diff --git a/apps/browser.nix b/apps/browser.nix deleted file mode 100644 index a97a7b9..0000000 --- a/apps/browser.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, pkgs, ... }: -{ - programs.firefox = { - enable = true ; - languagePacks = [ "fr" ] ; - }; -} - -# vim: set ts=2 sw=2 sts=2 et : diff --git a/apps/gitea.nix b/apps/gitea.nix deleted file mode 100644 index 14b881f..0000000 --- a/apps/gitea.nix +++ /dev/null @@ -1,93 +0,0 @@ -{ config, pkgs, ... }: - -let - domain = "git.lomig.me"; # <-- mets ton domaine - giteaHttpPort = 3000; # port local de Gitea -in { - ######################################## - # Base système - ######################################## - networking.firewall.allowedTCPPorts = [ 80 443 22 ]; # HTTP(S) + SSH (22) - services.openssh.enable = true; # si tu veux aussi OpenSSH pour le reste - - ######################################## - # Base de données Postgres - ######################################## - services.postgresql = { - enable = true; - ensureDatabases = [ "gitea" ]; - ensureUsers = [ - { name = "gitea"; - ensureDBOwnership = true; - } - ]; - }; - - ######################################## - # Gitea - ######################################## - services.gitea = { - enable = true; - appName = "Gitea"; - user = "gitea"; # user système service - database = { - type = "postgres"; - user = "gitea"; - name = "gitea"; - host = "127.0.0.1"; - }; - - # Répertoire de données (par défaut: /var/lib/gitea) - stateDir = "/var/lib/gitea"; - - # Réglages gitea.ini - settings = { - server = { - PROTOCOL = "http"; - HTTP_ADDR = "127.0.0.1"; - HTTP_PORT = giteaHttpPort; - DOMAIN = domain; - ROOT_URL = "https://${domain}/"; - SSH_DOMAIN = domain; - - # SSH intégré par Gitea (pratique : pas besoin de configurer un port séparé) - START_SSH_SERVER = true; - SSH_LISTEN_PORT = 2222; # port interne Gitea - SSH_PORT = 22; # port public affiché dans les URLs clone - }; - - service = { - DISABLE_REGISTRATION = true; # tu créeras les comptes toi‑même - REQUIRE_SIGNIN_VIEW = false; - REGISTER_EMAIL_CONFIRM = true; - }; - - # SMTP (remplace par ton vrai relais) - - log = { - MODE = "console"; - LEVEL = "Info"; - }; - }; - - # Création d'un admin au premier démarrage (facultatif mais pratique) - # Remplace le mot de passe et l’email : - # L'utilisateur est créé si inexistant. - }; - - ######################################## - # Caddy reverse proxy + TLS - ######################################## - services.caddy = { - enable = true; - virtualHosts."${domain}".extraConfig = '' - encode zstd gzip - reverse_proxy 127.0.0.1:${toString giteaHttpPort} - ''; - # Par défaut, Caddy va récupérer un certificat Let's Encrypt pour le domaine public - # Si domaine local sans DNS public, ajoute `tls internal` dans extraConfig. - }; - -} - -# vim: set ts=2 sw=2 sts=2 et : diff --git a/apps/qemu.nix b/apps/qemu.nix deleted file mode 100644 index 160b76f..0000000 --- a/apps/qemu.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ config, pkgs, ... }: -{ - boot.kernelModules = [ "tun" ]; - - environment.systemPackages = with pkgs; [ - qemu_kvm - ]; - services.spice-vdagentd.enable = true; - virtualisation.libvirtd = { - enable = true ; - qemu = { - swtpm.enable = true ; - ovmf.enable = true ; - ovmf.packages = [ pkgs.OVMFFull.fd ]; - runAsRoot = false ; - }; - }; - - users.users.lomig.extraGroups = [ "libvirtd" "kvm" "input" ]; - networking.firewall.allowedTCPPorts = [ 5900 5901 5902 ] ; - networking.useNetworkd = true ; - networking.useDHCP = false ; - services.resolved.enable = true ; - networking.bridges.br0.interfaces = [ "enp11s0" ]; - - systemd.network.networks."10-br0" = { - matchConfig.Name = "br0"; - networkConfig.DHCP = "yes" ; - }; - -# security.wrappers.qemu-bridge-helper = { -# source = "${pkgs.qemu_kvm}/libexec/qemu-bridge-helper"; -# owner = "root"; -# group = "root"; -# setuid = true ; -# permissions = "u+xs,g+x,o-x"; -# }; - - environment.etc."qemu/bridge.conf".text = '' - allow br0 - ''; -} -# vim: set ts=2 sw=2 sts=2 et : diff --git a/apps/template.nix b/apps/template.nix deleted file mode 100644 index 114e6db..0000000 --- a/apps/template.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ config, pkgs, ... }: -{ - -} - -# vim: set ts=2 sw=2 sts=2 et : diff --git a/apps/truenas.nix b/apps/truenas.nix deleted file mode 100644 index 3466169..0000000 --- a/apps/truenas.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ config, pkgs, ... }: -{ - boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ]; - boot.extraModprobeConfig = '' - options vfio-pci ids=1022:43f6 - ''; - boot.kernelParams = [ - "amd_iommu=on" - "iommu=pt" - ]; - users.users.lomig.extraGroups = [ "disk" ]; - security.pam.loginLimits = [ - { domain="lomig"; type="soft"; item="memlock"; value="infinity"; } - { domain="lomig"; type="hard"; item="memlock"; value="infinity"; } - ]; - boot.kernel.sysctl."vm.nr_hugepages" = 1024; - fileSystems."/dev/hugepages" = { device="hugetlbfs"; fsType="hugetlbfs"; }; - -# services.udev.extraRules = '' -# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500b0179482", GROUP="disk", MODE="0660" -# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc529430", GROUP="disk", MODE="0660" -# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc53994a", GROUP="disk", MODE="0660" -# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc5551d4", GROUP="disk", MODE="0660" -# SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660" -# ''; - - systemd.services.truenas-vm = { - wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" ]; - wants = [ "network-online.target" ]; - serviceConfig = { - RuntimeDirectory = "truenas" ; - ExecStartPre = "/run/current-system/sw/bin/rm -f /run/truenas/qmp.sock"; - ExecStart = '' - /run/current-system/sw/bin/qemu-system-x86_64 -enable-kvm -m 4096 -smp 2 \ - -drive file=/home/lomig/vm/truenas.qcow2,if=none,format=qcow2,id=os \ - -device vfio-pci,host=0e:00.0 \ - -netdev bridge,br=br0,id=n1,helper=/run/wrappers/bin/qemu-bridge-helper \ - -device virtio-net-pci,netdev=n1,mac=52:54:00:00:01:02 \ - -device virtio-blk-pci,drive=os,bootindex=0 \ - -qmp unix:/run/truenas.qmp,server,nowait -display none - ''; - ExecStop = '' - echo '{"execute":"system_powerdown"}' | socat - UNIX-CONNECT:/run/truenas.qmp || true ; sleep 5 - ''; - Restart = "on-failure"; - RestartSec = 3 ; - StartLimitIntervalSec = 60 ; - StartLimitBurst = 5 ; - }; - }; - - systemd.services.resume-truenas-vm = { - description = "Restart Truenas VM after resume" ; - wantedBy = [ "sleep.target" ]; - after = [ "sleep.target" ]; - serviceConfig = { - Type = "oneshot" ; - ExecStart = "${pkgs.systemd}/bin/systemctl try-restart truenas-vm.service"; - }; - }; -} - -# vim: set ts=2 sw=2 sts=2 et : diff --git a/apps/zsh.nix b/apps/zsh.nix deleted file mode 100644 index 70fafb4..0000000 --- a/apps/zsh.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, pkgs, ... }: -{ - programs.dircolors.enableZshIntegration = true ; - programs.zsh = { - autosuggestion.enable = true ; - dirHashes = { - dl = "$HOME/Téléchargements" ; - nix = "$HOME/nixos-config" ; - }; - enable = true ; - enableCompletion = true ; - history = { - append = true ; - extended = true ; - findNoDups = true ; - ignoreAllDups = true ; - ignoreSpace = true ; - ignorePatterns = [ "rm *" "cd *" "ls *" "df *" "du *" "fastfetch" "tree" "pwd" "upd" ] ; - saveNoDups = false ; - }; - shellAliases = { - h = "history" ; - upd = "sudo nixos-rebuild switch --flake $HOME/nixos-config#pennsardin; source ~/.zshrc" ; - }; - shellGlobalAliases = { - G = "| grep"; - M = "| more"; - }; - syntaxHighlighting.enable = true ; - }; -} - -# vim: set ts=2 sw=2 sts=2 et : diff --git a/devshell.nix b/devshell.nix new file mode 100644 index 0000000..ef9e633 --- /dev/null +++ b/devshell.nix @@ -0,0 +1,15 @@ +{pkgs}: +pkgs.mkShell { + buildInputs = with pkgs; [ + alejandra # formatteur nix officiel (rapide) + statix # linting pour repérer mauvaises pratiques + deadnix # détecte le code mort / imports inutiles + ]; + + shellHook = '' + echo "Tools dispo :" + echo " alejandra . # formate tout ton Nix" + echo " statix check # lint" + echo " deadnix . # cherche le code mort" + ''; +} diff --git a/flake.lock b/flake.lock index d978711..fedbac9 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1756579987, - "narHash": "sha256-duCce8zGsaMsrqqOmLOsuaV1PVIw/vXWnKuLKZClsGg=", + "lastModified": 1756903364, + "narHash": "sha256-vZh/YH2D7oDFek10r0TbGn3qJrqGv69sSP+oF8PFDqQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "99a69bdf8a3c6bf038c4121e9c4b6e99706a187a", + "rev": "6159629d05a0e92bb7fb7211e74106ae1d552401", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1756578978, - "narHash": "sha256-dLgwMLIMyHlSeIDsoT2OcZBkuruIbjhIAv1sGANwtes=", + "lastModified": 1756892917, + "narHash": "sha256-hVsGRW6M3Rd2xSlKowNREyVHXCUbxHoktu1ujgxT4x8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a85a50bef870537a9705f64ed75e54d1f4bf9c23", + "rev": "3f29c71a26f20c830b3708d02bfa62fb1890354a", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index c6d8089..2d0f6d0 100644 --- a/flake.nix +++ b/flake.nix @@ -9,32 +9,28 @@ }; }; - outputs = { self, nixpkgs, home-manager, ... }: - let - system = "x86_64-linux"; - pkgs = import nixpkgs { - inherit system; - config.allowUnfree = true; - }; - - in { - nixosConfigurations = { - pennsardin = nixpkgs.lib.nixosSystem { - inherit system; - - modules = [ - ./hosts/pennsardin/configuration.nix - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true ; -# home-manager.useUserPackages = true; - - home-manager.users.lomig = import ./user/lomig.nix ; - } - ]; - }; + outputs = { + nixpkgs, + home-manager, + ... + }: { + # --- Host NixOS (x86_64) --- + nixosConfigurations.pennsardin = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./hosts/pennsardin/configuration.nix + home-manager.nixosModules.home-manager + # L'utilisateur HM est déclaré dans hosts/pennsardin/configuration.nix + ]; }; + + # --- DevShell (x86_64 uniquement) --- + devShells.x86_64-linux.default = import ./devshell.nix { + pkgs = import nixpkgs {system = "x86_64-linux";}; + }; + + # --- Formatter (x86_64 uniquement) --- + formatter.x86_64-linux = + (import nixpkgs {system = "x86_64-linux";}).alejandra; }; } - -# vim: set ts=2 sw=2 sts=2 et : diff --git a/hm/apps/gitea.nix b/hm/apps/gitea.nix new file mode 100644 index 0000000..cf5196b --- /dev/null +++ b/hm/apps/gitea.nix @@ -0,0 +1,93 @@ +_: let + domain = "git.lomig.me"; # <-- mets ton domaine + giteaHttpPort = 3000; # port local de Gitea +in { + ######################################## + # Base système + ######################################## + networking.firewall.allowedTCPPorts = [80 443 22]; # HTTP(S) + SSH (22) + services = { + openssh.enable = true; # si tu veux aussi OpenSSH pour le reste + + ######################################## + # Base de données Postgres + ######################################## + postgresql = { + enable = true; + ensureDatabases = ["gitea"]; + ensureUsers = [ + { + name = "gitea"; + ensureDBOwnership = true; + } + ]; + }; + + ######################################## + # Gitea + ######################################## + gitea = { + enable = true; + appName = "Gitea"; + user = "gitea"; # user système service + database = { + type = "postgres"; + user = "gitea"; + name = "gitea"; + host = "127.0.0.1"; + }; + }; + + # Répertoire de données (par défaut: /var/lib/gitea) + stateDir = "/var/lib/gitea"; + + # Réglages gitea.ini + settings = { + server = { + PROTOCOL = "http"; + HTTP_ADDR = "127.0.0.1"; + HTTP_PORT = giteaHttpPort; + DOMAIN = domain; + ROOT_URL = "https://${domain}/"; + SSH_DOMAIN = domain; + + # SSH intégré par Gitea (pratique : pas besoin de configurer un port séparé) + START_SSH_SERVER = true; + SSH_LISTEN_PORT = 2222; # port interne Gitea + SSH_PORT = 22; # port public affiché dans les URLs clone + }; + + service = { + DISABLE_REGISTRATION = true; # tu créeras les comptes toi‑même + REQUIRE_SIGNIN_VIEW = false; + REGISTER_EMAIL_CONFIRM = true; + }; + + # SMTP (remplace par ton vrai relais) + + log = { + MODE = "console"; + LEVEL = "Info"; + }; + }; + + # Création d'un admin au premier démarrage (facultatif mais pratique) + # Remplace le mot de passe et l’email : + # L'utilisateur est créé si inexistant. + }; + + ######################################## + # Caddy reverse proxy + TLS + ######################################## + services.caddy = { + enable = true; + virtualHosts."${domain}".extraConfig = '' + encode zstd gzip + reverse_proxy 127.0.0.1:${toString giteaHttpPort} + ''; + # Par défaut, Caddy va récupérer un certificat Let's Encrypt pour le domaine public + # Si domaine local sans DNS public, ajoute `tls internal` dans extraConfig. + }; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/hm/common/browser.nix b/hm/common/browser.nix new file mode 100644 index 0000000..1d623f1 --- /dev/null +++ b/hm/common/browser.nix @@ -0,0 +1,12 @@ +_: { + programs.firefox = { + enable = true; + languagePacks = ["fr"]; + }; + programs.floorp = { + enable = true; + languagePacks = ["fr"]; + }; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/hm/common/colours.nix b/hm/common/colours.nix new file mode 100644 index 0000000..eed7124 --- /dev/null +++ b/hm/common/colours.nix @@ -0,0 +1 @@ +_: {} diff --git a/hm/common/nvim.nix b/hm/common/nvim.nix new file mode 100644 index 0000000..3d119e0 --- /dev/null +++ b/hm/common/nvim.nix @@ -0,0 +1,123 @@ +{pkgs, ...}: { + programs.neovim = { + enable = true; + withNodeJs = true; + withPython3 = true; + + defaultEditor = true; + viAlias = true; + vimAlias = true; + + coc.enable = true; + + plugins = with pkgs.vimPlugins; [ + goyo-vim + nerdtree + limelight-vim + ]; + + extraConfig = '' + set number + set relativenumber + set scrolloff=4 + set signcolumn=yes + + set mouse=a + set clipboard=unnamedplus + + set ignorecase + set smartcase + set incsearch + + set tabstop=2 + set shiftwidth=2 + set expandtab + + set splitright + set splitbelow + set termguicolors + set updatetime=300 + + set undofile + + let mapleader = " " + + colorscheme retrobox + syntax enable + + nnoremap :Goyo + inoremap :Goyo + + let g:goyo_width = 100 + + command! Q qall! + + " --- Fichiers d’état : swap / backup / undo --- + let s:state = has('unix') ? $HOME . '/.local/state/nvim' : $HOME . '/nvim-state' + + " Crée les dossiers si besoin (silencieusement) + silent! call mkdir(s:state . '/swap', 'p') + silent! call mkdir(s:state . '/backup', 'p') + silent! call mkdir(s:state . '/undo', 'p') + + augroup MdNoSuggest + autocmd! + autocmd FileType markdown let b:coc_suggest_disable = 1 | let b:coc_diagnostic_disable = 1 + augroup END + + " Goyo : pas de coupure de mots + Limelight auto + autocmd User GoyoEnter + \ let w:_wrap=&l:wrap | let w:_tw=&l:textwidth | let w:_fo=&l:formatoptions | + \ setlocal wrap linebreak nolist textwidth=0 | + \ setlocal formatoptions-=t formatoptions-=c formatoptions-=r formatoptions-=o formatoptions-=l | + \ Limelight + + autocmd User GoyoLeave + \ if exists('w:_wrap') | let &l:wrap=w:_wrap | unlet w:_wrap | endif | + \ if exists('w:_tw') | let &l:textwidth=w:_tw | unlet w:_tw | endif | + \ if exists('w:_fo') | let &l:formatoptions=w:_fo | unlet w:_fo | endif | + \ Limelight! + + " Swap files (fichiers d’échange) + set directory^=~/.local/state/nvim/swap// + + " Backups (copie avant écriture) – optionnel mais utile + set backup + set writebackup + set backupdir=~/.local/state/nvim/backup// + + " Undo persistant (♥ pour la rédaction) + set undofile + set undodir=~/.local/state/nvim/undo// + + " --- Résolution auto des conflits de swap --- + augroup ResolveSwap + autocmd! + " Si un swap existe quand on ouvre un fichier… + autocmd SwapExists * call s:ResolveSwap(v:swapname, expand('')) + augroup END + + function! s:ResolveSwap(swapname, filename) abort + " Si le fichier sur disque est plus récent que le swap -> on édite quand même (e) + if getftime(a:filename) > getftime(a:swapname) + let v:swapchoice = 'e' " edit anyway (ignore le swap) + else + " Sinon, ouvre en lecture seule par prudence (o). + " Tu pourras décider ensuite (écraser, récupérer, diff). + let v:swapchoice = 'o' + endif + endfunction + + " Rendre les messages de swap moins dramatiques + set shortmess+=A + ''; + + extraPackages = with pkgs; [ + ripgrep + fd + xclip + ]; + }; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/hm/common/zsh.nix b/hm/common/zsh.nix new file mode 100644 index 0000000..504140b --- /dev/null +++ b/hm/common/zsh.nix @@ -0,0 +1,32 @@ +_: { + programs.dircolors.enableZshIntegration = true; + programs.zsh = { + autosuggestion.enable = true; + dirHashes = { + dl = "$HOME/Téléchargements"; + nix = "$HOME/nixos-config"; + }; + enable = true; + enableCompletion = true; + history = { + append = true; + extended = true; + findNoDups = true; + ignoreAllDups = true; + ignoreSpace = true; + ignorePatterns = ["rm *" "cd *" "ls *" "df *" "du *" "fastfetch" "tree" "pwd" "upd"]; + saveNoDups = false; + }; + shellAliases = { + h = "history"; + upd = "sudo nixos-rebuild switch --flake $HOME/nixos-config#pennsardin; source ~/.zshrc"; + }; + shellGlobalAliases = { + G = "| grep"; + M = "| more"; + }; + syntaxHighlighting.enable = true; + }; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/hm/desktop/bspwm.nix b/hm/desktop/bspwm.nix new file mode 100644 index 0000000..2cdfe8a --- /dev/null +++ b/hm/desktop/bspwm.nix @@ -0,0 +1,150 @@ +# hm/desktop/bspwm.nix +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + bspwm sxhkd xorg.xinit xterm alacritty rofi feh font-awesome + picom xorg.xset xidlehook betterlockscreen pywal16 imagemagick + pulsemixer ranger jq file highlight unzip + ]; + + # Gère le ssh-agent proprement côté user + services.ssh-agent.enable = true; + + xsession.enable = true; + xsession.windowManager.bspwm = { + enable = true; + + # Démarrages au login X + startupPrograms = [ + "sxhkd -m 1" + "setxkbmap bepovim" + "xrandr --output DisplayPort-1 --rate 60 --pos 0x0" + "while pgrep -x polybar >/dev/null; do sleep 0.2; done; polybar main" + # fond d’écran (feh) + "bash ~/.fehbg" + ]; + + extraConfig = '' + bspc config borderless_monocle true + bspc config gapless_monocle true + bspc config single_monocle true + bspc monitor -d I II III IV V VI + ''; + }; + + # Réglages X (corrigé : c'était 'xsession s noblank' -> 'xset s noblank') + xsession.initExtra = '' + xset s 300 300 + xset s on + xset s noblank + xset +dpms + xset dpms 0 0 500 + ''; + + # sxhkd + services.sxhkd = { + enable = true; + extraOptions = [ "-m" "1" ]; + keybindings = { + "super + Return" = "alacritty"; + "super + c" = "bspc node -c"; + "Menu" = "rofi -show drun"; + "super + space" = "rofi -show drun"; + + "F1" = "bspc desktop -f ^1"; + "F2" = "bspc desktop -f ^2"; + "F3" = "bspc desktop -f ^3"; + "F4" = "bspc desktop -f ^4"; + "F5" = "bspc desktop -f ^5"; + "F6" = "bspc desktop -f ^6"; + + "shift + F1" = "bspc node -d ^1 --follow"; + "shift + F2" = "bspc node -d ^2 --follow"; + "shift + F3" = "bspc node -d ^3 --follow"; + "shift + F4" = "bspc node -d ^4 --follow"; + "shift + F5" = "bspc node -d ^5 --follow"; + "shift + F6" = "bspc node -d ^6 --follow"; + + "super + h" = "bspc node -f west"; + "super + j" = "bspc node -f south"; + "super + k" = "bspc node -f north"; + "super + l" = "bspc node -f east"; + + "super + shift + h" = "bspc node -s west"; + "super + shift + j" = "bspc node -s south"; + "super + shift + k" = "bspc node -s north"; + "super + shift + l" = "bspc node -s east"; + + "super + f" = "bspc node -t fullscreen"; + "super + s" = "bspc node -t floating"; + "super + shift + t" = "bspc node -t pseudo_tiled"; + "super + t" = "bspc node -t tiled"; + }; + }; + + # xidlehook (user service) + systemd.user.services.xidlehook = { + Unit.Description = "Idle: lock at 5min, suspend at ~8min"; + Service = { + ExecStart = '' + ${pkgs.xidlehook}/bin/xidlehook \ + --detect-sleep \ + --not-when-fullscreen \ + --timer 300 "${pkgs.betterlockscreen}/bin/betterlockscreen -l dim" "" \ + --timer 500 "systemctl suspend" "" + ''; + Restart = "always"; + }; + Install.WantedBy = [ "graphical-session.target" ]; + }; + + # polybar (config intégrée pour démarrer simple) + services.polybar = { + enable = true; + script = "polybar main &"; + config = { + "bar/main" = { + width = "100%"; + height = "28"; + font-1 = "Font Awesome 6 Free:style=Solid:pixelsize=10;2"; + modules-left = "bspwm"; + modules-center = "date"; + modules-right = "pulseaudio memory cpu"; + }; + "module/bspwm" = { + type = "internal/bspwm"; + label-focused = "%name%"; + label-focused-foreground = "#e6e0de"; + label-focused-padding = 2; + label-occupied = "%name%"; + label-occupied-padding = 2; + label-urgent = "%name%"; + label-urgent-background = "#e42127"; + label-urgent-foreground = "#ffffff"; + label-empty = "%name%"; + label-empty-foreground = "#645d56"; + label-empty-padding = 2; + }; + "module/date" = { + type = "internal/date"; + interval = 60; + date = "%d-%m-%Y %H:%M"; + }; + }; + }; + + # alacritty + programs.alacritty = { + enable = true; + settings = { + general.import = [ "~/.cache/wal/colors-alacritty.toml" ]; + font = { + normal = { family = "Iosevka Nerd Font"; style = "Regular"; }; + bold = { family = "Iosevka Nerd Font"; style = "Bold"; }; + italic = { family = "Iosevka Nerd Font"; style = "Italic"; }; + size = 9; + }; + }; + }; +} + diff --git a/apps/picom.nix b/hm/desktop/common/picom.nix similarity index 84% rename from apps/picom.nix rename to hm/desktop/common/picom.nix index d7b9c23..8f21aa2 100644 --- a/apps/picom.nix +++ b/hm/desktop/common/picom.nix @@ -1,19 +1,18 @@ -{ config, pkgs, ... }: -{ +_: { services.picom = { enable = true; backend = "glx"; # plus fluide si ta carte gère bien OpenGL fade = true; - fadeDelta = 5; # vitesse fondu + fadeDelta = 5; # vitesse fondu shadow = true; shadowOpacity = 0.5; - vSync = true; # évite le tearing + vSync = true; # évite le tearing settings = { # Transparence inactive-opacity = 0.80; - active-opacity = 0.9; - frame-opacity = 0.90; + active-opacity = 0.9; + frame-opacity = 0.90; inactive-opacity-override = false; # Coins arrondis @@ -33,7 +32,7 @@ blur-background-exclude = [ "class_g = 'Polybar'" "class_g = 'Rofi'" - "class_g = 'Gimp'" + "class_g = 'Gimp'" "window_type = 'dock'" ]; @@ -47,5 +46,5 @@ }; }; } - # vim: set ts=2 sw=2 sts=2 et : + diff --git a/hm/users/lomig.nix b/hm/users/lomig.nix new file mode 100644 index 0000000..39f069b --- /dev/null +++ b/hm/users/lomig.nix @@ -0,0 +1,25 @@ +{pkgs, ...}: { + imports = [ + ../../hm/common/browser.nix + ../common/nvim.nix + ../../hm/common/zsh.nix + ../desktop/bspwm.nix + ]; + home.stateVersion = "25.05"; # ou ton actuelle + home = { + username = "lomig"; + homeDirectory = "/home/lomig"; + packages = with pkgs; [ + bat + fastfetch + nerd-fonts.iosevka + obsidian + smug + telegram-desktop + tree + ]; + }; + programs.zsh.enable = true; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/hosts/pennsardin/bepovim.nix b/hosts/pennsardin/bepovim.nix deleted file mode 100644 index 6b02e67..0000000 --- a/hosts/pennsardin/bepovim.nix +++ /dev/null @@ -1,98 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - services.xserver.xkb.extraLayouts.bepovim = { - description = "Clavier Bepovim – 4 niveaux"; - languages = [ "fr" ]; - symbolsFile = builtins.toFile "bepovim.xkb" '' - xkb_symbols "basic" { - name[Group1] = "Bepovim"; - - key { [ Escape ] }; - key { [ dollar, numbersign ] }; - key { [ less, 1, guillemotleft ] }; - key { [ greater, 2, guillemotright ] }; - key { [ parenleft, 3, bracketleft ] }; - key { [ parenright, 4, bracketright ] }; - key { [ at, 5, braceleft ] }; - key { [ plus, 6, braceright ] }; - key { [ minus, 7, asciitilde ] }; - key { [ asterisk, 8 ] }; - key { [ slash, 9, backslash ] }; - key { [ quotedbl, 0, percent ] }; - key { [ equal, ampersand ] }; - key { [ BackSpace ] }; - key { [ Tab, ISO_Left_Tab ] }; - - key { [ b, B ] }; - key { [ eacute, Eacute ] }; - key { [ p, P ] }; - key { [ o, O ] }; - key { [ r, R ] }; - key { [ dead_circumflex, grave ] }; - key { [ v, V ] }; - key { [ s, S ] }; - key { [ t, T ] }; - key { [ d, D ] }; - key { [ egrave, Egrave ] }; - key { [ ccedilla, Ccedilla ] }; - - key { [ Return ] }; - key { [ c, C ] }; - key { [ a, A ] }; - key { [ u, U ] }; - key { [ i, I ] }; - key { [ e, E, EuroSign ] }; - key { [ period, question ] }; - key { [ n, N ] }; - key { [ h, H, Left ] }; - key { [ j, J, Down ] }; - key { [ k, K, Up ] }; - key { [ l, L, Right ] }; - key { [ m, M ] }; - - key { [ Shift_L ] }; - key { [ q, Q ] }; - key { [ w, W ] }; - key { [ agrave, Agrave ] }; - key { [ f, F ] }; - key { [ colon, bar ] }; - key { [ comma, semicolon ] }; - key { [ apostrophe, exclam ] }; - key { [ x, X ] }; - key { [ g, G ] }; - key { [ z, Z ] }; - key { [ y, Y ] }; - - key { [ Up ] }; - key { [ Left ] }; - key { [ Down ] }; - key { [ Right ] }; - - key { [ Control_L ] }; - key { [ Alt_L ] }; - key { [ space, underscore, nobreakspace, U202F ] }; - key { [ ISO_Level3_Shift ] }; - - key { [ F1, F1 ] }; - key { [ F2, F2 ] }; - key { [ F3, F3 ] }; - key { [ F4, F4 ] }; - key { [ F5, F5 ] }; - key { [ F6, F6 ] }; - key { [ F7, F7 ] }; - key { [ F8, F8 ]}; - key { [ F9, F9 ] }; - key { [ F10, F10 ] }; - key { [ F11, F11 ] }; - }; - ''; - }; - - services.xserver.xkb.layout = "bepovim"; - services.xserver.xkb.variant = "basic"; - services.xserver.xkb.options = "lv3:ralt_switch"; - console.useXkbConfig = true; -} - -# vim: set ts=2 sw=2 sts=2 et : diff --git a/hosts/pennsardin/configuration.nix b/hosts/pennsardin/configuration.nix index 7b5a6b3..724e826 100644 --- a/hosts/pennsardin/configuration.nix +++ b/hosts/pennsardin/configuration.nix @@ -1,157 +1,33 @@ -{ config, pkgs, lib, desktop, ... }: - -{ +{pkgs, ...}: { imports = [ - ./bepovim.nix - ../../wm/plasma.nix - ../../apps/qemu.nix - ../../apps/gitea.nix - ../../apps/truenas.nix + ../../profiles/workstation-bspwm.nix + ../../modules/hardware/bepovim.nix + ../../modules/dev/qemu.nix + ../../modules/common/nix.nix ]; - nix.settings.experimental-features = ["nix-command" "flakes" ]; - boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" "amdgpu" ]; - boot.kernelModules = [ "amdgpu" "kvm-amd" ]; - boot.extraModulePackages = []; - boot.kernelPackages = pkgs.linuxPackages_latest; - boot.kernelParams = [ - "mem_sleep_default=deep" - "amdgpu.si_support=0" - "amdgpu.cik_support=0" - "radeon.si_support=0" - "radeon.cik_support=0" - "quiet" - "splash" - "boot.shell_on_fail" - "udev.log_priority=3" - "rd.systemd.show_status=auto" - ]; - - boot.plymouth.enable = true ; - boot.plymouth.theme = "spinner" ; - boot.consoleLogLevel = 3 ; - boot.initrd.verbose = false ; - boot.loader.timeout = 5; - boot.loader.systemd-boot.enable = true ; - boot.loader.systemd-boot.consoleMode = "max" ; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.efi.efiSysMountPoint = "/boot"; - - boot.tmp.cleanOnBoot = true ; - systemd.coredump.enable = false ; - services.journald.extraConfig = '' - SystemMaxUse=200M - RuntimeMaxUse=100M - ''; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/b4e3577b-17ab-4a89-9aeb-4e223be4c75b"; # à adapter si tu as un autre label/disque - fsType = "ext4"; # ou btrfs, xfs, ce que t'as utilisé -}; - swapDevices = [] ; - - hardware.firmware = with pkgs ; [ linux-firmware ]; - hardware.enableRedistributableFirmware = true; - hardware.graphics = { - enable = true ; - extraPackages = with pkgs ; [ - mesa libva libva-utils libvdpau libva-vdpau-driver vaapiVdpau libvdpau-va-gl amdvlk vulkan-tools vulkan-loader vulkan-validation-layers - ]; - enable32Bit = true ; - }; - environment.variables = { - LIBVA_DRIVER_NAME = "radeonsi"; - VDPAU_DRIVER = "va_gl"; - }; - environment.defaultPackages = lib.mkForce [] ; - - hardware.bluetooth.enable = true ; - environment.etc."pam.d/i3lock".text = '' - auth include login - account include login - password include login - session include login - ''; - services.blueman.enable = true ; - services.logind.settings.Login = { - IdleAction="suspend"; - IdleActionSec="5min"; - HandleLidSwitch="suspend"; - HandleLidSwitchDocked="ignore"; - }; - services.openssh.enable = true ; - services.xserver.enable = true ; - services.xserver.videoDrivers = [ "amdgpu" ]; networking.hostName = "pennsardin"; - networking.firewall.enable = true ; - time.timeZone = "Europe/Paris"; - # Select internationalisation properties. - i18n.defaultLocale = "fr_FR.UTF-8"; - i18n.extraLocaleSettings = { - LC_ADDRESS = "fr_FR.UTF-8"; - LC_IDENTIFICATION = "fr_FR.UTF-8"; - LC_MEASUREMENT = "fr_FR.UTF-8"; - LC_MONETARY = "fr_FR.UTF-8"; - LC_NAME = "fr_FR.UTF-8"; - LC_NUMERIC = "fr_FR.UTF-8"; - LC_PAPER = "fr_FR.UTF-8"; - LC_TELEPHONE = "fr_FR.UTF-8"; - LC_TIME = "fr_FR.UTF-8"; + boot.kernelPackages = pkgs.linuxPackages_latest; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/b4e3577b-17ab-4a89-9aeb-4e223be4c75b"; # à adapter si tu as un autre label/disque + fsType = "ext4"; # ou btrfs, xfs, ce que t'as utilisé }; + swapDevices = []; - services.printing.enable = true ; - # Enable sound with pipewire. - services.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; - - environment.systemPackages = with pkgs; [ - p7zip - btrfs-progs - cifs-utils - evtest - gdu - git - glances - lm_sensors - neovim - nixos-bgrt-plymouth - parted - pciutils - pulseaudio - snapper - tmux - usbutils - xorg.xev - xorg.xkbcomp - ]; - - programs.steam.enable = true ; - hardware.xpadneo.enable = true ; - programs.zsh.enable = true; users.users.lomig = { isNormalUser = true; - extraGroups = [ "networkmanager" "lp" "wheel" ]; + extraGroups = ["networkmanager" "lp" "wheel"]; shell = pkgs.zsh; }; - nixpkgs.config = { - allowUnfree = true; - allowUnsupportedSystem = true ; + home-manager = { + useGlobalPkgs = true; + users.lomig = import ../../hm/users/lomig.nix; }; + system.stateVersion = "25.05"; # pour éviter les hurlements inutiles } - # vim: set ts=2 sw=2 sts=2 et : + diff --git a/hosts/pennsardin/hardware.nix b/hosts/pennsardin/hardware.nix new file mode 100644 index 0000000..eed7124 --- /dev/null +++ b/hosts/pennsardin/hardware.nix @@ -0,0 +1 @@ +_: {} diff --git a/modules/common/audio.nix b/modules/common/audio.nix new file mode 100644 index 0000000..a46f40d --- /dev/null +++ b/modules/common/audio.nix @@ -0,0 +1,10 @@ +_: { + services.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; +} diff --git a/modules/common/base.nix b/modules/common/base.nix new file mode 100644 index 0000000..cb723fc --- /dev/null +++ b/modules/common/base.nix @@ -0,0 +1,27 @@ +{lib, ...}: { + time.timeZone = "Europe/Paris"; + + i18n.defaultLocale = "fr_FR.UTF-8"; + i18n.extraLocaleSettings = { + LC_ADDRESS = "fr_FR.UTF-8"; + LC_IDENTIFICATION = "fr_FR.UTF-8"; + LC_MEASUREMENT = "fr_FR.UTF-8"; + LC_MONETARY = "fr_FR.UTF-8"; + LC_NAME = "fr_FR.UTF-8"; + LC_NUMERIC = "fr_FR.UTF-8"; + LC_PAPER = "fr_FR.UTF-8"; + LC_TELEPHONE = "fr_FR.UTF-8"; + LC_TIME = "fr_FR.UTF-8"; + }; + + # journald & coredump + systemd.coredump.enable = false; + services.journald.extraConfig = '' + SystemMaxUse=200M + RuntimeMaxUse=100M + ''; + + boot.tmp.cleanOnBoot = true; + environment.defaultPackages = lib.mkForce []; + programs.zsh.enable = true; # shell dispo au niveau système +} diff --git a/modules/common/bluetooth.nix b/modules/common/bluetooth.nix new file mode 100644 index 0000000..e1d1446 --- /dev/null +++ b/modules/common/bluetooth.nix @@ -0,0 +1,4 @@ +_: { + hardware.bluetooth.enable = true; + services.blueman.enable = true; +} diff --git a/modules/common/energy.nix b/modules/common/energy.nix new file mode 100644 index 0000000..31635c5 --- /dev/null +++ b/modules/common/energy.nix @@ -0,0 +1,8 @@ +_: { + services.logind.settings.Login = { + IdleAction = "suspend"; + IdleActionSec = "5min"; + HandleLidSwitch = "suspend"; + HandleLidSwitchDocked = "ignore"; + }; +} diff --git a/modules/common/gaming.nix b/modules/common/gaming.nix new file mode 100644 index 0000000..58da8c1 --- /dev/null +++ b/modules/common/gaming.nix @@ -0,0 +1,4 @@ +_: { + programs.steam.enable = true; + hardware.xpadneo.enable = true; +} diff --git a/modules/common/lockscreen.nix b/modules/common/lockscreen.nix new file mode 100644 index 0000000..846fca1 --- /dev/null +++ b/modules/common/lockscreen.nix @@ -0,0 +1,8 @@ +_: { + environment.etc."pam.d/i3lock".text = '' + auth include login + account include login + password include login + session include login + ''; +} diff --git a/modules/common/networking.nix b/modules/common/networking.nix new file mode 100644 index 0000000..6dc99a4 --- /dev/null +++ b/modules/common/networking.nix @@ -0,0 +1,8 @@ +_: { + networking = { + networkmanager.enable = true; + nameservers = ["1.1.1.1" "8.8.8.8"]; + dhcpcd.extraConfig = "nohook resolv.conf"; + firewall.enable = true; + }; +} diff --git a/modules/common/nix.nix b/modules/common/nix.nix new file mode 100644 index 0000000..d2e581e --- /dev/null +++ b/modules/common/nix.nix @@ -0,0 +1,11 @@ +{config, ...}: { + nix.settings = { + auto-optimise-store = true; + experimental-features = ["nix-command" "flakes"]; + }; + + nixpkgs.config = { + allowUnfree = true; + allowUnsupportedSystem = true; + }; +} diff --git a/modules/common/plymouth.nix b/modules/common/plymouth.nix new file mode 100644 index 0000000..dfb5097 --- /dev/null +++ b/modules/common/plymouth.nix @@ -0,0 +1,36 @@ +{ + lib, + pkgs, + ... +}: { + boot = { + plymouth.enable = true; + plymouth.theme = "spinner"; + consoleLogLevel = 3; + initrd.verbose = false; + + # Ajouts "quiet/splash" propres (sans auto-référence) + kernelParams = lib.mkAfter [ + "mem_sleep_default=deep" + "quiet" + "splash" + "boot.shell_on_fail" + "udev.log_priority=3" + "rd.systemd.show_status=auto" + ]; + + loader = { + timeout = 5; + systemd-boot.enable = true; + systemd-boot.consoleMode = "max"; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; + }; + }; + }; + + environment.systemPackages = with pkgs; [ + nixos-bgrt-plymouth + ]; +} diff --git a/modules/desktop/gnome.nix b/modules/desktop/gnome.nix new file mode 100644 index 0000000..a1e65d5 --- /dev/null +++ b/modules/desktop/gnome.nix @@ -0,0 +1,18 @@ +{lib, ...}: { + services = { + displayManager = { + gdm.enable = true; + sddm.enable = lib.mkForce false; + }; + desktopManager = { + gnome.enable = true; + plasma6.enable = lib.mkForce false; + }; + xserver = { + windowManager.bspwm.enable = lib.mkForce false; + displayManager.lightdm.enable = lib.mkForce false; + }; + }; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/modules/desktop/plasma.nix b/modules/desktop/plasma.nix new file mode 100644 index 0000000..50214bb --- /dev/null +++ b/modules/desktop/plasma.nix @@ -0,0 +1,18 @@ +{lib, ...}: { + services = { + displayManager = { + gdm.enable = lib.mkForce false; + sddm.enable = true; + }; + desktopManager = { + gnome.enable = lib.mkForce false; + plasma6.enable = true; + }; + xserver = { + windowManager.bspwm.enable = lib.mkForce false; + displayManager.lightdm.enable = lib.mkForce false; + }; + }; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/modules/desktop/xorg-bspwm.nix b/modules/desktop/xorg-bspwm.nix new file mode 100644 index 0000000..8e3736a --- /dev/null +++ b/modules/desktop/xorg-bspwm.nix @@ -0,0 +1,25 @@ +{ + config, + lib, + ... +}: { + services = { + xserver = { + enable = true; + displayManager = { + lightdm.enable = true; + }; + windowManager.bspwm.enable = true ; + }; + displayManager = { + gdm.enable = lib.mkForce false; + sddm.enable = lib.mkForce false; + }; + desktopManager = { + gnome.enable = lib.mkForce false; + plasma6.enable = lib.mkForce false; + }; + }; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/modules/dev/qemu.nix b/modules/dev/qemu.nix new file mode 100644 index 0000000..0ce8a82 --- /dev/null +++ b/modules/dev/qemu.nix @@ -0,0 +1,54 @@ +{ + lib, + pkgs, + ... +}: { + imports = [ + ../virtual/truenas.nix + ]; + boot.kernelModules = lib.mkAfter ["tun"]; + environment.systemPackages = with pkgs; [ + qemu_kvm + virtiofsd + ]; + + services = { + udev.extraRules = '' + # SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500b0179482", GROUP="disk", MODE="0660" + # SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc529430", GROUP="disk", MODE="0660" + # SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc53994a", GROUP="disk", MODE="0660" + # SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc5551d4", GROUP="disk", MODE="0660" + SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660" + ''; + spice-vdagentd.enable = true; + resolved.enable = true; + }; + + virtualisation.libvirtd = { + enable = true; + qemu = { + swtpm.enable = true; + ovmf.enable = true; + ovmf.packages = [pkgs.OVMFFull.fd]; + runAsRoot = false; + }; + }; + + users.users.lomig.extraGroups = ["libvirtd" "kvm" "input"]; + networking = { + firewall.allowedTCPPorts = [5900 5901 5902]; + useDHCP = false; + bridges.br0.interfaces = ["enp11s0"]; + }; + + systemd.network.networks."10-br0" = { + matchConfig.Name = "br0"; + networkConfig.DHCP = "yes"; + }; + + environment.etc."qemu/bridge.conf".text = '' + allow br0 + ''; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/modules/hardware/bepovim.nix b/modules/hardware/bepovim.nix new file mode 100644 index 0000000..9b44328 --- /dev/null +++ b/modules/hardware/bepovim.nix @@ -0,0 +1,100 @@ +_: { + services.xserver.xkb = { + layout = "bepovim"; + variant = "basic"; + options = "lv3:ralt_switch"; + extraLayouts.bepovim = { + description = "Clavier Bepovim – 4 niveaux"; + languages = ["fr"]; + symbolsFile = builtins.toFile "bepovim.xkb" '' + xkb_symbols "basic" { + name[Group1] = "Bepovim"; + + key { [ Escape ] }; + key { [ dollar, numbersign ] }; + key { [ less, 1, guillemotleft ] }; + key { [ greater, 2, guillemotright ] }; + key { [ parenleft, 3, bracketleft ] }; + key { [ parenright, 4, bracketright ] }; + key { [ at, 5, braceleft ] }; + key { [ plus, 6, braceright ] }; + key { [ minus, 7, asciitilde ] }; + key { [ asterisk, 8 ] }; + key { [ slash, 9, backslash ] }; + key { [ quotedbl, 0, percent ] }; + key { [ equal, ampersand ] }; + key { [ BackSpace ] }; + key { [ Tab, ISO_Left_Tab ] }; + + key { [ b, B ] }; + key { [ eacute, Eacute ] }; + key { [ p, P ] }; + key { [ o, O ] }; + key { [ r, R ] }; + key { [ dead_circumflex, grave ] }; + key { [ v, V ] }; + key { [ s, S ] }; + key { [ t, T ] }; + key { [ d, D ] }; + key { [ egrave, Egrave ] }; + key { [ ccedilla, Ccedilla ] }; + + key { [ Return ] }; + key { [ c, C ] }; + key { [ a, A ] }; + key { [ u, U ] }; + key { [ i, I ] }; + key { [ e, E, EuroSign ] }; + key { [ period, question ] }; + key { [ n, N ] }; + key { [ h, H, Left ] }; + key { [ j, J, Down ] }; + key { [ k, K, Up ] }; + key { [ l, L, Right ] }; + key { [ m, M ] }; + + key { [ Shift_L ] }; + key { [ q, Q ] }; + key { [ w, W ] }; + key { [ agrave, Agrave ] }; + key { [ f, F ] }; + key { [ colon, bar ] }; + key { [ comma, semicolon ] }; + key { [ apostrophe, exclam ] }; + key { [ x, X ] }; + key { [ g, G ] }; + key { [ z, Z ] }; + key { [ y, Y ] }; + + key { [ Up ] }; + key { [ Left ] }; + key { [ Down ] }; + key { [ Right ] }; + + key { [ Control_L ] }; + key { [ Alt_L ] }; + key { [ space, underscore, nobreakspace, U202F ] }; + key { [ ISO_Level3_Shift ] }; + + key { [ F1, F1 ] }; + key { [ F2, F2 ] }; + key { [ F3, F3 ] }; + key { [ F4, F4 ] }; + key { [ F5, F5 ] }; + key { [ F6, F6 ] }; + key { [ F7, F7 ] }; + key { [ F8, F8 ]}; + key { [ F9, F9 ] }; + key { [ F10, F10 ] }; + key { [ F11, F11 ] }; + }; + ''; + }; + }; + console = { + useXkbConfig = true; + font = "Lat2-Terminus16"; + }; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/modules/hardware/firmware.nix b/modules/hardware/firmware.nix new file mode 100644 index 0000000..3c6df9a --- /dev/null +++ b/modules/hardware/firmware.nix @@ -0,0 +1,12 @@ +{ + lib, + pkgs, + ... +}: { + hardware = { + cpu.amd.updateMicrocode = lib.mkDefault true; + firmware = [pkgs.linux-firmware]; + firmwareCompression = "zstd"; + enableRedistributableFirmware = true; + }; +} diff --git a/modules/hardware/gpu-amd.nix b/modules/hardware/gpu-amd.nix new file mode 100644 index 0000000..e92d858 --- /dev/null +++ b/modules/hardware/gpu-amd.nix @@ -0,0 +1,50 @@ +{ + lib, + pkgs, + ... +}: { + boot = { + initrd.kernelModules = lib.mkAfter ["amdgpu"]; + kernelModules = lib.mkAfter ["amdgpu"]; + }; + + # Pilotes + options AMDGPU + services.xserver = { + enable = true; + videoDrivers = lib.mkDefault ["amdgpu"]; + }; + + hardware.graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ + mesa + libva + libva-utils + libvdpau + libva-vdpau-driver + vaapiVdpau + libvdpau-va-gl + amdvlk + vulkan-tools + vulkan-loader + vulkan-validation-layers + ]; + }; + + environment.variables = { + LIBVA_DRIVER_NAME = "radeonsi"; + VDPAU_DRIVER = "va_gl"; + }; + + # Désactive héritage radeon pour cartes anciennes + boot.kernelParams = lib.mkAfter [ + "amdgpu.si_support=0" + "amdgpu.cik_support=0" + "radeon.si_support=0" + "radeon.cik_support=0" + ]; + + # Si un module sonde "k10temp" gêne : + boot.blacklistedKernelModules = ["k10temp"]; +} diff --git a/modules/hardware/sensors-zenpower.nix b/modules/hardware/sensors-zenpower.nix new file mode 100644 index 0000000..97a155d --- /dev/null +++ b/modules/hardware/sensors-zenpower.nix @@ -0,0 +1,12 @@ +{ + config, + lib, + ... +}: { + boot.kernelModules = lib.mkAfter ["zenpower"]; + boot.extraModulePackages = [config.boot.kernelPackages.zenpower]; + hardware.sensor.iio.enable = lib.mkDefault true; + services.hardware.bolt.enable = lib.mkDefault false; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/modules/roles/workstation.nix b/modules/roles/workstation.nix new file mode 100644 index 0000000..1152198 --- /dev/null +++ b/modules/roles/workstation.nix @@ -0,0 +1,33 @@ +{pkgs, ...}: { + imports = [ + ../common/nix.nix + + # Matériel + ../hardware/gpu-amd.nix + ../hardware/sensors-zenpower.nix + + # Virtualisation/tuning + ../virtual/kvm-amd.nix + ../virtual/vfio.nix + + # Dev + ../dev/qemu.nix + ../virtual/truenas.nix # seulement si tu l’utilises sur ce host + ]; + + environment.systemPackages = with pkgs; [ + git + vim + wget + curl + ripgrep + fd + pciutils + usbutils + p7zip + gdu + glances + parted + tmux + ]; +} diff --git a/modules/services/printing.nix b/modules/services/printing.nix new file mode 100644 index 0000000..9228648 --- /dev/null +++ b/modules/services/printing.nix @@ -0,0 +1,3 @@ +_: { + services.printing.enable = true; +} diff --git a/modules/virtual/aarch64/AAVMF_CODE.fd b/modules/virtual/aarch64/AAVMF_CODE.fd new file mode 100644 index 0000000..54192f7 Binary files /dev/null and b/modules/virtual/aarch64/AAVMF_CODE.fd differ diff --git a/modules/virtual/aarch64/AAVMF_VARS.fd b/modules/virtual/aarch64/AAVMF_VARS.fd new file mode 100644 index 0000000..daeef2a Binary files /dev/null and b/modules/virtual/aarch64/AAVMF_VARS.fd differ diff --git a/modules/virtual/kvm-amd.nix b/modules/virtual/kvm-amd.nix new file mode 100644 index 0000000..42b2818 --- /dev/null +++ b/modules/virtual/kvm-amd.nix @@ -0,0 +1,3 @@ +{lib, ...}: { + boot.kernelModules = lib.mkAfter ["kvm-amd"]; +} diff --git a/modules/virtual/truenas.nix b/modules/virtual/truenas.nix new file mode 100644 index 0000000..6df43bb --- /dev/null +++ b/modules/virtual/truenas.nix @@ -0,0 +1,78 @@ +{pkgs, ...}: { + boot = { + initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"]; + extraModprobeConfig = '' + options vfio-pci ids=1022:43f6 + ''; + kernelParams = [ + "amd_iommu=on" + "iommu=pt" + ]; + }; + users.users.lomig.extraGroups = ["disk"]; + security.pam.loginLimits = [ + { + domain = "lomig"; + type = "soft"; + item = "memlock"; + value = "infinity"; + } + { + domain = "lomig"; + type = "hard"; + item = "memlock"; + value = "infinity"; + } + ]; + boot.kernel.sysctl."vm.nr_hugepages" = 1024; + fileSystems."/dev/hugepages" = { + device = "hugetlbfs"; + fsType = "hugetlbfs"; + }; + + # services.udev.extraRules = '' + # SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500b0179482", GROUP="disk", MODE="0660" + # SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc529430", GROUP="disk", MODE="0660" + # SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc53994a", GROUP="disk", MODE="0660" + # SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc5551d4", GROUP="disk", MODE="0660" + # SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660" + # ''; + + systemd.services.truenas-vm = { + wantedBy = ["multi-user.target"]; + after = ["network-online.target"]; + wants = ["network-online.target"]; + serviceConfig = { + RuntimeDirectory = "truenas"; + ExecStartPre = "/run/current-system/sw/bin/rm -f /run/truenas/qmp.sock"; + ExecStart = '' + /run/current-system/sw/bin/qemu-system-x86_64 -enable-kvm -m 4096 -smp 2 \ + -drive file=/home/lomig/vm/truenas.qcow2,if=none,format=qcow2,id=os \ + -device vfio-pci,host=0e:00.0 \ + -netdev bridge,br=br0,id=n1,helper=/run/wrappers/bin/qemu-bridge-helper \ + -device virtio-net-pci,netdev=n1,mac=52:54:00:00:01:02 \ + -device virtio-blk-pci,drive=os,bootindex=0 \ + -qmp unix:/run/truenas.qmp,server,nowait -display none + ''; + ExecStop = '' + echo '{"execute":"system_powerdown"}' | socat - UNIX-CONNECT:/run/truenas.qmp || true ; sleep 5 + ''; + Restart = "on-failure"; + RestartSec = 3; + StartLimitIntervalSec = 60; + StartLimitBurst = 5; + }; + }; + + systemd.services.resume-truenas-vm = { + description = "Restart Truenas VM after resume"; + wantedBy = ["sleep.target"]; + after = ["sleep.target"]; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.systemd}/bin/systemctl try-restart truenas-vm.service"; + }; + }; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/modules/virtual/vfio.nix b/modules/virtual/vfio.nix new file mode 100644 index 0000000..a268d31 --- /dev/null +++ b/modules/virtual/vfio.nix @@ -0,0 +1,19 @@ +{lib, ...}: { + # Ajoute dans l’initrd sans auto-référencer l’option + boot = { + initrd.kernelModules = lib.mkAfter [ + "vfio_pci" + "vfio" + "vfio_iommu_type1" + ]; + + # Ajoute les params IOMMU proprement + kernelParams = lib.mkAfter [ + "amd_iommu=on" + "iommu=pt" + ]; + + # Valeur par défaut (sans référencer config.*) + kernel.sysctl."vm.nr_hugepages" = lib.mkDefault 1024; + }; +} diff --git a/profiles/workstation-bspwm.nix b/profiles/workstation-bspwm.nix new file mode 100644 index 0000000..c4680d3 --- /dev/null +++ b/profiles/workstation-bspwm.nix @@ -0,0 +1,31 @@ +{pkgs, ...}: { + imports = [ + ../modules/roles/workstation.nix + ../modules/desktop/xorg-bspwm.nix + ../modules/common/base.nix + ../modules/common/networking.nix + ../modules/common/plymouth.nix + ../modules/hardware/firmware.nix + ../modules/hardware/gpu-amd.nix + ../modules/common/audio.nix + ../modules/common/bluetooth.nix + ../modules/common/gaming.nix + ../modules/services/printing.nix + ../modules/dev/qemu.nix + ../modules/common/lockscreen.nix + ../modules/common/energy.nix + ]; + + services.openssh.enable = true; + + environment.systemPackages = with pkgs; [ + btrfs-progs + cifs-utils + evtest + lm_sensors + xorg.xev + xorg.xkbcomp + ]; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/user/lomig.nix b/user/lomig.nix deleted file mode 100644 index aada2fe..0000000 --- a/user/lomig.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, pkgs, lib, desktop, ... }: - -{ - imports = [ - ../apps/browser.nix - ../apps/picom.nix - ../apps/zsh.nix - ]; - home.username = "lomig"; - home.homeDirectory = "/home/lomig"; - home.packages = with pkgs; [ - bat - nerd-fonts.iosevka - obsidian - telegram-desktop - tree - fastfetch - ]; - - programs.zsh.enable = true; - home.stateVersion = "25.05"; # ou ton actuelle -} - -# vim: set ts=2 sw=2 sts=2 et : diff --git a/wm/bspwm.nix b/wm/bspwm.nix deleted file mode 100644 index 21de82a..0000000 --- a/wm/bspwm.nix +++ /dev/null @@ -1,176 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - services = { - xserver = { - enable = true ; - displayManager = { - lightdm.enable = true ; - }; - windowManager.bspwm.enable = true ; - }; - desktopManager = { - gnome.enable = lib.mkForce false ; - plasma6.enable = lib.mkForce false ; - }; - displayManager = { - gdm.enable = lib.mkForce false ; - sddm.enable = lib.mkForce false ; - }; - }; - home-manager.users.lomig = { pkgs, ... }: { - home.packages = with pkgs; [ - bspwm sxhkd xorg.xinit xterm - alacritty rofi feh font-awesome - picom xorg.xset xidlehook betterlockscreen - pywal16 imagemagick - pulsemixer - ]; - - xsession.enable = true ; - xsession.initExtra = '' - xset s 300 300 - xset s on - xsession s noblank - - xset +dpms - xset dpms 0 0 500 - ''; - systemd.user.services.xidlehook = { - Unit.Description = "Idle actions (lock at 1m, suspend at 5m)"; - Service = { - ExecStart = '' - ${pkgs.xidlehook}/bin/xidlehook \ - --detect-sleep \ - --not-when-fullscreen \ - --timer 300 "${pkgs.betterlockscreen}/bin/betterlockscreen -l dim" "" \ - --timer 500 "systemctl suspend" "" - ''; - Restart = "always"; - }; - Install.WantedBy = [ "graphical-session.target" ]; - }; - - xsession.windowManager.bspwm = { - enable = true ; - startupPrograms = [ - "killall polybar" - "eval $(ssh-agent -s); ssh-add ~/.ssh/github" - "setxkbmap bepovim" - "sxhkd -m 1" - "xrandr \\ - --output DisplayPort-1 --rate 60 --pos 0x0" - "while pgrep -x polybar >/dev/null; do sleep 0.2; done" - "polybar" - "bash ~/.fehbg" - "bspc rule -a floorp desktop=^focused follow=on" - ]; - extraConfig = '' - bspc config borderless_monocle true - bspc config gapless_monocle true - bspc config single_monocle true - bspc monitor -d I II III IV V VI - ''; - }; - services.sxhkd = { - enable = true ; - extraOptions = [ "-m 1" ] ; - keybindings = { - "super + Return" = "alacritty"; - "super + c" = "bspc node -c"; - "Menu" = "rofi -show drun"; - "super + space" = "rofi -show drun"; - -# Aller au bureau ^1 .. ^6 - "F1" = "bspc desktop -f ^1"; - "F2" = "bspc desktop -f ^2"; - "F3" = "bspc desktop -f ^3"; - "F4" = "bspc desktop -f ^4"; - "F5" = "bspc desktop -f ^5"; - "F6" = "bspc desktop -f ^6"; - -# Déplacer la fenetre courante vers le bureau cible et suivre - "shift + F1" = "bspc node -d ^1 --follow"; - "shift + F2" = "bspc node -d ^2 --follow"; - "shift + F3" = "bspc node -d ^3 --follow"; - "shift + F4" = "bspc node -d ^4 --follow"; - "shift + F5" = "bspc node -d ^5 --follow"; - "shift + F6" = "bspc node -d ^6 --follow"; - -# Focus dans un meme bureau - "super + h" = "bspc node -f west"; - "super + j" = "bspc node -f south"; - "super + k" = "bspc node -f north"; - "super + l" = "bspc node -f east"; - -# Swap la fenetre dans le bureau - "super + shift + h" = "bspc node -s west"; - "super + shift + j" = "bspc node -s south"; - "super + shift + k" = "bspc node -s north"; - "super + shift + l" = "bspc node -s east"; - -# Gestion du tiling - "super + f" = "bspc node -t fullscreen" ; - "super + s" = "bspc node -t floating" ; - "super + shift + t" = "bspc node -t pseudo_tiled" ; - "super + t" = "bspc node -t tiled" ; - }; - }; - - services.polybar = { - enable = true ; - script = "polybar main &"; - config = { - "bar/main" = { - width = "100%"; - height = "28"; - background = "\\\${colors.background}"; - foreground = "\\\${colors.foreground}"; - font-0 = "Iosevka Nerd Font:size=10;2"; - font-1 = "Font Awesome 6 Free:style=Solid:pixelsize=10;2"; - modules-left = "bspwm"; - modules-center = "date"; - modules-right = "pulseaudio memory cpu"; - }; - - "module/bspwm" = { - type = "internal/bspwm"; - label-focused = "%name%"; - label-focused-background = "\\\${colors.primary}"; - label-focused-foreground = "#e6e0de"; - label-focused-padding = 2; - label-occupied = "%name%"; - label-occupied-padding = 2; - label-urgent = "%name%"; - label-urgent-background = "#e42127"; - label-urgent-foreground = "#ffffff"; - label-empty = "%name%"; - label-empty-foreground = "#645d56"; - label-empty-padding = 2; - }; - - "module/date" = { - type = "internal/date"; - interval = 60; - date = "%d-%m-%Y %H:%M"; - }; - - }; - }; - programs.alacritty.enable = true ; - programs.alacritty.settings = { - general.import = [ - "~/.cache/wal/colors-alacritty.toml" - ]; - font = { - normal = { family = "Iosevka Nerd Font"; style = "Regular"; }; - bold = { family = "Iosevka Nerd Font"; style = "Bold"; }; - italic = { family = "Iosevka Nerd Font"; style = "Italic"; }; - size = 9; - }; - }; - - - }; -} - -# vim: set ts=2 sw=2 sts=2 et : diff --git a/wm/gnome.nix b/wm/gnome.nix deleted file mode 100644 index 6dc9d1a..0000000 --- a/wm/gnome.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - services = { - displayManager = { - gdm.enable = true ; - sddm.enable = lib.mkForce false ; - }; - desktopManager = { - gnome.enable = true ; - plasma6.enable = lib.mkForce false ; - }; - xserver = { - windowManager.bspwm.enable = lib.mkForce false ; - displayManager.lightdm.enable = lib.mkForce false ; - }; - }; -} - -# vim: set ts=2 sw=2 sts=2 et : diff --git a/wm/plasma.nix b/wm/plasma.nix deleted file mode 100644 index ef3819e..0000000 --- a/wm/plasma.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - services = { - displayManager = { - gdm.enable = lib.mkForce false ; - sddm.enable = true ; - }; - desktopManager = { - gnome.enable = lib.mkForce false ; - plasma6.enable = true ; - }; - xserver = { - windowManager.bspwm.enable = lib.mkForce false ; - displayManager.lightdm.enable = lib.mkForce false ; - }; - }; -} - -# vim: set ts=2 sw=2 sts=2 et :