Update config

apps/browser.nix

@@ -1,11 +1,9 @@
 { config, pkgs, ... }:
 {
-programs.floorp = {
+	programs.firefox = {
-  enable = true ;
-  languagePacks = [ "fr" ] ;
-  };
-programs.firefox = {
 		enable = true ;
 		languagePacks = [ "fr" ] ;
 	};
 }
+
+# vim: set ts=2 sw=2 sts=2 et :

apps/gitea.nix

@@ -1,4 +1,93 @@
 { config, pkgs, ... }:
-{
+
+let
+  domain = "git.lomig.me";     # <-- mets ton domaine
+  giteaHttpPort = 3000;           # port local de Gitea
+in {
+  ########################################
+  # Base système
+  ########################################
+  networking.firewall.allowedTCPPorts = [ 80 443 22 ];  # HTTP(S) + SSH (22)
+  services.openssh.enable = true;                       # si tu veux aussi OpenSSH pour le reste
+
+  ########################################
+  # Base de données Postgres
+  ########################################
+  services.postgresql = {
+    enable = true;
+    ensureDatabases = [ "gitea" ];
+    ensureUsers = [
+      { name = "gitea";
+        ensureDBOwnership = true;
+      }
+    ];
+  };
+
+  ########################################
+  # Gitea
+  ########################################
+  services.gitea = {
+    enable = true;
+    appName = "Gitea";
+    user = "gitea";                        # user système service
+    database = {
+      type = "postgres";
+      user = "gitea";
+      name = "gitea";
+      host = "127.0.0.1";
+    };
+
+    # Répertoire de données (par défaut: /var/lib/gitea)
+    stateDir = "/var/lib/gitea";
+
+    # Réglages gitea.ini
+    settings = {
+      server = {
+        PROTOCOL       = "http";
+        HTTP_ADDR      = "127.0.0.1";
+        HTTP_PORT      = giteaHttpPort;
+        DOMAIN         = domain;
+        ROOT_URL       = "https://${domain}/";
+        SSH_DOMAIN     = domain;
+
+        # SSH intégré par Gitea (pratique : pas besoin de configurer un port séparé)
+        START_SSH_SERVER = true;
+        SSH_LISTEN_PORT  = 2222;           # port interne Gitea
+        SSH_PORT         = 22;             # port public affiché dans les URLs clone
+      };
+
+      service = {
+        DISABLE_REGISTRATION = true;       # tu créeras les comptes toi‑même
+        REQUIRE_SIGNIN_VIEW  = false;
+        REGISTER_EMAIL_CONFIRM = true;
+      };
+
+      # SMTP (remplace par ton vrai relais)
+
+      log = {
+        MODE  = "console";
+        LEVEL = "Info";
+      };
+    };
+
+    # Création d'un admin au premier démarrage (facultatif mais pratique)
+    # Remplace le mot de passe et l’email :
+    # L'utilisateur est créé si inexistant.
+  };
+
+  ########################################
+  # Caddy reverse proxy + TLS
+  ########################################
+  services.caddy = {
+    enable = true;
+    virtualHosts."${domain}".extraConfig = ''
+      encode zstd gzip
+      reverse_proxy 127.0.0.1:${toString giteaHttpPort}
+    '';
+    # Par défaut, Caddy va récupérer un certificat Let's Encrypt pour le domaine public
+    # Si domaine local sans DNS public, ajoute `tls internal` dans extraConfig.
+  };
 
 }
+
+# vim: set ts=2 sw=2 sts=2 et :

apps/picom.nix

@@ -48,3 +48,4 @@
   };
 }
 
+# vim: set ts=2 sw=2 sts=2 et :

apps/template.nix

@@ -2,4 +2,5 @@
 {
 
 }
- # vim: set ts=2 sw=2 sts=2 et :
+
+# vim: set ts=2 sw=2 sts=2 et :

apps/truenas.nix

@@ -0,0 +1,64 @@
+{ config, pkgs,  ... }:
+{
+  boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
+  boot.extraModprobeConfig = ''
+    options vfio-pci ids=1022:43f6
+    '';
+  boot.kernelParams = [
+    "amd_iommu=on"
+      "iommu=pt"
+  ];
+  users.users.lomig.extraGroups = [ "disk" ];
+  security.pam.loginLimits = [
+  { domain="lomig"; type="soft"; item="memlock"; value="infinity"; }
+  { domain="lomig"; type="hard"; item="memlock"; value="infinity"; }
+  ];
+  boot.kernel.sysctl."vm.nr_hugepages" = 1024;
+  fileSystems."/dev/hugepages" = { device="hugetlbfs"; fsType="hugetlbfs"; };
+
+#  services.udev.extraRules = ''
+#    SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500b0179482", GROUP="disk", MODE="0660"
+#    SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc529430", GROUP="disk", MODE="0660"
+#    SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc53994a", GROUP="disk", MODE="0660"
+#    SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc5551d4", GROUP="disk", MODE="0660"
+#    SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660"
+#    '';
+
+  systemd.services.truenas-vm = {
+    wantedBy = [ "multi-user.target" ]; 
+    after = [ "network-online.target" ];
+    wants = [ "network-online.target" ];
+    serviceConfig = {
+      RuntimeDirectory = "truenas" ;
+      ExecStartPre = "/run/current-system/sw/bin/rm -f /run/truenas/qmp.sock";
+      ExecStart = ''
+        /run/current-system/sw/bin/qemu-system-x86_64 -enable-kvm -m 4096 -smp 2 \
+        -drive file=/home/lomig/vm/truenas.qcow2,if=none,format=qcow2,id=os \
+        -device vfio-pci,host=0e:00.0 \
+        -netdev bridge,br=br0,id=n1,helper=/run/wrappers/bin/qemu-bridge-helper \
+        -device virtio-net-pci,netdev=n1,mac=52:54:00:00:01:02 \
+        -device virtio-blk-pci,drive=os,bootindex=0 \
+        -qmp unix:/run/truenas.qmp,server,nowait -display none
+        '';
+      ExecStop = ''
+        echo '{"execute":"system_powerdown"}' | socat - UNIX-CONNECT:/run/truenas.qmp || true ; sleep 5
+        ''; 
+      Restart = "on-failure";
+      RestartSec = 3 ;
+      StartLimitIntervalSec = 60 ;
+      StartLimitBurst = 5 ;
+    };
+  };
+
+  systemd.services.resume-truenas-vm = {
+    description = "Restart Truenas VM after resume" ;
+    wantedBy = [ "sleep.target" ];
+    after  = [ "sleep.target" ];
+    serviceConfig = {
+      Type = "oneshot" ;
+      ExecStart = "${pkgs.systemd}/bin/systemctl try-restart truenas-vm.service";
+    };
+  };
+}
+
+# vim: set ts=2 sw=2 sts=2 et :

apps/zsh.nix

@@ -1,6 +1,12 @@
 { config, pkgs, ... }:
 {
+  programs.dircolors.enableZshIntegration = true ;
   programs.zsh = {
+    autosuggestion.enable = true ;
+    dirHashes = {
+      dl = "$HOME/Téléchargements" ;
+      nix  = "$HOME/nixos-config" ;
+    };
     enable = true ;
     enableCompletion = true ;
     history = {
@@ -9,12 +15,19 @@
       findNoDups = true ;
       ignoreAllDups = true ;
       ignoreSpace = true ;
-	    ignorePatterns = [ "rm *" "cd *" "ls *" ] ;
+      ignorePatterns = [ "rm *" "cd *" "ls *" "df *" "du *" "fastfetch" "tree" "pwd" "upd" ] ;
       saveNoDups = false ;
     };
+    shellAliases = {
+      h = "history" ;
+      upd = "sudo nixos-rebuild switch --flake $HOME/nixos-config#pennsardin; source ~/.zshrc" ;
+    };
     shellGlobalAliases = {
       G = "| grep";
       M = "| more";
     };
+    syntaxHighlighting.enable = true ;
   };
 }
+
+# vim: set ts=2 sw=2 sts=2 et :

flake.lock

@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755755322,
+        "lastModified": 1756579987,
-        "narHash": "sha256-spCxkNihCk3uT3LUrUwzdEAjLA/E0EtEgF3KVI05nlM=",
+        "narHash": "sha256-duCce8zGsaMsrqqOmLOsuaV1PVIw/vXWnKuLKZClsGg=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "282b4c98de97da6667cb03de4f427371734bc39c",
+        "rev": "99a69bdf8a3c6bf038c4121e9c4b6e99706a187a",
         "type": "github"
       },
       "original": {
@@ -22,11 +22,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1755716446,
+        "lastModified": 1756578978,
-        "narHash": "sha256-AdVENrXoFws0sENT2Sz9SMavbqVJnATmCODuqJ7GcSs=",
+        "narHash": "sha256-dLgwMLIMyHlSeIDsoT2OcZBkuruIbjhIAv1sGANwtes=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b0eccfbc0168243438e8a6747fcdfb1bb796a3f7",
+        "rev": "a85a50bef870537a9705f64ed75e54d1f4bf9c23",
         "type": "github"
       },
       "original": {

hosts/pennsardin/bepovim.nix

@@ -1,14 +1,9 @@
-# modules/alerts/sms.nix
-
 { config, pkgs, lib, ... }:
 
 {
-#  services.xserver.enable = true;
-
   services.xserver.xkb.extraLayouts.bepovim = {
     description = "Clavier Bepovim – 4 niveaux";
     languages = [ "fr" ];
-    # IMPORTANT: c'est `symbolsFile`, pas `symbols`.
     symbolsFile = builtins.toFile "bepovim.xkb" ''
       xkb_symbols "basic" {
         name[Group1] = "Bepovim";
@@ -24,7 +19,7 @@
         key <AE08> { [ minus, 7, asciitilde ] };
         key <AE09> { [ asterisk, 8 ] };
         key <AE10> { [ slash, 9, backslash ] };
-        key <AE11> { [ quotedbl, 0 ] };
+        key <AE11> { [ quotedbl, 0, percent ] };
         key <AE12> { [ equal, ampersand ] };
         key <BKSP> { [ BackSpace ] };
         key <TAB>  { [ Tab, ISO_Left_Tab ] };
@@ -100,3 +95,4 @@
   console.useXkbConfig = true;
 }
 
+# vim: set ts=2 sw=2 sts=2 et :

hosts/pennsardin/configuration.nix

@@ -2,13 +2,14 @@
 
 {
   imports = [
-    ./raid.nix
     ./bepovim.nix
-    ../../wm/bspwm.nix
+    ../../wm/plasma.nix
     ../../apps/qemu.nix
+    ../../apps/gitea.nix
+    ../../apps/truenas.nix
   ];
   nix.settings.experimental-features = ["nix-command" "flakes" ];
-  boot.initrd.kernelModules = [];
+  boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" "amdgpu" ];
   boot.kernelModules = [ "amdgpu" "kvm-amd" ];
   boot.extraModulePackages = [];
   boot.kernelPackages = pkgs.linuxPackages_latest;
@@ -18,17 +19,20 @@
 	"amdgpu.cik_support=0"
 	"radeon.si_support=0"
 	"radeon.cik_support=0"
+	"quiet"
+	"splash"
+	"boot.shell_on_fail"
+	"udev.log_priority=3"
+	"rd.systemd.show_status=auto"
   ];
 
-  fileSystems."/" = {
-  device = "/dev/disk/by-uuid/b4e3577b-17ab-4a89-9aeb-4e223be4c75b"; # à adapter si tu as un autre label/disque
-  fsType = "ext4"; # ou btrfs, xfs, ce que t'as utilisé
-};
-  swapDevices = [] ;
-  
   boot.plymouth.enable = true ;
+  boot.plymouth.theme = "spinner" ;
+  boot.consoleLogLevel = 3 ;
+  boot.initrd.verbose = false ;
   boot.loader.timeout = 5;
   boot.loader.systemd-boot.enable = true ;
+  boot.loader.systemd-boot.consoleMode = "max" ;
   boot.loader.efi.canTouchEfiVariables = true;
   boot.loader.efi.efiSysMountPoint = "/boot";
 
@@ -39,6 +43,12 @@
 	RuntimeMaxUse=100M
   '';
 
+  fileSystems."/" = {
+  device = "/dev/disk/by-uuid/b4e3577b-17ab-4a89-9aeb-4e223be4c75b"; # à adapter si tu as un autre label/disque
+  fsType = "ext4"; # ou btrfs, xfs, ce que t'as utilisé
+};
+  swapDevices = [] ;
+  
   hardware.firmware = with pkgs ; [ linux-firmware ];
   hardware.enableRedistributableFirmware = true;
   hardware.graphics = {
@@ -52,6 +62,7 @@
     LIBVA_DRIVER_NAME = "radeonsi";
     VDPAU_DRIVER = "va_gl";
   };
+  environment.defaultPackages = lib.mkForce [] ;
 
   hardware.bluetooth.enable = true ;
   environment.etc."pam.d/i3lock".text = ''
@@ -61,17 +72,18 @@
        session  include login
        '';
   services.blueman.enable = true ;
-
+  services.logind.settings.Login = {
+	IdleAction="suspend";
+	IdleActionSec="5min";
+	HandleLidSwitch="suspend";
+	HandleLidSwitchDocked="ignore";
+	};
+  services.openssh.enable = true ;
   services.xserver.enable = true ;
   services.xserver.videoDrivers = [ "amdgpu" ];
-  services.logind.extraConfig = ''
-	IdleAction=suspend
-	IdleActionSec=5min
-	HandleLidSwitch=suspend
-	HandleLidSwitchDocked=ignore
-	'';
 
   networking.hostName = "pennsardin";
+  networking.firewall.enable = true ;
   time.timeZone = "Europe/Paris";
   # Select internationalisation properties.
   i18n.defaultLocale = "fr_FR.UTF-8";
@@ -106,16 +118,22 @@
   };
 
   environment.systemPackages = with pkgs; [
-#  i3lock
+    p7zip
     btrfs-progs
+    cifs-utils
     evtest
     gdu
     git
     glances
     lm_sensors
     neovim
+    nixos-bgrt-plymouth
+    parted
+    pciutils
+    pulseaudio
     snapper
     tmux
+    usbutils
     xorg.xev
     xorg.xkbcomp
   ];
@@ -136,3 +154,4 @@
   system.stateVersion = "25.05"; # pour éviter les hurlements inutiles
 }
 
+# vim: set ts=2 sw=2 sts=2 et :

hosts/pennsardin/raid.nix

@@ -1,54 +0,0 @@
-# modules/alerts/sms.nix
-
-{ config, pkgs, lib, ... }:
-
-let
-  user = "21782061";  # Ton identifiant Free
-  pass = "PEmCOQLKMEdMW9";  # Ta clé
-in
-{
-  environment.systemPackages = with pkgs; [ curl ];
-  environment.etc."mdadm-raid-wrapper.sh".text = ''
-    systemctl start raid-alert-sms.service
-  '';
-
-  boot.swraid = {
-    enable = true ;
-    mdadmConf = ''
-      MAILADDR guillaume.lame@protonmail.com
-      PROGRAM /etc/mdadm-raid-wrapper.sh
-      ARRAY /dev/md/raid-home UUID=cad7faf8:93cab941:ba745379:becc1918
-      '';
-  };
-
-  fileSystems."/mnt/raid" = {
-    device = "/dev/md/raid-home" ;
-    fsType = "btrfs" ;
-    options = ["compress=zstd" "noatime" "nofail" "x-systemd.device-timeout=5"];
-  };
-
-#  systemd.services.raid-alert-sms = {
-#    description = "Envoie un SMS si RAID pète";
-#    wantedBy = [ "multi-user.target" ];
-#    serviceConfig = {
-#      Type = "oneshot";
-#      ExecStart = ''
-#        ${pkgs.curl}/bin/curl -s \
-#          "https://smsapi.free-mobile.fr/sendmsg?user=${user}&pass=${pass}&msg=TON+RAID+EST+MORT+FUIS"
-#      '';
-#    };
-#  };
-
-#  systemd.services.mdadm-monitor = {
-#    description = "RAID monitoring";
-#    wantedBy = [ "multi-user.target" ];
-#    after = [ "network.target" ];
-#    serviceConfig = {
-#      ExecStart = "${pkgs.mdadm}/bin/mdadm --monitor --scan --daemonize --program=/etc/mdadm-raid-wrapper.sh";
-#      Restart = "always";
-#      RestartSec = "5s";
-#      Type = "forking";
-#    };
-#  };
-}
-

user/lomig.nix

@@ -21,3 +21,4 @@
   home.stateVersion = "25.05"; # ou ton actuelle
 }
 
+# vim: set ts=2 sw=2 sts=2 et :

wm/bspwm.nix

@@ -8,8 +8,14 @@
       };
       windowManager.bspwm.enable = true ;
     };
-    desktopManager.gnome.enable = lib.mkForce false ;
+    desktopManager = {
-    displayManager.gdm.enable = lib.mkForce false ;
+      gnome.enable = lib.mkForce false ;
+      plasma6.enable = lib.mkForce false ;
+    };
+    displayManager = {
+      gdm.enable = lib.mkForce false ;
+      sddm.enable = lib.mkForce false ;
+    };
   };
   home-manager.users.lomig = { pkgs, ... }: {
     home.packages = with pkgs; [
@@ -17,6 +23,7 @@
         alacritty rofi feh font-awesome
         picom xorg.xset xidlehook betterlockscreen
         pywal16 imagemagick
+        pulsemixer
     ];
 
     xsession.enable = true ;
@@ -55,6 +62,7 @@
           "while pgrep -x polybar >/dev/null; do sleep 0.2; done"
           "polybar"
           "bash ~/.fehbg"
+          "bspc rule -a floorp desktop=^focused follow=on"
       ];
       extraConfig = ''
         bspc config borderless_monocle true
@@ -99,6 +107,12 @@
         "super + shift + j" = "bspc node -s south";
         "super + shift + k" = "bspc node -s north";
         "super + shift + l" = "bspc node -s east";
+
+# Gestion du tiling
+        "super + f" = "bspc node -t fullscreen" ;
+        "super + s" = "bspc node -t floating" ;
+        "super + shift + t" = "bspc node -t pseudo_tiled" ;
+        "super + t" = "bspc node -t tiled" ;
       };
     };
 
@@ -156,10 +170,6 @@
     };
 
 
-    programs.floorp = {
-      enable = true ;
-      languagePacks = [ "fr" ] ;
-    };
   };
 }
 

wm/gnome.nix

@@ -2,11 +2,13 @@
 {
   services = {
     displayManager = {
-      gdm = {
+      gdm.enable = true ;
-        enable = true ;
+      sddm.enable = lib.mkForce false ;
     };
+    desktopManager = {
+      gnome.enable = true ;
+      plasma6.enable = lib.mkForce false ;
     };
-    desktopManager.gnome.enable = true ;
     xserver = {
       windowManager.bspwm.enable = lib.mkForce false ;
       displayManager.lightdm.enable = lib.mkForce false ;

wm/plasma.nix

@@ -0,0 +1,19 @@
+{ config, pkgs, lib, ... }:
+{
+  services = {
+    displayManager = {
+      gdm.enable = lib.mkForce false ;
+      sddm.enable = true ;
+    };
+    desktopManager = {
+      gnome.enable = lib.mkForce false ;
+      plasma6.enable = true ;
+    };
+    xserver = {
+      windowManager.bspwm.enable = lib.mkForce false ;
+      displayManager.lightdm.enable = lib.mkForce false ;
+    };
+  };
+}
+
+# vim: set ts=2 sw=2 sts=2 et :