diff --git a/apps/browser.nix b/apps/browser.nix index b12a888..a97a7b9 100644 --- a/apps/browser.nix +++ b/apps/browser.nix @@ -1,11 +1,9 @@ { config, pkgs, ... }: { -programs.floorp = { - enable = true ; - languagePacks = [ "fr" ] ; - }; -programs.firefox = { - enable = true ; - languagePacks = [ "fr" ] ; - }; + programs.firefox = { + enable = true ; + languagePacks = [ "fr" ] ; + }; } + +# vim: set ts=2 sw=2 sts=2 et : diff --git a/apps/gitea.nix b/apps/gitea.nix index a8100cd..14b881f 100644 --- a/apps/gitea.nix +++ b/apps/gitea.nix @@ -1,4 +1,93 @@ -{ config, pkgs, ... }: -{ +{ config, pkgs, ... }: + +let + domain = "git.lomig.me"; # <-- mets ton domaine + giteaHttpPort = 3000; # port local de Gitea +in { + ######################################## + # Base système + ######################################## + networking.firewall.allowedTCPPorts = [ 80 443 22 ]; # HTTP(S) + SSH (22) + services.openssh.enable = true; # si tu veux aussi OpenSSH pour le reste + + ######################################## + # Base de données Postgres + ######################################## + services.postgresql = { + enable = true; + ensureDatabases = [ "gitea" ]; + ensureUsers = [ + { name = "gitea"; + ensureDBOwnership = true; + } + ]; + }; + + ######################################## + # Gitea + ######################################## + services.gitea = { + enable = true; + appName = "Gitea"; + user = "gitea"; # user système service + database = { + type = "postgres"; + user = "gitea"; + name = "gitea"; + host = "127.0.0.1"; + }; + + # Répertoire de données (par défaut: /var/lib/gitea) + stateDir = "/var/lib/gitea"; + + # Réglages gitea.ini + settings = { + server = { + PROTOCOL = "http"; + HTTP_ADDR = "127.0.0.1"; + HTTP_PORT = giteaHttpPort; + DOMAIN = domain; + ROOT_URL = "https://${domain}/"; + SSH_DOMAIN = domain; + + # SSH intégré par Gitea (pratique : pas besoin de configurer un port séparé) + START_SSH_SERVER = true; + SSH_LISTEN_PORT = 2222; # port interne Gitea + SSH_PORT = 22; # port public affiché dans les URLs clone + }; + + service = { + DISABLE_REGISTRATION = true; # tu créeras les comptes toi‑même + REQUIRE_SIGNIN_VIEW = false; + REGISTER_EMAIL_CONFIRM = true; + }; + + # SMTP (remplace par ton vrai relais) + + log = { + MODE = "console"; + LEVEL = "Info"; + }; + }; + + # Création d'un admin au premier démarrage (facultatif mais pratique) + # Remplace le mot de passe et l’email : + # L'utilisateur est créé si inexistant. + }; + + ######################################## + # Caddy reverse proxy + TLS + ######################################## + services.caddy = { + enable = true; + virtualHosts."${domain}".extraConfig = '' + encode zstd gzip + reverse_proxy 127.0.0.1:${toString giteaHttpPort} + ''; + # Par défaut, Caddy va récupérer un certificat Let's Encrypt pour le domaine public + # Si domaine local sans DNS public, ajoute `tls internal` dans extraConfig. + }; } + +# vim: set ts=2 sw=2 sts=2 et : diff --git a/apps/picom.nix b/apps/picom.nix index 24a7659..d7b9c23 100644 --- a/apps/picom.nix +++ b/apps/picom.nix @@ -48,3 +48,4 @@ }; } +# vim: set ts=2 sw=2 sts=2 et : diff --git a/apps/template.nix b/apps/template.nix index b9b59db..114e6db 100644 --- a/apps/template.nix +++ b/apps/template.nix @@ -2,4 +2,5 @@ { } - # vim: set ts=2 sw=2 sts=2 et : + +# vim: set ts=2 sw=2 sts=2 et : diff --git a/apps/truenas.nix b/apps/truenas.nix new file mode 100644 index 0000000..3466169 --- /dev/null +++ b/apps/truenas.nix @@ -0,0 +1,64 @@ +{ config, pkgs, ... }: +{ + boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ]; + boot.extraModprobeConfig = '' + options vfio-pci ids=1022:43f6 + ''; + boot.kernelParams = [ + "amd_iommu=on" + "iommu=pt" + ]; + users.users.lomig.extraGroups = [ "disk" ]; + security.pam.loginLimits = [ + { domain="lomig"; type="soft"; item="memlock"; value="infinity"; } + { domain="lomig"; type="hard"; item="memlock"; value="infinity"; } + ]; + boot.kernel.sysctl."vm.nr_hugepages" = 1024; + fileSystems."/dev/hugepages" = { device="hugetlbfs"; fsType="hugetlbfs"; }; + +# services.udev.extraRules = '' +# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500b0179482", GROUP="disk", MODE="0660" +# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc529430", GROUP="disk", MODE="0660" +# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc53994a", GROUP="disk", MODE="0660" +# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc5551d4", GROUP="disk", MODE="0660" +# SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660" +# ''; + + systemd.services.truenas-vm = { + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + serviceConfig = { + RuntimeDirectory = "truenas" ; + ExecStartPre = "/run/current-system/sw/bin/rm -f /run/truenas/qmp.sock"; + ExecStart = '' + /run/current-system/sw/bin/qemu-system-x86_64 -enable-kvm -m 4096 -smp 2 \ + -drive file=/home/lomig/vm/truenas.qcow2,if=none,format=qcow2,id=os \ + -device vfio-pci,host=0e:00.0 \ + -netdev bridge,br=br0,id=n1,helper=/run/wrappers/bin/qemu-bridge-helper \ + -device virtio-net-pci,netdev=n1,mac=52:54:00:00:01:02 \ + -device virtio-blk-pci,drive=os,bootindex=0 \ + -qmp unix:/run/truenas.qmp,server,nowait -display none + ''; + ExecStop = '' + echo '{"execute":"system_powerdown"}' | socat - UNIX-CONNECT:/run/truenas.qmp || true ; sleep 5 + ''; + Restart = "on-failure"; + RestartSec = 3 ; + StartLimitIntervalSec = 60 ; + StartLimitBurst = 5 ; + }; + }; + + systemd.services.resume-truenas-vm = { + description = "Restart Truenas VM after resume" ; + wantedBy = [ "sleep.target" ]; + after = [ "sleep.target" ]; + serviceConfig = { + Type = "oneshot" ; + ExecStart = "${pkgs.systemd}/bin/systemctl try-restart truenas-vm.service"; + }; + }; +} + +# vim: set ts=2 sw=2 sts=2 et : diff --git a/apps/zsh.nix b/apps/zsh.nix index 7cffff1..70fafb4 100644 --- a/apps/zsh.nix +++ b/apps/zsh.nix @@ -1,20 +1,33 @@ { config, pkgs, ... }: { - programs.zsh = { - enable = true ; - enableCompletion = true ; - history = { - append = true ; - extended = true ; - findNoDups = true ; - ignoreAllDups = true ; - ignoreSpace = true ; - ignorePatterns = [ "rm *" "cd *" "ls *" ] ; - saveNoDups = false ; - }; + programs.dircolors.enableZshIntegration = true ; + programs.zsh = { + autosuggestion.enable = true ; + dirHashes = { + dl = "$HOME/Téléchargements" ; + nix = "$HOME/nixos-config" ; + }; + enable = true ; + enableCompletion = true ; + history = { + append = true ; + extended = true ; + findNoDups = true ; + ignoreAllDups = true ; + ignoreSpace = true ; + ignorePatterns = [ "rm *" "cd *" "ls *" "df *" "du *" "fastfetch" "tree" "pwd" "upd" ] ; + saveNoDups = false ; + }; + shellAliases = { + h = "history" ; + upd = "sudo nixos-rebuild switch --flake $HOME/nixos-config#pennsardin; source ~/.zshrc" ; + }; shellGlobalAliases = { - G = "| grep"; - M = "| more"; - }; + G = "| grep"; + M = "| more"; }; + syntaxHighlighting.enable = true ; + }; } + +# vim: set ts=2 sw=2 sts=2 et : diff --git a/flake.lock b/flake.lock index 4abdd20..d978711 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1755755322, - "narHash": "sha256-spCxkNihCk3uT3LUrUwzdEAjLA/E0EtEgF3KVI05nlM=", + "lastModified": 1756579987, + "narHash": "sha256-duCce8zGsaMsrqqOmLOsuaV1PVIw/vXWnKuLKZClsGg=", "owner": "nix-community", "repo": "home-manager", - "rev": "282b4c98de97da6667cb03de4f427371734bc39c", + "rev": "99a69bdf8a3c6bf038c4121e9c4b6e99706a187a", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1755716446, - "narHash": "sha256-AdVENrXoFws0sENT2Sz9SMavbqVJnATmCODuqJ7GcSs=", + "lastModified": 1756578978, + "narHash": "sha256-dLgwMLIMyHlSeIDsoT2OcZBkuruIbjhIAv1sGANwtes=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b0eccfbc0168243438e8a6747fcdfb1bb796a3f7", + "rev": "a85a50bef870537a9705f64ed75e54d1f4bf9c23", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index d526990..c6d8089 100644 --- a/flake.nix +++ b/flake.nix @@ -1,40 +1,40 @@ { - description = "My nixos config with WM switch capacity"; + description = "My nixos config with WM switch capacity"; - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable-small"; - home-manager = { - url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - }; + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable-small"; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; - outputs = { self, nixpkgs, home-manager, ... }: - let - system = "x86_64-linux"; - pkgs = import nixpkgs { - inherit system; - config.allowUnfree = true; - }; + outputs = { self, nixpkgs, home-manager, ... }: + let + system = "x86_64-linux"; + pkgs = import nixpkgs { + inherit system; + config.allowUnfree = true; + }; - in { - nixosConfigurations = { - pennsardin = nixpkgs.lib.nixosSystem { - inherit system; + in { + nixosConfigurations = { + pennsardin = nixpkgs.lib.nixosSystem { + inherit system; - modules = [ - ./hosts/pennsardin/configuration.nix - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true ; + modules = [ + ./hosts/pennsardin/configuration.nix + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true ; # home-manager.useUserPackages = true; - home-manager.users.lomig = import ./user/lomig.nix ; - } - ]; - }; - }; - }; + home-manager.users.lomig = import ./user/lomig.nix ; + } + ]; + }; + }; + }; } # vim: set ts=2 sw=2 sts=2 et : diff --git a/hosts/pennsardin/bepovim.nix b/hosts/pennsardin/bepovim.nix index bbfbe95..6b02e67 100644 --- a/hosts/pennsardin/bepovim.nix +++ b/hosts/pennsardin/bepovim.nix @@ -1,14 +1,9 @@ -# modules/alerts/sms.nix - { config, pkgs, lib, ... }: { -# services.xserver.enable = true; - services.xserver.xkb.extraLayouts.bepovim = { description = "Clavier Bepovim – 4 niveaux"; languages = [ "fr" ]; - # IMPORTANT: c'est `symbolsFile`, pas `symbols`. symbolsFile = builtins.toFile "bepovim.xkb" '' xkb_symbols "basic" { name[Group1] = "Bepovim"; @@ -24,7 +19,7 @@ key { [ minus, 7, asciitilde ] }; key { [ asterisk, 8 ] }; key { [ slash, 9, backslash ] }; - key { [ quotedbl, 0 ] }; + key { [ quotedbl, 0, percent ] }; key { [ equal, ampersand ] }; key { [ BackSpace ] }; key { [ Tab, ISO_Left_Tab ] }; @@ -79,17 +74,17 @@ key { [ space, underscore, nobreakspace, U202F ] }; key { [ ISO_Level3_Shift ] }; - key { [ F1, F1 ] }; - key { [ F2, F2 ] }; - key { [ F3, F3 ] }; - key { [ F4, F4 ] }; - key { [ F5, F5 ] }; - key { [ F6, F6 ] }; - key { [ F7, F7 ] }; - key { [ F8, F8 ]}; - key { [ F9, F9 ] }; - key { [ F10, F10 ] }; - key { [ F11, F11 ] }; + key { [ F1, F1 ] }; + key { [ F2, F2 ] }; + key { [ F3, F3 ] }; + key { [ F4, F4 ] }; + key { [ F5, F5 ] }; + key { [ F6, F6 ] }; + key { [ F7, F7 ] }; + key { [ F8, F8 ]}; + key { [ F9, F9 ] }; + key { [ F10, F10 ] }; + key { [ F11, F11 ] }; }; ''; }; @@ -100,3 +95,4 @@ console.useXkbConfig = true; } +# vim: set ts=2 sw=2 sts=2 et : diff --git a/hosts/pennsardin/configuration.nix b/hosts/pennsardin/configuration.nix index d1d3d90..7b5a6b3 100644 --- a/hosts/pennsardin/configuration.nix +++ b/hosts/pennsardin/configuration.nix @@ -2,33 +2,37 @@ { imports = [ - ./raid.nix ./bepovim.nix - ../../wm/bspwm.nix + ../../wm/plasma.nix ../../apps/qemu.nix + ../../apps/gitea.nix + ../../apps/truenas.nix ]; nix.settings.experimental-features = ["nix-command" "flakes" ]; - boot.initrd.kernelModules = []; + boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" "amdgpu" ]; boot.kernelModules = [ "amdgpu" "kvm-amd" ]; boot.extraModulePackages = []; boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelParams = [ "mem_sleep_default=deep" "amdgpu.si_support=0" - "amdgpu.cik_support=0" - "radeon.si_support=0" - "radeon.cik_support=0" + "amdgpu.cik_support=0" + "radeon.si_support=0" + "radeon.cik_support=0" + "quiet" + "splash" + "boot.shell_on_fail" + "udev.log_priority=3" + "rd.systemd.show_status=auto" ]; - fileSystems."/" = { - device = "/dev/disk/by-uuid/b4e3577b-17ab-4a89-9aeb-4e223be4c75b"; # à adapter si tu as un autre label/disque - fsType = "ext4"; # ou btrfs, xfs, ce que t'as utilisé -}; - swapDevices = [] ; - boot.plymouth.enable = true ; + boot.plymouth.theme = "spinner" ; + boot.consoleLogLevel = 3 ; + boot.initrd.verbose = false ; boot.loader.timeout = 5; boot.loader.systemd-boot.enable = true ; + boot.loader.systemd-boot.consoleMode = "max" ; boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.efiSysMountPoint = "/boot"; @@ -39,6 +43,12 @@ RuntimeMaxUse=100M ''; + fileSystems."/" = { + device = "/dev/disk/by-uuid/b4e3577b-17ab-4a89-9aeb-4e223be4c75b"; # à adapter si tu as un autre label/disque + fsType = "ext4"; # ou btrfs, xfs, ce que t'as utilisé +}; + swapDevices = [] ; + hardware.firmware = with pkgs ; [ linux-firmware ]; hardware.enableRedistributableFirmware = true; hardware.graphics = { @@ -52,6 +62,7 @@ LIBVA_DRIVER_NAME = "radeonsi"; VDPAU_DRIVER = "va_gl"; }; + environment.defaultPackages = lib.mkForce [] ; hardware.bluetooth.enable = true ; environment.etc."pam.d/i3lock".text = '' @@ -61,17 +72,18 @@ session include login ''; services.blueman.enable = true ; - + services.logind.settings.Login = { + IdleAction="suspend"; + IdleActionSec="5min"; + HandleLidSwitch="suspend"; + HandleLidSwitchDocked="ignore"; + }; + services.openssh.enable = true ; services.xserver.enable = true ; services.xserver.videoDrivers = [ "amdgpu" ]; - services.logind.extraConfig = '' - IdleAction=suspend - IdleActionSec=5min - HandleLidSwitch=suspend - HandleLidSwitchDocked=ignore - ''; networking.hostName = "pennsardin"; + networking.firewall.enable = true ; time.timeZone = "Europe/Paris"; # Select internationalisation properties. i18n.defaultLocale = "fr_FR.UTF-8"; @@ -106,16 +118,22 @@ }; environment.systemPackages = with pkgs; [ -# i3lock + p7zip btrfs-progs + cifs-utils evtest gdu git glances lm_sensors neovim + nixos-bgrt-plymouth + parted + pciutils + pulseaudio snapper tmux + usbutils xorg.xev xorg.xkbcomp ]; @@ -136,3 +154,4 @@ system.stateVersion = "25.05"; # pour éviter les hurlements inutiles } +# vim: set ts=2 sw=2 sts=2 et : diff --git a/hosts/pennsardin/raid.nix b/hosts/pennsardin/raid.nix deleted file mode 100644 index 04da734..0000000 --- a/hosts/pennsardin/raid.nix +++ /dev/null @@ -1,54 +0,0 @@ -# modules/alerts/sms.nix - -{ config, pkgs, lib, ... }: - -let - user = "21782061"; # Ton identifiant Free - pass = "PEmCOQLKMEdMW9"; # Ta clé -in -{ - environment.systemPackages = with pkgs; [ curl ]; - environment.etc."mdadm-raid-wrapper.sh".text = '' - systemctl start raid-alert-sms.service - ''; - - boot.swraid = { - enable = true ; - mdadmConf = '' - MAILADDR guillaume.lame@protonmail.com - PROGRAM /etc/mdadm-raid-wrapper.sh - ARRAY /dev/md/raid-home UUID=cad7faf8:93cab941:ba745379:becc1918 - ''; - }; - - fileSystems."/mnt/raid" = { - device = "/dev/md/raid-home" ; - fsType = "btrfs" ; - options = ["compress=zstd" "noatime" "nofail" "x-systemd.device-timeout=5"]; - }; - -# systemd.services.raid-alert-sms = { -# description = "Envoie un SMS si RAID pète"; -# wantedBy = [ "multi-user.target" ]; -# serviceConfig = { -# Type = "oneshot"; -# ExecStart = '' -# ${pkgs.curl}/bin/curl -s \ -# "https://smsapi.free-mobile.fr/sendmsg?user=${user}&pass=${pass}&msg=TON+RAID+EST+MORT+FUIS" -# ''; -# }; -# }; - -# systemd.services.mdadm-monitor = { -# description = "RAID monitoring"; -# wantedBy = [ "multi-user.target" ]; -# after = [ "network.target" ]; -# serviceConfig = { -# ExecStart = "${pkgs.mdadm}/bin/mdadm --monitor --scan --daemonize --program=/etc/mdadm-raid-wrapper.sh"; -# Restart = "always"; -# RestartSec = "5s"; -# Type = "forking"; -# }; -# }; -} - diff --git a/user/lomig.nix b/user/lomig.nix index 18801e1..aada2fe 100644 --- a/user/lomig.nix +++ b/user/lomig.nix @@ -21,3 +21,4 @@ home.stateVersion = "25.05"; # ou ton actuelle } +# vim: set ts=2 sw=2 sts=2 et : diff --git a/wm/bspwm.nix b/wm/bspwm.nix index b12dd37..21de82a 100644 --- a/wm/bspwm.nix +++ b/wm/bspwm.nix @@ -8,8 +8,14 @@ }; windowManager.bspwm.enable = true ; }; - desktopManager.gnome.enable = lib.mkForce false ; - displayManager.gdm.enable = lib.mkForce false ; + desktopManager = { + gnome.enable = lib.mkForce false ; + plasma6.enable = lib.mkForce false ; + }; + displayManager = { + gdm.enable = lib.mkForce false ; + sddm.enable = lib.mkForce false ; + }; }; home-manager.users.lomig = { pkgs, ... }: { home.packages = with pkgs; [ @@ -17,6 +23,7 @@ alacritty rofi feh font-awesome picom xorg.xset xidlehook betterlockscreen pywal16 imagemagick + pulsemixer ]; xsession.enable = true ; @@ -47,7 +54,7 @@ enable = true ; startupPrograms = [ "killall polybar" - "eval $(ssh-agent -s); ssh-add ~/.ssh/github" + "eval $(ssh-agent -s); ssh-add ~/.ssh/github" "setxkbmap bepovim" "sxhkd -m 1" "xrandr \\ @@ -55,6 +62,7 @@ "while pgrep -x polybar >/dev/null; do sleep 0.2; done" "polybar" "bash ~/.fehbg" + "bspc rule -a floorp desktop=^focused follow=on" ]; extraConfig = '' bspc config borderless_monocle true @@ -99,6 +107,12 @@ "super + shift + j" = "bspc node -s south"; "super + shift + k" = "bspc node -s north"; "super + shift + l" = "bspc node -s east"; + +# Gestion du tiling + "super + f" = "bspc node -t fullscreen" ; + "super + s" = "bspc node -t floating" ; + "super + shift + t" = "bspc node -t pseudo_tiled" ; + "super + t" = "bspc node -t tiled" ; }; }; @@ -156,10 +170,6 @@ }; - programs.floorp = { - enable = true ; - languagePacks = [ "fr" ] ; - }; }; } diff --git a/wm/gnome.nix b/wm/gnome.nix index 2b5a2e3..6dc9d1a 100644 --- a/wm/gnome.nix +++ b/wm/gnome.nix @@ -2,11 +2,13 @@ { services = { displayManager = { - gdm = { - enable = true ; - }; + gdm.enable = true ; + sddm.enable = lib.mkForce false ; + }; + desktopManager = { + gnome.enable = true ; + plasma6.enable = lib.mkForce false ; }; - desktopManager.gnome.enable = true ; xserver = { windowManager.bspwm.enable = lib.mkForce false ; displayManager.lightdm.enable = lib.mkForce false ; diff --git a/wm/plasma.nix b/wm/plasma.nix new file mode 100644 index 0000000..ef3819e --- /dev/null +++ b/wm/plasma.nix @@ -0,0 +1,19 @@ +{ config, pkgs, lib, ... }: +{ + services = { + displayManager = { + gdm.enable = lib.mkForce false ; + sddm.enable = true ; + }; + desktopManager = { + gnome.enable = lib.mkForce false ; + plasma6.enable = true ; + }; + xserver = { + windowManager.bspwm.enable = lib.mkForce false ; + displayManager.lightdm.enable = lib.mkForce false ; + }; + }; +} + +# vim: set ts=2 sw=2 sts=2 et :