chore: remove sops

feat(dav): use pricate input to handle secrets
feat(tmux): use soft secrets to handle sessions
2025-08-12 03:16:10 +02:00 · 2025-08-12 03:14:55 +02:00 · 2025-08-11 23:02:50 +02:00 · 2025-08-11 22:22:31 +02:00 · 2025-08-11 01:36:43 +02:00 · 2025-08-11 01:35:42 +02:00
18 changed files with 593 additions and 157 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,14 +0,0 @@
-# This example uses YAML anchors which allows reuse of multiple keys 
-# without having to repeat yourself.
-# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
-# for a more complex example.
-keys:
-  - &ephase 26D5035DF6B4BE70F2B51B4C178139E02D2ACF00
-  - &luci age19kvatn3zpeqh9zy7u8ce0hqe7dyaesxrukewxt8u7pf4cqkj5dfqm5nlwy
-creation_rules:
-  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
-    key_groups:
-    - age:
-      - *luci
-      pgp:
-      - *ephase
--- a/flake.lock
+++ b/flake.lock
@ -56,6 +56,26 @@
        "type": "github"
      }
    },
+    "nix-private": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1754945619,
+        "narHash": "sha256-kcvY8kUakGwUUWvk6mgIbp5Xj2ABsjj0oBcKQ3MtjTM=",
+        "ref": "main",
+        "rev": "6878e000fef8449ed6d640436a3bc630fa8788b2",
+        "shallow": true,
+        "type": "git",
+        "url": "ssh://git@git.epha.se:24422/ephase/nix-private.git"
+      },
+      "original": {
+        "ref": "main",
+        "shallow": true,
+        "type": "git",
+        "url": "ssh://git@git.epha.se:24422/ephase/nix-private.git"
+      }
+    },
    "nixgl": {
      "inputs": {
        "flake-utils": "flake-utils",
@ -78,6 +98,20 @@
      }
    },
    "nixpkgs": {
+      "locked": {
+        "lastModified": 1753722563,
+        "narHash": "sha256-FK8iq76wlacriq3u0kFCehsRYTAqjA9nfprpiSWRWIc=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "648f70160c03151bc2121d179291337ad6bc564b",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_2": {
      "locked": {
        "lastModified": 1748693115,
        "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=",
@ -92,7 +126,7 @@
        "type": "indirect"
      }
    },
-    "nixpkgs_2": {
+    "nixpkgs_3": {
      "locked": {
        "lastModified": 1748693115,
        "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=",
@ -111,7 +145,7 @@
    "nur": {
      "inputs": {
        "flake-parts": "flake-parts",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs_3",
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
@ -131,8 +165,9 @@
    "root": {
      "inputs": {
        "home-manager": "home-manager",
+        "nix-private": "nix-private",
        "nixgl": "nixgl",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
        "nur": "nur",
        "sops-nix": "sops-nix"
      }
--- a/flake.nix
+++ b/flake.nix
@ -15,6 +15,9 @@
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+    nix-private = {
+      url = "git+ssh://git@git.epha.se:24422/ephase/nix-private.git?shallow=1&ref=main";
+    };
  };
  outputs = { self, nixpkgs, home-manager, nur, nixgl, sops-nix, ... }@inputs:
  let
--- a/home-manager/base.nix
+++ b/home-manager/base.nix
@ -1,4 +0,0 @@
-_:
-{
-
-}
--- a/hosts/morty/home-config.nix
+++ b/hosts/morty/home-config.nix
@ -1,5 +1,14 @@
-{ ... }: {
+{ inputs, ... }: {
  config.modules = {
+    email = {
+      enable = true;
+      accountConfigs = {
+        a = inputs.nix-private.mail.xiemeart;
+        b = inputs.nix-private.mail.ephase;
+        c = inputs.nix-private.mail.ubordeaux;
+      };
+      primary = "a";
+    };
    application = {
      gnupg = {
        enable = true;
@ -16,7 +25,10 @@
      git.enable = true;
      neovim.enable = true;
      starship.enable = true;
-      tmux.enable = true;
+      tmux = {
+        enable = true;
+        extraConfig = inputs.nix-private.tmux.personal;
+      };
      utils.enable = true;
      vifm.enable = true;
      zellij.enable = true;
--- a/hosts/morty/includes/home-manager.nix
+++ b/hosts/morty/includes/home-manager.nix
@ -30,4 +30,5 @@
      scale = "1.3";
    };
  };
+  sops.age.keyFile = "/home/ephase/.config/sops/age/keys.txt";
 }
--- a/hosts/work/home-config.nix
+++ b/hosts/work/home-config.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{ pkgs, inputs, ... }: {
  config.modules = {
    application = {
      zathura.enable = true;
@ -13,20 +13,21 @@
      ghq.enable = true;
      git = {
        enable = true;
-        userEmail = "ybarbanneau@sellsy.com";
-        signingKey = "6E1A834E282FBD98B48069444447A19BBEDB8DBA";
-        signByDefault = true;
+        userEmail = inputs.nix-private.git.work.userEmail;
+        signingKey = inputs.nix-private.git.work.signingKey;
+      };
+      k8s = {
+        enable = true;
+        kubectlPlugins = with pkgs; [
+          kubectl-cnpg
+        ];
      };
      neovim.enable = true;
      starship.enable = true;
      tmux = {
        enable = true;
-        extraConfig = ''
-          bind -n M-F9 run 'create-tmux-session -n quipu -r quipuapp "run:nvim ." repo:quipu-infrastructure neww:quipu-infra p:sellsy hsplit:50 run:k9s repo:charts neww:charts'
-          bind -n M-F8 run 'create-tmux-session -n verifactu -r verifactu "run:nvim ." repo:verifactu-infrastructure neww:verifactu-infra repo:sellsy hsplit:50 run:k9s repo:charts neww:charts'
-        '';
+        extraConfig = inputs.nix-private.tmux.work;
      };
-
      utils.enable = true;
      vifm.enable = true;
      zellij.enable = true;
--- a/modules/home-manager/accounts/dav/default.nix
+++ b/modules/home-manager/accounts/dav/default.nix
@ -1,36 +1,23 @@
-{ lib, config, ... }:
+{ lib, config, inputs, pkgs, ... }:
 with lib;
 let
-  cfg = config.modules.accounts.dav;
+  cfg = config.modules.dav;
+  secretsDirectory = "${(builtins.toString inputs.nix-private)}/secrets";
  vdirsyncerConf = {
-        enable = true;
-        auth = "basic";
-        userNameCommand = [
-          "cat"
-          "${config.sops.secrets."webdav/username".path}"
-        ];
+    enable = true;
+    auth = "basic";
  };
 in
 {
-  options.modules.accounts.dav = {
+  options.modules.dav = {
    enable = mkEnableOption "enable personal Caldav / CardDav";
  };
  config = mkIf cfg.enable {

-    ## Manage secrets used in this module
    sops = {
      secrets = {
-        "webdav/url/caldav" = {
-          sopsFile = ../../../../secrets/accounts.yaml;
-        };
-        "webdav/url/carddav" = {
-          sopsFile = ../../../../secrets/accounts.yaml;
-        };
-        "webdav/username" = {
-          sopsFile = ../../../../secrets/accounts.yaml;
-        };
-        "webdav/password" = {
-          sopsFile = ../../../../secrets/accounts.yaml;
+        "${inputs.nix-private.dav.personal.secret.key}" = {
+            sopsFile = "${secretsDirectory}/${inputs.nix-private.dav.personal.secret.file}";
        };
      };
    };
@ -38,11 +25,15 @@ in
    accounts.calendar.basePath = ".local/share/calendars";
    accounts.calendar.accounts.personal_calendars = {
      name = "personal_calendar";
-      remote.type = "caldav"; 
-      remote.passwordCommand = [
-        "cat"
-        "${config.sops.secrets."webdav/password".path}"
-      ];
+      remote = {
+        type = "caldav";
+        url = inputs.nix-private.dav.personal.caldavUrl;
+        userName = inputs.nix-private.dav.personal.userName;
+        passwordCommand = [
+          "${pkgs.coreutils}/bin/cat"
+          "${config.sops.secrets."${inputs.nix-private.dav.personal.secret.key}".path}"
+        ];
+      };
      vdirsyncer = vdirsyncerConf // {
        metadata = [
          "color"
@ -52,10 +43,6 @@ in
          "VTODO"
          "VEVENT"
        ];
-        urlCommand = [
-          "cat"
-          "${config.sops.secrets."webdav/url/caldav".path}"
-        ];
        collections = [
          "from a"
          "from b"
@ -70,22 +57,23 @@ in

    accounts.contact.basePath = ".local/share/contacts";
    accounts.contact.accounts.personal_contacts = {
-      remote.type = "carddav"; 
-      remote.passwordCommand = [
-        "cat"
-        "${config.sops.secrets."webdav/password".path}"
-      ];
-      local.type = "filesystem";
-      local.fileExt = ".vcf";
+      remote = {
+        type = "carddav";
+        url = inputs.nix-private.dav.personal.carddavUrl;
+        userName = inputs.nix-private.dav.personal.userName;
+        passwordCommand = [
+          "${pkgs.coreutils}/bin/cat"
+          "${config.sops.secrets."${inputs.nix-private.dav.personal.secret.key}".path}"
+        ];
+      };
+      local = {
+        type = "filesystem";
+        fileExt = ".vcf";
+      };
      vdirsyncer = vdirsyncerConf // {
-
        metadata = [
          "displayname"
        ];
-        urlCommand = [
-          "cat" 
-          "${config.sops.secrets."webdav/url/carddav".path}"
-        ];
      };
      khal = {
        enable = true;
--- a/modules/home-manager/accounts/email/default.nix
+++ b/modules/home-manager/accounts/email/default.nix
@ -0,0 +1,252 @@
+{ lib, config, pkgs, inputs, ... }:
+with lib;
+let
+  cfg = config.modules.email;
+  secretsDirectory = "${(builtins.toString inputs.nix-private)}/secrets";
+in
+{
+  options.modules.email = {
+    enable = mkEnableOption "Enable email accounts configuration";
+
+    accountConfigs = mkOption {
+      type = types.attrsOf types.attrs;
+      default = false;
+      description = "List of account variables used to create accounts";
+    };
+
+    primary = mkOption {
+      type = types.str;
+      default = false;
+      description = "name of primary account";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    sops = let
+      secretList = lib.mapAttrs' ( name: value:
+        nameValuePair ( value.secret.key ) ({
+          sopsFile = "${secretsDirectory}/${value.secret.file}";
+        })
+      ) cfg.accountConfigs;
+    in {
+      secrets = secretList;
+    };
+    accounts.email = let
+      defaultSetting = {
+        mbsync = {
+          enable = true;
+          create = "both";
+          expunge = "both";
+          remove = "both";
+          patterns = [
+            "*"
+            # Trash is a pain in the ass to manage with notmuch
+            "!Trash"
+          ];
+        };
+        msmtp = {
+          enable = true;
+        };
+        notmuch = {
+          enable = true;
+        };
+        neomutt = {
+          enable = true;
+          showDefaultMailbox = false;
+        };
+      };
+      accountsList = lib.mapAttrs ( name: value: lib.recursiveUpdate defaultSetting value.config ) cfg.accountConfigs;
+    in {
+      maildirBasePath = "mail";
+      accounts = lib.recursiveUpdate accountsList { "${cfg.primary}".primary = true; };
+    };
+
+    programs.afew = let
+      mailMoverRules = lib.mergeAttrsList (
+        lib.attrsets.mapAttrsToList (
+          n: v:
+          if lib.hasAttrByPath ["afew" "mailMover"] v then
+            v.afew.mailMover
+          else {}
+        ) cfg.accountConfigs);
+      mailFilterRules = lib.flatten (
+        lib.attrsets.mapAttrsToList (
+          n: v:
+          if lib.hasAttrByPath ["afew" "filters"] v then
+            v.afew.filters
+          else []
+        ) cfg.accountConfigs);
+      in {
+      enable = true;
+      extraConfig = ''
+        [FolderNameFilter]
+        folder_explicit_list = archives
+        folder_transforms = archives:archived
+        maildir_separator = /
+        [MailMover]
+        folders = ${lib.concatStringsSep " " (lib.unique (lib.mapAttrsToList (n: v: "${n}") mailMoverRules))}
+        rename = True
+        ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v: "${n} = ${toString v}") mailMoverRules)}
+        [SpamFilter]
+        [KillThreadsFilter]
+        [ArchiveSentMailsFilter]
+        sent_tag = sent
+        ${lib.concatImapStrings (p: e: "\n\n[Filter.${toString p}]\n ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v: "${n} = ${v}") e)}") mailFilterRules}
+        [InboxFilter]
+      '';
+    };
+    programs.neomutt = let
+      accountMacros = lib.imap1 (
+        i:
+        elem: elem // {
+          map = ["index" "pager"];
+          key = "<F${(toString (i + 1))}>";
+        }) (
+          lib.attrsets.mapAttrsToList (
+            n: c:
+            { "action" = "<sync-mailbox><refresh><enter-command>source ~/.config/neomutt/${n}<enter><change-vfolder>Unread:${c.config.address}<enter>";}
+      ) cfg.accountConfigs);
+    in {
+      enable = true;
+      unmailboxes = true;
+      changeFolderWhenSourcingAccount = true;
+      sourcePrimaryAccount = false;
+      editor = "nvim +/^$/ +':nohl'";
+      settings = {
+        sleep_time = "1";
+        mbox_type = "Maildir";
+        header_color_partial = "yes";
+        duplicate_threads = "yes";
+        index_format = "'%4C| %24.24?GS?%F %GS &%F? %?GR?%GR &%?GU?%GU &  ??%?GA?%GA &  ?%?GE?%GE &  ?%?M?󰘕 %s&%s? %* %?g?  %g? %<[y?%<[m?%<[d?%9[%H:%M ]&%9[%a %d ]>&%9[%b %d ]>&%9[%m/%y ]>'";
+        sort_aux = "last-date-sent";
+        mail_check = "120";
+        hidden_tags = "inbox,unread,draft,flagged,passed,replied,signed,encrypted,attachment,sent";
+        markers = "no";
+        wrap = "90";
+        smart_wrap = "yes";
+        reflow_text = "yes";
+        reflow_wrap = "90";
+        text_flowed = "yes";
+        search_context = "3";
+        pager_context = "5";
+        pager_index_lines = "10";
+        rfc2047_parameters = "yes";
+        edit_headers = "yes";
+        send_charset = "utf-8";
+        envelope_from = "yes";
+        my_status = "'  %o/%m  | %l 󰉉 | %f %*  Sort: %s-%S  Pos: %P '";
+        my_pager =  "'   %F |  %s %*   Pos: %P '";
+        compose_format = "' COMPOSE   %a | 󰉉 %l'";
+        query_command = "'${pkgs.khard}/bin/khard email --parsable --search-in-source-files %s'";
+        virtual_spoolfile = "yes";
+        mail_check_stats = "yes";
+        mh_purge = "yes";
+        mailcap_path= "${config.xdg.configHome}/neomutt/mailcap";
+      };
+      extraConfig = ''
+        ${(builtins.readFile ./files/theme.muttrc)}
+        charset-hook ^iso-8859-1$ cp1252
+        ignore *
+
+        unignore from date subject to cc bcc tags user-agent x-mailer
+
+        # Attachment
+        auto_view           text/x-vcard text/html text/enriched text/calendar
+        alternative_order   text/html text/enriched text/plain text/*
+
+       tag-transforms "attachment" "󰁦" \
+                       "encrypted"  "󱧈" \
+                       "signed"     "󱅞" \
+                       "unread"     "" \
+                       "replied"    ""
+        tag-formats    "attachment"    "GA" \
+                       "encrypted"     "GE" \
+                       "signed"        "GS" \
+                       "unread"        "GU" \
+                       "replied"       "GR"
+
+        ${lib.concatStrings (lib.attrsets.mapAttrsToList ( _: v: if lib.hasAttrByPath [ "neomuttHooks" ] v then v.neomuttHooks else "" ) cfg.accountConfigs)}
+        # manually source first account instead of use home-manager parameter because
+        # of $my_pager expansion does not work as this variable is not already set
+        source ${config.xdg.configHome}/neomutt/${cfg.primary}
+      '';
+      binds = [
+        { map = [ "attach" "browser" "index" "pager" ]; key = "g"; action = "noop"; }
+        { map = [ "attach" "browser" "index" "pager" ]; key = "G"; action = "noop"; }
+        { map = [ "index" ]; key = "q"; action = "noop";}
+        { map = [ "pager" ]; key = "Q"; action = "noop";}
+        { map = [ "attach" "browser" "index" ]; key = "gg";  action = "first-entry";}
+        { map = [ "attach" "browser" "index" ]; key = "G";   action = "last-entry";}
+        { map = [ "pager" ]; key = "gg"; action = "top"; }
+        { map = [ "pager" ]; key = "G"; action = "bottom"; }
+        { map = [ "pager" ]; key = "k"; action = "previous-line"; }
+        { map = [ "pager" ]; key = "j";   action = "next-line"; }
+
+        # Scrolling
+        { map = [ "attach" "browser" "pager" "index" ]; key = "\\CF"; action = "next-page";}
+        { map = [ "attach" "browser" "pager" "index" ]; key = "\\CB"; action = "previous-page";}
+        { map = [ "attach" "browser" "pager" "index" ]; key = "\\Cu"; action = "half-up";}
+        { map = [ "attach" "browser" "pager" "index" ]; key = "\\Cd"; action = "half-down";}
+        { map = [ "browser" "pager" ]; key = "\\Ce"; action = "next-line";}
+        { map = [ "browser" "pager" ]; key = "\\Cy"; action = "previous-line";}
+        { map = [ "index" ]; key = "\\Ce"; action = "next-line";}
+        { map = [ "index" ]; key = "\\Cy"; action = "previous-line";}
+
+        # Reply
+        { map =[ "pager" "index" ]; key = "R"; action = "group-reply";}
+
+        # sidebar
+        { map = [ "index" "pager" ]; key = "<f12>"; action = "sidebar-toggle-visible";}
+        { map = [ "index" "pager" ]; key = "{"; action = "sidebar-prev";}
+        { map = [ "index" "pager" ]; key = "}"; action = "sidebar-next";}
+        { map = [ "index" "pager" ]; key = "|"; action = "sidebar-open";}
+
+        # open virtual folder
+        { map = [ "index" "pager" ]; key = "X"; action = "noop";}
+        { map = [ "index" "pager" ]; key = "X"; action = "change-vfolder";}
+
+        # read entire thread of the current message
+        { map = [ "index" "pager" ]; key = "+"; action = "entire-thread";}
+
+        # generate virtual folder from query
+        { map = [ "index" "pager" ]; key = "\\eX"; action = "vfolder-from-query";}
+
+        # generate virtual folder from query with time window
+
+        { map = [ "index" "pager" ]; key = "\\CD"; action = "modify-tags";}
+
+        # Editor
+        { map = [ "editor" ]; key = "<Tab>"; action = "complete-query";}
+        { map = [ "editor" ]; key = "^T"; action = "complete";}
+      ];
+      macros = [
+        { map = [ "pager" ];  key = "\\CB"; action = "<pipe-message>${pkgs.urlscan}/bin/urlscan -d -c --color true<Enter>"; }
+      ] ++ accountMacros;
+    };
+    programs.mbsync = {
+      enable = true;
+    };
+    services.mbsync = {
+      enable = true;
+      postExec = "${pkgs.notmuch}/bin/notmuch new";
+    };
+    programs.notmuch = {
+      enable = true;
+      new.tags = [ "new" ];
+      hooks.postNew = ''
+        ${pkgs.afew}/bin/afew --tag --new
+        ${pkgs.afew}/bin/afew --move --all
+      '';
+    };
+    programs.msmtp = {
+      enable = true;
+    };
+    home.file."${config.xdg.configHome}/urlscan/config.json".source = ./files/urlscan.config.json;
+    xdg.configFile."neomutt/mailcap".text = ''
+      text/html; ${pkgs.xdg-utils}/bin/xdg-open %s; nametemplate=%html
+      text/html; ${pkgs.w3m}/bin/w3m -I %{charset} -cols 90 -T text/html %s; copiousoutput
+      application/pdf; ${pkgs.xdg-utils}/bin/xdg-open %s &
+      image/*; ${pkgs.xdg-utils}/bin/xdg-open %s &
+    '';
+  };
+}
--- a/modules/home-manager/accounts/email/files/theme.muttrc
+++ b/modules/home-manager/accounts/email/files/theme.muttrc
@ -0,0 +1,122 @@
+# vi: ft=muttrc
+
+## Base
+color normal      color20  default # softer, bold
+
+## Weak
+color tilde       color08  default  # `~` padding at the end of pager
+color attachment  color08  default
+color tree        color01  default  # arrow in threads
+color signature   color08  default
+color markers     color08  default  # `+` wrap indicator in pager
+
+color underline   color21  default
+
+color error       color01  default
+color message     color04  default  # informational messages
+color search      color08  color03
+color status      color20  color18
+color indicator   color21  color19  # inverse, brighter
+
+color status color00 color06 ' Pos: ([[:alnum:]]|%)+ '
+color status color20 color19 ' Sort: ([[:alpha:]]|-)+ '
+
+# Message Index ----------------------------------------------------------------
+
+## Index parts
+color index_number  color20 default
+color index_author  color20 default
+color index_date    color20 default
+color index_flags   color20 default
+color index_tag     color20 default
+color index_tags    italic color08 default
+
+color index_author  italic color06 default "~g !~V"
+color index_author  color04 default "~g ~V"
+
+color index_subject color04  default "~G"
+
+color index_date    color08 default
+
+color index_number  color08 default
+color index_subject bold color07  default "(~U|~N|~O)"
+
+color index_author  italic color00 color06 "~T"
+color index_subject italic color00 color06 "~T"
+color index_date    italic color00 color06 "~T"
+color index_tags    italic color00 color06 "~T"
+color index_tag     italic color00 color06 "~T"
+
+color index_subject color01 color18   "~D"              # deleted messages
+
+color index_subject italic bold color00  default "~T (~U|~N|~O)"
+
+## Weak
+color index color01        default  "~v~(~F)"           # collapsed thread with flagged inside
+
+# Selection
+color index   italic  color00   color06   "~T"          # tagged messages
+color index           default   color18   "~D"          # deleted messages
+
+### Message Headers ----------------------------------------------------
+
+# Base
+set header_color_partial
+hdr_order From Date: From: To: Cc: Subject:
+
+color header        color04         default     '^[^[:blank:]:]*:'
+color hdrdefault    color20         default
+color header        color17         default     "^[Date:] (.*)"
+color header        color04         default     "^From:"
+color header        color05         default     "^Tags:"
+color header        color16         default     "^(To|Cc|CC|BCC):"
+color header        brightcolor07   default     "^Subject: (.*)"
+
+color header color06 color00  "((@(([0-9a-z-]+\\.)*[0-9a-z-]+\\.?|#[0-9]+|\\[[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\]),)*@(([0-9a-z-]+\\.)*[0-9a-z-]+\\.?|#[0-9]+|\\[[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\]):)?[0-9a-z_.+%$-]+@(([0-9a-z-]+\\.)*[0-9a-z-]+\\.?|#[0-9]+|\\[[0-2]?[0-9]?[0-9]\\.[0-2]?[0-9]?[0-9]\\.[0-2]?[0-9]?[0-9]\\.[0-2]?[0-9]?[0-9]\\])"
+
+### Message Body -------------------------------------------------------
+# When possible, these regular expressions attempt to match http://spec.commonmark.org/
+## Weak
+# ~~~ Horizontal rules ~~~
+color body  color08  default  "([[:space:]]*[-+=#*~_]){3,}[[:space:]]*"
+
+# *Bold* span
+color body  brightcolor03  default  "(^|[[:space:][:punct:]])\\*[^*]+\\*([[:space:][:punct:]]|$)"
+
+# _Underline_ span
+color body  underline color20  default  "(^|[[:space:][:punct:]])_[^_]+_([[:space:][:punct:]]|$)"
+
+# /Italic/ span (Sometimes gets directory names)
+color body  italic    color20  default  "(^|[[:space:][:punct:]])/[^/]+/([[:space:][:punct:]]|$)"
+
+# ATX headers
+color body  color04  default  "^[[:space:]]{0,3}#+[[:space:]].*$"
+
+# `Code` span
+color body  color05  default  "(^|[[:space:][:punct:]])\`[^\`]+\`([[:space:][:punct:]]|$)"
+
+color body  bold     color01  default  "^(\\*[[:space:]])"
+
+## URI
+color body italic color04 color00  "([a-z][a-z0-9+-]*://(((([a-z0-9_.!~*'();:&=+$,-]|%[0-9a-f][0-9a-f])*@)?((([a-z0-9]([a-z0-9-]*[a-z0-9])?)\\.)*([a-z]([a-z0-9-]*[a-z0-9])?)\\.?|[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+)(:[0-9]+)?)|([a-z0-9_.!~*'()$,;:@&=+-]|%[0-9a-f][0-9a-f])+)(/([a-z0-9_.!~*'():@&=+$,-]|%[0-9a-f][0-9a-f])*(;([a-z0-9_.!~*'():@&=+$,-]|%[0-9a-f][0-9a-f])*)*(/([a-z0-9_.!~*'():@&=+$,-]|%[0-9a-f][0-9a-f])*(;([a-z0-9_.!~*'():@&=+$,-]|%[0-9a-f][0-9a-f])*)*)*)?(\\?([a-z0-9_.!~*'();/?:@&=+$,-]|%[0-9a-f][0-9a-f])*)?(#([a-z0-9_.!~*'();/?:@&=+$,-]|%[0-9a-f][0-9a-f])*)?|(www|ftp)\\.(([a-z0-9]([a-z0-9-]*[a-z0-9])?)\\.)*([a-z]([a-z0-9-]*[a-z0-9])?)\\.?(:[0-9]+)?(/([-a-z0-9_.!~*'():@&=+$,]|%[0-9a-f][0-9a-f])*(;([-a-z0-9_.!~*'():@&=+$,]|%[0-9a-f][0-9a-f])*)*(/([-a-z0-9_.!~*'():@&=+$,]|%[0-9a-f][0-9a-f])*(;([-a-z0-9_.!~*'():@&=+$,]|%[0-9a-f][0-9a-f])*)*)*)?(\\?([-a-z0-9_.!~*'();/?:@&=+$,]|%[0-9a-f][0-9a-f])*)?(#([-a-z0-9_.!~*'();/?:@&=+$,]|%[0-9a-f][0-9a-f])*)?)[^].,:;!)? \t\r\n<>\"]"
+# Email addresses
+color body  color06 color00  "((@(([0-9a-z-]+\\.)*[0-9a-z-]+\\.?|#[0-9]+|\\[[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\]),)*@(([0-9a-z-]+\\.)*[0-9a-z-]+\\.?|#[0-9]+|\\[[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\]):)?[0-9a-z_.+%$-]+@(([0-9a-z-]+\\.)*[0-9a-z-]+\\.?|#[0-9]+|\\[[0-2]?[0-9]?[0-9]\\.[0-2]?[0-9]?[0-9]\\.[0-2]?[0-9]?[0-9]\\.[0-2]?[0-9]?[0-9]\\])"
+
+# Emoticons ;-P
+color body  black   yellow   "[;:][-o]?[})>{(<|P]"
+
+# PGP
+color body  color02 default   "(Good signature)"
+color body  color01 default   "(Bad signature)"
+color body  color16 default   "(Problem signature)"
+color body  color04 color00   "^gpg: "
+
+## Quotation blocks
+color quoted   color06  color00
+color quoted1  color02  color00
+color quoted2  color03  color00
+color quoted3  color16  color00
+color quoted4  color01  color00
+color quoted5  color17  color00
+color quoted6  color05  color00
+color quoted7  color04  color00
--- a/modules/home-manager/accounts/email/files/urlscan.config.json
+++ b/modules/home-manager/accounts/email/files/urlscan.config.json
@ -0,0 +1,54 @@
+{
+  "palettes": {
+    "default": [
+      [ "header", "white", "dark blue", "standout", "#d8d8d8", "#383838" ],
+      [ "footer", "white", "dark red", "standout", "#d8d8d8", "#383838" ],
+      [ "search", "white", "dark green", "standout", "#282828", "#f7ca88" ],
+      [ "msgtext", "", "", "", "", "" ],
+      [ "msgtext:ellipses", "light gray", "black", "bold", "#f7ca88", "#383838" ],
+      [ "urlref:number:braces", "light gray", "black", "bold", "#f8f8f8", "#383838"],
+      [ "urlref:number","yellow", "black","bold", "#f7ca88", "#383838" ],
+      [ "urlref:url", "white", "black", "italics", "#7cafc2", "#181818" ],
+      [ "url:sel", "white", "dark blue", "underline", "#7cafc2", "#383838" ]
+    ]
+
+  },
+  "keys": {
+    "/": "search_key",
+    "0": "digits",
+    "1": "digits",
+    "2": "digits",
+    "3": "digits",
+    "4": "digits",
+    "5": "digits",
+    "6": "digits",
+    "7": "digits",
+    "8": "digits",
+    "9": "digits",
+    "a": "add_url",
+    "C": "clipboard",
+    "c": "context",
+    "ctrl l": "clear_screen",
+    "ctrl f": "page_down",
+    "ctrl b": "page_up",
+    "d": "del_url",
+    "f1": "help_menu",
+    "G": "bottom",
+    "g": "top",
+    "j": "down",
+    "k": "up",
+    "J": "next",
+    "K": "previous",
+    "P": "clipboard_pri",
+    "l": "link_handler",
+    "o": "open_queue",
+    "O": "open_queue_win",
+    "p": "palette",
+    "Q": "quit",
+    "q": "quit",
+    "R": "reverse",
+    "S": "all_shorten",
+    "s": "shorten",
+    "u": "all_escape"
+  }
+}
--- a/modules/home-manager/cli/git/default.nix
+++ b/modules/home-manager/cli/git/default.nix
@ -1,4 +1,4 @@
-{ lib, config, pkgs, ... }:
+{ lib, config, pkgs, inputs, ... }:
 with lib;
 let
  cfg = config.modules.cli.git;
@ -15,19 +15,19 @@ in

    userEmail = mkOption {
      type = types.str;
-      default = "ephase@xieme-art.org";
+      default = inputs.nix-private.git.personal.userEmail;
      description = "git email";
    };

    signingKey = mkOption {
      type = types.nullOr types.str;
-      default = null;
+      default = inputs.nix-private.git.personal.signingKey;
      description = "signing key fingerprint";
    };

    signByDefault = mkOption {
      type = types.bool;
-      default = false;
+      default = true;
      description = "activate signing by default";
    };
  };
@ -68,6 +68,13 @@ in
          autoSetupRemote = true;
          default = "current";
        };
+        diff = {
+          algorithm = "histogram";
+          colorMoved = "plain";
+          mnemonicPrefix = true;
+          renames = true;
+        };
+        commit.verbose = true;
      };
    };
  };
--- a/modules/home-manager/cli/k8s/default.nix
+++ b/modules/home-manager/cli/k8s/default.nix
@ -0,0 +1,26 @@
+{ lib, config, pkgs, ... }:
+with lib;
+let
+  cfg = config.modules.cli.k8s;
+in
+{
+  options.modules.cli.k8s = {
+    enable = mkEnableOption "Install k8s utils";
+
+    kubectlPlugins = mkOption {
+      type = types.listOf types.package;
+      default = [];
+      description = "activate signing by default";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    home.packages = with pkgs; [
+      kubectl
+      kubecm
+    ] ++ cfg.kubectlPlugins;
+    programs.k9s = {
+      enable = true;
+    };
+  };
+}
--- a/modules/home-manager/cli/starship/default.nix
+++ b/modules/home-manager/cli/starship/default.nix
@ -12,7 +12,7 @@ in
      enable = true;
      enableZshIntegration = true;
      settings = {
-        format = "$username$hostname$directory$git_branch$git_state$git_status$cmd_duration$fill$kubernetes$line_break$python$nix_shell$character";
+        format = "$username$hostname$directory$kubernetes$git_branch$git_state$git_status$cmd_duration$line_break$python$nix_shell$character";
        directory = {
          style = "blue";
          truncate_to_repo = false;
@ -59,13 +59,10 @@ in
          style = "bright-black";
        };
        kubernetes = {
-          format = "[|$symbol$cluster| ]($style)";
-          style = "yellow";
+          format = "[$symbol$cluster ]($style)";
+          symbol = "";
+          style = "dimmed blue";
          disabled = false;
-          detect_folders = [
-            "clusters"
-            "deploy"
-          ];
        };
        fill = {
          symbol = " ";
--- a/modules/home-manager/cli/tmux/default.nix
+++ b/modules/home-manager/cli/tmux/default.nix
@ -1,5 +1,5 @@

-{ lib, config, pkgs, ... }:
+{ lib, config, pkgs, inputs, ... }:
 with lib;
 let
  cfg = config.modules.cli.tmux;
@ -51,9 +51,6 @@ in
        bind -n M-F3 if 'tmux has-session -t 3' {switch-client -t 3} {display-popup -E -E 'create-tmux-session -i 3'}
        bind -n M-F4 if 'tmux has-session -t 4' {switch-client -t 4} {display-popup -E -E 'create-tmux-session -i 4'}

-        # Alt+F10 for launching my Nix project
-        bind -n M-F10 run 'create-tmux-session -n config -r nix "run:nvim ." vsplit:20'
-
        # change window with Alt+{1..5}
        bind -n -N "Goto window 1" M-1 select-window -T -t 1
        bind -n -N "Goto window 2" M-2 select-window -T -t 2
@ -74,18 +71,21 @@ in

        setw -g window-status-current-format '#[fg=colour18,bg=colour11] #I\
         #[bg=colour19,fg=colour7,bold] #W\
-         #{?window_active,󰎂 ,}#{?window_marked_flag,󰃃 ,}#{?window_activity_flag, ,}#{?window_silence_flag,󰝟 ,}#{?window_zoomed_flag,󱀅 ,}#{?window_bell_flag,#[fg=colour1]󱈸 ,}'
+         #{?window_active,󰎂 ,}#{?window_marked_flag,󰃃 ,}#{?window_activity_flag, ,}#{?window_silence_flag,󰝟 ,}#{?window_zoomed_flag,󱀅 ,}'

        set -g pane-border-style fg=colour19
        set -g pane-active-border-style fg=colour4

        setw -g window-status-format '#[bg=color12,fg=colour19] #I\
         #[bg=colour18,fg=colour7,dim] #W\
-         #{?window_last_flag, ,}#{?window_marked_flag,󰃃 ,}#{?window_activity_flag, ,}#{?window_silence_flag,󰝟 ,}#{?window_zoomed_flag,󱀅 ,}#{?window_bell_flag,#[fg=colour1]󱈸 ,}'
+         #{?window_last_flag, ,}#{?window_marked_flag,󰃃 ,}#{?window_activity_flag, ,}#{?window_silence_flag,󰝟 ,}#{?window_zoomed_flag,󱀅 ,}#{?window_bell_flag,#[bg=colour1]#[fg=colour15]#[none] ,}'
+        setw -g window-status-bell-style bg=colour18,fg=colour7
        set -g status-left-length 100
        set -g status-left '#[bg=colour0, fg=colour6]  #S '
        set -g status-right ' '
-      '' + cfg.extraConfig;
+      ''
+      + inputs.nix-private.tmux.nix
+      + cfg.extraConfig;
      plugins = with pkgs; [
        tmuxPlugins.tmux-fzf
      ];
--- a/modules/home-manager/default.nix
+++ b/modules/home-manager/default.nix
@ -9,6 +9,7 @@
    ./cli/direnv
    ./cli/ghq/default.nix
    ./cli/git
+    ./cli/k8s
    ./cli/neovim
    ./cli/starship
    ./cli/tmux
@ -24,5 +25,6 @@
    ./web/qutebrowser/default.nix
    ./web/webcord
    ./accounts/dav
+    ./accounts/email
  ];
 }
--- a/modules/home-manager/desktop/sway/includes/mako.nix
+++ b/modules/home-manager/desktop/sway/includes/mako.nix
@ -15,16 +15,16 @@ with lib;
      enable = true;
      settings = {
        font = "Fira Code Nerd Font 10";
-        backgroundColor = "#353535FF";
-        borderColor = "#1CD180";
-        progressColor = "over #5566AAFF";
-        textColor = "#FDFDFD";
+        background-color = "#353535";
+        border-color = "#1CD180";
+        progress-color = "over #5566AA";
+        text-color = "#FDFDFD";
        width = 300;
        height = 100;
-        borderRadius = 0;
-        borderSize = 2;
+        border-radius = 0;
+        border-size = 2;
        icons = true;
-        maxIconSize = 64;
+        max-icon-size = 64;
        layer = "overlay";
        anchor = "top-right";
        format = ''
--- a/secrets/accounts.yaml
+++ b/secrets/accounts.yaml
@ -1,46 +0,0 @@
-webdav:
-    url:
-        caldav: ENC[AES256_GCM,data:UMoSLlEhxtJ/80wIQlGaqfu/OI4JXodSLYySwAyJJg==,iv:WTGZ8mq3huVEPMNOBDGdghy994Z5vCzvVDMvp5djnlw=,tag:s34QZVjqvNiQT/P9SVCeUw==,type:str]
-        carddav: ENC[AES256_GCM,data:oGLZ4c02b4wiYCqhyQzC1NG210BUpSpSqibi7xvtIjHhW/X4wvYU5QPm2VKCrJYpvqIEeiah1TDwvByqLpBz5d8Ucyme,iv:cwaWTvdS5eEGmwm5+n2N31ajzAXPix4woXECUqXtk3E=,tag:jRK3viRDzwd5JmNh6UVt2A==,type:str]
-    username: ENC[AES256_GCM,data:Z/QVE3Di,iv:pRBgv/K+VzbF5/iaftTDoxZWjvVztPznLJ5LKpKQaoM=,tag:rCw9mLFtzhpp5vO5eVKqvA==,type:str]
-    password: ENC[AES256_GCM,data:X7hjL2VczjPGKF4n2g==,iv:BwqXZ3h+EIHU+Cvx8gDYhgd2NiBkednUz+ksp40sYas=,tag:ngbtcYsfOxvTTcftBE+lMg==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age19kvatn3zpeqh9zy7u8ce0hqe7dyaesxrukewxt8u7pf4cqkj5dfqm5nlwy
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRk1KamJ3clA4QTBZT3BL
-            blZGaVNQb2tWMTkrWUxicm9PdXV6RTJJbXh3ClJJQTJON3BBRGJ4RWg1UnRQNVoy
-            bFllM0E1djlOUTVRQ1lZc1JEQS9YNXcKLS0tIEhac3FpUVd6TW9pbUMyNlAzbk5P
-            dGZkOExNbTRuS0NvaDgzUmlFRVNvckEK7PSVxtaDd/3yWIIuAMcX586imRu/On09
-            duwFZ5btOY2fxNYgV9sCG7Vr+OGCO8n9OWBS9hLy7MJwAzi/f5l7Fg==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-07-20T16:25:53Z"
-    mac: ENC[AES256_GCM,data:4vNjXD26LeHv00B4gDumkUzq7Us9HRWv79Wq3iyTeDjKOXw9lluIQIZsDB1aQS90dTNCEvlbZ6pt1oHRqGySpDcKHId6rsUy9qkeLl683haKKilT47ABpGiMd2sY6xL1FQPiXMH4qc7wxh+EuS0N6Y+mgIY9Kn0qP6ion1s/lqs=,iv:JZ5lnJKBXQeKadihHyItueHDO6zULVMLSPmGCe+Qlz4=,tag:+bh08XI2TWov6yQJ1+KtoA==,type:str]
-    pgp:
-        - created_at: "2024-06-24T20:12:19Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA9/d8qUtz+3ZAQ/7BoojnrnGgF4TEnFTJMWVy229Cx1knABVot45A1frFWmS
-            kwIGPGQPlCjGF4tyIOmBy8WpQWBuKffYakCC/OklHCyfnLjsyhcR+MSqDVzqMmy3
-            dEThTcGPRCerM1Mu8oWPk0yq5AKzuJagr9+4ITrljsh6tRwA4qmfKxQ6BZhGPQHJ
-            3FZwcQHfaDkuag3o5swNKHX//MIZwEDyXJHKgeTUPhENzc0POdjPU5CZN0HBU4ep
-            98PJAlAiDKyYSQkg1MfOWvCllyfvhGPzTLEPq5jazqpc7lgNKxJGU5kTnUUi2fKS
-            gCJdqRlMBO/3S8wUZg0gIsw1+OwmfL0y99MeMP1ggGaqFkGs6Pqj7sRd6/QcuP0l
-            w2QZgB9S6DOUkfy5m5Xw7VboE2aAX4BOrWNJVDy//358322xxuqZdbp3pIjnsmt/
-            b2gTZb1eGK/o5GmXfgzCf7In1b3wldg/ZSHyxGct1CJIgNBb1nFDMmyVI9J5zER0
-            2ZTflNfN/cxttW2BvGRoL3fWXnO+ThLHz1q1WWWCOC7TLTnESOtAueSCTlrMcij/
-            7zL7Wc98JgdAuxhznMjiYqY9nZK48jhBCBOdC0uool/FNElcStUaOq1O3HRo5qoi
-            s277Wqtp0uZqeLBxgNEGwicEDm9BbrVzH9egYGMaPJI6STIJYduJXBegnPf5KFXS
-            XgHTJyK7u9MrZ58kkiT95455NEqQd27JMqmsGwReX6/LpYs5KJJGT4qGNab8GM5A
-            VMniFb1GOXIOxSbYgfkgaHc+zK43O5UwBwegOneTC6ak/CQYvD9xQS94FKqwF10=
-            =7pZ/
-            -----END PGP MESSAGE-----
-          fp: 26D5035DF6B4BE70F2B51B4C178139E02D2ACF00
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1
Author	SHA1	Message	Date
Yorick Barbanneau	9995231612	chore: remove sops	2025-08-12 03:16:10 +02:00
Yorick Barbanneau	5addb3821d	feat(dav): use pricate input to handle secrets	2025-08-12 03:14:55 +02:00
Yorick Barbanneau	6e9ef448db	feat(tmux): use soft secrets to handle sessions	2025-08-11 23:02:50 +02:00
Yorick Barbanneau	8bf663b78a	feat(git): use soft secrets to handle email and signing key	2025-08-11 22:22:31 +02:00
Yorick Barbanneau	55517dba81	fix(tmux): unaccurate bell template	2025-08-11 01:36:43 +02:00
Yorick Barbanneau	1e9f3ff797	chore: update nix-private repo	2025-08-11 01:35:42 +02:00
Yorick Barbanneau	6ec9a0c4e5	chore(morty): rework mail configuration	2025-08-11 01:06:23 +02:00
Yorick Barbanneau	97051b5cc2	chore(mail): rework neomutt configuration * add mailcap to handle attachment * add per-account mutt hook * remove Trash folder sync and unassign Trash for each accounts * remove `dd` keybinding * add `Ctrl+b` macro to launch urlscan	2025-08-11 00:17:39 +02:00
Yorick Barbanneau	a023323e34	fix(mail): afew filters was never applied because misplaced	2025-08-11 00:10:35 +02:00
Yorick Barbanneau	30ebf1e5d0	fix(mail): use email address suffix in inbox folder	2025-08-11 00:08:50 +02:00
Yorick Barbanneau	fab0ec3696	feat(mail): add urlscan to view url in mails	2025-08-11 00:06:36 +02:00
Yorick Barbanneau	28020e17e1	chore(email): propagate email deletion	2025-08-06 00:29:28 +02:00
Yorick Barbanneau	dd5be819f2	fix(neomutt): fix change account keybinding	2025-08-06 00:28:09 +02:00
Yorick Barbanneau	f9ebf23688	feat(accounts/mail): implement afew filters management	2025-08-05 02:02:19 +02:00
Yorick Barbanneau	4ba9224348	feat(accounts): add emails workflow settings	2025-08-04 22:33:39 +02:00
Yorick Barbanneau	e4dcb39fc5	fix(mako): syntax error in generated config file	2025-07-15 21:36:05 +02:00
Yorick Barbanneau	a7447fbafe	feat(k8s): add kubernetes module with all needed stuff	2025-07-07 08:53:14 +02:00
Yorick Barbanneau	cbb52da79b	chore(home-manager): remove useless file	2025-07-06 20:46:44 +02:00
Yorick Barbanneau	8a5522396a	feat(git): improve configuration * configure diff * show diff when edit a commit in editor	2025-06-20 16:40:56 +02:00
Yorick Barbanneau	5c86a1f859	chore(starship): add k8s context in prompt	2025-06-19 08:53:17 +02:00