CLEAN: nix develop

2025-10-05 08:20:57 +02:00 · 2025-10-05 08:20:57 +02:00 · c495445e91
commit c495445e91
parent daeb15f821
22 changed files with 439 additions and 423 deletions
--- a/flake.nix
+++ b/flake.nix
@ -22,16 +22,17 @@
    home-manager,
    nur,
    ...
-  } @ inputs: let
+  }: let
-  mkUnstablePkgsWithNur = { system, config ? {} }:
+    mkUnstablePkgsWithNur = {
      system,
      config ? {},
    }:
      import nixpkgs-unstable {
        inherit system;
        overlays = [nur.overlays.default];
-      config = config ;
+        inherit config;
      };
-  in 
+  in {
  {
    nixosConfigurations = {
      pennsardin = nixpkgs-unstable.lib.nixosSystem {
        system = "x86_64-linux";
--- a/hm/common/browser.nix
+++ b/hm/common/browser.nix
@ -1,4 +1,8 @@
-{pkgs, nur, ... }: {
+{
  pkgs,
  nur,
  ...
 }: {
  programs.firefox = {
    enable = true;
    languagePacks = ["fr"];
--- a/hm/desktop/bspwm.nix
+++ b/hm/desktop/bspwm.nix
@ -1,20 +1,42 @@
 # hm/desktop/bspwm.nix
 { pkgs, lib, ... }:
 {
  pkgs,
  lib,
  ...
 }: {
  imports = [
    ../common/browser.nix
  ];
  home.packages = with pkgs; [
-    bspwm sxhkd xorg.xinit xterm alacritty rofi feh font-awesome
+    bspwm
-    picom xorg.xset xidlehook betterlockscreen pywal16 imagemagick
+    sxhkd
-    pulsemixer ranger jq file highlight unzip mpv
+    xorg.xinit
    xterm
    alacritty
    rofi
    feh
    font-awesome
    picom
    xorg.xset
    xidlehook
    betterlockscreen
    pywal16
    imagemagick
    pulsemixer
    ranger
    jq
    file
    highlight
    unzip
    mpv
    protonvpn-gui
  ];
  # Gère le ssh-agent proprement côté user
  services.ssh-agent.enable = true;
-  xsession.enable = true;
+  xsession = {
    enable = true;
    xsession.windowManager.bspwm = {
      enable = true;
@ -34,6 +56,7 @@
        bspc monitor -d I II III IV V VI
      '';
    };
  };
  #  xsession.initExtra = ''
  #    xset s 300 300
@ -43,7 +66,8 @@
  #    xset dpms 0 0 500
  #  '';
-  services.sxhkd = {
+  services = {
    sxhkd = {
      enable = true;
      extraOptions = ["-m" "1"];
      keybindings = {
@ -82,25 +106,7 @@
        "super + t" = "bspc node -t tiled";
      };
    };
-
+    polybar = {
  # xidlehook (user service)
  systemd.user.services.xidlehook = {
    Unit.Description = "Idle: lock at 5min, suspend at ~8min";
    Service = {
      ExecStart = ''
        ${pkgs.xidlehook}/bin/xidlehook \
          --detect-sleep \
          --not-when-fullscreen \
          --timer 300  "${pkgs.betterlockscreen}/bin/betterlockscreen -l dim" "" \
          --timer 500  "systemctl suspend" ""
      '';
      Restart = "always";
    };
    Install.WantedBy = [ "graphical-session.target" ];
  };
  # polybar (config intégrée pour démarrer simple)
  services.polybar = {
      enable = true;
      script = "polybar main &";
      config = {
@ -133,22 +139,48 @@
        };
      };
    };
  };
-  # alacritty
+  # xidlehook (user service)
-  programs.alacritty = {
+  systemd.user.services.xidlehook = {
    Unit.Description = "Idle: lock at 5min, suspend at ~8min";
    Service = {
      ExecStart = ''
        ${pkgs.xidlehook}/bin/xidlehook \
          --detect-sleep \
          --not-when-fullscreen \
          --timer 300  "${pkgs.betterlockscreen}/bin/betterlockscreen -l dim" "" \
          --timer 500  "systemctl suspend" ""
      '';
      Restart = "always";
    };
    Install.WantedBy = ["graphical-session.target"];
  };
  programs = {
    alacritty = {
      enable = true;
      settings = {
        general.import = ["~/.cache/wal/colors-alacritty.toml"];
        font = {
-        normal = { family = lib.mkForce "Iosevka Nerd Font"; style = "Regular"; };
+          normal = {
-        bold   = { family = lib.mkForce "Iosevka Nerd Font"; style = "Bold"; };
+            family = lib.mkForce "Iosevka Nerd Font";
-        italic = { family = lib.mkForce "Iosevka Nerd Font"; style = "Italic"; };
+            style = "Regular";
          };
          bold = {
            family = lib.mkForce "Iosevka Nerd Font";
            style = "Bold";
          };
          italic = {
            family = lib.mkForce "Iosevka Nerd Font";
            style = "Italic";
          };
          size = lib.mkForce 9;
        };
      };
    };
-  programs.rtorrent = {
+    rtorrent = {
      enable = true;
      extraConfig = ''
        directory = /srv/raid
@ -162,8 +194,9 @@
        session = /home/lomig/.cache/rtorrent/session
      '';
    };
  };
  home.activation.createRtorrentSessionDir = lib.hm.dag.entryAfter ["writeBoundary"] ''
    mkdir -p ~/.cache/rtorrent/session
  '';
 }
--- a/hosts/forbann/configuration.nix
+++ b/hosts/forbann/configuration.nix
@ -1,24 +1,35 @@
-{ config, pkgs, ...}:
+{pkgs, ...}: {
-{
+  boot = {
-  boot.loader.grub = {
+    kernelPackages = pkgs.linuxPackages;
    initrd.supportedFilesystems = ["ext4"];
    loader.grub = {
      enable = true;
      device = "/dev/vda";
    };
  };
-  fileSystems."/" = {
+  fileSystems = {
    "/" = {
      device = "/dev/vda1";
      fsType = "ext4";
    };
-
+    "/srv" = {
  fileSystems."/srv" = {
      device = "shared0";
      fsType = "9p";
      options = ["trans=virtio" "version=9p2000.L" "rw"];
      neededForBoot = false;
      noCheck = true;
    };
  };
-  systemd.services.mountShared = {
+  networking = {
    useDHCP = true;
    useNetworkd = true;
    hostName = "forbann";
  };
  systemd = {
    services.mountShared = {
      description = "Mount 9p shared folder";
      after = ["local-fs.target" "network.target"];
      wantedBy = ["multi-user.target"];
@ -28,17 +39,7 @@
        RemainAfterExit = true;
      };
    };
-
+    network = {
  boot.kernelPackages = pkgs.linuxPackages ;
  boot.initrd.supportedFilesystems = [ "ext4" ];
  networking = {
    useDHCP = true;
    useNetworkd = true ;
    hostName = "forbann" ;
  };
  systemd.network = {
      enable = true;
      networks."10-eth0" = {
        matchConfig.Name = "eth0";
@ -49,13 +50,15 @@
        };
      };
    };
  };
-  services.openssh.enable = true ;
+  services = {
-
+    openssh.enable = true;
-  services.rtorrent = {
+    rtorrent = {
      enable = true;
      dataDir = "/home/vmuser/torrents";
    };
  };
  users.users.vmuser = {
    isNormalUser = true;
--- a/hosts/pennsardin/configuration.nix
+++ b/hosts/pennsardin/configuration.nix
@ -10,30 +10,27 @@
  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.swraid.enable = true;
-
+  fileSystems = {
-  fileSystems."/" =
+    "/" = {
-  { device = "/dev/disk/by-uuid/b1a1ae71-4277-45d5-a3d2-f49354f263d4";
+      device = "/dev/disk/by-uuid/b1a1ae71-4277-45d5-a3d2-f49354f263d4";
      fsType = "ext4";
    };
-
+    "/boot" = {
-  fileSystems."/boot" =
+      device = "/dev/disk/by-uuid/1DB2-7A0F";
  { device = "/dev/disk/by-uuid/1DB2-7A0F";
      fsType = "vfat";
      options = ["fmask=0077" "dmask=0077"];
    };
-
+    "/proc" = {
  fileSystems."/proc" = 
  {
      device = "proc";
      fsType = "proc";
      options = ["defaults" "hidepid=2"];
      neededForBoot = true;
    };
-
+    "/srv/raid" = {
-  fileSystems."/srv/raid" = 
+      device = "/dev/disk/by-uuid/85f72160-4720-463a-9dc6-7c5216733f2b";
  { device = "/dev/disk/by-uuid/85f72160-4720-463a-9dc6-7c5216733f2b";
      fsType = "btrfs";
    };
  };
  swapDevices = [];
@ -87,6 +84,5 @@
  system.stateVersion = "25.05"; # pour éviter les hurlements inutiles
 }
 # vim: set ts=2 sw=2 sts=2 et :
--- a/hosts/terre-neuvas/configuration.nix
+++ b/hosts/terre-neuvas/configuration.nix
@ -1,14 +1,14 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { config, pkgs, ... }:
 {
-  
+  config,
  pkgs,
  ...
 }: {
  nix.settings.experimental-features = ["nix-command" "flakes"];
-  imports =
+  imports = [
-    [ # Include the results of the hardware scan.
+    # Include the results of the hardware scan.
    ./hardware.nix
    ../../profiles/server-selfhosted.nix
    ../../modules/services/ftp.nix
--- a/hosts/terre-neuvas/hardware.nix
+++ b/hosts/terre-neuvas/hardware.nix
@ -1,46 +1,43 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
-  imports =
+  config,
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+  lib,
  modulesPath,
  ...
 }: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+  boot = {
-  boot.initrd.kernelModules = [ ];
+    initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
-  boot.kernelModules = lib.mkAfter [ "kvm-intel" "tun" ];
+    initrd.kernelModules = [];
-  boot.extraModulePackages = [ ];
+    kernelModules = lib.mkAfter ["kvm-intel" "tun"];
-
+    extraModulePackages = [];
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/f37e4afb-1ee2-4f70-a93c-398461405181";
      fsType = "ext4";
  };
-  fileSystems."/boot" =
+  fileSystems = {
-    { device = "/dev/disk/by-uuid/111D-E5E8";
+    "/" = {
      device = "/dev/disk/by-uuid/f37e4afb-1ee2-4f70-a93c-398461405181";
      fsType = "ext4";
    };
    "/boot" = {
      device = "/dev/disk/by-uuid/111D-E5E8";
      fsType = "vfat";
      options = ["fmask=0077" "dmask=0077"];
    };
-
+    "/srv" = {
-  fileSystems."/srv" = 
+      device = "/dev/disk/by-uuid/2ef442a9-0eab-4dc5-b17c-076e18a54873";
    { device = "/dev/disk/by-uuid/2ef442a9-0eab-4dc5-b17c-076e18a54873";
      fsType = "btrfs";
    };
  };
-  swapDevices =
+  swapDevices = [
-    [ { device = "/dev/disk/by-uuid/c3a69154-ead9-4fcc-a9b1-3b741a42ee97"; }
+    {device = "/dev/disk/by-uuid/c3a69154-ead9-4fcc-a9b1-3b741a42ee97";}
  ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  # networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/modules/common/qemu.nix
+++ b/modules/common/qemu.nix
@ -29,14 +29,13 @@
        ovmf.packages = [pkgs.OVMFFull.fd];
        runAsRoot = false;
        swtpm.enable = true;
-      } else {
+      }
      else {
        runAsRoot = false;
        swtpm.enable = true;
      };
  };
  users.users.lomig.extraGroups = ["libvirtd" "kvm" "input"];
  environment.etc."qemu/bridge.conf".text = ''
--- a/modules/desktop/xorg-bspwm.nix
+++ b/modules/desktop/xorg-bspwm.nix
@ -1,8 +1,4 @@
-{
+{lib, ...}: {
  config,
  lib,
  ...
 }: {
  services = {
    xserver = {
      enable = true;
--- a/modules/services/forgejo.nix
+++ b/modules/services/forgejo.nix
@ -1,6 +1,4 @@
-# NixOS module Forgejo avec SQLite, SSH et reverse proxy Caddy
+{pkgs, ...}: {
 { config, pkgs, lib, ... }: {
  # --- Utilisateur dédié ---
  users.users.git = {
    isSystemUser = true;
@ -11,7 +9,8 @@
  users.groups.git = {};
  # --- Forgejo ---
-  services.forgejo = {
+  services = {
    forgejo = {
      enable = true;
      user = "git";
      group = "git";
@ -37,16 +36,8 @@
        };
      };
    };
-
+    openssh.enable = true;
-  # --- Ouvrir les ports nécessaires ---
+    caddy = {
  networking.firewall.allowedTCPPorts = [ 80 443 2222 ];
  # --- Rediriger port SSH interne de Forgejo ---
  services.openssh.enable = true;
  networking.firewall.interfaces."eth0".allowedTCPPorts = [ 22 ]; # pour admin
  # --- Caddy pour govel.porzh.me ---
  services.caddy = {
      enable = true;
      virtualHosts."govel.porzh.me" = {
        extraConfig = ''
@ -54,7 +45,13 @@
        '';
      };
    };
  };
  # --- Ouvrir les ports nécessaires ---
  networking.firewall = {
    allowedTCPPorts = [80 443 2222];
    interfaces."eth0".allowedTCPPorts = [22];
  };
  # --- Pour que Forgejo génère les bonnes URLs Git ---
  #  networking.hostName = "git"; # non strictement obligatoire
@ -67,6 +64,4 @@
  # --- Astuce : génère une paire de clés pour l’accès SSH Git ---
  # ssh-keygen -t ed25519 -f ~/.ssh/id_git_forgejo
  # puis ajoute la clé publique dans ton compte Forgejo
 }
--- a/modules/services/ftp.nix
+++ b/modules/services/ftp.nix
@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }: {
+_: {
  # -------------------------------------------------
  # 1️⃣ Création de l’utilisateur système dédié FTP
  # -------------------------------------------------
@ -54,7 +54,6 @@ extraConfig = ''
      pasv_min_port=40000
      pasv_max_port=40004
    '';
  };
  # -------------------------------------------------
@ -66,4 +65,3 @@ extraConfig = ''
    # allowedTCPPorts = [ 21 990 40000 40001 40002 40003 40004 ];
  };
 }
--- a/modules/services/goaccess.nix
+++ b/modules/services/goaccess.nix
@ -32,6 +32,4 @@
      };
    };
  };
 }
--- a/modules/sites/levr.porzh.me.nix
+++ b/modules/sites/levr.porzh.me.nix
@ -1,5 +1,4 @@
-{ config, pkgs, ... }:
+_: {
 {
  # -----------------------------------------------------------------
  # 1️⃣ Caddy (reverse‑proxy / serveur web statique)
  # -----------------------------------------------------------------
--- a/modules/sites/porzh.me.nix
+++ b/modules/sites/porzh.me.nix
@ -1,6 +1,4 @@
-{ config, pkgs, ... }:
+{pkgs, ...}: let
 let
  porzhSite = pkgs.stdenv.mkDerivation {
    pname = "porzh-site";
    version = "1.0";
@ -25,4 +23,3 @@ in {
    };
  };
 }