Merge branch 'main' of github.com:JulienMalka/nix-config

.sops.yaml

@@ -6,6 +6,7 @@ keys:
   - &lambda age1z5n73rq83mjt6xsmanvgylks5gpmawhqfcz6dtwkc5cu0rlje5js4zzy9s
   - &bin-cache age10d49ptrmad2n7rke6helvmmm86gf06gj9gtfxsh334f3hfr0eewqqa2a7w
   - &core-security age1qedjtr4llnmue2r08ec64mtkl8hpkdsn5mpfh26l3pngmxdm2ymq2tfh80
+  - &enigma age109qksyjgdnf7elnk98dh4vtxt0epju7xjemlqng0j0x75st5zg9qm9h3hy
 creation_rules:
   - path_regex: secrets/[^/]+\.yaml$
     key_groups:
@@ -17,6 +18,7 @@ creation_rules:
       - *lambda 
       - *bin-cache
       - *core-security
+      - *enigma
   - key_groups: 
     - age:
       - *macintosh
@@ -26,3 +28,4 @@ creation_rules:
       - *lambda
       - *bin-cache
       - *core-security
+      - *enigma

flake.lock

@@ -15,11 +15,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1689457600,
-        "narHash": "sha256-1XLn2ZZMaqQx+Ys3eel5hQRkgUn3DeHcVb2JT8WYU0A=",
+        "lastModified": 1692225040,
+        "narHash": "sha256-jbQNvkgWGioiC6S39dZVyn6us8p/DlEvm5hQKEYkzDU=",
         "owner": "zhaofengli",
         "repo": "attic",
-        "rev": "4902d57f5dae8ec660ee9ee14c45c2192f9fe8b1",
+        "rev": "b43d12082e34bceb26038bdad0438fd68804cfcd",
         "type": "github"
       },
       "original": {
@@ -177,22 +177,6 @@
       }
     },
     "flake-compat_4": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1673956053,
-        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "flake-compat_5": {
       "locked": {
         "lastModified": 1688025799,
         "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
@@ -266,11 +250,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1689068808,
-        "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
+        "lastModified": 1692799911,
+        "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
+        "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44",
         "type": "github"
       },
       "original": {
@@ -281,7 +265,7 @@
     },
     "flake-utils_3": {
       "inputs": {
-        "systems": "systems_2"
+        "systems": "systems_3"
       },
       "locked": {
         "lastModified": 1681202837,
@@ -326,11 +310,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1687871164,
-        "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=",
+        "lastModified": 1692099905,
+        "narHash": "sha256-/pSusGhmIdSdAaywQRFA5dVbfdIzlWQTecM+E46+cJ0=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38",
+        "rev": "2a6679aa9cc3872c29ba2a57fe1b71b3e3c5649f",
         "type": "github"
       },
       "original": {
@@ -360,15 +344,16 @@
       "inputs": {
         "hyprland-protocols": "hyprland-protocols",
         "nixpkgs": "nixpkgs_2",
+        "systems": "systems_2",
         "wlroots": "wlroots",
         "xdph": "xdph"
       },
       "locked": {
-        "lastModified": 1690728397,
-        "narHash": "sha256-jq6iXkZDWWOloyr1RoEZUXSZthfm5fRMOTR6plfQ0zE=",
+        "lastModified": 1692871050,
+        "narHash": "sha256-OJ/OkOLFn546rcXmj/3VEGlsPYjdXWAhEmjqdc6re6k=",
         "owner": "hyprwm",
         "repo": "Hyprland",
-        "rev": "08651736ada39f62b246c44c1d8a81e2787f23d5",
+        "rev": "90c03e5bd2204ba6d1a0167c68f65b7a9231bef4",
         "type": "github"
       },
       "original": {
@@ -382,14 +367,18 @@
         "nixpkgs": [
           "hyprland",
           "nixpkgs"
+        ],
+        "systems": [
+          "hyprland",
+          "systems"
         ]
       },
       "locked": {
-        "lastModified": 1684265364,
-        "narHash": "sha256-AxNnWbthsuNx73HDQr0eBxrcE3+yfl/WsaXZqUFmkpQ=",
+        "lastModified": 1691753796,
+        "narHash": "sha256-zOEwiWoXk3j3+EoF3ySUJmberFewWlagvewDRuWYAso=",
         "owner": "hyprwm",
         "repo": "hyprland-protocols",
-        "rev": "8c279b9fb0f2b031427dc5ef4eab53f2ed835530",
+        "rev": "0c2ce70625cb30aef199cb388f99e19a61a6ce03",
         "type": "github"
       },
       "original": {
@@ -403,11 +392,11 @@
         "nixpkgs": "nixpkgs_3"
       },
       "locked": {
-        "lastModified": 1690361100,
-        "narHash": "sha256-e3V2avzF3yY+OBWr5fZ5jTHq6Jm2olnmd95E2jAkyCY=",
+        "lastModified": 1692480535,
+        "narHash": "sha256-3Q0Uz/JPW9USHyAmrzRl6KhZLqMYTWkmtL3RA+oAeVY=",
         "owner": "hyprwm",
         "repo": "hyprpaper",
-        "rev": "9261356bd74fadbc544bec22c16aec62ebba13bd",
+        "rev": "5e73eb60552d48d55541c60f9a8da2b666003fe6",
         "type": "github"
       },
       "original": {
@@ -453,11 +442,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1688227218,
-        "narHash": "sha256-hlZlGblw7PDRlC4dBJVC3hwy+HZbXC+Mq4jbXP94ya4=",
+        "lastModified": 1690994230,
+        "narHash": "sha256-PH6+LEM14Mb7i46KL4zvPxCwL0zC9hTJ3pstdEA/0w4=",
         "owner": "JulienMalka",
         "repo": "Linkal",
-        "rev": "354b464cd6b6263f41b19ba05ab5163d0e8203db",
+        "rev": "8744b00eb819f181842f678bed6c1239f8210618",
         "type": "github"
       },
       "original": {
@@ -467,38 +456,6 @@
         "type": "github"
       }
     },
-    "lowdown-src": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1633514407,
-        "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
-        "owner": "kristapsdz",
-        "repo": "lowdown",
-        "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
-        "type": "github"
-      },
-      "original": {
-        "owner": "kristapsdz",
-        "repo": "lowdown",
-        "type": "github"
-      }
-    },
-    "master": {
-      "locked": {
-        "lastModified": 1692352441,
-        "narHash": "sha256-cRx7uE6BQSW27WvnHqfuR5PIUvRXBftwqCKvRRMQN0w=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "0b1525114a2a9bc8eeee774fec9e7b0f1b1e543c",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "0b1525114a2a9bc8eeee774fec9e7b0f1b1e543c",
-        "type": "github"
-      }
-    },
     "nix-index-database": {
       "inputs": {
         "nixpkgs": [
@@ -506,11 +463,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1690687539,
-        "narHash": "sha256-Lnwz9XKtshm+5OeWqCbj/3tKuKK+DL5tUTdKSRrKBlY=",
+        "lastModified": 1692503351,
+        "narHash": "sha256-FdG0wnizM9mAUgi58KP1tXaX4ogVooPDS6VwsGEqZ9s=",
         "owner": "Mic92",
         "repo": "nix-index-database",
-        "rev": "d74b8171153ae35d7d323a9b1ad6c4cf7a995591",
+        "rev": "4becac130db930e9de8c3fe58bfa245c119b9eeb",
         "type": "github"
       },
       "original": {
@@ -519,28 +476,6 @@
         "type": "github"
       }
     },
-    "nix-rfc-92": {
-      "inputs": {
-        "flake-compat": "flake-compat_4",
-        "lowdown-src": "lowdown-src",
-        "nixpkgs": "nixpkgs_4",
-        "nixpkgs-regression": "nixpkgs-regression"
-      },
-      "locked": {
-        "lastModified": 1689947426,
-        "narHash": "sha256-acY4dEkac3LfE7ukTeJHWqwM0Jc2n5gAi901gOiNKKA=",
-        "owner": "obsidiansystems",
-        "repo": "nix",
-        "rev": "a4e676f1e31182234644fde3e3a823e94d02e163",
-        "type": "github"
-      },
-      "original": {
-        "owner": "obsidiansystems",
-        "ref": "dynamic-drvs",
-        "repo": "nix",
-        "type": "github"
-      }
-    },
     "nixd": {
       "inputs": {
         "flake-parts": "flake-parts_2",
@@ -549,11 +484,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1690773968,
-        "narHash": "sha256-B6WdRGkyzB+6ihe/ar78hy0pTpM6yqpG3ZE6H2VBOTc=",
+        "lastModified": 1692870717,
+        "narHash": "sha256-Ur8+u5Luegsxd3ydH/sfg0WokqC2TLJsGOIpmH7a+6k=",
         "owner": "nix-community",
         "repo": "nixd",
-        "rev": "6b9b50bbe528033443216d2f0f889232304d4f54",
+        "rev": "e06753cc8959c6680bc9a9bd87dccd4067f3e9f6",
         "type": "github"
       },
       "original": {
@@ -564,8 +499,8 @@
     },
     "nixos-apple-silicon": {
       "inputs": {
-        "flake-compat": "flake-compat_5",
-        "nixpkgs": "nixpkgs_5",
+        "flake-compat": "flake-compat_4",
+        "nixpkgs": "nixpkgs_4",
         "rust-overlay": "rust-overlay_3"
       },
       "locked": {
@@ -616,22 +551,6 @@
         "type": "github"
       }
     },
-    "nixpkgs-regression": {
-      "locked": {
-        "lastModified": 1643052045,
-        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
-        "type": "github"
-      }
-    },
     "nixpkgs-stable": {
       "locked": {
         "lastModified": 1678872516,
@@ -650,11 +569,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1690179384,
-        "narHash": "sha256-+arbgqFTAtoeKtepW9wCnA0njCOyoiDFyl0Q0SBSOtE=",
+        "lastModified": 1692638711,
+        "narHash": "sha256-J0LgSFgJVGCC1+j5R2QndadWI1oumusg6hCtYAzLID4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b12803b6d90e2e583429bb79b859ca53c348b39a",
+        "rev": "91a22f76cd1716f9d0149e8a5c68424bb691de15",
         "type": "github"
       },
       "original": {
@@ -681,22 +600,6 @@
       }
     },
     "nixpkgs_4": {
-      "locked": {
-        "lastModified": 1670461440,
-        "narHash": "sha256-jy1LB8HOMKGJEGXgzFRLDU1CBGL0/LlkolgnqIsF0D8=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "04a75b2eecc0acf6239acf9dd04485ff8d14f425",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-22.11-small",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_5": {
       "locked": {
         "lastModified": 1690031011,
         "narHash": "sha256-kzK0P4Smt7CL53YCdZCBbt9uBFFhE0iNvCki20etAf4=",
@@ -712,13 +615,13 @@
         "type": "github"
       }
     },
-    "nixpkgs_6": {
+    "nixpkgs_5": {
       "locked": {
-        "lastModified": 1690630041,
-        "narHash": "sha256-gbnvqm5goS9DSKAqGFpq3398aOpwejmq4qWikqmQyRo=",
+        "lastModified": 1692794066,
+        "narHash": "sha256-H0aG8r16dj0x/Wz6wQhQxc9V7AsObOiHPaKxQgH6Y08=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d57e8c535d4cbb07f441c30988ce52eec69db7a8",
+        "rev": "fc944919f743bb22379dddf18dcb72db6cff84aa",
         "type": "github"
       },
       "original": {
@@ -770,12 +673,10 @@
         "hyprpaper": "hyprpaper",
         "lanzaboote": "lanzaboote",
         "linkal": "linkal",
-        "master": "master",
         "nix-index-database": "nix-index-database",
-        "nix-rfc-92": "nix-rfc-92",
         "nixd": "nixd",
         "nixos-apple-silicon": "nixos-apple-silicon",
-        "nixpkgs": "nixpkgs_6",
+        "nixpkgs": "nixpkgs_5",
         "simple-nixos-mailserver": "simple-nixos-mailserver",
         "sops-nix": "sops-nix",
         "unstable": "unstable"
@@ -887,11 +788,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1690199016,
-        "narHash": "sha256-yTLL72q6aqGmzHq+C3rDp3rIjno7EJZkFLof6Ika7cE=",
+        "lastModified": 1692728678,
+        "narHash": "sha256-02MjG7Sb9k7eOi86CcC4GNWVOjT6gjmXFSqkRjZ8Xyk=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "c36df4fe4bf4bb87759b1891cab21e7a05219500",
+        "rev": "1b7b3a32d65dbcd69c217d7735fdf0a6b2184f45",
         "type": "github"
       },
       "original": {
@@ -932,6 +833,21 @@
       }
     },
     "systems_2": {
+      "locked": {
+        "lastModified": 1689347949,
+        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
+        "owner": "nix-systems",
+        "repo": "default-linux",
+        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default-linux",
+        "type": "github"
+      }
+    },
+    "systems_3": {
       "locked": {
         "lastModified": 1681028828,
         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -948,11 +864,11 @@
     },
     "unstable": {
       "locked": {
-        "lastModified": 1690640159,
-        "narHash": "sha256-5DZUYnkeMOsVb/eqPYb9zns5YsnQXRJRC8Xx/nPMcno=",
+        "lastModified": 1692734709,
+        "narHash": "sha256-SCFnyHCyYjwEmgUsHDDuU0TsbVMKeU1vwkR+r7uS2Rg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e6ab46982debeab9831236869539a507f670a129",
+        "rev": "b85ed9dcbf187b909ef7964774f8847d554fab3b",
         "type": "github"
       },
       "original": {
@@ -966,18 +882,18 @@
       "flake": false,
       "locked": {
         "host": "gitlab.freedesktop.org",
-        "lastModified": 1690165843,
-        "narHash": "sha256-gv5kjss6REeQG0BmvK2gTx7jHLRdCnP25po6It6I6N8=",
+        "lastModified": 1691073628,
+        "narHash": "sha256-LlxE3o3UzRY7APYVLGNKM30DBMcDifCRIQiMVSbYLIc=",
         "owner": "wlroots",
         "repo": "wlroots",
-        "rev": "e8d545a9770a2473db32e0a0bfa757b05d2af4f3",
+        "rev": "c74f89d4f84bfed0284d3908aee5d207698c70c5",
         "type": "gitlab"
       },
       "original": {
         "host": "gitlab.freedesktop.org",
         "owner": "wlroots",
         "repo": "wlroots",
-        "rev": "e8d545a9770a2473db32e0a0bfa757b05d2af4f3",
+        "rev": "c74f89d4f84bfed0284d3908aee5d207698c70c5",
         "type": "gitlab"
       }
     },
@@ -990,14 +906,18 @@
         "nixpkgs": [
           "hyprland",
           "nixpkgs"
+        ],
+        "systems": [
+          "hyprland",
+          "systems"
         ]
       },
       "locked": {
-        "lastModified": 1685385764,
-        "narHash": "sha256-r+XMyOoRXq+hlfjayb+fyi9kq2JK48TrwuNIAXqlj7U=",
+        "lastModified": 1691841170,
+        "narHash": "sha256-RCTm1/MVWYPnReMgyp7tr2ogGYo/pvw38jZaFwemgPU=",
         "owner": "hyprwm",
         "repo": "xdg-desktop-portal-hyprland",
-        "rev": "4d9ff0c17716936e0b5ca577a39e263633901ed1",
+        "rev": "57a3a41ba6b358109e4fc25c6a4706b5f7d93c6b",
         "type": "github"
       },
       "original": {

flake.nix

@@ -17,8 +17,6 @@
 
     unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
 
-    master.url = "github:NixOS/nixpkgs/0b1525114a2a9bc8eeee774fec9e7b0f1b1e543c";
-
     flake-utils.url = "github:numtide/flake-utils";
 
     colmena.url = "github:zhaofengli/colmena";
@@ -65,8 +63,6 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    nix-rfc-92.url = "github:obsidiansystems/nix/dynamic-drvs";
-
     lanzaboote = {
       url = "github:nix-community/lanzaboote/v0.3.0";
       inputs.nixpkgs.follows = "nixpkgs";

home-manager-modules/kitty/default.nix

@@ -12,103 +12,17 @@ with lib;
 
     programs.kitty = {
       enable = true;
-      extraConfig = ''
-        font_family Noto Color Emoji Regular
-        confirm_os_window_close 0
-        font_family Fira Code Regular
-        bold_font Fira Code Retina
-        font_features FiraCode-Regular +zero +ss01 +ss02 +ss03 +ss04 +ss05 +cv31
-        font_features FiraCode-Retina +zero +ss01 +ss02 +ss03 +ss04 +ss05 +cv31
-        font_size 10.0
-        shell_integration no-cursor
-        cursor_shape block
-        cursor_blink_interval 0
-        window_padding_width 4
+      settings = {
+        wayland_titlebar_color = "background";
+        background_opacity = "0.96";
+        shell_integration = "no-cursor";
+      };
+      font = {
+        name = "FiraCode Nerd Font Mono Reg";
+        package = with pkgs; (nerdfonts.override { fonts = [ "FiraCode" ]; });
+      };
+      theme = "Catppuccin-Mocha";
 
-        # Tab Management
-        tab_bar_edge top
-        tab_bar_margin_height 0.0 4.0
-        tab_bar_style powerline
-        tab_bar_min_tabs 2
-        tab_title_template "{index} {tab.active_exe}"
-
-        map ctrl+shift+1 goto_tab 1
-        map ctrl+shift+2 goto_tab 2
-        map ctrl+shift+3 goto_tab 3
-        map ctrl+shift+4 goto_tab 4
-
-        # The basic colors
-        foreground              #CDD6F4
-        background              #11111B
-        selection_foreground    #11111B
-        selection_background    #F5E0DC
-
-        # Cursor colors
-        cursor                  #F5E0DC
-        cursor_text_color       #11111B
-
-        # URL underline color when hovering with mouse
-        url_color               #F5E0DC
-
-        # Kitty window border colors
-        active_border_color     #B4BEFE
-        inactive_border_color   #6C7086
-        bell_border_color       #F9E2AF
-
-        # OS Window titlebar colors
-        wayland_titlebar_color system
-        macos_titlebar_color system
-
-        # Tab bar colors
-        active_tab_foreground   #11111B
-        active_tab_background   #CBA6F7
-        inactive_tab_foreground #CDD6F4
-        inactive_tab_background #181825
-        tab_bar_background      #11111B
-
-        # Colors for marks (marked text in the terminal)
-        mark1_foreground #11111B
-        mark1_background #B4BEFE
-        mark2_foreground #11111B
-        mark2_background #CBA6F7
-        mark3_foreground #11111B
-        mark3_background #74C7EC
-
-        # The 16 terminal colors
-
-        # black
-        color0 #45475A
-        color8 #585B70
-
-        # red
-        color1 #F38BA8
-        color9 #F38BA8
-
-        # green
-        color2  #A6E3A1
-        color10 #A6E3A1
-
-        # yellow
-        color3  #F9E2AF
-        color11 #F9E2AF
-
-        # blue
-        color4  #89B4FA
-        color12 #89B4FA
-
-        # magenta
-        color5  #F5C2E7
-        color13 #F5C2E7
-
-        # cyan
-        color6  #94E2D5
-        color14 #94E2D5
-
-        # white
-        color7  #BAC2DE
-        color15 #A6ADC8
-
-      '';
     };
   };
 }

home-manager-modules/neovim/default.nix

@@ -66,17 +66,6 @@ with lib;
               nix = {
                 command = "nixd";
                 filetypes = [ "nix" ];
-                rootPatterns = [ "flake.nix" ];
-                settings = {
-                  nixd = {
-                    formatting = {
-                      command = "nixpkgs-fmt";
-                    };
-                    options = {
-                      enable = true;
-                    };
-                  };
-                };
               };
 
               ccls = {

home-manager-modules/ssh-client/default.nix

@@ -26,6 +26,28 @@ with lib;
           proxyJump = "router";
         };
 
+        proxy-telecom = {
+          hostname = "ssh.enst.fr";
+          user = "jmalka";
+        };
+
+        lame24 = {
+          hostname = "lame24.enst.fr";
+          user = "jmalka";
+          proxyJump = "proxy-telecom";
+        };
+
+        epyc = {
+          hostname = "epyc.infra.newtype.fr";
+          user = "luj";
+          proxyJump = "tower";
+        };
+
+        exps = {
+          hostname = "192.168.0.240";
+          proxyJump = "router";
+        };
+
       };
     };
   };

lib/default.nix

@@ -5,77 +5,83 @@ with builtins;
 let
   overlay-unstable = arch: final: prev:
     let
-      master-patched-src = (import inputs.master { system = arch; }).applyPatches {
+      nixpkgs-patched-src = (import inputs.nixpkgs { system = arch; }).applyPatches {
         name = "nixpkgs-patches";
-        src = inputs.master;
-        patches = [ ../patches/signal.patch ];
+        src = inputs.nixpkgs;
+        patches = [ ../patches/bcachefs-systemd-stage-1.patch ];
       };
     in
     {
       unstable = inputs.unstable.legacyPackages."${arch}";
-      master-patched = import master-patched-src { system = arch; };
+      nixpkgs-patched = import nixpkgs-patched-src { system = arch; };
       stable = inputs.nixpkgs.legacyPackages."${arch}";
     };
 in
 {
 
-  mkMachine = { host, host-config, modules, nixpkgs ? inputs.nixpkgs, system ? "x86_64-linux", home-manager ? inputs.home-manager }: nixpkgs.lib.nixosSystem {
-    lib = final;
-    system = system;
-    specialArgs = {
-      inherit inputs;
+  mkMachine = { host, host-config, modules, nixpkgs ? inputs.nixpkgs, system ? "x86_64-linux", home-manager ? inputs.home-manager }:
+    let
+      nixpkgs-patched-src = (import nixpkgs { inherit system; }).applyPatches {
+        name = "nixpkgs-patched";
+        src = nixpkgs;
+        patches = [ ../patches/bcachefs-systemd-stage-1.patch ];
+      };
+    in
+    nixpkgs.lib.nixosSystem {
+      lib = final;
+      system = system;
+      specialArgs = {
+        inherit inputs;
+        nixpkgs-patched = nixpkgs-patched-src;
+      };
+      modules = builtins.attrValues modules ++ [
+        ../machines/base.nix
+        inputs.sops-nix.nixosModules.sops
+        host-config
+        home-manager.nixosModules.home-manager
+        inputs.simple-nixos-mailserver.nixosModule
+        inputs.hyprland.nixosModules.default
+        inputs.attic.nixosModules.atticd
+        inputs.lanzaboote.nixosModules.lanzaboote
+        inputs.nix-index-database.nixosModules.nix-index
+        {
+          home-manager.useGlobalPkgs = true;
+          nixpkgs.overlays = [
+            (overlay-unstable system)
+            (final: prev:
+              {
+                hyprland = inputs.hyprland.packages.${system}.default.override {
+                  enableXWayland = true;
+                  nvidiaPatches = false;
+                  legacyRenderer = true;
+                };
+                waybar = prev.waybar.overrideAttrs (oldAttrs: {
+                  mesonFlags = oldAttrs.mesonFlags ++ [ "-Dexperimental=true" ];
+                });
+                tinystatus = prev.pkgs.callPackage ../packages/tinystatus { };
+                jackett = prev.unstable.jackett;
+                radarr = prev.unstable.radarr;
+                flaresolverr = prev.pkgs.callPackage ../packages/flaresolverr { };
+                htpdate = prev.pkgs.callPackage ../packages/htpdate { };
+                authelia = prev.pkgs.callPackage ../packages/authelia { };
+                paperless-ng = prev.pkgs.callPackage ../packages/paperless-ng { };
+                tailscale = prev.unstable.tailscale;
+                nodePackages = prev.unstable.nodePackages;
+                hydrasect = prev.pkgs.callPackage ../packages/hydrasect { };
+                linkal = inputs.linkal.defaultPackage."${system}";
+                mosh = prev.unstable.mosh;
+                hyprpaper = inputs.hyprpaper.packages.${system}.default;
+                attic = inputs.attic.packages.${system}.default;
+                colmena = inputs.colmena.packages.${system}.colmena;
+                nixd = inputs.nixd.packages.${system}.default;
+                keycloak-keywind = prev.pkgs.callPackage ../packages/keycloak-keywind { };
+                nix-rfc-92 = inputs.nix-rfc-92.packages.${system}.default;
+              })
+          ];
+        }
+      ];
+      extraModules = [ inputs.colmena.nixosModules.deploymentOptions ];
     };
-    modules = builtins.attrValues modules ++ [
-      ../machines/base.nix
-      inputs.sops-nix.nixosModules.sops
-      host-config
-      home-manager.nixosModules.home-manager
-      inputs.simple-nixos-mailserver.nixosModule
-      inputs.hyprland.nixosModules.default
-      inputs.attic.nixosModules.atticd
-      inputs.lanzaboote.nixosModules.lanzaboote
-      inputs.nix-index-database.nixosModules.nix-index
-      {
-        home-manager.useGlobalPkgs = true;
-        nixpkgs.overlays = [
-          (overlay-unstable system)
-          (final: prev:
-            {
-              hyprland = inputs.hyprland.packages.${system}.default.override {
-                enableXWayland = true;
-                hidpiXWayland = true;
-                nvidiaPatches = false;
-                legacyRenderer = true;
-              };
-              waybar = prev.waybar.overrideAttrs (oldAttrs: {
-                mesonFlags = oldAttrs.mesonFlags ++ [ "-Dexperimental=true" ];
-              });
-              tinystatus = prev.pkgs.callPackage ../packages/tinystatus { };
-              zotero = prev.pkgs.callPackage ../packages/zotero { };
-              jackett = prev.unstable.jackett;
-              radarr = prev.unstable.radarr;
-              flaresolverr = prev.pkgs.callPackage ../packages/flaresolverr { };
-              htpdate = prev.pkgs.callPackage ../packages/htpdate { };
-              authelia = prev.pkgs.callPackage ../packages/authelia { };
-              paperless-ng = prev.pkgs.callPackage ../packages/paperless-ng { };
-              tailscale = prev.unstable.tailscale;
-              nodePackages = prev.unstable.nodePackages;
-              hydrasect = prev.pkgs.callPackage ../packages/hydrasect { };
-              uptime-kuma = prev.pkgs.callPackage ../packages/uptime-kuma { };
-              linkal = inputs.linkal.defaultPackage."${system}";
-              mosh = prev.unstable.mosh;
-              hyprpaper = inputs.hyprpaper.packages.${system}.default;
-              attic = inputs.attic.packages.${system}.default;
-              colmena = inputs.colmena.packages.${system}.colmena;
-              nixd = inputs.nixd.packages.${system}.default;
-              keycloak-keywind = prev.pkgs.callPackage ../packages/keycloak-keywind { };
-              nix-rfc-92 = inputs.nix-rfc-92.packages.${system}.default;
-            })
-        ];
-      }
-    ];
-    extraModules = [ inputs.colmena.nixosModules.deploymentOptions ];
-  };
 
   importConfig = path: (mapAttrs (name: value: import (path + "/${name}/default.nix")) (final.filterAttrs (_: v: v == "directory") (readDir path)));
 

lib/luj.nix

@@ -47,6 +47,11 @@ inputs: lib: with lib; let
             nixpkgs_version = inputs.nixpkgs;
             hm_version = inputs.home-manager;
           };
+	  enigma = {
+		arch = "aarch64-linux";
+		nixpkgs_version = inputs.nixpkgs;
+                hm_version = inputs.home-manager;
+		};
           lambda = {
             inherit tld;
             arch = "aarch64-linux";

machines/enigma/default.nix

@@ -0,0 +1,144 @@
+{ config, pkgs, lib, inputs, ... }:
+
+{
+  imports =
+    [
+      ./hardware.nix
+      ./home-julien.nix
+      ../../users/julien.nix
+      ../../users/default.nix
+    ];
+
+  networking.hostName = "enigma";
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+
+  services.gnome.gnome-browser-connector.enable = true;
+
+  services.tailscale.enable = true;
+  networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
+
+  networking.networkmanager.dns = "systemd-resolved";
+  services.resolved.enable = true;
+
+
+  security.pam.loginLimits = [{
+    domain = "*";
+    type = "-";
+    item = "nofile";
+    value = "262144";
+  }];
+
+
+  services.xserver.enable = true;
+
+  services.xserver.displayManager.gdm.enable = true;
+  services.xserver.desktopManager.gnome.enable = true;
+
+  # Enable OpenGL
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    #    driSupport32Bit = true;
+  };
+
+  # Load nvidia driver for Xorg and Wayland
+  services.xserver.videoDrivers = [ "nvidia" ];
+
+  hardware.nvidia = {
+
+    # Modesetting is required.
+    modesetting.enable = true;
+
+    # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
+    powerManagement.enable = false;
+    # Fine-grained power management. Turns off GPU when not in use.
+    # Experimental and only works on modern Nvidia GPUs (Turing or newer).
+    powerManagement.finegrained = false;
+
+    # Use the NVidia open source kernel module (not to be confused with the
+    # independent third-party "nouveau" open source driver).
+    # Support is limited to the Turing and later architectures. Full list of 
+    # supported GPUs is at: 
+    # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus 
+    # Only available from driver 515.43.04+
+    # Do not disable this unless your GPU is unsupported or if you have a good reason to.
+    open = true;
+
+    # Enable the Nvidia settings menu,
+    # accessible via `nvidia-settings`.
+    nvidiaSettings = true;
+
+    # Optionally, you may need to select the appropriate driver version for your specific GPU.
+    package = config.boot.kernelPackages.nvidiaPackages.beta;
+  };
+
+
+  boot.initrd.kernelModules = [ "nvidia" ];
+  boot.extraModulePackages = [ config.boot.kernelPackages.nvidia_x11 ];
+
+  services.spotifyd = {
+    enable = true;
+    settings = {
+      global = {
+        username = "julienmalka@icloud.com";
+        password_cmd = "cat /root/spotify_pw";
+        use_mpris = false;
+      };
+    };
+  };
+
+  systemd.services.spotifyd.serviceConfig.DynamicUser = lib.mkForce false;
+
+  programs.xwayland.enable = true;
+
+  time.timeZone = "Europe/Paris";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    useXkbConfig = true; # use xkbOptions in tty.
+  };
+
+  programs.dconf.enable = true;
+
+  security.polkit.enable = true;
+
+  nix = {
+    package = lib.mkForce pkgs.nix;
+    distributedBuilds = true;
+    buildMachines = [
+      {
+        hostName = "epyc.infra.newtype.fr";
+        maxJobs = 100;
+        systems = [ "x86_64-linux" ];
+        sshUser = "root";
+        sshKey = "/home/julien/.ssh/id_ed25519";
+        speedFactor = 2;
+      }
+    ];
+  };
+
+
+
+  environment.systemPackages = with pkgs; [
+    tailscale
+    brightnessctl
+    sbctl
+    ddcutil
+  ];
+
+  services.printing.enable = true;
+  services.avahi.enable = true;
+  services.avahi.nssmdns = true;
+  # for a WiFi printer
+  services.avahi.openFirewall = true;
+
+  system.stateVersion = "23.05";
+
+}
+
+
+

machines/enigma/hardware.nix

@@ -0,0 +1,39 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "usbhid" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/7ae035c9-89b2-46d4-8bf7-5630388f73e9";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/FC3A-33B4";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/fad463ac-98c9-43c4-a153-7a3bf89c97dc"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enP5p1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+}

machines/enigma/home-julien.nix

@@ -0,0 +1,86 @@
+{ pkgs, lib, config, inputs, ... }:
+{
+
+  luj.hmgr.julien =
+    {
+      home.stateVersion = "23.05";
+      luj.programs.neovim.enable = true;
+      luj.programs.ssh-client.enable = true;
+      luj.programs.git.enable = true;
+      luj.programs.gtk.enable = true;
+      luj.programs.kitty.enable = true;
+      luj.emails.enable = true;
+
+      programs.rofi = {
+        enable = true;
+        package = pkgs.rofi-wayland;
+        font = "Fira Font";
+        theme = "DarkBlue";
+      };
+
+      programs.direnv = {
+        enable = true;
+        enableFishIntegration = true;
+        nix-direnv.enable = true;
+      };
+
+      dconf.settings = {
+        "org/gnome/desktop/input-sources" = {
+          sources = [ (inputs.home-manager.lib.hm.gvariant.mkTuple [ "xkb" "fr" ]) ];
+          xkb-options = [ ];
+        };
+      };
+      home.packages = with pkgs;
+        [
+          du-dust
+          kitty
+          jq
+          lazygit
+          fira-code
+          feh
+          meld
+          vlc
+          stable.nerdfonts
+          libreoffice
+          font-awesome
+          nodejs
+          neomutt
+          htop
+          evince
+          mosh
+          obsidian
+          zotero
+          flameshot
+          albert
+          kitty
+          networkmanagerapplet
+          element-desktop
+          xdg-utils
+          onagre
+          sops
+          step-cli
+          scli
+          spotify-tui
+          jftui
+          texlive.combined.scheme-full
+        ];
+
+      fonts.fontconfig.enable = true;
+
+      programs.firefox = {
+        enable = true;
+        package = pkgs.firefox-beta;
+      };
+
+      home.keyboard = {
+        layout = "fr";
+      };
+
+      services.dunst = {
+        enable = true;
+      };
+
+    };
+
+
+}

machines/x2100/default.nix

@@ -1,20 +1,44 @@
-{ config, pkgs, lib, inputs, ... }:
+{ config, pkgs, lib, inputs, nixpkgs-patched, ... }:
 
 {
   imports =
     [
-      # Include the results of the hardware scan.
       ./hardware.nix
       ./home-julien.nix
       ../../users/julien.nix
       ../../users/default.nix
+      "${nixpkgs-patched}/nixos/modules/tasks/filesystems/bcachefs.nix"
     ];
 
+
+  disabledModules = [ "tasks/filesystems/bcachefs.nix" ];
+
+  boot.initrd.systemd.enable = true;
+
+
   boot.loader.systemd-boot.enable = lib.mkForce false;
   boot.lanzaboote = {
     enable = true;
     pkiBundle = "/etc/secureboot";
   };
+  #boot.initrd.systemd.enable = true;
+  sound.enable = true;
+  #hardware.pulseaudio.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    # If you want to use JACK applications, uncomment this
+    #jack.enable = true;
+
+    # use the example session manager (no others are packaged yet so this is enabled by default,
+    # no need to redefine it in your config for now)
+    #media-session.enable = true;
+    wireplumber.enable = true;
+
+  };
+
 
   networking.hostName = "x2100";
 
@@ -59,10 +83,18 @@
 
   services.tlp.enable = true;
 
+  security.tpm2.enable = true;
+  security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
+  security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
+  users.users.julien.extraGroups = [ "tss" ]; # tss group has access to TPM devices
+
+  hardware.bluetooth.enable = true;
+
   environment.systemPackages = with pkgs; [
     tailscale
     brightnessctl
     sbctl
+    wl-mirror
   ];
 
   services.printing.enable = true;

machines/x2100/home-julien.nix

@@ -47,6 +47,7 @@
           feh
           meld
           vlc
+          jftui
           stable.nerdfonts
           libreoffice
           font-awesome
@@ -65,8 +66,10 @@
           sops
           step-cli
           coq
+          gh
+          gh-dash
           cvc5
-          master-patched.signal-desktop-beta
+          nixpkgs-patched.signal-desktop-beta
           coqPackages.coqide
           (why3.withProvers
             [

packages/uptime-kuma/.npmrc

@@ -1 +0,0 @@
-legacy-peer-deps=true

packages/uptime-kuma/default.nix

@@ -1,45 +0,0 @@
-{ pkgs, lib, fetchFromGitHub, buildNpmPackage, python3, nodejs, nixosTests }:
-
-buildNpmPackage rec {
-  pname = "uptime-kuma";
-  version = "1.21.2";
-
-  src = fetchFromGitHub {
-    owner = "louislam";
-    repo = "uptime-kuma";
-    rev = version;
-    sha256 = "sha256-Xu5mTerhLjOMnLXhjCdnw4yaznfta3h3D9VGk12JziE=";
-  };
-
-  npmDepsHash = "sha256-J00sLDfUOIy/ZJTqKrMY1dAyE3HY9Cqm9vTEm2lmLoY=";
-
-  patches = [
-    # Fixes the permissions of the database being not set correctly
-    # See https://github.com/louislam/uptime-kuma/pull/2119
-    ./fix-database-permissions.patch
-  ];
-
-  nativeBuildInputs = [ python3 ];
-
-  CYPRESS_INSTALL_BINARY = 0; # Stops Cypress from trying to download binaries
-
-  postInstall = ''
-    cp -r dist $out/lib/node_modules/uptime-kuma/
-  '';
-
-  postFixup = ''
-    makeWrapper ${nodejs}/bin/node $out/bin/uptime-kuma-server \
-      --add-flags $out/lib/node_modules/uptime-kuma/server/server.js \
-      --chdir $out/lib/node_modules/uptime-kuma
-  '';
-
-  passthru.tests.uptime-kuma = nixosTests.uptime-kuma;
-
-  meta = with lib; {
-    description = "A fancy self-hosted monitoring tool";
-    homepage = "https://github.com/louislam/uptime-kuma";
-    changelog = "https://github.com/louislam/uptime-kuma/releases/tag/${version}";
-    license = licenses.mit;
-    maintainers = with maintainers; [ julienmalka ];
-  };
-}

packages/uptime-kuma/fix-database-permissions.patch

@@ -1,12 +0,0 @@
-diff --git a/server/server.js b/server/server.js
-index 0c9a45e6..cec31c7c 100644
---- a/server/server.js
-+++ b/server/server.js
-@@ -1583,6 +1583,7 @@ async function initDatabase(testMode = false) {
-     if (! fs.existsSync(Database.path)) {
-         log.info("server", "Copying Database");
-         fs.copyFileSync(Database.templatePath, Database.path);
-+        fs.chmodSync(Database.path, 0o640);
-     }
-
-     log.info("server", "Connecting to the Database");

packages/zotero/default.nix

@@ -1,385 +0,0 @@
-{ lib
-, stdenv
-, buildNpmPackage
-, fetchFromGitHub
-, fetchzip
-, fetchurl
-, firefox-esr-102-unwrapped
-, makeWrapper
-, makeDesktopItem
-, python3
-, unzip
-, zip
-, perl
-, rsync
-, wrapGAppsHook
-, gsettings-desktop-schemas
-, glib
-, gtk3
-, gnome
-, dconf
-}:
-
-let
-  pname = "zotero-dev";
-  version = "7.0.0";
-  rev = "096a3c5f2f57fffdecf001981129e13a1791ad89";
-
-  meta = with lib; {
-    description = "Zotero is a free, easy-to-use tool to help you collect, organize, cite, and share your research sources";
-    homepage = "https://github.com/zotero/zotero";
-    license = licenses.agpl3Only;
-    maintainers = with maintainers; [ camillemndn ];
-    platforms = platforms.all;
-  };
-
-  pdftools = let pdftools-version = "0.0.5"; in
-    fetchzip {
-      url = "https://zotero-download.s3.amazonaws.com/pdftools/pdftools-${pdftools-version}.tar.gz";
-      hash = "sha256-cvd0cJcuhSd2BTgRc5mz0bP9DakEKG/LK2onKOhes04=";
-      stripRoot = false;
-    };
-
-  zotero-client =
-    let
-      src = fetchFromGitHub {
-        owner = "zotero";
-        repo = "zotero";
-        inherit rev;
-        hash = "sha256-XGpk2CYgdaFCJJJc2XhW2fVD+dbACUkGClgwLoNMOoM=";
-        fetchSubmodules = true;
-      };
-
-      npmFlags = [ "--legacy-peer-deps" ];
-      NODE_OPTIONS = "--openssl-legacy-provider";
-
-      single-file = buildNpmPackage {
-        pname = "${pname}-single-file";
-        src = fetchFromGitHub {
-          owner = "gildas-lormeau";
-          repo = "SingleFile";
-          rev = "999976a20afb51a18da4abb42f434eac99796e84";
-          hash = "sha256-fHKVn9DTwshfBXf0nxCk0MLY1fEiQXD/SZPG1bICHo8=";
-        };
-        inherit version npmFlags NODE_OPTIONS meta;
-        npmDepsHash = "sha256-L4LuD7n8c42TPpbLWuJzeM27xcsXVdBnMTqNvRZMdz8=";
-        dontNpmBuild = true;
-      };
-
-      xpcom-utilities = buildNpmPackage {
-        pname = "${pname}-xpcom-utilities";
-        src = fetchFromGitHub {
-          owner = "zotero";
-          repo = "utilities";
-          rev = "b93f16dba483891c0ab4627cbaa303de5c7fa0c0";
-          hash = "sha256-Oz3h6aGorAm+Y5JZSclfz40YRj+uSPW2a5jgQWszLsk=";
-        };
-        inherit version npmFlags NODE_OPTIONS meta;
-        npmDepsHash = "sha256-tWDADhAeXG0HSvFnpdGOya3CjSb0i2aR3E1Y3r1J81o=";
-        dontNpmBuild = true;
-      };
-
-      note-editor = buildNpmPackage {
-        pname = "${pname}-note-editor";
-        src = fetchFromGitHub {
-          owner = "zotero";
-          repo = "note-editor";
-          rev = "076f5b3d3609051b9cba3cd68c4bb22746187834";
-          hash = "sha256-ZDmb3DQttftfS4w5+HlkTXRxhRYftBh1bm6MI+RBvII=";
-        };
-        inherit version npmFlags NODE_OPTIONS meta;
-        npmDepsHash = "sha256-yu2s4V2hB07eS0INVxQXU7YeWYmR3p4JPxKWuCK3Iys=";
-
-        postInstall = ''
-          cp -r build $out/lib/node_modules/zotero-note-editor/build
-        '';
-      };
-
-      translators = buildNpmPackage {
-        pname = "${pname}-translators";
-        src = fetchFromGitHub {
-          owner = "zotero";
-          repo = "translators";
-          rev = "3a9544d7b0b6fdcb6cdcbc8c08392f91d20d99b4";
-          hash = "sha256-XX1iBjuaFpmtkKTHuFPTtZOcFZk+oF8C8d2DPnENjV4=";
-        };
-        inherit version npmFlags NODE_OPTIONS meta;
-        npmDepsHash = "sha256-WDMOsklYKIurQw80Yh/mYQ9xmcHo3Yfkjj5+btqeie0=";
-
-        postPatch = ''
-          rm package-lock.json
-          cp ${./translator-lock.json} package-lock.json
-          sed -i '/eslint-plugin-zotero-translator/d' package.json
-          echo "chromedriver_skip_download=true" >> .npmrc  
-        '';
-
-        dontNpmBuild = true;
-      };
-
-      pdf-reader-pdfjs = buildNpmPackage {
-        pname = "${pname}-pdf-reader-pdfjs";
-        src = fetchFromGitHub {
-          owner = "zotero";
-          repo = "pdf.js";
-          rev = "336247a15be77f2e253599f810a8cda107171566";
-          hash = "sha256-GBEBTyFMh+zi0KiHLNGfZi/XW9mhm3x0uCJkA7ml7mk=";
-        };
-        inherit version npmFlags NODE_OPTIONS meta;
-        npmDepsHash = "sha256-9e90iIKwWyBq68q/CKn+7laJwPFtJaZtblcWpIEDSXw=";
-        makeCacheWritable = true;
-
-        postPatch = ''
-          sed -i '/"name": "pdf.js"/a "version": "1.0.0",' package.json
-          sed -i '/"name": "pdf.js"/a "version": "1.0.0",' package-lock.json
-        '';
-
-        #dontNpmBuild = true;
-
-        buildPhase = ''
-          node_modules/.bin/gulp generic
-        '';
-
-        postInstall = ''
-          cp -r build $out/lib/node_modules/pdf.js/build
-        '';
-      };
-
-      pdf-worker-pdfjs = buildNpmPackage {
-        pname = "${pname}-pdf-worker-pdfjs";
-        src = fetchFromGitHub {
-          owner = "zotero";
-          repo = "pdf.js";
-          rev = "e198a17afc6f56e0a9d48b07e42ec80645a7a0a8";
-          hash = "sha256-FlKII11oPMPka+96Wo9ZjBuNp40i3OMuvlNz8X/r0Lw=";
-        };
-        inherit version npmFlags NODE_OPTIONS meta;
-        npmDepsHash = "sha256-9e90iIKwWyBq68q/CKn+7laJwPFtJaZtblcWpIEDSXw=";
-        makeCacheWritable = true;
-
-        postPatch = ''
-          sed -i '/"name": "pdf.js"/a "version": "1.0.0",' package.json
-          sed -i '/"name": "pdf.js"/a "version": "1.0.0",' package-lock.json
-        '';
-
-        #dontNpmBuild = true;
-
-        buildPhase = ''
-          node_modules/.bin/gulp lib 
-        '';
-
-        postInstall = ''
-          cp -r build $out/lib/node_modules/pdf.js/build
-        '';
-      };
-
-      pdf-reader = buildNpmPackage {
-        pname = "${pname}-pdf-reader";
-        src = fetchFromGitHub {
-          owner = "zotero";
-          repo = "pdf-reader";
-          rev = "3b7f54727fdd8f238281a555988ada4615679b9c";
-          hash = "sha256-Y49bT08Z9ESK3yVkRQT67oU9jygr5xblHgUiX/SwyLE=";
-        };
-        inherit version npmFlags NODE_OPTIONS meta;
-        npmDepsHash = "sha256-tDr2WLnpltWPrlF21M8G/We4zzAXBp4px5xceOVLbhQ=";
-
-        postPatch = ''
-          sed -i 's/npx gulp/#npx gulp/g' scripts/build-pdfjs
-          sed -i 's/npm ci/#npm ci/g' scripts/build-pdfjs
-        '';
-
-        buildPhase = ''
-          rm -rf pdf.js 
-          cp -Lr ${pdf-reader-pdfjs}/lib/node_modules/pdf.js pdf.js
-        '';
-
-        preInstall = ''
-          mkdir -p $out/lib/node_modules/pdf-reader
-          cp -r node_modules $out/lib/node_modules/pdf-reader/node_modules
-        '';
-      };
-
-      pdf-worker = buildNpmPackage {
-        pname = "${pname}-pdf-worker";
-        src = fetchFromGitHub {
-          owner = "zotero";
-          repo = "pdf-worker";
-          rev = "582f5d6cf91c5f09fc7898c3eced0ad32cbfccb1";
-          hash = "sha256-y1nEYGbtZzsc1Hn9B/Cvom3f7+OsYgwOuWFfp5U4gjc=";
-        };
-        inherit version npmFlags NODE_OPTIONS meta;
-        npmDepsHash = "sha256-rO/P7/22erxNeOpR8ph7taKyCeOEG9+U06oOfmPSa3w=";
-
-        postPatch = ''
-          sed -i 's/npx gulp/#npx gulp/g' scripts/build-pdfjs
-          sed -i 's/npm ci/#npm ci/g' scripts/build-pdfjs
-        '';
-
-        buildPhase = ''
-          rm -rf pdf.js 
-          cp -Lr ${pdf-worker-pdfjs}/lib/node_modules/pdf.js pdf.js
-        '';
-
-        preInstall = ''
-          mkdir -p $out/lib/node_modules/pdf-worker
-          cp -r node_modules $out/lib/node_modules/pdf-worker/node_modules
-        '';
-      };
-    in
-    buildNpmPackage {
-      pname = "${pname}-client";
-      inherit src version npmFlags NODE_OPTIONS meta;
-      npmDepsHash = "sha256-b9MCHtt4Ewpt/prEMKtzSbLv3xnP2lnhclu4xDh1QGQ=";
-      nativeBuildInputs = [ rsync ];
-
-      postPatch = ''
-        rm -rf resource/SingleFile 
-        cp -Lr ${single-file}/lib/node_modules/single-file resource/SingleFile
-
-        rm -rf chrome/content/zotero/xpcom/utilities
-        cp -Lr ${xpcom-utilities}/lib/node_modules/@zotero/utilities chrome/content/zotero/xpcom/utilities 
-
-        rm -rf pdf-reader 
-        cp -r ${pdf-reader}/lib/node_modules/pdf-reader pdf-reader
-
-        rm -rf pdf-worker
-        cp -r ${pdf-worker}/lib/node_modules/pdf-worker pdf-worker
-
-        chmod +w . -R
-        
-        (
-          cd pdf-reader
-          rm -rf pdf.js 
-          cp -Lr ${pdf-reader-pdfjs}/lib/node_modules/pdf.js pdf.js
-        )
-        (
-          cd pdf-worker
-          rm -rf pdf.js 
-          cp -Lr ${pdf-worker-pdfjs}/lib/node_modules/pdf.js pdf.js
-        )
-
-        rm -rf translators 
-        cp -Lr ${translators}/lib/node_modules/translators-check translators 
-
-        rm -rf note-editor
-        cp -Lr ${note-editor}/lib/node_modules/zotero-note-editor note-editor
-
-        chmod +w . -R
-
-        find scripts -type f | xargs sed -i 's/npm ci/#npm ci/g'
-        find scripts -type f | xargs sed -i 's/git/#git/g'
-
-        sed -i 's/npm run build/#npm run build/g' scripts/note-editor.js
-      '';
-
-      installPhase = ''
-        mkdir $out
-        cp -r . $out
-      '';
-    };
-
-  zotero-build = stdenv.mkDerivation {
-    pname = "${pname}-build";
-    inherit version meta;
-    src = fetchFromGitHub {
-      owner = "zotero";
-      repo = "zotero-build";
-      rev = "00e854c6588f329b714250e450f4f7f663aa0222";
-      hash = "sha256-Gvt37jObgSQ10GBYjnCLu5XbUAy3oVTkWPvHbhLF+fw=";
-      fetchSubmodules = true;
-    };
-
-    postPatch = ''
-      sed -i -E "/-aL/a '--chmod=Du=rwx'," xpi/build_xpi
-      #sed -i 's/-aL/-L/' xpi/build_xpi
-    '';
-
-    buildInputs = [ python3 rsync perl ];
-
-    buildPhase = ''
-      python3 xpi/build_xpi -s ${zotero-client}/build -c source -m ${rev}
-    '';
-
-    installPhase = ''
-      mkdir $out
-      cp -r . $out
-    '';
-  };
-
-in
-
-stdenv.mkDerivation {
-  inherit pname version meta;
-
-  src = fetchFromGitHub {
-    owner = "zotero";
-    repo = "zotero-standalone-build";
-    rev = "e9ef6bf21d39cc66f1edefdd5b7429bbaf0c5247";
-    hash = "sha256-NcnbqCN6Pti2KuVX79QLrTk2V/3sMxMrbgRzSTluOtM=";
-    fetchSubmodules = true;
-  };
-
-  patches = [ ./fetchxul.patch ];
-
-  postPatch = ''
-    patchShebangs .
-
-    sed -i 's|LINUX_i686_RUNTIME_PATH=.*|LINUX_i686_RUNTIME_PATH="$DIR/xulrunner/firefox"|' config.sh
-    sed -i 's|LINUX_x86_64_RUNTIME_PATH=.*|LINUX_x86_64_RUNTIME_PATH="$DIR/xulrunner/firefox"|' config.sh
-    sed -i 's|ZOTERO_SOURCE_DIR=.*|ZOTERO_SOURCE_DIR="${zotero-client}"|' config.sh
-    sed -i 's|ZOTERO_BUILD_DIR=.*|ZOTERO_BUILD_DIR="${zotero-build}"|' config.sh
-
-    sed -i -E 's|(.*hash=).*|\1${rev}|' scripts/dir_build
-    sed -i '/build_xpi/d' scripts/dir_build
-
-    sed -i -E 's|(rsync -a.*)|\1; chmod -R +w $BUILD_DIR|' build.sh 
-    #sed -i 's|MaxVersion=.*|MaxVersion=111.0|' assets/application.ini 
-  '';
-
-  nativeBuildInputs = [ makeWrapper python3 unzip zip perl rsync wrapGAppsHook ];
-  buildInputs = [ gsettings-desktop-schemas glib gtk3 gnome.adwaita-icon-theme dconf ];
-  configurePhase = ''
-    mkdir xulrunner
-    cp -Lr ${firefox-esr-102-unwrapped}/lib/firefox xulrunner
-    chmod -R +w xulrunner
-
-    cp -Lr ${pdftools} pdftools
-    chmod -R +w pdftools 
-
-    ./fetch_xulrunner.sh -p l
-  '';
-
-  buildPhase = ''
-    chmod -R +w /build
-    scripts/dir_build -p l
-  '';
-
-  installPhase =
-    let
-      desktopItem = makeDesktopItem {
-        name = "${pname}-${version}";
-        exec = "${pname} -url %U";
-        icon = "zotero";
-        comment = meta.description;
-        desktopName = "Zotero";
-        genericName = "Reference Management";
-        categories = [ "Office" "Database" ];
-        startupNotify = true;
-        mimeTypes = [ "x-scheme-handler/zotero" "text/plain" ];
-      };
-    in
-    ''
-      mkdir -p $out/bin
-      cp -Lr staging/Zotero_linux $out/lib
-
-      mkdir -p $out/share/applications
-      cp ${desktopItem}/share/applications/* $out/share/applications/
-      for size in 16 32 48 256; do
-        install -Dm444 staging/Zotero_linux/chrome/icons/default/default$size.png \
-          $out/share/icons/hicolor/''${size}x''${size}/apps/zotero.png
-      done
-
-      makeWrapper "$out/lib/zotero" "$out/bin/${pname}" \
-        --set-default MOZ_ENABLE_WAYLAND 1
-    '';
-}

packages/zotero/fetchxul.patch

@@ -1,145 +0,0 @@
-diff --git a/build.sh b/build.sh
-index a86a4d3..dd7f7d8 100755
---- a/build.sh
-+++ b/build.sh
-@@ -50,6 +50,7 @@ DONE
- 
- BUILD_DIR=`mktemp -d`
- function cleanup {
-+	chmod -R +w .
- 	rm -rf $BUILD_DIR
- }
- trap cleanup EXIT
-@@ -138,7 +139,7 @@ BUILD_ID=`date +%Y%m%d%H%M%S`
- # Paths to Gecko runtimes
- MAC_RUNTIME_PATH="$CALLDIR/xulrunner/Firefox.app"
- WIN_RUNTIME_PATH_PREFIX="$CALLDIR/xulrunner/firefox-"
--LINUX_RUNTIME_PATH_PREFIX="$CALLDIR/xulrunner/firefox-"
-+LINUX_RUNTIME_PATH_PREFIX="$CALLDIR/xulrunner/firefox"
- 
- base_dir="$BUILD_DIR/base"
- app_dir="$BUILD_DIR/base/app"
-@@ -167,10 +168,11 @@ elif [ $BUILD_WIN == 1 ]; then
- 	cp -Rp "${WIN_RUNTIME_PATH_PREFIX}win64"/browser/omni "$app_dir"
- elif [ $BUILD_LINUX == 1 ]; then
- 	# Non-arch-specific files, so just use 64-bit version
--	cp -Rp "${LINUX_RUNTIME_PATH_PREFIX}x86_64"/browser/omni "$app_dir"
-+	cp -Rp "${LINUX_RUNTIME_PATH_PREFIX}"/browser/omni "$app_dir"
- fi
- set -e
- cd $omni_dir
-+chmod -R +w .
- # Move some Firefox files that would be overwritten out of the way
- mv chrome.manifest chrome.manifest-fx
- mv components components-fx
-@@ -372,7 +374,7 @@ fi
- 
- mv omni.ja ..
- cd "$CALLDIR"
--rm -rf "$omni_dir"
-+#rm -rf "$omni_dir"
- 
- # Copy updater.ini
- cp "$CALLDIR/assets/updater.ini" "$base_dir"
-@@ -794,12 +796,12 @@ fi
- 
- # Linux
- if [ $BUILD_LINUX == 1 ]; then
--	for arch in "i686" "x86_64"; do
-+	for arch in ""; do
- 		runtime_path="${LINUX_RUNTIME_PATH_PREFIX}${arch}"
- 		
- 		# Set up directory
--		echo 'Building Zotero_linux-'$arch
--		APPDIR="$STAGE_DIR/Zotero_linux-$arch"
-+		echo 'Building Zotero_linux'
-+		APPDIR="$STAGE_DIR/Zotero_linux"
- 		rm -rf "$APPDIR"
- 		mkdir "$APPDIR"
- 		
-@@ -815,11 +817,11 @@ if [ $BUILD_LINUX == 1 ]; then
- 		cp "$CALLDIR/linux/set_launcher_icon" "$APPDIR"
- 		
- 		# Use our own updater, because Mozilla's requires updates signed by Mozilla
--		cp "$CALLDIR/linux/updater-$arch" "$APPDIR"/updater
-+		#cp "$CALLDIR/linux/updater$arch" "$APPDIR"/updater
- 
- 		# Copy PDF tools and data
--		cp "$CALLDIR/pdftools/pdftotext-linux-$arch" "$APPDIR/pdftotext"
--		cp "$CALLDIR/pdftools/pdfinfo-linux-$arch" "$APPDIR/pdfinfo"
-+		#cp "$CALLDIR/pdftools/pdftotext-linux-$arch" "$APPDIR/pdftotext"
-+		#cp "$CALLDIR/pdftools/pdfinfo-linux-$arch" "$APPDIR/pdfinfo"
- 		cp -R "$CALLDIR/pdftools/poppler-data" "$APPDIR/"
- 		
- 		# Copy app files
-@@ -828,7 +830,8 @@ if [ $BUILD_LINUX == 1 ]; then
- 		# Add word processor plug-ins
- 		mkdir "$APPDIR/integration"
- 		cp -RH "$CALLDIR/modules/zotero-libreoffice-integration/install" "$APPDIR/integration/libreoffice"
--		
-+		chmod -R +w "$APPDIR"
-+
- 		# Delete extraneous files
- 		find "$APPDIR" -depth -type d -name .git -exec rm -rf {} \;
- 		find "$APPDIR" \( -name .DS_Store -or -name update.rdf \) -exec rm -f {} \;
-@@ -841,5 +844,5 @@ if [ $BUILD_LINUX == 1 ]; then
- 		fi
- 	done
- fi
--
-+chmod -R +w $BUILD_DIR
- rm -rf $BUILD_DIR
-diff --git a/fetch_xulrunner.sh b/fetch_xulrunner.sh
-index bbaf7b4..5da8a9b 100755
---- a/fetch_xulrunner.sh
-+++ b/fetch_xulrunner.sh
-@@ -115,14 +115,6 @@ function modify_omni {
- 	replace_line 'MOZ_UPDATE_CHANNEL:.+' 'MOZ_UPDATE_CHANNEL: "none",' modules/AppConstants.jsm
- 	replace_line '"https:\/\/[^\/]+mozilla.com.+"' '""' modules/AppConstants.jsm
- 	
--	replace_line 'if \(!updateAuto\) \{' 'if (update.type == "major") {
--      LOG("UpdateService:_selectAndInstallUpdate - prompting because it is a major update");
--      AUSTLMY.pingCheckCode(this._pingSuffix, AUSTLMY.CHK_SHOWPROMPT_PREF);
--      Services.obs.notifyObservers(update, "update-available", "show-prompt");
--      return;
--    }
--    if (!updateAuto) {' modules/UpdateService.jsm
--	
- 	replace_line 'pref\("network.captive-portal-service.enabled".+' 'pref("network.captive-portal-service.enabled", false);' greprefs.js
- 	replace_line 'pref\("network.connectivity-service.enabled".+' 'pref("network.connectivity-service.enabled", false);' greprefs.js
- 	replace_line 'pref\("toolkit.telemetry.server".+' 'pref("toolkit.telemetry.server", "");' greprefs.js
-@@ -363,32 +355,11 @@ if [ $BUILD_WIN == 1 ]; then
- fi
- 
- if [ $BUILD_LINUX == 1 ]; then
--	GECKO_VERSION="$GECKO_VERSION_LINUX"
--	DOWNLOAD_URL="https://ftp.mozilla.org/pub/firefox/releases/$GECKO_VERSION"
--	
--	rm -rf firefox
--	
--	curl -O "$DOWNLOAD_URL/linux-i686/en-US/firefox-$GECKO_VERSION.tar.bz2"
--	rm -rf firefox-i686
--	tar xvf firefox-$GECKO_VERSION.tar.bz2
--	mv firefox firefox-i686
--	
--	pushd firefox-i686
--	modify_omni linux32
--	popd
--	
--	rm "firefox-$GECKO_VERSION.tar.bz2"
--	
--	curl -O "$DOWNLOAD_URL/linux-x86_64/en-US/firefox-$GECKO_VERSION.tar.bz2"
--	rm -rf firefox-x86_64
--	tar xvf firefox-$GECKO_VERSION.tar.bz2
--	mv firefox firefox-x86_64
- 	
--	pushd firefox-x86_64
--	modify_omni linux64
-+	pushd firefox
-+	modify_omni linux
- 	popd
- 	
--	rm "firefox-$GECKO_VERSION.tar.bz2"
- fi
- 
- echo Done

patches/bcachefs-systemd-stage-1.patch

@@ -0,0 +1,63 @@
+diff --git a/nixos/modules/tasks/filesystems/bcachefs.nix b/nixos/modules/tasks/filesystems/bcachefs.nix
+index 851c09781339..6e5adb2a64c5 100644
+--- a/nixos/modules/tasks/filesystems/bcachefs.nix
++++ b/nixos/modules/tasks/filesystems/bcachefs.nix
+@@ -63,6 +63,32 @@ in
+         '';
+       };
+ 
++      boot.initrd.systemd.services = lib.mapAttrs' (mountpoint: fileSystem: let
++        mountUnitName =
++          if mountpoint == "/"
++          then "sysroot.mount"
++          else "sysroot-" + (utils.escapeSystemdPath mountpoint) + ".mount";
++        deviceUnit = (utils.escapeSystemdPath fileSystem.device) + ".device";
++      in {
++        name = "unlock-bcachefs-${utils.escapeSystemdPath mountpoint}";
++        value = {
++          requiredBy = [mountUnitName];
++          before = [mountUnitName];
++          after = [deviceUnit];
++          requires = [deviceUnit];
++          serviceConfig.Type = "oneshot";
++          script = ''
++            if ! bcachefs unlock -c ${fileSystem.device}; then
++              exit 0
++            fi
++            passphrase=
++            until bcachefs unlock ${fileSystem.device} <<<"$passphrase"; do
++              passphrase=$(systemd-ask-password "bcachefs passphrase for ${fileSystem.device}")
++            done
++          '';
++        };
++      }) bootFs;
++
+       boot.initrd.extraUtilsCommands = lib.mkIf (!config.boot.initrd.systemd.enable) ''
+         copy_bin_and_libs ${pkgs.bcachefs-tools}/bin/bcachefs
+       '';
+diff --git a/nixos/tests/installer-systemd-stage-1.nix b/nixos/tests/installer-systemd-stage-1.nix
+index 03f0ec8d746b..69c19f089e4c 100644
+--- a/nixos/tests/installer-systemd-stage-1.nix
++++ b/nixos/tests/installer-systemd-stage-1.nix
+@@ -8,6 +8,8 @@
+   # them when fixed.
+   inherit (import ./installer.nix { inherit system config pkgs; systemdStage1 = true; })
+     # bcache
++    bcachefsSimple
++    bcachefsEncrypted
+     btrfsSimple
+     btrfsSubvolDefault
+     btrfsSubvolEscape
+diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix
+index 590988d95986..027153ed31ec 100644
+--- a/nixos/tests/installer.nix
++++ b/nixos/tests/installer.nix
+@@ -916,7 +916,7 @@ in {
+     enableOCR = true;
+     preBootCommands = ''
+       machine.start()
+-      machine.wait_for_text("enter passphrase for ")
++      machine.wait_for_text("passphrase for ")
+       machine.send_chars("password\n")
+     '';
+ 

patches/signal.patch

@@ -1,48 +0,0 @@
-From 08715717912f84e2b17b191c2e8f23151c7df877 Mon Sep 17 00:00:00 2001
-From: Morantoine <71721545+Morantoine@users.noreply.github.com>
-Date: Tue, 15 Aug 2023 11:23:23 +0200
-Subject: [PATCH 1/2] signal-desktop: 6.27.1 -> 6.28.0
-
----
- .../networking/instant-messengers/signal-desktop/default.nix  | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix b/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix
-index ea1ab235fc466..5e9119b08f7d2 100644
---- a/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix
-+++ b/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix
-@@ -1,8 +1,8 @@
- { callPackage }: builtins.mapAttrs (pname: attrs: callPackage ./generic.nix (attrs // { inherit pname; })) {
-   signal-desktop = {
-     dir = "Signal";
--    version = "6.27.1";
--    hash = "sha256-nEOt6bep6SqhAab8yD9NlRrDGU2IvZeOxSqPj2u1bio=";
-+    version = "6.28.0";
-+    hash = "sha256-zJURX5VygBvW+0v29xqOx9HmQgFgfAbxoacd7ex3iec";
-   };
-   signal-desktop-beta = {
-     dir = "Signal Beta";
-
-From 49118d1f8435e33c13487bc2d8bd7528b46e7eb3 Mon Sep 17 00:00:00 2001
-From: Morantoine <71721545+Morantoine@users.noreply.github.com>
-Date: Tue, 15 Aug 2023 11:24:01 +0200
-Subject: [PATCH 2/2] signal-desktop-beta: 6.24.0-beta.1 -> 6.29.0-beta.1
-
----
- .../networking/instant-messengers/signal-desktop/default.nix  | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix b/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix
-index 5e9119b08f7d2..311ff26693275 100644
---- a/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix
-+++ b/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix
-@@ -6,7 +6,7 @@
-   };
-   signal-desktop-beta = {
-     dir = "Signal Beta";
--    version = "6.24.0-beta.1";
--    hash = "sha256-tA1xsgtAeOn0c0HcZutj+Pqrsr0JV5bQOnknH4t/QkY=";
-+    version = "6.29.0-beta.1";
-+    hash = "sha256-ZUM2tVZbWtiatpI0ogo0MC6q8DIoPEBocIHuszx3Mv0";
-   };
- }

users/julien.nix

@@ -5,7 +5,7 @@
   users.users.julien = {
     isNormalUser = true;
     home = "/home/julien";
-    extraGroups = [ "wheel" config.users.groups.keys.name "filerun" "networkmanager" "davfs2" "adbusers" ];
+    extraGroups = [ "wheel" config.users.groups.keys.name "filerun" "networkmanager" "davfs2" "adbusers" "audio" ];
     shell = pkgs.fish;
     passwordFile = config.sops.secrets.user-julien-password.path;
   };