flake: home-manager: export NixOS homes

And here is what the last few commits were building up to. This is neat, but won't be useful *very* often.
flake: home-manager: refactor 'mkHome'
2025-07-07 15:08:04 +00:00 · 2025-07-07 15:08:04 +00:00 · 2025-07-07 15:08:04 +00:00 · 2025-07-07 15:08:04 +00:00 · 2025-07-07 15:08:04 +00:00 · 2025-07-07 15:08:04 +00:00
58 changed files with 655 additions and 645 deletions
--- a/flake.lock
+++ b/flake.lock
@ -14,11 +14,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1762618334,
-        "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
+        "lastModified": 1750173260,
+        "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "fcdea223397448d35d9b31f798479227e80183f6",
+        "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
        "type": "github"
      },
      "original": {
@ -53,11 +53,11 @@
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1761588595,
-        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
        "type": "github"
      },
      "original": {
@ -73,11 +73,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1763759067,
-        "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
+        "lastModified": 1751413152,
+        "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
+        "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5",
        "type": "github"
      },
      "original": {
@ -117,11 +117,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1763988335,
-        "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=",
+        "lastModified": 1750779888,
+        "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce",
+        "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
        "type": "github"
      },
      "original": {
@ -159,11 +159,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1764361670,
-        "narHash": "sha256-jgWzgpIaHbL3USIq0gihZeuy1lLf2YSfwvWEwnfAJUw=",
+        "lastModified": 1751429452,
+        "narHash": "sha256-4s5vRtaqdNhVBnbOWOzBNKrRa0ShQTLoEPjJp3joeNI=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "780be8ef503a28939cf9dc7996b48ffb1a3e04c6",
+        "rev": "df12269039dcf752600b1bcc176bacf2786ec384",
        "type": "github"
      },
      "original": {
@ -175,11 +175,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1764242076,
-        "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=",
+        "lastModified": 1751271578,
+        "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4",
+        "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df",
        "type": "github"
      },
      "original": {
@ -196,19 +196,20 @@
        ],
        "nixpkgs": [
          "nixpkgs"
-        ]
+        ],
+        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1764449851,
-        "narHash": "sha256-VnodC1+3KML8MYLLnK84E6U2Fz4ioNacOeQd1pMCSTw=",
+        "lastModified": 1741294988,
+        "narHash": "sha256-3408u6q615kVTb23WtDriHRmCBBpwX7iau6rvfipcu4=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "b1781c0aa8935d8d1f35d228bcc7127fcebcd363",
+        "rev": "b30c245e2c44c7352a27485bfd5bc483df660f0e",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "main",
+        "ref": "master",
        "repo": "NUR",
        "type": "github"
      }
@ -240,6 +241,27 @@
        "repo": "default",
        "type": "github"
      }
+    },
+    "treefmt-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nur",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1733222881,
+        "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "49717b5af6f80172275d47a418c9719a31a78b53",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -54,7 +54,7 @@
      type = "github";
      owner = "nix-community";
      repo = "NUR";
-      ref = "main";
+      ref = "master";
      inputs = {
        flake-parts.follows = "flake-parts";
        nixpkgs.follows = "nixpkgs";
--- a/flake/default.nix
+++ b/flake/default.nix
@ -13,6 +13,7 @@ flake-parts.lib.mkFlake { inherit inputs; } {
    ./checks.nix
    ./dev-shells.nix
    ./home-manager.nix
+    ./hosts.nix
    ./lib.nix
    ./nixos.nix
    ./overlays.nix
--- a/flake/home-manager.nix
+++ b/flake/home-manager.nix
@ -1,5 +1,7 @@
-{ self, inputs, lib, ... }:
+{ self, config, inputs, lib, ... }:
 let
+  inherit (config) hosts;
+
  defaultModules = [
    # Include generic settings
    "${self}/modules/home"
@ -19,14 +21,14 @@ let
      # Enable home-manager
      programs.home-manager.enable = true;
    }
+    # Import common modules
+    "${self}/modules/common"
  ];

-  mkHome = name: system: inputs.home-manager.lib.homeManagerConfiguration {
+  mkHomeCommon = mainModules: system: inputs.home-manager.lib.homeManagerConfiguration {
    pkgs = inputs.nixpkgs.legacyPackages.${system};

-    modules = defaultModules ++ [
-      "${self}/hosts/homes/${name}"
-    ];
+    modules = defaultModules ++ mainModules;

    # Use my extended lib in NixOS configuration
    inherit (self) lib;
@ -37,24 +39,41 @@ let
    };
  };

-  homes = {
+  mkHome = name: mkHomeCommon [ "${self}/hosts/homes/${name}" ];
+
+  mkNixosHome = name: mkHomeCommon [
+    "${self}/hosts/nixos/${name}/home.nix"
+    "${self}/hosts/nixos/${name}/profiles.nix"
+  ];
+in
+{
+  hosts.homes = {
    "ambroisie@bazin" = "x86_64-linux";
    "ambroisie@mousqueton" = "x86_64-linux";
  };
-in
-{
+
  perSystem = { system, ... }: {
    # Work-around for https://github.com/nix-community/home-manager/issues/3075
    legacyPackages = {
      homeConfigurations =
        let
-          filteredHomes = lib.filterAttrs (_: v: v == system) homes;
+          filteredHomes = lib.filterAttrs (_: v: v == system) hosts.homes;
          allHomes = filteredHomes // {
            # Default configuration
            ambroisie = system;
          };
+          homeManagerHomes = lib.mapAttrs mkHome allHomes;
+
+          filteredNixosHosts = lib.filterAttrs (_: v: v == system) hosts.nixos;
+          nixosHomes' = lib.mapAttrs mkNixosHome filteredNixosHosts;
+          nixosHomeUsername = (host: self.nixosConfigurations.${host}.config.my.user.name);
+          nixosHomes = lib.mapAttrs' (host: lib.nameValuePair "${nixosHomeUsername host}@${host}") nixosHomes';
        in
-        lib.mapAttrs mkHome allHomes;
+        lib.foldl' lib.mergeAttrs { }
+          [
+            homeManagerHomes
+            nixosHomes
+          ];
    };
  };
 }
--- a/flake/hosts.nix
+++ b/flake/hosts.nix
@ -0,0 +1,21 @@
+# Define `hosts.{darwin,home,nixos}` options for consumption in other modules
+{ lib, ... }:
+let
+  mkHostsOption = description: lib.mkOption {
+    inherit description;
+    type = with lib.types; attrsOf str;
+    default = { };
+    example = { name = "x86_64-linux"; };
+  };
+in
+{
+  options = {
+    hosts = {
+      darwin = mkHostsOption "Darwin hosts";
+
+      homes = mkHostsOption "Home Manager hosts";
+
+      nixos = mkHostsOption "NixOS hosts";
+    };
+  };
+}
--- a/flake/nixos.nix
+++ b/flake/nixos.nix
@ -1,4 +1,4 @@
-{ self, inputs, lib, ... }:
+{ self, config, inputs, lib, ... }:
 let
  defaultModules = [
    {
@ -12,6 +12,8 @@ let
    }
    # Include generic settings
    "${self}/modules/nixos"
+    # Import common modules
+    "${self}/modules/common"
  ];

  buildHost = name: system: lib.nixosSystem {
@ -30,8 +32,12 @@ let
  };
 in
 {
-  flake.nixosConfigurations = lib.mapAttrs buildHost {
-    aramis = "x86_64-linux";
-    porthos = "x86_64-linux";
+  config = {
+    hosts.nixos = {
+      aramis = "x86_64-linux";
+      porthos = "x86_64-linux";
+    };
+
+    flake.nixosConfigurations = lib.mapAttrs buildHost config.hosts.nixos;
  };
 }
--- a/flake/overlays.nix
+++ b/flake/overlays.nix
@ -1,4 +1,4 @@
-{ self, lib, ... }:
+{ self, ... }:
 let
  default-overlays = import "${self}/overlays";

@ -8,7 +8,7 @@ let

    # Expose my custom packages
    pkgs = _final: prev: {
-      ambroisie = lib.recurseIntoAttrs (import "${self}/pkgs" { pkgs = prev; });
+      ambroisie = prev.recurseIntoAttrs (import "${self}/pkgs" { pkgs = prev; });
    };
  };
 in
--- a/hosts/nixos/aramis/home.nix
+++ b/hosts/nixos/aramis/home.nix
@ -18,7 +18,9 @@
    # Machine specific packages
    packages.additionalPackages = with pkgs; [
      element-desktop # Matrix client
+      jellyfin-media-player # Wraps the webui and mpv together
      pavucontrol # Audio mixer GUI
+      trgui-ng # Transmission remote
    ];
    # Minimal video player
    mpv.enable = true;
@ -26,8 +28,6 @@
    nm-applet.enable = true;
    # Terminal
    terminal.program = "alacritty";
-    # Transmission remote
-    trgui.enable = true;
    # Zathura document viewer
    zathura.enable = true;
  };
--- a/hosts/nixos/porthos/default.nix
+++ b/hosts/nixos/porthos/default.nix
@ -7,6 +7,7 @@
    ./hardware.nix
    ./home.nix
    ./networking.nix
+    ./profiles.nix
    ./secrets
    ./services.nix
    ./system.nix
--- a/hosts/nixos/porthos/profiles.nix
+++ b/hosts/nixos/porthos/profiles.nix
@ -0,0 +1,4 @@
+{ ... }:
+{
+  # Nothing
+}
--- a/hosts/nixos/porthos/secrets/secrets.nix
+++ b/hosts/nixos/porthos/secrets/secrets.nix
@ -83,9 +83,18 @@ in
  "servarr/autobrr/session-secret.age".publicKeys = all;
  "servarr/cross-seed/configuration.json.age".publicKeys = all;

-  "sso/auth-key.age".publicKeys = all;
-  "sso/ambroisie/password-hash.age".publicKeys = all;
-  "sso/ambroisie/totp-secret.age".publicKeys = all;
+  "sso/auth-key.age" = {
+    owner = "nginx-sso";
+    publicKeys = all;
+  };
+  "sso/ambroisie/password-hash.age" = {
+    owner = "nginx-sso";
+    publicKeys = all;
+  };
+  "sso/ambroisie/totp-secret.age" = {
+    owner = "nginx-sso";
+    publicKeys = all;
+  };

  "tandoor-recipes/secret-key.age".publicKeys = all;

--- a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age
+++ b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age
--- a/modules/common/default.nix
+++ b/modules/common/default.nix
@ -0,0 +1,28 @@
+# Modules that are common to various module systems
+# Usually with very small differences, if any, between them.
+{ lib, _class, ... }:
+let
+  allowedClass = [
+    "darwin"
+    "homeManager"
+    "nixos"
+  ];
+
+  allowedClassString = lib.concatStringSep ", " (builtins.map lib.escapeNixString allowedClass);
+in
+{
+  imports = [
+    ./profiles
+  ];
+
+  config = {
+    assertions = [
+      {
+        assertion = builtins.elem _class allowedClass;
+        message = ''
+          `_class` specialArgs must be one of ${allowedClassString}.
+        '';
+      }
+    ];
+  };
+}
--- a/modules/common/profiles/bluetooth/default.nix
+++ b/modules/common/profiles/bluetooth/default.nix
@ -0,0 +1,19 @@
+{ config, lib, _class, ... }:
+let
+  cfg = config.my.profiles.bluetooth;
+in
+{
+  options.my.profiles.bluetooth = with lib; {
+    enable = mkEnableOption "bluetooth profile";
+  };
+
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    (lib.optionalAttrs (_class == "homeManager") {
+      my.home.bluetooth.enable = true;
+    })
+
+    (lib.optionalAttrs (_class == "nixos") {
+      my.hardware.bluetooth.enable = true;
+    })
+  ]);
+}
--- a/modules/common/profiles/default.nix
+++ b/modules/common/profiles/default.nix
@ -0,0 +1,25 @@
+# Configuration that spans across system and home, or are almagations of modules
+{ config, lib, _class, ... }:
+{
+  imports = [
+    ./bluetooth
+    ./devices
+    ./gtk
+    ./laptop
+    ./wm
+    ./x
+  ];
+
+  config = lib.mkMerge [
+    # Transparently enable home-manager profiles as well
+    (lib.optionalAttrs (_class != "homeManager") {
+      home-manager.users.${config.my.user.name} = {
+        config = {
+          my = {
+            inherit (config.my) profiles;
+          };
+        };
+      };
+    })
+  ];
+}
--- a/modules/common/profiles/devices/default.nix
+++ b/modules/common/profiles/devices/default.nix
@ -0,0 +1,22 @@
+{ config, lib, _class, ... }:
+let
+  cfg = config.my.profiles.devices;
+in
+{
+  options.my.profiles.devices = with lib; {
+    enable = mkEnableOption "devices profile";
+  };
+
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    (lib.optionalAttrs (_class == "nixos") {
+      my.hardware = {
+        ergodox.enable = true;
+
+        trackball.enable = true;
+      };
+
+      # MTP devices auto-mount via file explorers
+      services.gvfs.enable = true;
+    })
+  ]);
+}
--- a/modules/common/profiles/gtk/default.nix
+++ b/modules/common/profiles/gtk/default.nix
@ -0,0 +1,21 @@
+{ config, lib, _class, ... }:
+let
+  cfg = config.my.profiles.gtk;
+in
+{
+  options.my.profiles.gtk = with lib; {
+    enable = mkEnableOption "gtk profile";
+  };
+
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    (lib.optionalAttrs (_class == "homeManager") {
+      # GTK theme configuration
+      my.home.gtk.enable = true;
+    })
+
+    (lib.optionalAttrs (_class == "nixos") {
+      # Allow setting GTK configuration using home-manager
+      programs.dconf.enable = true;
+    })
+  ]);
+}
--- a/modules/common/profiles/laptop/default.nix
+++ b/modules/common/profiles/laptop/default.nix
@ -0,0 +1,27 @@
+{ config, lib, _class, ... }:
+let
+  cfg = config.my.profiles.laptop;
+in
+{
+  options.my.profiles.laptop = with lib; {
+    enable = mkEnableOption "laptop profile";
+  };
+
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    (lib.optionalAttrs (_class == "homeManager") {
+      # Enable battery notifications
+      my.home.power-alert.enable = true;
+    })
+
+    (lib.optionalAttrs (_class == "nixos") {
+      # Enable touchpad support
+      services.libinput.enable = true;
+
+      # Enable TLP power management
+      my.services.tlp.enable = true;
+
+      # Enable upower power management
+      my.hardware.upower.enable = true;
+    })
+  ]);
+}
--- a/modules/common/profiles/wm/default.nix
+++ b/modules/common/profiles/wm/default.nix
@ -0,0 +1,38 @@
+{ config, lib, _class, ... }:
+let
+  cfg = config.my.profiles.wm;
+
+  applyWm = wm: configs: lib.mkIf (cfg.windowManager == wm) (lib.my.merge configs);
+in
+{
+  options.my.profiles.wm = with lib; {
+    windowManager = mkOption {
+      type = with types; nullOr (enum [ "i3" ]);
+      default = null;
+      example = "i3";
+      description = "Which window manager to use";
+    };
+  };
+
+  config = lib.mkMerge [
+    (applyWm "i3" [
+      (lib.optionalAttrs (_class == "homeManager") {
+        # i3 settings
+        my.home.wm.windowManager = "i3";
+        # Screenshot tool
+        my.home.flameshot.enable = true;
+        # Auto disk mounter
+        my.home.udiskie.enable = true;
+      })
+
+      (lib.optionalAttrs (_class == "nixos") {
+        # Enable i3
+        services.xserver.windowManager.i3.enable = true;
+        # udiskie fails if it can't find this dbus service
+        services.udisks2.enable = true;
+        # Ensure i3lock can actually unlock the session
+        security.pam.services.i3lock.enable = true;
+      })
+    ])
+  ];
+}
--- a/modules/common/profiles/x/default.nix
+++ b/modules/common/profiles/x/default.nix
@ -0,0 +1,27 @@
+{ config, lib, pkgs, _class, ... }:
+let
+  cfg = config.my.profiles.x;
+in
+{
+  options.my.profiles.x = with lib; {
+    enable = mkEnableOption "X profile";
+  };
+
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    (lib.optionalAttrs (_class == "homeManager") {
+      # X configuration
+      my.home.x.enable = true;
+    })
+
+    (lib.optionalAttrs (_class == "nixos") {
+      # Enable the X11 windowing system.
+      services.xserver.enable = true;
+      # Nice wallpaper
+      services.xserver.displayManager.lightdm.background =
+        let
+          wallpapers = "${pkgs.plasma5Packages.plasma-workspace-wallpapers}/share/wallpapers";
+        in
+        "${wallpapers}/summer_1am/contents/images/2560x1600.jpg";
+    })
+  ]);
+}
--- a/modules/home/atuin/default.nix
+++ b/modules/home/atuin/default.nix
@ -6,6 +6,7 @@ in
  options.my.home.atuin = with lib; {
    enable = my.mkDisableOption "atuin configuration";

+    # I want the full experience by default
    package = mkPackageOption pkgs "atuin" { };

    daemon = {
--- a/modules/home/default.nix
+++ b/modules/home/default.nix
@ -38,7 +38,6 @@
    ./ssh
    ./terminal
    ./tmux
-    ./trgui
    ./udiskie
    ./vim
    ./wget
--- a/modules/home/delta/default.nix
+++ b/modules/home/delta/default.nix
@ -14,34 +14,53 @@ in
  };

  config = lib.mkIf cfg.enable {
-    programs.delta = {
-      enable = true;
+    assertions = [
+      {
+        # For its configuration
+        assertion = cfg.enable -> cfg.git.enable;
+        message = ''
+          `config.my.home.delta` must enable `config.my.home.delta.git` to be
+          properly configured.
+        '';
+      }
+      {
+        assertion = cfg.enable -> config.programs.git.enable;
+        message = ''
+          `config.my.home.delta` relies on `config.programs.git` to be
+          enabled.
+        '';
+      }
+    ];

-      inherit (cfg) package;
+    home.packages = [ cfg.package ];

-      enableGitIntegration = cfg.git.enable;
+    programs.git = lib.mkIf cfg.git.enable {
+      delta = {
+        enable = true;
+        inherit (cfg) package;

-      options = {
-        features = "diff-highlight decorations";
+        options = {
+          features = "diff-highlight decorations";

-        # Less jarring style for `diff-highlight` emulation
-        diff-highlight = {
-          minus-style = "red";
-          minus-non-emph-style = "red";
-          minus-emph-style = "bold red 52";
+          # Less jarring style for `diff-highlight` emulation
+          diff-highlight = {
+            minus-style = "red";
+            minus-non-emph-style = "red";
+            minus-emph-style = "bold red 52";

-          plus-style = "green";
-          plus-non-emph-style = "green";
-          plus-emph-style = "bold green 22";
+            plus-style = "green";
+            plus-non-emph-style = "green";
+            plus-emph-style = "bold green 22";

-          whitespace-error-style = "reverse red";
-        };
+            whitespace-error-style = "reverse red";
+          };

-        # Personal preference for easier reading
-        decorations = {
-          commit-style = "raw"; # Do not recolor meta information
-          keep-plus-minus-markers = true;
-          paging = "always";
+          # Personal preference for easier reading
+          decorations = {
+            commit-style = "raw"; # Do not recolor meta information
+            keep-plus-minus-markers = true;
+            paging = "always";
+          };
        };
      };
    };
--- a/modules/home/discord/default.nix
+++ b/modules/home/discord/default.nix
@ -1,6 +1,8 @@
 { config, lib, pkgs, ... }:
 let
  cfg = config.my.home.discord;
+
+  jsonFormat = pkgs.formats.json { };
 in
 {
  options.my.home.discord = with lib; {
@ -10,15 +12,14 @@ in
  };

  config = lib.mkIf cfg.enable {
-    programs.discord = {
-      enable = true;
+    home.packages = with pkgs; [
+      cfg.package
+    ];

-      inherit (cfg) package;
-
-      settings = {
+    xdg.configFile."discord/settings.json".source =
+      jsonFormat.generate "discord.json" {
        # Do not keep me from using the app just to force an update
        SKIP_HOST_UPDATE = true;
      };
-    };
  };
 }
--- a/modules/home/git/default.nix
+++ b/modules/home/git/default.nix
@ -21,31 +21,29 @@ in
  config.programs.git = lib.mkIf cfg.enable {
    enable = true;

+    # Who am I?
+    userEmail = mkMailAddress "bruno" "belanyi.fr";
+    userName = "Bruno BELANYI";
+
    inherit (cfg) package;

+    aliases = {
+      git = "!git";
+      lol = "log --graph --decorate --pretty=oneline --abbrev-commit --topo-order";
+      lola = "lol --all";
+      assume = "update-index --assume-unchanged";
+      unassume = "update-index --no-assume-unchanged";
+      assumed = "!git ls-files -v | grep ^h | cut -c 3-";
+      pick = "log -p -G";
+      push-new = "!git push -u origin "
+        + ''"$(git branch | grep '^* ' | cut -f2- -d' ')"'';
+      root = "git rev-parse --show-toplevel";
+    };
+
    lfs.enable = true;

    # There's more
-    settings = {
-      # Who am I?
-      user = {
-        email = mkMailAddress "bruno" "belanyi.fr";
-        name = "Bruno BELANYI";
-      };
-
-      alias = {
-        git = "!git";
-        lol = "log --graph --decorate --pretty=oneline --abbrev-commit --topo-order";
-        lola = "lol --all";
-        assume = "update-index --assume-unchanged";
-        unassume = "update-index --no-assume-unchanged";
-        assumed = "!git ls-files -v | grep ^h | cut -c 3-";
-        pick = "log -p -G";
-        push-new = "!git push -u origin "
-          + ''"$(git branch | grep '^* ' | cut -f2- -d' ')"'';
-        root = "git rev-parse --show-toplevel";
-      };
-
+    extraConfig = {
      # Makes it a bit more readable
      blame = {
        coloring = "repeatedLines";
--- a/modules/home/nix/default.nix
+++ b/modules/home/nix/default.nix
@ -69,7 +69,7 @@ in
        automatic = true;

        # Every week, with some wiggle room
-        dates = "weekly";
+        frequency = "weekly";
        randomizedDelaySec = "10min";

        # Use a persistent timer for e.g: laptops
--- a/modules/home/ssh/default.nix
+++ b/modules/home/ssh/default.nix
@ -17,7 +17,6 @@ in
    {
      programs.ssh = {
        enable = true;
-        enableDefaultConfig = false;

        includes = [
          # Local configuration, not-versioned
@ -54,12 +53,11 @@ in
            identityFile = "~/.ssh/shared_rsa";
            user = "ambroisie";
          };
-
-          # `*` is automatically made the last match block by the module
-          "*" = {
-            addKeysToAgent = "yes";
-          };
        };
+
+        extraConfig = ''
+          AddKeysToAgent yes
+        '';
      };
    }

--- a/modules/home/tmux/default.nix
+++ b/modules/home/tmux/default.nix
@ -48,7 +48,7 @@ in
    keyMode = "vi"; # Home-row keys and other niceties
    clock24 = true; # I'm one of those heathens
    escapeTime = 0; # Let vim do its thing instead
-    historyLimit = 1000000; # Bigger buffer
+    historyLimit = 100000; # Bigger buffer
    mouse = false; # I dislike mouse support
    focusEvents = true; # Report focus events
    terminal = "tmux-256color"; # I want accurate termcap info
@ -61,8 +61,8 @@ in
      pain-control
      # Better session management
      sessionist
-      # X clipboard integration
      {
+        # X clipboard integration
        plugin = yank;
        extraConfig = ''
          # Use 'clipboard' because of misbehaving apps (e.g: firefox)
@ -71,8 +71,8 @@ in
          set -g @yank_action 'copy-pipe'
        '';
      }
-      # Show when prefix has been pressed
      {
+        # Show when prefix has been pressed
        plugin = prefix-highlight;
        extraConfig = ''
          # Also show when I'm in copy or sync mode
--- a/modules/home/trgui/default.nix
+++ b/modules/home/trgui/default.nix
@ -1,17 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  cfg = config.my.home.trgui;
-in
-{
-  options.my.home.trgui = with lib; {
-    enable = mkEnableOption "Transmission GUI onfiguration";
-
-    package = mkPackageOption pkgs "TrguiNG" { default = "trgui-ng"; };
-  };
-
-  config = lib.mkIf cfg.enable {
-    home.packages = with pkgs; [
-      cfg.package
-    ];
-  };
-}
--- a/modules/home/vim/default.nix
+++ b/modules/home/vim/default.nix
@ -80,6 +80,7 @@ in
      nvim-surround # Deal with pairs, now in Lua
      oil-nvim # Better alternative to NetrW
      telescope-fzf-native-nvim # Use 'fzf' fuzzy matching algorithm
+      telescope-lsp-handlers-nvim # Use 'telescope' for various LSP actions
      telescope-nvim # Fuzzy finder interface
      which-key-nvim # Show available mappings
    ];
--- a/modules/home/vim/ftdetect/glsl.lua
+++ b/modules/home/vim/ftdetect/glsl.lua
@ -0,0 +1,7 @@
+-- Use GLSL filetype for common shader file extensions
+vim.filetype.add({
+    extension = {
+        frag = "glsl",
+        vert = "glsl",
+    },
+})
--- a/modules/home/vim/init.vim
+++ b/modules/home/vim/init.vim
@ -81,6 +81,9 @@ set updatetime=250
 " Disable all mouse integrations
 set mouse=

+" Set dark mode by default
+set background=dark
+
 " Setup some overrides for gruvbox
 lua << EOF
 local gruvbox = require("gruvbox")
--- a/modules/home/vim/plugin/settings/lspconfig.lua
+++ b/modules/home/vim/plugin/settings/lspconfig.lua
@ -1,3 +1,4 @@
+local lspconfig = require("lspconfig")
 local lsp = require("ambroisie.lsp")
 local utils = require("ambroisie.utils")

@ -24,27 +25,59 @@ vim.diagnostic.config({
 -- Inform servers we are able to do completion, snippets, etc...
 local capabilities = require("cmp_nvim_lsp").default_capabilities()

-- Shared configuration
-vim.lsp.config("*", {
-    capabilities = capabilities,
-    on_attach = lsp.on_attach,
-})
+-- C/C++
+if utils.is_executable("clangd") then
+    lspconfig.clangd.setup({
+        capabilities = capabilities,
+        on_attach = lsp.on_attach,
+    })
+end

-local servers = {
-    -- C/C++
-    clangd = {},
-    -- Haskell
-    hls = {},
-    -- Nix
-    nil_ls = {},
-    -- Python
-    pyright = {},
-    ruff = {},
-    -- Rust
-    rust_analyzer = {},
-    -- Shell
-    bashls = {
+-- Haskell
+if utils.is_executable("haskell-language-server-wrapper") then
+    lspconfig.hls.setup({
+        capabilities = capabilities,
+        on_attach = lsp.on_attach,
+    })
+end
+
+-- Nix
+if utils.is_executable("nil") then
+    lspconfig.nil_ls.setup({
+        capabilities = capabilities,
+        on_attach = lsp.on_attach,
+    })
+end
+
+-- Python
+if utils.is_executable("pyright") then
+    lspconfig.pyright.setup({
+        capabilities = capabilities,
+        on_attach = lsp.on_attach,
+    })
+end
+
+if utils.is_executable("ruff") then
+    lspconfig.ruff.setup({
+        capabilities = capabilities,
+        on_attach = lsp.on_attach,
+    })
+end
+
+-- Rust
+if utils.is_executable("rust-analyzer") then
+    lspconfig.rust_analyzer.setup({
+        capabilities = capabilities,
+        on_attach = lsp.on_attach,
+    })
+end
+
+-- Shell
+if utils.is_executable("bash-language-server") then
+    lspconfig.bashls.setup({
        filetypes = { "bash", "sh", "zsh" },
+        capabilities = capabilities,
+        on_attach = lsp.on_attach,
        settings = {
            bashIde = {
                shfmt = {
@ -55,17 +88,28 @@ local servers = {
                },
            },
        },
-    },
-    -- Starlark
-    starpls = {},
-    -- Generic
-    harper_ls = {},
-    typos_lsp = {},
-}
-
-for server, config in pairs(servers) do
-    if not vim.tbl_isempty(config) then
-        vim.lsp.config(server, config)
-    end
-    vim.lsp.enable(server)
+    })
+end
+
+-- Starlark
+if utils.is_executable("starpls") then
+    lspconfig.starpls.setup({
+        capabilities = capabilities,
+        on_attach = lsp.on_attach,
+    })
+end
+
+-- Generic
+if utils.is_executable("harper-ls") then
+    lspconfig.harper_ls.setup({
+        capabilities = capabilities,
+        on_attach = lsp.on_attach,
+    })
+end
+
+if utils.is_executable("typos-lsp") then
+    lspconfig.typos_lsp.setup({
+        capabilities = capabilities,
+        on_attach = lsp.on_attach,
+    })
 end
--- a/modules/home/vim/plugin/settings/telescope.lua
+++ b/modules/home/vim/plugin/settings/telescope.lua
@ -23,6 +23,7 @@ telescope.setup({
 })

 telescope.load_extension("fzf")
+telescope.load_extension("lsp_handlers")

 local keys = {
    { "<leader>f", group = "Fuzzy finder" },
--- a/modules/home/xdg/default.nix
+++ b/modules/home/xdg/default.nix
@ -56,7 +56,4 @@ in
    XCOMPOSECACHE = "${dataHome}/X11/xcompose";
    _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java";
  };
-
-  # Some modules *optionally* use `XDG_*_HOME` when told to
-  config.home.preferXdgDirectories = lib.mkIf cfg.enable true;
 }
--- a/modules/home/zsh/default.nix
+++ b/modules/home/zsh/default.nix
@ -1,6 +1,14 @@
 { config, pkgs, lib, ... }:
 let
  cfg = config.my.home.zsh;
+
+  # Have a nice relative path for XDG_CONFIG_HOME, without leading `/`
+  relativeXdgConfig =
+    let
+      noHome = lib.removePrefix config.home.homeDirectory;
+      noSlash = lib.removePrefix "/";
+    in
+    noSlash (noHome config.xdg.configHome);
 in
 {
  options.my.home.zsh = with lib; {
@ -8,22 +16,16 @@ in

    launchTmux = mkEnableOption "auto launch tmux at shell start";

-    completionSync = {
-      enable = mkEnableOption "zsh-completion-sync plugin";
-    };
-
    notify = {
      enable = mkEnableOption "zsh-done notification";

      exclude = mkOption {
        type = with types; listOf str;
        default = [
-          "bat"
          "delta"
          "direnv reload"
          "fg"
          "git (?!push|pull|fetch)"
-          "home-manager (?!switch|build)"
          "htop"
          "less"
          "man"
@ -55,7 +57,7 @@ in

      programs.zsh = {
        enable = true;
-        dotDir = "${config.xdg.configHome}/zsh"; # Don't clutter $HOME
+        dotDir = "${relativeXdgConfig}/zsh"; # Don't clutter $HOME
        enableCompletion = true;

        history = {
@ -72,7 +74,7 @@ in
        plugins = [
          {
            name = "fast-syntax-highlighting";
-            file = "share/zsh/plugins/fast-syntax-highlighting/fast-syntax-highlighting.plugin.zsh";
+            file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh";
            src = pkgs.zsh-fast-syntax-highlighting;
          }
          {
@ -122,18 +124,6 @@ in
      };
    }

-    (lib.mkIf cfg.completionSync.enable {
-      programs.zsh = {
-        plugins = [
-          {
-            name = "zsh-completion-sync";
-            file = "share/zsh-completion-sync/zsh-completion-sync.plugin.zsh";
-            src = pkgs.zsh-completion-sync;
-          }
-        ];
-      };
-    })
-
    (lib.mkIf cfg.notify.enable {
      programs.zsh = {
        plugins = [
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -5,7 +5,6 @@
  imports = [
    ./hardware
    ./home
-    ./profiles
    ./programs
    ./secrets
    ./services
--- a/modules/nixos/home/default.nix
+++ b/modules/nixos/home/default.nix
@ -13,8 +13,13 @@ in

  config = lib.mkIf cfg.enable {
    home-manager = {
-      # Not a fan of out-of-directory imports, but this is a good exception
-      users.${config.my.user.name} = import "${inputs.self}/modules/home";
+      users.${config.my.user.name} = {
+        # Not a fan of out-of-directory imports, but this is a good exception
+        imports = [
+          "${inputs.self}/modules/common"
+          "${inputs.self}/modules/home"
+        ];
+      };

      # Nix Flakes compatibility
      useGlobalPkgs = true;
--- a/modules/nixos/profiles/bluetooth/default.nix
+++ b/modules/nixos/profiles/bluetooth/default.nix
@ -1,15 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.my.profiles.bluetooth;
-in
-{
-  options.my.profiles.bluetooth = with lib; {
-    enable = mkEnableOption "bluetooth profile";
-  };
-
-  config = lib.mkIf cfg.enable {
-    my.hardware.bluetooth.enable = true;
-
-    my.home.bluetooth.enable = true;
-  };
-}
--- a/modules/nixos/profiles/default.nix
+++ b/modules/nixos/profiles/default.nix
@ -1,12 +0,0 @@
-# Configuration that spans across system and home, or are almagations of modules
-{ ... }:
-{
-  imports = [
-    ./bluetooth
-    ./devices
-    ./gtk
-    ./laptop
-    ./wm
-    ./x
-  ];
-}
--- a/modules/nixos/profiles/devices/default.nix
+++ b/modules/nixos/profiles/devices/default.nix
@ -1,20 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.my.profiles.devices;
-in
-{
-  options.my.profiles.devices = with lib; {
-    enable = mkEnableOption "devices profile";
-  };
-
-  config = lib.mkIf cfg.enable {
-    my.hardware = {
-      ergodox.enable = true;
-
-      trackball.enable = true;
-    };
-
-    # MTP devices auto-mount via file explorers
-    services.gvfs.enable = true;
-  };
-}
--- a/modules/nixos/profiles/gtk/default.nix
+++ b/modules/nixos/profiles/gtk/default.nix
@ -1,17 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.my.profiles.gtk;
-in
-{
-  options.my.profiles.gtk = with lib; {
-    enable = mkEnableOption "gtk profile";
-  };
-
-  config = lib.mkIf cfg.enable {
-    # Allow setting GTK configuration using home-manager
-    programs.dconf.enable = true;
-
-    # GTK theme configuration
-    my.home.gtk.enable = true;
-  };
-}
--- a/modules/nixos/profiles/laptop/default.nix
+++ b/modules/nixos/profiles/laptop/default.nix
@ -1,23 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.my.profiles.laptop;
-in
-{
-  options.my.profiles.laptop = with lib; {
-    enable = mkEnableOption "laptop profile";
-  };
-
-  config = lib.mkIf cfg.enable {
-    # Enable touchpad support
-    services.libinput.enable = true;
-
-    # Enable TLP power management
-    my.services.tlp.enable = true;
-
-    # Enable upower power management
-    my.hardware.upower.enable = true;
-
-    # Enable battery notifications
-    my.home.power-alert.enable = true;
-  };
-}
--- a/modules/nixos/profiles/wm/default.nix
+++ b/modules/nixos/profiles/wm/default.nix
@ -1,31 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.my.profiles.wm;
-in
-{
-  options.my.profiles.wm = with lib; {
-    windowManager = mkOption {
-      type = with types; nullOr (enum [ "i3" ]);
-      default = null;
-      example = "i3";
-      description = "Which window manager to use";
-    };
-  };
-
-  config = lib.mkMerge [
-    (lib.mkIf (cfg.windowManager == "i3") {
-      # Enable i3
-      services.xserver.windowManager.i3.enable = true;
-      # i3 settings
-      my.home.wm.windowManager = "i3";
-      # Screenshot tool
-      my.home.flameshot.enable = true;
-      # Auto disk mounter
-      my.home.udiskie.enable = true;
-      # udiskie fails if it can't find this dbus service
-      services.udisks2.enable = true;
-      # Ensure i3lock can actually unlock the session
-      security.pam.services.i3lock.enable = true;
-    })
-  ];
-}
--- a/modules/nixos/profiles/x/default.nix
+++ b/modules/nixos/profiles/x/default.nix
@ -1,23 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  cfg = config.my.profiles.x;
-in
-{
-  options.my.profiles.x = with lib; {
-    enable = mkEnableOption "X profile";
-  };
-
-  config = lib.mkIf cfg.enable {
-    # Enable the X11 windowing system.
-    services.xserver.enable = true;
-    # Nice wallpaper
-    services.xserver.displayManager.lightdm.background =
-      let
-        wallpapers = "${pkgs.kdePackages.plasma-workspace-wallpapers}/share/wallpapers";
-      in
-      "${wallpapers}/summer_1am/contents/images/2560x1600.jpg";
-
-    # X configuration
-    my.home.x.enable = true;
-  };
-}
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@ -38,7 +38,6 @@
    ./servarr
    ./ssh-server
    ./tandoor-recipes
-    ./thelounge
    ./tlp
    ./transmission
    ./vikunja
--- a/modules/nixos/services/homebox/default.nix
+++ b/modules/nixos/services/homebox/default.nix
@ -39,7 +39,7 @@ in

    my.services.backup = {
      paths = [
-        (lib.removePrefix "file://" config.services.homebox.settings.HBOX_STORAGE_CONN_STRING)
+        config.services.homebox.settings.HBOX_STORAGE_DATA
      ];
    };

--- a/modules/nixos/services/matrix/bridges.nix
+++ b/modules/nixos/services/matrix/bridges.nix
@ -1,143 +0,0 @@
-# Matrix bridges for some services I use
-{ config, lib, ... }:
-let
-  cfg = config.my.services.matrix.bridges;
-  synapseCfg = config.services.matrix-synapse;
-
-  domain = config.networking.domain;
-  serverName = synapseCfg.settings.server_name;
-
-  mkBridgeOption = n: lib.mkEnableOption "${n} bridge" // { default = cfg.enable; };
-  mkPortOption = n: default: lib.mkOption {
-    type = lib.types.port;
-    inherit default;
-    example = 8080;
-    description = "${n} bridge port";
-  };
-  mkEnvironmentFileOption = n: lib.mkOption {
-    type = lib.types.str;
-    example = "/run/secret/matrix/${lib.toLower n}-bridge-secrets.env";
-    description = ''
-      Path to a file which should contain the secret values for ${n} bridge.
-
-      Using through the following format:
-
-      ```
-      MATRIX_APPSERVICE_AS_TOKEN=<the_as_value>
-      MATRIX_APPSERVICE_HS_TOKEN=<the_hs_value>
-      ```
-
-      Each bridge should use a different set of secrets, as they each register
-      their own independent double-puppetting appservice.
-    '';
-  };
-in
-{
-  options.my.services.matrix.bridges = with lib; {
-    enable = mkEnableOption "bridges configuration";
-
-    admin = mkOption {
-      type = types.str;
-      default = "ambroisie";
-      example = "admin";
-      description = "Local username for the admin";
-    };
-
-    facebook = {
-      enable = mkBridgeOption "Facebook";
-
-      port = mkPortOption "Facebook" 29321;
-
-      environmentFile = mkEnvironmentFileOption "Facebook";
-    };
-  };
-
-  config = lib.mkMerge [
-    (lib.mkIf cfg.facebook.enable {
-      services.mautrix-meta.instances.facebook = {
-        enable = true;
-        # Automatically register the bridge with synapse
-        registerToSynapse = true;
-
-        # Provide `AS_TOKEN`, `HS_TOKEN`
-        inherit (cfg.facebook) environmentFile;
-
-        settings = {
-          homeserver = {
-            domain = serverName;
-            address = "http://localhost:${toString config.my.services.matrix.port}";
-          };
-
-          appservice = {
-            hostname = "localhost";
-            inherit (cfg.facebook) port;
-            address = "http://localhost:${toString cfg.facebook.port}";
-            public_address = "https://facebook-bridge.${domain}";
-
-            as_token = "$MATRIX_APPSERVICE_AS_TOKEN";
-            hs_token = "$MATRIX_APPSERVICE_HS_TOKEN";
-
-            bot = {
-              username = "fbbot";
-            };
-          };
-
-          backfill = {
-            enabled = true;
-          };
-
-          bridge = {
-            delivery_receipts = true;
-            permissions = {
-              "*" = "relay";
-              ${serverName} = "user";
-              "@${cfg.admin}:${serverName}" = "admin";
-            };
-          };
-
-          database = {
-            type = "postgres";
-            uri = "postgres:///mautrix-meta-facebook?host=/var/run/postgresql/";
-          };
-
-          double_puppet = {
-            secrets = {
-              ${serverName} = "as_token:$MATRIX_APPSERVICE_AS_TOKEN";
-            };
-          };
-
-          network = {
-            # Don't be picky on Facebook/Messenger
-            allow_messenger_com_on_fb = true;
-            displayname_template = ''{{or .DisplayName .Username "Unknown user"}} (FB)'';
-          };
-
-          provisioning = {
-            shared_secret = "disable";
-          };
-        };
-      };
-
-      services.postgresql = {
-        enable = true;
-        ensureDatabases = [ "mautrix-meta-facebook" ];
-        ensureUsers = [{
-          name = "mautrix-meta-facebook";
-          ensureDBOwnership = true;
-        }];
-      };
-
-      systemd.services.mautrix-meta-facebook = {
-        wants = [ "postgres.service" ];
-        after = [ "postgres.service" ];
-      };
-
-      my.services.nginx.virtualHosts = {
-        # Proxy to the bridge
-        "facebook-bridge" = {
-          inherit (cfg.facebook) port;
-        };
-      };
-    })
-  ];
-}
--- a/modules/nixos/services/matrix/default.nix
+++ b/modules/nixos/services/matrix/default.nix
@ -1,49 +1,24 @@
-# Matrix homeserver setup.
+# Matrix homeserver setup, using different endpoints for federation and client
+# traffic. The main trick for this is defining two nginx servers endpoints for
+# matrix.domain.com, each listening on different ports.
+#
+# Configuration shamelessly stolen from [1]
+#
+# [1]: https://github.com/alarsyo/nixos-config/blob/main/services/matrix.nix
 { config, lib, pkgs, ... }:

 let
  cfg = config.my.services.matrix;

-  adminPkg = pkgs.synapse-admin-etkecc;
-
+  federationPort = { public = 8448; private = 11338; };
+  clientPort = { public = 443; private = 11339; };
  domain = config.networking.domain;
  matrixDomain = "matrix.${domain}";
-
-  serverConfig = {
-    "m.server" = "${matrixDomain}:443";
-  };
-  clientConfig = {
-    "m.homeserver" = {
-      "base_url" = "https://${matrixDomain}";
-      "server_name" = domain;
-    };
-    "m.identity_server" = {
-      "base_url" = "https://vector.im";
-    };
-  };
-
-  # ACAO required to allow element-web on any URL to request this json file
-  mkWellKnown = data: ''
-    default_type application/json;
-    add_header Access-Control-Allow-Origin *;
-    return 200 '${builtins.toJSON data}';
-  '';
 in
 {
-  imports = [
-    ./bridges.nix
-  ];
-
  options.my.services.matrix = with lib; {
    enable = mkEnableOption "Matrix Synapse";

-    port = mkOption {
-      type = types.port;
-      default = 8448;
-      example = 8008;
-      description = "Internal port for listeners";
-    };
-
    secretFile = mkOption {
      type = with types; nullOr str;
      default = null;
@ -83,22 +58,22 @@ in
        enable_registration = false;

        listeners = [
+          # Federation
          {
-            inherit (cfg) port;
            bind_addresses = [ "::1" ];
-            type = "http";
-            tls = false;
+            port = federationPort.private;
+            tls = false; # Terminated by nginx.
            x_forwarded = true;
-            resources = [
-              {
-                names = [ "client" ];
-                compress = true;
-              }
-              {
-                names = [ "federation" ];
-                compress = false;
-              }
-            ];
+            resources = [{ names = [ "federation" ]; compress = false; }];
+          }
+
+          # Client
+          {
+            bind_addresses = [ "::1" ];
+            port = clientPort.private;
+            tls = false; # Terminated by nginx.
+            x_forwarded = true;
+            resources = [{ names = [ "client" ]; compress = false; }];
          }
        ];

@ -121,12 +96,19 @@ in
      chat = {
        root = pkgs.element-web.override {
          conf = {
-            default_server_config = clientConfig;
-            show_labs_settings = true;
-            default_country_code = "FR"; # cocorico
-            room_directory = {
+            default_server_config = {
+              "m.homeserver" = {
+                "base_url" = "https://${matrixDomain}";
+                "server_name" = domain;
+              };
+              "m.identity_server" = {
+                "base_url" = "https://vector.im";
+              };
+            };
+            showLabsSettings = true;
+            defaultCountryCode = "FR"; # cocorico
+            roomDirectory = {
              "servers" = [
-                domain
                "matrix.org"
                "mozilla.org"
              ];
@ -134,54 +116,99 @@ in
          };
        };
      };
-      matrix = {
-        # Somewhat unused, but necessary for port collision detection
-        inherit (cfg) port;
-
-        extraConfig = {
-          locations = {
-            # Or do a redirect instead of the 404, or whatever is appropriate
-            # for you. But do not put a Matrix Web client here! See the
-            # Element web section above.
-            "/".return = "404";
-
-            "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}";
-            "/_synapse".proxyPass = "http://[::1]:${toString cfg.port}";
-
-            "= /admin".return = "307 /admin/";
-            "/admin/" = {
-              alias = "${adminPkg}/";
-              priority = 500;
-              tryFiles = "$uri $uri/ /index.html";
-            };
-            "~ ^/admin/.*\\.(?:css|js|jpg|jpeg|gif|png|svg|ico|woff|woff2|ttf|eot|webp)$" = {
-              priority = 400;
-              root = adminPkg;
-              extraConfig = ''
-                rewrite ^/admin/(.*)$ /$1 break;
-                expires 30d;
-                more_set_headers "Cache-Control: public";
-              '';
-            };
-          };
-        };
+      # Dummy VHosts for port collision detection
+      matrix-federation = {
+        port = federationPort.private;
+      };
+      matrix-client = {
+        port = clientPort.private;
      };
    };

-    # Setup well-known locations
+    # Those are too complicated to use my wrapper...
    services.nginx.virtualHosts = {
+      ${matrixDomain} = {
+        onlySSL = true;
+        useACMEHost = domain;
+
+        locations =
+          let
+            proxyToClientPort = {
+              proxyPass = "http://[::1]:${toString clientPort.private}";
+            };
+          in
+          {
+            # Or do a redirect instead of the 404, or whatever is appropriate
+            # for you. But do not put a Matrix Web client here! See the
+            # Element web section below.
+            "/".return = "404";
+
+            "/_matrix" = proxyToClientPort;
+            "/_synapse/client" = proxyToClientPort;
+          };
+
+        listen = [
+          { addr = "0.0.0.0"; port = clientPort.public; ssl = true; }
+          { addr = "[::]"; port = clientPort.public; ssl = true; }
+        ];
+
+      };
+
+      # same as above, but listening on the federation port
+      "${matrixDomain}_federation" = {
+        onlySSL = true;
+        serverName = matrixDomain;
+        useACMEHost = domain;
+
+        locations."/".return = "404";
+
+        locations."/_matrix" = {
+          proxyPass = "http://[::1]:${toString federationPort.private}";
+        };
+
+        listen = [
+          { addr = "0.0.0.0"; port = federationPort.public; ssl = true; }
+          { addr = "[::]"; port = federationPort.public; ssl = true; }
+        ];
+      };
+
      "${domain}" = {
        forceSSL = true;
        useACMEHost = domain;

-        locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
-        locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
+        locations."= /.well-known/matrix/server".extraConfig =
+          let
+            server = { "m.server" = "${matrixDomain}:${toString federationPort.public}"; };
+          in
+          ''
+            add_header Content-Type application/json;
+            return 200 '${builtins.toJSON server}';
+          '';
+
+        locations."= /.well-known/matrix/client".extraConfig =
+          let
+            client = {
+              "m.homeserver" = { "base_url" = "https://${matrixDomain}"; };
+              "m.identity_server" = { "base_url" = "https://vector.im"; };
+            };
+            # ACAO required to allow element-web on any URL to request this json file
+          in
+          ''
+            add_header Content-Type application/json;
+            add_header Access-Control-Allow-Origin *;
+            return 200 '${builtins.toJSON client}';
+          '';
      };
    };

    # For administration tools.
    environment.systemPackages = [ pkgs.matrix-synapse ];

+    networking.firewall.allowedTCPPorts = [
+      clientPort.public
+      federationPort.public
+    ];
+
    my.services.backup = {
      paths = [
        config.services.matrix-synapse.dataDir
--- a/modules/nixos/services/mealie/default.nix
+++ b/modules/nixos/services/mealie/default.nix
@ -32,7 +32,6 @@ in
        BASE_URL = "https://mealie.${config.networking.domain}";
        TZ = config.time.timeZone;
        ALLOw_SIGNUP = "false";
-        TOKEN_TIME = 24 * 180; # 180 days
      };

      # Automatic PostgreSQL provisioning
@ -54,12 +53,6 @@ in
      };
    };

-    my.services.backup = {
-      paths = [
-        "/var/lib/mealie"
-      ];
-    };
-
    services.fail2ban.jails = {
      mealie = ''
        enabled = true
--- a/modules/nixos/services/nextcloud/collabora.nix
+++ b/modules/nixos/services/nextcloud/collabora.nix
@ -16,12 +16,6 @@ in
  };

  config = lib.mkIf cfg.enable {
-    services.nextcloud = {
-      extraApps = {
-        inherit (config.services.nextcloud.package.packages.apps) richdocuments;
-      };
-    };
-
    services.collabora-online = {
      enable = true;
      inherit (cfg) port;
--- a/modules/nixos/services/nextcloud/default.nix
+++ b/modules/nixos/services/nextcloud/default.nix
@ -35,7 +35,7 @@ in
  config = lib.mkIf cfg.enable {
    services.nextcloud = {
      enable = true;
-      package = pkgs.nextcloud32;
+      package = pkgs.nextcloud31;
      hostName = "nextcloud.${config.networking.domain}";
      home = "/var/lib/nextcloud";
      maxUploadSize = cfg.maxSize;
@ -62,16 +62,6 @@ in
        # Allow using the push service without hard-coding my IP in the configuration
        bendDomainToLocalhost = true;
      };
-
-      extraApps = {
-        inherit (config.services.nextcloud.package.packages.apps)
-          calendar
-          contacts
-          deck
-          tasks
-          ;
-        # notify_push is automatically installed by the module
-      };
    };

    # The service above configures the domain, no need for my wrapper
--- a/modules/nixos/services/nginx/default.nix
+++ b/modules/nixos/services/nginx/default.nix
@ -444,7 +444,7 @@ in
        };
    };

-    systemd.services."acme-order-renew-${domain}" = {
+    systemd.services."acme-${domain}" = {
      serviceConfig = {
        Environment = [
          # Since I do a "weird" setup with a wildcard CNAME
--- a/modules/nixos/services/tandoor-recipes/default.nix
+++ b/modules/nixos/services/tandoor-recipes/default.nix
@ -26,16 +26,18 @@ in
    services.tandoor-recipes = {
      enable = true;

-      database = {
-        createLocally = true;
-      };
-
      port = cfg.port;
      extraConfig =
        let
          tandoorRecipesDomain = "recipes.${config.networking.domain}";
        in
        {
+          # Use PostgreSQL
+          DB_ENGINE = "django.db.backends.postgresql";
+          POSTGRES_HOST = "/run/postgresql";
+          POSTGRES_USER = "tandoor_recipes";
+          POSTGRES_DB = "tandoor_recipes";
+
          # Security settings
          ALLOWED_HOSTS = tandoorRecipesDomain;
          CSRF_TRUSTED_ORIGINS = "https://${tandoorRecipesDomain}";
@ -47,12 +49,27 @@ in

    systemd.services = {
      tandoor-recipes = {
+        after = [ "postgresql.target" ];
+        requires = [ "postgresql.target" ];
+
        serviceConfig = {
          EnvironmentFile = cfg.secretKeyFile;
        };
      };
    };

+    # Set-up database
+    services.postgresql = {
+      enable = true;
+      ensureDatabases = [ "tandoor_recipes" ];
+      ensureUsers = [
+        {
+          name = "tandoor_recipes";
+          ensureDBOwnership = true;
+        }
+      ];
+    };
+
    my.services.nginx.virtualHosts = {
      recipes = {
        inherit (cfg) port;
--- a/modules/nixos/services/thelounge/default.nix
+++ b/modules/nixos/services/thelounge/default.nix
@ -1,59 +0,0 @@
-# Web IRC client
-{ config, lib, ... }:
-let
-  cfg = config.my.services.thelounge;
-in
-{
-  options.my.services.thelounge = with lib; {
-    enable = mkEnableOption "The Lounge, a self-hosted web IRC client";
-
-    port = mkOption {
-      type = types.port;
-      default = 9050;
-      example = 4242;
-      description = "The port on which The Lounge will listen for incoming HTTP traffic.";
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    services.thelounge = {
-      enable = true;
-      inherit (cfg) port;
-
-      extraConfig = {
-        reverseProxy = true;
-      };
-    };
-
-    my.services.nginx.virtualHosts = {
-      irc = {
-        inherit (cfg) port;
-        # Proxy websockets for RPC
-        websocketsLocations = [ "/" ];
-
-        extraConfig = {
-          locations."/".extraConfig = ''
-            proxy_read_timeout 1d;
-          '';
-        };
-      };
-    };
-
-    services.fail2ban.jails = {
-      thelounge = ''
-        enabled = true
-        filter = thelounge
-        port = http,https
-      '';
-    };
-
-    environment.etc = {
-      "fail2ban/filter.d/thelounge.conf".text = ''
-        [Definition]
-        failregex = Authentication failed for user .* from <HOST>$
-                    Authentication for non existing user attempted from <HOST>$
-        journalmatch = _SYSTEMD_UNIT=thelounge.service
-      '';
-    };
-  };
-}
--- a/modules/nixos/services/transmission/default.nix
+++ b/modules/nixos/services/transmission/default.nix
@ -71,14 +71,10 @@ in
      };
    };

+    # Transmission wants to eat *all* my RAM if left to its own devices
    systemd.services.transmission = {
      serviceConfig = {
-        # Transmission wants to eat *all* my RAM if left to its own devices
        MemoryMax = "33%";
-        # Avoid errors due to high number of open files.
-        LimitNOFILE = 1048576;
-        # Longer stop timeout to finish all torrents
-        TimeoutStopSec = "5m";
      };
    };

--- a/pkgs/comma/comma
+++ b/pkgs/comma/comma
@ -12,9 +12,9 @@ usage() {

 find_program() {
    local CANDIDATE
-    CANDIDATE="$(nix-locate --minimal --at-root --whole-name "/bin/$1")"
+    CANDIDATE="$(nix-locate --top-level --minimal --at-root --whole-name "/bin/$1")"
    if [ "$(printf '%s\n' "$CANDIDATE" | wc -l)" -gt 1 ]; then
-        CANDIDATE="$(printf '%s' "$CANDIDATE" | "${COMMA_PICKER:-fzf-tmux}")"
+        CANDIDATE="$(printf '%s' "$CANDIDATE" | fzf-tmux)"
    fi
    printf '%s' "$CANDIDATE"
 }
--- a/pkgs/lohr/default.nix
+++ b/pkgs/lohr/default.nix
@ -10,6 +10,7 @@ rustPlatform.buildRustPackage rec {
    hash = "sha256-dunQgtap+XCK5LoSyOqIY/6p6HizBeiyPWNuCffwjDU=";
  };

+  useFetchCargoVendor = true;
  cargoHash = "sha256-R3/N/43+bGx6acE/rhBcrk6kS5zQu8NJ1sVvKJJkK9w=";

  meta = with lib; {
Author	SHA1	Message	Date
Bruno BELANYI	2c0062bf51	flake: home-manager: export NixOS homes All checks were successful ci/woodpecker/push/check Pipeline was successful Details And here is what the last few commits were building up to. This is neat, but won't be useful very often.	2025-07-07 15:08:04 +00:00
Bruno BELANYI	31effae175	flake: home-manager: refactor 'mkHome' This will allow making a similar function for NixOS homes.	2025-07-07 15:08:04 +00:00
Bruno BELANYI	87ba726b18	flake: home-manager: use 'hosts' option	2025-07-07 15:08:04 +00:00
Bruno BELANYI	9e35764e0c	flake: nixos: use 'hosts' option	2025-07-07 15:08:04 +00:00
Bruno BELANYI	1c86c85c56	flake: add hosts This will allow other modules to cross-reference which hosts exist on which system. My main use-case is to automatically declare home-manager configuration for the home configuration of NixOS hosts. I also include Darwin in case I ever want to use that in the future, though that is unlikely for the moment.	2025-07-07 15:08:04 +00:00
Bruno BELANYI	7ac78ca260	hosts: nixos: porthos: add profiles	2025-07-07 15:08:04 +00:00
Bruno BELANYI	d181f3a719	common: profiles: forward profiles to home-manager We can only do this now that every profile has been migrated, otherwise we would get errors about undeclared modules... It's not perfect, but it's good enough.	2025-07-07 15:08:04 +00:00
Bruno BELANYI	2a6696bafc	common: profiles: migrate X	2025-07-07 15:08:03 +00:00
Bruno BELANYI	75f1776916	common: profiles: migrate wm	2025-07-07 15:08:03 +00:00
Bruno BELANYI	b1be9f20d9	common: profiles: migrate laptop	2025-07-07 15:08:03 +00:00
Bruno BELANYI	a68c26c6ef	common: profiles: migrate gtk	2025-07-07 15:08:03 +00:00
Bruno BELANYI	9ee0cb3287	common: profiles: migrate devices	2025-07-07 15:08:03 +00:00
Bruno BELANYI	e01c8330d6	common: profiles: migrate bluetooth	2025-07-07 15:08:03 +00:00
Bruno BELANYI	033b0e8a57	common: add profiles I will be migrating each sub-module one by one.	2025-07-07 15:08:03 +00:00
Bruno BELANYI	27a486bf5c	flake: nixos: import common modules	2025-07-07 15:08:03 +00:00
Bruno BELANYI	5d706dd2dc	flake: home-manager: import common modules	2025-07-07 15:08:03 +00:00
Bruno BELANYI	748e55f1a6	nixos: home: import common modules	2025-07-07 15:08:03 +00:00
Bruno BELANYI	2ed60a227e	modules: add common This should define modules that are identical, or very similar. The driving force is to be able to use `my.profiles` on home-manager and NixOS without repeating myself. In the future I might migrate other modules, such as `nixos/system/nix`...	2025-07-07 15:08:02 +00:00