzjl18Trnz8g3VyXJ6CaVBWd7jA
--> ssh-ed25519 jPowng wanoqGB7T8bim/WZ4IAYViFQoGzaIZSgeoTr3YKpeTY
-ihDAdGa1XVW/qQz40V1v7a7iK7tu0EHMa7ayIogpcRw
--> l-grease |PIcZ NIr >0;*
-4o8o0bevQZ6uDSx1WxxlDCURbFCM+yK1XPdrb9aztCSvG2a+ne78E42l5rBcoH7I
-m51A8uWS4nSj36N/76v6K4kelxKzWUg
---- O6cGbTAVbDcdmPHf7UzfZiyiRtu1yfL4sBI+CkJA1qw
-ý
qýŐ$ň`żw'čS“X¸]Ąá÷ř®úî…?¤6‹Đ/ĆN(Bžň N«a”.˙ HŽ7żí•I<E280A2>ú÷Ŕoz‡/4:sK",7J
+-> ssh-ed25519 cKojmg KslHl4v8yCsKZn5TduLgpTfpTi1uOInC9N2e8Ow83FI
+NzcJJr8kw1ykAdWRZOeWdNhx0BTgE7FwTKcge+yLJ/w
+-> ssh-ed25519 jPowng YGWcOai0A9l2HDZyV0GtD8kEbY/xTUssODFBcseWAkA
+nJaHXkipFSHdyektoKV5y1jQrjkvnU7pwZwAymiQm7M
+--- IgWkDulol1jRa+pcx7DbEy5pvC+2nrRJHsdQVPvPur0
+Bb<ÅŒb!ÏëE?:ÇÓô=÷srJC<4A>œüKz5ø®Ô{–Æ4`¾&N0€ÕÈö¹57ñüví’©+´1
++(d§á¡{ìQŠÙ

hosts/nixos/porthos/secrets/woodpecker/secret.age

@@ -1,10 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 jPowng yz0I+AazPmamF7NOnwYNrPE/ArarU01jd2mVDJUPSTY
-6Y/YQ7gb8cAZf3zT9SKOorvfUnU7kYff+gHh8fG2mY8
--> ssh-ed25519 cKojmg 0FZU9v8eHsVeE+EoX9Y4IgfIj/8+45waPaSnSDb961I
-L6SzJoh5xqai45scoVAa6v9zslBGFYNnZY044d470uQ
--> I[G-grease p
-AMRQY1alSzHi/PLL80kcvnM1Z9YNfoUo9u5alWXYMyzrRsg+vXjMuBvAXg3fmnzr
-wdOowTYMRV+jEG8vzkcQTsv+f7JIyo4DvOOaPyGfWMl1
---- ih3IAFPcN1JP3FP1vcRGnPrfk91yrnIX0m/Szkbcf7Q
-ÑmW„r‚µœ_\)Í°]QŠ¦xMÃs/݃Îݪäœó‚Í6óº“k±äÅY§xïMy¶ J¿¸‹GßÃ)i2_'ÖœHF€þ.âg_Îe5³#uätñØÕ 7j„ŽPñ²'TÞ¥8´•\IàW«UùäK­°1Úº9½è
+-> ssh-ed25519 cKojmg tAW2hbBSxsael6cdbN+vI4h1/PMNrWYct8cppCAasn0
+cex/wBTviSIXc8clNm5PGltTYa1Q5PwqlX4BGsNHiyU
+-> ssh-ed25519 jPowng YxfhtpytvuhIARQAaJ0w94aOZiGNUOBR0pF+Sp80D2k
+nMon/VdYUQTs6LFccDGeIKWeNYib1wwtFmEYZkDZxg0
+--- giL477X0+uZ2Ocvbixt5f5kNc1laj5P79oW8P9XsNP0
+¨›Ãd>ò±cE?nb¹vš_²'2ûûà³<1B>Õµ¥_6P›u:ÊusºE“8õ“ØÏ“xuڶ̪…Îxù̧ïžC[†®°
ˆÁ.õêŽ6‰¯  qÌÀÍîJ°Ä5GäKÌ)N<ÊyYÉ¥tX=l7
T´2­¨ùRÙ

hosts/nixos/porthos/services.nix

@@ -10,6 +10,11 @@ in
     adblock = {
       enable = true;
     };
+    # Audiobook and podcast library
+    audiobookshelf = {
+      enable = true;
+      port = 9599;
+    };
     # Backblaze B2 backup
     backup = {
       enable = true;
@@ -36,19 +41,19 @@ in
     flood = {
       enable = true;
     };
-    # Gitea forge
-    gitea = {
+    # Forgejo forge
+    forgejo = {
       enable = true;
       mail = {
         enable = true;
-        host = "smtp.migadu.com:465";
-        user = lib.my.mkMailAddress "gitea" "belanyi.fr";
-        passwordFile = secrets."gitea/mail-password".path;
+        host = "smtp.migadu.com";
+        user = lib.my.mkMailAddress "forgejo" "belanyi.fr";
+        passwordFile = secrets."forgejo/mail-password".path;
       };
     };
-    # Meta-indexers
-    indexers = {
-      prowlarr.enable = true;
+    # Home inventory
+    homebox = {
+      enable = true;
     };
     # Jellyfin media server
     jellyfin.enable = true;
@@ -64,9 +69,10 @@ in
       mailConfigFile = secrets."matrix/mail".path;
       # Only necessary when doing the initial registration
       secretFile = secrets."matrix/secret".path;
-      slidingSync = {
-        secretFile = secrets."matrix/sliding-sync-secret".path;
-      };
+    };
+    mealie = {
+      enable = true;
+      credentialsFile = secrets."mealie/mail".path;
     };
     miniflux = {
       enable = true;
@@ -89,6 +95,9 @@ in
     nextcloud = {
       enable = true;
       passwordFile = secrets."nextcloud/password".path;
+      collabora = {
+        enable = true;
+      };
     };
     nix-cache = {
       enable = true;
@@ -118,33 +127,44 @@ in
       passwordFile = secrets."paperless/password".path;
       secretKeyFile = secrets."paperless/secret-key".path;
     };
-    # The whole *arr software suite
-    pirate = {
+    # Sometimes, editing PDFs is useful
+    pdf-edit = {
       enable = true;
-      # ... But not Lidarr because I don't care for music that much
-      lidarr = {
-        enable = false;
-      };
-    };
-    # Podcast automatic downloader
-    podgrab = {
-      enable = true;
-      passwordFile = secrets."podgrab/password".path;
-      port = 9598;
+      loginFile = secrets."pdf-edit/login".path;
     };
     # Regular backups
     postgresql-backup.enable = true;
+    pyload = {
+      enable = true;
+      credentialsFile = secrets."pyload/credentials".path;
+    };
     # RSS provider for websites that do not provide any feeds
     rss-bridge.enable = true;
     # Usenet client
     sabnzbd.enable = true;
-    # Because I stilll need to play sysadmin
-    ssh-server.enable = true;
-    # Recipe manager
-    tandoor-recipes = {
-      enable = true;
-      secretKeyFile = secrets."tandoor-recipes/secret-key".path;
+    # The whole *arr software suite
+    servarr = {
+      enableAll = true;
+      autobrr = {
+        sessionSecretFile = secrets."servarr/autobrr/session-secret".path;
+      };
+      cross-seed = {
+        secretSettingsFile = secrets."servarr/cross-seed/configuration.json".path;
+      };
+      # ... But not Lidarr because I don't care for music that much
+      lidarr = {
+        enable = false;
+      };
+      # I only use Prowlarr nowadays
+      jackett = {
+        enable = false;
+      };
+      nzbhydra = {
+        enable = false;
+      };
     };
+    # Because I still need to play sysadmin
+    ssh-server.enable = true;
     # Torrent client and webui
     transmission = {
       enable = true;

modules/common/default.nix

@@ -0,0 +1,35 @@
+# Modules that are common to various module systems
+# Usually with very small differences, if any, between them.
+{ lib, _class, ... }:
+let
+  allowedClass = [
+    "darwin"
+    "home"
+    "nixos"
+  ];
+
+  allowedClassString = lib.concatStringSep ", " (builtins.map lib.escapeNixString allowedClass);
+in
+{
+  imports = [
+    ./profiles
+  ];
+
+  config = {
+    assertions = [
+      {
+        assertion = type != null;
+        message = ''
+          You must provide `type` as part of specialArgs to use the common modules.
+          It must be one of ${allowedClassString}.
+        '';
+      }
+      {
+        assertion = type != null -> builtins.elem type allowedClass;
+        message = ''
+          `type` specialArgs must be one of ${allowedClassString}.
+        '';
+      }
+    ];
+  };
+}

modules/common/profiles/bluetooth/default.nix

@@ -0,0 +1,19 @@
+{ config, lib, _class, ... }:
+let
+  cfg = config.my.profiles.bluetooth;
+in
+{
+  options.my.profiles.bluetooth = with lib; {
+    enable = mkEnableOption "bluetooth profile";
+  };
+
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    (lib.optionalAttrs (_class == "home") {
+      my.home.bluetooth.enable = true;
+    })
+
+    (lib.optionalAttrs (_class == "nixos") {
+      my.hardware.bluetooth.enable = true;
+    })
+  ]);
+}

modules/common/profiles/default.nix

@@ -0,0 +1,25 @@
+# Configuration that spans across system and home, or are almagations of modules
+{ config, lib, type, ... }:
+{
+  imports = [
+    ./bluetooth
+    ./devices
+    ./gtk
+    ./laptop
+    ./wm
+    ./x
+  ];
+
+  config = lib.mkMerge [
+    # Transparently enable home-manager profiles as well
+    (lib.optionalAttrs (type != "home") {
+      home-manager.users.${config.my.user.name} = {
+        config = {
+          my = {
+            inherit (config.my) profiles;
+          };
+        };
+      };
+    })
+  ];
+}

modules/common/profiles/devices/default.nix

@@ -0,0 +1,22 @@
+{ config, lib, _class, ... }:
+let
+  cfg = config.my.profiles.devices;
+in
+{
+  options.my.profiles.devices = with lib; {
+    enable = mkEnableOption "devices profile";
+  };
+
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    (lib.optionalAttrs (_class == "nixos") {
+      my.hardware = {
+        ergodox.enable = true;
+
+        trackball.enable = true;
+      };
+
+      # MTP devices auto-mount via file explorers
+      services.gvfs.enable = true;
+    })
+  ]);
+}

modules/common/profiles/gtk/default.nix

@@ -0,0 +1,21 @@
+{ config, lib, _class, ... }:
+let
+  cfg = config.my.profiles.gtk;
+in
+{
+  options.my.profiles.gtk = with lib; {
+    enable = mkEnableOption "gtk profile";
+  };
+
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    (lib.optionalAttrs (_class == "home") {
+      # GTK theme configuration
+      my.home.gtk.enable = true;
+    })
+
+    (lib.optionalAttrs (_class == "nixos") {
+      # Allow setting GTK configuration using home-manager
+      programs.dconf.enable = true;
+    })
+  ]);
+}

modules/common/profiles/laptop/default.nix

@@ -0,0 +1,27 @@
+{ config, lib, _class, ... }:
+let
+  cfg = config.my.profiles.laptop;
+in
+{
+  options.my.profiles.laptop = with lib; {
+    enable = mkEnableOption "laptop profile";
+  };
+
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    (lib.optionalAttrs (_class == "home") {
+      # Enable battery notifications
+      my.home.power-alert.enable = true;
+    })
+
+    (lib.optionalAttrs (_class == "nixos") {
+      # Enable touchpad support
+      services.libinput.enable = true;
+
+      # Enable TLP power management
+      my.services.tlp.enable = true;
+
+      # Enable upower power management
+      my.hardware.upower.enable = true;
+    })
+  ]);
+}

modules/common/profiles/wm/default.nix

@@ -0,0 +1,38 @@
+{ config, lib, _class, ... }:
+let
+  cfg = config.my.profiles.wm;
+
+  applyWm = wm: configs: lib.mkIf (cfg.windowManager == wm) (lib.my.merge configs);
+in
+{
+  options.my.profiles.wm = with lib; {
+    windowManager = mkOption {
+      type = with types; nullOr (enum [ "i3" ]);
+      default = null;
+      example = "i3";
+      description = "Which window manager to use";
+    };
+  };
+
+  config = lib.mkMerge [
+    (applyWm "i3" [
+      (lib.optionalAttrs (_class == "home") {
+        # i3 settings
+        my.home.wm.windowManager = "i3";
+        # Screenshot tool
+        my.home.flameshot.enable = true;
+        # Auto disk mounter
+        my.home.udiskie.enable = true;
+      })
+
+      (lib.optionalAttrs (_class == "nixos") {
+        # Enable i3
+        services.xserver.windowManager.i3.enable = true;
+        # udiskie fails if it can't find this dbus service
+        services.udisks2.enable = true;
+        # Ensure i3lock can actually unlock the session
+        security.pam.services.i3lock.enable = true;
+      })
+    ])
+  ];
+}

modules/common/profiles/x/default.nix

@@ -0,0 +1,27 @@
+{ config, lib, pkgs, _class, ... }:
+let
+  cfg = config.my.profiles.x;
+in
+{
+  options.my.profiles.x = with lib; {
+    enable = mkEnableOption "X profile";
+  };
+
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    (lib.optionalAttrs (_class == "home") {
+      # X configuration
+      my.home.x.enable = true;
+    })
+
+    (lib.optionalAttrs (_class == "nixos") {
+      # Enable the X11 windowing system.
+      services.xserver.enable = true;
+      # Nice wallpaper
+      services.xserver.displayManager.lightdm.background =
+        let
+          wallpapers = "${pkgs.plasma5Packages.plasma-workspace-wallpapers}/share/wallpapers";
+        in
+        "${wallpapers}/summer_1am/contents/images/2560x1600.jpg";
+    })
+  ]);
+}

modules/home/atuin/default.nix

@@ -1,15 +1,27 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 let
   cfg = config.my.home.atuin;
 in
 {
   options.my.home.atuin = with lib; {
     enable = my.mkDisableOption "atuin configuration";
+
+    # I want the full experience by default
+    package = mkPackageOption pkgs "atuin" { };
+
+    daemon = {
+      enable = my.mkDisableOption "atuin daemon";
+    };
   };
 
   config = lib.mkIf cfg.enable {
     programs.atuin = {
       enable = true;
+      inherit (cfg) package;
+
+      daemon = lib.mkIf cfg.daemon.enable {
+        enable = true;
+      };
 
       flags = [
         # I *despise* this hijacking of the up key, even though I use Ctrl-p
@@ -17,6 +29,8 @@ in
       ];
 
       settings = {
+        # Reasonable date format
+        dialect = "uk";
         # The package is managed by Nix
         update_check = false;
         # I don't care for the fancy display
@@ -25,6 +39,8 @@ in
         search_mode = "skim";
         # Show long command lines at the bottom
         show_preview = true;
+        # I like being able to edit my commands
+        enter_accept = false;
       };
     };
   };

modules/home/bitwarden/default.nix

@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 let
   cfg = config.my.home.bitwarden;
 in
@@ -6,12 +6,7 @@ in
   options.my.home.bitwarden = with lib; {
     enable = my.mkDisableOption "bitwarden configuration";
 
-    pinentry = mkOption {
-      type = types.str;
-      default = "tty";
-      example = "gtk2";
-      description = "Which pinentry interface to use";
-    };
+    pinentry = mkPackageOption pkgs "pinentry" { default = [ "pinentry-tty" ]; };
   };
 
   config = lib.mkIf cfg.enable {

modules/home/calibre/default.nix

@@ -5,11 +5,13 @@ in
 {
   options.my.home.calibre = with lib; {
     enable = mkEnableOption "calibre configuration";
+
+    package = mkPackageOption pkgs "calibre" { };
   };
 
   config = lib.mkIf cfg.enable {
     home.packages = with pkgs; [
-      calibre
+      cfg.package
     ];
   };
 }

modules/home/default.nix

@@ -8,6 +8,7 @@
     ./bluetooth
     ./calibre
     ./comma
+    ./delta
     ./dircolors
     ./direnv
     ./discord
@@ -39,6 +40,7 @@
     ./tmux
     ./udiskie
     ./vim
+    ./wget
     ./wm
     ./x
     ./xdg
@@ -49,9 +51,6 @@
   # First sane reproducible version
   home.stateVersion = "20.09";
 
-  # Who am I?
-  home.username = "ambroisie";
-
   # Start services automatically
   systemd.user.startServices = "sd-switch";
 }

modules/home/delta/default.nix

@@ -0,0 +1,68 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.my.home.delta;
+in
+{
+  options.my.home.delta = with lib; {
+    enable = my.mkDisableOption "delta configuration";
+
+    package = mkPackageOption pkgs "delta" { };
+
+    git = {
+      enable = my.mkDisableOption "git integration";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        # For its configuration
+        assertion = cfg.enable -> cfg.git.enable;
+        message = ''
+          `config.my.home.delta` must enable `config.my.home.delta.git` to be
+          properly configured.
+        '';
+      }
+      {
+        assertion = cfg.enable -> config.programs.git.enable;
+        message = ''
+          `config.my.home.delta` relies on `config.programs.git` to be
+          enabled.
+        '';
+      }
+    ];
+
+    home.packages = [ cfg.package ];
+
+    programs.git = lib.mkIf cfg.git.enable {
+      delta = {
+        enable = true;
+        inherit (cfg) package;
+
+        options = {
+          features = "diff-highlight decorations";
+
+          # Less jarring style for `diff-highlight` emulation
+          diff-highlight = {
+            minus-style = "red";
+            minus-non-emph-style = "red";
+            minus-emph-style = "bold red 52";
+
+            plus-style = "green";
+            plus-non-emph-style = "green";
+            plus-emph-style = "bold green 22";
+
+            whitespace-error-style = "reverse red";
+          };
+
+          # Personal preference for easier reading
+          decorations = {
+            commit-style = "raw"; # Do not recolor meta information
+            keep-plus-minus-markers = true;
+            paging = "always";
+          };
+        };
+      };
+    };
+  };
+}

modules/home/direnv/default.nix

@@ -7,9 +7,9 @@ in
     enable = my.mkDisableOption "direnv configuration";
 
     defaultFlake = mkOption {
-      type = types.str;
-      default = "pkgs";
-      example = "nixpkgs";
+      type = with types; nullOr str;
+      default = null;
+      example = "pkgs";
       description = ''
         Which flake from the registry should be used for
         <command>use pkgs</command> by default.
@@ -39,7 +39,7 @@ in
       in
       lib.my.genAttrs' files linkLibFile;
 
-    home.sessionVariables = {
+    home.sessionVariables = lib.mkIf (cfg.defaultFlake != null) {
       DIRENV_DEFAULT_FLAKE = cfg.defaultFlake;
     };
   };

modules/home/direnv/lib/android.sh

@@ -1,4 +1,4 @@
-#shellcheck shell=bash
+# shellcheck shell=bash
 
 # shellcheck disable=2155
 use_android() {
@@ -32,10 +32,16 @@ use_android() {
             -b|--build-tools)
                 build_tools_version="$2"
                 shift 2
+                if ! [ -e "$ANDROID_HOME/build-tools/$build_tools_version" ]; then
+                    log_error "use_android: build-tools version '$build_tools_version' does not exist"
+                fi
                 ;;
             -n|--ndk)
                 ndk_version="$2"
                 shift 2
+                if ! [ -e "$ANDROID_HOME/ndk/$ndk_version" ]; then
+                    log_error "use_android: NDK version '$ndk_version' does not exist"
+                fi
                 ;;
             --)
                 shift

modules/home/direnv/lib/nix.sh

@@ -1,4 +1,4 @@
-#shellcheck shell=bash
+# shellcheck shell=bash
 
 use_pkgs() {
     if ! has nix; then

modules/home/direnv/lib/postgres.sh

@@ -1,4 +1,4 @@
-#shellcheck shell=bash
+# shellcheck shell=bash
 
 layout_postgres() {
     if ! has postgres || ! has initdb; then

modules/home/direnv/lib/python.sh

@@ -1,4 +1,4 @@
-#shellcheck shell=bash
+# shellcheck shell=bash
 
 layout_poetry() {
     if ! has poetry; then
@@ -9,12 +9,12 @@ layout_poetry() {
 
     if [[ ! -f pyproject.toml ]]; then
         # shellcheck disable=2016
-        log_error 'layout_poetry: no pyproject.toml found. Use `poetry new` or `poetry init` to create one first'
+        log_error 'layout_poetry: no pyproject.toml found. Use `poetry init` to create one first'
         return 1
     fi
 
     # create venv if it doesn't exist
-    poetry run true
+    poetry run -q -- true
 
     # shellcheck disable=2155
     export VIRTUAL_ENV=$(poetry env info --path)
@@ -23,3 +23,35 @@ layout_poetry() {
     watch_file pyproject.toml
     watch_file poetry.lock
 }
+
+layout_uv() {
+    if ! has uv; then
+        # shellcheck disable=2016
+        log_error 'layout_uv: `uv` is not in PATH'
+        return 1
+    fi
+
+    if [[ ! -f pyproject.toml ]]; then
+        # shellcheck disable=2016
+        log_error 'layout_uv: no pyproject.toml found. Use `uv init` to create one first'
+        return 1
+    fi
+
+    local default_venv="$PWD/.venv"
+    : "${VIRTUAL_ENV:=$default_venv}"
+
+    # Use non-default venv path if required
+    if [ "$VIRTUAL_ENV" != "$default_venv" ]; then
+        export UV_PROJECT_ENVIRONMENT="$VIRTUAL_ENV"
+    fi
+
+    # create venv if it doesn't exist
+    uv venv -q --allow-existing
+
+    export VIRTUAL_ENV
+    export UV_ACTIVE=1
+    PATH_add "$VIRTUAL_ENV/bin"
+    watch_file pyproject.toml
+    watch_file uv.lock
+    watch_file .python-version
+}

modules/home/discord/default.nix

@@ -7,11 +7,13 @@ in
 {
   options.my.home.discord = with lib; {
     enable = mkEnableOption "discord configuration";
+
+    package = mkPackageOption pkgs "discord" { };
   };
 
   config = lib.mkIf cfg.enable {
     home.packages = with pkgs; [
-      discord
+      cfg.package
     ];
 
     xdg.configFile."discord/settings.json".source =

modules/home/firefox/default.nix

@@ -61,19 +61,21 @@ in
           "ui.systemUsesDarkTheme" = true; # Dark mode
         };
 
-        extensions = with pkgs.nur.repos.rycee.firefox-addons; ([
-          bitwarden
-          consent-o-matic
-          form-history-control
-          reddit-comment-collapser
-          reddit-enhancement-suite
-          refined-github
-          sponsorblock
-          ublock-origin
-        ]
-        ++ lib.optional (cfg.tridactyl.enable) tridactyl
-        ++ lib.optional (cfg.ff2mpv.enable) ff2mpv
-        );
+        extensions = {
+          packages = with pkgs.nur.repos.rycee.firefox-addons; ([
+            bitwarden
+            consent-o-matic
+            form-history-control
+            reddit-comment-collapser
+            reddit-enhancement-suite
+            refined-github
+            sponsorblock
+            ublock-origin
+          ]
+          ++ lib.optional (cfg.tridactyl.enable) tridactyl
+          ++ lib.optional (cfg.ff2mpv.enable) ff2mpv
+          );
+        };
       };
     };
   };

modules/home/firefox/tridactyl/default.nix

@@ -12,9 +12,7 @@ let
 in
 {
   config = lib.mkIf cfg.enable {
-    xdg.configFile."tridactyl/tridactylrc".source = pkgs.substituteAll {
-      src = ./tridactylrc;
-
+    xdg.configFile."tridactyl/tridactylrc".source = pkgs.replaceVars ./tridactylrc {
       editorcmd = lib.concatStringsSep " " [
         # Use my configured terminal
         term

modules/home/firefox/tridactyl/tridactylrc

@@ -4,7 +4,7 @@
 " Use dark color scheme
 colorscheme dark
 
-" Make tridactyl open Vim in my prefered terminal
+" Make tridactyl open Vim in my preferred terminal
 set editorcmd @editorcmd@
 
 " Remove editor file after use
@@ -15,8 +15,8 @@ bind --mode=input <C-i> editor_rm
 
 " Binds {{{
 " Reddit et al. {{{
-" Toggle comments on Reddit, Hacker News, Lobste.rs
-bind ;c hint -Jc [class*="expand"],[class*="togg"],[class="comment_folder"]
+" Toggle comments on Reddit, Hacker News, Lobste.rs, LWN
+bind ;c hint -Jc [class*="expand"],[class*="togg"],[class="comment_folder"],[class="CommentTitle"]
 
 " Make `gu` take me back to subreddit from comments
 bindurl reddit.com gu urlparent 3
@@ -26,8 +26,8 @@ bindurl www.google.com f hint -Jc #search a
 bindurl www.google.com F hint -Jbc #search a
 
 " Only hint search results on DuckDuckGo
-bindurl ^https://duckduckgo.com f hint -Jc [data-testid="result-title-a"]
-bindurl ^https://duckduckgo.com F hint -Jbc [data-testid="result-title-a"]
+bindurl ^https://duckduckgo.com f hint -Jc [data-testid="result"]
+bindurl ^https://duckduckgo.com F hint -Jbc [data-testid="result"]
 
 " Only hint item pages on Hacker News
 bindurl news.ycombinator.com ;f hint -Jc .age > a
@@ -69,8 +69,6 @@ unbind <C-f>
 " Redirections {{{
 " Always redirect Reddit to the old site
 autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old")
-" Use a better Twitter front-end
-autocmd DocStart ^http(s?)://twitter.com js tri.excmds.urlmodify("-t", "twitter.com", "nitter.net")
 " }}}
 
 " Disabled websites {{{

modules/home/gdb/default.nix

@@ -6,27 +6,29 @@ in
   options.my.home.gdb = with lib; {
     enable = my.mkDisableOption "gdb configuration";
 
+    package = mkPackageOption pkgs "gdb" { };
+
     rr = {
       enable = my.mkDisableOption "rr configuration";
 
-      package = mkOption {
-        type = types.package;
-        default = pkgs.rr;
-        defaultText = literalExample "pkgs.rr";
-        description = ''
-          Package providing rr
-        '';
-      };
+      package = mkPackageOption pkgs "rr" { };
     };
   };
 
   config = lib.mkIf cfg.enable (lib.mkMerge [
     {
       home.packages = with pkgs; [
-        gdb
+        cfg.package
       ];
 
-      xdg.configFile."gdb/gdbinit".source = ./gdbinit;
+      xdg = {
+        configFile."gdb/gdbinit".source = ./gdbinit;
+        stateFile."gdb/.keep".text = "";
+      };
+
+      home.sessionVariables = {
+        GDBHISTFILE = "${config.xdg.stateHome}/gdb/gdb_history";
+      };
     }
 
     (lib.mkIf cfg.rr.enable {

modules/home/git/default.nix

@@ -42,34 +42,6 @@ in
 
     lfs.enable = true;
 
-    delta = {
-      enable = true;
-
-      options = {
-        features = "diff-highlight decorations";
-
-        # Less jarring style for `diff-highlight` emulation
-        diff-highlight = {
-          minus-style = "red";
-          minus-non-emph-style = "red";
-          minus-emph-style = "bold red 52";
-
-          plus-style = "green";
-          plus-non-emph-style = "green";
-          plus-emph-style = "bold green 22";
-
-          whitespace-error-style = "reverse red";
-        };
-
-        # Personal preference for easier reading
-        decorations = {
-          commit-style = "raw"; # Do not recolor meta information
-          keep-plus-minus-markers = true;
-          paging = "always";
-        };
-      };
-    };
-
     # There's more
     extraConfig = {
       # Makes it a bit more readable
@@ -123,11 +95,6 @@ in
         defaultBranch = "main";
       };
 
-      # Local configuration, not-versioned
-      include = {
-        path = "config.local";
-      };
-
       merge = {
         conflictStyle = "zdiff3";
       };
@@ -148,6 +115,10 @@ in
         autoStash = true;
       };
 
+      rerere = {
+        enabled = true;
+      };
+
       url = {
         "git@git.belanyi.fr:" = {
           insteadOf = "https://git.belanyi.fr/";
@@ -163,8 +134,8 @@ in
       };
     };
 
-    # Multiple identities
-    includes = [
+    includes = lib.mkAfter [
+      # Multiple identities
       {
         condition = "gitdir:~/git/EPITA/";
         contents = {
@@ -183,6 +154,10 @@ in
           };
         };
       }
+      # Local configuration, not-versioned
+      {
+        path = "config.local";
+      }
     ];
 
     ignores =

modules/home/gpg/default.nix

@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 let
   cfg = config.my.home.gpg;
 in
@@ -6,12 +6,7 @@ in
   options.my.home.gpg = with lib; {
     enable = my.mkDisableOption "gpg configuration";
 
-    pinentry = mkOption {
-      type = types.str;
-      default = "tty";
-      example = "gtk2";
-      description = "Which pinentry interface to use";
-    };
+    pinentry = mkPackageOption pkgs "pinentry" { default = [ "pinentry-tty" ]; };
   };
 
   config = lib.mkIf cfg.enable {
@@ -22,7 +17,7 @@ in
     services.gpg-agent = {
       enable = true;
       enableSshSupport = true; # One agent to rule them all
-      pinentryFlavor = cfg.pinentry;
+      pinentry.package = cfg.pinentry;
       extraConfig = ''
         allow-loopback-pinentry
       '';

modules/home/gtk/default.nix

@@ -21,12 +21,12 @@ in
     };
 
     iconTheme = {
-      package = pkgs.gnome.gnome-themes-extra;
+      package = pkgs.gnome-themes-extra;
       name = "Adwaita";
     };
 
     theme = {
-      package = pkgs.gnome.gnome-themes-extra;
+      package = pkgs.gnome-themes-extra;
       name = "Adwaita";
     };
   };

modules/home/jq/default.nix

@@ -17,6 +17,7 @@ in
       strings = "0;32";
       arrays = "1;39";
       objects = "1;39";
+      objectKeys = "1;34";
     };
   };
 }

modules/home/mail/accounts/default.nix

@@ -18,8 +18,6 @@ let
     himalaya = {
       enable = cfg.himalaya.enable;
       # FIXME: try to actually configure it at some point
-      backend = "imap";
-      sender = "smtp";
     };
 
     msmtp = {
@@ -28,20 +26,7 @@ let
   };
 
   migaduConfig = {
-    imap = {
-      host = "imap.migadu.com";
-      port = 993;
-      tls = {
-        enable = true;
-      };
-    };
-    smtp = {
-      host = "smtp.migadu.com";
-      port = 465;
-      tls = {
-        enable = true;
-      };
-    };
+    flavor = "migadu.com";
   };
 
   gmailConfig = {
@@ -60,7 +45,7 @@ in
 {
   config.accounts.email.accounts = {
     personal = lib.mkMerge [
-      # Common configuraton
+      # Common configuration
       (mkConfig {
         domain = "belanyi.fr";
         address = "bruno";
@@ -72,7 +57,7 @@ in
     ];
 
     gmail = lib.mkMerge [
-      # Common configuraton
+      # Common configuration
       (mkConfig {
         domain = "gmail.com";
         address = "brunobelanyi";

modules/home/mpv/default.nix

@@ -13,6 +13,7 @@ in
 
       scripts = [
         pkgs.mpvScripts.mpris # Allow controlling using media keys
+        pkgs.mpvScripts.mpv-cheatsheet # Show some simple mappings on '?'
         pkgs.mpvScripts.uosc # Nicer UI
       ];
     };

modules/home/nix/default.nix

@@ -12,7 +12,7 @@ let
       # Use pinned nixpkgs when using `nix run pkgs#<whatever>`
       pkgs = inputs.nixpkgs;
     }
-    (lib.optionalAttrs cfg.overrideNixpkgs {
+    (lib.optionalAttrs cfg.inputs.overrideNixpkgs {
       # ... And with `nix run nixpkgs#<whatever>`
       nixpkgs = inputs.nixpkgs;
     })
@@ -22,20 +22,30 @@ in
   options.my.home.nix = with lib; {
     enable = my.mkDisableOption "nix configuration";
 
-    linkInputs = my.mkDisableOption "link inputs to `$XDG_CONFIG_HOME/nix/inputs`";
+    gc = {
+      enable = my.mkDisableOption "nix GC configuration";
+    };
 
-    addToRegistry = my.mkDisableOption "add inputs and self to registry";
+    cache = {
+      selfHosted = my.mkDisableOption "self-hosted cache";
+    };
 
-    addToNixPath = my.mkDisableOption "add inputs and self to nix path";
+    inputs = {
+      link = my.mkDisableOption "link inputs to `$XDG_CONFIG_HOME/nix/inputs/`";
 
-    overrideNixpkgs = my.mkDisableOption "point nixpkgs to pinned system version";
+      addToRegistry = my.mkDisableOption "add inputs and self to registry";
+
+      addToNixPath = my.mkDisableOption "add inputs and self to nix path";
+
+      overrideNixpkgs = my.mkDisableOption "point nixpkgs to pinned system version";
+    };
   };
 
   config = lib.mkIf cfg.enable (lib.mkMerge [
     {
       assertions = [
         {
-          assertion = cfg.addToNixPath -> cfg.linkInputs;
+          assertion = cfg.inputs.addToNixPath -> cfg.inputs.link;
           message = ''
             enabling `my.home.nix.addToNixPath` needs to have
             `my.home.nix.linkInputs = true`
@@ -54,7 +64,37 @@ in
       };
     }
 
-    (lib.mkIf cfg.addToRegistry {
+    (lib.mkIf cfg.gc.enable {
+      nix.gc = {
+        automatic = true;
+
+        # Every week, with some wiggle room
+        frequency = "weekly";
+        randomizedDelaySec = "10min";
+
+        # Use a persistent timer for e.g: laptops
+        persistent = true;
+
+        # Delete old profiles automatically after 15 days
+        options = "--delete-older-than 15d";
+      };
+    })
+
+    (lib.mkIf cfg.cache.selfHosted {
+      nix = {
+        settings = {
+          extra-substituters = [
+            "https://cache.belanyi.fr/"
+          ];
+
+          extra-trusted-public-keys = [
+            "cache.belanyi.fr:LPhrTqufwfxTceg1nRWueDWf7/2zSVY9K00pq2UI7tw="
+          ];
+        };
+      };
+    })
+
+    (lib.mkIf cfg.inputs.addToRegistry {
       nix.registry =
         let
           makeEntry = v: { flake = v; };
@@ -63,7 +103,7 @@ in
         makeEntries channels;
     })
 
-    (lib.mkIf cfg.linkInputs {
+    (lib.mkIf cfg.inputs.link {
       xdg.configFile =
         let
           makeLink = n: v: {
@@ -75,8 +115,8 @@ in
         makeLinks channels;
     })
 
-    (lib.mkIf cfg.addToNixPath {
-      home.sessionVariables.NIX_PATH = "${config.xdg.configHome}/nix/inputs\${NIX_PATH:+:$NIX_PATH}";
+    (lib.mkIf cfg.inputs.addToNixPath {
+      nix.nixPath = [ "${config.xdg.configHome}/nix/inputs" ];
     })
   ]);
 }

modules/home/packages/default.nix

@@ -1,6 +1,7 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, osConfig, ... }:
 let
   cfg = config.my.home.packages;
+  useGlobalPkgs = osConfig.home-manager.useGlobalPkgs or false;
 in
 {
   options.my.home.packages = with lib; {
@@ -26,9 +27,10 @@ in
       fd
       file
       ripgrep
+      tree
     ] ++ cfg.additionalPackages);
 
-    nixpkgs.config = {
+    nixpkgs.config = lib.mkIf (!useGlobalPkgs) {
       inherit (cfg) allowAliases allowUnfree;
     };
   };

modules/home/pager/default.nix

@@ -15,7 +15,12 @@ in
       # Clear the screen on start and exit
       LESS = "-R -+X -c";
       # Better XDG compliance
-      LESSHISTFILE = "${config.xdg.dataHome}/less/history";
+      LESSHISTFILE = "${config.xdg.stateHome}/less/history";
     };
+
+    xdg.configFile."lesskey".text = ''
+      # Quit without clearing the screen on `Q`
+      Q toggle-option -!^Predraw-on-quit\nq
+    '';
   };
 }

modules/home/secrets/secrets.nix

@@ -1,6 +1,6 @@
 # Common secrets
 let
-  keys = import ../../keys;
+  keys = import ../../../keys;
 
   all = builtins.attrValues keys.users;
 in

modules/home/ssh/default.nix

@@ -49,7 +49,7 @@ in
           };
 
           porthos = {
-            hostname = "91.121.177.163";
+            hostname = "37.187.146.15";
             identityFile = "~/.ssh/shared_rsa";
             user = "ambroisie";
           };

modules/home/tmux/default.nix

@@ -5,6 +5,14 @@ let
     config.my.home.x.enable
     (config.my.home.wm.windowManager != null)
   ];
+
+  mkTerminalFeature = opt: flag:
+    let
+      mkFlag = term: ''set -as terminal-features ",${term}:${flag}"'';
+      enabledTerminals = lib.filterAttrs (_: v: v.${opt}) cfg.terminalFeatures;
+      terminals = lib.attrNames enabledTerminals;
+    in
+    lib.concatMapStringsSep "\n" mkFlag terminals;
 in
 {
   options.my.home.tmux = with lib; {
@@ -12,16 +20,24 @@ in
 
     enablePassthrough = mkEnableOption "tmux DCS passthrough sequence";
 
-    trueColorTerminals = mkOption {
-      type = with types; listOf str;
-      default = lib.my.nullableToList config.my.home.terminal.program;
-      defaultText = ''
-        `[ config.my.home.terminal.program ]` if it is non-null, otherwise an
-        empty list.
+    enableResurrect = mkEnableOption "tmux-resurrect plugin";
+
+    terminalFeatures = mkOption {
+      type = with types; attrsOf (submodule {
+        options = {
+          hyperlinks = my.mkDisableOption "hyperlinks through OSC8";
+
+          trueColor = my.mkDisableOption "24-bit (RGB) color support";
+        };
+      });
+
+      default = { ${config.my.home.terminal.program} = { }; };
+      defaultText = literalExpression ''
+        { ''${config.my.home.terminal.program} = { }; };
       '';
-      example = [ "xterm-256color" ];
+      example = { xterm-256color = { }; };
       description = ''
-        $TERM values which should be considered to always support 24-bit color.
+        $TERM values which should be considered to have additional features.
       '';
     };
   };
@@ -32,10 +48,13 @@ in
     keyMode = "vi"; # Home-row keys and other niceties
     clock24 = true; # I'm one of those heathens
     escapeTime = 0; # Let vim do its thing instead
-    historyLimit = 50000; # Bigger buffer
+    historyLimit = 100000; # Bigger buffer
+    mouse = false; # I dislike mouse support
+    focusEvents = true; # Report focus events
     terminal = "tmux-256color"; # I want accurate termcap info
+    aggressiveResize = true; # Automatic resize when switching client size
 
-    plugins = with pkgs.tmuxPlugins; [
+    plugins = with pkgs.tmuxPlugins; builtins.filter (attr: attr != { }) [
       # Open high-lighted files in copy mode
       open
       # Better pane management
@@ -63,9 +82,23 @@ in
           set -g status-right '#{prefix_highlight} %a %Y-%m-%d %H:%M'
         '';
       }
+      # Resurrect sessions
+      (lib.optionalAttrs cfg.enableResurrect {
+        plugin = resurrect;
+        extraConfig = ''
+          set -g @resurrect-dir '${config.xdg.stateHome}/tmux/resurrect'
+        '';
+      })
     ];
 
     extraConfig = ''
+      # Refresh configuration
+      bind-key -N "Source tmux.conf" R source-file ${config.xdg.configHome}/tmux/tmux.conf \; display-message "Sourced tmux.conf!"
+
+      # Accept sloppy Ctrl key when switching windows, on top of default mapping
+      bind-key -N "Select the previous window" C-p previous-window
+      bind-key -N "Select the next window" C-n next-window
+
       # Better vim mode
       bind-key -T copy-mode-vi 'v' send -X begin-selection
       ${
@@ -89,13 +122,10 @@ in
         ''
       }
 
+      # Force OSC8 hyperlinks for each relevant $TERM
+      ${mkTerminalFeature "hyperlinks" "hyperlinks"}
       # Force 24-bit color for each relevant $TERM
-      ${
-        let
-          mkTcFlag = term: ''set -as terminal-features ",${term}:RGB"'';
-        in
-        lib.concatMapStringsSep "\n" mkTcFlag cfg.trueColorTerminals
-      }
+      ${mkTerminalFeature "trueColor" "RGB"}
     '';
   };
 }

modules/home/vim/after/ftplugin/gn.vim

@@ -0,0 +1,6 @@
+" Create the `b:undo_ftplugin` variable if it doesn't exist
+call ftplugined#check_undo_ft()
+
+" Set comment string, as it seems that no official GN support exists upstream
+setlocal commentstring=#\ %s
+let b:undo_ftplugin.='|setlocal commentstring<'

modules/home/vim/after/ftplugin/json.vim

@@ -0,0 +1,6 @@
+" Create the `b:undo_ftplugin` variable if it doesn't exist
+call ftplugined#check_undo_ft()
+
+" Use a small indentation value on JSON files
+setlocal shiftwidth=2
+let b:undo_ftplugin.='|setlocal shiftwidth<'

modules/home/vim/after/ftplugin/netrw.vim

@@ -1,6 +0,0 @@
-" Create the `b:undo_ftplugin` variable if it doesn't exist
-call ftplugined#check_undo_ft()
-
-" Don't show Netrw in buffer list
-setlocal bufhidden=delete
-let b:undo_ftplugin='|setlocal bufhidden<'

modules/home/vim/after/ftplugin/query.vim

@@ -0,0 +1,6 @@
+" Create the `b:undo_ftplugin` variable if it doesn't exist
+call ftplugined#check_undo_ft()
+
+" Use a small indentation value on query files
+setlocal shiftwidth=2
+let b:undo_ftplugin.='|setlocal shiftwidth<'