diff --git a/default.nix b/default.nix index 6e3c55b..b2b4032 100644 --- a/default.nix +++ b/default.nix @@ -1,12 +1,6 @@ let inputs = import ./lon.nix; - patches = import inputs.nix-patches { patchFile = ./patches; }; - inputs_final = inputs // { - nixpkgs_patched = patches.mkNixpkgsSrc { - src = inputs.unstable; - version = "nixos-unstable"; - }; - }; + inputs_final = inputs; dnsLib = (import inputs.dns).lib; lib = (import "${inputs.nixpkgs}/lib").extend (import ./lib inputs_final self.profiles dnsLib); mkLibForMachine = diff --git a/home-manager-modules/mails/default.nix b/home-manager-modules/mails/default.nix index 51ff9e1..6485f71 100644 --- a/home-manager-modules/mails/default.nix +++ b/home-manager-modules/mails/default.nix @@ -14,14 +14,29 @@ with lib; }; config = mkIf cfg.enable { - home.packages = [ pkgs.notmuch-addrlookup ]; + + age.secrets.work-mail-pw = { + file = ../../secrets/work-mail-pw.age; + }; + + age.secrets.dgnum-mail-pw = { + file = ../../secrets/dgnum-mail-pw.age; + }; + + age.secrets.telecom-mail-pw = { + file = ../../secrets/telecom-mail-pw.age; + }; + + age.secrets.ens-mail-pw = { + file = ../../secrets/ens-mail-pw.age; + }; + programs.mbsync.enable = true; - programs.neomutt.enable = true; - programs.neomutt.package = pkgs.stable.neomutt; + programs.mbsync.package = pkgs.stable.isync; programs.msmtp.enable = true; accounts.email = { accounts.ens = { - notmuch.enable = true; + folders.inbox = "INBOX"; address = "julien.malka@ens.fr"; imap.host = "clipper.ens.fr"; mbsync = { @@ -34,14 +49,14 @@ with lib; msmtp.enable = true; primary = true; realName = "Julien Malka"; - passwordCommand = "${pkgs.coreutils}/bin/cat /home/julien/.config/ens-mail-pw"; + passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.ens-mail-pw.path}"; smtp = { host = "clipper.ens.fr"; }; userName = "jmalka"; }; accounts.work = { - notmuch.enable = true; + folders.inbox = "INBOX"; address = "julien@malka.sh"; imap.host = "mail.luj.fr"; mbsync = { @@ -54,7 +69,7 @@ with lib; msmtp.enable = true; primary = false; realName = "Julien Malka"; - passwordCommand = "${pkgs.coreutils}/bin/cat /home/julien/.config/work-mail-pw"; + passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.work-mail-pw.path}"; smtp = { host = "mail.luj.fr"; }; @@ -62,7 +77,7 @@ with lib; }; accounts.telecom = { - notmuch.enable = true; + folders.inbox = "INBOX"; address = "julien.malka@telecom-paris.fr"; imap.host = "z.imt.fr"; mbsync = { @@ -75,7 +90,7 @@ with lib; msmtp.enable = true; primary = false; realName = "Julien Malka"; - passwordCommand = "${pkgs.coreutils}/bin/cat /home/julien/.config/telecom-mail-pw"; + passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.telecom-mail-pw.path}"; smtp = { host = "z.imt.fr"; }; @@ -83,7 +98,7 @@ with lib; }; accounts.dgnum = { - notmuch.enable = true; + folders.inbox = "INBOX"; address = "luj@dgnum.eu"; imap.host = "kurisu.lahfa.xyz"; mbsync = { @@ -96,7 +111,7 @@ with lib; msmtp.enable = true; primary = false; realName = "Julien Malka"; - passwordCommand = "${pkgs.coreutils}/bin/cat /home/julien/.config/dgnum-mail-pw"; + passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.dgnum-mail-pw.path}"; smtp = { host = "kurisu.lahfa.xyz"; }; @@ -110,58 +125,6 @@ with lib; frequency = "minutely"; verbose = true; }; - services.mbsync.postExec = "${pkgs.notmuch}/bin/notmuch new"; - programs.notmuch = { - enable = true; - new.tags = [ ]; - hooks.postNew = '' - # julien@malka.sh - notmuch tag +work-inbox -- folder:work/Inbox - notmuch tag +work-lobsters -- folder:work/Inbox/lobsters - notmuch tag +work-dn42 -- folder:work/Inbox/dn42 - notmuch tag +work-fosdem -- folder:work/Inbox/fosdem - notmuch tag +work-frnog -- folder:work/Inbox/frnog - notmuch tag +work-github -- folder:work/Inbox/github - notmuch tag +work-netdata -- folder:work/Inbox/netdata - notmuch tag +work-nixos-discourse -- folder:work/Inbox/nixos-discourse - notmuch tag +work-proxmox -- folder:work/Inbox/proxmox - - #julien.malka@ens.fr - notmuch tag +ens-inbox path:ens/Inbox/** - notmuch tag +ens-bilan-carbone -ens-inbox -- path:ens/Bilan-Carbone/** - notmuch tag +ens-dg -ens-inbox -- path:ens/DG/** - notmuch tag +ens-cof -ens-inbox -- path:ens/COF/** - notmuch tag +ens-fanfare -ens-inbox -- path:ens/Fanfare/** - notmuch tag +ens-kfet -ens-inbox -- path:ens/K-Fet/** - - - #julien.malka@telecom-paris.fr - notmuch tag +telecom-inbox -- folder:telecom/Inbox - notmuch tag +telecom-gdr-gpl -- folder:telecom/Inbox/gdr-gpl - notmuch tag +telecom-gdr-sec -- folder:telecom/Inbox/gdr-sec - notmuch tag +telecom-infres-tous -- folder:telecom/Inbox/infres-tous - notmuch tag +telecom-tous -- folder:telecom/Inbox/telecom-tous - - #luj@dgnum.eu - notmuch tag +dgnum-inbox path:dgnum/Inbox/** - notmuch tag +dgnum-bureau -dgnum-inbox -- path:dgnum/Inbox/Bureau/** - notmuch tag +dgnum-nixcon -dgnum-inbox -- path:dgnum/Inbox/NixCon/** - - ${pkgs.notifymuch}/bin/notifymuch - - ''; - }; - - xdg.configFile = { - "neomutt/neomuttrc".source = lib.mkForce ./neomuttrc; - "neomutt/dracula.muttrc".source = lib.mkForce ./dracula.muttrc; - "neomutt/ens.profile".source = lib.mkForce ./ens.profile; - "neomutt/telecom.profile".source = lib.mkForce ./telecom.profile; - "neomutt/work.profile".source = lib.mkForce ./work.profile; - "neomutt/discourse.profile".source = lib.mkForce ./discourse.profile; - "neomutt/dgnum.profile".source = lib.mkForce ./dgnum.profile; - "notifymuch/notifymuch.cfg".source = lib.mkForce ./notifymuch; - }; }; } diff --git a/home-manager-modules/mails/dgnum.profile b/home-manager-modules/mails/dgnum.profile deleted file mode 100644 index 6f91b06..0000000 --- a/home-manager-modules/mails/dgnum.profile +++ /dev/null @@ -1,3 +0,0 @@ -set from = "julien.malka@dgnum.eu" -set record=+dgnum/Sent -set collapse_unread = no diff --git a/home-manager-modules/mails/discourse.profile b/home-manager-modules/mails/discourse.profile deleted file mode 100644 index 623c403..0000000 --- a/home-manager-modules/mails/discourse.profile +++ /dev/null @@ -1,4 +0,0 @@ -set collapse_unread = yes -set from = "julien@malka.sh" -set record= +work/Sent - diff --git a/home-manager-modules/mails/dracula.muttrc b/home-manager-modules/mails/dracula.muttrc deleted file mode 100644 index aa77d0f..0000000 --- a/home-manager-modules/mails/dracula.muttrc +++ /dev/null @@ -1,42 +0,0 @@ -############################################################################### -# Dracula Theme for Mutt: https://draculatheme.com/ -# -# @author Paul Townsend - -# general ------------ foreground ---- background ----------------------------- -color error color231 color212 -color indicator color231 color241 -color markers color210 default -color message default default -color normal default default -color prompt default default -color search color84 default -color status color141 color236 -color tilde color231 default -color tree color141 default - -# message index ------ foreground ---- background ----------------------------- -color index color210 default ~D # deleted messages -color index color84 default ~F # flagged messages -color index color117 default ~N # new messages -color index color212 default ~Q # messages which have been replied to -color index color215 default ~T # tagged messages -color index color141 default ~v # messages part of a collapsed thread - -# message headers ---- foreground ---- background ----------------------------- -color hdrdefault color117 default -color header color231 default ^Subject:.* - -# message body ------- foreground ---- background ----------------------------- -color attachment color228 default -color body color231 default [\-\.+_a-zA-Z0-9]+@[\-\.a-zA-Z0-9]+ # email addresses -color body color228 default (https?|ftp)://[\-\.,/%~_:?&=\#a-zA-Z0-9]+ # URLs -color body color231 default (^|[[:space:]])\\*[^[:space:]]+\\*([[:space:]]|$) # *bold* text -color body color231 default (^|[[:space:]])_[^[:space:]]+_([[:space:]]|$) # _underlined_ text -color body color231 default (^|[[:space:]])/[^[:space:]]+/([[:space:]]|$) # /italic/ text -color quoted color61 default -color quoted1 color117 default -color quoted2 color84 default -color quoted3 color215 default -color quoted4 color212 default -color signature color212 default diff --git a/home-manager-modules/mails/ens.profile b/home-manager-modules/mails/ens.profile deleted file mode 100644 index 98f0d2c..0000000 --- a/home-manager-modules/mails/ens.profile +++ /dev/null @@ -1,4 +0,0 @@ -set from = "julien.malka@ens.fr" -set record="+ens/Sent\ Messages" -set collapse_unread = no - diff --git a/home-manager-modules/mails/neomuttrc b/home-manager-modules/mails/neomuttrc deleted file mode 100644 index fcd1926..0000000 --- a/home-manager-modules/mails/neomuttrc +++ /dev/null @@ -1,122 +0,0 @@ -set from = "julien@malka.sh" -# Nom complet de l'expéditeur -set realname = "Julien Malka" -# Génération du champs from -set use_from = yes - -set edit_headers=yes -set reverse_name -set mark_old=no -set editor = "nvim -c 'set tw=72' -c 'set wrap'" -#set editor="vim +':set textwidth=0' +':set wrapmargin=0' +':set wrap'" -#set wrap="72" -set folder = ~/Maildir - -#set spoolfile=/home/julien/Maildir/ens/Inbox -set mbox_type=Maildir -set virtual_spoolfile=yes -set header_cache=~/.cache/mutt -set sidebar_visible = yes -#set record = "+Sent\ Messages" -set nm_unread_tag = unread -set mail_check_stats=yes -set sidebar_short_path = yes - - -set timeout=10 -set mail_check=10 -named-mailboxes "-----work-----" =sep1 -virtual-mailboxes "inbox" "notmuch://?query=tag:work-inbox -virtual-mailboxes "dn42" "notmuch://?query=tag:work-dn42 -virtual-mailboxes "fosdem" "notmuch://?query=tag:work-fosdem -virtual-mailboxes "frnog" "notmuch://?query=tag:work-frnog -virtual-mailboxes "github" "notmuch://?query=tag:work-github -virtual-mailboxes "lobsters" "notmuch://?query=tag:work-lobsters -virtual-mailboxes "netdata" "notmuch://?query=tag:work-netdata -virtual-mailboxes "nixos-discourse" "notmuch://?query=tag:work-nixos-discourse -virtual-mailboxes "proxmox" "notmuch://?query=tag:work-proxmox - -named-mailboxes "-----ens-----" =sep2 -virtual-mailboxes "inbox" "notmuch://?query=tag:ens-inbox -virtual-mailboxes "bilan-carbone" "notmuch://?query=tag:ens-bilan-carbone -virtual-mailboxes "cof" "notmuch://?query=tag:ens-cof -virtual-mailboxes "dg" "notmuch://?query=tag:ens-dg -virtual-mailboxes "kfet" "notmuch://?query=tag:ens-kfet - -named-mailboxes "---telecom---" =sep3 -virtual-mailboxes "inbox" "notmuch://?query=tag:telecom-inbox -virtual-mailboxes "gdr-gpl" "notmuch://?query=tag:telecom-gdr-gpl -virtual-mailboxes "gdr-sec" "notmuch://?query=tag:telecom-gdr-sec -virtual-mailboxes "tous" "notmuch://?query=tag:telecom-tous -virtual-mailboxes "infres-tous" "notmuch://?query=tag:telecom-infres-tous - -named-mailboxes "----dgnum----" =sep4 -virtual-mailboxes "inbox" "notmuch://?query=tag:dgnum-inbox -virtual-mailboxes "bureau" "notmuch://?query=tag:dgnum-bureau -virtual-mailboxes "nixcon" "notmuch://?query=tag:dgnum-nixcon - - -set sidebar_width=15 -set sidebar_divider_char='|' -# color of folders with new mail -# ctrl-n, ctrl-p to select next, prev folder# ctrl-o to open selected folder -bind index \CP sidebar-prev -bind index \CN sidebar-next -bind index \CO sidebar-open -bind pager \CP sidebar-prev -bind pager \CN sidebar-next -bind pager \CO sidebar-open -bind pager \CK previous-line -set nm_default_url = "notmuch:///home/julien/Maildir" - -macro index \\ "" -set metoo=yes - -set query_command="notmuch-addrlookup --config /home/julien/.config/notmuch/default/config --format=mutt '%s'" -set text_flowed - -set collapse_unread = no -set collapse_all = yes - -bind index - collapse-thread - -bind editor complete-query -bind editor ^T complete - - - -set sort = threads -set sort_aux = reverse-last-date-received - - -folder-hook "ens-inbox" 'source ~/.config/neomutt/ens.profile' -folder-hook "ens-bilan-carbone" 'source ~/.config/neomutt/ens.profile' -folder-hook "ens-cof" 'source ~/.config/neomutt/ens.profile' -folder-hook "ens-dg" 'source ~/.config/neomutt/ens.profile' -folder-hook "ens-kfet" 'source ~/.config/neomutt/ens.profile' - -folder-hook "telecom-inbox" 'source ~/.config/neomutt/telecom.profile' -folder-hook "telecom-gdr-gpl" 'source ~/.config/neomutt/telecom.profile' -folder-hook "telecom-gdr-sec" 'source ~/.config/neomutt/telecom.profile' -folder-hook "telecom-infres-tous" 'source ~/.config/neomutt/telecom.profile' -folder-hook "telecom-tous" 'source ~/.config/neomutt/telecom.profile' - -folder-hook "work-nixos-discourse" 'source ~/.config/neomutt/discourse.profile' -folder-hook "work-dn42" 'source ~/.config/neomutt/work.profile' -folder-hook "work-frnog" 'source ~/.config/neomutt/work.profile' -folder-hook "work-inbox" 'source ~/.config/neomutt/work.profile' -folder-hook "work-github" 'source ~/.config/neomutt/work.profile' -folder-hook "work-fosdem" 'source ~/.config/neomutt/work.profile' -folder-hook "work-proxmox" 'source ~/.config/neomutt/work.profile' -folder-hook "work-netdata" 'source ~/.config/neomutt/work.profile' -folder-hook "work-lobsters" 'source ~/.config/neomutt/work.profile' - -folder-hook "dgnum-inbox" 'source ~/.config/neomutt/dgnum.profile' -folder-hook "dgnum-bureau" 'source ~/.config/neomutt/dgnum.profile' -folder-hook "dgnum-nixcon" 'source ~/.config/neomutt/dgnum.profile' - -set sidebar_format = '%D%* %?N?(%N)?%*' -color sidebar_unread yellow default - -source dracula.muttrc -set sendmail = "msmtp" diff --git a/home-manager-modules/mails/notifymuch b/home-manager-modules/mails/notifymuch deleted file mode 100644 index 428a2a8..0000000 --- a/home-manager-modules/mails/notifymuch +++ /dev/null @@ -1,6 +0,0 @@ -[notifymuch] -query = is:unread and (tag:work-inbox or tag:ens-inbox or tag:telecom-inbox or tag:dgnum-inbox or tag:dgnum-bureau) -mail_client = kitty -x neomutt -y -recency_interval_hours = 48 -hidden_tags = inbox unread attachment replied sent encrypted signed - diff --git a/home-manager-modules/mails/telecom.profile b/home-manager-modules/mails/telecom.profile deleted file mode 100644 index dfd221c..0000000 --- a/home-manager-modules/mails/telecom.profile +++ /dev/null @@ -1,3 +0,0 @@ -set from = "julien.malka@telecom-paris.fr" -set record=+telecom/Sent -set collapse_unread = no diff --git a/home-manager-modules/mails/work.profile b/home-manager-modules/mails/work.profile deleted file mode 100644 index cb99259..0000000 --- a/home-manager-modules/mails/work.profile +++ /dev/null @@ -1,4 +0,0 @@ -set from = "julien@malka.sh" -set record= +work/Sent -set collapse_unread = no - diff --git a/lib/snowfield.nix b/lib/snowfield.nix index 8b996dd..2cce87d 100644 --- a/lib/snowfield.nix +++ b/lib/snowfield.nix @@ -53,7 +53,6 @@ sshUser = "root"; }; pve2 = { - subdomains = [ "pve2.luj" ]; ips = { public.ipv4 = "82.67.34.230"; local.ipv4 = "192.168.1.2"; diff --git a/lon.lock b/lon.lock index 31e7451..2d05759 100644 --- a/lon.lock +++ b/lon.lock @@ -37,9 +37,9 @@ "owner": "zhaofengli", "repo": "colmena", "branch": "main", - "revision": "b0a62f234fae02a006123e661ff70e62af16106b", - "url": "https://github.com/zhaofengli/colmena/archive/b0a62f234fae02a006123e661ff70e62af16106b.tar.gz", - "hash": "sha256-gyUVsPAWY9AgVKjrNPoowrIr5BvK4gI0UkDXvv8iSxA=" + "revision": "e3ad42138015fcdf2524518dd564a13145c72ea1", + "url": "https://github.com/zhaofengli/colmena/archive/e3ad42138015fcdf2524518dd564a13145c72ea1.tar.gz", + "hash": "sha256-dI9I6suECoIAmbS4xcrqF8r2pbmed8WWm5LIF1yWPw8=" }, "disko": { "type": "GitHub", @@ -47,9 +47,9 @@ "owner": "nix-community", "repo": "disko", "branch": "master", - "revision": "09a776702b004fdf9c41a024e1299d575ee18a7d", - "url": "https://github.com/nix-community/disko/archive/09a776702b004fdf9c41a024e1299d575ee18a7d.tar.gz", - "hash": "sha256-a+Aakkb+amHw4biOZ0iMo8xYl37uUL48YEXIC5PYJ/8=" + "revision": "2ed5e30fc7e34adf455db8b02b9151d3922a54ea", + "url": "https://github.com/nix-community/disko/archive/2ed5e30fc7e34adf455db8b02b9151d3922a54ea.tar.gz", + "hash": "sha256-5EYzmoTpem2IB9JWzd41sL98pz3lyyCSTiCjv08i4Uk=" }, "dns": { "type": "GitHub", @@ -67,9 +67,9 @@ "owner": "cachix", "repo": "git-hooks.nix", "branch": "master", - "revision": "3c3e88f0f544d6bb54329832616af7eb971b6be6", - "url": "https://github.com/cachix/git-hooks.nix/archive/3c3e88f0f544d6bb54329832616af7eb971b6be6.tar.gz", - "hash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=" + "revision": "3308484d1a443fc5bc92012435d79e80458fe43c", + "url": "https://github.com/cachix/git-hooks.nix/archive/3308484d1a443fc5bc92012435d79e80458fe43c.tar.gz", + "hash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=" }, "home-manager": { "type": "GitHub", @@ -87,9 +87,9 @@ "owner": "nix-community", "repo": "home-manager", "branch": "master", - "revision": "93435d27d250fa986bfec6b2ff263161ff8288cb", - "url": "https://github.com/nix-community/home-manager/archive/93435d27d250fa986bfec6b2ff263161ff8288cb.tar.gz", - "hash": "sha256-nL9nzNE5/re/P+zOv7NX6bRm5e+DeS1HIufQUJ01w20=" + "revision": "a9953635d7f34e7358d5189751110f87e3ac17da", + "url": "https://github.com/nix-community/home-manager/archive/a9953635d7f34e7358d5189751110f87e3ac17da.tar.gz", + "hash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=" }, "homepage": { "type": "GitHub", @@ -107,9 +107,9 @@ "owner": "nix-community", "repo": "impermanence", "branch": "master", - "revision": "e337457502571b23e449bf42153d7faa10c0a562", - "url": "https://github.com/nix-community/impermanence/archive/e337457502571b23e449bf42153d7faa10c0a562.tar.gz", - "hash": "sha256-C2sGRJl1EmBq0nO98TNd4cbUy20ABSgnHWXLIJQWRFA=" + "revision": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a", + "url": "https://github.com/nix-community/impermanence/archive/3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a.tar.gz", + "hash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=" }, "lanzaboote": { "type": "GitHub", @@ -117,9 +117,9 @@ "owner": "nix-community", "repo": "lanzaboote", "branch": "master", - "revision": "2fa1368f938b50e35ca87334b5aeba38a3402165", - "url": "https://github.com/nix-community/lanzaboote/archive/2fa1368f938b50e35ca87334b5aeba38a3402165.tar.gz", - "hash": "sha256-oSr/w/5dvf/8ll6NvQlL7+rrK8wzjIcEMP1LvI4Ag08=" + "revision": "2f48272f34174fd2a5ab3df4d8a46919247be879", + "url": "https://github.com/nix-community/lanzaboote/archive/2f48272f34174fd2a5ab3df4d8a46919247be879.tar.gz", + "hash": "sha256-zpmAzrvK8KdssBSwiIwwRxaUJ77oWORbW0XFvgCFpTE=" }, "lila": { "type": "GitHub", @@ -147,18 +147,9 @@ "owner": "mic92", "repo": "nix-index-database", "branch": "main", - "revision": "04f8a11f247ba00263b060fbcdc95484fd046104", - "url": "https://github.com/mic92/nix-index-database/archive/04f8a11f247ba00263b060fbcdc95484fd046104.tar.gz", - "hash": "sha256-2ntUG+NJKdfhlrh/tF+jOU0fOesO7lm5ZZVSYitsvH8=" - }, - "nix-patches": { - "type": "Git", - "fetchType": "git", - "branch": "main", - "revision": "e11ba20945f4a867f09d84343c37328288f274b4", - "url": "https://git.hubrecht.ovh/hubrecht/nix-patches.git", - "hash": "sha256-O23shOv9RePAw5tD+fTg7pzIEK0TcsuMn+NRfglhzLA=", - "submodules": false + "revision": "f4a5ca5771ba9ca31ad24a62c8d511a405303436", + "url": "https://github.com/mic92/nix-index-database/archive/f4a5ca5771ba9ca31ad24a62c8d511a405303436.tar.gz", + "hash": "sha256-AGXhwHdJV0q/WNgqwrR2zriubLr785b02FphaBtyt1Q=" }, "nixos-anywhere": { "type": "GitHub", @@ -166,9 +157,9 @@ "owner": "nix-community", "repo": "nixos-anywhere", "branch": "main", - "revision": "51d347d35caec995d36d1450cb5bb183318c7fb7", - "url": "https://github.com/nix-community/nixos-anywhere/archive/51d347d35caec995d36d1450cb5bb183318c7fb7.tar.gz", - "hash": "sha256-LrCxIU6laEf4JD1QtOBNr+PASY6CbNPpUrjLIUizt+Y=" + "revision": "80a2e7d6d9816a80fd412befd5f173836e675185", + "url": "https://github.com/nix-community/nixos-anywhere/archive/80a2e7d6d9816a80fd412befd5f173836e675185.tar.gz", + "hash": "sha256-zcoxeMRGPpOd46dLeo2bgGLkjW5w50VC5DwZlvZD+A4=" }, "nixpkgs": { "type": "GitHub", @@ -176,9 +167,9 @@ "owner": "nixos", "repo": "nixpkgs", "branch": "nixos-24.05", - "revision": "32e940c7c420600ef0d1ef396dc63b04ee9cad37", - "url": "https://github.com/nixos/nixpkgs/archive/32e940c7c420600ef0d1ef396dc63b04ee9cad37.tar.gz", - "hash": "sha256-BAuPWW+9fa1moZTU+jFh+1cUtmsuF8asgzFwejM4wac=" + "revision": "e8c38b73aeb218e27163376a2d617e61a2ad9b59", + "url": "https://github.com/nixos/nixpkgs/archive/e8c38b73aeb218e27163376a2d617e61a2ad9b59.tar.gz", + "hash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=" }, "stateless-uptime-kuma": { "type": "Git", @@ -195,9 +186,9 @@ "owner": "nixos", "repo": "nixpkgs", "branch": "nixos-unstable", - "revision": "2768c7d042a37de65bb1b5b3268fc987e534c49d", - "url": "https://github.com/nixos/nixpkgs/archive/2768c7d042a37de65bb1b5b3268fc987e534c49d.tar.gz", - "hash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=" + "revision": "23e89b7da85c3640bbc2173fe04f4bd114342367", + "url": "https://github.com/nixos/nixpkgs/archive/23e89b7da85c3640bbc2173fe04f4bd114342367.tar.gz", + "hash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=" } } } diff --git a/machines/fischer/default.nix b/machines/fischer/default.nix index d261dd0..0f2176e 100644 --- a/machines/fischer/default.nix +++ b/machines/fischer/default.nix @@ -13,7 +13,7 @@ machine.meta = { arch = "x86_64-linux"; - nixpkgs_version = inputs.nixpkgs_patched; + nixpkgs_version = inputs.unstable; hm_version = inputs.home-manager-unstable; # TODO: Fix colmena deployment ips.public.ipv4 = "127.0.0.1"; @@ -157,6 +157,13 @@ MaxAuthTries 20 ''; + services.zerotierone = { + enable = true; + joinNetworks = [ + "ebe7fbd4451442b0" + ]; + }; + # Desktop environment programs.xwayland.enable = true; programs.hyprland = { diff --git a/machines/fischer/home-julien.nix b/machines/fischer/home-julien.nix index 5d004d9..afe9f35 100644 --- a/machines/fischer/home-julien.nix +++ b/machines/fischer/home-julien.nix @@ -18,7 +18,7 @@ programs.emacs = { enable = true; - package = pkgs.emacs30-pgtk; + package = pkgs.emacs30; extraPackages = epkgs: [ epkgs.mu4e ]; @@ -69,6 +69,7 @@ emacsPackages.jinx hunspellDicts.en_US texlive.combined.scheme-full + hledger ]; fonts.fontconfig.enable = true; diff --git a/machines/gallifrey/default.nix b/machines/gallifrey/default.nix index 8e3a538..a99df90 100644 --- a/machines/gallifrey/default.nix +++ b/machines/gallifrey/default.nix @@ -108,8 +108,17 @@ xorg.xinit gnomeExtensions.dash-to-dock gnomeExtensions.tailscale-status + gnomeExtensions.appindicator + gnome-tweaks + pkgs.firefoxpwa ]; + programs.firefox = { + enable = true; + package = pkgs.firefox; + nativeMessagingHosts.packages = [ pkgs.firefoxpwa ]; + }; + environment.persistence."/persistent" = { hideMounts = true; directories = [ diff --git a/machines/gallifrey/hardware.nix b/machines/gallifrey/hardware.nix index 8750b5c..f7a11d7 100644 --- a/machines/gallifrey/hardware.nix +++ b/machines/gallifrey/hardware.nix @@ -22,7 +22,7 @@ boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; - boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelPackages = pkgs.linuxPackages_6_11; fileSystems."/data" = { device = "/dev/disk/by-uuid/4680be45-8156-4bf0-8b0b-e7493aaf37c0"; diff --git a/machines/gallifrey/home-julien.nix b/machines/gallifrey/home-julien.nix index 03a4353..6b9231f 100644 --- a/machines/gallifrey/home-julien.nix +++ b/machines/gallifrey/home-julien.nix @@ -50,6 +50,8 @@ plugins = with pkgs; [ obs-studio-plugins.obs-vkcapture ]; }; + programs.mu.enable = true; + home.packages = with pkgs; [ du-dust kitty @@ -80,7 +82,6 @@ texlive.combined.scheme-full inochi-creator inochi-session - chromium gh ouch spotify @@ -91,6 +92,16 @@ emacsPackages.jinx hunspellDicts.en_US rstudio + forge-sparks + citations + blanket + fragments + metadata-cleaner + gnome-obfuscate + warp + tuba + resources + notify-client ]; fonts.fontconfig.enable = true; @@ -100,6 +111,8 @@ ".config/gnome-initial-setup-done" ".config/monitors.xml" ".config/background" + ".cert/nm-openvpn/telecom-paris-ca.pem" + ".local/share/com.ranfdev.Notify.sqlite" ]; directories = [ "Pictures" @@ -111,23 +124,24 @@ ".local/share/direnv" ".local/state/cosmic-comp" ".local/share/atuin" + ".local/share/firefoxpwa" ".config/Signal" ".cache/spotify" ".config/spotify" + ".config/autostart" + ".config/borg" + ".config/pika-backup" + ".config/Element" ".step" ".emacs.d" ".gnupg" "Zotero" ".config/dconf" + ".local/share/keyrings" ]; allowOther = true; }; - programs.firefox = { - enable = true; - package = pkgs.firefox; - }; - home.keyboard = { layout = "fr"; }; diff --git a/machines/gustave/pages.nix b/machines/gustave/pages.nix index 49349f9..60b6804 100644 --- a/machines/gustave/pages.nix +++ b/machines/gustave/pages.nix @@ -38,9 +38,7 @@ settingsFile = config.age.secrets."pages-settings-file".path; }; - networking.firewall.allowedTCPPorts = [ - 8447 - ]; + networking.firewall.allowedTCPPorts = [ 8447 ]; luj.nginx.enable = true; services.nginx = { @@ -51,18 +49,25 @@ defaultListen = [ { - addr = "127.0.0.1"; + addr = "0.0.0.0"; port = 8446; ssl = true; proxyProtocol = true; } { addr = "0.0.0.0"; + port = 80; + ssl = false; + } + { + addr = "[::]"; + port = 80; ssl = false; } ]; streamConfig = '' + map $ssl_preread_server_name $sni_upstream { hostnames; default 0.0.0.0:8010; diff --git a/modules/hmgr/default.nix b/modules/hmgr/default.nix index 29d3513..6aab2e2 100644 --- a/modules/hmgr/default.nix +++ b/modules/hmgr/default.nix @@ -23,7 +23,10 @@ with lib; (map (x: ../../home-manager-modules + "/${x}/default.nix") ( attrNames (readDir ../../home-manager-modules) )) - ++ [ "${inputs.impermanence}/home-manager.nix" ]; + ++ [ + "${inputs.impermanence}/home-manager.nix" + "${inputs.agenix}/modules/age-home.nix" + ]; home.username = "${name}"; home.homeDirectory = "/home/${name}"; home.stateVersion = "21.05"; diff --git a/modules/nix/default.nix b/modules/nix/default.nix index e944b12..a9bf701 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -1,7 +1,6 @@ { config, lib, - inputs, pkgs, ... }: @@ -22,8 +21,8 @@ with lib; experimental-features = nix-command flakes ''; nixPath = [ - "nixpkgs=${inputs.nixpkgs}" - "nixos=${inputs.nixpkgs}" + "nixpkgs=${config.machine.meta.nixpkgs_version}" + "nixos=${config.machine.meta.nixpkgs_version}" ]; settings = { builders-use-substitutes = true; diff --git a/patches/default.nix b/patches/default.nix deleted file mode 100644 index 2c63c08..0000000 --- a/patches/default.nix +++ /dev/null @@ -1,2 +0,0 @@ -{ -} diff --git a/profiles/base.nix b/profiles/base.nix index a54477d..96eb09b 100644 --- a/profiles/base.nix +++ b/profiles/base.nix @@ -45,6 +45,7 @@ programs.gnupg.agent.enable = true; networking.firewall.enable = true; + systemd.services.NetworkManager-wait-online.enable = false; environment.systemPackages = with pkgs; [ neovim diff --git a/secrets/dgnum-mail-pw.age b/secrets/dgnum-mail-pw.age new file mode 100644 index 0000000..464159f --- /dev/null +++ b/secrets/dgnum-mail-pw.age @@ -0,0 +1,14 @@ +age-encryption.org/v1 +-> ssh-ed25519 u3yXZQ 5PeYNFchlEHtVXEQSG+dC3D+EEP46i71O6T9uuEkD3g +WS0s5betBaa+jVwSD6cEKR4KBqWwMR6eGnGZvthTrU8 +-> ssh-ed25519 AqX2tg NTnhvcfQ/W1tzezQluexQDtTKAI+6ATLENvxV7pNCCA +HxbdeKRviWIl4l8VCY2MUnk4uSQg3AuqwIb1xgTySyg +-> ssh-ed25519 eySVIw v1tXIUlY+stg20QI0uBZK3/17FtSIYTXFPZr4r/KUR0 +GBdyiP3nzDSET4xBYjJfXFXW/Wfs3UTI68BUepwUv9E +-> ssh-ed25519 ThuR9A zgid7w5dH1ETfDlSLHwy/UhnaFtFTlWqMm5RpjifzCs +x2+s/vC3MWW5mi9deiu2U+ZvLNEEsql8NxzJgnRlRCM +-> ssh-ed25519 LFAtBQ l9GhRJTJHugH8W2/r0QwZRRPZqGkRvx8yxTj4TwOV1w +KzhI8Cs5zj5MMaLNMFdTc2N5qSbFVCK6NpNbGDdqHOU +--- EFAMmxVPGjYrzXTdBiYCGRv8IGVp3M+DAiJe8jrAG/U +hZD\2|cٟA7K .ޫ70t#uP^ R@ +>Ĩ߲RC>6ryyg \ No newline at end of file diff --git a/secrets/ens-mail-pw.age b/secrets/ens-mail-pw.age new file mode 100644 index 0000000..c003631 --- /dev/null +++ b/secrets/ens-mail-pw.age @@ -0,0 +1,14 @@ +age-encryption.org/v1 +-> ssh-ed25519 u3yXZQ xgPFHNqjt5oiwyA6DjbJQwt1OJIwrhaM9rBj8VkfJlQ +oEFkyDXUMw7h+kKXb6Yrn7SDH2hByFW85blHmtu7opk +-> ssh-ed25519 AqX2tg LuCm78y0BFQYqbS7xkqBTc+IGl0HlLLsePgIkTsGgkM +Ebuqvp72OVZE2gXbKpOxr0Awk6zb55xffZYYb43uDHM +-> ssh-ed25519 eySVIw ki51C627bozYPOrTZvz28kNthpr8ZvzooBux0yyEmHc +pThFLvfXrgOu9x5jyZMuZP8LJymNb7MQUzT2EnwruiU +-> ssh-ed25519 ThuR9A 4CDVLXHdYwPqCSGYw22vQMeWpspVNT8zbj6lXmJVBCk +mYiAD8uCZsxYhjremt3vJ9DTXAqBWhOsAMKEiSHWSzs +-> ssh-ed25519 LFAtBQ UzVzUenJO9tjF1FJNNuCIs7P37qpZ2WfUO82rkrXABQ +JkWXo9nJ7+6xiznzpeH2gK7BDpmXYfhO4sLy6iwflOc +--- syGfKorkGOCg8iY7gGV6UuVq9ePtzTSyvCu9MEqy17k +o T39V˓ٙVL +AKǪiA O' \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 485c070..3f93d46 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -9,6 +9,8 @@ let lambda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKluGTi+vGRLU2emYBhTJuEy7Qw0xq1e0Ey7wvU9xYHz"; nuage = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEtPoZXJKPfSPGYb/H9eWL0tNSpAKM6V/AgeE1Uf2Is6"; gallifrey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEr9QRD7QTNsAFmuJoX1mFzQ5A2ik1/ogMrvW54JMXeQ"; + gallifrey_home = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMAa0wll9ildhgPiV0DhgJXXtw3TQr5VkNxxxPspHSbX julien@gallifrey"; + fisher_home = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIADCpuBL/kSZShtXD6p/Nq9ok4w1DnlSoxToYgdOvUqo julien@telecom"; akhaten = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII5W1rr+VW2TLLytoTExWg4T14lrdLFkSM4YLfbEIb2g"; servers = [ gustave @@ -106,4 +108,32 @@ in tower lambda ]; + "dgnum-mail-pw.age".publicKeys = [ + gallifrey + tower + fischer + gallifrey_home + fisher_home + ]; + "work-mail-pw.age".publicKeys = [ + gallifrey + tower + fischer + gallifrey_home + fisher_home + ]; + "telecom-mail-pw.age".publicKeys = [ + gallifrey + tower + fischer + gallifrey_home + fisher_home + ]; + "ens-mail-pw.age".publicKeys = [ + gallifrey + tower + fischer + gallifrey_home + fisher_home + ]; } diff --git a/secrets/telecom-mail-pw.age b/secrets/telecom-mail-pw.age new file mode 100644 index 0000000..60929d7 --- /dev/null +++ b/secrets/telecom-mail-pw.age @@ -0,0 +1,14 @@ +age-encryption.org/v1 +-> ssh-ed25519 u3yXZQ kUUnaOHFtg5OFlERbYMS9qyJ6p1jcxborXJWr/FZT1w +y+a2IzEoRuvwzl7U8TYfQvUhZcHgaHALqyzpHN3XcQ8 +-> ssh-ed25519 AqX2tg exW2CX3Qai32V0cw6TIs1cSPjQVenKu/ZxPTGd9JKQU +QEz7dXeTUv2SFUdMwSIphT4mVrLc4p9I/6K7UZw6gL4 +-> ssh-ed25519 eySVIw tUhWZPM/2Bj5rKXQbeGRAby3r/w6YttOoHb4UHa2FDU +M9TG1clNu4sS36SbKvJyv5yAPlYRVqzknax8xqakSnw +-> ssh-ed25519 ThuR9A 3hagqEkYVpY6KlstIbWEwoqS364+bP84nIGeafnGIlA +Ix8J2vH5N27JMyrFS7puc7w4o/ncnVCiY93wzRQFqOs +-> ssh-ed25519 LFAtBQ aymoqg13GB70LePTog97o2TYqP9jj7Xc8FhXUgBxDko +pci2UrnhzbUMAFQuo7pg1a3Nz4ru33zL5Zov5Ropv48 +--- QDnPy3fW5pTLwpR8Csc9yx/Xj0Jdf1BwxL2moee1M2c +g0p +Aj5o~(,UԬ \ No newline at end of file diff --git a/secrets/work-mail-pw.age b/secrets/work-mail-pw.age new file mode 100644 index 0000000..79a03a9 Binary files /dev/null and b/secrets/work-mail-pw.age differ