nixos: services: add thelounge

I probably won't actually use it, after test-driving it quickly.

But now that the effort has been expanded, might as well keep it if only
as a future reference.

.drone.yml

@@ -1,24 +0,0 @@
-kind: pipeline
-name: check config
-
-steps:
-  - name: format check
-    image: nixos/nix
-    commands:
-      - nix-shell -p nixpkgs-fmt --run 'nixpkgs-fmt . --check'
-
-  - name: notify
-    image: plugins/matrix
-    settings:
-      homeserver:
-        from_secret: matrix_homeserver
-      roomid:
-        from_secret: matrix_roomid
-      username:
-        from_secret: matrix_username
-      password:
-        from_secret: matrix_password
-      trigger:
-        status:
-          - failure
-          - success

.envrc

@@ -1,8 +1,9 @@
-use_flake() {
-  watch_file flake.nix
-  watch_file flake.lock
-  eval "$(nix print-dev-env)"
-}
+# shellcheck shell=bash
+if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then
+    source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg="
+fi
+
+watch_file ./flake/checks.nix
+watch_file ./flake/dev-shells.nix
 
-ulimit -s unlimited # Bypass current bug in `nix` flakes evaluation
 use flake

.git-crypt/.gitattributes

@@ -1,4 +0,0 @@
-# Do not edit this file.  To specify the files to encrypt, create your own
-# .gitattributes file in the directory where your files are.
-* !filter !diff
-*.gpg binary

.gitignore

@@ -0,0 +1 @@
+/.pre-commit-config.yaml

.pre-commit-config.yaml

@@ -1,21 +0,0 @@
-repos:
-- repo: 'https://github.com/pre-commit/pre-commit-hooks'
-  rev: 'v2.3.0'
-  hooks:
-  - id: 'trailing-whitespace'
-  - id: 'end-of-file-fixer'
-  - id: 'check-yaml'
-  - id: 'check-added-large-files'
-- repo: 'https://github.com/jumanjihouse/pre-commit-hooks'
-  rev: '2.1.4'
-  hooks:
-  - id: 'forbid-binary'
-- repo: 'local'
-  hooks:
-  - id: 'nixpkgs-fmt'
-    name: 'nixpkgs-fmt'
-    description: 'Format nix code with nixpkgs-fmt'
-    entry: 'nixpkgs-fmt'
-    language: 'system'
-    files: '\.nix$'
-    always_run: true

.stylua.toml

@@ -0,0 +1 @@
+indent_type = "Spaces"

.woodpecker/check.yml

@@ -0,0 +1,26 @@
+labels:
+  backend: local
+
+steps:
+- name: nix flake check
+  image: bash
+  commands:
+  - nix flake check
+
+- name: notify
+  image: bash
+  environment:
+    ADDRESS:
+      from_secret: matrix_homeserver
+    ROOM:
+      from_secret: matrix_roomid
+    USER:
+      from_secret: matrix_username
+    PASS:
+      from_secret: matrix_password
+  commands:
+  - nix run '.#matrix-notifier'
+  when:
+    status:
+    - failure
+    - success

README.md

@@ -17,7 +17,8 @@ Secondly, take care of a few manual steps:
 * Configure Gitea and Drone
 * Configure Lohr webhook and SSH key
 * Configure Jellyfin
-* Configure Jackett and NZBHydra2
+* Configure Prowlarr,Jackett and NZBHydra2
 * Configure Sonarr, Radarr, Bazarr
 * Configure Transmission's webui port
 * Configure Quassel user
+* Configure Flood account

bootstrap.sh

@@ -1,5 +1,6 @@
 #!/usr/bin/env nix-shell
-#! nix-shell -i bash -p bitwarden-cli git gnupg jq nixFlakes
+#! nix-shell -i bash -p bitwarden-cli git gnupg jq nix
+# shellcheck shell=bash
 
 # Command failure is script failure
 set -e
@@ -10,7 +11,6 @@ BOLD_GREEN="\e[0;1;32m"
 
 RESET="\e[0m"
 
-DEST="$HOME/.config/nixpkgs"
 BW_SESSION=""
 
 warn() {
@@ -58,6 +58,8 @@ get_ssh() {
 
     get_doc "SysAdmin/SSH" "shared-key-public" "$HOME/.ssh/shared_rsa.pub" 644
     get_doc "SysAdmin/SSH" "shared-key-private" "$HOME/.ssh/shared_rsa" 600
+    get_doc "SysAdmin/SSH" "agenix-public" "$HOME/.ssh/agenix.pub" 644
+    get_doc "SysAdmin/SSH" "agenix-private" "$HOME/.ssh/agenix" 600
 }
 
 get_pgp() {
@@ -78,22 +80,13 @@ get_pgp() {
 }
 
 get_creds() {
-    BW_SESSION="$(bw login --raw)"
+    BW_SESSION="$(bw login --raw || bw unlock --raw)"
     export BW_SESSION
 
     get_ssh
     get_pgp
 }
 
-setup_gpg() {
-    info 'Setting up loopback pinentry for GnuPG'
-    echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf
-
-    info 'Signing dummy message to ensure GnuPG key is usable by `git-crypt`'
-    echo whatever | gpg --clearsign --armor --pinentry loopback --output /dev/null
-}
-
 [ -z "$NOCREDS" ] && get_creds
-[ -z "$NOGPG" ] && setup_gpg
 
 nix --experimental-features 'nix-command flakes' develop

flake.lock

@@ -1,21 +1,157 @@
 {
   "nodes": {
-    "futils": {
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "home-manager": [
+          "home-manager"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": [
+          "systems"
+        ]
+      },
       "locked": {
-        "lastModified": 1619345332,
-        "narHash": "sha256-qHnQkEp1uklKTpx3MvKtY6xzgcqXDsz5nLilbbuL+3A=",
+        "lastModified": 1750173260,
+        "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "ref": "main",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1744478979,
+        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1753121425,
+        "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "ref": "main",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "futils": {
+      "inputs": {
+        "systems": [
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "2ebf2558e5bf978c7fb8ea927dfaed8fefab2e28",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
         "type": "github"
       },
       "original": {
         "owner": "numtide",
-        "ref": "master",
+        "ref": "main",
         "repo": "flake-utils",
         "type": "github"
       }
     },
+    "git-hooks": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1750779888,
+        "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "ref": "master",
+        "repo": "git-hooks.nix",
+        "type": "github"
+      }
+    },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "git-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1709087332,
+        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -23,11 +159,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1619558193,
-        "narHash": "sha256-DljP5/9EX0eXEPhzCUFqFEHkkcFuXJBx1PTgcv0OgyM=",
+        "lastModified": 1753617834,
+        "narHash": "sha256-WEVfKrdIdu5CpppJ0Va3vzP0DKlS+ZTLbBjugMO2Drg=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "18ad12d52b8cebbb57013865eec2be5125de050a",
+        "rev": "72cc1e3134a35005006f06640724319caa424737",
         "type": "github"
       },
       "original": {
@@ -39,11 +175,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1619464443,
-        "narHash": "sha256-R7WAb8EnkIJxxaF6GTHUPytjonhB4Zm0iatyWoW169A=",
+        "lastModified": 1753429684,
+        "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8e4fe32876ca15e3d5eb3ecd3ca0b224417f5f17",
+        "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d",
         "type": "github"
       },
       "original": {
@@ -54,12 +190,21 @@
       }
     },
     "nur": {
+      "inputs": {
+        "flake-parts": [
+          "flake-parts"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "treefmt-nix": "treefmt-nix"
+      },
       "locked": {
-        "lastModified": 1619628114,
-        "narHash": "sha256-s3pQyvMfXVmbQOX224yOWQf6zi8406sShFF4u17LVQ0=",
+        "lastModified": 1741294988,
+        "narHash": "sha256-3408u6q615kVTb23WtDriHRmCBBpwX7iau6rvfipcu4=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "0615e756dc14986c4968fa478c0bd080d621cb2b",
+        "rev": "b30c245e2c44c7352a27485bfd5bc483df660f0e",
         "type": "github"
       },
       "original": {
@@ -71,10 +216,51 @@
     },
     "root": {
       "inputs": {
+        "agenix": "agenix",
+        "flake-parts": "flake-parts",
         "futils": "futils",
+        "git-hooks": "git-hooks",
         "home-manager": "home-manager",
         "nixpkgs": "nixpkgs",
-        "nur": "nur"
+        "nur": "nur",
+        "systems": "systems"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "ref": "main",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "treefmt-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nur",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1733222881,
+        "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "49717b5af6f80172275d47a418c9719a31a78b53",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
       }
     }
   },

flake.nix

@@ -1,11 +1,36 @@
 {
   description = "NixOS configuration with flakes";
   inputs = {
+    agenix = {
+      type = "github";
+      owner = "ryantm";
+      repo = "agenix";
+      ref = "main";
+      inputs = {
+        home-manager.follows = "home-manager";
+        nixpkgs.follows = "nixpkgs";
+        systems.follows = "systems";
+      };
+    };
+
+    flake-parts = {
+      type = "github";
+      owner = "hercules-ci";
+      repo = "flake-parts";
+      ref = "main";
+      inputs = {
+        nixpkgs-lib.follows = "nixpkgs";
+      };
+    };
+
     futils = {
       type = "github";
       owner = "numtide";
       repo = "flake-utils";
-      ref = "master";
+      ref = "main";
+      inputs = {
+        systems.follows = "systems";
+      };
     };
 
     home-manager = {
@@ -30,80 +55,30 @@
       owner = "nix-community";
       repo = "NUR";
       ref = "master";
+      inputs = {
+        flake-parts.follows = "flake-parts";
+        nixpkgs.follows = "nixpkgs";
+      };
+    };
+
+    git-hooks = {
+      type = "github";
+      owner = "cachix";
+      repo = "git-hooks.nix";
+      ref = "master";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+      };
+    };
+
+    systems = {
+      type = "github";
+      owner = "nix-systems";
+      repo = "default";
+      ref = "main";
     };
   };
 
-  outputs = { self, futils, home-manager, nixpkgs, nur } @ inputs:
-    let
-      inherit (futils.lib) eachDefaultSystem;
-
-      lib = nixpkgs.lib.extend (self: super: {
-        my = import ./lib { inherit inputs; pkgs = nixpkgs; lib = self; };
-      });
-
-      defaultModules = [
-        ({ ... }: {
-          # Let 'nixos-version --json' know about the Git revision
-          system.configurationRevision = self.rev or "dirty";
-        })
-        {
-          nixpkgs.overlays = (lib.attrValues self.overlays) ++ [
-            nur.overlay
-          ];
-        }
-        home-manager.nixosModules.home-manager
-        {
-          home-manager.users.ambroisie = import ./home;
-          # Nix Flakes compatibility
-          home-manager.useGlobalPkgs = true;
-          home-manager.useUserPackages = true;
-        }
-      ];
-
-      buildHost = name: system: lib.nixosSystem {
-        inherit system;
-        modules = defaultModules ++ [
-          (./. + "/${name}.nix")
-        ];
-        specialArgs = {
-          # Use my extended lib in NixOS configuration
-          inherit lib;
-        };
-      };
-    in
-    eachDefaultSystem
-      (system:
-        let
-          pkgs = nixpkgs.legacyPackages.${system};
-        in
-        rec {
-          apps = {
-            diff-flake = futils.lib.mkApp { drv = packages.diff-flake; };
-          };
-
-          defaultApp = apps.diff-flake;
-
-          devShell = pkgs.mkShell {
-            name = "NixOS-config";
-            buildInputs = with pkgs; [
-              git-crypt
-              gitAndTools.pre-commit
-              gnupg
-              nixpkgs-fmt
-            ];
-          };
-
-          packages = import ./pkgs { inherit pkgs; };
-        }) // {
-      overlay = self.overlays.pkgs;
-
-      overlays = {
-        lib = final: prev: { inherit lib; };
-        pkgs = final: prev: { ambroisie = import ./pkgs { pkgs = prev; }; };
-      };
-
-      nixosConfigurations = lib.mapAttrs buildHost {
-        porthos = "x86_64-linux";
-      };
-    };
+  # Can't eta-reduce a flake outputs...
+  outputs = inputs: import ./flake inputs;
 }

flake/apps.nix

@@ -0,0 +1,9 @@
+{ inputs, ... }:
+{
+  perSystem = { self', ... }: {
+    apps = {
+      diff-flake = inputs.futils.lib.mkApp { drv = self'.packages.diff-flake; };
+      default = self'.apps.diff-flake;
+    };
+  };
+}

flake/checks.nix

@@ -0,0 +1,33 @@
+{ inputs, ... }:
+{
+  imports = [
+    inputs.git-hooks.flakeModule
+  ];
+
+  perSystem = { ... }: {
+    pre-commit = {
+      # Add itself to `nix flake check`
+      check.enable = true;
+
+      settings = {
+        hooks = {
+          deadnix = {
+            enable = true;
+          };
+
+          nixpkgs-fmt = {
+            enable = true;
+          };
+
+          shellcheck = {
+            enable = true;
+          };
+
+          stylua = {
+            enable = true;
+          };
+        };
+      };
+    };
+  };
+}

flake/default.nix

@@ -0,0 +1,22 @@
+{ flake-parts
+, systems
+, ...
+} @ inputs:
+let
+  mySystems = import systems;
+in
+flake-parts.lib.mkFlake { inherit inputs; } {
+  systems = mySystems;
+
+  imports = [
+    ./apps.nix
+    ./checks.nix
+    ./dev-shells.nix
+    ./home-manager.nix
+    ./lib.nix
+    ./nixos.nix
+    ./overlays.nix
+    ./packages.nix
+    ./templates.nix
+  ];
+}

flake/dev-shells.nix

@@ -0,0 +1,18 @@
+{ ... }:
+{
+  perSystem = { config, pkgs, ... }: {
+    devShells = {
+      default = pkgs.mkShellNoCC {
+        name = "NixOS-config";
+
+        nativeBuildInputs = with pkgs; [
+          nixpkgs-fmt
+        ];
+
+        shellHook = ''
+          ${config.pre-commit.installationScript}
+        '';
+      };
+    };
+  };
+}

flake/home-manager.nix

@@ -0,0 +1,60 @@
+{ self, inputs, lib, ... }:
+let
+  defaultModules = [
+    # Include generic settings
+    "${self}/modules/home"
+    {
+      nixpkgs.overlays = (lib.attrValues self.overlays) ++ [
+        inputs.nur.overlays.default
+      ];
+    }
+    {
+      # Basic user information defaults
+      home.username = lib.mkDefault "ambroisie";
+      home.homeDirectory = lib.mkDefault "/home/ambroisie";
+
+      # Make it a Linux installation by default
+      targets.genericLinux.enable = lib.mkDefault true;
+
+      # Enable home-manager
+      programs.home-manager.enable = true;
+    }
+  ];
+
+  mkHome = name: system: inputs.home-manager.lib.homeManagerConfiguration {
+    pkgs = inputs.nixpkgs.legacyPackages.${system};
+
+    modules = defaultModules ++ [
+      "${self}/hosts/homes/${name}"
+    ];
+
+    # Use my extended lib in NixOS configuration
+    inherit (self) lib;
+
+    extraSpecialArgs = {
+      # Inject inputs to use them in global registry
+      inherit inputs;
+    };
+  };
+
+  homes = {
+    "ambroisie@bazin" = "x86_64-linux";
+    "ambroisie@mousqueton" = "x86_64-linux";
+  };
+in
+{
+  perSystem = { system, ... }: {
+    # Work-around for https://github.com/nix-community/home-manager/issues/3075
+    legacyPackages = {
+      homeConfigurations =
+        let
+          filteredHomes = lib.filterAttrs (_: v: v == system) homes;
+          allHomes = filteredHomes // {
+            # Default configuration
+            ambroisie = system;
+          };
+        in
+        lib.mapAttrs mkHome allHomes;
+    };
+  };
+}

flake/lib.nix

@@ -0,0 +1,11 @@
+{ self, inputs, ... }:
+let
+  inherit (inputs) nixpkgs;
+
+  lib = nixpkgs.lib.extend (final: _: {
+    my = import "${self}/lib" { inherit inputs; pkgs = nixpkgs; lib = final; };
+  });
+in
+{
+  flake.lib = lib;
+}

flake/nixos.nix

@@ -0,0 +1,37 @@
+{ self, inputs, lib, ... }:
+let
+  defaultModules = [
+    {
+      # Let 'nixos-version --json' know about the Git revision
+      system.configurationRevision = self.rev or self.dirtyRev or "dirty";
+    }
+    {
+      nixpkgs.overlays = (lib.attrValues self.overlays) ++ [
+        inputs.nur.overlays.default
+      ];
+    }
+    # Include generic settings
+    "${self}/modules/nixos"
+  ];
+
+  buildHost = name: system: lib.nixosSystem {
+    modules = defaultModules ++ [
+      {
+        nixpkgs.hostPlatform = system;
+      }
+      "${self}/hosts/nixos/${name}"
+    ];
+    specialArgs = {
+      # Use my extended lib in NixOS configuration
+      inherit (self) lib;
+      # Inject inputs to use them in global registry
+      inherit inputs;
+    };
+  };
+in
+{
+  flake.nixosConfigurations = lib.mapAttrs buildHost {
+    aramis = "x86_64-linux";
+    porthos = "x86_64-linux";
+  };
+}

flake/overlays.nix

@@ -0,0 +1,17 @@
+{ self, ... }:
+let
+  default-overlays = import "${self}/overlays";
+
+  additional-overlays = {
+    # Expose my expanded library
+    lib = _final: _prev: { inherit (self) lib; };
+
+    # Expose my custom packages
+    pkgs = _final: prev: {
+      ambroisie = prev.recurseIntoAttrs (import "${self}/pkgs" { pkgs = prev; });
+    };
+  };
+in
+{
+  flake.overlays = default-overlays // additional-overlays;
+}

flake/packages.nix

@@ -0,0 +1,13 @@
+{ self, inputs, ... }:
+{
+  perSystem = { pkgs, system, ... }: {
+    packages =
+      let
+        inherit (inputs.futils.lib) filterPackages flattenTree;
+        packages = import "${self}/pkgs" { inherit pkgs; };
+        flattenedPackages = flattenTree packages;
+        finalPackages = filterPackages system flattenedPackages;
+      in
+      finalPackages;
+  };
+}

flake/templates.nix

@@ -0,0 +1,4 @@
+{ self, ... }:
+{
+  flake.templates = import "${self}/templates";
+}

home/default.nix

@@ -1,26 +0,0 @@
-{ ... }:
-{
-  imports = [
-    ./bat.nix
-    ./direnv.nix
-    ./documentation.nix
-    ./git
-    ./gpg.nix
-    ./htop.nix
-    ./jq.nix
-    ./packages.nix
-    ./pager.nix
-    ./secrets # Home-manager specific secrets
-    ./ssh.nix
-    ./tmux.nix
-    ./vim
-    ./xdg.nix
-    ./zsh
-  ];
-
-  # First sane reproducible version
-  home.stateVersion = "20.09";
-
-  # Who am I?
-  home.username = "ambroisie";
-}

home/direnv.nix

@@ -1,15 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.my.home.direnv;
-in
-{
-  options.my.home.direnv = with lib.my; {
-    enable = mkDisableOption "direnv configuration";
-  };
-
-  config.programs.direnv = lib.mkIf cfg.enable {
-    enable = true;
-    # A better `use_nix`
-    enableNixDirenvIntegration = true;
-  };
-}

home/git/epita.config

@@ -1,4 +0,0 @@
-[user]
-	email = bruno.belanyi@epita.fr
-	name = Bruno BELANYI
-# vim: set ft=gitconfig:

home/gpg.nix

@@ -1,24 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.my.home.gpg;
-in
-{
-  options.my.home.gpg = with lib.my; {
-    enable = mkDisableOption "gpg configuration";
-  };
-
-  config = lib.mkIf cfg.enable {
-    programs.gpg = {
-      enable = true;
-    };
-
-    services.gpg-agent = {
-      enable = true;
-      enableSshSupport = true; # One agent to rule them all
-      pinentryFlavor = "tty";
-      extraConfig = ''
-        allow-loopback-pinentry
-      '';
-    };
-  };
-}

home/packages.nix

@@ -1,20 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  cfg = config.my.home.packages;
-in
-{
-  options.my.home.packages = with lib.my; {
-    enable = mkDisableOption "user packages";
-  };
-
-  config.home.packages = with pkgs; lib.mkIf cfg.enable [
-    # Git related
-    gitAndTools.git-absorb
-    gitAndTools.git-revise
-    gitAndTools.tig
-    # Dev work
-    rr
-    # Terminal prettiness
-    termite.terminfo
-  ];
-}

home/pager.nix

@@ -1,18 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.my.home.pager;
-in
-{
-  options.my.home.pager = with lib.my; {
-    enable = mkDisableOption "pager configuration";
-  };
-
-  config.programs.lesspipe.enable = cfg.enable;
-
-  config.home.sessionVariables = lib.mkIf cfg.enable {
-    # My default pager
-    PAGER = "less";
-    # Clear the screen on start and exit
-    LESS = "-R -+X -c";
-  };
-}

home/secrets/.gitattributes

@@ -1,3 +0,0 @@
-* filter=git-crypt diff=git-crypt
-.gitattributes !filter !diff
-/default.nix !filter !diff

home/secrets/default.nix

@@ -1,19 +0,0 @@
-{ lib, ... }:
-
-with lib;
-let
-  canaryHash = builtins.hashFile "sha256" ./canary;
-  expectedHash =
-    "9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab";
-in
-if canaryHash != expectedHash then
-  abort "Secrets are not readable. Have you run `git-crypt unlock`?"
-else {
-  options.my.secrets = mkOption {
-    type = types.attrs;
-  };
-
-  config.my.secrets = {
-    # Home-manager secrets go here
-  };
-}

home/ssh.nix

@@ -1,49 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.my.home.ssh;
-in
-{
-  options.my.home.ssh = with lib.my; {
-    enable = mkDisableOption "ssh configuration";
-  };
-
-  config.programs.ssh = {
-    enable = true;
-
-    matchBlocks = {
-      "github.com" = {
-        hostname = "github.com";
-        identityFile = "~/.ssh/shared_rsa";
-        user = "git";
-      };
-
-      "gitlab.com" = {
-        hostname = "gitlab.com";
-        identityFile = "~/.ssh/shared_rsa";
-        user = "git";
-      };
-
-      "git.sr.ht" = {
-        hostname = "git.sr.ht";
-        identityFile = "~/.ssh/shared_rsa";
-        user = "git";
-      };
-
-      "gitea.belanyi.fr" = {
-        hostname = "gitea.belanyi.fr";
-        identityFile = "~/.ssh/shared_rsa";
-        user = "git";
-      };
-
-      porthos = {
-        hostname = "91.121.177.163";
-        identityFile = "~/.ssh/shared_rsa";
-        user = "ambroisie";
-      };
-    };
-
-    extraConfig = ''
-      AddKeysToAgent yes
-    '';
-  };
-}

home/tmux.nix

@@ -1,47 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  cfg = config.my.home.tmux;
-in
-{
-  options.my.home.tmux = with lib.my; {
-    enable = mkDisableOption "tmux terminal multiplexer";
-  };
-
-  config.programs.tmux = lib.mkIf cfg.enable {
-    enable = true;
-
-    keyMode = "vi"; # Home-row keys and other niceties
-    clock24 = true; # I'm one of those heathens
-    escapeTime = 0; # Let vim do its thing instead
-    historyLimit = 5000; # Bigger buffer
-    terminal = "tmux-256color"; # I want accurate termcap info
-
-    plugins = with pkgs.tmuxPlugins; [
-      # Open high-lighted files in copy mode
-      open
-      # Better pane management
-      pain-control
-      # Better session management
-      sessionist
-      # X clipboard integration
-      yank
-      {
-        # Show when prefix has been pressed
-        plugin = prefix-highlight;
-        extraConfig = ''
-          # Also show when I'm in copy or sync mode
-          set -g @prefix_highlight_show_copy_mode 'on'
-          set -g @prefix_highlight_show_sync_mode 'on'
-          # Show prefix mode in status bar
-          set -g status-right '#{prefix_highlight} %a %Y-%m-%d %H:%M'
-        '';
-      }
-    ];
-
-    extraConfig = ''
-      # Better vim mode
-      bind-key -T copy-mode-vi 'v' send -X begin-selection
-      bind-key -T copy-mode-vi 'y' send -X copy-selection-and-cancel
-    '';
-  };
-}

home/vim/after/ftplugin/bash.vim

@@ -1,14 +0,0 @@
-" Create the `b:undo_ftplugin` variable if it doesn't exist
-call ftplugined#check_undo_ft()
-
-" Use shfmt as ALE fixer for bash
-let b:ale_fixers=[ 'shfmt' ]
-let b:undo_ftplugin.='|unlet! b:ale_fixers'
-
-" Indent with 4 spaces, simplify script, indent switch cases, use Bash variant
-let b:ale_sh_shfmt_options='-i 4 -s -ci -ln bash'
-let b:undo_ftplugin.='|unlet! b:ale_sh_shfmt_options'
-
-" Use bash dialect explicitly, require explicit empty string test
-let b:ale_sh_shellcheck_options='-s bash -o avoid-nullary-conditions'
-let b:undo_ftplugin.='|unlet! b:ale_sh_shellcheck_options'

home/vim/after/ftplugin/c.vim

@@ -1,14 +0,0 @@
-" Create the `b:undo_ftplugin` variable if it doesn't exist
-call ftplugined#check_undo_ft()
-
-" More warnings and the usual version in flags for Clang
-let b:ale_c_clang_options='-Wall -Wextra -pedantic -std=c99'
-let b:undo_ftplugin.='|unlet! b:ale_c_clang_options'
-
-" More warnings and the usual version in flags for GCC
-let b:ale_c_gcc_options='-Wall -Wextra -pedantic -std=c99'
-let b:undo_ftplugin.='|unlet! b:ale_c_gcc_options'
-
-" Use compile_commands.json to look for additional flags
-let b:ale_c_parse_compile_commands=1
-let b:undo_ftplugin.='|unlet! b:ale_c_parse_compile_commands'

home/vim/after/ftplugin/cpp.vim

@@ -1,14 +0,0 @@
-" Create the `b:undo_ftplugin` variable if it doesn't exist
-call ftplugined#check_undo_ft()
-
-" More warnings and the usual version in flags for Clang
-let b:ale_cpp_clang_options='-Wall -Wextra -pedantic -std=c++17'
-let b:undo_ftplugin.='|unlet! b:ale_cpp_clang_options'
-
-" More warnings and the usual version in flags for GCC
-let b:ale_cpp_gcc_options='-Wall -Wextra -pedantic -std=c++17'
-let b:undo_ftplugin.='|unlet! b:ale_cpp_gcc_options'
-
-" Use compile_commands.json to look for additional flags
-let b:ale_c_parse_compile_commands=1
-let b:undo_ftplugin.='|unlet! b:ale_c_parse_compile_commands'

home/vim/after/ftplugin/d.vim

@@ -1,6 +0,0 @@
-" Create the `b:undo_ftplugin` variable if it doesn't exist
-call ftplugined#check_undo_ft()
-
-" Use my desired ALE fixer for D
-let b:ale_fixers=[ 'dfmt' ]
-let b:undo_ftplugin.='|unlet! b:ale_fixers'

home/vim/after/ftplugin/gitsendemail.vim

@@ -1,2 +0,0 @@
-" Create the `b:undo_ftplugin` variable if it doesn't exist
-call ftplugined#check_undo_ft()

home/vim/after/ftplugin/haskell.vim

@@ -1,30 +0,0 @@
-" Create the `b:undo_ftplugin` variable if it doesn't exist
-call ftplugined#check_undo_ft()
-
-" Use a small indentation value on Haskell files
-setlocal shiftwidth=2
-let b:undo_ftplugin.='|setlocal shiftwidth<'
-
-" Use my desired ALE fixers for Haskell
-let b:ale_fixers=[ 'brittany' ]
-let b:undo_ftplugin.='|unlet! b:ale_fixers'
-
-" Use stack-managed `hlint`
-let b:ale_haskell_hlint_executable='stack'
-let b:undo_ftplugin.='|unlet! b:ale_haskell_hlint_executable'
-
-" Use stack-managed `brittany`
-let b:ale_haskell_brittany_executable='stack'
-let b:undo_ftplugin.='|unlet! b:ale_haskell_brittany_executable'
-
-" Use dynamic libraries because of Arch linux, with default ALE options
-let b:ale_haskell_ghc_options='--dynamic -fno-code -v0'
-let b:undo_ftplugin.='|unlet! b:ale_haskell_ghc_options'
-
-" Automatically format files when saving them
-let b:ale_fix_on_save=1
-let b:undo_ftplugin='|unlet! b:ale_lint_on_save'
-
-" Change max length of a line to 100 for this buffer to match official guidelines
-setlocal colorcolumn=100
-let b:undo_ftplugin.='|setlocal colorcolumn<'

home/vim/after/ftplugin/json.vim

@@ -1,6 +0,0 @@
-" Create the `b:undo_ftplugin` variable if it doesn't exist
-call ftplugined#check_undo_ft()
-
-" Use my desired ALE fixer for JSON
-let b:ale_fixers=[ 'jq' ]
-let b:undo_ftplugin.='|unlet! b:ale_fixers'

home/vim/after/ftplugin/netrw.vim

@@ -1,6 +0,0 @@
-" Create the `b:undo_ftplugin` variable if it doesn't exist
-call ftplugined#check_undo_ft()
-
-" Don't show Netrw in buffer list
-setlocal bufhidden=delete
-let b:undo_ftplugin='|setlocal bufhidden<'

home/vim/after/ftplugin/python.vim

@@ -1,40 +0,0 @@
-" Create the `b:undo_ftplugin` variable if it doesn't exist
-call ftplugined#check_undo_ft()
-
-" Use my desired ALE fixers for python
-let b:ale_fixers=[ 'black', 'isort' ]
-let b:undo_ftplugin.='|unlet! b:ale_fixers'
-" Use my desired ALE linters for python
-let b:ale_linters=[ 'flake8', 'mypy', 'pylint', 'pyls' ]
-let b:undo_ftplugin.='|unlet! b:ale_linters'
-
-" Use pyls inside the python environment if needed
-let b:ale_python_pyls_auto_pipenv=1
-let b:undo_ftplugin.='|unlet! b:ale_python_pyls_auto_pipenv'
-
-" Disable pycodestyle checks from pyls because I'm already using flake8
-let b:ale_python_pyls_config={
-  \     'pyls': {
-  \         'plugins': {
-  \             'pycodestyle': {
-  \                 'enabled': v:false
-  \             },
-  \         },
-  \     },
-  \  }
-let b:undo_ftplugin.='|unlet! b:ale_python_pyls_config'
-
-" Don't use mypy to check for syntax errors
-let b:ale_python_mypy_ignore_invalid_syntax=1
-let b:undo_ftplugin.='|unlet! b:ale_python_mypy_ignore_invalid_syntax'
-" Use mypy inside the python environment if needed
-let b:ale_python_mypy_auto_pipenv=1
-let b:undo_ftplugin.='|unlet! b:ale_python_mypy_auto_pipenv'
-
-" Automatically format files when saving them
-let b:ale_fix_on_save=1
-let b:undo_ftplugin='|unlet! b:ale_lint_on_save'
-
-" Change max length of a line to 88 for this buffer to match black's settings
-setlocal colorcolumn=88
-let b:undo_ftplugin.='|setlocal colorcolumn<'

home/vim/after/ftplugin/qf.vim

@@ -1,8 +0,0 @@
-" Create the `b:undo_ftplugin` variable if it doesn't exist
-call ftplugined#check_undo_ft()
-
-" Use h/l to go to the previous/next non-empty quickfix or location list
-nnoremap <silent> <buffer> h :call quickfixed#older()<CR>
-let b:undo_ftplugin.='|nunmap <buffer> h'
-nnoremap <silent> <buffer> l :call quickfixed#newer()<CR>
-let b:undo_ftplugin.='|nunmap <buffer> l'

home/vim/after/ftplugin/rust.vim

@@ -1,31 +0,0 @@
-" Create the `b:undo_ftplugin` variable if it doesn't exist
-call ftplugined#check_undo_ft()
-
-" Check tests too
-let b:ale_rust_cargo_check_tests=1
-let b:undo_ftplugin='|unlet! b:ale_rust_cargo_check_tests'
-
-" Check examples too
-let b:ale_rust_cargo_check_examples=1
-let b:undo_ftplugin='|unlet! b:ale_rust_cargo_check_examples'
-
-" Use clippy if it's available instead of just cargo check
-let b:ale_rust_cargo_use_clippy=executable('cargo-clippy')
-let b:undo_ftplugin='|unlet! b:ale_rust_cargo_use_clippy'
-
-" Use rust-analyzer instead of RLS as a linter
-let b:ale_linters=[ 'cargo', 'analyzer' ]
-let b:undo_ftplugin='|unlet! b:ale_linters'
-
-
-" Use rustfmt as ALE fixer for rust
-let b:ale_fixers=[ 'rustfmt' ]
-let b:undo_ftplugin.='|unlet! b:ale_fixers'
-
-" Automatically format files when saving them
-let b:ale_fix_on_save=1
-let b:undo_ftplugin='|unlet! b:ale_lint_on_save'
-
-" Change max length of a line to 99 for this buffer to match official guidelines
-setlocal colorcolumn=99
-let b:undo_ftplugin.='|setlocal colorcolumn<'

home/vim/after/ftplugin/sh.vim

@@ -1,14 +0,0 @@
-" Create the `b:undo_ftplugin` variable if it doesn't exist
-call ftplugined#check_undo_ft()
-
-" Use shfmt as ALE fixer for sh
-let b:ale_fixers=[ 'shfmt' ]
-let b:undo_ftplugin.='|unlet! b:ale_fixers'
-
-" Indent with 4 spaces, simplify the code, indent switch cases, use POSIX
-let b:ale_sh_shfmt_options='-i 4 -s -ci -ln posix'
-let b:undo_ftplugin.='|unlet! b:ale_sh_shfmt_options'
-
-" Require explicit empty string test
-let b:ale_sh_shellcheck_options='-o avoid-nullary-conditions'
-let b:undo_ftplugin.='|unlet! b:ale_sh_shellcheck_options'

home/vim/after/ftplugin/zsh.vim

@@ -1,14 +0,0 @@
-" Create the `b:undo_ftplugin` variable if it doesn't exist
-call ftplugined#check_undo_ft()
-
-" Use shfmt as ALE fixer for zsh
-let b:ale_fixers=[ 'shfmt' ]
-let b:undo_ftplugin.='|unlet! b:ale_fixers'
-
-" Indent with 4 spaces, simplify script, indent switch cases, use Bash variant
-let b:ale_sh_shfmt_options='-i 4 -s -ci -ln bash'
-let b:undo_ftplugin.='|unlet! b:ale_sh_shfmt_options'
-
-" Use bash dialect explicitly, require explicit empty string test
-let b:ale_sh_shellcheck_options='-s bash -o avoid-nullary-conditions'
-let b:undo_ftplugin.='|unlet! b:ale_sh_shellcheck_options'

home/vim/after/plugin/mappings/ale.vim

@@ -1,2 +0,0 @@
-" Use ALE LSP-powered symbol information
-nnoremap <Leader>K :ALEHover<CR>

home/vim/after/plugin/mappings/fugitive.vim

@@ -1,10 +0,0 @@
-" Visual bindings for merging diffs as in normal mode
-xnoremap dp :diffput<cr>
-xnoremap do :diffget<cr>
-
-" Open status window
-nnoremap <Leader>gs :Gstatus<CR>
-" Open diff view of current buffer: the up/left window is the current index
-nnoremap <Leader>gd :Gdiffsplit!<CR>
-" Open current file log in new tab, populate its location list with history
-nnoremap <Leader>gl :sp<CR><C-w>T:Gllog --follow -- %:p<CR>

home/vim/after/plugin/mappings/fzf.vim

@@ -1,38 +0,0 @@
-" Only git-tracked files, Vim needs to be in a Git repository
-nnoremap <Leader>fg :GFiles<CR>
-
-" All files
-nnoremap <Leader>ff :Files<CR>
-
-" Currently open buffers
-nnoremap <Leader>fb :Buffers<CR>
-
-" Buffer history
-nnoremap <Leader>fh :History<CR>
-
-" Tags in buffer
-nnoremap <Leader>ft :BTags<CR>
-
-" Tags in all project files
-nnoremap <Leader>fT :Tags<CR>
-
-" Snippets for the current fileytpe (using Ultisnips)
-nnoremap <Leader>fs :Snippets<CR>
-
-" All available commands
-nnoremap <Leader>f: :Commands<CR>
-
-" All commits (using fugitive)
-nnoremap <Leader>fc :Commits<CR>
-
-" All commits for the current buffer (using fugitive)
-nnoremap <Leader>fC :BCommits<CR>
-
-" Select normal mode mapping by searching for its name
-nmap <Leader><Tab> <Plug>(fzf-maps-n)
-
-" Select visual mode mapping by searching for its name
-xmap <Leader><Tab> <Plug>(fzf-maps-x)
-
-" Select operator pending mode mapping by searching for its name
-omap <Leader><Tab> <Plug>(fzf-maps-o)

home/vim/after/plugin/mappings/misc.vim

@@ -1,8 +0,0 @@
-" Yank until the end of line with Y, to be more consistent with D and C
-nnoremap Y y$
-
-" Run make silently, then skip the 'Press ENTER to continue'
-noremap <Leader>m :silent! :make! \| :redraw!<CR>
-
-" Remove search-highlighting
-noremap <Leader><Leader> :nohls<CR>

home/vim/after/plugin/mappings/qf.vim

@@ -1,11 +0,0 @@
-" Next and previous in quick-fix list
-nmap <Leader>fn <Plug>(qf_qf_next)
-nmap <Leader>fp <Plug>(qf_qf_previous)
-
-" Next and previous in location list
-nmap <Leader>ln <Plug>(qf_loc_next)
-nmap <Leader>lp <Plug>(qf_loc_previous)
-
-" Toggle quick-fix and location lists
-nmap <Leader>tf <Plug>(qf_qf_toggle)
-nmap <Leader>tl <Plug>(qf_loc_toggle)

home/vim/after/plugin/mappings/unimpaired.vim

@@ -1,7 +0,0 @@
-" Better fr layout mappings for vim-unimpaired and other '[' and ']' commands
-nmap ( [
-nmap ) ]
-omap ( [
-omap ) ]
-xmap ( [
-xmap ) ]

home/vim/autoload/quickfixed.vim

@@ -1,68 +0,0 @@
-" Taken from the Vimways article
-
-function! s:isLocation()
-  " Get dictionary of properties of the current window
-  let wininfo = filter(getwininfo(), {i,v -> v.winnr == winnr()})[0]
-  return wininfo.loclist
-endfunction
-
-function! s:length()
-  " Get the size of the current quickfix/location list
-  return len(s:isLocation() ? getloclist(0) : getqflist())
-endfunction
-
-function! s:getProperty(key, ...)
-  " getqflist() and getloclist() expect a dictionary argument
-  " If a 2nd argument has been passed in, use it as the value, else 0
-  let l:what = {a:key : a:0 ? a:1 : 0}
-  let l:listdict = s:isLocation() ? getloclist(0, l:what) : getqflist(l:what)
-  return get(l:listdict, a:key)
-endfunction
-
-function! s:isFirst()
-  return s:getProperty('nr') <= 1
-endfunction
-
-function! s:isLast()
-  return s:getProperty('nr') == s:getProperty('nr', '$')
-endfunction
-
-function! s:history(goNewer)
-  " Build the command: one of colder/cnewer/lolder/lnewer
-  let l:cmd = (s:isLocation() ? 'l' : 'c') . (a:goNewer ? 'newer' : 'older')
-
-  " Apply the cmd repeatedly until we hit a non-empty list, or first/last list
-  " is reached
-  while 1
-    if (a:goNewer && s:isLast()) || (!a:goNewer && s:isFirst()) | break | endif
-    " Run the command. Use :silent to suppress message-history output.
-    " Note that the :try wrapper is no longer necessary
-    silent execute l:cmd
-    if s:length() | break | endif
-  endwhile
-
-  " Echo a description of the new quickfix / location list.
-  " And make it look like a rainbow.
-  let l:nr = s:getProperty('nr')
-  let l:last = s:getProperty('nr', '$')
-  echohl MoreMsg | echon '('
-  echohl Identifier | echon l:nr
-  if l:last > 1
-    echohl LineNr | echon ' of '
-    echohl Identifier | echon l:last
-  endif
-  echohl MoreMsg | echon ') '
-  echohl MoreMsg | echon '['
-  echohl Identifier | echon s:length()
-  echohl MoreMsg | echon '] '
-  echohl Normal | echon s:getProperty('title')
-  echohl None
-endfunction
-
-function! quickfixed#older()
-  call s:history(0)
-endfunction
-
-function! quickfixed#newer()
-  call s:history(1)
-endfunction

home/vim/default.nix

@@ -1,77 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
-  cfg = config.my.home.vim;
-  configFiles =
-    let
-      toSource = directory: { source = ./. + "/${directory}"; };
-      configureDirectory =
-        name: lib.nameValuePair "nvim/${name}" (toSource name);
-      linkDirectories =
-        dirs: builtins.listToAttrs (map configureDirectory dirs);
-    in
-    linkDirectories [
-      "after"
-      "autoload"
-      "ftdetect"
-      "plugin"
-    ];
-in
-{
-  options.my.home.vim = with lib.my; {
-    enable = mkDisableOption "vim configuration";
-  };
-
-  config.programs.neovim = lib.mkIf cfg.enable {
-    enable = true;
-    # All the aliases
-    viAlias = true;
-    vimAlias = true;
-    vimdiffAlias = true;
-
-    plugins = with pkgs.vimPlugins; [
-      # Theming
-      lightline-vim # Fancy status bar
-      {
-        plugin = onedark-vim; # Nice dark theme
-        optional = true; # Needs to be `packadd`-ed manually...
-      }
-
-      # tpope essentials
-      vim-commentary # Easy comments
-      vim-eunuch # UNIX integrations
-      vim-fugitive # A 'git' wrapper
-      vim-git # Sane git syntax files
-      vim-repeat # Enanche '.' for plugins
-      vim-rsi # Readline mappings
-      vim-surround # Deal with pairs
-      vim-unimpaired # Some ex command mappings
-      vim-vinegar # Better netrw
-
-      # Languages
-      rust-vim
-      vim-beancount
-      vim-jsonnet
-      vim-nix
-      vim-pandoc
-      vim-pandoc-syntax
-      vim-toml
-
-      # General enhancements
-      fastfold # Better folding
-      vim-qf # Better quick-fix list
-
-      # Other wrappers
-      fzfWrapper # The vim plugin inside the 'fzf' package
-      fzf-vim # Fuzzy commands
-      git-messenger-vim # A simple blame window
-
-      # LSP and linting
-      ale # Asynchronous Linting Engine
-      lightline-ale # Status bar integration
-    ];
-
-    extraConfig = builtins.readFile ./init.vim;
-  };
-
-  config.xdg.configFile = lib.mkIf cfg.enable configFiles;
-}

home/vim/ftdetect/automake.vim

@@ -1,2 +0,0 @@
-" Use Automake filetype for `local.am` files, explicit `set` to force override
-au BufNewFile,BufRead local.am set filetype=automake

home/vim/ftdetect/tikz.vim

@@ -1,2 +0,0 @@
-" Use LaTeX filetype for TikZ files
-au BufNewFile,BufRead *.tikz setfiletype tex

home/vim/plugin/abbreviations.vim

@@ -1,5 +0,0 @@
-" A few useful sets of abbreviations
-
-" A few things that are hard to write in ASCII
-abbreviate (R) ©
-abbreviate (TM) ™

home/vim/plugin/mappings/leader.vim

@@ -1,6 +0,0 @@
-" Map leader to space (needs the noremap trick to avoid moving the cursor)
-nnoremap <Space> <Nop>
-let mapleader=" "
-
-" Map localleader to '!' (if I want to filter text, I use visual mode)
-let maplocalleader="!"

home/vim/plugin/numbertoggle.vim

@@ -1,13 +0,0 @@
-" Idea for toggling taken from jeffkreeftmeijer
-
-" Show line numbers
-set number
-
-augroup numbertoggle
-    autocmd!
-    " Toggle numbers between relative and absolute when changing buffers
-    autocmd BufEnter,FocusGained,InsertLeave,WinEnter * if &nu | set rnu   | endif
-    autocmd BufLeave,FocusLost,InsertEnter,WinLeave   * if &nu | set nornu | endif
-    " Disable line numbers and relative line numbers in terminal
-    autocmd TermOpen * setlocal nonu nornu
-augroup END

home/vim/plugin/settings/ale.vim

@@ -1,24 +0,0 @@
-" Always display the sign column to avoid moving the buffer all the time
-let g:ale_sign_column_always=1
-
-" Change the way ALE display messages
-let g:ale_echo_msg_info_str='I'
-let g:ale_echo_msg_warning_str='W'
-let g:ale_echo_msg_error_str='E'
-
-" The message displayed in the command line area
-let g:ale_echo_msg_format='[%linter%][%severity%]%(code):% %s'
-
-" The message displayed in the location list
-let g:ale_loclist_msg_format='[%linter%]%(code):% %s'
-
-" Don't lint every time I change the buffer
-let g:ale_lint_on_text_changed=0
-" Don't lint on leaving insert mode
-let g:ale_lint_on_insert_leave=0
-" Don't lint on entering a buffer
-let g:ale_lint_on_enter=0
-" Do lint on save
-let g:ale_lint_on_save=1
-" Lint on changing the filetype
-let g:ale_lint_on_filetype_changed=1

home/vim/plugin/settings/fastfold.vim

@@ -1,5 +0,0 @@
-" Intercept all fold commands
-let g:fastfold_fold_command_suffixes=[
-  \     'x', 'X', 'a', 'A', 'o', 'O', 'c', 'C',
-  \     'r', 'R', 'm', 'M', 'i', 'n', 'N'
-  \ ]

home/vim/plugin/settings/fzf.vim

@@ -1,8 +0,0 @@
-" Use a floating window when availble
-if has('nvim-0.4.0') || has("patch-8.2.0191")
-    let g:fzf_layout = { 'window': {
-                \ 'width': 0.9,
-                \ 'height': 0.7,
-                \ 'highlight': 'Comment',
-                \ 'rounded': v:false } }
-endif

home/vim/plugin/settings/gruvbox.vim

@@ -1,5 +0,0 @@
-" Use the high-contrast theme
-let g:gruvbox_contrast_dark='hard'
-
-" Enable italics because urxvt supports them
-let g:gruvbox_italic=1

home/vim/plugin/settings/lightline.vim

@@ -1,81 +0,0 @@
-" Initialise light-line setting structure
-let g:lightline={}
-
-" Use the wombat colorscheme
-let g:lightline.colorscheme='onedark'
-
-" Status-line for active buffer
-let g:lightline.active={
-  \     'left': [
-  \         [ 'mode', 'paste' ],
-  \         [ 'gitbranch', 'readonly', 'filename', 'modified' ],
-  \         [ 'spell' ],
-  \     ],
-  \     'right': [
-  \         [ 'lineinfo' ],
-  \         [ 'percent' ],
-  \         [ 'fileformat', 'fileencoding', 'filetype' ],
-  \         [ 'linter_check', 'linter_errors', 'linter_warn', 'linter_ok' ],
-  \         [ 'ctags_status' ],
-  \     ]
-  \ }
-
-" Status-line for inactive buffer
-let g:lightline.inactive={
-  \     'left': [
-  \         [ 'filename' ],
-  \     ],
-  \     'right': [
-  \         [ 'lineinfo' ],
-  \         [ 'percent' ],
-  \     ],
-  \ }
-
-" Which component should be written using which function
-let g:lightline.component_function={
-  \     'readonly': 'LightlineReadonly',
-  \     'modified': 'LightlineModified',
-  \     'gitbranch': 'LightlineFugitive',
-  \ }
-
-" Which component can be expanded by using which function
-let g:lightline.component_expand={
-  \    'linter_check': 'lightline#ale#checking',
-  \    'linter_warn': 'lightline#ale#warnings',
-  \    'linter_errors': 'lightline#ale#errors',
-  \    'linter_ok': 'lightline#ale#ok',
-  \ }
-
-" How to color custom components
-let g:lightline.component_type={
-  \   'readonly': 'error',
-  \   'linter_checking': 'left',
-  \   'linter_warn': 'warning',
-  \   'linter_errors': 'error',
-  \   'linter_ok': 'left',
-  \ }
-
-" Show pretty icons instead of text for linting status
-let g:lightline#ale#indicator_checking='⏳'
-let g:lightline#ale#indicator_warnings='◆'
-let g:lightline#ale#indicator_errors='✗'
-let g:lightline#ale#indicator_ok='✓'
-
-" Show a lock icon when editing a read-only file when it makes sense
-function! LightlineReadonly()
-    return &ft!~?'help\|vimfiler\|netrw' && &readonly ? '' : ''
-endfunction
-
-" Show a '+' when the buffer is modified, '-' if not, when it makes sense
-function! LightlineModified()
-    return &ft=~'help\|vimfiler\|netrw' ? '' : &modified ? '+' : &modifiable ? '' : '-'
-endfunction
-
-" Show branch name with nice icon in status line, when it makes sense
-function! LightlineFugitive()
-    if &ft!~?'help\|vimfiler\|netrw' && exists('*fugitive#head')
-            let branch=fugitive#head()
-            return branch!=#'' ? ' '.branch : ''
-    endif
-    return ''
-endfunction

home/vim/plugin/settings/pandoc.vim

@@ -1,20 +0,0 @@
-" Which code-block languages should I expect to be high-lighted.
-let g:pandoc#syntax#codeblocks#embeds#langs=[
-  \     "bash=sh",
-  \     "c",
-  \     "cpp",
-  \     "go",
-  \     "haskell",
-  \     "python",
-  \     "rust",
-  \     "sh",
-  \     "vim",
-  \     "yaml",
-  \     "tex",
-  \     "toml",
-  \     "perl",
-  \     "json",
-  \     "latex=tex",
-  \     "make",
-  \     "makefile=make",
-  \ ]

home/vim/plugin/signtoggle.vim

@@ -1,8 +0,0 @@
-augroup signtoggle
-    autocmd!
-    " Only show the sign column for the current focused buffer
-    autocmd BufEnter,FocusGained,WinEnter * set signcolumn=yes
-    autocmd BufLeave,FocusLost,WinLeave   * set signcolumn=no
-    " Disable the sign column in terminal
-    autocmd TermOpen * setlocal signcolumn=no
-augroup END

home/zsh/default.nix

@@ -1,79 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
-  cfg = config.my.home.zsh;
-in
-{
-  options.my.home.zsh = with lib.my; {
-    enable = mkDisableOption "zsh configuration";
-  };
-
-  config.programs.zsh = lib.mkIf cfg.enable {
-    enable = true;
-    dotDir = ".config/zsh"; # Don't clutter $HOME
-    enableCompletion = true;
-
-    history = {
-      size = 50000;
-      ignoreSpace = true;
-      ignoreDups = true;
-      share = true;
-      path = "${config.xdg.dataHome}/zsh/zsh_history";
-    };
-
-    plugins = with pkgs; [
-      {
-        name = "fast-syntax-highlighting";
-        src = fetchFromGitHub {
-          owner = "zdharma";
-          repo = "fast-syntax-highlighting";
-          rev = "v1.55";
-          sha256 = "sha256-DWVFBoICroKaKgByLmDEo4O+xo6eA8YO792g8t8R7kA=";
-        };
-      }
-      {
-        name = "agkozak-zsh-prompt";
-        src = fetchFromGitHub {
-          owner = "agkozak";
-          repo = "agkozak-zsh-prompt";
-          rev = "v3.9.0";
-          sha256 = "sha256-VTRL+8ph2eI7iPht15epkLggAgtLGxB3DORFTW5GrhE=";
-        };
-      }
-    ];
-
-    # Modal editing is life, but CLI benefits from emacs gymnastics
-    defaultKeymap = "emacs";
-
-    initExtra = lib.concatMapStrings builtins.readFile [
-      ./completion-styles.zsh
-      ./extra-mappings.zsh
-      ./options.zsh
-    ];
-
-    localVariables = {
-      # I like having the full path
-      AGKOZAK_PROMPT_DIRTRIM = 0;
-      # Because I *am* from EPITA
-      AGKOZAK_PROMPT_CHAR = [ "42sh$" "42sh#" ":" ];
-      # Easy on the eyes
-      AGKOZAK_COLORS_BRANCH_STATUS = "magenta";
-      # I don't like moving my eyes
-      AGKOZAK_LEFT_PROMPT_ONLY = 1;
-    };
-
-    shellAliases = {
-      # Sometime `gpg-agent` errors out...
-      reset-agent = "gpg-connect-agent updatestartuptty /bye";
-    };
-  };
-
-  # Fuzzy-wuzzy
-  config.programs.fzf = lib.mkIf cfg.enable {
-    enable = true;
-    enableZshIntegration = true;
-  };
-
-  config.programs.dircolors = lib.mkIf cfg.enable {
-    enable = true;
-  };
-}

home/zsh/extra-mappings.zsh

@@ -1,14 +0,0 @@
-# Fix delete key not working 
-bindkey "\e[3~" delete-char
-
-# Fix Ctrl+u killing from the cursor instead of the whole line
-bindkey \^U backward-kill-line
-
-# Use Ctrl+x-(Ctrl+)e to edit the current command line in VISUAL/EDITOR
-autoload -U edit-command-line
-zle -N edit-command-line
-bindkey '^xe' edit-command-line
-bindkey '^x^e' edit-command-line
-
-# Enable Shift-Tab to go backwards in completion list
-bindkey '^[[Z' reverse-menu-complete

home/zsh/options.zsh

@@ -1,12 +0,0 @@
-# Show an error when a globbing expansion doesn't find any match
-setopt nomatch
-# List on ambiguous completion and Insert first match immediately
-setopt autolist menucomplete
-# Use pushd when cd-ing around
-setopt autopushd pushdminus pushdsilent
-# Use single quotes in string without the weird escape tricks
-setopt rcquotes
-# Single word commands can resume an existing job
-setopt autoresume
-# Those options aren't wanted
-unsetopt beep extendedglob notify

hosts/homes/ambroisie/default.nix

@@ -0,0 +1,5 @@
+# Default home-manager configuration
+{ ... }:
+{
+  # Default configuration, nothing to do
+}

hosts/homes/ambroisie@bazin/default.nix

@@ -0,0 +1,57 @@
+# Google Laptop configuration
+{ lib, options, pkgs, ... }:
+{
+  services.gpg-agent.enable = lib.mkForce false;
+
+  my.home = {
+    atuin = {
+      package = pkgs.stdenv.mkDerivation {
+        pname = "atuin";
+        version = "18.4.0";
+
+        buildCommand = ''
+          mkdir -p $out/bin
+          ln -s /usr/bin/atuin $out/bin/atuin
+        '';
+
+        meta.mainProgram = "atuin";
+      };
+    };
+
+    git = {
+      package = pkgs.emptyDirectory;
+    };
+
+    tmux = {
+      # I use scripts that use the passthrough sequence often on this host
+      enablePassthrough = true;
+
+      terminalFeatures = {
+        # HTerm uses `xterm-256color` as its `$TERM`, so use that here
+        xterm-256color = { };
+      };
+    };
+
+    ssh = {
+      mosh = {
+        package = pkgs.emptyDirectory;
+      };
+    };
+
+    zsh = {
+      notify = {
+        enable = true;
+
+        exclude = options.my.home.zsh.notify.exclude.default ++ [
+          "adb shell$" # Only interactive shell sessions
+        ];
+
+        ssh = {
+          enable = true;
+          # `notify-send` is proxied to the ChromeOS layer
+          useOsc777 = false;
+        };
+      };
+    };
+  };
+}

hosts/homes/ambroisie@mousqueton/default.nix

@@ -0,0 +1,41 @@
+# Google Cloudtop configuration
+{ lib, pkgs, ... }:
+{
+  # Google specific configuration
+  home.homeDirectory = "/usr/local/google/home/ambroisie";
+
+  services.gpg-agent.enable = lib.mkForce false;
+
+  my.home = {
+    atuin = {
+      package = pkgs.stdenv.mkDerivation {
+        pname = "atuin";
+        version = "18.4.0";
+
+        buildCommand = ''
+          mkdir -p $out/bin
+          ln -s /usr/bin/atuin $out/bin/atuin
+        '';
+
+        meta.mainProgram = "atuin";
+      };
+    };
+
+    git = {
+      package = pkgs.emptyDirectory;
+    };
+
+    tmux = {
+      # I use scripts that use the passthrough sequence often on this host
+      enablePassthrough = true;
+
+      # Frequent reboots mean that session persistence can be handy
+      enableResurrect = true;
+
+      terminalFeatures = {
+        # HTerm uses `xterm-256color` as its `$TERM`, so use that here
+        xterm-256color = { };
+      };
+    };
+  };
+}

hosts/nixos/aramis/boot.nix

@@ -0,0 +1,32 @@
+{ ... }:
+{
+  boot = {
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+
+    initrd = {
+      availableKernelModules = [
+        "nvme"
+        "sd_mod"
+        "sdhci_pci"
+        "usb_storage"
+        "usbhid"
+        "xhci_pci"
+      ];
+      kernelModules = [
+        "dm-snapshot"
+      ];
+      luks.devices.crypt = {
+        device = "/dev/nvme0n1p1";
+        preLVM = true;
+      };
+    };
+
+    kernelModules = [
+      "kvm-intel"
+    ];
+    extraModulePackages = [ ];
+  };
+}

hosts/nixos/aramis/default.nix

@@ -1,18 +1,26 @@
-# Porthos self-hosted server
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
 { ... }:
 
 {
   imports = [
-    # Include generic settings
-    ./modules
-    # Include porthos-specific modules
-    ./machines/porthos
-    # Include my secrets
+    ./boot.nix
+    ./hardware.nix
+    ./home.nix
+    ./networking.nix
+    ./profiles.nix
+    ./programs.nix
     ./secrets
-    # Include my services
-    ./services
+    ./services.nix
+    ./sound.nix
+    ./system.nix
   ];
 
+  # Set your time zone.
+  time.timeZone = "Europe/London";
+
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave

hosts/nixos/aramis/hardware.nix

@@ -0,0 +1,46 @@
+{ lib, modulesPath, ... }:
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/nixos";
+      fsType = "ext4";
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-label/boot";
+      fsType = "vfat";
+    };
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-label/swap"; }
+  ];
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+
+  my.hardware = {
+    firmware = {
+      cpuFlavor = "intel";
+    };
+
+    graphics = {
+      enable = true;
+
+      gpuFlavor = "intel";
+    };
+  };
+
+  hardware = {
+    trackpoint = {
+      enable = true;
+
+      emulateWheel = true; # Holding middle buttons allows scrolling
+
+      device = "TPPS/2 Elan TrackPoint"; # Use the correct device name
+    };
+  };
+}

hosts/nixos/aramis/home.nix

@@ -0,0 +1,34 @@
+{ pkgs, ... }:
+{
+  my.home = {
+    # Use graphical pinentry
+    bitwarden.pinentry = pkgs.pinentry-gtk2;
+    # Ebook library
+    calibre.enable = true;
+    # Some amount of social life
+    discord.enable = true;
+    # Image viewver
+    feh.enable = true;
+    # Firefo profile and extensions
+    firefox.enable = true;
+    # Blue light filter
+    gammastep.enable = true;
+    # Use a small popup to enter passwords
+    gpg.pinentry = pkgs.pinentry-gtk2;
+    # Machine specific packages
+    packages.additionalPackages = with pkgs; [
+      element-desktop # Matrix client
+      jellyfin-media-player # Wraps the webui and mpv together
+      pavucontrol # Audio mixer GUI
+      trgui-ng # Transmission remote
+    ];
+    # Minimal video player
+    mpv.enable = true;
+    # Network-Manager applet
+    nm-applet.enable = true;
+    # Terminal
+    terminal.program = "alacritty";
+    # Zathura document viewer
+    zathura.enable = true;
+  };
+}

hosts/nixos/aramis/install.sh

@@ -0,0 +1,53 @@
+#!/bin/sh
+
+set -eu
+
+if [ "$(id -u)" -ne 0 ]; then
+    echo "This script must be run as root" >&2
+    exit 1
+fi
+
+SWAP_SIZE=16GiB
+
+parted /dev/nvme0n1 --script -- \
+    mklabel gpt \
+    mkpart primary 512MiB 100% \
+    mkpart ESP fat32 1MiB 512MiB \
+    set 2 esp on
+
+cryptsetup luksFormat /dev/nvme0n1p1
+cryptsetup open /dev/nvme0n1p1 crypt
+
+pvcreate /dev/mapper/crypt
+vgcreate lvm /dev/mapper/crypt
+lvcreate -L "$SWAP_SIZE" -n swap lvm
+lvcreate -l 100%FREE -n root lvm
+
+mkfs.ext4 -L nixos /dev/lvm/root
+mkswap -L swap /dev/lvm/swap
+mkfs.vfat -n boot /dev/nvme0n1p2
+
+mount /dev/disk/by-label/nixos /mnt
+mkdir /mnt/boot
+mount /dev/nvme0n1p2 /mnt/boot
+swapon /dev/lvm/swap
+
+cat << EOF
+# Run the following commands as setup user
+nixos-generate-config --root /mnt
+
+# Change uuids to labels
+vim /mnt/etc/nixos/hardware-configuration.nix
+
+# Install system
+mkdir -p /mnt/home/ambroisie/git/nix/config
+cd /mnt/home/ambroisie/git/nix/config
+
+git clone <this-repo> .
+# Assuming you set up GPG key correctly
+git crypt unlock
+
+# Setup LUKS with 'boot.initrd.luks.devices.crypt', device is /dev/nvme0n1p1, preLVM = true
+
+# Use 'nixos-install --flake .#aramis --root /mnt --impure' because of home-manager issue
+EOF

hosts/nixos/aramis/networking.nix

@@ -0,0 +1,19 @@
+{ ... }:
+{
+  networking = {
+    hostName = "aramis";
+
+    # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+    # Per-interface useDHCP will be mandatory in the future, so this generated config
+    # replicates the default behaviour.
+    useDHCP = false;
+  };
+
+  my.hardware.networking = {
+    # Which interface is used to connect to the internet
+    externalInterface = "enp0s3";
+
+    # Enable WiFi integration
+    wireless.enable = true;
+  };
+}

hosts/nixos/aramis/profiles.nix

@@ -0,0 +1,17 @@
+{ ... }:
+{
+  my.profiles = {
+    # Bluetooth configuration and GUI
+    bluetooth.enable = true;
+    # Mouse and keyboard configuration
+    devices.enable = true;
+    # GTK theme configuration
+    gtk.enable = true;
+    # Laptop specific configuration
+    laptop.enable = true;
+    # i3 configuration
+    wm.windowManager = "i3";
+    # X configuration
+    x.enable = true;
+  };
+}

hosts/nixos/aramis/programs.nix

@@ -0,0 +1,7 @@
+{ ... }:
+{
+  my.programs = {
+    # Steam configuration
+    steam.enable = true;
+  };
+}

hosts/nixos/aramis/secrets/default.nix

@@ -0,0 +1,25 @@
+{ config, lib, ... }:
+
+{
+  config.age = {
+    secrets =
+      let
+        toName = lib.removeSuffix ".age";
+        userExists = u: builtins.hasAttr u config.users.users;
+        # Only set the user if it exists, to avoid warnings
+        userIfExists = u: if userExists u then u else "root";
+        toSecret = name: { owner ? "root", ... }: {
+          file = ./. + "/${name}";
+          owner = lib.mkDefault (userIfExists owner);
+        };
+        convertSecrets = n: v: lib.nameValuePair (toName n) (toSecret n v);
+        secrets = import ./secrets.nix;
+      in
+      lib.mapAttrs' convertSecrets secrets;
+
+    identityPaths = [
+      # Due to being a laptop, this host does not itself have any SSH keys
+      "/home/ambroisie/.ssh/agenix"
+    ];
+  };
+}

hosts/nixos/aramis/secrets/secrets.nix

@@ -0,0 +1,13 @@
+# Host-specific secrets
+let
+  keys = import ../../../../keys;
+
+  all = [
+    # This host is a laptop, it does not have a host key
+    # Allow me to modify the secrets anywhere
+    keys.users.ambroisie
+  ];
+in
+{
+  "wireguard/private-key.age".publicKeys = all;
+}

hosts/nixos/aramis/services.nix

@@ -0,0 +1,8 @@
+{ ... }:
+{
+  config.my.services = {
+    wireguard = {
+      enable = true;
+    };
+  };
+}

hosts/nixos/aramis/sound.nix

@@ -0,0 +1,8 @@
+{ ... }:
+{
+  my.hardware.sound = {
+    pipewire = {
+      enable = true;
+    };
+  };
+}

hosts/nixos/aramis/system.nix

@@ -0,0 +1,10 @@
+# Core system configuration
+{ ... }:
+{
+  my.system = {
+    # Printers are hell, but so is the unability to print
+    printing = {
+      enable = true;
+    };
+  };
+}

hosts/nixos/porthos/boot.nix

@@ -0,0 +1,21 @@
+# Boot configuration
+{ ... }:
+
+{
+  boot = {
+    # Use the systemd-boot EFI boot loader.
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+
+    initrd = {
+      availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "usbhid" "sd_mod" ];
+      kernelModules = [ "dm-snapshot" ];
+    };
+
+    kernelModules = [ "kvm-intel" ];
+
+    extraModulePackages = [ ];
+  };
+}

hosts/nixos/porthos/default.nix

@@ -0,0 +1,20 @@
+# Porthos specific settings
+{ ... }:
+
+{
+  imports = [
+    ./boot.nix
+    ./hardware.nix
+    ./home.nix
+    ./networking.nix
+    ./secrets
+    ./services.nix
+    ./system.nix
+    ./users.nix
+  ];
+
+  # Set your time zone.
+  time.timeZone = "Europe/Paris";
+
+  system.stateVersion = "24.05"; # Did you read the comment?
+}

hosts/nixos/porthos/hardware.nix

@@ -1,5 +1,5 @@
 # Hardware configuration
-{ lib, modulesPath, ... }:
+{ modulesPath, ... }:
 
 {
   imports = [
@@ -11,9 +11,18 @@
     fsType = "ext4";
   };
 
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/boot";
+    fsType = "vfat";
+  };
+
   swapDevices = [
     { device = "/dev/disk/by-label/swap"; }
   ];
 
-  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+  my.hardware = {
+    firmware = {
+      cpuFlavor = "intel";
+    };
+  };
 }

hosts/nixos/porthos/home.nix

@@ -0,0 +1,20 @@
+{ ... }:
+{
+  my.home = {
+    nix = {
+      cache = {
+        # This server is the one serving the cache, don't try to query it
+        selfHosted = false;
+      };
+    };
+
+    # Allow using extended features when SSH-ing from various clients
+    tmux.terminalFeatures = {
+      # My usual terminal, e.g: on laptop
+      alacritty = { };
+    };
+
+    # Always start a tmux session when opening a shell session
+    zsh.launchTmux = true;
+  };
+}

hosts/nixos/porthos/install.sh

@@ -3,7 +3,7 @@
 SWAP_SIZE=16GiB
 
 parted /dev/sda --script -- \
-    mklabel msdos \
+    mklabel gpt \
     mkpart primary 512MiB -$SWAP_SIZE \
     mkpart primary linux-swap -$SWAP_SIZE 100% \
     mkpart ESP fat32 1MiB 512MiB \
@@ -11,14 +11,24 @@ parted /dev/sda --script -- \
 
 parted /dev/sdb --script -- \
     mklabel gpt \
-    mkpart primary 0MiB 100%
+    mkpart primary 0% 100%
+parted /dev/sdc --script -- \
+    mklabel gpt \
+    mkpart primary 0% 100%
+parted /dev/sdd --script -- \
+    mklabel gpt \
+    mkpart primary 0% 100%
 
 mkfs.ext4 -L media1 /dev/sda1
 mkfs.ext4 -L media2 /dev/sdb1
+mkfs.ext4 -L media3 /dev/sdc1
+mkfs.ext4 -L media4 /dev/sdd1
 
 pvcreate /dev/sda1
 pvcreate /dev/sdb1
-vgcreate lvm /dev/sda1 /dev/sdb1
+pvcreate /dev/sdc1
+pvcreate /dev/sdd1
+vgcreate lvm /dev/sda1 /dev/sdb1 /dev/sdc1 /dev/sdd1
 lvcreate -l 100%FREE -n media lvm
 
 mkfs.ext4 -L nixos /dev/mapper/lvm-media
@@ -27,17 +37,18 @@ mkfs.fat -F 32 -n boot /dev/sda3
 
 mount /dev/disk/by-label/nixos /mnt
 swapon /dev/sda2
+mkdir -p /mnt/boot
+mount /dev/disk/by-label/boot /mnt/boot
 
 apt install sudo
 useradd -m -G sudo setupuser
-su setupuser
 
 cat << EOF
 # Run the following commands as setup user
-curl -L https://nixos.org/nix/install | sh
-. $HOME/.nix-profile/etc/profile.d/nix.sh
-nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs
-sudo `which nixos-generate-config` --root /mnt
+curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
+. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
+nix profile install nixpkgs#nixos-install-tools
+sudo "$(which nixos-generate-config)" --root /mnt
 
 # Change uuids to labels
 vim /mnt/etc/nixos/hardware-configuration.nix
@@ -46,10 +57,13 @@ vim /mnt/etc/nixos/hardware-configuration.nix
 mkdir -p /mnt/home/ambroisie/git/nix/config
 cd /mnt/home/ambroisie/git/nix/config
 
-nix-env -iA nixos.git nixos.nixFlakes nixos.git-crypt
+nix-env -iA nixos.git nixos.nix nixos.git-crypt
 git clone <this-repo> .
 # Assuming you set up GPG key correctly
 git crypt unlock
 
 nixos-install --root /mnt --flake '.#<hostname>'
 EOF
+
+# shellcheck disable=2117
+su setupuser

hosts/nixos/porthos/networking.nix

@@ -0,0 +1,22 @@
+# Networking configuration
+{ ... }:
+
+{
+  networking = {
+    hostName = "porthos"; # Define your hostname.
+    domain = "belanyi.fr"; # Define your domain.
+
+    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+    # (the default) this is the recommended approach. When using systemd-networkd it's
+    # still possible to use this option, but it's recommended to use it in conjunction
+    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+    useDHCP = true;
+    interfaces = {
+      eno1.useDHCP = true;
+      eno2.useDHCP = true;
+    };
+  };
+
+  # Which interface is used to connect to the internet
+  my.hardware.networking.externalInterface = "eno1";
+}

hosts/nixos/porthos/secrets/acme/dns-key.age

@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 cKojmg Ec0xt1uJTva8MxUdoTVX5m3uWaIiRlodf345FEM7Uzs
+aJIneWFJPB5HVeoUGp57agXih9YeZ6xMEbyQ+zJtWQY
+-> ssh-ed25519 jPowng B5XotRgv7s/FUegGhceBj7EoukewNUOIFl4TFRQf1EQ
+PgGCBd/Pqwp7ayqi7okHBGF1SfFpwT4KlHJ/np6p2uQ
+--- AeLgwGz6k3OABb53cXNaCU/sgI4FlU1s6p8PhAaFOlg
+1ÌÉCÔ¹ð¤ŽULfI1¸Hm»Ûòb}m”” ÁÅ¡ìg•ß0¦¢–¤`X<16>G>\>¹8rŽz+Š›Y ™¼`—Ê¢.JBUÏ!z¸Z50ú*õ¡ÙŸ¤×ÖÇ®I<C2AE>ôÔ]¹
‹ÏåI
+ĵ<18>¿–oÒÛ°…g„®„ÒêÁ³Â¿Ÿt’©nƒºãcz[»{
+jçå&ÁõõNæ°Nÿo{õš½‚
-eP¾=L‰™
6¦.SP:»e¶–

hosts/nixos/porthos/secrets/aria/rpc-token.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 cKojmg fpiyZo1AR5hCfk/KtbgWCTzz+05/VOUnnaHhWgXQRwc
+d2w9IX/kq/T6OwQ1zImsCmzIX2yfFD8hQDbs0IW3ZIA
+-> ssh-ed25519 jPowng E9R7p9NCubUQrymjnrNfEjSNIIAXrBQLogNkWsOx8xc
+MrWEE5LNtOqAjnwA6byfSa1udnbUtqBy4FhdxipuA+g
+--- fKgerjgGs+brvNKnrWdpmOadl34LipMT6Msqse2g3E0
+Œ¡E9³ï¬‚KYRL-‡„°¡Ç·\E–ŸK{ÃÜ7âço»ïò²XÂGx<0E>ÍT’Î)Ëœôä<C3B4>6°%ˆ­LO€Tðÿ*‰™*8\£É@G

hosts/nixos/porthos/secrets/backup/password.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 cKojmg O3DMSSPQP9/ehXmzs0xcCGllu7VSzhd6b4Pii8t2vWQ
+Ys1nMv2384elWWGW9C8HabvwUeWu52VsQpxx9L/4/dM
+-> ssh-ed25519 jPowng ft/9SX5fpG7+7gHMubaFtb+50/gfNgmaofOVq5UjRUE
+xMwdFjFdkH0Li+PikaFt0WAZbFUu5daHgkfN8aQQumo
+--- 7DVINvXIXdE1MRwIkeajonYsy1cp4HugCxfTeub5SXU
+<¥ö¡Ãñ<ýØ{VÇ?ñfk/¤áI®"<22>ï×/5K"Š¸(ì¢ùiÃÔôìñ

hosts/nixos/porthos/secrets/default.nix

@@ -0,0 +1,20 @@
+{ config, lib, ... }:
+
+{
+  config.age = {
+    secrets =
+      let
+        toName = lib.removeSuffix ".age";
+        userExists = u: builtins.hasAttr u config.users.users;
+        # Only set the user if it exists, to avoid warnings
+        userIfExists = u: if userExists u then u else "root";
+        toSecret = name: { owner ? "root", ... }: {
+          file = ./. + "/${name}";
+          owner = lib.mkDefault (userIfExists owner);
+        };
+        convertSecrets = n: v: lib.nameValuePair (toName n) (toSecret n v);
+        secrets = import ./secrets.nix;
+      in
+      lib.mapAttrs' convertSecrets secrets;
+  };
+}

hosts/nixos/porthos/secrets/drone/secret.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 cKojmg 0J8FMcVRf78LYG+dTOFzu3luXwhOjdOg0sx4Jxdccj4
+tdrCcfcYbTZYhL18RG3goiqtyhu3NTn+fJhdIAnU5uA
+-> ssh-ed25519 jPowng qlF8nkSEg5fZgai0VP5eTSlZOHyj5IcalTf+QNWITVo
+O5aiZX0AJD76ixsu6i9xnnFBQANdsu3h6XzdTQ6KtKU
+--- ByMQt9bnbzd8YO0Y93FIYF/lmdbYcOydkYdKxpRQujM
++堍6JNm裶遁[Eb1p)vD究侖PL9捦€z逡<7A>煸!縺贿噮'嘥閍顖卷赿5︰:[控d肯峈撟M抪庱zj<7A>