Refactor

2025-09-04 10:21:17 +02:00 · 2025-09-04 10:21:17 +02:00 · e0a82ee731
commit e0a82ee731
parent 556e0e1eb2
49 changed files with 1076 additions and 765 deletions
--- a/modules/common/audio.nix
+++ b/modules/common/audio.nix
@ -0,0 +1,10 @@
+_: {
+  services.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+  };
+}
--- a/modules/common/base.nix
+++ b/modules/common/base.nix
@ -0,0 +1,27 @@
+{lib, ...}: {
+  time.timeZone = "Europe/Paris";
+
+  i18n.defaultLocale = "fr_FR.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "fr_FR.UTF-8";
+    LC_IDENTIFICATION = "fr_FR.UTF-8";
+    LC_MEASUREMENT = "fr_FR.UTF-8";
+    LC_MONETARY = "fr_FR.UTF-8";
+    LC_NAME = "fr_FR.UTF-8";
+    LC_NUMERIC = "fr_FR.UTF-8";
+    LC_PAPER = "fr_FR.UTF-8";
+    LC_TELEPHONE = "fr_FR.UTF-8";
+    LC_TIME = "fr_FR.UTF-8";
+  };
+
+  # journald & coredump
+  systemd.coredump.enable = false;
+  services.journald.extraConfig = ''
+    SystemMaxUse=200M
+    RuntimeMaxUse=100M
+  '';
+
+  boot.tmp.cleanOnBoot = true;
+  environment.defaultPackages = lib.mkForce [];
+  programs.zsh.enable = true; # shell dispo au niveau système
+}
--- a/modules/common/bluetooth.nix
+++ b/modules/common/bluetooth.nix
@ -0,0 +1,4 @@
+_: {
+  hardware.bluetooth.enable = true;
+  services.blueman.enable = true;
+}
--- a/modules/common/energy.nix
+++ b/modules/common/energy.nix
@ -0,0 +1,8 @@
+_: {
+  services.logind.settings.Login = {
+    IdleAction = "suspend";
+    IdleActionSec = "5min";
+    HandleLidSwitch = "suspend";
+    HandleLidSwitchDocked = "ignore";
+  };
+}
--- a/modules/common/gaming.nix
+++ b/modules/common/gaming.nix
@ -0,0 +1,4 @@
+_: {
+  programs.steam.enable = true;
+  hardware.xpadneo.enable = true;
+}
--- a/modules/common/lockscreen.nix
+++ b/modules/common/lockscreen.nix
@ -0,0 +1,8 @@
+_: {
+  environment.etc."pam.d/i3lock".text = ''
+    auth     include login
+    account  include login
+    password include login
+    session  include login
+  '';
+}
--- a/modules/common/networking.nix
+++ b/modules/common/networking.nix
@ -0,0 +1,8 @@
+_: {
+  networking = {
+    networkmanager.enable = true;
+    nameservers = ["1.1.1.1" "8.8.8.8"];
+    dhcpcd.extraConfig = "nohook resolv.conf";
+    firewall.enable = true;
+  };
+}
--- a/modules/common/nix.nix
+++ b/modules/common/nix.nix
@ -0,0 +1,11 @@
+{config, ...}: {
+  nix.settings = {
+    auto-optimise-store = true;
+    experimental-features = ["nix-command" "flakes"];
+  };
+
+  nixpkgs.config = {
+    allowUnfree = true;
+    allowUnsupportedSystem = true;
+  };
+}
--- a/modules/common/plymouth.nix
+++ b/modules/common/plymouth.nix
@ -0,0 +1,36 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  boot = {
+    plymouth.enable = true;
+    plymouth.theme = "spinner";
+    consoleLogLevel = 3;
+    initrd.verbose = false;
+
+    # Ajouts "quiet/splash" propres (sans auto-référence)
+    kernelParams = lib.mkAfter [
+      "mem_sleep_default=deep"
+      "quiet"
+      "splash"
+      "boot.shell_on_fail"
+      "udev.log_priority=3"
+      "rd.systemd.show_status=auto"
+    ];
+
+    loader = {
+      timeout = 5;
+      systemd-boot.enable = true;
+      systemd-boot.consoleMode = "max";
+      efi = {
+        canTouchEfiVariables = true;
+        efiSysMountPoint = "/boot";
+      };
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    nixos-bgrt-plymouth
+  ];
+}
--- a/modules/desktop/gnome.nix
+++ b/modules/desktop/gnome.nix
@ -0,0 +1,18 @@
+{lib, ...}: {
+  services = {
+    displayManager = {
+      gdm.enable = true;
+      sddm.enable = lib.mkForce false;
+    };
+    desktopManager = {
+      gnome.enable = true;
+      plasma6.enable = lib.mkForce false;
+    };
+    xserver = {
+      windowManager.bspwm.enable = lib.mkForce false;
+      displayManager.lightdm.enable = lib.mkForce false;
+    };
+  };
+}
+# vim: set ts=2 sw=2 sts=2 et :
+
--- a/modules/desktop/plasma.nix
+++ b/modules/desktop/plasma.nix
@ -0,0 +1,18 @@
+{lib, ...}: {
+  services = {
+    displayManager = {
+      gdm.enable = lib.mkForce false;
+      sddm.enable = true;
+    };
+    desktopManager = {
+      gnome.enable = lib.mkForce false;
+      plasma6.enable = true;
+    };
+    xserver = {
+      windowManager.bspwm.enable = lib.mkForce false;
+      displayManager.lightdm.enable = lib.mkForce false;
+    };
+  };
+}
+# vim: set ts=2 sw=2 sts=2 et :
+
--- a/modules/desktop/xorg-bspwm.nix
+++ b/modules/desktop/xorg-bspwm.nix
@ -0,0 +1,25 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  services = {
+    xserver = {
+      enable = true;
+      displayManager = {
+        lightdm.enable = true;
+      };
+      windowManager.bspwm.enable = true ;
+    };
+    displayManager = {
+      gdm.enable = lib.mkForce false;
+      sddm.enable = lib.mkForce false;
+    };
+    desktopManager = {
+      gnome.enable = lib.mkForce false;
+      plasma6.enable = lib.mkForce false;
+    };
+  };
+}
+# vim: set ts=2 sw=2 sts=2 et :
+
--- a/modules/dev/qemu.nix
+++ b/modules/dev/qemu.nix
@ -0,0 +1,54 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ../virtual/truenas.nix
+  ];
+  boot.kernelModules = lib.mkAfter ["tun"];
+  environment.systemPackages = with pkgs; [
+    qemu_kvm
+    virtiofsd
+  ];
+
+  services = {
+    udev.extraRules = ''
+      #    SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500b0179482", GROUP="disk", MODE="0660"
+      #    SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc529430", GROUP="disk", MODE="0660"
+      #    SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc53994a", GROUP="disk", MODE="0660"
+      #    SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc5551d4", GROUP="disk", MODE="0660"
+          SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660"
+    '';
+    spice-vdagentd.enable = true;
+    resolved.enable = true;
+  };
+
+  virtualisation.libvirtd = {
+    enable = true;
+    qemu = {
+      swtpm.enable = true;
+      ovmf.enable = true;
+      ovmf.packages = [pkgs.OVMFFull.fd];
+      runAsRoot = false;
+    };
+  };
+
+  users.users.lomig.extraGroups = ["libvirtd" "kvm" "input"];
+  networking = {
+    firewall.allowedTCPPorts = [5900 5901 5902];
+    useDHCP = false;
+    bridges.br0.interfaces = ["enp11s0"];
+  };
+
+  systemd.network.networks."10-br0" = {
+    matchConfig.Name = "br0";
+    networkConfig.DHCP = "yes";
+  };
+
+  environment.etc."qemu/bridge.conf".text = ''
+    allow br0
+  '';
+}
+# vim: set ts=2 sw=2 sts=2 et :
+
--- a/modules/hardware/bepovim.nix
+++ b/modules/hardware/bepovim.nix
@ -0,0 +1,100 @@
+_: {
+  services.xserver.xkb = {
+    layout = "bepovim";
+    variant = "basic";
+    options = "lv3:ralt_switch";
+    extraLayouts.bepovim = {
+      description = "Clavier Bepovim – 4 niveaux";
+      languages = ["fr"];
+      symbolsFile = builtins.toFile "bepovim.xkb" ''
+        xkb_symbols "basic" {
+          name[Group1] = "Bepovim";
+
+          key <ESC>  { [ Escape ] };
+          key <AE01> { [ dollar, numbersign ] };
+          key <AE02> { [ less, 1, guillemotleft ] };
+          key <AE03> { [ greater, 2, guillemotright ] };
+          key <AE04> { [ parenleft, 3, bracketleft ] };
+          key <AE05> { [ parenright, 4, bracketright ] };
+          key <AE06> { [ at, 5, braceleft ] };
+          key <AE07> { [ plus, 6, braceright ] };
+          key <AE08> { [ minus, 7, asciitilde ] };
+          key <AE09> { [ asterisk, 8 ] };
+          key <AE10> { [ slash, 9, backslash ] };
+          key <AE11> { [ quotedbl, 0, percent ] };
+          key <AE12> { [ equal, ampersand ] };
+          key <BKSP> { [ BackSpace ] };
+          key <TAB>  { [ Tab, ISO_Left_Tab ] };
+
+          key <AD01> { [ b, B ] };
+          key <AD02> { [ eacute, Eacute ] };
+          key <AD03> { [ p, P ] };
+          key <AD04> { [ o, O ] };
+          key <AD05> { [ r, R ] };
+          key <AD06> { [ dead_circumflex, grave ] };
+          key <AD07> { [ v, V ] };
+          key <AD08> { [ s, S ] };
+          key <AD09> { [ t, T ] };
+          key <AD10> { [ d, D ] };
+          key <AD11> { [ egrave, Egrave ] };
+          key <AD12> { [ ccedilla, Ccedilla ] };
+
+          key <RTRN> { [ Return ] };
+          key <AC01> { [ c, C ] };
+          key <AC02> { [ a, A ] };
+          key <AC03> { [ u, U ] };
+          key <AC04> { [ i, I ] };
+          key <AC05> { [ e, E, EuroSign ] };
+          key <AC06> { [ period, question ] };
+          key <AC07> { [ n, N ] };
+          key <AC08> { [ h, H, Left ] };
+          key <AC09> { [ j, J, Down ] };
+          key <AC10> { [ k, K, Up ] };
+          key <AC11> { [ l, L, Right ] };
+          key <AC12> { [ m, M ] };
+
+          key <LFSH> { [ Shift_L ] };
+          key <LSGT> { [ q, Q ] };
+          key <AB01> { [ w, W ] };
+          key <AB02> { [ agrave, Agrave ] };
+          key <AB03> { [ f, F ] };
+          key <AB04> { [ colon, bar ] };
+          key <AB05> { [ comma, semicolon ] };
+          key <AB06> { [ apostrophe, exclam ] };
+          key <AB07> { [ x, X ] };
+          key <AB08> { [ g, G ] };
+          key <AB09> { [ z, Z ] };
+          key <AB10> { [ y, Y ] };
+
+          key <DELE>    { [ Up ] };
+          key <DOWN>  { [ Left ] };
+          key <RGHT>  { [ Down ] };
+          key <INS>  { [ Right ] };
+
+          key <LCTL>  { [ Control_L ] };
+          key <LALT>  { [ Alt_L ] };
+          key <SPCE>  { [ space, underscore, nobreakspace, U202F ] };
+          key <RALT>  { [ ISO_Level3_Shift ] };
+
+          key <FK02>  { [ F1, F1 ] };
+          key <FK03>  { [ F2, F2 ] };
+          key <FK04>  { [ F3, F3 ] };
+          key <FK05>  { [ F4, F4 ] };
+          key <FK06>  { [ F5, F5 ] };
+          key <FK07>  { [ F6, F6 ] };
+          key <FK08>  { [ F7, F7 ] };
+          key <FK09>  { [ F8, F8 ]};
+          key <FK10>  { [ F9, F9 ] };
+          key <FK11>  { [ F10, F10 ] };
+          key <FK12>  { [ F11, F11 ] };
+        };
+      '';
+    };
+  };
+  console = {
+    useXkbConfig = true;
+    font = "Lat2-Terminus16";
+  };
+}
+# vim: set ts=2 sw=2 sts=2 et :
+
--- a/modules/hardware/firmware.nix
+++ b/modules/hardware/firmware.nix
@ -0,0 +1,12 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  hardware = {
+    cpu.amd.updateMicrocode = lib.mkDefault true;
+    firmware = [pkgs.linux-firmware];
+    firmwareCompression = "zstd";
+    enableRedistributableFirmware = true;
+  };
+}
--- a/modules/hardware/gpu-amd.nix
+++ b/modules/hardware/gpu-amd.nix
@ -0,0 +1,50 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  boot = {
+    initrd.kernelModules = lib.mkAfter ["amdgpu"];
+    kernelModules = lib.mkAfter ["amdgpu"];
+  };
+
+  # Pilotes + options AMDGPU
+  services.xserver = {
+    enable = true;
+    videoDrivers = lib.mkDefault ["amdgpu"];
+  };
+
+  hardware.graphics = {
+    enable = true;
+    enable32Bit = true;
+    extraPackages = with pkgs; [
+      mesa
+      libva
+      libva-utils
+      libvdpau
+      libva-vdpau-driver
+      vaapiVdpau
+      libvdpau-va-gl
+      amdvlk
+      vulkan-tools
+      vulkan-loader
+      vulkan-validation-layers
+    ];
+  };
+
+  environment.variables = {
+    LIBVA_DRIVER_NAME = "radeonsi";
+    VDPAU_DRIVER = "va_gl";
+  };
+
+  # Désactive héritage radeon pour cartes anciennes
+  boot.kernelParams = lib.mkAfter [
+    "amdgpu.si_support=0"
+    "amdgpu.cik_support=0"
+    "radeon.si_support=0"
+    "radeon.cik_support=0"
+  ];
+
+  # Si un module sonde "k10temp" gêne :
+  boot.blacklistedKernelModules = ["k10temp"];
+}
--- a/modules/hardware/sensors-zenpower.nix
+++ b/modules/hardware/sensors-zenpower.nix
@ -0,0 +1,12 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  boot.kernelModules = lib.mkAfter ["zenpower"];
+  boot.extraModulePackages = [config.boot.kernelPackages.zenpower];
+  hardware.sensor.iio.enable = lib.mkDefault true;
+  services.hardware.bolt.enable = lib.mkDefault false;
+}
+# vim: set ts=2 sw=2 sts=2 et :
+
--- a/modules/roles/workstation.nix
+++ b/modules/roles/workstation.nix
@ -0,0 +1,33 @@
+{pkgs, ...}: {
+  imports = [
+    ../common/nix.nix
+
+    # Matériel
+    ../hardware/gpu-amd.nix
+    ../hardware/sensors-zenpower.nix
+
+    # Virtualisation/tuning
+    ../virtual/kvm-amd.nix
+    ../virtual/vfio.nix
+
+    # Dev
+    ../dev/qemu.nix
+    ../virtual/truenas.nix # seulement si tu l’utilises sur ce host
+  ];
+
+  environment.systemPackages = with pkgs; [
+    git
+    vim
+    wget
+    curl
+    ripgrep
+    fd
+    pciutils
+    usbutils
+    p7zip
+    gdu
+    glances
+    parted
+    tmux
+  ];
+}
--- a/modules/services/printing.nix
+++ b/modules/services/printing.nix
@ -0,0 +1,3 @@
+_: {
+  services.printing.enable = true;
+}
--- a/modules/virtual/aarch64/AAVMF_CODE.fd
+++ b/modules/virtual/aarch64/AAVMF_CODE.fd
--- a/modules/virtual/aarch64/AAVMF_VARS.fd
+++ b/modules/virtual/aarch64/AAVMF_VARS.fd
--- a/modules/virtual/kvm-amd.nix
+++ b/modules/virtual/kvm-amd.nix
@ -0,0 +1,3 @@
+{lib, ...}: {
+  boot.kernelModules = lib.mkAfter ["kvm-amd"];
+}
--- a/modules/virtual/truenas.nix
+++ b/modules/virtual/truenas.nix
@ -0,0 +1,78 @@
+{pkgs, ...}: {
+  boot = {
+    initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"];
+    extraModprobeConfig = ''
+      options vfio-pci ids=1022:43f6
+    '';
+    kernelParams = [
+      "amd_iommu=on"
+      "iommu=pt"
+    ];
+  };
+  users.users.lomig.extraGroups = ["disk"];
+  security.pam.loginLimits = [
+    {
+      domain = "lomig";
+      type = "soft";
+      item = "memlock";
+      value = "infinity";
+    }
+    {
+      domain = "lomig";
+      type = "hard";
+      item = "memlock";
+      value = "infinity";
+    }
+  ];
+  boot.kernel.sysctl."vm.nr_hugepages" = 1024;
+  fileSystems."/dev/hugepages" = {
+    device = "hugetlbfs";
+    fsType = "hugetlbfs";
+  };
+
+  #  services.udev.extraRules = ''
+  #    SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500b0179482", GROUP="disk", MODE="0660"
+  #    SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc529430", GROUP="disk", MODE="0660"
+  #    SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc53994a", GROUP="disk", MODE="0660"
+  #    SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc5551d4", GROUP="disk", MODE="0660"
+  #    SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660"
+  #    '';
+
+  systemd.services.truenas-vm = {
+    wantedBy = ["multi-user.target"];
+    after = ["network-online.target"];
+    wants = ["network-online.target"];
+    serviceConfig = {
+      RuntimeDirectory = "truenas";
+      ExecStartPre = "/run/current-system/sw/bin/rm -f /run/truenas/qmp.sock";
+      ExecStart = ''
+        /run/current-system/sw/bin/qemu-system-x86_64 -enable-kvm -m 4096 -smp 2 \
+        -drive file=/home/lomig/vm/truenas.qcow2,if=none,format=qcow2,id=os \
+        -device vfio-pci,host=0e:00.0 \
+        -netdev bridge,br=br0,id=n1,helper=/run/wrappers/bin/qemu-bridge-helper \
+        -device virtio-net-pci,netdev=n1,mac=52:54:00:00:01:02 \
+        -device virtio-blk-pci,drive=os,bootindex=0 \
+        -qmp unix:/run/truenas.qmp,server,nowait -display none
+      '';
+      ExecStop = ''
+        echo '{"execute":"system_powerdown"}' | socat - UNIX-CONNECT:/run/truenas.qmp || true ; sleep 5
+      '';
+      Restart = "on-failure";
+      RestartSec = 3;
+      StartLimitIntervalSec = 60;
+      StartLimitBurst = 5;
+    };
+  };
+
+  systemd.services.resume-truenas-vm = {
+    description = "Restart Truenas VM after resume";
+    wantedBy = ["sleep.target"];
+    after = ["sleep.target"];
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = "${pkgs.systemd}/bin/systemctl try-restart truenas-vm.service";
+    };
+  };
+}
+# vim: set ts=2 sw=2 sts=2 et :
+
--- a/modules/virtual/vfio.nix
+++ b/modules/virtual/vfio.nix
@ -0,0 +1,19 @@
+{lib, ...}: {
+  # Ajoute dans l’initrd sans auto-référencer l’option
+  boot = {
+    initrd.kernelModules = lib.mkAfter [
+      "vfio_pci"
+      "vfio"
+      "vfio_iommu_type1"
+    ];
+
+    # Ajoute les params IOMMU proprement
+    kernelParams = lib.mkAfter [
+      "amd_iommu=on"
+      "iommu=pt"
+    ];
+
+    # Valeur par défaut (sans référencer config.*)
+    kernel.sysctl."vm.nr_hugepages" = lib.mkDefault 1024;
+  };
+}