Update config
This commit is contained in:
Lomig
parent
e1df4bbbcf
commit
556e0e1eb2
15 changed files with 323 additions and 164 deletions
|
|
@ -1,11 +1,9 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
programs.floorp = {
|
||||
enable = true ;
|
||||
languagePacks = [ "fr" ] ;
|
||||
};
|
||||
programs.firefox = {
|
||||
enable = true ;
|
||||
languagePacks = [ "fr" ] ;
|
||||
};
|
||||
programs.firefox = {
|
||||
enable = true ;
|
||||
languagePacks = [ "fr" ] ;
|
||||
};
|
||||
}
|
||||
|
||||
# vim: set ts=2 sw=2 sts=2 et :
|
||||
|
|
|
|||
|
|
@ -1,4 +1,93 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
domain = "git.lomig.me"; # <-- mets ton domaine
|
||||
giteaHttpPort = 3000; # port local de Gitea
|
||||
in {
|
||||
########################################
|
||||
# Base système
|
||||
########################################
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 22 ]; # HTTP(S) + SSH (22)
|
||||
services.openssh.enable = true; # si tu veux aussi OpenSSH pour le reste
|
||||
|
||||
########################################
|
||||
# Base de données Postgres
|
||||
########################################
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
ensureDatabases = [ "gitea" ];
|
||||
ensureUsers = [
|
||||
{ name = "gitea";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
########################################
|
||||
# Gitea
|
||||
########################################
|
||||
services.gitea = {
|
||||
enable = true;
|
||||
appName = "Gitea";
|
||||
user = "gitea"; # user système service
|
||||
database = {
|
||||
type = "postgres";
|
||||
user = "gitea";
|
||||
name = "gitea";
|
||||
host = "127.0.0.1";
|
||||
};
|
||||
|
||||
# Répertoire de données (par défaut: /var/lib/gitea)
|
||||
stateDir = "/var/lib/gitea";
|
||||
|
||||
# Réglages gitea.ini
|
||||
settings = {
|
||||
server = {
|
||||
PROTOCOL = "http";
|
||||
HTTP_ADDR = "127.0.0.1";
|
||||
HTTP_PORT = giteaHttpPort;
|
||||
DOMAIN = domain;
|
||||
ROOT_URL = "https://${domain}/";
|
||||
SSH_DOMAIN = domain;
|
||||
|
||||
# SSH intégré par Gitea (pratique : pas besoin de configurer un port séparé)
|
||||
START_SSH_SERVER = true;
|
||||
SSH_LISTEN_PORT = 2222; # port interne Gitea
|
||||
SSH_PORT = 22; # port public affiché dans les URLs clone
|
||||
};
|
||||
|
||||
service = {
|
||||
DISABLE_REGISTRATION = true; # tu créeras les comptes toi‑même
|
||||
REQUIRE_SIGNIN_VIEW = false;
|
||||
REGISTER_EMAIL_CONFIRM = true;
|
||||
};
|
||||
|
||||
# SMTP (remplace par ton vrai relais)
|
||||
|
||||
log = {
|
||||
MODE = "console";
|
||||
LEVEL = "Info";
|
||||
};
|
||||
};
|
||||
|
||||
# Création d'un admin au premier démarrage (facultatif mais pratique)
|
||||
# Remplace le mot de passe et l’email :
|
||||
# L'utilisateur est créé si inexistant.
|
||||
};
|
||||
|
||||
########################################
|
||||
# Caddy reverse proxy + TLS
|
||||
########################################
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
virtualHosts."${domain}".extraConfig = ''
|
||||
encode zstd gzip
|
||||
reverse_proxy 127.0.0.1:${toString giteaHttpPort}
|
||||
'';
|
||||
# Par défaut, Caddy va récupérer un certificat Let's Encrypt pour le domaine public
|
||||
# Si domaine local sans DNS public, ajoute `tls internal` dans extraConfig.
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
# vim: set ts=2 sw=2 sts=2 et :
|
||||
|
|
|
|||
|
|
@ -48,3 +48,4 @@
|
|||
};
|
||||
}
|
||||
|
||||
# vim: set ts=2 sw=2 sts=2 et :
|
||||
|
|
|
|||
|
|
@ -2,4 +2,5 @@
|
|||
{
|
||||
|
||||
}
|
||||
# vim: set ts=2 sw=2 sts=2 et :
|
||||
|
||||
# vim: set ts=2 sw=2 sts=2 et :
|
||||
|
|
|
|||
64
apps/truenas.nix
Normal file
64
apps/truenas.nix
Normal file
|
|
@ -0,0 +1,64 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
|
||||
boot.extraModprobeConfig = ''
|
||||
options vfio-pci ids=1022:43f6
|
||||
'';
|
||||
boot.kernelParams = [
|
||||
"amd_iommu=on"
|
||||
"iommu=pt"
|
||||
];
|
||||
users.users.lomig.extraGroups = [ "disk" ];
|
||||
security.pam.loginLimits = [
|
||||
{ domain="lomig"; type="soft"; item="memlock"; value="infinity"; }
|
||||
{ domain="lomig"; type="hard"; item="memlock"; value="infinity"; }
|
||||
];
|
||||
boot.kernel.sysctl."vm.nr_hugepages" = 1024;
|
||||
fileSystems."/dev/hugepages" = { device="hugetlbfs"; fsType="hugetlbfs"; };
|
||||
|
||||
# services.udev.extraRules = ''
|
||||
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500b0179482", GROUP="disk", MODE="0660"
|
||||
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc529430", GROUP="disk", MODE="0660"
|
||||
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc53994a", GROUP="disk", MODE="0660"
|
||||
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc5551d4", GROUP="disk", MODE="0660"
|
||||
# SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660"
|
||||
# '';
|
||||
|
||||
systemd.services.truenas-vm = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
wants = [ "network-online.target" ];
|
||||
serviceConfig = {
|
||||
RuntimeDirectory = "truenas" ;
|
||||
ExecStartPre = "/run/current-system/sw/bin/rm -f /run/truenas/qmp.sock";
|
||||
ExecStart = ''
|
||||
/run/current-system/sw/bin/qemu-system-x86_64 -enable-kvm -m 4096 -smp 2 \
|
||||
-drive file=/home/lomig/vm/truenas.qcow2,if=none,format=qcow2,id=os \
|
||||
-device vfio-pci,host=0e:00.0 \
|
||||
-netdev bridge,br=br0,id=n1,helper=/run/wrappers/bin/qemu-bridge-helper \
|
||||
-device virtio-net-pci,netdev=n1,mac=52:54:00:00:01:02 \
|
||||
-device virtio-blk-pci,drive=os,bootindex=0 \
|
||||
-qmp unix:/run/truenas.qmp,server,nowait -display none
|
||||
'';
|
||||
ExecStop = ''
|
||||
echo '{"execute":"system_powerdown"}' | socat - UNIX-CONNECT:/run/truenas.qmp || true ; sleep 5
|
||||
'';
|
||||
Restart = "on-failure";
|
||||
RestartSec = 3 ;
|
||||
StartLimitIntervalSec = 60 ;
|
||||
StartLimitBurst = 5 ;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.resume-truenas-vm = {
|
||||
description = "Restart Truenas VM after resume" ;
|
||||
wantedBy = [ "sleep.target" ];
|
||||
after = [ "sleep.target" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot" ;
|
||||
ExecStart = "${pkgs.systemd}/bin/systemctl try-restart truenas-vm.service";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
# vim: set ts=2 sw=2 sts=2 et :
|
||||
43
apps/zsh.nix
43
apps/zsh.nix
|
|
@ -1,20 +1,33 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
programs.zsh = {
|
||||
enable = true ;
|
||||
enableCompletion = true ;
|
||||
history = {
|
||||
append = true ;
|
||||
extended = true ;
|
||||
findNoDups = true ;
|
||||
ignoreAllDups = true ;
|
||||
ignoreSpace = true ;
|
||||
ignorePatterns = [ "rm *" "cd *" "ls *" ] ;
|
||||
saveNoDups = false ;
|
||||
};
|
||||
programs.dircolors.enableZshIntegration = true ;
|
||||
programs.zsh = {
|
||||
autosuggestion.enable = true ;
|
||||
dirHashes = {
|
||||
dl = "$HOME/Téléchargements" ;
|
||||
nix = "$HOME/nixos-config" ;
|
||||
};
|
||||
enable = true ;
|
||||
enableCompletion = true ;
|
||||
history = {
|
||||
append = true ;
|
||||
extended = true ;
|
||||
findNoDups = true ;
|
||||
ignoreAllDups = true ;
|
||||
ignoreSpace = true ;
|
||||
ignorePatterns = [ "rm *" "cd *" "ls *" "df *" "du *" "fastfetch" "tree" "pwd" "upd" ] ;
|
||||
saveNoDups = false ;
|
||||
};
|
||||
shellAliases = {
|
||||
h = "history" ;
|
||||
upd = "sudo nixos-rebuild switch --flake $HOME/nixos-config#pennsardin; source ~/.zshrc" ;
|
||||
};
|
||||
shellGlobalAliases = {
|
||||
G = "| grep";
|
||||
M = "| more";
|
||||
};
|
||||
G = "| grep";
|
||||
M = "| more";
|
||||
};
|
||||
syntaxHighlighting.enable = true ;
|
||||
};
|
||||
}
|
||||
|
||||
# vim: set ts=2 sw=2 sts=2 et :
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue