DuN0z/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

CLEAN: nix develop

Browse source
This commit is contained in:
DuN0z 2025-10-05 08:20:57 +02:00
parent daeb15f821
commit c495445e91
22 changed files with 439 additions and 423 deletions
Download patch file Download diff file Expand all files Collapse all files

13
flake.nix
View file

@ -22,16 +22,17 @@
home-manager,
nur,
...
} @ inputs: let
mkUnstablePkgsWithNur = { system, config ? {} }:
}: let
mkUnstablePkgsWithNur = {
system,
config ? {},
}:
import nixpkgs-unstable {
inherit system;
overlays = [nur.overlays.default];
config = config ;
inherit config;
};
in
{
in {
nixosConfigurations = {
pennsardin = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";

6
hm/common/browser.nix
View file

@ -1,4 +1,8 @@
{pkgs, nur, ... }: {
{
pkgs,
nur,
...
}: {
programs.firefox = {
enable = true;
languagePacks = ["fr"];

97
hm/desktop/bspwm.nix
View file

@ -1,20 +1,42 @@
# hm/desktop/bspwm.nix
{ pkgs, lib, ... }:
{
pkgs,
lib,
...
}: {
imports = [
../common/browser.nix
];
home.packages = with pkgs; [
bspwm sxhkd xorg.xinit xterm alacritty rofi feh font-awesome
picom xorg.xset xidlehook betterlockscreen pywal16 imagemagick
pulsemixer ranger jq file highlight unzip mpv
bspwm
sxhkd
xorg.xinit
xterm
alacritty
rofi
feh
font-awesome
picom
xorg.xset
xidlehook
betterlockscreen
pywal16
imagemagick
pulsemixer
ranger
jq
file
highlight
unzip
mpv
protonvpn-gui
];
# Gère le ssh-agent proprement côté user
services.ssh-agent.enable = true;
xsession.enable = true;
xsession = {
enable = true;
xsession.windowManager.bspwm = {
enable = true;
@ -34,6 +56,7 @@
bspc monitor -d I II III IV V VI
'';
};
};
# xsession.initExtra = ''
# xset s 300 300
@ -43,7 +66,8 @@
# xset dpms 0 0 500
# '';
services.sxhkd = {
services = {
sxhkd = {
enable = true;
extraOptions = ["-m" "1"];
keybindings = {
@ -82,25 +106,7 @@
"super + t" = "bspc node -t tiled";
};
};
# xidlehook (user service)
systemd.user.services.xidlehook = {
Unit.Description = "Idle: lock at 5min, suspend at ~8min";
Service = {
ExecStart = ''
${pkgs.xidlehook}/bin/xidlehook \
--detect-sleep \
--not-when-fullscreen \
--timer 300 "${pkgs.betterlockscreen}/bin/betterlockscreen -l dim" "" \
--timer 500 "systemctl suspend" ""
'';
Restart = "always";
};
Install.WantedBy = [ "graphical-session.target" ];
};
# polybar (config intégrée pour démarrer simple)
services.polybar = {
polybar = {
enable = true;
script = "polybar main &";
config = {
@ -133,22 +139,48 @@
};
};
};
};
# alacritty
programs.alacritty = {
# xidlehook (user service)
systemd.user.services.xidlehook = {
Unit.Description = "Idle: lock at 5min, suspend at ~8min";
Service = {
ExecStart = ''
${pkgs.xidlehook}/bin/xidlehook \
--detect-sleep \
--not-when-fullscreen \
--timer 300 "${pkgs.betterlockscreen}/bin/betterlockscreen -l dim" "" \
--timer 500 "systemctl suspend" ""
'';
Restart = "always";
};
Install.WantedBy = ["graphical-session.target"];
};
programs = {
alacritty = {
enable = true;
settings = {
general.import = ["~/.cache/wal/colors-alacritty.toml"];
font = {
normal = { family = lib.mkForce "Iosevka Nerd Font"; style = "Regular"; };
bold = { family = lib.mkForce "Iosevka Nerd Font"; style = "Bold"; };
italic = { family = lib.mkForce "Iosevka Nerd Font"; style = "Italic"; };
normal = {
family = lib.mkForce "Iosevka Nerd Font";
style = "Regular";
};
bold = {
family = lib.mkForce "Iosevka Nerd Font";
style = "Bold";
};
italic = {
family = lib.mkForce "Iosevka Nerd Font";
style = "Italic";
};
size = lib.mkForce 9;
};
};
};
programs.rtorrent = {
rtorrent = {
enable = true;
extraConfig = ''
directory = /srv/raid
@ -162,8 +194,9 @@
session = /home/lomig/.cache/rtorrent/session
'';
};
};
home.activation.createRtorrentSessionDir = lib.hm.dag.entryAfter ["writeBoundary"] ''
mkdir -p ~/.cache/rtorrent/session
'';
}

45
hosts/forbann/configuration.nix
View file

@ -1,24 +1,35 @@
{ config, pkgs, ...}:
{
boot.loader.grub = {
{pkgs, ...}: {
boot = {
kernelPackages = pkgs.linuxPackages;
initrd.supportedFilesystems = ["ext4"];
loader.grub = {
enable = true;
device = "/dev/vda";
};
};
fileSystems."/" = {
fileSystems = {
"/" = {
device = "/dev/vda1";
fsType = "ext4";
};
fileSystems."/srv" = {
"/srv" = {
device = "shared0";
fsType = "9p";
options = ["trans=virtio" "version=9p2000.L" "rw"];
neededForBoot = false;
noCheck = true;
};
};
systemd.services.mountShared = {
networking = {
useDHCP = true;
useNetworkd = true;
hostName = "forbann";
};
systemd = {
services.mountShared = {
description = "Mount 9p shared folder";
after = ["local-fs.target" "network.target"];
wantedBy = ["multi-user.target"];
@ -28,17 +39,7 @@
RemainAfterExit = true;
};
};
boot.kernelPackages = pkgs.linuxPackages ;
boot.initrd.supportedFilesystems = [ "ext4" ];
networking = {
useDHCP = true;
useNetworkd = true ;
hostName = "forbann" ;
};
systemd.network = {
network = {
enable = true;
networks."10-eth0" = {
matchConfig.Name = "eth0";
@ -49,13 +50,15 @@
};
};
};
};
services.openssh.enable = true ;
services.rtorrent = {
services = {
openssh.enable = true;
rtorrent = {
enable = true;
dataDir = "/home/vmuser/torrents";
};
};
users.users.vmuser = {
isNormalUser = true;

22
hosts/pennsardin/configuration.nix
View file

@ -10,30 +10,27 @@
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.swraid.enable = true;
fileSystems."/" =
{ device = "/dev/disk/by-uuid/b1a1ae71-4277-45d5-a3d2-f49354f263d4";
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/b1a1ae71-4277-45d5-a3d2-f49354f263d4";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/1DB2-7A0F";
"/boot" = {
device = "/dev/disk/by-uuid/1DB2-7A0F";
fsType = "vfat";
options = ["fmask=0077" "dmask=0077"];
};
fileSystems."/proc" =
{
"/proc" = {
device = "proc";
fsType = "proc";
options = ["defaults" "hidepid=2"];
neededForBoot = true;
};
fileSystems."/srv/raid" =
{ device = "/dev/disk/by-uuid/85f72160-4720-463a-9dc6-7c5216733f2b";
"/srv/raid" = {
device = "/dev/disk/by-uuid/85f72160-4720-463a-9dc6-7c5216733f2b";
fsType = "btrfs";
};
};
swapDevices = [];
@ -87,6 +84,5 @@
system.stateVersion = "25.05"; # pour éviter les hurlements inutiles
}
# vim: set ts=2 sw=2 sts=2 et :

12
hosts/terre-neuvas/configuration.nix
View file

@ -1,14 +1,14 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
nix.settings.experimental-features = ["nix-command" "flakes"];
imports =
[ # Include the results of the hardware scan.
imports = [
# Include the results of the hardware scan.
./hardware.nix
../../profiles/server-selfhosted.nix
../../modules/services/ftp.nix

51
hosts/terre-neuvas/hardware.nix
View file

@ -1,46 +1,43 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
config,
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = lib.mkAfter [ "kvm-intel" "tun" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/f37e4afb-1ee2-4f70-a93c-398461405181";
fsType = "ext4";
boot = {
initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
initrd.kernelModules = [];
kernelModules = lib.mkAfter ["kvm-intel" "tun"];
extraModulePackages = [];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/111D-E5E8";
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/f37e4afb-1ee2-4f70-a93c-398461405181";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/111D-E5E8";
fsType = "vfat";
options = ["fmask=0077" "dmask=0077"];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-uuid/2ef442a9-0eab-4dc5-b17c-076e18a54873";
"/srv" = {
device = "/dev/disk/by-uuid/2ef442a9-0eab-4dc5-b17c-076e18a54873";
fsType = "btrfs";
};
};
swapDevices =
[ { device = "/dev/disk/by-uuid/c3a69154-ead9-4fcc-a9b1-3b741a42ee97"; }
swapDevices = [
{device = "/dev/disk/by-uuid/c3a69154-ead9-4fcc-a9b1-3b741a42ee97";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

5
modules/common/qemu.nix
View file

@ -29,14 +29,13 @@
ovmf.packages = [pkgs.OVMFFull.fd];
runAsRoot = false;
swtpm.enable = true;
} else {
}
else {
runAsRoot = false;
swtpm.enable = true;
};
};
users.users.lomig.extraGroups = ["libvirtd" "kvm" "input"];
environment.etc."qemu/bridge.conf".text = ''

6
modules/desktop/xorg-bspwm.nix
View file

@ -1,8 +1,4 @@
{
config,
lib,
...
}: {
{lib, ...}: {
services = {
xserver = {
enable = true;

27
modules/services/forgejo.nix
View file

@ -1,6 +1,4 @@
# NixOS module Forgejo avec SQLite, SSH et reverse proxy Caddy
{ config, pkgs, lib, ... }: {
{pkgs, ...}: {
# --- Utilisateur dédié ---
users.users.git = {
isSystemUser = true;
@ -11,7 +9,8 @@
users.groups.git = {};
# --- Forgejo ---
services.forgejo = {
services = {
forgejo = {
enable = true;
user = "git";
group = "git";
@ -37,16 +36,8 @@
};
};
};
# --- Ouvrir les ports nécessaires ---
networking.firewall.allowedTCPPorts = [ 80 443 2222 ];
# --- Rediriger port SSH interne de Forgejo ---
services.openssh.enable = true;
networking.firewall.interfaces."eth0".allowedTCPPorts = [ 22 ]; # pour admin
# --- Caddy pour govel.porzh.me ---
services.caddy = {
openssh.enable = true;
caddy = {
enable = true;
virtualHosts."govel.porzh.me" = {
extraConfig = ''
@ -54,7 +45,13 @@
'';
};
};
};
# --- Ouvrir les ports nécessaires ---
networking.firewall = {
allowedTCPPorts = [80 443 2222];
interfaces."eth0".allowedTCPPorts = [22];
};
# --- Pour que Forgejo génère les bonnes URLs Git ---
# networking.hostName = "git"; # non strictement obligatoire
@ -67,6 +64,4 @@
# --- Astuce : génère une paire de clés pour laccès SSH Git ---
# ssh-keygen -t ed25519 -f ~/.ssh/id_git_forgejo
# puis ajoute la clé publique dans ton compte Forgejo
}

4
modules/services/ftp.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: {
_: {
# -------------------------------------------------
# 1⃣ Création de lutilisateur système dédié FTP
# -------------------------------------------------
@ -54,7 +54,6 @@ extraConfig = ''
pasv_min_port=40000
pasv_max_port=40004
'';
};
# -------------------------------------------------
@ -66,4 +65,3 @@ extraConfig = ''
# allowedTCPPorts = [ 21 990 40000 40001 40002 40003 40004 ];
};
}

2
modules/services/goaccess.nix
View file

@ -32,6 +32,4 @@
};
};
};
}

3
modules/sites/levr.porzh.me.nix
View file

@ -1,5 +1,4 @@
{ config, pkgs, ... }:
{
_: {
# -----------------------------------------------------------------
# 1⃣ Caddy (reverseproxy / serveur web statique)
# -----------------------------------------------------------------

5
modules/sites/porzh.me.nix
View file

@ -1,6 +1,4 @@
{ config, pkgs, ... }:
let
{pkgs, ...}: let
porzhSite = pkgs.stdenv.mkDerivation {
pname = "porzh-site";
version = "1.0";
@ -25,4 +23,3 @@ in {
};
};
}