WIP: add notes for missing persistence/backup

TODO:
* Look at for more inspiration https://github.com/nix-community/impermanence/pull/108
* Do home-manager
* Common files https://github.com/nix-community/impermanence/issues/10

.envrc

@@ -1,8 +1,8 @@
-if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then
-    source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg="
+if ! has nix_direnv_version || ! nix_direnv_version 2.4.0; then
+    source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.4.0/direnvrc" "sha256-XQzUAvL6pysIJnRJyR7uVpmUSZfc7LSgWQwq/4mBr1U="
 fi
 
-watch_file ./flake/checks.nix
-watch_file ./flake/dev-shells.nix
+nix_direnv_watch_file ./flake/checks.nix
+nix_direnv_watch_file ./flake/dev-shells.nix
 
 use flake

.woodpecker/check.yml

@@ -1,7 +1,7 @@
 labels:
   backend: local
 
-steps:
+pipeline:
 - name: nix flake check
   image: bash
   commands:
@@ -9,15 +9,15 @@ steps:
 
 - name: notifiy
   image: bash
-  environment:
-    ADDRESS:
-      from_secret: matrix_homeserver
-    ROOM:
-      from_secret: matrix_roomid
-    USER:
-      from_secret: matrix_username
-    PASS:
-      from_secret: matrix_password
+  secrets:
+  - source: matrix_homeserver
+    target: address
+  - source: matrix_roomid
+    target: room
+  - source: matrix_username
+    target: user
+  - source: matrix_password
+    target: pass
   commands:
   - nix run '.#matrix-notifier'
   when:

flake.lock

@@ -8,17 +8,14 @@
         ],
         "nixpkgs": [
           "nixpkgs"
-        ],
-        "systems": [
-          "systems"
         ]
       },
       "locked": {
-        "lastModified": 1715290355,
-        "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=",
+        "lastModified": 1696775529,
+        "narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0",
+        "rev": "daf42cb35b2dc614d1551e37f96406e4c4a2d3e4",
         "type": "github"
       },
       "original": {
@@ -36,11 +33,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1700795494,
-        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
+        "lastModified": 1673295039,
+        "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
+        "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
         "type": "github"
       },
       "original": {
@@ -53,11 +50,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
         "type": "github"
       },
       "original": {
@@ -73,11 +70,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1715865404,
-        "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
+        "lastModified": 1698579227,
+        "narHash": "sha256-KVWjFZky+gRuWennKsbo6cWyo7c/z/VgCte5pR9pEKg=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
+        "rev": "f76e870d64779109e41370848074ac4eaa1606ec",
         "type": "github"
       },
       "original": {
@@ -89,16 +86,14 @@
     },
     "futils": {
       "inputs": {
-        "systems": [
-          "systems"
-        ]
+        "systems": "systems"
       },
       "locked": {
-        "lastModified": 1710146030,
-        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "lastModified": 1694529238,
+        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
         "type": "github"
       },
       "original": {
@@ -116,11 +111,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709087332,
-        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+        "lastModified": 1660459072,
+        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
         "owner": "hercules-ci",
         "repo": "gitignore.nix",
-        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
         "type": "github"
       },
       "original": {
@@ -136,11 +131,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1715930644,
-        "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
+        "lastModified": 1698670511,
+        "narHash": "sha256-jQIu3UhBMPHXzVkHQO1O2gg8SVo5lqAVoC6mOaLQcLQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
+        "rev": "8e5416b478e465985eec274bc3a018024435c106",
         "type": "github"
       },
       "original": {
@@ -150,13 +145,29 @@
         "type": "github"
       }
     },
+    "impermanence": {
+      "locked": {
+        "lastModified": 1697303681,
+        "narHash": "sha256-caJ0rXeagaih+xTgRduYtYKL1rZ9ylh06CIrt1w5B4g=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "0f317c2e9e56550ce12323eb39302d251618f5b5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "master",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1715961556,
-        "narHash": "sha256-+NpbZRCRisUHKQJZF3CT+xn14ZZQO+KjxIIanH3Pvn4=",
+        "lastModified": 1698611440,
+        "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4a6b83b05df1a8bd7d99095ec4b4d271f2956b64",
+        "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735",
         "type": "github"
       },
       "original": {
@@ -168,11 +179,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1716149933,
-        "narHash": "sha256-0Ui2HmmKvSqxXfT5kCzTu2EO+kqYxavPZHROxQLsI14=",
+        "lastModified": 1698745553,
+        "narHash": "sha256-Fdip7ewCtZTjOu7ATDFUAy3OqrgcyvzDElLXhr4YmmI=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "0d0e224fe23a49977d871ae2fe2f14c84b03322a",
+        "rev": "dfbf198236d40e9741db76936088f05107e19013",
         "type": "github"
       },
       "original": {
@@ -185,6 +196,9 @@
     "pre-commit-hooks": {
       "inputs": {
         "flake-compat": "flake-compat",
+        "flake-utils": [
+          "futils"
+        ],
         "gitignore": "gitignore",
         "nixpkgs": [
           "nixpkgs"
@@ -194,11 +208,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1715870890,
-        "narHash": "sha256-nacSOeXtUEM77Gn0G4bTdEOeFIrkCBXiyyFZtdGwuH0=",
+        "lastModified": 1698227354,
+        "narHash": "sha256-Fi5H9jbaQLmLw9qBi/mkR33CoFjNbobo5xWdX4tKz1Q=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "fa606cccd7b0ccebe2880051208e4a0f61bfc8c1",
+        "rev": "bd38df3d508dfcdff52cd243d297f218ed2257bf",
         "type": "github"
       },
       "original": {
@@ -214,10 +228,10 @@
         "flake-parts": "flake-parts",
         "futils": "futils",
         "home-manager": "home-manager",
+        "impermanence": "impermanence",
         "nixpkgs": "nixpkgs",
         "nur": "nur",
-        "pre-commit-hooks": "pre-commit-hooks",
-        "systems": "systems"
+        "pre-commit-hooks": "pre-commit-hooks"
       }
     },
     "systems": {
@@ -231,7 +245,6 @@
       },
       "original": {
         "owner": "nix-systems",
-        "ref": "main",
         "repo": "default",
         "type": "github"
       }

flake.nix

@@ -9,7 +9,6 @@
       inputs = {
         home-manager.follows = "home-manager";
         nixpkgs.follows = "nixpkgs";
-        systems.follows = "systems";
       };
     };
 
@@ -28,9 +27,6 @@
       owner = "numtide";
       repo = "flake-utils";
       ref = "main";
-      inputs = {
-        systems.follows = "systems";
-      };
     };
 
     home-manager = {
@@ -43,6 +39,13 @@
       };
     };
 
+    impermanence = {
+      type = "github";
+      owner = "nix-community";
+      repo = "impermanence";
+      ref = "master";
+    };
+
     nixpkgs = {
       type = "github";
       owner = "NixOS";
@@ -63,17 +66,11 @@
       repo = "pre-commit-hooks.nix";
       ref = "master";
       inputs = {
+        flake-utils.follows = "futils";
         nixpkgs.follows = "nixpkgs";
         nixpkgs-stable.follows = "nixpkgs";
       };
     };
-
-    systems = {
-      type = "github";
-      owner = "nix-systems";
-      repo = "default";
-      ref = "main";
-    };
   };
 
   # Can't eta-reduce a flake outputs...

flake/default.nix

@@ -1,9 +1,9 @@
 { flake-parts
-, systems
+, futils
 , ...
 } @ inputs:
 let
-  mySystems = import systems;
+  mySystems = futils.lib.defaultSystems;
 in
 flake-parts.lib.mkFlake { inherit inputs; } {
   systems = mySystems;

flake/home-manager.nix

@@ -39,8 +39,7 @@ let
     };
   };
 
-  homes = {
-    "ambroisie@bazin" = "x86_64-linux";
+  hosts = {
     "ambroisie@mousqueton" = "x86_64-linux";
   };
 in
@@ -50,13 +49,13 @@ in
     legacyPackages = {
       homeConfigurations =
         let
-          filteredHomes = lib.filterAttrs (_: v: v == system) homes;
-          allHomes = filteredHomes // {
+          filteredHosts = lib.filterAttrs (_: v: v == system) hosts;
+          allHosts = filteredHosts // {
             # Default configuration
             ambroisie = system;
           };
         in
-        lib.mapAttrs mkHome allHomes;
+        lib.mapAttrs mkHome allHosts;
     };
   };
 }

flake/nixos.nix

@@ -1,5 +1,7 @@
-{ self, inputs, lib, ... }:
+{ self, inputs, ... }:
 let
+  inherit (self) lib;
+
   defaultModules = [
     {
       # Let 'nixos-version --json' know about the Git revision
@@ -21,7 +23,7 @@ let
     ];
     specialArgs = {
       # Use my extended lib in NixOS configuration
-      inherit (self) lib;
+      inherit lib;
       # Inject inputs to use them in global registry
       inherit inputs;
     };

hosts/homes/ambroisie@bazin/default.nix

@@ -1,43 +0,0 @@
-# Google Laptop configuration
-{ lib, options, pkgs, ... }:
-{
-  services.gpg-agent.enable = lib.mkForce false;
-
-  my.home = {
-    git = {
-      package = pkgs.emptyDirectory;
-    };
-
-    tmux = {
-      # I use scripts that use the passthrough sequence often on this host
-      enablePassthrough = true;
-
-      terminalFeatures = {
-        # HTerm uses `xterm-256color` as its `$TERM`, so use that here
-        xterm-256color = { };
-      };
-    };
-
-    ssh = {
-      mosh = {
-        package = pkgs.emptyDirectory;
-      };
-    };
-
-    zsh = {
-      notify = {
-        enable = true;
-
-        exclude = options.my.home.zsh.notify.exclude.default ++ [
-          "adb shell$" # Only interactive shell sessions
-        ];
-
-        ssh = {
-          enable = true;
-          # `notify-send` is proxied to the ChromeOS layer
-          useOsc777 = false;
-        };
-      };
-    };
-  };
-}

hosts/homes/ambroisie@mousqueton/default.nix

@@ -4,21 +4,26 @@
   # Google specific configuration
   home.homeDirectory = "/usr/local/google/home/ambroisie";
 
+  # Some tooling (e.g: SSH) need to use this library
+  home.sessionVariables = {
+    LD_PRELOAD = "/lib/x86_64-linux-gnu/libnss_cache.so.2\${LD_PRELOAD:+:}$LD_PRELOAD";
+  };
+
+  systemd.user.sessionVariables = {
+    LD_PRELOAD = "/lib/x86_64-linux-gnu/libnss_cache.so.2\${LD_PRELOAD:+:}$LD_PRELOAD";
+  };
+
+  programs.git.package = lib.mkForce pkgs.emptyDirectory;
+
   services.gpg-agent.enable = lib.mkForce false;
 
   my.home = {
-    git = {
-      package = pkgs.emptyDirectory;
-    };
-
     tmux = {
       # I use scripts that use the passthrough sequence often on this host
       enablePassthrough = true;
 
-      terminalFeatures = {
-        # HTerm uses `xterm-256color` as its `$TERM`, so use that here
-        xterm-256color = { };
-      };
+      # HTerm uses `xterm-256color` as its `$TERM`, so use that here
+      trueColorTerminals = [ "xterm-256color" ];
     };
   };
 }

hosts/nixos/aramis/hardware.nix

@@ -26,12 +26,6 @@
     firmware = {
       cpuFlavor = "intel";
     };
-
-    graphics = {
-      enable = true;
-
-      gpuFlavor = "intel";
-    };
   };
 
   hardware = {

hosts/nixos/aramis/home.nix

@@ -2,7 +2,7 @@
 {
   my.home = {
     # Use graphical pinentry
-    bitwarden.pinentry = pkgs.pinentry-gtk2;
+    bitwarden.pinentry = "gtk2";
     # Ebook library
     calibre.enable = true;
     # Some amount of social life
@@ -14,7 +14,7 @@
     # Blue light filter
     gammastep.enable = true;
     # Use a small popup to enter passwords
-    gpg.pinentry = pkgs.pinentry-gtk2;
+    gpg.pinentry = "gtk2";
     # Machine specific packages
     packages.additionalPackages = with pkgs; [
       element-desktop # Matrix client

hosts/nixos/porthos/boot.nix

@@ -3,14 +3,15 @@
 
 {
   boot = {
-    # Use the systemd-boot EFI boot loader.
-    loader = {
-      systemd-boot.enable = true;
-      efi.canTouchEfiVariables = true;
+    # Use the GRUB 2 boot loader.
+    loader.grub = {
+      enable = true;
+      # Define on which hard drive you want to install Grub.
+      device = "/dev/disk/by-id/ata-HGST_HUS724020ALA640_PN2181P6J58M1P";
     };
 
     initrd = {
-      availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "usbhid" "sd_mod" ];
+      availableKernelModules = [ "uhci_hcd" "ahci" "usbhid" ];
       kernelModules = [ "dm-snapshot" ];
     };
 

hosts/nixos/porthos/default.nix

@@ -16,5 +16,11 @@
   # Set your time zone.
   time.timeZone = "Europe/Paris";
 
-  system.stateVersion = "24.05"; # Did you read the comment?
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "20.09"; # Did you read the comment?
 }

hosts/nixos/porthos/hardware.nix

@@ -1,5 +1,5 @@
 # Hardware configuration
-{ modulesPath, ... }:
+{ lib, modulesPath, ... }:
 
 {
   imports = [
@@ -11,18 +11,9 @@
     fsType = "ext4";
   };
 
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-label/boot";
-    fsType = "vfat";
-  };
-
   swapDevices = [
     { device = "/dev/disk/by-label/swap"; }
   ];
 
-  my.hardware = {
-    firmware = {
-      cpuFlavor = "intel";
-    };
-  };
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
 }

hosts/nixos/porthos/home.nix

@@ -1,18 +1,11 @@
 { ... }:
 {
   my.home = {
-    nix = {
-      cache = {
-        # This server is the one serving the cache, don't try to query it
-        selfHosted = false;
-      };
-    };
-
-    # Allow using extended features when SSH-ing from various clients
-    tmux.terminalFeatures = {
+    # Allow using 24bit color when SSH-ing from various clients
+    tmux.trueColorTerminals = [
       # My usual terminal, e.g: on laptop
-      alacritty = { };
-    };
+      "alacritty"
+    ];
 
     # Always start a tmux session when opening a shell session
     zsh.launchTmux = true;

hosts/nixos/porthos/install.sh

@@ -3,7 +3,7 @@
 SWAP_SIZE=16GiB
 
 parted /dev/sda --script -- \
-    mklabel gpt \
+    mklabel msdos \
     mkpart primary 512MiB -$SWAP_SIZE \
     mkpart primary linux-swap -$SWAP_SIZE 100% \
     mkpart ESP fat32 1MiB 512MiB \
@@ -11,24 +11,14 @@ parted /dev/sda --script -- \
 
 parted /dev/sdb --script -- \
     mklabel gpt \
-    mkpart primary 0% 100%
-parted /dev/sdc --script -- \
-    mklabel gpt \
-    mkpart primary 0% 100%
-parted /dev/sdd --script -- \
-    mklabel gpt \
-    mkpart primary 0% 100%
+    mkpart primary 0MiB 100%
 
 mkfs.ext4 -L media1 /dev/sda1
 mkfs.ext4 -L media2 /dev/sdb1
-mkfs.ext4 -L media3 /dev/sdc1
-mkfs.ext4 -L media4 /dev/sdd1
 
 pvcreate /dev/sda1
 pvcreate /dev/sdb1
-pvcreate /dev/sdc1
-pvcreate /dev/sdd1
-vgcreate lvm /dev/sda1 /dev/sdb1 /dev/sdc1 /dev/sdd1
+vgcreate lvm /dev/sda1 /dev/sdb1
 lvcreate -l 100%FREE -n media lvm
 
 mkfs.ext4 -L nixos /dev/mapper/lvm-media
@@ -37,17 +27,17 @@ mkfs.fat -F 32 -n boot /dev/sda3
 
 mount /dev/disk/by-label/nixos /mnt
 swapon /dev/sda2
-mkdir -p /mnt/boot
-mount /dev/disk/by-label/boot /mnt/boot
 
 apt install sudo
 useradd -m -G sudo setupuser
+# shellcheck disable=2117
+su setupuser
 
 cat << EOF
 # Run the following commands as setup user
-curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
-. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
-nix profile install nixpkgs#nixos-install-tools
+curl -L https://nixos.org/nix/install | sh
+. $HOME/.nix-profile/etc/profile.d/nix.sh
+nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs
 sudo "$(which nixos-generate-config)" --root /mnt
 
 # Change uuids to labels
@@ -64,6 +54,3 @@ git crypt unlock
 
 nixos-install --root /mnt --flake '.#<hostname>'
 EOF
-
-# shellcheck disable=2117
-su setupuser

hosts/nixos/porthos/networking.nix

@@ -6,17 +6,30 @@
     hostName = "porthos"; # Define your hostname.
     domain = "belanyi.fr"; # Define your domain.
 
-    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-    # (the default) this is the recommended approach. When using systemd-networkd it's
-    # still possible to use this option, but it's recommended to use it in conjunction
-    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-    useDHCP = true;
+
+    # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+    # Per-interface useDHCP will be mandatory in the future, so this generated config
+    # replicates the default behaviour.
+    useDHCP = false;
+
     interfaces = {
-      eno1.useDHCP = true;
-      eno2.useDHCP = true;
+      bond0.useDHCP = true;
+      bonding_masters.useDHCP = true;
+      dummy0.useDHCP = true;
+      erspan0.useDHCP = true;
+      eth0.useDHCP = true;
+      eth1.useDHCP = true;
+      gre0.useDHCP = true;
+      gretap0.useDHCP = true;
+      ifb0.useDHCP = true;
+      ifb1.useDHCP = true;
+      ip6tnl0.useDHCP = true;
+      sit0.useDHCP = true;
+      teql0.useDHCP = true;
+      tunl0.useDHCP = true;
     };
   };
 
   # Which interface is used to connect to the internet
-  my.hardware.networking.externalInterface = "eno1";
+  my.hardware.networking.externalInterface = "eth0";
 }

hosts/nixos/porthos/secrets/acme/dns-key.age

@@ -1,8 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg bQFr9oAnbo1rI/MpUV8wQz/Xj7iZY4ZU+Swf0nSIQFw
-zama2XJ0gdvUlD2GHMhmZqHSxHe+dKSfXnHoWDcSw7Y
--> ssh-ed25519 jPowng gitUwSKTNKWLSxnwa185O7x/u0ul93g8wPESdZaKRk8
-uvBIfAUkZp5sg6rfeEGvL5ZDV8m2uSEotW02kjPN3Hw
---- SZxe5f/CUZBvPQa2Sz/UBY3L68rMkIGGRuZPk7YE+Vg
-¾r ú
&…¥‹{~v?¨}=Ä
-}+
¿SQ’M[²]Œ±kMÒAàtŒÃmMë/£µLsü|Þ…m©CÀñiYC}ƒŽ‡çxŽ€
+-> ssh-ed25519 cKojmg 0bz3W8QcGaulxy+kDmM717jTthQpFOCwV9HkenFJEyo
+NKeh1/JkX4WAWbOjUeKLMbsyCevnDf3a70FfYUav26c
+-> ssh-ed25519 jPowng Q59ybJMMteOSB6hZ5m6UPP0N2p8jrDSu5vBYwPgGcRw
+j420on2jSsfMsv4MDtiOTMIFjaXV7sIsrS+g4iab+68
+-> z}.q-grease s2W<qM_Z t
+n1Yfs/gmNsl/n9HtuKBIIT8iwIjYca2yxlh7Q1XAT1B+RZ8oGjW8yCPj1unbDGZL
+e5BfLO3zgkEZnQ
+--- FSgNKEdDeeTjCx9jN9UtOFl58mC/Lbu1PAYRGK0CZW4
+U€¿+æ©jïÝ{gø`GŽ›ÆàˆR¾Qk]šóïdÐ6å˜ú‚y5T²$Äñs~Ùh‰Ä£òÔ<C3B2>Fº¢ç%°vöÌm<C38C>

hosts/nixos/porthos/secrets/aria/rpc-token.age

@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 cKojmg fpiyZo1AR5hCfk/KtbgWCTzz+05/VOUnnaHhWgXQRwc
-d2w9IX/kq/T6OwQ1zImsCmzIX2yfFD8hQDbs0IW3ZIA
--> ssh-ed25519 jPowng E9R7p9NCubUQrymjnrNfEjSNIIAXrBQLogNkWsOx8xc
-MrWEE5LNtOqAjnwA6byfSa1udnbUtqBy4FhdxipuA+g
---- fKgerjgGs+brvNKnrWdpmOadl34LipMT6Msqse2g3E0
-Œ¡E9³ï¬‚KYRL-‡„°¡Ç·\E–ŸK{ÃÜ7âço»ïò²XÂGx<0E>ÍT’Î)Ëœôä<C3B4>6°%ˆ­LO€Tðÿ*‰™*8\£É@G

hosts/nixos/porthos/secrets/backup/password.age

@@ -1,7 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg O3DMSSPQP9/ehXmzs0xcCGllu7VSzhd6b4Pii8t2vWQ
-Ys1nMv2384elWWGW9C8HabvwUeWu52VsQpxx9L/4/dM
--> ssh-ed25519 jPowng ft/9SX5fpG7+7gHMubaFtb+50/gfNgmaofOVq5UjRUE
-xMwdFjFdkH0Li+PikaFt0WAZbFUu5daHgkfN8aQQumo
---- 7DVINvXIXdE1MRwIkeajonYsy1cp4HugCxfTeub5SXU
-<¥ö¡Ãñ<ýØ{VÇ?ñfk/¤áI®"<22>ï×/5K"Š¸(ì¢ùiÃÔôìñ
+-> ssh-ed25519 cKojmg dgS4bezgtDi44R1A8am+J6zh80kUVYTo1heaxJCtzX4
+F3w/62xwtqYa40NU7OvF9pnZzYz/5hACAGJfMA4e2zw
+-> ssh-ed25519 jPowng lx81CK3yeNp9RjHCUFJeKYZlRzxBmXuADVBvRc13zCI
+P7e75t8xU+ZkYmeQ8mmMfyZZsRdG1J8yrvSUkiWzkFQ
+-> *z4/`-grease S/)a{e sFd";=
+--- 15FVhqRTkoPFEeETRRyFQhsv4Fn19Ozlax0u8Zy9mNA
+õ#+¥àÎvøSÈ4èá}<7D>§Rì%‹Î¯F4fnDœ˜J¹¤Z‹¸A¥Û™,_

hosts/nixos/porthos/secrets/drone/secret.age

@@ -1,7 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg 0J8FMcVRf78LYG+dTOFzu3luXwhOjdOg0sx4Jxdccj4
-tdrCcfcYbTZYhL18RG3goiqtyhu3NTn+fJhdIAnU5uA
--> ssh-ed25519 jPowng qlF8nkSEg5fZgai0VP5eTSlZOHyj5IcalTf+QNWITVo
-O5aiZX0AJD76ixsu6i9xnnFBQANdsu3h6XzdTQ6KtKU
---- ByMQt9bnbzd8YO0Y93FIYF/lmdbYcOydkYdKxpRQujM
-+堍6JNm裶遁[Eb1p)vD究侖PL9捦€z逡<7A>煸!縺贿噮'嘥閍顖卷赿5︰:[控d肯峈撟M抪庱zj<7A>
+-> ssh-ed25519 cKojmg 1+cLlzctgcM0FnVDwMPOAqBkvMcDBRg8SvCw4djI93Y
+oV2XI4f1AvM9P591kZZ6NgJXa+SDtqGzCSgc4psOmxM
+-> ssh-ed25519 jPowng Ufjfh1p350XxRPg95+/DHdmnl4lC0bbzUUlaxd1Bmxc
+/RHwFDSn2ov+60r1uHUigrsn99+GmmKmlk4h4T2gbA0
+-> *Lc$@-grease
+pzVJAHy1qRq3jUrnFV0DDO7/hwV1US4Ogf0RsrVfX0xzbr73uJ003YjieVB25LqN
+--- ME7/iVevyiguyhXugbkVFGzJV0yDccyKNlWbEZa/FmY
+YžŠXjb2uþnd;i0íýX]…§é0–þjé’L„PÔT~óú ƒÙ^kc”$D×ÚÛr¹úu³¶fr€e¸OÕ¸þ<C2B8>+p•¨<E280A2><C2A8>&ãw®öϨ

hosts/nixos/porthos/secrets/forgejo/mail-password.age

@@ -1,10 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 cKojmg Lhgx43wR8PtAMf5v1eJxKlUBSAoOLdOOn/QaQrwF8zA
-jfUCpgNzkHCNTWCqtErDaLMmg1Oy+s9zUra1JLCi+J4
--> ssh-ed25519 jPowng kSeQ/SmMrzd8ByVu3YHWeZyKmqFZvQSBnDunkB8e6wc
-WRmnfrV5xcRXA9t0ZXx6YvbRl0sX4PTrw63VVKX4Ei4
---- a+LLM1gP9g1AbUapbeeKaS4cEcRBmPo3MHU2DSWTAds
-Ò,FÜÒ6”â⬘ixÌ<78>°Øe|
«
-²
-ÌÏœ,{†
ˆõvª!–†‰zÜ$P;ãé©TØÆÉKW
- qGô

hosts/nixos/porthos/secrets/gitea/mail-password.age

@@ -1,7 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg 46BI3ItrXRWMivmd/K8bmkKlrYFSr8cbehAkmwCskig
-gTjYquH1hDEZ2zWD5P7gN/ejTCH8JJb8bC/VLZ3koeg
--> ssh-ed25519 jPowng 5MqfJlasDbbqlI0dX98NZzHxmYmnnpveyBxa4z48V0o
-r7Yiv4+SZiDncD0Xzp5eFSP4f2yjGBOILKxEO1iT3Os
---- l43+JtT28i1YDhNX3hE3Qb7swskOBc5ghDqiyh3rU2s
-Ž+)´”¯ÛPô¢nåWT,.<2E>‹²e
ÚNW€Îñ YƱkç
ÿF4Ê#=˜)üîò™6Ö±ÛmȵîJ‹<4A>ª#
+-> ssh-ed25519 jPowng BkIjie2KrwDLaZYYIguCs7TPA/wQy+YPguikuhfye0M
+7viTA/EGYB/jRKQm6fFd86DMd4j+Jxsaw/xQ1T8ZKNo
+-> ssh-ed25519 cKojmg t1Y8bZvPccNAX8vWQLTfCyOJIBXN515vyfFrEI2EVww
+bJEjpIWrKeQrA/JfY7FRdB6hpHwR/aG4Vya1ChFNBKs
+-> jK/-grease Oz.R ?;)G ],
+AuHk9TcC9kl0dg8/L6UfHIk3e9fgGwSTJAJpVgInhok
+--- 47z9lol5MtpX0IsO/0ggLDMcNVfl4lNNvoHUSwOU/18
+)gЪeuÞ!œš-
ÞTì¥YAðM+ˆãGbMe@­|A,è&ãÆE!܆p=P²=û9¹ÙP¹!Üö’Q|Ðä r

hosts/nixos/porthos/secrets/matrix/mail.age

@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg u+5VWUy7eFq4boAIOhuKXZYD4mhczaUAcjz4+coVggA
-QlBHHgz7uY3TVgex59yZA0XgsIeHi2WN2S+UleC7bMg
--> ssh-ed25519 jPowng IyeI6WUjF8wxe92xD3xY++4ZqXtY8divB39eLWfAtm8
-eGj8w5X2ydS1LJvNSmo56xzRVoUB0iAKKs2NHX968Yc
---- hsYH9lUl3wIErJmBKzlWV+gIR5v6vgPIcNDgd0hiRGc
-¹Ã@Úl<C39A>ôQûsÈ„ÿ×£©Dƒ}^{ºžá¾X)¸nYóJhXhg8wƒž´ ­ “ú°˜Ó¨Ç‚Çw–‡y(œ–aè¸ìê.0>|ÚPSlOÃ|ÈÊE‰õÂÙé°€¡<E282AC>BWó_ˆ³ÜÌ)|x4©„šºë\_F¶
-ZÒo0=dts –j<E28093>[ùŽõ0O+ÑÕRž8±‡ÕiüËçŽÜ»ˆõŒæÆdÀ«ß8j»â©ê
-‚g¹©‘–$xŒÿò¥Æbâ÷í<C3B7>­˜äX·¢gÂ^¼íùG¼Êô¤Ž$UÏûB*ö°é²¡£ÈÔ)[t¶ÃHa•vŸ7<>ÌÑj£âD.z¸+¬[~–õÁÃé9Ùý<C399>àz¼øô`sé¶,_!^YÓïʯ2H¹øS‹¿¼©øÅ<C3B8>øý*âñó@êj
Z^ˆôæÎv~غ¶@ò<>
+-> ssh-ed25519 cKojmg lmu3MinmydRHD0A/YVRRtopermfoBC8M8cTHfVanY1s
+ygrtpZZJ7aeQTblNazpoP7DdifmDxHsE3DFJsIrWX5M
+-> ssh-ed25519 jPowng X0cihOc+fBtmtrkEivIHQngdYIobezXEF1x+pHqNzAw
+/+sw9x1NWY0anZhDMpAywBPrR0F4XCHaF9e8j/Yo/kI
+-> 32;%1s-grease
+JafjuSZty6a4NSO/y4y5wHWL8Mw
+--- dwCl66vdpsL0MR5NWWvg3JUnQ2QZQBeW0Dj0l5tvOKY
+oi,`ÓÜ#uÄwW%PoubÚ­cy8<79>ó
ƒÃÉ><¿F‰Ååq…ÂKÂÇk0Çk/<2F>hÀ¥Ÿ5势ÝF+ýu‡ •e€<06>¾Ÿ²óôbãè>1QŠ2®ñwn˜WbÖ–B˜âî<C3A2>iŸ^xurâ†-/llùÒÀÀ-ã=°7;jã0»I×%Fi¼<69>í€ø‹™A;Y†ìUd]KÅI0(½ ”øAg£Ðóž^†uG:äpkJ’Ÿ:q<>¢šWSaLw¯¿Ô!ïM
³4ã L/ùZŇ®¢D¶-XéUb»‘vÊbP‚ó›0ÇÅfÂ9êú<08> †âJ`ÃX°ôÐOÅ!s›{ÙÄQAšc€c;ÏÃÑ‹4öMíچݹlxH&ïéöé{é}ÁäÛzZ¦œ‚9ûÊXžÜ“g‰]Vϱ•0gt¡¿…žw·

hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age

@@ -1,8 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg xRtF3XVc7yPicAV/E4U7mn0itvD0h1BWBTjwunuoe2E
-OkB9sjGB3ulH4Feuyj3Ed0DBG4+mghW/Qpum9oXL/8c
--> ssh-ed25519 jPowng 1r8drqhz1yZdTq0Kvqya+ArU1C2fkN7Gg9LiWWfeUFg
-cjbxntVwHvqLaJpiKs/Y8ojeb6e3/cLFcsoeuoobfFg
---- B1qA2PylJBrdZxZtCzlU2kRPvxLM+IrXTvR+ERxVtTY
-"W9<57>Äbg¸©~Ì/áÕb4ãÕ†ú³ÜÔIÊ
-Û}ð
§ËÅË-³²ªNó±”ÑC7vWœbºØ?¦8=œÉwÆBÃUpJClï²OÈ™³œnOÁ\
+-> ssh-ed25519 cKojmg N182xey8TWRVUWTRP16rT0zlhYZNr/pOZVR7YRnlIkk
+HVqAag55z1cKLgjR3WsUj2wvaVjxm169JcDRJGRvCVU
+-> ssh-ed25519 jPowng Dc+aaUTxDsMTY+oOst0SC3ldq1e6zX8F5A5uBL5RHhc
+JWZou6+VaFc5f2OLRIrmFFWg3Er6WSY+TloXU0mP1K8
+-> |9_9Aqh%-grease $ X8Mn|5 aKnl' fl<D{T-
++fAc0cajqxhYWu55HCY
+--- SrmtWXQXGYxNTabSrb5tBRXHnK1F22Qoiy7hKYrrF+0
+ñD·û²:,õn0i<>½Àß^ÆŠ`üÔ2Æ#y'ý9ÖñÓÒŽéÿæ<C3BF>r]ÀØ›¹x“³S=ú°ˆôuJéEÛóc€lH Ê~eÅ‚›ŸKtévo'êv+

hosts/nixos/porthos/secrets/monitoring/password.age

@@ -1,9 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg l5lOlGnbvQ4D2kaSj1dd8Xr+btlNbTkT0SxSz02Vr1E
-Cjy73yKL1N8LnjRXXLpxX+wIOFCa8wrG44VjXUND1lI
--> ssh-ed25519 jPowng nYHfkP9dRkxu4Fqh8MgrbdZAc8gk+VGDyxIV6RsSeEM
-rKKi1NDoKMMzQ+kUs5ZX4zMqRBI0QwGY7q6K/L9+dLI
---- Umv3UCtXlApug7uuqmwbQN38i8Lx9/b0uhLgbc3OdZM
-äBLsś ‹?ÖsÓ“s<E2809C>2Îy
-R0ą‘!<fü9txB7dň<13>™ÚŠň^©ô É‡LJ&ń
W
€<©e]
-ţ/$$
+-> ssh-ed25519 cKojmg OdLtFHbHbc28rUn47vgsVvXxFNg9nF+9y9R6XOK390Y
+yQQYUPQGjN2+xrSqqBYa7/zS618KrVjX5Amw2MFuSLg
+-> ssh-ed25519 jPowng NwUjiLtiXVi6XFmht5l1CxEs3gm0oN4vHYwDZyda7Q4
+di6znVjNRO6QdqteVNkeot5Ko2NwWLe6v+zVR3f+o10
+-> 4Vx%\(-grease ^^Z>EC91 R 2BJ d48Wip*s
+yPiBgChRF31XgxccQFLO3MzRL7+5s29sfRoF3W1yUX6Bu59MpxD4D+n/jhLcxSH/
+CxW7KaiOctNmPm5tWh6qjmgQ+V4bcAji5vo4FKs40l56cfyueEJj+Q
+--- WUGF28zqK9E1AlOeeCtSHxFg6ikRy85gOoLtBd4m0y0
+.|…rr>©†ðìì1ÅÆ2SÉž.×hw<12>wqºš%i˜øé	‚*U^­)Öè'qžµ›O2ÓœümòQÝ7˜¯m`

hosts/nixos/porthos/secrets/paperless/password.age

@@ -1,8 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg 1hbRAuAGrTy6nmkAq+UWua8weywphZsTIGF68YQEOlQ
-92Q7uIKv1EiO73wMh53jrTuEkzP6ziBmX9SWXCl4d3w
--> ssh-ed25519 jPowng aPb9v/S/mLW95Qom+swvasqY878RxpxxOkMJA2wb6nY
-qu/dzcqciqKzNc28HqFMHA1XnrJy+/wWgbfM1+BrlkE
---- 8PXOozvZzNZQD2OT4a+0XuIQauzUGSvovdfDugmp+bc
-x²Ž‚ê Ã>ùý²ç¦©ðóÁÇ_ÏC9d™T5ŸûKzЄqØcZ©°É¾pŒš¾¡ ใºv
-)Œ³õ²¥
+-> ssh-ed25519 cKojmg zhpo89xef68JoeOFWzhdFshrj2BXXUCFPMLVJzv6EyE
+fmJxJi5rmyai9qGwDo7iHg4BrObGre96KCpl+g91O6I
+-> ssh-ed25519 jPowng INA6EZdy4J1p3QY5mfVOQXiLdOjIDaZR+CZMP+GfkXM
+8Nf5soaxY5SEzeJca5kaJkx7ByOvc4NkJVetB7wpEmo
+-> xjK'w-grease
+f5v0cvlt4JbHlAwDOob86qOInWdlN/oohTg
+--- NTGv4rr+MhJ/YeZhVHOjoS1V+zCHFf2itJYfK36R+wE
+š×—®JÚ dő– oŞę'YFUź@
+r7”ă“_N$‰˙Ź–č‡>‚ˇę]hq»-¨FŰ°qX˙?Î|?µĘ

hosts/nixos/porthos/secrets/paperless/secret-key.age

@@ -1,7 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg r3ZUTfSNcHc1TS2fVtk99Y2xJMMunkwkcR0dQIdiCi4
-LICSnzAaooGy6x4wt0vNM6YtQ4S17QohZNt7lfVrD6Q
--> ssh-ed25519 jPowng KLU68ws4lemr0wWHxm8H8pf1SQAoUZTN4QSPzk2PyHk
-6pjH1pI956oaf9ZIHPPq8p3g/mZC5GxWhWkT54Wohf0
---- cAQbniTwwtTftfXU/dGtA69yF/hh8iB97vHxvkIZMMo
-°c#Ž=^Ì~?5ú-w—NT†Ì¡<C38C>¨+¶¨Ä!z¥<7A> "’ Zö"2ºëðù×M!pž5×V¬ÈÛjçΡѡŽâ¥âL¹ÁÌyóÐŹúš›n÷ÄŠ8zQö°+¨ËÁØ©9WSµ§<C2B5>Æ0¨u}YÚ
+-> ssh-ed25519 cKojmg tZwn2usN6K62oS4vBa6boh9zEp/+cS4chP8boXG6SH4
+Fr3kV8gUDoiDqMxPYWsHyww8umYhQEKhqbVBiVw5NeI
+-> ssh-ed25519 jPowng wRbJl4G85obH/GluQBBsXE7MOvooEui65eqHfurvuQs
+KqVZMBSyHhkayEdwI6ocmA4qhHY9zYJvg1CEKM1SOa0
+-> 2E"/OFW-grease o Qp3HFe^
+bGhCNicPqt7txqxUiEWXCFs1OuQLqOqHmjHSqYQv919dqYep/xBXzi/aRf3dsdvh
+TCJCTvZG31Qxvikp
+--- xKJGbdVp+Z5h0vCBleSF2zYYYd2S5i0y4szNqjRwrDY
+Tª
/N¯<4E>¨¹i7m4‚#³MhiñP¹šÒÞ›Á¥-ÏgI÷ñ±%@E†(›i
ÿ7·ý©ýYg¦k±´"+㸠Àª(þ]o¨¸–ý†ð<E280A0>@báÊÞ§+Ï[‚Y"ÿ‘ÌBóóCR[ >-Ë.4d…¤b9v

hosts/nixos/porthos/secrets/podgrab/password.age

@@ -1,7 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg bICZUDqk/C2divEZu2lxUDsrtS1inSbDbS8hxJSJfHc
-FsfueyP6WCesAu5EcXIxxtvbb8RX09qNTN9GvuhYuTw
--> ssh-ed25519 jPowng Uujsu6c+QTXqCNi6c+zxk5tf0UQcG+Qm/SZF4dzSKCY
-RPVNNNauz73A8kWA0VSQiMWCerUkxPoXG2MUrFly3Bc
---- 8h4hGasOwZxk+i5aQfg6AzdA1G4wROhxz2rmM9u41b8
-{Rﾜ<>ﾗ=42<34>
y<>咨ｯ眺ﾃj嚀廁<E59A80>WQ▽隯%畊ｽ宅	顕褜返<E8A49C>弁K<E5BC81>ﾄ蘊ﾏFｮﾓ?埴膕K歯｢
+-> ssh-ed25519 cKojmg 8rcBI7fYHuA3jO6EzJNFaAj2niIApKDt1HQEv61AKTs
+ANxkIX/CeI7t7Zqp6wmjt/D194Z+xpeiidb+qvYzoQU
+-> ssh-ed25519 jPowng oruewwTM9X/HjjcmOPcQVdp02rQBlgJPdzvlAffs3T0
+MrO0kaNhjgOkNHuz3NrIMWXNrXOHH9dT/Fk6hoQNKyY
+-> COK%H7-grease
+6yfI90QurOKlM+kgpW8KZ/iBzDYD9yhNmjG1LQ
+--- uArz8eHg8sLO0sdlkM6cELFh+FHiI5BrM0+iXJxxiDo
+¿vývû´ÊNÊbæ@Ÿ¡Â<C2A1>FÛMMíYËÆíÌ&‰’/%¤¹Ñm¨®ØtÁÖ“ªd†h„­|¡ðŒß©8¼Ž Ú½¨9‚®<11>Cã¯/Å

hosts/nixos/porthos/secrets/pyload/credentials.age

@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 cKojmg nJbOfp0/wmFOZLzcWjoGB7wEB8e56aO1NntSmn5KomU
-/Vio4Z/t7IPJrdzdwUPidVH3wrouSkwRzNHP0T4z3x0
--> ssh-ed25519 jPowng QXg/xqs7/VfkYQg3X77w4i53q64bL9oYeTxqb9NVhiQ
-sMHIXlmrIxtIr+s0X4lBqev/PPd3AKD5P7AP5K4NeJg
---- gzTn+6+aa4Ptic1lsvSt+r3IEBysHrvMMIyONogMDF0
-<EFBFBD>ÏÂ<EFBFBD>Ë®UE_í</¯çQ·Ü+U“AГMÄÿ/kï×dAL/”úÕįÍoæ\XïEDÇÑfã\ièÄ‘½àpF„`#¬n4è–x1î<31>ûÞèDëàÂË5CéЦ&fòB»q${Gg…Aqˆ³@üVu!Cc…R\ªÖ¨

hosts/nixos/porthos/secrets/secrets.nix

@@ -12,8 +12,6 @@ in
 {
   "acme/dns-key.age".publicKeys = all;
 
-  "aria/rpc-token.age".publicKeys = all;
-
   "backup/password.age".publicKeys = all;
   "backup/credentials.age".publicKeys = all;
 
@@ -21,24 +19,13 @@ in
   "drone/secret.age".publicKeys = all;
   "drone/ssh/private-key.age".publicKeys = all;
 
-  "forgejo/mail-password.age" = {
-    owner = "git";
-    publicKeys = all;
-  };
-
   "gitea/mail-password.age" = {
     owner = "git";
     publicKeys = all;
   };
 
-  "lohr/secret.age" = {
-    owner = "lohr";
-    publicKeys = all;
-  };
-  "lohr/ssh-key.age" = {
-    owner = "lohr";
-    publicKeys = all;
-  };
+  "lohr/secret.age".publicKeys = all;
+  "lohr/ssh-key.age".publicKeys = all;
 
   "matrix/mail.age" = {
     owner = "matrix-synapse";
@@ -52,10 +39,6 @@ in
     publicKeys = all;
   };
 
-  "mealie/mail.age" = {
-    publicKeys = all;
-  };
-
   "miniflux/credentials.age".publicKeys = all;
 
   "monitoring/password.age" = {
@@ -79,8 +62,6 @@ in
 
   "podgrab/password.age".publicKeys = all;
 
-  "pyload/credentials.age".publicKeys = all;
-
   "sso/auth-key.age".publicKeys = all;
   "sso/ambroisie/password-hash.age".publicKeys = all;
   "sso/ambroisie/totp-secret.age".publicKeys = all;

hosts/nixos/porthos/secrets/transmission/credentials.age

@@ -1,8 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg Froxrdh4H2Bsj4X2xicyBXHPRlbkRJAOztoTfzxItSM
-FnsLS2QYm8mJUO+c152FieLCFkALxxwQLnY4PAj8zsU
--> ssh-ed25519 jPowng pKl4p02M+U5JsiOnM2wXL5bkPwsI3IHjlTutlvez3zM
-NSuOFsyV8JqtTq97lNzacJnJ3YZgWp53XxU3mjUlcMQ
---- 2TK2ViFblmDheaYdat/GF0ze1wVsla1EPLaeRdMM4Gs
-®àµÕ¨ENÜžäm›Û2uÂ~Ju¼b´´t[Ý$Tñþ^‘2–°<E28093>½jœÙÜi@xªÒ¸*Ä°
g[MÞH½½Xš!”‰6Áez¼…¥DW]ÓÕ<‰–`XÛâêÁÜÄPóéý÷ÃÞ›
-¶¥q*Îo¼½ÃÑ$‚åÓ<²
+-> ssh-ed25519 cKojmg mP2H3PWJN6Pv3q6C2wci3KnXjtFAIiuGy0YH0sGIy2g
+f43QqyUQfTYznszub47kgc2Mz95zVScTDkwnG3INi9U
+-> ssh-ed25519 jPowng fENbu7+FZ1mnQQHQCLm1spLHmsQGlRoJResUJtGzYkY
+hX+AqCkLCca6m/aKtGCThi7/mCCz/TZQNJNOlOmlqyA
+-> J<-grease
+n7+CPRr4oazWnE7yzpJN2ZAI4QrGsAerloP4wNeebjQDx8+IxJq1JE0g3Yi0RxzN
+chDccuSPLYk45Ov+SD/qqqFZlQ
+--- p81HYw3LFj+qz2kiZsDcevM4ZBfvN743P9Jdi7J9XkM
+‚¢ìÛ±S·7 <EFBFBD>‘ý£÷ÜãV»»Bðßâø±³ˆ¶ïO‰lEt˜‹Á…šqý</Ç—Ø©9²ã(ØP†$Wƒ0h;÷‰±àJy¯feø‚ >·_D,PºVFp\æ"AM}èg?<3F>ÿ<EFBFBD>Ý/\²Ä;ùy’¬Óš(<28>ÑSñKË

hosts/nixos/porthos/secrets/wireguard/private-key.age

@@ -1,8 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg KslHl4v8yCsKZn5TduLgpTfpTi1uOInC9N2e8Ow83FI
-NzcJJr8kw1ykAdWRZOeWdNhx0BTgE7FwTKcge+yLJ/w
--> ssh-ed25519 jPowng YGWcOai0A9l2HDZyV0GtD8kEbY/xTUssODFBcseWAkA
-nJaHXkipFSHdyektoKV5y1jQrjkvnU7pwZwAymiQm7M
---- IgWkDulol1jRa+pcx7DbEy5pvC+2nrRJHsdQVPvPur0
-Bb<ÅŒb!ÏëE?:ÇÓô=÷srJC<4A>œüKz5ø®Ô{–Æ4`¾&N0€ÕÈö¹57ñüví’©+´1
-+(d§á¡{ìQŠÙ
+-> ssh-ed25519 cKojmg +WwRpd2MzycutQFXyLsr2+GzSgF67Z6UuvyqYZaLd3w
+sppt8HzaZP3yxnvnhzjl18Trnz8g3VyXJ6CaVBWd7jA
+-> ssh-ed25519 jPowng wanoqGB7T8bim/WZ4IAYViFQoGzaIZSgeoTr3YKpeTY
+ihDAdGa1XVW/qQz40V1v7a7iK7tu0EHMa7ayIogpcRw
+-> l-grease |PIcZ NIr >0;*
+4o8o0bevQZ6uDSx1WxxlDCURbFCM+yK1XPdrb9aztCSvG2a+ne78E42l5rBcoH7I
+m51A8uWS4nSj36N/76v6K4kelxKzWUg
+--- O6cGbTAVbDcdmPHf7UzfZiyiRtu1yfL4sBI+CkJA1qw
+ý
qýŐ$ň`żw'čS“X¸]Ąá÷ř®úî…?¤6‹Đ/ĆN(Bžň N«a”.˙ HŽ7żí•I<E280A2>ú÷Ŕoz‡/4:sK",7J

hosts/nixos/porthos/secrets/woodpecker/secret.age

@@ -1,7 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg tAW2hbBSxsael6cdbN+vI4h1/PMNrWYct8cppCAasn0
-cex/wBTviSIXc8clNm5PGltTYa1Q5PwqlX4BGsNHiyU
--> ssh-ed25519 jPowng YxfhtpytvuhIARQAaJ0w94aOZiGNUOBR0pF+Sp80D2k
-nMon/VdYUQTs6LFccDGeIKWeNYib1wwtFmEYZkDZxg0
---- giL477X0+uZ2Ocvbixt5f5kNc1laj5P79oW8P9XsNP0
-¨›Ãd>ò±cE?nb¹vš_²'2ûûà³<1B>Õµ¥_6P›u:ÊusºE“8õ“ØÏ“xuڶ̪…Îxù̧ïžC[†®°
ˆÁ.õêŽ6‰¯  qÌÀÍîJ°Ä5GäKÌ)N<ÊyYÉ¥tX=l7
T´2­¨ùRÙ
+-> ssh-ed25519 jPowng yz0I+AazPmamF7NOnwYNrPE/ArarU01jd2mVDJUPSTY
+6Y/YQ7gb8cAZf3zT9SKOorvfUnU7kYff+gHh8fG2mY8
+-> ssh-ed25519 cKojmg 0FZU9v8eHsVeE+EoX9Y4IgfIj/8+45waPaSnSDb961I
+L6SzJoh5xqai45scoVAa6v9zslBGFYNnZY044d470uQ
+-> I[G-grease p
+AMRQY1alSzHi/PLL80kcvnM1Z9YNfoUo9u5alWXYMyzrRsg+vXjMuBvAXg3fmnzr
+wdOowTYMRV+jEG8vzkcQTsv+f7JIyo4DvOOaPyGfWMl1
+--- ih3IAFPcN1JP3FP1vcRGnPrfk91yrnIX0m/Szkbcf7Q
+ÑmW„r‚µœ_\)Í°]QŠ¦xMÃs/݃Îݪäœó‚Í6óº“k±äÅY§xïMy¶ J¿¸‹GßÃ)i2_'ÖœHF€þ.âg_Îe5³#uätñØÕ 7j„ŽPñ²'TÞ¥8´•\IàW«UùäK­°1Úº9½è

hosts/nixos/porthos/services.nix

@@ -10,11 +10,6 @@ in
     adblock = {
       enable = true;
     };
-    # Audiobook and podcast library
-    audiobookshelf = {
-      enable = true;
-      port = 9599;
-    };
     # Backblaze B2 backup
     backup = {
       enable = true;
@@ -41,14 +36,14 @@ in
     flood = {
       enable = true;
     };
-    # Forgejo forge
-    forgejo = {
+    # Gitea forge
+    gitea = {
       enable = true;
       mail = {
         enable = true;
-        host = "smtp.migadu.com";
-        user = lib.my.mkMailAddress "forgejo" "belanyi.fr";
-        passwordFile = secrets."forgejo/mail-password".path;
+        host = "smtp.migadu.com:465";
+        user = lib.my.mkMailAddress "gitea" "belanyi.fr";
+        passwordFile = secrets."gitea/mail-password".path;
       };
     };
     # Meta-indexers
@@ -73,10 +68,6 @@ in
         secretFile = secrets."matrix/sliding-sync-secret".path;
       };
     };
-    mealie = {
-      enable = true;
-      credentialsFile = secrets."mealie/mail".path;
-    };
     miniflux = {
       enable = true;
       credentialsFiles = secrets."miniflux/credentials".path;
@@ -139,15 +130,10 @@ in
     podgrab = {
       enable = true;
       passwordFile = secrets."podgrab/password".path;
-      dataDir = "/data/media/podcasts";
       port = 9598;
     };
     # Regular backups
     postgresql-backup.enable = true;
-    pyload = {
-      enable = true;
-      credentialsFile = secrets."pyload/credentials".path;
-    };
     # RSS provider for websites that do not provide any feeds
     rss-bridge.enable = true;
     # Usenet client

modules/home/atuin/default.nix

@@ -25,8 +25,6 @@ in
         search_mode = "skim";
         # Show long command lines at the bottom
         show_preview = true;
-        # I like being able to edit my commands
-        enter_accept = false;
       };
     };
   };

modules/home/bitwarden/default.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
 let
   cfg = config.my.home.bitwarden;
 in
@@ -6,7 +6,12 @@ in
   options.my.home.bitwarden = with lib; {
     enable = my.mkDisableOption "bitwarden configuration";
 
-    pinentry = mkPackageOption pkgs "pinentry" { default = [ "pinentry-tty" ]; };
+    pinentry = mkOption {
+      type = types.str;
+      default = "tty";
+      example = "gtk2";
+      description = "Which pinentry interface to use";
+    };
   };
 
   config = lib.mkIf cfg.enable {

modules/home/default.nix

@@ -23,7 +23,6 @@
     ./gtk
     ./htop
     ./jq
-    ./keyboard
     ./mail
     ./mpv
     ./nix
@@ -39,7 +38,6 @@
     ./tmux
     ./udiskie
     ./vim
-    ./wget
     ./wm
     ./x
     ./xdg

modules/home/direnv/default.nix

@@ -7,9 +7,9 @@ in
     enable = my.mkDisableOption "direnv configuration";
 
     defaultFlake = mkOption {
-      type = with types; nullOr str;
-      default = null;
-      example = "pkgs";
+      type = types.str;
+      default = "pkgs";
+      example = "nixpkgs";
       description = ''
         Which flake from the registry should be used for
         <command>use pkgs</command> by default.
@@ -39,7 +39,7 @@ in
       in
       lib.my.genAttrs' files linkLibFile;
 
-    home.sessionVariables = lib.mkIf (cfg.defaultFlake != null) {
+    home.sessionVariables = {
       DIRENV_DEFAULT_FLAKE = cfg.defaultFlake;
     };
   };

modules/home/direnv/lib/android.sh

@@ -1,57 +0,0 @@
-#shellcheck shell=bash
-
-# shellcheck disable=2155
-use_android() {
-    if [ -z "$ANDROID_HOME" ]; then
-        log_error "use_android: 'ANDROID_HOME' is not defined"
-        return 1
-    fi
-
-    _use_android_find_latest() {
-        local path="$1"
-        local version
-
-        version="$(semver_search "$path" "" "")"
-        if [ -z "$version" ]; then
-            log_error "use_android: did not find any version at '$path'"
-            return 1
-        fi
-
-        printf '%s' "$version"
-    }
-
-    # Default to the latest version found
-    local ndk_version="$(_use_android_find_latest "$ANDROID_HOME/ndk" || return 1)"
-    local build_tools_version="$(_use_android_find_latest "$ANDROID_HOME/build-tools" || return 1)"
-
-    unset -f _use_android_find_latest
-
-    # Allow changing the default version through a command line switch
-    while true; do
-        case "$1" in
-            -b|--build-tools)
-                build_tools_version="$2"
-                shift 2
-                ;;
-            -n|--ndk)
-                ndk_version="$2"
-                shift 2
-                ;;
-            --)
-                shift
-                break
-                ;;
-            *)
-                break
-                ;;
-        esac
-    done
-
-    export ANDROID_NDK_HOME="$ANDROID_HOME/ndk/$ndk_version"
-    export ANDROID_ROOT="$ANDROID_HOME"
-    export ANDROID_SDK_ROOT="$ANDROID_HOME"
-    export ANDROID_NDK_ROOT="$ANDROID_NDK_HOME"
-
-    PATH_add "$ANDROID_NDK_HOME"
-    PATH_add "$ANDROID_HOME/build-tools/$build_tools_version"
-}

modules/home/firefox/default.nix

@@ -36,7 +36,7 @@ in
       nativeMessagingHosts = ([ ]
         ++ lib.optional cfg.tridactyl.enable pkgs.tridactyl-native
         # Watch videos using mpv
-        ++ lib.optional cfg.ff2mpv.enable pkgs.ff2mpv-go
+        ++ lib.optional cfg.ff2mpv.enable pkgs.ambroisie.ff2mpv-go
       );
     };
 

modules/home/firefox/tridactyl/tridactylrc

@@ -22,8 +22,8 @@ bind ;c hint -Jc [class*="expand"],[class*="togg"],[class="comment_folder"]
 bindurl reddit.com gu urlparent 3
 
 " Only hint search results on Google
-bindurl www.google.com f hint -Jc #search a
-bindurl www.google.com F hint -Jbc #search a
+bindurl www.google.com f hint -Jc #search div:not(.action-menu) > a
+bindurl www.google.com F hint -Jbc #search div:not(.action-menu) > a
 
 " Only hint search results on DuckDuckGo
 bindurl ^https://duckduckgo.com f hint -Jc [data-testid="result-title-a"]
@@ -69,6 +69,8 @@ unbind <C-f>
 " Redirections {{{
 " Always redirect Reddit to the old site
 autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old")
+" Use a better Twitter front-end
+autocmd DocStart ^http(s?)://twitter.com js tri.excmds.urlmodify("-t", "twitter.com", "nitter.net")
 " }}}
 
 " Disabled websites {{{

modules/home/gdb/default.nix

@@ -26,14 +26,7 @@ in
         gdb
       ];
 
-      xdg = {
-        configFile."gdb/gdbinit".source = ./gdbinit;
-        dataFile. "gdb/.keep".text = "";
-      };
-
-      home.sessionVariables = {
-        GDBHISTFILE = "${config.xdg.dataHome}/gdb/gdb_history";
-      };
+      xdg.configFile."gdb/gdbinit".source = ./gdbinit;
     }
 
     (lib.mkIf cfg.rr.enable {

modules/home/git/default.nix

@@ -7,9 +7,6 @@ in
 {
   options.my.home.git = with lib; {
     enable = my.mkDisableOption "git configuration";
-
-    # I want the full experience by default
-    package = mkPackageOption pkgs "git" { default = [ "gitFull" ]; };
   };
 
   config.home.packages = with pkgs; lib.mkIf cfg.enable [
@@ -25,7 +22,8 @@ in
     userEmail = mkMailAddress "bruno" "belanyi.fr";
     userName = "Bruno BELANYI";
 
-    inherit (cfg) package;
+    # I want the full experience
+    package = pkgs.gitFull;
 
     aliases = {
       git = "!git";
@@ -148,10 +146,6 @@ in
         autoStash = true;
       };
 
-      rerere = {
-        enabled = true;
-      };
-
       url = {
         "git@git.belanyi.fr:" = {
           insteadOf = "https://git.belanyi.fr/";

modules/home/gpg/default.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
 let
   cfg = config.my.home.gpg;
 in
@@ -6,7 +6,12 @@ in
   options.my.home.gpg = with lib; {
     enable = my.mkDisableOption "gpg configuration";
 
-    pinentry = mkPackageOption pkgs "pinentry" { default = [ "pinentry-tty" ]; };
+    pinentry = mkOption {
+      type = types.str;
+      default = "tty";
+      example = "gtk2";
+      description = "Which pinentry interface to use";
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -17,7 +22,7 @@ in
     services.gpg-agent = {
       enable = true;
       enableSshSupport = true; # One agent to rule them all
-      pinentryPackage = cfg.pinentry;
+      pinentryFlavor = cfg.pinentry;
       extraConfig = ''
         allow-loopback-pinentry
       '';

modules/home/mail/accounts/default.nix

@@ -18,6 +18,8 @@ let
     himalaya = {
       enable = cfg.himalaya.enable;
       # FIXME: try to actually configure it at some point
+      backend = "imap";
+      sender = "smtp";
     };
 
     msmtp = {

modules/home/mpv/default.nix

@@ -13,8 +13,6 @@ in
 
       scripts = [
         pkgs.mpvScripts.mpris # Allow controlling using media keys
-        pkgs.mpvScripts.mpv-cheatsheet # Show some simple mappings on '?'
-        pkgs.mpvScripts.uosc # Nicer UI
       ];
     };
   };

modules/home/nix/default.nix

@@ -12,7 +12,7 @@ let
       # Use pinned nixpkgs when using `nix run pkgs#<whatever>`
       pkgs = inputs.nixpkgs;
     }
-    (lib.optionalAttrs cfg.inputs.overrideNixpkgs {
+    (lib.optionalAttrs cfg.overrideNixpkgs {
       # ... And with `nix run nixpkgs#<whatever>`
       nixpkgs = inputs.nixpkgs;
     })
@@ -22,26 +22,20 @@ in
   options.my.home.nix = with lib; {
     enable = my.mkDisableOption "nix configuration";
 
-    cache = {
-      selfHosted = my.mkDisableOption "self-hosted cache";
-    };
+    linkInputs = my.mkDisableOption "link inputs to `$XDG_CONFIG_HOME/nix/inputs`";
 
-    inputs = {
-      link = my.mkDisableOption "link inputs to `/etc/nix/inputs/`";
+    addToRegistry = my.mkDisableOption "add inputs and self to registry";
 
-      addToRegistry = my.mkDisableOption "add inputs and self to registry";
+    addToNixPath = my.mkDisableOption "add inputs and self to nix path";
 
-      addToNixPath = my.mkDisableOption "add inputs and self to nix path";
-
-      overrideNixpkgs = my.mkDisableOption "point nixpkgs to pinned system version";
-    };
+    overrideNixpkgs = my.mkDisableOption "point nixpkgs to pinned system version";
   };
 
   config = lib.mkIf cfg.enable (lib.mkMerge [
     {
       assertions = [
         {
-          assertion = cfg.inputs.addToNixPath -> cfg.inputs.link;
+          assertion = cfg.addToNixPath -> cfg.linkInputs;
           message = ''
             enabling `my.home.nix.addToNixPath` needs to have
             `my.home.nix.linkInputs = true`
@@ -60,21 +54,7 @@ in
       };
     }
 
-    (lib.mkIf cfg.cache.selfHosted {
-      nix = {
-        settings = {
-          extra-substituters = [
-            "https://cache.belanyi.fr/"
-          ];
-
-          extra-trusted-public-keys = [
-            "cache.belanyi.fr:LPhrTqufwfxTceg1nRWueDWf7/2zSVY9K00pq2UI7tw="
-          ];
-        };
-      };
-    })
-
-    (lib.mkIf cfg.inputs.addToRegistry {
+    (lib.mkIf cfg.addToRegistry {
       nix.registry =
         let
           makeEntry = v: { flake = v; };
@@ -83,7 +63,7 @@ in
         makeEntries channels;
     })
 
-    (lib.mkIf cfg.inputs.link {
+    (lib.mkIf cfg.linkInputs {
       xdg.configFile =
         let
           makeLink = n: v: {
@@ -95,7 +75,7 @@ in
         makeLinks channels;
     })
 
-    (lib.mkIf cfg.inputs.addToNixPath {
+    (lib.mkIf cfg.addToNixPath {
       home.sessionVariables.NIX_PATH = "${config.xdg.configHome}/nix/inputs\${NIX_PATH:+:$NIX_PATH}";
     })
   ]);

modules/home/packages/default.nix

@@ -6,10 +6,6 @@ in
   options.my.home.packages = with lib; {
     enable = my.mkDisableOption "user packages";
 
-    allowAliases = mkEnableOption "allow package aliases";
-
-    allowUnfree = my.mkDisableOption "allow unfree packages";
-
     additionalPackages = mkOption {
       type = with types; listOf package;
       default = [ ];
@@ -21,15 +17,10 @@ in
     };
   };
 
-  config = lib.mkIf cfg.enable {
-    home.packages = with pkgs; ([
-      fd
-      file
-      ripgrep
-    ] ++ cfg.additionalPackages);
-
-    nixpkgs.config = {
-      inherit (cfg) allowAliases allowUnfree;
-    };
-  };
+  config.home.packages = with pkgs; lib.mkIf cfg.enable ([
+    fd
+    file
+    mosh
+    ripgrep
+  ] ++ cfg.additionalPackages);
 }

modules/home/pager/default.nix

@@ -16,7 +16,6 @@ in
       LESS = "-R -+X -c";
       # Better XDG compliance
       LESSHISTFILE = "${config.xdg.dataHome}/less/history";
-      LESSKEY = "${config.xdg.configHome}/less/lesskey";
     };
   };
 }

modules/home/ssh/default.nix

@@ -1,70 +1,54 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
 let
   cfg = config.my.home.ssh;
 in
 {
   options.my.home.ssh = with lib; {
     enable = my.mkDisableOption "ssh configuration";
-
-    mosh = {
-      enable = my.mkDisableOption "mosh configuration";
-
-      package = mkPackageOption pkgs "mosh" { };
-    };
   };
 
-  config = lib.mkIf cfg.enable (lib.mkMerge [
-    {
-      programs.ssh = {
-        enable = true;
+  config.programs.ssh = lib.mkIf cfg.enable {
+    enable = true;
 
-        includes = [
-          # Local configuration, not-versioned
-          "config.local"
-        ];
+    includes = [
+      # Local configuration, not-versioned
+      "config.local"
+    ];
 
-        matchBlocks = {
-          "github.com" = {
-            hostname = "github.com";
-            identityFile = "~/.ssh/shared_rsa";
-            user = "git";
-          };
-
-          "gitlab.com" = {
-            hostname = "gitlab.com";
-            identityFile = "~/.ssh/shared_rsa";
-            user = "git";
-          };
-
-          "git.sr.ht" = {
-            hostname = "git.sr.ht";
-            identityFile = "~/.ssh/shared_rsa";
-            user = "git";
-          };
-
-          "git.belanyi.fr" = {
-            hostname = "git.belanyi.fr";
-            identityFile = "~/.ssh/shared_rsa";
-            user = "git";
-          };
-
-          porthos = {
-            hostname = "37.187.146.15";
-            identityFile = "~/.ssh/shared_rsa";
-            user = "ambroisie";
-          };
-        };
-
-        extraConfig = ''
-          AddKeysToAgent yes
-        '';
+    matchBlocks = {
+      "github.com" = {
+        hostname = "github.com";
+        identityFile = "~/.ssh/shared_rsa";
+        user = "git";
       };
-    }
 
-    (lib.mkIf cfg.mosh.enable {
-      home.packages = [
-        cfg.mosh.package
-      ];
-    })
-  ]);
+      "gitlab.com" = {
+        hostname = "gitlab.com";
+        identityFile = "~/.ssh/shared_rsa";
+        user = "git";
+      };
+
+      "git.sr.ht" = {
+        hostname = "git.sr.ht";
+        identityFile = "~/.ssh/shared_rsa";
+        user = "git";
+      };
+
+      "git.belanyi.fr" = {
+        hostname = "git.belanyi.fr";
+        identityFile = "~/.ssh/shared_rsa";
+        user = "git";
+      };
+
+      porthos = {
+        hostname = "91.121.177.163";
+        identityFile = "~/.ssh/shared_rsa";
+        user = "ambroisie";
+      };
+    };
+
+    extraConfig = ''
+      AddKeysToAgent yes
+    '';
+  };
 }

modules/home/tmux/default.nix

@@ -5,14 +5,6 @@ let
     config.my.home.x.enable
     (config.my.home.wm.windowManager != null)
   ];
-
-  mkTerminalFlags = opt: flag:
-    let
-      mkFlag = term: ''set -as terminal-features ",${term}:${flag}"'';
-      enabledTerminals = lib.filterAttrs (_: v: v.${opt}) cfg.terminalFeatures;
-      terminals = lib.attrNames enabledTerminals;
-    in
-    lib.concatMapStringsSep "\n" mkFlag terminals;
 in
 {
   options.my.home.tmux = with lib; {
@@ -20,22 +12,16 @@ in
 
     enablePassthrough = mkEnableOption "tmux DCS passthrough sequence";
 
-    terminalFeatures = mkOption {
-      type = with types; attrsOf (submodule {
-        options = {
-          hyperlinks = my.mkDisableOption "hyperlinks through OSC8";
-
-          trueColor = my.mkDisableOption "24-bit (RGB) color support";
-        };
-      });
-
-      default = { ${config.my.home.terminal.program} = { }; };
-      defaultText = litteralExpression ''
-        { ''${config.my.home.terminal.program} = { }; };
+    trueColorTerminals = mkOption {
+      type = with types; listOf str;
+      default = lib.my.nullableToList config.my.home.terminal.program;
+      defaultText = ''
+        `[ config.my.home.terminal.program ]` if it is non-null, otherwise an
+        empty list.
       '';
-      example = { xterm-256color = { }; };
+      example = [ "xterm-256color" ];
       description = ''
-        $TERM values which should be considered to have additional features.
+        $TERM values which should be considered to always support 24-bit color.
       '';
     };
   };
@@ -46,7 +32,7 @@ in
     keyMode = "vi"; # Home-row keys and other niceties
     clock24 = true; # I'm one of those heathens
     escapeTime = 0; # Let vim do its thing instead
-    historyLimit = 100000; # Bigger buffer
+    historyLimit = 50000; # Bigger buffer
     terminal = "tmux-256color"; # I want accurate termcap info
 
     plugins = with pkgs.tmuxPlugins; [
@@ -103,10 +89,13 @@ in
         ''
       }
 
-      # Force OSC8 hyperlinks for each relevant $TERM
-      ${mkTerminalFlags "hyperlinks" "hyperlinks"}
       # Force 24-bit color for each relevant $TERM
-      ${mkTerminalFlags "trueColor" "RGB"}
+      ${
+        let
+          mkTcFlag = term: ''set -as terminal-features ",${term}:RGB"'';
+        in
+        lib.concatMapStringsSep "\n" mkTcFlag cfg.trueColorTerminals
+      }
     '';
   };
 }

modules/home/vim/after/ftplugin/bp.vim

@@ -1,7 +0,0 @@
-" Create the `b:undo_ftplugin` variable if it doesn't exist
-call ftplugined#check_undo_ft()
-
-" Add comment format
-setlocal comments=b://,s1:/*,mb:*,ex:*/
-setlocal commentstring=//\ %s
-let b:undo_ftplugin.='|setlocal comments< commentstring<'

modules/home/vim/after/ftplugin/gn.vim

@@ -1,6 +0,0 @@
-" Create the `b:undo_ftplugin` variable if it doesn't exist
-call ftplugined#check_undo_ft()
-
-" Set comment string, as it seems that no official GN support exists upstream
-setlocal commentstring=#\ %s
-let b:undo_ftplugin.='|setlocal commentstring<'

modules/home/vim/after/ftplugin/json.vim

@@ -1,6 +0,0 @@
-" Create the `b:undo_ftplugin` variable if it doesn't exist
-call ftplugined#check_undo_ft()
-
-" Use a small indentation value on JSON files
-setlocal shiftwidth=2
-let b:undo_ftplugin.='|setlocal shiftwidth<'

modules/home/vim/default.nix

@@ -105,7 +105,7 @@ in
       nixpkgs-fmt
 
       # Shell
-      nodePackages.bash-language-server
+      shellcheck
       shfmt
     ];
   };

modules/home/vim/ftdetect/automake.lua

@@ -1,4 +1,4 @@
--- Use Automake filetype for `local.am` files
+-- Use Automake filetype for `local.am` files, explicit `set` to force override
 vim.filetype.add({
     filename = {
         ["local.am"] = "automake",

modules/home/vim/ftdetect/blueprint.lua

@@ -1,6 +0,0 @@
--- Use `bp` filetype for Blueprint files
-vim.filetype.add({
-    extension = {
-        bp = "bp",
-    },
-})

modules/home/vim/ftdetect/glsl.lua

@@ -1,7 +0,0 @@
--- Use GLSL filetype for common shader file extensions
-vim.filetype.add({
-    extension = {
-        frag = "glsl",
-        vert = "glsl",
-    },
-})

modules/home/vim/ftdetect/gn.lua

@@ -1,7 +0,0 @@
--- Use GN filetype for Chromium Generate Ninja files
-vim.filetype.add({
-    extension = {
-        gn = "gn",
-        gni = "gn",
-    },
-})

modules/home/vim/init.vim

@@ -88,23 +88,6 @@ set background=dark
 
 " 24 bit colors
 set termguicolors
-" Setup some overrides for gruvbox
-lua << EOF
-local gruvbox = require("gruvbox")
-local colors = gruvbox.palette
-
-gruvbox.setup({
-    overrides = {
-        -- Only URLs should be underlined
-        ["@string.special.path"] = { link = "GruvboxOrange" },
-        -- Revert back to the better diff highlighting
-        DiffAdd = { fg = colors.green, bg = "NONE" },
-        DiffChange = { fg = colors.aqua, bg = "NONE" },
-        DiffDelete = { fg = colors.red, bg = "NONE" },
-        DiffText = { fg = colors.yellow, bg = colors.bg0 },
-    }
-})
-EOF
 " Use my preferred colorscheme
 colorscheme gruvbox
 " }}}

modules/home/vim/lua/ambroisie/lsp.lua

@@ -51,7 +51,8 @@ M.on_attach = function(client, bufnr)
     local wk = require("which-key")
 
     local function list_workspace_folders()
-        vim.print(vim.lsp.buf.list_workspace_folders())
+        local utils = require("ambroisie.utils")
+        utils.dump(vim.lsp.buf.list_workspace_folders())
     end
 
     local function cycle_diagnostics_display()

modules/home/vim/lua/ambroisie/utils.lua

@@ -1,5 +1,11 @@
 local M = {}
 
+--- pretty print lua object
+--- @param obj any object to pretty print
+M.dump = function(obj)
+    print(vim.inspect(obj))
+end
+
 --- checks if a given command is executable
 --- @param cmd string? command to check
 --- @return boolean executable
@@ -9,7 +15,7 @@ end
 
 --- return a function that checks if a given command is executable
 --- @param cmd string? command to check
---- @return fun(): boolean executable
+--- @return fun(cmd: string): boolean executable
 M.is_executable_condition = function(cmd)
     return function()
         return M.is_executable(cmd)
@@ -34,11 +40,11 @@ M.is_ssh = function()
     return false
 end
 
---- list all active LSP clients for specific buffer, or all buffers
+--- list all active LSP clients for current buffer
 --- @param bufnr int? buffer number
 --- @return table all active LSP client names
 M.list_lsp_clients = function(bufnr)
-    local clients = vim.lsp.get_active_clients({ bufnr = bufnr })
+    local clients = vim.lsp.buf_get_clients(bufnr)
     local names = {}
 
     for _, client in ipairs(clients) do

modules/home/vim/plugin/settings/lspconfig.lua

@@ -29,17 +29,16 @@ if utils.is_executable("clangd") then
     })
 end
 
--- Haskell
-if utils.is_executable("haskell-language-server-wrapper") then
-    lspconfig.hls.setup({
+-- Nix
+if utils.is_executable("nil") then
+    lspconfig.nil_ls.setup({
         capabilities = capabilities,
         on_attach = lsp.on_attach,
     })
 end
 
--- Nix
-if utils.is_executable("nil") then
-    lspconfig.nil_ls.setup({
+if utils.is_executable("rnix-lsp") then
+    lspconfig.rnix.setup({
         capabilities = capabilities,
         on_attach = lsp.on_attach,
     })
@@ -53,13 +52,6 @@ if utils.is_executable("pyright") then
     })
 end
 
-if utils.is_executable("ruff-lsp") then
-    lspconfig.ruff_lsp.setup({
-        capabilities = capabilities,
-        on_attach = lsp.on_attach,
-    })
-end
-
 -- Rust
 if utils.is_executable("rust-analyzer") then
     lspconfig.rust_analyzer.setup({
@@ -67,12 +59,3 @@ if utils.is_executable("rust-analyzer") then
         on_attach = lsp.on_attach,
     })
 end
-
--- Shell
-if utils.is_executable("bash-language-server") then
-    lspconfig.bashls.setup({
-        filetypes = { "bash", "sh", "zsh" },
-        capabilities = capabilities,
-        on_attach = lsp.on_attach,
-    })
-end

modules/home/vim/plugin/settings/lualine.lua

@@ -10,7 +10,7 @@ local function list_spell_languages()
 end
 
 local function list_lsp_clients()
-    local client_names = utils.list_lsp_clients(0)
+    local client_names = utils.list_lsp_clients()
 
     if #client_names == 0 then
         return ""

modules/home/vim/plugin/settings/null-ls.lua

@@ -18,16 +18,48 @@ null_ls.register({
     }),
 })
 
+-- C, C++
+null_ls.register({
+    null_ls.builtins.formatting.clang_format.with({
+        -- Only used if available, but prefer clangd formatting if available
+        condition = function()
+            return utils.is_executable("clang-format") and not utils.is_executable("clangd")
+        end,
+    }),
+})
+
+-- Haskell
+null_ls.register({
+    null_ls.builtins.formatting.brittany.with({
+        -- Only used if available
+        condition = utils.is_executable_condition("brittany"),
+    }),
+})
+
 -- Nix
 null_ls.register({
     null_ls.builtins.formatting.nixpkgs_fmt.with({
-        -- Only used if available
-        condition = utils.is_executable_condition("nixpkgs-fmt"),
+        -- Only used if available, but prefer rnix if available
+        condition = function()
+            return utils.is_executable("nixpkgs-fmt")
+                and not utils.is_executable("rnix-lsp")
+                and not utils.is_executable("nil")
+        end,
     }),
 })
 
 -- Python
 null_ls.register({
+    null_ls.builtins.diagnostics.flake8.with({
+        -- Only used if available, but prefer pflake8 if available
+        condition = function()
+            return utils.is_executable("flake8") and not utils.is_executable("pflake8")
+        end,
+    }),
+    null_ls.builtins.diagnostics.pyproject_flake8.with({
+        -- Only used if available
+        condition = utils.is_executable_condition("pflake8"),
+    }),
     null_ls.builtins.diagnostics.mypy.with({
         -- Only used if available
         condition = utils.is_executable_condition("mypy"),
@@ -49,6 +81,22 @@ null_ls.register({
 
 -- Shell (non-POSIX)
 null_ls.register({
+    null_ls.builtins.code_actions.shellcheck.with({
+        -- Restrict to bash and zsh
+        filetypes = { "bash", "zsh" },
+        -- Only used if available
+        condition = utils.is_executable_condition("shellcheck"),
+    }),
+    null_ls.builtins.diagnostics.shellcheck.with({
+        -- Show error code in message
+        diagnostics_format = "[#{c}] #{m}",
+        -- Require explicit empty string test, use bash dialect
+        extra_args = { "-s", "bash", "-o", "avoid-nullary-conditions" },
+        -- Restrict to bash and zsh
+        filetypes = { "bash", "zsh" },
+        -- Only used if available
+        condition = utils.is_executable_condition("shellcheck"),
+    }),
     null_ls.builtins.formatting.shfmt.with({
         -- Indent with 4 spaces, simplify the code, indent switch cases,
         -- add space after redirection, use bash dialect
@@ -62,6 +110,22 @@ null_ls.register({
 
 -- Shell (POSIX)
 null_ls.register({
+    null_ls.builtins.code_actions.shellcheck.with({
+        -- Restrict to POSIX sh
+        filetypes = { "sh" },
+        -- Only used if available
+        condition = utils.is_executable_condition("shellcheck"),
+    }),
+    null_ls.builtins.diagnostics.shellcheck.with({
+        -- Show error code in message
+        diagnostics_format = "[#{c}] #{m}",
+        -- Require explicit empty string test
+        extra_args = { "-o", "avoid-nullary-conditions" },
+        -- Restrict to POSIX sh
+        filetypes = { "sh" },
+        -- Only used if available
+        condition = utils.is_executable_condition("shellcheck"),
+    }),
     null_ls.builtins.formatting.shfmt.with({
         -- Indent with 4 spaces, simplify the code, indent switch cases,
         -- add space after redirection, use POSIX

modules/home/vim/plugin/settings/tree-sitter.lua

@@ -8,6 +8,9 @@ ts_config.setup({
     indent = {
         enable = true,
     },
+    context_commentstring = {
+        enable = true,
+    },
     textobjects = {
         select = {
             enable = true,

modules/home/wget/default.nix

@@ -1,26 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
-  cfg = config.my.home.wget;
-in
-{
-  options.my.home.wget = with lib; {
-    enable = my.mkDisableOption "wget configuration";
-
-    package = mkPackageOption pkgs "wget" { };
-  };
-
-  config = lib.mkIf cfg.enable {
-    home.packages = [
-      cfg.package
-    ];
-
-
-    home.sessionVariables = lib.mkIf cfg.enable {
-      WGETRC = "${config.xdg.configHome}/wgetrc";
-    };
-
-    xdg.configFile."wgetrc".text = ''
-      hsts-file = ${config.xdg.dataHome}/wget-hsts
-    '';
-  };
-}

modules/home/wm/cursor/default.nix

@@ -8,7 +8,7 @@ in
 {
   config = lib.mkIf cfg.enable {
     home.pointerCursor = {
-      package = pkgs.vimix-cursors;
+      package = pkgs.ambroisie.vimix-cursors;
       name = "Vimix-cursors";
 
       x11 = {

modules/home/wm/default.nix

@@ -36,31 +36,6 @@ in
 
     i3bar = {
       enable = mkRelatedOption "i3bar configuration" [ "i3" ];
-
-      vpn = {
-        enable = my.mkDisableOption "VPN configuration";
-
-        blockConfigs = mkOption {
-          type = with types; listOf (attrsOf str);
-          default = [
-            {
-              active_format = " VPN ";
-              service = "wg-quick-wg";
-            }
-            {
-              active_format = " VPN (LAN) ";
-              service = "wg-quick-lan";
-            }
-          ];
-          example = [
-            {
-              active_format = " WORK ";
-              service = "some-service-name";
-            }
-          ];
-          description = "list of block configurations, merged with the defauls";
-        };
-      };
     };
 
     rofi = {

modules/home/wm/i3/default.nix

@@ -129,7 +129,6 @@ in
             { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; }
             { class = "^Pavucontrol.*$"; }
             { class = "^Arandr$"; }
-            { class = ".?blueman-manager.*$"; }
           ];
         };
 
@@ -197,7 +196,7 @@ in
                 inherit (config.my.home.bluetooth) enable;
                 prog = lib.getExe pkgs.rofi-bluetooth;
               in
-              lib.mkIf enable "exec ${prog} -i";
+              lib.mkIf enable "exec ${prog}";
           })
           (
             # Changing container focus

modules/home/wm/i3bar/default.nix

@@ -17,11 +17,25 @@ in
         top = {
           icons = "awesome5";
 
-          blocks = builtins.filter (attr: attr != { }) (lib.flatten [
+          blocks = builtins.filter (attr: attr != { }) [
             {
               block = "music";
               # This format seems to remove the block when not playing, somehow
               format = "{ $icon $combo.str(max_w:50,rot_interval:0.5)  $prev  $play  $next |}";
+              click = [
+                {
+                  button = "play";
+                  action = "music_play";
+                }
+                {
+                  button = "prev";
+                  action = "music_prev";
+                }
+                {
+                  button = "next";
+                  action = "music_next";
+                }
+              ];
             }
             (lib.optionalAttrs config.my.home.bluetooth.enable {
               block = "bluetooth";
@@ -59,22 +73,9 @@ in
             {
               block = "disk_space";
             }
-            (lib.optionals cfg.vpn.enable
-              (
-                let
-                  defaults = {
-                    block = "service_status";
-                    active_state = "Good";
-                    inactive_format = "";
-                    inactive_state = "Idle";
-                  };
-                in
-                builtins.map (block: defaults // block) cfg.vpn.blockConfigs
-              )
-            )
             {
               block = "net";
-              format = " $icon{| $ssid|}{| $ip|}{| $signal_strength|} ";
+              format = " $icon{| $ssid|} $ip{| $signal_strength|} ";
             }
             {
               block = "backlight";
@@ -105,7 +106,7 @@ in
               format = " $icon $timestamp.datetime(f:'%F %T') ";
               interval = 5;
             }
-          ]);
+          ];
         };
       };
     };

modules/home/x/default.nix

@@ -3,6 +3,10 @@ let
   cfg = config.my.home.x;
 in
 {
+  imports = [
+    ./keyboard
+  ];
+
   options.my.home.x = with lib; {
     enable = mkEnableOption "X server configuration";
   };

modules/home/x/keyboard/default.nix

@@ -1,12 +1,8 @@
 { config, lib, ... }:
 let
-  cfg = config.my.home.keyboard;
+  cfg = config.my.home.x;
 in
 {
-  options.my.home.keyboard = with lib; {
-    enable = my.mkDisableOption "keyboard configuration";
-  };
-
   config = lib.mkIf cfg.enable {
     home.keyboard = {
       layout = "fr";

modules/home/xdg/default.nix

@@ -39,19 +39,16 @@ in
   # I want a tidier home
   config.home.sessionVariables = with config.xdg; lib.mkIf cfg.enable {
     ANDROID_HOME = "${dataHome}/android";
-    ANDROID_USER_HOME = "${configHome}/android";
     CARGO_HOME = "${dataHome}/cargo";
     DOCKER_CONFIG = "${configHome}/docker";
-    GRADLE_USER_HOME = "${dataHome}/gradle";
+    GDBHISTFILE = "${dataHome}/gdb/gdb_history";
     HISTFILE = "${dataHome}/bash/history";
     INPUTRC = "${configHome}/readline/inputrc";
+    LESSHISTFILE = "${dataHome}/less/history";
+    LESSKEY = "${configHome}/less/lesskey";
     PSQL_HISTORY = "${dataHome}/psql_history";
-    PYTHONPYCACHEPREFIX = "${cacheHome}/python/";
-    PYTHONUSERBASE = "${dataHome}/python/";
-    PYTHON_HISTORY = "${stateHome}/python/history";
-    REDISCLI_HISTFILE = "${dataHome}/redis/rediscli_history";
     REPO_CONFIG_DIR = "${configHome}/repo";
+    REDISCLI_HISTFILE = "${dataHome}/redis/rediscli_history";
     XCOMPOSECACHE = "${dataHome}/X11/xcompose";
-    _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java";
   };
 }

modules/home/zsh/default.nix

@@ -15,152 +15,81 @@ in
     enable = my.mkDisableOption "zsh configuration";
 
     launchTmux = mkEnableOption "auto launch tmux at shell start";
-
-    notify = {
-      enable = mkEnableOption "zsh-done notification";
-
-      exclude = mkOption {
-        type = with types; listOf str;
-        default = [
-          "delta"
-          "direnv reload"
-          "fg"
-          "git (?!push|pull|fetch)"
-          "htop"
-          "less"
-          "man"
-          "nvim"
-          "tail -f"
-          "tmux"
-          "vim"
-        ];
-        example = [ "command --long-running-option" ];
-        description = ''
-          List of exclusions which should not be create a notification. Accepts
-          Perl regexes (implicitly anchored with `^\s*`).
-        '';
-      };
-
-      ssh = {
-        enable = mkEnableOption "notify through SSH/non-graphical connections";
-
-        useOsc777 = lib.my.mkDisableOption "use OSC-777 for notifications";
-      };
-    };
   };
 
-  config = lib.mkIf cfg.enable (lib.mkMerge [
-    {
-      home.packages = with pkgs; [
-        zsh-completions
+  config = lib.mkIf cfg.enable {
+    home.packages = with pkgs; [
+      zsh-completions
+    ];
+
+    programs.zsh = {
+      enable = true;
+      dotDir = "${relativeXdgConfig}/zsh"; # Don't clutter $HOME
+      enableCompletion = true;
+
+      history = {
+        size = 500000;
+        save = 500000;
+        extended = true;
+        expireDuplicatesFirst = true;
+        ignoreSpace = true;
+        ignoreDups = true;
+        share = false;
+        path = "${config.xdg.dataHome}/zsh/zsh_history";
+      };
+
+      plugins = [
+        {
+          name = "fast-syntax-highlighting";
+          file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh";
+          src = pkgs.zsh-fast-syntax-highlighting;
+        }
+        {
+          name = "agkozak-zsh-prompt";
+          file = "share/zsh/site-functions/agkozak-zsh-prompt.plugin.zsh";
+          src = pkgs.agkozak-zsh-prompt;
+        }
       ];
 
-      programs.zsh = {
-        enable = true;
-        dotDir = "${relativeXdgConfig}/zsh"; # Don't clutter $HOME
-        enableCompletion = true;
+      # Modal editing is life, but CLI benefits from emacs gymnastics
+      defaultKeymap = "emacs";
 
-        history = {
-          size = 500000;
-          save = 500000;
-          extended = true;
-          expireDuplicatesFirst = true;
-          ignoreSpace = true;
-          ignoreDups = true;
-          share = false;
-          path = "${config.xdg.dataHome}/zsh/zsh_history";
-        };
-
-        plugins = [
-          {
-            name = "fast-syntax-highlighting";
-            file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh";
-            src = pkgs.zsh-fast-syntax-highlighting;
-          }
-          {
-            name = "agkozak-zsh-prompt";
-            file = "share/zsh/site-functions/agkozak-zsh-prompt.plugin.zsh";
-            src = pkgs.agkozak-zsh-prompt;
-          }
-        ];
-
-        # Modal editing is life, but CLI benefits from emacs gymnastics
-        defaultKeymap = "emacs";
-
-        # Make those happen early to avoid doing double the work
-        initExtraFirst = lib.mkBefore ''
-          ${
-            lib.optionalString cfg.launchTmux ''
-              # Launch tmux unless already inside one
-              if [ -z "$TMUX" ]; then
-                exec tmux new-session
-              fi
-            ''
-          }
-        '';
-
-        initExtra = lib.mkAfter ''
-          source ${./completion-styles.zsh}
-          source ${./extra-mappings.zsh}
-          source ${./options.zsh}
-
-          # Source local configuration
-          if [ -f "$ZDOTDIR/zshrc.local" ]; then
-            source "$ZDOTDIR/zshrc.local"
-          fi
-        '';
-
-        localVariables = {
-          # I like having the full path
-          AGKOZAK_PROMPT_DIRTRIM = 0;
-          # Because I *am* from EPITA
-          AGKOZAK_PROMPT_CHAR = [ "42sh$" "42sh#" ":" ];
-          # Easy on the eyes
-          AGKOZAK_COLORS_BRANCH_STATUS = "magenta";
-          # I don't like moving my eyes
-          AGKOZAK_LEFT_PROMPT_ONLY = 1;
-        };
-
-        # Enable VTE integration
-        enableVteIntegration = true;
-      };
-    }
-
-    (lib.mkIf cfg.notify.enable {
-      programs.zsh = {
-        plugins = [
-          {
-            name = "zsh-done";
-            file = "share/zsh/site-functions/done.plugin.zsh";
-            src = pkgs.ambroisie.zsh-done;
-          }
-        ];
-
-        # `localVariables` values don't get merged correctly due to their type,
-        # don't use `mkIf`
-        localVariables = {
-          DONE_EXCLUDE =
-            let
-              joined = lib.concatMapStringsSep "|" (c: "(${c})") cfg.notify.exclude;
-            in
-            ''^\s*(${joined})'';
+      # Make those happen early to avoid doing double the work
+      initExtraFirst = ''
+        ${
+          lib.optionalString cfg.launchTmux ''
+            # Launch tmux unless already inside one
+            if [ -z "$TMUX" ]; then
+              exec tmux new-session
+            fi
+          ''
         }
-        # Enable `zsh-done` through SSH, if configured
-        // lib.optionalAttrs cfg.notify.ssh.enable {
-          DONE_ALLOW_NONGRAPHICAL = 1;
-        };
+      '';
 
-        # Use OSC-777 to send the notification through SSH
-        initExtra = lib.mkIf cfg.notify.ssh.useOsc777 ''
-          done_send_notification() {
-            local exit_status="$1"
-            local title="$2"
-            local message="$3"
+      initExtra = ''
+        source ${./completion-styles.zsh}
+        source ${./extra-mappings.zsh}
+        source ${./options.zsh}
 
-            ${lib.getExe pkgs.ambroisie.osc777} "$title" "$message"
-          }
-        '';
+        # Source local configuration
+        if [ -f "$ZDOTDIR/zshrc.local" ]; then
+          source "$ZDOTDIR/zshrc.local"
+        fi
+      '';
+
+      localVariables = {
+        # I like having the full path
+        AGKOZAK_PROMPT_DIRTRIM = 0;
+        # Because I *am* from EPITA
+        AGKOZAK_PROMPT_CHAR = [ "42sh$" "42sh#" ":" ];
+        # Easy on the eyes
+        AGKOZAK_COLORS_BRANCH_STATUS = "magenta";
+        # I don't like moving my eyes
+        AGKOZAK_LEFT_PROMPT_ONLY = 1;
       };
-    })
-  ]);
+
+      # Enable VTE integration
+      enableVteIntegration = true;
+    };
+  };
 }

modules/nixos/hardware/bluetooth/default.nix

@@ -18,6 +18,13 @@ in
       services.blueman.enable = true;
     }
 
+    # Persist bluetooth files
+    {
+      my.system.persist.directories = [
+        "/var/lib/bluetooth"
+      ];
+    }
+
     # Support for additional bluetooth codecs
     (lib.mkIf cfg.loadExtraCodecs {
       hardware.pulseaudio = {
@@ -25,8 +32,8 @@ in
         package = pkgs.pulseaudioFull;
       };
 
-      services.pipewire.wireplumber.configPackages = [
-        (pkgs.writeTextDir "share/wireplumber/bluetooth.lua.d/51-bluez-config.lua" ''
+      environment.etc = {
+        "wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
           bluez_monitor.properties = {
             -- SBC XQ provides better audio
             ["bluez5.enable-sbc-xq"] = true,
@@ -40,8 +47,8 @@ in
             -- FIXME: Some devices may now support both hsp_ag and hfp_ag
             ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
           }
-        '')
-      ];
+        '';
+      };
     })
 
     # Support for A2DP audio profile

modules/nixos/hardware/default.nix

@@ -6,10 +6,9 @@
     ./bluetooth
     ./ergodox
     ./firmware
-    ./graphics
+    ./mx-ergo
     ./networking
     ./sound
-    ./trackball
     ./upower
   ];
 }

modules/nixos/hardware/graphics/default.nix

@@ -1,75 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  cfg = config.my.hardware.graphics;
-in
-{
-  options.my.hardware.graphics = with lib; {
-    enable = mkEnableOption "graphics configuration";
-
-    gpuFlavor = mkOption {
-      type = with types; nullOr (enum [ "amd" "intel" ]);
-      default = null;
-      example = "intel";
-      description = "Which kind of GPU to install driver for";
-    };
-
-    amd = {
-      enableKernelModule = lib.my.mkDisableOption "Kernel driver module";
-
-      amdvlk = lib.mkEnableOption "Use AMDVLK instead of Mesa RADV driver";
-    };
-
-    intel = {
-      enableKernelModule = lib.my.mkDisableOption "Kernel driver module";
-    };
-  };
-
-  config = lib.mkIf cfg.enable (lib.mkMerge [
-    {
-      hardware.opengl = {
-        enable = true;
-      };
-    }
-
-    # AMD GPU
-    (lib.mkIf (cfg.gpuFlavor == "amd") {
-      boot.initrd.kernelModules = lib.mkIf cfg.amd.enableKernelModule [ "amdgpu" ];
-
-      hardware.opengl = {
-        extraPackages = with pkgs; [
-          # OpenCL
-          rocmPackages.clr
-          rocmPackages.clr.icd
-        ]
-        ++ lib.optional cfg.amd.amdvlk amdvlk
-        ;
-
-        extraPackages32 = with pkgs; [
-        ]
-        ++ lib.optional cfg.amd.amdvlk driversi686Linux.amdvlk
-        ;
-      };
-    })
-
-    # Intel GPU
-    (lib.mkIf (cfg.gpuFlavor == "intel") {
-      boot.initrd.kernelModules = lib.mkIf cfg.intel.enableKernelModule [ "i915" ];
-
-      environment.variables = {
-        VDPAU_DRIVER = "va_gl";
-      };
-
-      hardware.opengl = {
-        extraPackages = with pkgs; [
-          # Open CL
-          intel-compute-runtime
-
-          # VA API
-          intel-media-driver
-          intel-vaapi-driver
-          libvdpau-va-gl
-        ];
-      };
-    })
-  ]);
-}

modules/nixos/hardware/mx-ergo/default.nix

@@ -1,11 +1,11 @@
 # Hold down the `next page` button to scroll using the ball
 { config, lib, ... }:
 let
-  cfg = config.my.hardware.trackball;
+  cfg = config.my.hardware.mx-ergo;
 in
 {
-  options.my.hardware.trackball = with lib; {
-    enable = mkEnableOption "trackball configuration";
+  options.my.hardware.mx-ergo = with lib; {
+    enable = mkEnableOption "MX Ergo configuration";
   };
 
   config = lib.mkIf cfg.enable {
@@ -13,7 +13,6 @@ in
       # This section must be *after* the one configured by `libinput`
       # for the `ScrollMethod` configuration to not be overriden
       inputClassSections = lib.mkAfter [
-        # MX Ergo
         ''
           Identifier      "MX Ergo scroll button configuration"
           MatchProduct    "MX Ergo"

modules/nixos/hardware/networking/default.nix

@@ -22,6 +22,11 @@ in
   config = lib.mkMerge [
     (lib.mkIf cfg.wireless.enable {
       networking.networkmanager.enable = true;
+
+      # Persist NetworkManager files
+      my.system.persist.directories = [
+        "/etc/NetworkManager/system-connections"
+      ];
     })
   ];
 }

modules/nixos/profiles/devices/default.nix

@@ -11,7 +11,7 @@ in
     my.hardware = {
       ergodox.enable = true;
 
-      trackball.enable = true;
+      mx-ergo.enable = true;
     };
 
     # MTP devices auto-mount via file explorers