feat(gallifrey): enable mu

default.nix

@@ -1,12 +1,6 @@
 let
   inputs = import ./lon.nix;
-  patches = import inputs.nix-patches { patchFile = ./patches; };
-  inputs_final = inputs // {
-    nixpkgs_patched = patches.mkNixpkgsSrc {
-      src = inputs.unstable;
-      version = "nixos-unstable";
-    };
-  };
+  inputs_final = inputs;
   dnsLib = (import inputs.dns).lib;
   lib = (import "${inputs.nixpkgs}/lib").extend (import ./lib inputs_final self.profiles dnsLib);
   mkLibForMachine =

home-manager-modules/mails/default.nix

@@ -14,14 +14,29 @@ with lib;
   };
 
   config = mkIf cfg.enable {
-    home.packages = [ pkgs.notmuch-addrlookup ];
+
+    age.secrets.work-mail-pw = {
+      file = ../../secrets/work-mail-pw.age;
+    };
+
+    age.secrets.dgnum-mail-pw = {
+      file = ../../secrets/dgnum-mail-pw.age;
+    };
+
+    age.secrets.telecom-mail-pw = {
+      file = ../../secrets/telecom-mail-pw.age;
+    };
+
+    age.secrets.ens-mail-pw = {
+      file = ../../secrets/ens-mail-pw.age;
+    };
+
     programs.mbsync.enable = true;
-    programs.neomutt.enable = true;
-    programs.neomutt.package = pkgs.stable.neomutt;
+    programs.mbsync.package = pkgs.stable.isync;
     programs.msmtp.enable = true;
     accounts.email = {
       accounts.ens = {
-        notmuch.enable = true;
+        folders.inbox = "INBOX";
         address = "julien.malka@ens.fr";
         imap.host = "clipper.ens.fr";
         mbsync = {
@@ -34,14 +49,14 @@ with lib;
         msmtp.enable = true;
         primary = true;
         realName = "Julien Malka";
-        passwordCommand = "${pkgs.coreutils}/bin/cat /home/julien/.config/ens-mail-pw";
+        passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.ens-mail-pw.path}";
         smtp = {
           host = "clipper.ens.fr";
         };
         userName = "jmalka";
       };
       accounts.work = {
-        notmuch.enable = true;
+        folders.inbox = "INBOX";
         address = "julien@malka.sh";
         imap.host = "mail.luj.fr";
         mbsync = {
@@ -54,7 +69,7 @@ with lib;
         msmtp.enable = true;
         primary = false;
         realName = "Julien Malka";
-        passwordCommand = "${pkgs.coreutils}/bin/cat /home/julien/.config/work-mail-pw";
+        passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.work-mail-pw.path}";
         smtp = {
           host = "mail.luj.fr";
         };
@@ -62,7 +77,7 @@ with lib;
       };
 
       accounts.telecom = {
-        notmuch.enable = true;
+        folders.inbox = "INBOX";
         address = "julien.malka@telecom-paris.fr";
         imap.host = "z.imt.fr";
         mbsync = {
@@ -75,7 +90,7 @@ with lib;
         msmtp.enable = true;
         primary = false;
         realName = "Julien Malka";
-        passwordCommand = "${pkgs.coreutils}/bin/cat /home/julien/.config/telecom-mail-pw";
+        passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.telecom-mail-pw.path}";
         smtp = {
           host = "z.imt.fr";
         };
@@ -83,7 +98,7 @@ with lib;
       };
 
       accounts.dgnum = {
-        notmuch.enable = true;
+        folders.inbox = "INBOX";
         address = "luj@dgnum.eu";
         imap.host = "kurisu.lahfa.xyz";
         mbsync = {
@@ -96,7 +111,7 @@ with lib;
         msmtp.enable = true;
         primary = false;
         realName = "Julien Malka";
-        passwordCommand = "${pkgs.coreutils}/bin/cat /home/julien/.config/dgnum-mail-pw";
+        passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.dgnum-mail-pw.path}";
         smtp = {
           host = "kurisu.lahfa.xyz";
         };
@@ -110,58 +125,6 @@ with lib;
       frequency = "minutely";
       verbose = true;
     };
-    services.mbsync.postExec = "${pkgs.notmuch}/bin/notmuch new";
-    programs.notmuch = {
-      enable = true;
-      new.tags = [ ];
-      hooks.postNew = ''
-        # julien@malka.sh
-        notmuch tag +work-inbox -- folder:work/Inbox
-        notmuch tag +work-lobsters -- folder:work/Inbox/lobsters
-        notmuch tag +work-dn42  -- folder:work/Inbox/dn42
-        notmuch tag +work-fosdem -- folder:work/Inbox/fosdem
-        notmuch tag +work-frnog -- folder:work/Inbox/frnog
-        notmuch tag +work-github -- folder:work/Inbox/github
-        notmuch tag +work-netdata -- folder:work/Inbox/netdata
-        notmuch tag +work-nixos-discourse -- folder:work/Inbox/nixos-discourse
-        notmuch tag +work-proxmox -- folder:work/Inbox/proxmox
-
-        #julien.malka@ens.fr
-        notmuch tag +ens-inbox path:ens/Inbox/**
-        notmuch tag +ens-bilan-carbone -ens-inbox -- path:ens/Bilan-Carbone/**
-        notmuch tag +ens-dg -ens-inbox -- path:ens/DG/**
-        notmuch tag +ens-cof -ens-inbox -- path:ens/COF/**
-        notmuch tag +ens-fanfare -ens-inbox -- path:ens/Fanfare/**
-        notmuch tag +ens-kfet -ens-inbox -- path:ens/K-Fet/**
-
-
-        #julien.malka@telecom-paris.fr
-        notmuch tag +telecom-inbox -- folder:telecom/Inbox
-        notmuch tag +telecom-gdr-gpl -- folder:telecom/Inbox/gdr-gpl
-        notmuch tag +telecom-gdr-sec -- folder:telecom/Inbox/gdr-sec
-        notmuch tag +telecom-infres-tous -- folder:telecom/Inbox/infres-tous
-        notmuch tag +telecom-tous -- folder:telecom/Inbox/telecom-tous
-
-        #luj@dgnum.eu
-        notmuch tag +dgnum-inbox path:dgnum/Inbox/**
-        notmuch tag +dgnum-bureau -dgnum-inbox -- path:dgnum/Inbox/Bureau/**
-        notmuch tag +dgnum-nixcon -dgnum-inbox -- path:dgnum/Inbox/NixCon/**
-
-        ${pkgs.notifymuch}/bin/notifymuch
-
-      '';
-    };
-
-    xdg.configFile = {
-      "neomutt/neomuttrc".source = lib.mkForce ./neomuttrc;
-      "neomutt/dracula.muttrc".source = lib.mkForce ./dracula.muttrc;
-      "neomutt/ens.profile".source = lib.mkForce ./ens.profile;
-      "neomutt/telecom.profile".source = lib.mkForce ./telecom.profile;
-      "neomutt/work.profile".source = lib.mkForce ./work.profile;
-      "neomutt/discourse.profile".source = lib.mkForce ./discourse.profile;
-      "neomutt/dgnum.profile".source = lib.mkForce ./dgnum.profile;
-      "notifymuch/notifymuch.cfg".source = lib.mkForce ./notifymuch;
-    };
 
   };
 }

home-manager-modules/mails/dgnum.profile

@@ -1,3 +0,0 @@
-set from = "julien.malka@dgnum.eu"
-set record=+dgnum/Sent
-set collapse_unread = no

home-manager-modules/mails/discourse.profile

@@ -1,4 +0,0 @@
-set collapse_unread = yes
-set from = "julien@malka.sh"
-set record= +work/Sent
-

home-manager-modules/mails/dracula.muttrc

@@ -1,42 +0,0 @@
-###############################################################################
-# Dracula Theme for Mutt: https://draculatheme.com/
-#
-# @author Paul Townsend <paul@caprica.org>
-
-# general ------------ foreground ---- background -----------------------------
-color error		color231	color212
-color indicator		color231	color241
-color markers		color210	default
-color message		default		default
-color normal		default		default
-color prompt		default	        default
-color search		color84		default
-color status 		color141	color236
-color tilde		color231	default
-color tree		color141	default
-
-# message index ------ foreground ---- background -----------------------------
-color index		color210	default 	~D # deleted messages
-color index		color84		default 	~F # flagged messages
-color index		color117	default 	~N # new messages
-color index		color212	default 	~Q # messages which have been replied to
-color index		color215	default 	~T # tagged messages
-color index		color141	default		~v # messages part of a collapsed thread
-
-# message headers ---- foreground ---- background -----------------------------
-color hdrdefault	color117	default
-color header		color231	default		^Subject:.*
-
-# message body ------- foreground ---- background -----------------------------
-color attachment	color228	default
-color body		color231	default		[\-\.+_a-zA-Z0-9]+@[\-\.a-zA-Z0-9]+               # email addresses
-color body		color228	default		(https?|ftp)://[\-\.,/%~_:?&=\#a-zA-Z0-9]+        # URLs
-color body		color231	default		(^|[[:space:]])\\*[^[:space:]]+\\*([[:space:]]|$) # *bold* text
-color body		color231	default		(^|[[:space:]])_[^[:space:]]+_([[:space:]]|$)     # _underlined_ text
-color body		color231	default		(^|[[:space:]])/[^[:space:]]+/([[:space:]]|$)     # /italic/ text
-color quoted		color61		default
-color quoted1		color117	default
-color quoted2		color84		default
-color quoted3		color215	default
-color quoted4		color212	default
-color signature		color212	default

home-manager-modules/mails/ens.profile

@@ -1,4 +0,0 @@
-set from = "julien.malka@ens.fr"
-set record="+ens/Sent\ Messages"
-set collapse_unread = no
-

home-manager-modules/mails/neomuttrc

@@ -1,122 +0,0 @@
-set from = "julien@malka.sh"
-# Nom complet de l'expéditeur
-set realname = "Julien Malka"
-# Génération du champs from
-set use_from = yes
-
-set edit_headers=yes
-set reverse_name
-set mark_old=no
-set editor = "nvim -c 'set tw=72' -c 'set wrap'"
-#set editor="vim +':set textwidth=0' +':set wrapmargin=0' +':set wrap'"
-#set wrap="72"
-set folder = ~/Maildir
-
-#set spoolfile=/home/julien/Maildir/ens/Inbox
-set mbox_type=Maildir
-set virtual_spoolfile=yes
-set header_cache=~/.cache/mutt
-set sidebar_visible = yes
-#set record = "+Sent\ Messages"
-set nm_unread_tag = unread
-set mail_check_stats=yes
-set sidebar_short_path = yes
-
-
-set timeout=10
-set mail_check=10
-named-mailboxes "-----work-----" =sep1
-virtual-mailboxes "inbox" "notmuch://?query=tag:work-inbox
-virtual-mailboxes "dn42" "notmuch://?query=tag:work-dn42
-virtual-mailboxes "fosdem" "notmuch://?query=tag:work-fosdem
-virtual-mailboxes "frnog" "notmuch://?query=tag:work-frnog
-virtual-mailboxes "github" "notmuch://?query=tag:work-github
-virtual-mailboxes "lobsters" "notmuch://?query=tag:work-lobsters
-virtual-mailboxes "netdata" "notmuch://?query=tag:work-netdata
-virtual-mailboxes "nixos-discourse" "notmuch://?query=tag:work-nixos-discourse
-virtual-mailboxes "proxmox" "notmuch://?query=tag:work-proxmox
-
-named-mailboxes "-----ens-----" =sep2
-virtual-mailboxes "inbox" "notmuch://?query=tag:ens-inbox
-virtual-mailboxes "bilan-carbone" "notmuch://?query=tag:ens-bilan-carbone
-virtual-mailboxes "cof" "notmuch://?query=tag:ens-cof
-virtual-mailboxes "dg" "notmuch://?query=tag:ens-dg
-virtual-mailboxes "kfet" "notmuch://?query=tag:ens-kfet
-
-named-mailboxes "---telecom---" =sep3
-virtual-mailboxes "inbox" "notmuch://?query=tag:telecom-inbox
-virtual-mailboxes "gdr-gpl" "notmuch://?query=tag:telecom-gdr-gpl
-virtual-mailboxes "gdr-sec" "notmuch://?query=tag:telecom-gdr-sec
-virtual-mailboxes "tous" "notmuch://?query=tag:telecom-tous
-virtual-mailboxes "infres-tous" "notmuch://?query=tag:telecom-infres-tous
-
-named-mailboxes "----dgnum----" =sep4
-virtual-mailboxes "inbox" "notmuch://?query=tag:dgnum-inbox
-virtual-mailboxes "bureau" "notmuch://?query=tag:dgnum-bureau
-virtual-mailboxes "nixcon" "notmuch://?query=tag:dgnum-nixcon
-
-
-set sidebar_width=15
-set sidebar_divider_char='|'
-# color of folders with new mail
-# ctrl-n, ctrl-p to select next, prev folder# ctrl-o to open selected folder
-bind index \CP sidebar-prev
-bind index \CN sidebar-next
-bind index \CO sidebar-open
-bind pager \CP sidebar-prev
-bind pager \CN sidebar-next
-bind pager \CO sidebar-open
-bind pager \CK previous-line
-set nm_default_url = "notmuch:///home/julien/Maildir"
-
-macro index \\ "<vfolder-from-query>"
-set metoo=yes
-
-set query_command="notmuch-addrlookup --config /home/julien/.config/notmuch/default/config --format=mutt '%s'"
-set text_flowed
-
-set collapse_unread = no
-set collapse_all = yes
-
-bind index - collapse-thread
-
-bind editor <Tab> complete-query
-bind editor ^T complete
-
-
-
-set sort = threads 
-set sort_aux = reverse-last-date-received
-
-
-folder-hook "ens-inbox"  'source ~/.config/neomutt/ens.profile'
-folder-hook "ens-bilan-carbone"  'source ~/.config/neomutt/ens.profile'
-folder-hook "ens-cof"  'source ~/.config/neomutt/ens.profile'
-folder-hook "ens-dg"  'source ~/.config/neomutt/ens.profile'
-folder-hook "ens-kfet"  'source ~/.config/neomutt/ens.profile'
-
-folder-hook "telecom-inbox"  'source ~/.config/neomutt/telecom.profile'
-folder-hook "telecom-gdr-gpl"  'source ~/.config/neomutt/telecom.profile'
-folder-hook "telecom-gdr-sec"  'source ~/.config/neomutt/telecom.profile'
-folder-hook "telecom-infres-tous"  'source ~/.config/neomutt/telecom.profile'
-folder-hook "telecom-tous"  'source ~/.config/neomutt/telecom.profile'
-
-folder-hook "work-nixos-discourse"  'source ~/.config/neomutt/discourse.profile'
-folder-hook "work-dn42"  'source ~/.config/neomutt/work.profile'
-folder-hook "work-frnog"  'source ~/.config/neomutt/work.profile'
-folder-hook "work-inbox"  'source ~/.config/neomutt/work.profile'
-folder-hook "work-github"  'source ~/.config/neomutt/work.profile'
-folder-hook "work-fosdem"  'source ~/.config/neomutt/work.profile'
-folder-hook "work-proxmox"  'source ~/.config/neomutt/work.profile'
-folder-hook "work-netdata"  'source ~/.config/neomutt/work.profile'
-folder-hook "work-lobsters"  'source ~/.config/neomutt/work.profile'
-
-folder-hook "dgnum-inbox"  'source ~/.config/neomutt/dgnum.profile'
-folder-hook "dgnum-bureau"  'source ~/.config/neomutt/dgnum.profile'
-folder-hook "dgnum-nixcon"  'source ~/.config/neomutt/dgnum.profile'
-
-set sidebar_format = '%D%* %?N?(%N)?%*'
-color sidebar_unread yellow default
-
-source dracula.muttrc
-set sendmail = "msmtp"

home-manager-modules/mails/notifymuch

@@ -1,6 +0,0 @@
-[notifymuch]
-query = is:unread and (tag:work-inbox or tag:ens-inbox or tag:telecom-inbox or tag:dgnum-inbox or tag:dgnum-bureau)
-mail_client = kitty -x neomutt -y
-recency_interval_hours = 48
-hidden_tags = inbox unread attachment replied sent encrypted signed
-

home-manager-modules/mails/telecom.profile

@@ -1,3 +0,0 @@
-set from = "julien.malka@telecom-paris.fr"
-set record=+telecom/Sent
-set collapse_unread = no

home-manager-modules/mails/work.profile

@@ -1,4 +0,0 @@
-set from = "julien@malka.sh"
-set record= +work/Sent
-set collapse_unread = no
-

lib/snowfield.nix

@@ -53,7 +53,6 @@
       sshUser = "root";
     };
     pve2 = {
-      subdomains = [ "pve2.luj" ];
       ips = {
         public.ipv4 = "82.67.34.230";
         local.ipv4 = "192.168.1.2";

lon.lock

@@ -37,9 +37,9 @@
       "owner": "zhaofengli",
       "repo": "colmena",
       "branch": "main",
-      "revision": "b0a62f234fae02a006123e661ff70e62af16106b",
-      "url": "https://github.com/zhaofengli/colmena/archive/b0a62f234fae02a006123e661ff70e62af16106b.tar.gz",
-      "hash": "sha256-gyUVsPAWY9AgVKjrNPoowrIr5BvK4gI0UkDXvv8iSxA="
+      "revision": "e3ad42138015fcdf2524518dd564a13145c72ea1",
+      "url": "https://github.com/zhaofengli/colmena/archive/e3ad42138015fcdf2524518dd564a13145c72ea1.tar.gz",
+      "hash": "sha256-dI9I6suECoIAmbS4xcrqF8r2pbmed8WWm5LIF1yWPw8="
     },
     "disko": {
       "type": "GitHub",
@@ -47,9 +47,9 @@
       "owner": "nix-community",
       "repo": "disko",
       "branch": "master",
-      "revision": "09a776702b004fdf9c41a024e1299d575ee18a7d",
-      "url": "https://github.com/nix-community/disko/archive/09a776702b004fdf9c41a024e1299d575ee18a7d.tar.gz",
-      "hash": "sha256-a+Aakkb+amHw4biOZ0iMo8xYl37uUL48YEXIC5PYJ/8="
+      "revision": "2ed5e30fc7e34adf455db8b02b9151d3922a54ea",
+      "url": "https://github.com/nix-community/disko/archive/2ed5e30fc7e34adf455db8b02b9151d3922a54ea.tar.gz",
+      "hash": "sha256-5EYzmoTpem2IB9JWzd41sL98pz3lyyCSTiCjv08i4Uk="
     },
     "dns": {
       "type": "GitHub",
@@ -67,9 +67,9 @@
       "owner": "cachix",
       "repo": "git-hooks.nix",
       "branch": "master",
-      "revision": "3c3e88f0f544d6bb54329832616af7eb971b6be6",
-      "url": "https://github.com/cachix/git-hooks.nix/archive/3c3e88f0f544d6bb54329832616af7eb971b6be6.tar.gz",
-      "hash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI="
+      "revision": "3308484d1a443fc5bc92012435d79e80458fe43c",
+      "url": "https://github.com/cachix/git-hooks.nix/archive/3308484d1a443fc5bc92012435d79e80458fe43c.tar.gz",
+      "hash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE="
     },
     "home-manager": {
       "type": "GitHub",
@@ -87,9 +87,9 @@
       "owner": "nix-community",
       "repo": "home-manager",
       "branch": "master",
-      "revision": "93435d27d250fa986bfec6b2ff263161ff8288cb",
-      "url": "https://github.com/nix-community/home-manager/archive/93435d27d250fa986bfec6b2ff263161ff8288cb.tar.gz",
-      "hash": "sha256-nL9nzNE5/re/P+zOv7NX6bRm5e+DeS1HIufQUJ01w20="
+      "revision": "a9953635d7f34e7358d5189751110f87e3ac17da",
+      "url": "https://github.com/nix-community/home-manager/archive/a9953635d7f34e7358d5189751110f87e3ac17da.tar.gz",
+      "hash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A="
     },
     "homepage": {
       "type": "GitHub",
@@ -107,9 +107,9 @@
       "owner": "nix-community",
       "repo": "impermanence",
       "branch": "master",
-      "revision": "e337457502571b23e449bf42153d7faa10c0a562",
-      "url": "https://github.com/nix-community/impermanence/archive/e337457502571b23e449bf42153d7faa10c0a562.tar.gz",
-      "hash": "sha256-C2sGRJl1EmBq0nO98TNd4cbUy20ABSgnHWXLIJQWRFA="
+      "revision": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a",
+      "url": "https://github.com/nix-community/impermanence/archive/3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a.tar.gz",
+      "hash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw="
     },
     "lanzaboote": {
       "type": "GitHub",
@@ -117,9 +117,9 @@
       "owner": "nix-community",
       "repo": "lanzaboote",
       "branch": "master",
-      "revision": "2fa1368f938b50e35ca87334b5aeba38a3402165",
-      "url": "https://github.com/nix-community/lanzaboote/archive/2fa1368f938b50e35ca87334b5aeba38a3402165.tar.gz",
-      "hash": "sha256-oSr/w/5dvf/8ll6NvQlL7+rrK8wzjIcEMP1LvI4Ag08="
+      "revision": "2f48272f34174fd2a5ab3df4d8a46919247be879",
+      "url": "https://github.com/nix-community/lanzaboote/archive/2f48272f34174fd2a5ab3df4d8a46919247be879.tar.gz",
+      "hash": "sha256-zpmAzrvK8KdssBSwiIwwRxaUJ77oWORbW0XFvgCFpTE="
     },
     "lila": {
       "type": "GitHub",
@@ -147,18 +147,9 @@
       "owner": "mic92",
       "repo": "nix-index-database",
       "branch": "main",
-      "revision": "04f8a11f247ba00263b060fbcdc95484fd046104",
-      "url": "https://github.com/mic92/nix-index-database/archive/04f8a11f247ba00263b060fbcdc95484fd046104.tar.gz",
-      "hash": "sha256-2ntUG+NJKdfhlrh/tF+jOU0fOesO7lm5ZZVSYitsvH8="
-    },
-    "nix-patches": {
-      "type": "Git",
-      "fetchType": "git",
-      "branch": "main",
-      "revision": "e11ba20945f4a867f09d84343c37328288f274b4",
-      "url": "https://git.hubrecht.ovh/hubrecht/nix-patches.git",
-      "hash": "sha256-O23shOv9RePAw5tD+fTg7pzIEK0TcsuMn+NRfglhzLA=",
-      "submodules": false
+      "revision": "f4a5ca5771ba9ca31ad24a62c8d511a405303436",
+      "url": "https://github.com/mic92/nix-index-database/archive/f4a5ca5771ba9ca31ad24a62c8d511a405303436.tar.gz",
+      "hash": "sha256-AGXhwHdJV0q/WNgqwrR2zriubLr785b02FphaBtyt1Q="
     },
     "nixos-anywhere": {
       "type": "GitHub",
@@ -166,9 +157,9 @@
       "owner": "nix-community",
       "repo": "nixos-anywhere",
       "branch": "main",
-      "revision": "51d347d35caec995d36d1450cb5bb183318c7fb7",
-      "url": "https://github.com/nix-community/nixos-anywhere/archive/51d347d35caec995d36d1450cb5bb183318c7fb7.tar.gz",
-      "hash": "sha256-LrCxIU6laEf4JD1QtOBNr+PASY6CbNPpUrjLIUizt+Y="
+      "revision": "80a2e7d6d9816a80fd412befd5f173836e675185",
+      "url": "https://github.com/nix-community/nixos-anywhere/archive/80a2e7d6d9816a80fd412befd5f173836e675185.tar.gz",
+      "hash": "sha256-zcoxeMRGPpOd46dLeo2bgGLkjW5w50VC5DwZlvZD+A4="
     },
     "nixpkgs": {
       "type": "GitHub",
@@ -176,9 +167,9 @@
       "owner": "nixos",
       "repo": "nixpkgs",
       "branch": "nixos-24.05",
-      "revision": "32e940c7c420600ef0d1ef396dc63b04ee9cad37",
-      "url": "https://github.com/nixos/nixpkgs/archive/32e940c7c420600ef0d1ef396dc63b04ee9cad37.tar.gz",
-      "hash": "sha256-BAuPWW+9fa1moZTU+jFh+1cUtmsuF8asgzFwejM4wac="
+      "revision": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
+      "url": "https://github.com/nixos/nixpkgs/archive/e8c38b73aeb218e27163376a2d617e61a2ad9b59.tar.gz",
+      "hash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g="
     },
     "stateless-uptime-kuma": {
       "type": "Git",
@@ -195,9 +186,9 @@
       "owner": "nixos",
       "repo": "nixpkgs",
       "branch": "nixos-unstable",
-      "revision": "2768c7d042a37de65bb1b5b3268fc987e534c49d",
-      "url": "https://github.com/nixos/nixpkgs/archive/2768c7d042a37de65bb1b5b3268fc987e534c49d.tar.gz",
-      "hash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4="
+      "revision": "23e89b7da85c3640bbc2173fe04f4bd114342367",
+      "url": "https://github.com/nixos/nixpkgs/archive/23e89b7da85c3640bbc2173fe04f4bd114342367.tar.gz",
+      "hash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w="
     }
   }
 }

machines/fischer/default.nix

@@ -13,7 +13,7 @@
 
   machine.meta = {
     arch = "x86_64-linux";
-    nixpkgs_version = inputs.nixpkgs_patched;
+    nixpkgs_version = inputs.unstable;
     hm_version = inputs.home-manager-unstable;
     # TODO: Fix colmena deployment
     ips.public.ipv4 = "127.0.0.1";
@@ -157,6 +157,13 @@
     MaxAuthTries 20
   '';
 
+  services.zerotierone = {
+    enable = true;
+    joinNetworks = [
+      "ebe7fbd4451442b0"
+    ];
+  };
+
   # Desktop environment
   programs.xwayland.enable = true;
   programs.hyprland = {

machines/fischer/home-julien.nix

@@ -18,7 +18,7 @@
 
     programs.emacs = {
       enable = true;
-      package = pkgs.emacs30-pgtk;
+      package = pkgs.emacs30;
       extraPackages = epkgs: [
         epkgs.mu4e
       ];
@@ -69,6 +69,7 @@
       emacsPackages.jinx
       hunspellDicts.en_US
       texlive.combined.scheme-full
+      hledger
     ];
 
     fonts.fontconfig.enable = true;

machines/gallifrey/default.nix

@@ -108,8 +108,17 @@
     xorg.xinit
     gnomeExtensions.dash-to-dock
     gnomeExtensions.tailscale-status
+    gnomeExtensions.appindicator
+    gnome-tweaks
+    pkgs.firefoxpwa
   ];
 
+  programs.firefox = {
+    enable = true;
+    package = pkgs.firefox;
+    nativeMessagingHosts.packages = [ pkgs.firefoxpwa ];
+  };
+
   environment.persistence."/persistent" = {
     hideMounts = true;
     directories = [

machines/gallifrey/hardware.nix

@@ -22,7 +22,7 @@
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ ];
   boot.extraModulePackages = [ ];
-  boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.kernelPackages = pkgs.linuxPackages_6_11;
 
   fileSystems."/data" = {
     device = "/dev/disk/by-uuid/4680be45-8156-4bf0-8b0b-e7493aaf37c0";

machines/gallifrey/home-julien.nix

@@ -50,6 +50,8 @@
       plugins = with pkgs; [ obs-studio-plugins.obs-vkcapture ];
     };
 
+    programs.mu.enable = true;
+
     home.packages = with pkgs; [
       du-dust
       kitty
@@ -80,7 +82,6 @@
       texlive.combined.scheme-full
       inochi-creator
       inochi-session
-      chromium
       gh
       ouch
       spotify
@@ -91,6 +92,16 @@
       emacsPackages.jinx
       hunspellDicts.en_US
       rstudio
+      forge-sparks
+      citations
+      blanket
+      fragments
+      metadata-cleaner
+      gnome-obfuscate
+      warp
+      tuba
+      resources
+      notify-client
     ];
 
     fonts.fontconfig.enable = true;
@@ -100,6 +111,8 @@
         ".config/gnome-initial-setup-done"
         ".config/monitors.xml"
         ".config/background"
+        ".cert/nm-openvpn/telecom-paris-ca.pem"
+        ".local/share/com.ranfdev.Notify.sqlite"
       ];
       directories = [
         "Pictures"
@@ -111,23 +124,24 @@
         ".local/share/direnv"
         ".local/state/cosmic-comp"
         ".local/share/atuin"
+        ".local/share/firefoxpwa"
         ".config/Signal"
         ".cache/spotify"
         ".config/spotify"
+        ".config/autostart"
+        ".config/borg"
+        ".config/pika-backup"
+        ".config/Element"
         ".step"
         ".emacs.d"
         ".gnupg"
         "Zotero"
         ".config/dconf"
+        ".local/share/keyrings"
       ];
       allowOther = true;
     };
 
-    programs.firefox = {
-      enable = true;
-      package = pkgs.firefox;
-    };
-
     home.keyboard = {
       layout = "fr";
     };

machines/gustave/pages.nix

@@ -38,9 +38,7 @@
     settingsFile = config.age.secrets."pages-settings-file".path;
   };
 
-  networking.firewall.allowedTCPPorts = [
-    8447
-  ];
+  networking.firewall.allowedTCPPorts = [ 8447 ];
 
   luj.nginx.enable = true;
   services.nginx = {
@@ -51,18 +49,25 @@
 
     defaultListen = [
       {
-        addr = "127.0.0.1";
+        addr = "0.0.0.0";
         port = 8446;
         ssl = true;
         proxyProtocol = true;
       }
       {
         addr = "0.0.0.0";
+        port = 80;
+        ssl = false;
+      }
+      {
+        addr = "[::]";
+        port = 80;
         ssl = false;
       }
     ];
 
     streamConfig = ''
+
       map $ssl_preread_server_name $sni_upstream {
         hostnames;
         default 0.0.0.0:8010;

modules/hmgr/default.nix

@@ -23,7 +23,10 @@ with lib;
           (map (x: ../../home-manager-modules + "/${x}/default.nix") (
             attrNames (readDir ../../home-manager-modules)
           ))
-          ++ [ "${inputs.impermanence}/home-manager.nix" ];
+          ++ [
+            "${inputs.impermanence}/home-manager.nix"
+            "${inputs.agenix}/modules/age-home.nix"
+          ];
         home.username = "${name}";
         home.homeDirectory = "/home/${name}";
         home.stateVersion = "21.05";

modules/nix/default.nix

@@ -1,7 +1,6 @@
 {
   config,
   lib,
-  inputs,
   pkgs,
   ...
 }:
@@ -22,8 +21,8 @@ with lib;
         experimental-features = nix-command flakes
       '';
       nixPath = [
-        "nixpkgs=${inputs.nixpkgs}"
-        "nixos=${inputs.nixpkgs}"
+        "nixpkgs=${config.machine.meta.nixpkgs_version}"
+        "nixos=${config.machine.meta.nixpkgs_version}"
       ];
       settings = {
         builders-use-substitutes = true;

patches/default.nix

@@ -1,2 +0,0 @@
-{
-}

profiles/base.nix

@@ -45,6 +45,7 @@
 
   programs.gnupg.agent.enable = true;
   networking.firewall.enable = true;
+  systemd.services.NetworkManager-wait-online.enable = false;
 
   environment.systemPackages = with pkgs; [
     neovim

secrets/dgnum-mail-pw.age

@@ -0,0 +1,14 @@
+age-encryption.org/v1
+-> ssh-ed25519 u3yXZQ 5PeYNFchlEHtVXEQSG+dC3D+EEP46i71O6T9uuEkD3g
+WS0s5betBaa+jVwSD6cEKR4KBqWwMR6eGnGZvthTrU8
+-> ssh-ed25519 AqX2tg NTnhvcfQ/W1tzezQluexQDtTKAI+6ATLENvxV7pNCCA
+HxbdeKRviWIl4l8VCY2MUnk4uSQg3AuqwIb1xgTySyg
+-> ssh-ed25519 eySVIw v1tXIUlY+stg20QI0uBZK3/17FtSIYTXFPZr4r/KUR0
+GBdyiP3nzDSET4xBYjJfXFXW/Wfs3UTI68BUepwUv9E
+-> ssh-ed25519 ThuR9A zgid7w5dH1ETfDlSLHwy/UhnaFtFTlWqMm5RpjifzCs
+x2+s/vC3MWW5mi9deiu2U+ZvLNEEsql8NxzJgnRlRCM
+-> ssh-ed25519 LFAtBQ l9GhRJTJHugH8W2/r0QwZRRPZqGkRvx8yxTj4TwOV1w
+KzhI8Cs5zj5MMaLNMFdTc2N5qSbFVCK6NpNbGDdqHOU
+--- EFAMmxVPGjYrzXTdBiYCGRv8IGVp3M+DAiJe8jrAG/U
+¾hÊÐZDÎÇ\Ì2ñ|cÙŸ„A7Kà .·éÞ«7Èïå¬0tËã#ì™uÌP^åû¨Þ R@
+ÝœÝ>ü‚Ĩ߲RCª>¢îîÐê6‰ôryø­y<C2AD>Žg

secrets/ens-mail-pw.age

@@ -0,0 +1,14 @@
+age-encryption.org/v1
+-> ssh-ed25519 u3yXZQ xgPFHNqjt5oiwyA6DjbJQwt1OJIwrhaM9rBj8VkfJlQ
+oEFkyDXUMw7h+kKXb6Yrn7SDH2hByFW85blHmtu7opk
+-> ssh-ed25519 AqX2tg LuCm78y0BFQYqbS7xkqBTc+IGl0HlLLsePgIkTsGgkM
+Ebuqvp72OVZE2gXbKpOxr0Awk6zb55xffZYYb43uDHM
+-> ssh-ed25519 eySVIw ki51C627bozYPOrTZvz28kNthpr8ZvzooBux0yyEmHc
+pThFLvfXrgOu9x5jyZMuZP8LJymNb7MQUzT2EnwruiU
+-> ssh-ed25519 ThuR9A 4CDVLXHdYwPqCSGYw22vQMeWpspVNT8zbj6lXmJVBCk
+mYiAD8uCZsxYhjremt3vJ9DTXAqBWhOsAMKEiSHWSzs
+-> ssh-ed25519 LFAtBQ UzVzUenJO9tjF1FJNNuCIs7P37qpZ2WfUO82rkrXABQ
+JkWXo9nJ7+6xiznzpeH2gK7BDpmXYfhO4sLy6iwflOc
+--- syGfKorkGOCg8iY7gGV6UuVq9ePtzTSyvCu9MEqy17k
+o	T÷39VË“ÈÙ™¢áVLç
+‘<>žAK âǪÔiAœâ	OøŽ'

secrets/secrets.nix

@@ -9,6 +9,8 @@ let
   lambda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKluGTi+vGRLU2emYBhTJuEy7Qw0xq1e0Ey7wvU9xYHz";
   nuage = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEtPoZXJKPfSPGYb/H9eWL0tNSpAKM6V/AgeE1Uf2Is6";
   gallifrey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEr9QRD7QTNsAFmuJoX1mFzQ5A2ik1/ogMrvW54JMXeQ";
+  gallifrey_home = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMAa0wll9ildhgPiV0DhgJXXtw3TQr5VkNxxxPspHSbX julien@gallifrey";
+  fisher_home = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIADCpuBL/kSZShtXD6p/Nq9ok4w1DnlSoxToYgdOvUqo julien@telecom";
   akhaten = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII5W1rr+VW2TLLytoTExWg4T14lrdLFkSM4YLfbEIb2g";
   servers = [
     gustave
@@ -106,4 +108,32 @@ in
     tower
     lambda
   ];
+  "dgnum-mail-pw.age".publicKeys = [
+    gallifrey
+    tower
+    fischer
+    gallifrey_home
+    fisher_home
+  ];
+  "work-mail-pw.age".publicKeys = [
+    gallifrey
+    tower
+    fischer
+    gallifrey_home
+    fisher_home
+  ];
+  "telecom-mail-pw.age".publicKeys = [
+    gallifrey
+    tower
+    fischer
+    gallifrey_home
+    fisher_home
+  ];
+  "ens-mail-pw.age".publicKeys = [
+    gallifrey
+    tower
+    fischer
+    gallifrey_home
+    fisher_home
+  ];
 }

secrets/telecom-mail-pw.age

@@ -0,0 +1,14 @@
+age-encryption.org/v1
+-> ssh-ed25519 u3yXZQ kUUnaOHFtg5OFlERbYMS9qyJ6p1jcxborXJWr/FZT1w
+y+a2IzEoRuvwzl7U8TYfQvUhZcHgaHALqyzpHN3XcQ8
+-> ssh-ed25519 AqX2tg exW2CX3Qai32V0cw6TIs1cSPjQVenKu/ZxPTGd9JKQU
+QEz7dXeTUv2SFUdMwSIphT4mVrLc4p9I/6K7UZw6gL4
+-> ssh-ed25519 eySVIw tUhWZPM/2Bj5rKXQbeGRAby3r/w6YttOoHb4UHa2FDU
+M9TG1clNu4sS36SbKvJyv5yAPlYRVqzknax8xqakSnw
+-> ssh-ed25519 ThuR9A 3hagqEkYVpY6KlstIbWEwoqS364+bP84nIGeafnGIlA
+Ix8J2vH5N27JMyrFS7puc7w4o/ncnVCiY93wzRQFqOs
+-> ssh-ed25519 LFAtBQ aymoqg13GB70LePTog97o2TYqP9jj7Xc8FhXUgBxDko
+pci2UrnhzbUMAFQuo7pg1a3Nz4ru33zL5Zov5Ropv48
+--- QDnPy3fW5pTLwpR8Csc9yx/Xj0Jdf1BwxL2moee1M2c
+šgÉ0äÌp 
+AôjÝøÂÈêï­å5ðôûo²ó‡Ç~ˆÆï­(,UÔ¬