tsandrini · tsandrini · Sep 4, 2024 · Aug 12, 2024 · Aug 14, 2024 · Aug 14, 2024
diff --git a/flake-parts/agenix/pubkeys.nix b/flake-parts/agenix/pubkeys.nix
@@ -20,7 +20,7 @@ in
 {
   common = { };
   hosts = {
-    spinorbundle = {
+    jetbundle = {
       users = {
         root = {
           sshKey = null;
@@ -32,7 +32,19 @@ in
         };
       };
     };
-    jetbundle = {
+    remotebundle = {
+      users = {
+        root = {
+          sshKey = null;
+          authorizedKeys = [ tsandrini ]; # TODO only temporary
+        };
+        tsandrini = {
+          sshKey = null;
+          authorizedKeys = [ tsandrini ];
+        };
+      };
+    };
+    spinorbundle = {
       users = {
         root = {
           sshKey = null;

diff --git a/flake-parts/agenix/secrets/common/accounts/.gitignore b/flake-parts/agenix/secrets/common/accounts/.gitignore
@@ -0,0 +1 @@
+!.gitignore
diff --git a/flake-parts/agenix/secrets/hosts/remotebundle/.gitignore b/flake-parts/agenix/secrets/hosts/remotebundle/.gitignore
@@ -0,0 +1 @@
+!.gitignore
diff --git a/flake-parts/agenix/secrets/hosts/remotebundle/mailserver/.gitignore b/flake-parts/agenix/secrets/hosts/remotebundle/mailserver/.gitignore
@@ -0,0 +1 @@
+!.gitignore
diff --git a/flake-parts/agenix/secrets/hosts/remotebundle/mailserver/business-at-tsandrini-dot-sh.age b/flake-parts/agenix/secrets/hosts/remotebundle/mailserver/business-at-tsandrini-dot-sh.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 VC7Vrg QBdkTElx5B7UJbRLJryMBelgcfbbLWjQ66uo/cP75Xc
+KPwr0L4lhnqdgFETgnXRcR4obsFhHw9Z2Q5kCZHYNvY
+-> ssh-ed25519 ot5CBw /EBGKeVVExrU7unhMlSi9XLTFT7Q9OCb6bzSWoctDms
+kNPifrDnr//9s2CkQrGW7MnsDxCPazdP+0B7KWN4tEE
+--- Mg0HNjPuweKGtQB7qDmcv72nu0XCwGgANxAwZTvluUA
+��͓@ƭ�#��p\�4N���ʋX��q��oG`$IC<��#8�q��BS����4֜�s�}?fI�Wa��`����;uPp,�ŕ�
diff --git a/flake-parts/agenix/secrets/hosts/remotebundle/mailserver/newsletters-at-tsandrini-dot-sh.age b/flake-parts/agenix/secrets/hosts/remotebundle/mailserver/newsletters-at-tsandrini-dot-sh.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 VC7Vrg xwjduHgvA9qB/rnt8WUJlYFAunVRLaLThCi1d5vpWRs
+0Zq53bCsAykmmVdqJixG3y14ZYMLAQ32liyb2vWgijQ
+-> ssh-ed25519 ot5CBw S51ufa0rNr1ICYeMd0549w4sAFzvn/lryBBwvY3r81U
++Gue9DkZ4NKHTdB761GKS2VPyWv4laK5OPmSPHuZ/ig
+--- ZgQ80KCXT0J6ySFK02R5XYfY3/yLjDCZ7JJWHZcBEXU
+��L&�"1��-�t>���D�W��Ԋ9H��̋��1��N�#�.CQK�r��[���u���6�ǉ;4��Qy�{�T$�wJd��|�
diff --git a/flake-parts/agenix/secrets/hosts/remotebundle/mailserver/rspamd-ui-basic-auth-file.age b/flake-parts/agenix/secrets/hosts/remotebundle/mailserver/rspamd-ui-basic-auth-file.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 VC7Vrg rs7sbkHH5xXcBUuTrWp9w9F5og4QprI6lOVOEtcnTAg
+EZT3LsbbbURq1seuPFhXPe+geTkMxddC5TTsKJ7XwBU
+-> ssh-ed25519 ot5CBw 6l/BC/jiR9qnY/3OHO64JTElCf2Yrgpw5RySUFlHzTw
+qi1joDDl7LdPelfadyHYeSfNgxMcMVo5czhqSfYUcnA
+--- JXgzf+gpglI8cPiNqERMkx4kviBmsfaBBlYnkC4wLps
+����*[ݨn����dI��F���K�pv�r�0�G�P/*����Q�Mb���! ���?c�&#���U���H��c{�0�}

diff --git a/flake-parts/agenix/secrets/hosts/remotebundle/mailserver/security-at-tsandrini-dot-sh.age b/flake-parts/agenix/secrets/hosts/remotebundle/mailserver/security-at-tsandrini-dot-sh.age
diff --git a/flake-parts/agenix/secrets/hosts/remotebundle/mailserver/shopping-at-tsandrini-dot-sh.age b/flake-parts/agenix/secrets/hosts/remotebundle/mailserver/shopping-at-tsandrini-dot-sh.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 VC7Vrg rNFErBgckTPtjQXLomAQbzCA/JuzXdzZdovhaTSxtH4
+U1Mkef8SBnmj7OHcsmKFdn6RzP9MleU7r/KEwW7GEyQ
+-> ssh-ed25519 ot5CBw K8CVm27rEoa8BLiCGuTxiGBSlajHrdGGWkInM11980Q
+3jeWAx2o36/o9G8pZDCd+Cltperrb30mGZ+6aXACTVo
+--- BB156ALXxwovqjSrMHexoH9nUH4FrXP9VjwPLeav2zA
+I;����6��(u�+R&��$ͱ�eS�T���Urѡe�\��-L2���i������V�{@�8Sw,��!*;xDܒ�]�OY	�tF�
diff --git a/flake-parts/agenix/secrets/hosts/remotebundle/mailserver/t-at-tsandrini-dot-sh.age b/flake-parts/agenix/secrets/hosts/remotebundle/mailserver/t-at-tsandrini-dot-sh.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 VC7Vrg KO5d1yBJ/6elSFbGj2FoZdXemkS+yrhO/WtJ7tc5rxA
+DPDjx17STuqPnh3B2JGyJdgHja/CQFdbZx/gst5pX2I
+-> ssh-ed25519 ot5CBw 2/w45PxxUxyDtpJEPRp2id+DV9hIzxRvanhUuVILjXU
+92usHhhiELZ87pC45SCaACe/P1NWsvoLP96zCmaX+44
+--- 16gFn3fp+ZgNNnQazxIXGRP1UjRMwvAzFbx59VMGTzw
+��p(+�?�����2�ţO�Z��p�?��
+i�2���
+X��r��ѽ���u�1�b@$����ٵ�;�j6g�]����t?W\�B�s�B�hA
diff --git a/flake-parts/agenix/secrets/hosts/remotebundle/users/.gitignore b/flake-parts/agenix/secrets/hosts/remotebundle/users/.gitignore
@@ -0,0 +1 @@
+!.gitignore
diff --git a/flake-parts/agenix/secrets/hosts/remotebundle/users/root/.gitignore b/flake-parts/agenix/secrets/hosts/remotebundle/users/root/.gitignore
@@ -0,0 +1 @@
+!.gitignore
diff --git a/flake-parts/agenix/secrets/hosts/remotebundle/users/root/system-password.age b/flake-parts/agenix/secrets/hosts/remotebundle/users/root/system-password.age
diff --git a/flake-parts/agenix/secrets/hosts/remotebundle/users/tsandrini/.gitignore b/flake-parts/agenix/secrets/hosts/remotebundle/users/tsandrini/.gitignore
@@ -0,0 +1 @@
+!.gitignore
diff --git a/flake-parts/agenix/secrets/hosts/remotebundle/users/tsandrini/system-password.age b/flake-parts/agenix/secrets/hosts/remotebundle/users/tsandrini/system-password.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 VC7Vrg MkIFJeCqC29p5GGhwY8t1+UH3RfEx1DZQF00itO/fwI
+H4V9M26b+fWROM55DQ5+ls2oKYW0GL0TwHsdC5qmg7M
+-> ssh-ed25519 ot5CBw Ce0eSEEroygi+HflxpEpfvR1CEdAUf2rLpeaMn98UwI
++WXB9HFmGYK2CITBzGYB/11Fgonahe/l3SACSmI0ZpI
+--- 9m5BGUCBO+CiHTtnBJR6mfaB6WdwtlZYdNpxFxCtXts
+`�U;W_J�u��Ce�4nE�V��=j�8Z�W�/�dЧ�a�"Q�rjW��=��ط��M���
+��΀뜂h�0��r�9�ζE����뺽'i����OI֚�i�Ȓ���I(��!-��	X����k�d��q �)W�

diff --git a/flake-parts/agenix/secrets/secrets.nix b/flake-parts/agenix/secrets/secrets.nix
@@ -15,27 +15,52 @@
 let
   spinorbundle = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH1693g0EVyChehwAjJqkKLWD8ZysLbo9TbRZ2B9BcKe root@spinorbundle";
   jetbundle = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAQpLfZTRGfeVkh0tTCZ7Ads5fwYnl3cIj34Fukkymhp root@jetbundle";
-  # hosts = [jetbundle spinorbundle];
+  remotebundle = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/zORD7glqIeAJNnoW7PFKmZV1eJr46glrSvFDyWH2/ root@nixos";
 
   tsandrini = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWrK27cm+rAVKuwDjlJgCuy8Rftg2YOALwtnu7z3Ox1 tsandrini";
 in
-# users = [tsandrini];
 {
   # ----------
   # | COMMON |
   # ----------
+  # "common/accounts/tomas-dot-sandrini-at-seznam-dot-cz.age".publicKeys = [ tsandrini ];
+  # "common/accounts/wareczech-at-gmail-dot-com.age".publicKeys = [ tsandrini ];
 
   # ---------
   # | HOSTS |
   # ---------
 
-  # I. #spinorbundle
+  # jetbundle
+  "hosts/jetbundle/users/root/system-password.age".publicKeys = [ jetbundle ] ++ [ tsandrini ];
+  "hosts/jetbundle/users/tsandrini/system-password.age".publicKeys = [ jetbundle ] ++ [ tsandrini ];
+
+  # remotebundle
+  "hosts/remotebundle/users/root/system-password.age".publicKeys = [ remotebundle ] ++ [ tsandrini ];
+  "hosts/remotebundle/users/tsandrini/system-password.age".publicKeys = [
+    remotebundle
+  ] ++ [ tsandrini ];
+  "hosts/remotebundle/mailserver/t-at-tsandrini-dot-sh.age".publicKeys = [
+    remotebundle
+  ] ++ [ tsandrini ];
+  "hosts/remotebundle/mailserver/business-at-tsandrini-dot-sh.age".publicKeys = [
+    remotebundle
+  ] ++ [ tsandrini ];
+  "hosts/remotebundle/mailserver/security-at-tsandrini-dot-sh.age".publicKeys = [
+    remotebundle
+  ] ++ [ tsandrini ];
+  "hosts/remotebundle/mailserver/shopping-at-tsandrini-dot-sh.age".publicKeys = [
+    remotebundle
+  ] ++ [ tsandrini ];
+  "hosts/remotebundle/mailserver/newsletters-at-tsandrini-dot-sh.age".publicKeys = [
+    remotebundle
+  ] ++ [ tsandrini ];
+  "hosts/remotebundle/mailserver/rspamd-ui-basic-auth-file.age".publicKeys = [
+    remotebundle
+  ] ++ [ tsandrini ];
+
+  # spinorbundle
   "hosts/spinorbundle/users/root/system-password.age".publicKeys = [ spinorbundle ] ++ [ tsandrini ];
   "hosts/spinorbundle/users/tsandrini/system-password.age".publicKeys = [
     spinorbundle
   ] ++ [ tsandrini ];
-
-  # II. #jetbundle
-  "hosts/jetbundle/users/root/system-password.age".publicKeys = [ jetbundle ] ++ [ tsandrini ];
-  "hosts/jetbundle/users/tsandrini/system-password.age".publicKeys = [ jetbundle ] ++ [ tsandrini ];
 }
diff --git a/flake-parts/deploy-rs/default.nix b/flake-parts/deploy-rs/default.nix
@@ -0,0 +1,39 @@
+# --- flake-parts/deploy-rs/default.nix
+#
+# Author:  tsandrini <[email protected]>
+# URL:     https://github.com/tsandrini/tensorfiles
+# License: MIT
+#
+# 888                                                .d888 d8b 888
+# 888                                               d88P"  Y8P 888
+# 888                                               888        888
+# 888888 .d88b.  88888b.  .d8888b   .d88b.  888d888 888888 888 888  .d88b.  .d8888b
+# 888   d8P  Y8b 888 "88b 88K      d88""88b 888P"   888    888 888 d8P  Y8b 88K
+# 888   88888888 888  888 "Y8888b. 888  888 888     888    888 888 88888888 "Y8888b.
+# Y88b. Y8b.     888  888      X88 Y88..88P 888     888    888 888 Y8b.          X88
+#  "Y888 "Y8888  888  888  88888P'  "Y88P"  888     888    888 888  "Y8888   88888P'
+{ inputs, config, ... }:
+let
+  inherit (inputs) deploy-rs;
+in
+{
+
+  flake.deploy.nodes = {
+    "remotebundle" = {
+      hostname = "37.205.15.242";
+
+      profiles.system = {
+        user = "root";
+        sshUser = "tsandrini"; # TODO only for now
+        autoRollback = true;
+        magicRollback = true;
+
+        path = deploy-rs.lib.x86_64-linux.activate.nixos config.flake.nixosConfigurations."remotebundle";
+      };
+    };
+  };
+
+  flake.checks = builtins.mapAttrs (
+    _system: deployLib: deployLib.deployChecks config.flake.deploy
+  ) deploy-rs.lib;
+}
diff --git a/flake-parts/homes/tsandrini@jetbundle/default.nix b/flake-parts/homes/tsandrini@jetbundle/default.nix
@@ -44,7 +44,7 @@
 
   home.packages = with pkgs; [
     thunderbird # A full-featured e-mail client
-    beeper # Universal chat app.
+    # beeper # Universal chat app.
     armcord # Lightweight, alternative desktop client for Discord
     anki # Spaced repetition flashcard program
     libreoffice # Comprehensive, professional-quality productivity suite, a variant of openoffice.org

diff --git a/flake-parts/hosts/default.nix b/flake-parts/hosts/default.nix
@@ -20,13 +20,18 @@
   ...
 }:
 let
+  inherit (inputs.flake-parts.lib) importApply;
+
   mkHost =
     args: hostName:
     {
       extraSpecialArgs ? { },
       extraModules ? [ ],
       extraOverlays ? [ ],
       withHomeManager ? false,
+      hostImportArgs ? {
+        inherit inputs;
+      },
       ...
     }:
     let
@@ -48,7 +53,7 @@ let
             nixpkgs.config.allowUnfree = true;
             networking.hostName = hostName;
           }
-          ./${hostName}
+          (importApply ./${hostName} hostImportArgs)
         ]
         ++ extraModules
         # Disabled by default, therefore load every module and enable via attributes
@@ -74,37 +79,58 @@ let
 in
 {
   flake.nixosConfigurations = {
-    spinorbundle = withSystem "x86_64-linux" (
+    jetbundle = withSystem "x86_64-linux" (
       args:
-      mkHost args "spinorbundle" {
+      mkHost args "jetbundle" {
         withHomeManager = true;
         extraOverlays = with inputs; [
           nix-topology.overlays.default
-          neovim-nightly-overlay.overlays.default
           emacs-overlay.overlays.default
           nur.overlay
+          # neovim-nightly-overlay.overlays.default
           # (final: _prev: { nur = import inputs.nur { pkgs = final; }; })
         ];
         extraModules = with inputs; [
           nur.nixosModules.nur
-          # nix-topology.nixosModules.default
+          nix-topology.nixosModules.default
+          # TODO remove when available https://github.com/NixOS/nixpkgs/pull/334638
+          { nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ]; }
         ];
       }
     );
-    jetbundle = withSystem "x86_64-linux" (
+    remotebundle = withSystem "x86_64-linux" (
       args:
-      mkHost args "jetbundle" {
+      mkHost args "remotebundle" {
+        withHomeManager = true;
+        extraOverlays = with inputs; [
+          nix-topology.overlays.default
+          # nur.overlay
+          # neovim-nightly-overlay.overlays.default
+        ];
+        extraModules = with inputs; [
+          nix-topology.nixosModules.default
+          # nur.nixosModules.nur
+          # TODO remove when available https://github.com/NixOS/nixpkgs/pull/334638
+          { nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ]; }
+        ];
+      }
+    );
+    spinorbundle = withSystem "x86_64-linux" (
+      args:
+      mkHost args "spinorbundle" {
         withHomeManager = true;
         extraOverlays = with inputs; [
           nix-topology.overlays.default
-          neovim-nightly-overlay.overlays.default
           emacs-overlay.overlays.default
           nur.overlay
+          # neovim-nightly-overlay.overlays.default
           # (final: _prev: { nur = import inputs.nur { pkgs = final; }; })
         ];
         extraModules = with inputs; [
           nur.nixosModules.nur
-          # nix-topology.nixosModules.default
+          nix-topology.nixosModules.default
+          # TODO remove when available https://github.com/NixOS/nixpkgs/pull/334638
+          { nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ]; }
         ];
       }
     );

diff --git a/flake-parts/hosts/jetbundle/default.nix b/flake-parts/hosts/jetbundle/default.nix
@@ -12,7 +12,8 @@
 # 888   88888888 888  888 "Y8888b. 888  888 888     888    888 888 88888888 "Y8888b.
 # Y88b. Y8b.     888  888      X88 Y88..88P 888     888    888 888 Y8b.          X88
 #  "Y888 "Y8888  888  888  88888P'  "Y88P"  888     888    888 888  "Y8888   88888P'
-{ pkgs, inputs, ... }:
+{ inputs }:
+{ pkgs, ... }:
 {
   # -----------------
   # | SPECIFICATION |
@@ -65,6 +66,11 @@
     programs.shadow-nix.enable = true;
     tasks.system-autoupgrade.enable = false;
 
+    # Use the `nh` garbage collect to also collect .direnv and XDG profiles
+    # roots instead of the default ones.
+    tasks.nix-garbage-collect.enable = false;
+    programs.nh.enable = true;
+
     system.users.usersSettings."root" = {
       agenixPassword.enable = true;
     };
@@ -83,16 +89,22 @@
     };
   };
 
-  # Use the `nh` garbage collect to also collect .direnv and XDG profiles
-  # roots instead of the default ones.
-  tensorfiles.tasks.nix-garbage-collect.enable = false;
-  tensorfiles.programs.nh.enable = true;
   # TODO maybe use github:tsandrini/tensorfiles instead?
   programs.nh.flake = "/home/tsandrini/ProjectBundle/tsandrini/tensorfiles";
 
   programs.shadow-client.forceDriver = "iHD";
-  programs.zsh.enable = true;
-  users.defaultUserShell = pkgs.zsh;
+  programs.fish.enable = true;
+  users.defaultUserShell = pkgs.bash;
+
+  programs.bash = {
+    interactiveShellInit = ''
+      if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
+      then
+        shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
+        exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
+      fi
+    '';
+  };
 
   programs.winbox.enable = true;
 
@@ -107,8 +119,6 @@
   };
 
   # programs.steam.enable = true; # just trying it out
-
-  networking.networkmanager.enable = true;
   networking.networkmanager.enableStrongSwan = true;
   services.xl2tpd.enable = true;
   services.strongswan = {
@@ -140,6 +150,7 @@
     tensorfiles.hm = {
 
       profiles.graphical-plasma.enable = true;
+      profiles.accounts.tsandrini.enable = true;
       security.agenix.enable = true;
 
       programs.pywal.enable = true;
@@ -164,7 +175,7 @@
 
     home.packages = with pkgs; [
       thunderbird # A full-featured e-mail client
-      beeper # Universal chat app.
+      # beeper # Universal chat app.
       anki # Spaced repetition flashcard program
       libreoffice # Comprehensive, professional-quality productivity suite, a variant of openoffice.org
       texlive.combined.scheme-full # TeX Live environment
@@ -173,6 +184,7 @@
       ungoogled-chromium # An open source web browser from Google, with dependencies on Google web services removed
       zoom-us # Player for Z-Code, TADS and HUGO stories or games
       vesktop # Alternate client for Discord with Vencord built-in
+      gnucash # Free software for double entry accounting
 
       slack # Desktop client for Slack
       signal-desktop # Private, simple, and secure messenger

diff --git a/flake-parts/hosts/remotebundle/.gitignore b/flake-parts/hosts/remotebundle/.gitignore
@@ -0,0 +1 @@
+!.gitignore