DuN0z/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor

Browse source
This commit is contained in:
Lomig 2025-09-04 10:21:17 +02:00
parent 556e0e1eb2
commit e0a82ee731
49 changed files with 1076 additions and 765 deletions
Download patch file Download diff file Expand all files Collapse all files

9
apps/browser.nix
View file

@ -1,9 +0,0 @@
{ config, pkgs, ... }:
{
programs.firefox = {
enable = true ;
languagePacks = [ "fr" ] ;
};
}
# vim: set ts=2 sw=2 sts=2 et :

93
apps/gitea.nix
View file

@ -1,93 +0,0 @@
{ config, pkgs, ... }:
let
domain = "git.lomig.me"; # <-- mets ton domaine
giteaHttpPort = 3000; # port local de Gitea
in {
########################################
# Base système
########################################
networking.firewall.allowedTCPPorts = [ 80 443 22 ]; # HTTP(S) + SSH (22)
services.openssh.enable = true; # si tu veux aussi OpenSSH pour le reste
########################################
# Base de données Postgres
########################################
services.postgresql = {
enable = true;
ensureDatabases = [ "gitea" ];
ensureUsers = [
{ name = "gitea";
ensureDBOwnership = true;
}
];
};
########################################
# Gitea
########################################
services.gitea = {
enable = true;
appName = "Gitea";
user = "gitea"; # user système service
database = {
type = "postgres";
user = "gitea";
name = "gitea";
host = "127.0.0.1";
};
# Répertoire de données (par défaut: /var/lib/gitea)
stateDir = "/var/lib/gitea";
# Réglages gitea.ini
settings = {
server = {
PROTOCOL = "http";
HTTP_ADDR = "127.0.0.1";
HTTP_PORT = giteaHttpPort;
DOMAIN = domain;
ROOT_URL = "https://${domain}/";
SSH_DOMAIN = domain;
# SSH intégré par Gitea (pratique : pas besoin de configurer un port séparé)
START_SSH_SERVER = true;
SSH_LISTEN_PORT = 2222; # port interne Gitea
SSH_PORT = 22; # port public affiché dans les URLs clone
};
service = {
DISABLE_REGISTRATION = true; # tu créeras les comptes toimême
REQUIRE_SIGNIN_VIEW = false;
REGISTER_EMAIL_CONFIRM = true;
};
# SMTP (remplace par ton vrai relais)
log = {
MODE = "console";
LEVEL = "Info";
};
};
# Création d'un admin au premier démarrage (facultatif mais pratique)
# Remplace le mot de passe et lemail :
# L'utilisateur est créé si inexistant.
};
########################################
# Caddy reverse proxy + TLS
########################################
services.caddy = {
enable = true;
virtualHosts."${domain}".extraConfig = ''
encode zstd gzip
reverse_proxy 127.0.0.1:${toString giteaHttpPort}
'';
# Par défaut, Caddy va récupérer un certificat Let's Encrypt pour le domaine public
# Si domaine local sans DNS public, ajoute `tls internal` dans extraConfig.
};
}
# vim: set ts=2 sw=2 sts=2 et :

43
apps/qemu.nix
View file

@ -1,43 +0,0 @@
{ config, pkgs, ... }:
{
boot.kernelModules = [ "tun" ];
environment.systemPackages = with pkgs; [
qemu_kvm
];
services.spice-vdagentd.enable = true;
virtualisation.libvirtd = {
enable = true ;
qemu = {
swtpm.enable = true ;
ovmf.enable = true ;
ovmf.packages = [ pkgs.OVMFFull.fd ];
runAsRoot = false ;
};
};
users.users.lomig.extraGroups = [ "libvirtd" "kvm" "input" ];
networking.firewall.allowedTCPPorts = [ 5900 5901 5902 ] ;
networking.useNetworkd = true ;
networking.useDHCP = false ;
services.resolved.enable = true ;
networking.bridges.br0.interfaces = [ "enp11s0" ];
systemd.network.networks."10-br0" = {
matchConfig.Name = "br0";
networkConfig.DHCP = "yes" ;
};
# security.wrappers.qemu-bridge-helper = {
# source = "${pkgs.qemu_kvm}/libexec/qemu-bridge-helper";
# owner = "root";
# group = "root";
# setuid = true ;
# permissions = "u+xs,g+x,o-x";
# };
environment.etc."qemu/bridge.conf".text = ''
allow br0
'';
}
# vim: set ts=2 sw=2 sts=2 et :

6
apps/template.nix
View file

@ -1,6 +0,0 @@
{ config, pkgs, ... }:
{
}
# vim: set ts=2 sw=2 sts=2 et :

64
apps/truenas.nix
View file

@ -1,64 +0,0 @@
{ config, pkgs, ... }:
{
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.extraModprobeConfig = ''
options vfio-pci ids=1022:43f6
'';
boot.kernelParams = [
"amd_iommu=on"
"iommu=pt"
];
users.users.lomig.extraGroups = [ "disk" ];
security.pam.loginLimits = [
{ domain="lomig"; type="soft"; item="memlock"; value="infinity"; }
{ domain="lomig"; type="hard"; item="memlock"; value="infinity"; }
];
boot.kernel.sysctl."vm.nr_hugepages" = 1024;
fileSystems."/dev/hugepages" = { device="hugetlbfs"; fsType="hugetlbfs"; };
# services.udev.extraRules = ''
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500b0179482", GROUP="disk", MODE="0660"
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc529430", GROUP="disk", MODE="0660"
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc53994a", GROUP="disk", MODE="0660"
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc5551d4", GROUP="disk", MODE="0660"
# SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660"
# '';
systemd.services.truenas-vm = {
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
serviceConfig = {
RuntimeDirectory = "truenas" ;
ExecStartPre = "/run/current-system/sw/bin/rm -f /run/truenas/qmp.sock";
ExecStart = ''
/run/current-system/sw/bin/qemu-system-x86_64 -enable-kvm -m 4096 -smp 2 \
-drive file=/home/lomig/vm/truenas.qcow2,if=none,format=qcow2,id=os \
-device vfio-pci,host=0e:00.0 \
-netdev bridge,br=br0,id=n1,helper=/run/wrappers/bin/qemu-bridge-helper \
-device virtio-net-pci,netdev=n1,mac=52:54:00:00:01:02 \
-device virtio-blk-pci,drive=os,bootindex=0 \
-qmp unix:/run/truenas.qmp,server,nowait -display none
'';
ExecStop = ''
echo '{"execute":"system_powerdown"}' | socat - UNIX-CONNECT:/run/truenas.qmp || true ; sleep 5
'';
Restart = "on-failure";
RestartSec = 3 ;
StartLimitIntervalSec = 60 ;
StartLimitBurst = 5 ;
};
};
systemd.services.resume-truenas-vm = {
description = "Restart Truenas VM after resume" ;
wantedBy = [ "sleep.target" ];
after = [ "sleep.target" ];
serviceConfig = {
Type = "oneshot" ;
ExecStart = "${pkgs.systemd}/bin/systemctl try-restart truenas-vm.service";
};
};
}
# vim: set ts=2 sw=2 sts=2 et :

33
apps/zsh.nix
View file

@ -1,33 +0,0 @@
{ config, pkgs, ... }:
{
programs.dircolors.enableZshIntegration = true ;
programs.zsh = {
autosuggestion.enable = true ;
dirHashes = {
dl = "$HOME/Téléchargements" ;
nix = "$HOME/nixos-config" ;
};
enable = true ;
enableCompletion = true ;
history = {
append = true ;
extended = true ;
findNoDups = true ;
ignoreAllDups = true ;
ignoreSpace = true ;
ignorePatterns = [ "rm *" "cd *" "ls *" "df *" "du *" "fastfetch" "tree" "pwd" "upd" ] ;
saveNoDups = false ;
};
shellAliases = {
h = "history" ;
upd = "sudo nixos-rebuild switch --flake $HOME/nixos-config#pennsardin; source ~/.zshrc" ;
};
shellGlobalAliases = {
G = "| grep";
M = "| more";
};
syntaxHighlighting.enable = true ;
};
}
# vim: set ts=2 sw=2 sts=2 et :

15
devshell.nix Normal file
View file

@ -0,0 +1,15 @@
{pkgs}:
pkgs.mkShell {
buildInputs = with pkgs; [
alejandra # formatteur nix officiel (rapide)
statix # linting pour repérer mauvaises pratiques
deadnix # détecte le code mort / imports inutiles
];
shellHook = ''
echo "Tools dispo :"
echo " alejandra . # formate tout ton Nix"
echo " statix check # lint"
echo " deadnix . # cherche le code mort"
'';
}

12
flake.lock generated
View file

@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756579987, "lastModified": 1756903364,
"narHash": "sha256-duCce8zGsaMsrqqOmLOsuaV1PVIw/vXWnKuLKZClsGg=", "narHash": "sha256-vZh/YH2D7oDFek10r0TbGn3qJrqGv69sSP+oF8PFDqQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "99a69bdf8a3c6bf038c4121e9c4b6e99706a187a", "rev": "6159629d05a0e92bb7fb7211e74106ae1d552401",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -22,11 +22,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1756578978, "lastModified": 1756892917,
"narHash": "sha256-dLgwMLIMyHlSeIDsoT2OcZBkuruIbjhIAv1sGANwtes=", "narHash": "sha256-hVsGRW6M3Rd2xSlKowNREyVHXCUbxHoktu1ujgxT4x8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a85a50bef870537a9705f64ed75e54d1f4bf9c23", "rev": "3f29c71a26f20c830b3708d02bfa62fb1890354a",
"type": "github" "type": "github"
}, },
"original": { "original": {

36
flake.nix
View file

@ -9,32 +9,28 @@
}; };
}; };
outputs = { self, nixpkgs, home-manager, ... }: outputs = {
let nixpkgs,
home-manager,
...
}: {
# --- Host NixOS (x86_64) ---
nixosConfigurations.pennsardin = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
};
in {
nixosConfigurations = {
pennsardin = nixpkgs.lib.nixosSystem {
inherit system;
modules = [ modules = [
./hosts/pennsardin/configuration.nix ./hosts/pennsardin/configuration.nix
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ # L'utilisateur HM est déclaré dans hosts/pennsardin/configuration.nix
home-manager.useGlobalPkgs = true ;
# home-manager.useUserPackages = true;
home-manager.users.lomig = import ./user/lomig.nix ;
}
]; ];
}; };
# --- DevShell (x86_64 uniquement) ---
devShells.x86_64-linux.default = import ./devshell.nix {
pkgs = import nixpkgs {system = "x86_64-linux";};
}; };
# --- Formatter (x86_64 uniquement) ---
formatter.x86_64-linux =
(import nixpkgs {system = "x86_64-linux";}).alejandra;
}; };
} }
# vim: set ts=2 sw=2 sts=2 et :

93
hm/apps/gitea.nix Normal file
View file

@ -0,0 +1,93 @@
_: let
domain = "git.lomig.me"; # <-- mets ton domaine
giteaHttpPort = 3000; # port local de Gitea
in {
########################################
# Base système
########################################
networking.firewall.allowedTCPPorts = [80 443 22]; # HTTP(S) + SSH (22)
services = {
openssh.enable = true; # si tu veux aussi OpenSSH pour le reste
########################################
# Base de données Postgres
########################################
postgresql = {
enable = true;
ensureDatabases = ["gitea"];
ensureUsers = [
{
name = "gitea";
ensureDBOwnership = true;
}
];
};
########################################
# Gitea
########################################
gitea = {
enable = true;
appName = "Gitea";
user = "gitea"; # user système service
database = {
type = "postgres";
user = "gitea";
name = "gitea";
host = "127.0.0.1";
};
};
# Répertoire de données (par défaut: /var/lib/gitea)
stateDir = "/var/lib/gitea";
# Réglages gitea.ini
settings = {
server = {
PROTOCOL = "http";
HTTP_ADDR = "127.0.0.1";
HTTP_PORT = giteaHttpPort;
DOMAIN = domain;
ROOT_URL = "https://${domain}/";
SSH_DOMAIN = domain;
# SSH intégré par Gitea (pratique : pas besoin de configurer un port séparé)
START_SSH_SERVER = true;
SSH_LISTEN_PORT = 2222; # port interne Gitea
SSH_PORT = 22; # port public affiché dans les URLs clone
};
service = {
DISABLE_REGISTRATION = true; # tu créeras les comptes toimême
REQUIRE_SIGNIN_VIEW = false;
REGISTER_EMAIL_CONFIRM = true;
};
# SMTP (remplace par ton vrai relais)
log = {
MODE = "console";
LEVEL = "Info";
};
};
# Création d'un admin au premier démarrage (facultatif mais pratique)
# Remplace le mot de passe et lemail :
# L'utilisateur est créé si inexistant.
};
########################################
# Caddy reverse proxy + TLS
########################################
services.caddy = {
enable = true;
virtualHosts."${domain}".extraConfig = ''
encode zstd gzip
reverse_proxy 127.0.0.1:${toString giteaHttpPort}
'';
# Par défaut, Caddy va récupérer un certificat Let's Encrypt pour le domaine public
# Si domaine local sans DNS public, ajoute `tls internal` dans extraConfig.
};
}
# vim: set ts=2 sw=2 sts=2 et :

12
hm/common/browser.nix Normal file
View file

@ -0,0 +1,12 @@
_: {
programs.firefox = {
enable = true;
languagePacks = ["fr"];
};
programs.floorp = {
enable = true;
languagePacks = ["fr"];
};
}
# vim: set ts=2 sw=2 sts=2 et :

1
hm/common/colours.nix Normal file
View file

@ -0,0 +1 @@
_: {}

123
hm/common/nvim.nix Normal file
View file

@ -0,0 +1,123 @@
{pkgs, ...}: {
programs.neovim = {
enable = true;
withNodeJs = true;
withPython3 = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
coc.enable = true;
plugins = with pkgs.vimPlugins; [
goyo-vim
nerdtree
limelight-vim
];
extraConfig = ''
set number
set relativenumber
set scrolloff=4
set signcolumn=yes
set mouse=a
set clipboard=unnamedplus
set ignorecase
set smartcase
set incsearch
set tabstop=2
set shiftwidth=2
set expandtab
set splitright
set splitbelow
set termguicolors
set updatetime=300
set undofile
let mapleader = " "
colorscheme retrobox
syntax enable
nnoremap <F10> :Goyo<CR>
inoremap <F10> <Esc> :Goyo<CR>
let g:goyo_width = 100
command! Q qall!
" --- Fichiers détat : swap / backup / undo ---
let s:state = has('unix') ? $HOME . '/.local/state/nvim' : $HOME . '/nvim-state'
" Crée les dossiers si besoin (silencieusement)
silent! call mkdir(s:state . '/swap', 'p')
silent! call mkdir(s:state . '/backup', 'p')
silent! call mkdir(s:state . '/undo', 'p')
augroup MdNoSuggest
autocmd!
autocmd FileType markdown let b:coc_suggest_disable = 1 | let b:coc_diagnostic_disable = 1
augroup END
" Goyo : pas de coupure de mots + Limelight auto
autocmd User GoyoEnter
\ let w:_wrap=&l:wrap | let w:_tw=&l:textwidth | let w:_fo=&l:formatoptions |
\ setlocal wrap linebreak nolist textwidth=0 |
\ setlocal formatoptions-=t formatoptions-=c formatoptions-=r formatoptions-=o formatoptions-=l |
\ Limelight
autocmd User GoyoLeave
\ if exists('w:_wrap') | let &l:wrap=w:_wrap | unlet w:_wrap | endif |
\ if exists('w:_tw') | let &l:textwidth=w:_tw | unlet w:_tw | endif |
\ if exists('w:_fo') | let &l:formatoptions=w:_fo | unlet w:_fo | endif |
\ Limelight!
" Swap files (fichiers déchange)
set directory^=~/.local/state/nvim/swap//
" Backups (copie avant écriture) optionnel mais utile
set backup
set writebackup
set backupdir=~/.local/state/nvim/backup//
" Undo persistant ( pour la rédaction)
set undofile
set undodir=~/.local/state/nvim/undo//
" --- Résolution auto des conflits de swap ---
augroup ResolveSwap
autocmd!
" Si un swap existe quand on ouvre un fichier
autocmd SwapExists * call s:ResolveSwap(v:swapname, expand('<afile>'))
augroup END
function! s:ResolveSwap(swapname, filename) abort
" Si le fichier sur disque est plus récent que le swap -> on édite quand même (e)
if getftime(a:filename) > getftime(a:swapname)
let v:swapchoice = 'e' " edit anyway (ignore le swap)
else
" Sinon, ouvre en lecture seule par prudence (o).
" Tu pourras décider ensuite (écraser, récupérer, diff).
let v:swapchoice = 'o'
endif
endfunction
" Rendre les messages de swap moins dramatiques
set shortmess+=A
'';
extraPackages = with pkgs; [
ripgrep
fd
xclip
];
};
}
# vim: set ts=2 sw=2 sts=2 et :

32
hm/common/zsh.nix Normal file
View file

@ -0,0 +1,32 @@
_: {
programs.dircolors.enableZshIntegration = true;
programs.zsh = {
autosuggestion.enable = true;
dirHashes = {
dl = "$HOME/Téléchargements";
nix = "$HOME/nixos-config";
};
enable = true;
enableCompletion = true;
history = {
append = true;
extended = true;
findNoDups = true;
ignoreAllDups = true;
ignoreSpace = true;
ignorePatterns = ["rm *" "cd *" "ls *" "df *" "du *" "fastfetch" "tree" "pwd" "upd"];
saveNoDups = false;
};
shellAliases = {
h = "history";
upd = "sudo nixos-rebuild switch --flake $HOME/nixos-config#pennsardin; source ~/.zshrc";
};
shellGlobalAliases = {
G = "| grep";
M = "| more";
};
syntaxHighlighting.enable = true;
};
}
# vim: set ts=2 sw=2 sts=2 et :

150
hm/desktop/bspwm.nix Normal file
View file

@ -0,0 +1,150 @@
# hm/desktop/bspwm.nix
{ pkgs, ... }:
{
home.packages = with pkgs; [
bspwm sxhkd xorg.xinit xterm alacritty rofi feh font-awesome
picom xorg.xset xidlehook betterlockscreen pywal16 imagemagick
pulsemixer ranger jq file highlight unzip
];
# Gère le ssh-agent proprement côté user
services.ssh-agent.enable = true;
xsession.enable = true;
xsession.windowManager.bspwm = {
enable = true;
# Démarrages au login X
startupPrograms = [
"sxhkd -m 1"
"setxkbmap bepovim"
"xrandr --output DisplayPort-1 --rate 60 --pos 0x0"
"while pgrep -x polybar >/dev/null; do sleep 0.2; done; polybar main"
# fond décran (feh)
"bash ~/.fehbg"
];
extraConfig = ''
bspc config borderless_monocle true
bspc config gapless_monocle true
bspc config single_monocle true
bspc monitor -d I II III IV V VI
'';
};
# Réglages X (corrigé : c'était 'xsession s noblank' -> 'xset s noblank')
xsession.initExtra = ''
xset s 300 300
xset s on
xset s noblank
xset +dpms
xset dpms 0 0 500
'';
# sxhkd
services.sxhkd = {
enable = true;
extraOptions = [ "-m" "1" ];
keybindings = {
"super + Return" = "alacritty";
"super + c" = "bspc node -c";
"Menu" = "rofi -show drun";
"super + space" = "rofi -show drun";
"F1" = "bspc desktop -f ^1";
"F2" = "bspc desktop -f ^2";
"F3" = "bspc desktop -f ^3";
"F4" = "bspc desktop -f ^4";
"F5" = "bspc desktop -f ^5";
"F6" = "bspc desktop -f ^6";
"shift + F1" = "bspc node -d ^1 --follow";
"shift + F2" = "bspc node -d ^2 --follow";
"shift + F3" = "bspc node -d ^3 --follow";
"shift + F4" = "bspc node -d ^4 --follow";
"shift + F5" = "bspc node -d ^5 --follow";
"shift + F6" = "bspc node -d ^6 --follow";
"super + h" = "bspc node -f west";
"super + j" = "bspc node -f south";
"super + k" = "bspc node -f north";
"super + l" = "bspc node -f east";
"super + shift + h" = "bspc node -s west";
"super + shift + j" = "bspc node -s south";
"super + shift + k" = "bspc node -s north";
"super + shift + l" = "bspc node -s east";
"super + f" = "bspc node -t fullscreen";
"super + s" = "bspc node -t floating";
"super + shift + t" = "bspc node -t pseudo_tiled";
"super + t" = "bspc node -t tiled";
};
};
# xidlehook (user service)
systemd.user.services.xidlehook = {
Unit.Description = "Idle: lock at 5min, suspend at ~8min";
Service = {
ExecStart = ''
${pkgs.xidlehook}/bin/xidlehook \
--detect-sleep \
--not-when-fullscreen \
--timer 300 "${pkgs.betterlockscreen}/bin/betterlockscreen -l dim" "" \
--timer 500 "systemctl suspend" ""
'';
Restart = "always";
};
Install.WantedBy = [ "graphical-session.target" ];
};
# polybar (config intégrée pour démarrer simple)
services.polybar = {
enable = true;
script = "polybar main &";
config = {
"bar/main" = {
width = "100%";
height = "28";
font-1 = "Font Awesome 6 Free:style=Solid:pixelsize=10;2";
modules-left = "bspwm";
modules-center = "date";
modules-right = "pulseaudio memory cpu";
};
"module/bspwm" = {
type = "internal/bspwm";
label-focused = "%name%";
label-focused-foreground = "#e6e0de";
label-focused-padding = 2;
label-occupied = "%name%";
label-occupied-padding = 2;
label-urgent = "%name%";
label-urgent-background = "#e42127";
label-urgent-foreground = "#ffffff";
label-empty = "%name%";
label-empty-foreground = "#645d56";
label-empty-padding = 2;
};
"module/date" = {
type = "internal/date";
interval = 60;
date = "%d-%m-%Y %H:%M";
};
};
};
# alacritty
programs.alacritty = {
enable = true;
settings = {
general.import = [ "~/.cache/wal/colors-alacritty.toml" ];
font = {
normal = { family = "Iosevka Nerd Font"; style = "Regular"; };
bold = { family = "Iosevka Nerd Font"; style = "Bold"; };
italic = { family = "Iosevka Nerd Font"; style = "Italic"; };
size = 9;
};
};
};
}

5
apps/picom.nix → hm/desktop/common/picom.nix
View file

@ -1,5 +1,4 @@
{ config, pkgs, ... }: _: {
{
services.picom = { services.picom = {
enable = true; enable = true;
backend = "glx"; # plus fluide si ta carte gère bien OpenGL backend = "glx"; # plus fluide si ta carte gère bien OpenGL
@ -47,5 +46,5 @@
}; };
}; };
} }
# vim: set ts=2 sw=2 sts=2 et : # vim: set ts=2 sw=2 sts=2 et :

25
hm/users/lomig.nix Normal file
View file

@ -0,0 +1,25 @@
{pkgs, ...}: {
imports = [
../../hm/common/browser.nix
../common/nvim.nix
../../hm/common/zsh.nix
../desktop/bspwm.nix
];
home.stateVersion = "25.05"; # ou ton actuelle
home = {
username = "lomig";
homeDirectory = "/home/lomig";
packages = with pkgs; [
bat
fastfetch
nerd-fonts.iosevka
obsidian
smug
telegram-desktop
tree
];
};
programs.zsh.enable = true;
}
# vim: set ts=2 sw=2 sts=2 et :

98
hosts/pennsardin/bepovim.nix
View file

@ -1,98 +0,0 @@
{ config, pkgs, lib, ... }:
{
services.xserver.xkb.extraLayouts.bepovim = {
description = "Clavier Bepovim 4 niveaux";
languages = [ "fr" ];
symbolsFile = builtins.toFile "bepovim.xkb" ''
xkb_symbols "basic" {
name[Group1] = "Bepovim";
key <ESC> { [ Escape ] };
key <AE01> { [ dollar, numbersign ] };
key <AE02> { [ less, 1, guillemotleft ] };
key <AE03> { [ greater, 2, guillemotright ] };
key <AE04> { [ parenleft, 3, bracketleft ] };
key <AE05> { [ parenright, 4, bracketright ] };
key <AE06> { [ at, 5, braceleft ] };
key <AE07> { [ plus, 6, braceright ] };
key <AE08> { [ minus, 7, asciitilde ] };
key <AE09> { [ asterisk, 8 ] };
key <AE10> { [ slash, 9, backslash ] };
key <AE11> { [ quotedbl, 0, percent ] };
key <AE12> { [ equal, ampersand ] };
key <BKSP> { [ BackSpace ] };
key <TAB> { [ Tab, ISO_Left_Tab ] };
key <AD01> { [ b, B ] };
key <AD02> { [ eacute, Eacute ] };
key <AD03> { [ p, P ] };
key <AD04> { [ o, O ] };
key <AD05> { [ r, R ] };
key <AD06> { [ dead_circumflex, grave ] };
key <AD07> { [ v, V ] };
key <AD08> { [ s, S ] };
key <AD09> { [ t, T ] };
key <AD10> { [ d, D ] };
key <AD11> { [ egrave, Egrave ] };
key <AD12> { [ ccedilla, Ccedilla ] };
key <RTRN> { [ Return ] };
key <AC01> { [ c, C ] };
key <AC02> { [ a, A ] };
key <AC03> { [ u, U ] };
key <AC04> { [ i, I ] };
key <AC05> { [ e, E, EuroSign ] };
key <AC06> { [ period, question ] };
key <AC07> { [ n, N ] };
key <AC08> { [ h, H, Left ] };
key <AC09> { [ j, J, Down ] };
key <AC10> { [ k, K, Up ] };
key <AC11> { [ l, L, Right ] };
key <AC12> { [ m, M ] };
key <LFSH> { [ Shift_L ] };
key <LSGT> { [ q, Q ] };
key <AB01> { [ w, W ] };
key <AB02> { [ agrave, Agrave ] };
key <AB03> { [ f, F ] };
key <AB04> { [ colon, bar ] };
key <AB05> { [ comma, semicolon ] };
key <AB06> { [ apostrophe, exclam ] };
key <AB07> { [ x, X ] };
key <AB08> { [ g, G ] };
key <AB09> { [ z, Z ] };
key <AB10> { [ y, Y ] };
key <DELE> { [ Up ] };
key <DOWN> { [ Left ] };
key <RGHT> { [ Down ] };
key <INS> { [ Right ] };
key <LCTL> { [ Control_L ] };
key <LALT> { [ Alt_L ] };
key <SPCE> { [ space, underscore, nobreakspace, U202F ] };
key <RALT> { [ ISO_Level3_Shift ] };
key <FK02> { [ F1, F1 ] };
key <FK03> { [ F2, F2 ] };
key <FK04> { [ F3, F3 ] };
key <FK05> { [ F4, F4 ] };
key <FK06> { [ F5, F5 ] };
key <FK07> { [ F6, F6 ] };
key <FK08> { [ F7, F7 ] };
key <FK09> { [ F8, F8 ]};
key <FK10> { [ F9, F9 ] };
key <FK11> { [ F10, F10 ] };
key <FK12> { [ F11, F11 ] };
};
'';
};
services.xserver.xkb.layout = "bepovim";
services.xserver.xkb.variant = "basic";
services.xserver.xkb.options = "lv3:ralt_switch";
console.useXkbConfig = true;
}
# vim: set ts=2 sw=2 sts=2 et :

150
hosts/pennsardin/configuration.nix
View file

@ -1,47 +1,14 @@
{ config, pkgs, lib, desktop, ... }: {pkgs, ...}: {
{
imports = [ imports = [
./bepovim.nix ../../profiles/workstation-bspwm.nix
../../wm/plasma.nix ../../modules/hardware/bepovim.nix
../../apps/qemu.nix ../../modules/dev/qemu.nix
../../apps/gitea.nix ../../modules/common/nix.nix
../../apps/truenas.nix
]; ];
nix.settings.experimental-features = ["nix-command" "flakes" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" "amdgpu" ]; networking.hostName = "pennsardin";
boot.kernelModules = [ "amdgpu" "kvm-amd" ];
boot.extraModulePackages = [];
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelParams = [
"mem_sleep_default=deep"
"amdgpu.si_support=0"
"amdgpu.cik_support=0"
"radeon.si_support=0"
"radeon.cik_support=0"
"quiet"
"splash"
"boot.shell_on_fail"
"udev.log_priority=3"
"rd.systemd.show_status=auto"
];
boot.plymouth.enable = true ;
boot.plymouth.theme = "spinner" ;
boot.consoleLogLevel = 3 ;
boot.initrd.verbose = false ;
boot.loader.timeout = 5;
boot.loader.systemd-boot.enable = true ;
boot.loader.systemd-boot.consoleMode = "max" ;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot";
boot.tmp.cleanOnBoot = true ;
systemd.coredump.enable = false ;
services.journald.extraConfig = ''
SystemMaxUse=200M
RuntimeMaxUse=100M
'';
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/b4e3577b-17ab-4a89-9aeb-4e223be4c75b"; # à adapter si tu as un autre label/disque device = "/dev/disk/by-uuid/b4e3577b-17ab-4a89-9aeb-4e223be4c75b"; # à adapter si tu as un autre label/disque
@ -49,109 +16,18 @@
}; };
swapDevices = []; swapDevices = [];
hardware.firmware = with pkgs ; [ linux-firmware ];
hardware.enableRedistributableFirmware = true;
hardware.graphics = {
enable = true ;
extraPackages = with pkgs ; [
mesa libva libva-utils libvdpau libva-vdpau-driver vaapiVdpau libvdpau-va-gl amdvlk vulkan-tools vulkan-loader vulkan-validation-layers
];
enable32Bit = true ;
};
environment.variables = {
LIBVA_DRIVER_NAME = "radeonsi";
VDPAU_DRIVER = "va_gl";
};
environment.defaultPackages = lib.mkForce [] ;
hardware.bluetooth.enable = true ;
environment.etc."pam.d/i3lock".text = ''
auth include login
account include login
password include login
session include login
'';
services.blueman.enable = true ;
services.logind.settings.Login = {
IdleAction="suspend";
IdleActionSec="5min";
HandleLidSwitch="suspend";
HandleLidSwitchDocked="ignore";
};
services.openssh.enable = true ;
services.xserver.enable = true ;
services.xserver.videoDrivers = [ "amdgpu" ];
networking.hostName = "pennsardin";
networking.firewall.enable = true ;
time.timeZone = "Europe/Paris";
# Select internationalisation properties.
i18n.defaultLocale = "fr_FR.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "fr_FR.UTF-8";
LC_IDENTIFICATION = "fr_FR.UTF-8";
LC_MEASUREMENT = "fr_FR.UTF-8";
LC_MONETARY = "fr_FR.UTF-8";
LC_NAME = "fr_FR.UTF-8";
LC_NUMERIC = "fr_FR.UTF-8";
LC_PAPER = "fr_FR.UTF-8";
LC_TELEPHONE = "fr_FR.UTF-8";
LC_TIME = "fr_FR.UTF-8";
};
services.printing.enable = true ;
# Enable sound with pipewire.
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
environment.systemPackages = with pkgs; [
p7zip
btrfs-progs
cifs-utils
evtest
gdu
git
glances
lm_sensors
neovim
nixos-bgrt-plymouth
parted
pciutils
pulseaudio
snapper
tmux
usbutils
xorg.xev
xorg.xkbcomp
];
programs.steam.enable = true ;
hardware.xpadneo.enable = true ;
programs.zsh.enable = true;
users.users.lomig = { users.users.lomig = {
isNormalUser = true; isNormalUser = true;
extraGroups = ["networkmanager" "lp" "wheel"]; extraGroups = ["networkmanager" "lp" "wheel"];
shell = pkgs.zsh; shell = pkgs.zsh;
}; };
nixpkgs.config = { home-manager = {
allowUnfree = true; useGlobalPkgs = true;
allowUnsupportedSystem = true ; users.lomig = import ../../hm/users/lomig.nix;
}; };
system.stateVersion = "25.05"; # pour éviter les hurlements inutiles system.stateVersion = "25.05"; # pour éviter les hurlements inutiles
} }
# vim: set ts=2 sw=2 sts=2 et : # vim: set ts=2 sw=2 sts=2 et :

1
hosts/pennsardin/hardware.nix Normal file
View file

@ -0,0 +1 @@
_: {}

10
modules/common/audio.nix Normal file
View file

@ -0,0 +1,10 @@
_: {
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
}

27
modules/common/base.nix Normal file
View file

@ -0,0 +1,27 @@
{lib, ...}: {
time.timeZone = "Europe/Paris";
i18n.defaultLocale = "fr_FR.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "fr_FR.UTF-8";
LC_IDENTIFICATION = "fr_FR.UTF-8";
LC_MEASUREMENT = "fr_FR.UTF-8";
LC_MONETARY = "fr_FR.UTF-8";
LC_NAME = "fr_FR.UTF-8";
LC_NUMERIC = "fr_FR.UTF-8";
LC_PAPER = "fr_FR.UTF-8";
LC_TELEPHONE = "fr_FR.UTF-8";
LC_TIME = "fr_FR.UTF-8";
};
# journald & coredump
systemd.coredump.enable = false;
services.journald.extraConfig = ''
SystemMaxUse=200M
RuntimeMaxUse=100M
'';
boot.tmp.cleanOnBoot = true;
environment.defaultPackages = lib.mkForce [];
programs.zsh.enable = true; # shell dispo au niveau système
}

4
modules/common/bluetooth.nix Normal file
View file

@ -0,0 +1,4 @@
_: {
hardware.bluetooth.enable = true;
services.blueman.enable = true;
}

8
modules/common/energy.nix Normal file
View file

@ -0,0 +1,8 @@
_: {
services.logind.settings.Login = {
IdleAction = "suspend";
IdleActionSec = "5min";
HandleLidSwitch = "suspend";
HandleLidSwitchDocked = "ignore";
};
}

4
modules/common/gaming.nix Normal file
View file

@ -0,0 +1,4 @@
_: {
programs.steam.enable = true;
hardware.xpadneo.enable = true;
}

8
modules/common/lockscreen.nix Normal file
View file

@ -0,0 +1,8 @@
_: {
environment.etc."pam.d/i3lock".text = ''
auth include login
account include login
password include login
session include login
'';
}

8
modules/common/networking.nix Normal file
View file

@ -0,0 +1,8 @@
_: {
networking = {
networkmanager.enable = true;
nameservers = ["1.1.1.1" "8.8.8.8"];
dhcpcd.extraConfig = "nohook resolv.conf";
firewall.enable = true;
};
}

11
modules/common/nix.nix Normal file
View file

@ -0,0 +1,11 @@
{config, ...}: {
nix.settings = {
auto-optimise-store = true;
experimental-features = ["nix-command" "flakes"];
};
nixpkgs.config = {
allowUnfree = true;
allowUnsupportedSystem = true;
};
}

36
modules/common/plymouth.nix Normal file
View file

@ -0,0 +1,36 @@
{
lib,
pkgs,
...
}: {
boot = {
plymouth.enable = true;
plymouth.theme = "spinner";
consoleLogLevel = 3;
initrd.verbose = false;
# Ajouts "quiet/splash" propres (sans auto-référence)
kernelParams = lib.mkAfter [
"mem_sleep_default=deep"
"quiet"
"splash"
"boot.shell_on_fail"
"udev.log_priority=3"
"rd.systemd.show_status=auto"
];
loader = {
timeout = 5;
systemd-boot.enable = true;
systemd-boot.consoleMode = "max";
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
};
environment.systemPackages = with pkgs; [
nixos-bgrt-plymouth
];
}

18
modules/desktop/gnome.nix Normal file
View file

@ -0,0 +1,18 @@
{lib, ...}: {
services = {
displayManager = {
gdm.enable = true;
sddm.enable = lib.mkForce false;
};
desktopManager = {
gnome.enable = true;
plasma6.enable = lib.mkForce false;
};
xserver = {
windowManager.bspwm.enable = lib.mkForce false;
displayManager.lightdm.enable = lib.mkForce false;
};
};
}
# vim: set ts=2 sw=2 sts=2 et :

18
modules/desktop/plasma.nix Normal file
View file

@ -0,0 +1,18 @@
{lib, ...}: {
services = {
displayManager = {
gdm.enable = lib.mkForce false;
sddm.enable = true;
};
desktopManager = {
gnome.enable = lib.mkForce false;
plasma6.enable = true;
};
xserver = {
windowManager.bspwm.enable = lib.mkForce false;
displayManager.lightdm.enable = lib.mkForce false;
};
};
}
# vim: set ts=2 sw=2 sts=2 et :

25
modules/desktop/xorg-bspwm.nix Normal file
View file

@ -0,0 +1,25 @@
{
config,
lib,
...
}: {
services = {
xserver = {
enable = true;
displayManager = {
lightdm.enable = true;
};
windowManager.bspwm.enable = true ;
};
displayManager = {
gdm.enable = lib.mkForce false;
sddm.enable = lib.mkForce false;
};
desktopManager = {
gnome.enable = lib.mkForce false;
plasma6.enable = lib.mkForce false;
};
};
}
# vim: set ts=2 sw=2 sts=2 et :

54
modules/dev/qemu.nix Normal file
View file

@ -0,0 +1,54 @@
{
lib,
pkgs,
...
}: {
imports = [
../virtual/truenas.nix
];
boot.kernelModules = lib.mkAfter ["tun"];
environment.systemPackages = with pkgs; [
qemu_kvm
virtiofsd
];
services = {
udev.extraRules = ''
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500b0179482", GROUP="disk", MODE="0660"
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc529430", GROUP="disk", MODE="0660"
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc53994a", GROUP="disk", MODE="0660"
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc5551d4", GROUP="disk", MODE="0660"
SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660"
'';
spice-vdagentd.enable = true;
resolved.enable = true;
};
virtualisation.libvirtd = {
enable = true;
qemu = {
swtpm.enable = true;
ovmf.enable = true;
ovmf.packages = [pkgs.OVMFFull.fd];
runAsRoot = false;
};
};
users.users.lomig.extraGroups = ["libvirtd" "kvm" "input"];
networking = {
firewall.allowedTCPPorts = [5900 5901 5902];
useDHCP = false;
bridges.br0.interfaces = ["enp11s0"];
};
systemd.network.networks."10-br0" = {
matchConfig.Name = "br0";
networkConfig.DHCP = "yes";
};
environment.etc."qemu/bridge.conf".text = ''
allow br0
'';
}
# vim: set ts=2 sw=2 sts=2 et :

100
modules/hardware/bepovim.nix Normal file
View file

@ -0,0 +1,100 @@
_: {
services.xserver.xkb = {
layout = "bepovim";
variant = "basic";
options = "lv3:ralt_switch";
extraLayouts.bepovim = {
description = "Clavier Bepovim 4 niveaux";
languages = ["fr"];
symbolsFile = builtins.toFile "bepovim.xkb" ''
xkb_symbols "basic" {
name[Group1] = "Bepovim";
key <ESC> { [ Escape ] };
key <AE01> { [ dollar, numbersign ] };
key <AE02> { [ less, 1, guillemotleft ] };
key <AE03> { [ greater, 2, guillemotright ] };
key <AE04> { [ parenleft, 3, bracketleft ] };
key <AE05> { [ parenright, 4, bracketright ] };
key <AE06> { [ at, 5, braceleft ] };
key <AE07> { [ plus, 6, braceright ] };
key <AE08> { [ minus, 7, asciitilde ] };
key <AE09> { [ asterisk, 8 ] };
key <AE10> { [ slash, 9, backslash ] };
key <AE11> { [ quotedbl, 0, percent ] };
key <AE12> { [ equal, ampersand ] };
key <BKSP> { [ BackSpace ] };
key <TAB> { [ Tab, ISO_Left_Tab ] };
key <AD01> { [ b, B ] };
key <AD02> { [ eacute, Eacute ] };
key <AD03> { [ p, P ] };
key <AD04> { [ o, O ] };
key <AD05> { [ r, R ] };
key <AD06> { [ dead_circumflex, grave ] };
key <AD07> { [ v, V ] };
key <AD08> { [ s, S ] };
key <AD09> { [ t, T ] };
key <AD10> { [ d, D ] };
key <AD11> { [ egrave, Egrave ] };
key <AD12> { [ ccedilla, Ccedilla ] };
key <RTRN> { [ Return ] };
key <AC01> { [ c, C ] };
key <AC02> { [ a, A ] };
key <AC03> { [ u, U ] };
key <AC04> { [ i, I ] };
key <AC05> { [ e, E, EuroSign ] };
key <AC06> { [ period, question ] };
key <AC07> { [ n, N ] };
key <AC08> { [ h, H, Left ] };
key <AC09> { [ j, J, Down ] };
key <AC10> { [ k, K, Up ] };
key <AC11> { [ l, L, Right ] };
key <AC12> { [ m, M ] };
key <LFSH> { [ Shift_L ] };
key <LSGT> { [ q, Q ] };
key <AB01> { [ w, W ] };
key <AB02> { [ agrave, Agrave ] };
key <AB03> { [ f, F ] };
key <AB04> { [ colon, bar ] };
key <AB05> { [ comma, semicolon ] };
key <AB06> { [ apostrophe, exclam ] };
key <AB07> { [ x, X ] };
key <AB08> { [ g, G ] };
key <AB09> { [ z, Z ] };
key <AB10> { [ y, Y ] };
key <DELE> { [ Up ] };
key <DOWN> { [ Left ] };
key <RGHT> { [ Down ] };
key <INS> { [ Right ] };
key <LCTL> { [ Control_L ] };
key <LALT> { [ Alt_L ] };
key <SPCE> { [ space, underscore, nobreakspace, U202F ] };
key <RALT> { [ ISO_Level3_Shift ] };
key <FK02> { [ F1, F1 ] };
key <FK03> { [ F2, F2 ] };
key <FK04> { [ F3, F3 ] };
key <FK05> { [ F4, F4 ] };
key <FK06> { [ F5, F5 ] };
key <FK07> { [ F6, F6 ] };
key <FK08> { [ F7, F7 ] };
key <FK09> { [ F8, F8 ]};
key <FK10> { [ F9, F9 ] };
key <FK11> { [ F10, F10 ] };
key <FK12> { [ F11, F11 ] };
};
'';
};
};
console = {
useXkbConfig = true;
font = "Lat2-Terminus16";
};
}
# vim: set ts=2 sw=2 sts=2 et :

12
modules/hardware/firmware.nix Normal file
View file

@ -0,0 +1,12 @@
{
lib,
pkgs,
...
}: {
hardware = {
cpu.amd.updateMicrocode = lib.mkDefault true;
firmware = [pkgs.linux-firmware];
firmwareCompression = "zstd";
enableRedistributableFirmware = true;
};
}

50
modules/hardware/gpu-amd.nix Normal file
View file

@ -0,0 +1,50 @@
{
lib,
pkgs,
...
}: {
boot = {
initrd.kernelModules = lib.mkAfter ["amdgpu"];
kernelModules = lib.mkAfter ["amdgpu"];
};
# Pilotes + options AMDGPU
services.xserver = {
enable = true;
videoDrivers = lib.mkDefault ["amdgpu"];
};
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [
mesa
libva
libva-utils
libvdpau
libva-vdpau-driver
vaapiVdpau
libvdpau-va-gl
amdvlk
vulkan-tools
vulkan-loader
vulkan-validation-layers
];
};
environment.variables = {
LIBVA_DRIVER_NAME = "radeonsi";
VDPAU_DRIVER = "va_gl";
};
# Désactive héritage radeon pour cartes anciennes
boot.kernelParams = lib.mkAfter [
"amdgpu.si_support=0"
"amdgpu.cik_support=0"
"radeon.si_support=0"
"radeon.cik_support=0"
];
# Si un module sonde "k10temp" gêne :
boot.blacklistedKernelModules = ["k10temp"];
}

12
modules/hardware/sensors-zenpower.nix Normal file
View file

@ -0,0 +1,12 @@
{
config,
lib,
...
}: {
boot.kernelModules = lib.mkAfter ["zenpower"];
boot.extraModulePackages = [config.boot.kernelPackages.zenpower];
hardware.sensor.iio.enable = lib.mkDefault true;
services.hardware.bolt.enable = lib.mkDefault false;
}
# vim: set ts=2 sw=2 sts=2 et :

33
modules/roles/workstation.nix Normal file
View file

@ -0,0 +1,33 @@
{pkgs, ...}: {
imports = [
../common/nix.nix
# Matériel
../hardware/gpu-amd.nix
../hardware/sensors-zenpower.nix
# Virtualisation/tuning
../virtual/kvm-amd.nix
../virtual/vfio.nix
# Dev
../dev/qemu.nix
../virtual/truenas.nix # seulement si tu lutilises sur ce host
];
environment.systemPackages = with pkgs; [
git
vim
wget
curl
ripgrep
fd
pciutils
usbutils
p7zip
gdu
glances
parted
tmux
];
}

3
modules/services/printing.nix Normal file
View file

@ -0,0 +1,3 @@
_: {
services.printing.enable = true;
}

BIN
modules/virtual/aarch64/AAVMF_CODE.fd Normal file
View file

Binary file not shown.

BIN
modules/virtual/aarch64/AAVMF_VARS.fd Normal file
View file

Binary file not shown.

3
modules/virtual/kvm-amd.nix Normal file
View file

@ -0,0 +1,3 @@
{lib, ...}: {
boot.kernelModules = lib.mkAfter ["kvm-amd"];
}

78
modules/virtual/truenas.nix Normal file
View file

@ -0,0 +1,78 @@
{pkgs, ...}: {
boot = {
initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"];
extraModprobeConfig = ''
options vfio-pci ids=1022:43f6
'';
kernelParams = [
"amd_iommu=on"
"iommu=pt"
];
};
users.users.lomig.extraGroups = ["disk"];
security.pam.loginLimits = [
{
domain = "lomig";
type = "soft";
item = "memlock";
value = "infinity";
}
{
domain = "lomig";
type = "hard";
item = "memlock";
value = "infinity";
}
];
boot.kernel.sysctl."vm.nr_hugepages" = 1024;
fileSystems."/dev/hugepages" = {
device = "hugetlbfs";
fsType = "hugetlbfs";
};
# services.udev.extraRules = ''
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500b0179482", GROUP="disk", MODE="0660"
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc529430", GROUP="disk", MODE="0660"
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc53994a", GROUP="disk", MODE="0660"
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc5551d4", GROUP="disk", MODE="0660"
# SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660"
# '';
systemd.services.truenas-vm = {
wantedBy = ["multi-user.target"];
after = ["network-online.target"];
wants = ["network-online.target"];
serviceConfig = {
RuntimeDirectory = "truenas";
ExecStartPre = "/run/current-system/sw/bin/rm -f /run/truenas/qmp.sock";
ExecStart = ''
/run/current-system/sw/bin/qemu-system-x86_64 -enable-kvm -m 4096 -smp 2 \
-drive file=/home/lomig/vm/truenas.qcow2,if=none,format=qcow2,id=os \
-device vfio-pci,host=0e:00.0 \
-netdev bridge,br=br0,id=n1,helper=/run/wrappers/bin/qemu-bridge-helper \
-device virtio-net-pci,netdev=n1,mac=52:54:00:00:01:02 \
-device virtio-blk-pci,drive=os,bootindex=0 \
-qmp unix:/run/truenas.qmp,server,nowait -display none
'';
ExecStop = ''
echo '{"execute":"system_powerdown"}' | socat - UNIX-CONNECT:/run/truenas.qmp || true ; sleep 5
'';
Restart = "on-failure";
RestartSec = 3;
StartLimitIntervalSec = 60;
StartLimitBurst = 5;
};
};
systemd.services.resume-truenas-vm = {
description = "Restart Truenas VM after resume";
wantedBy = ["sleep.target"];
after = ["sleep.target"];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.systemd}/bin/systemctl try-restart truenas-vm.service";
};
};
}
# vim: set ts=2 sw=2 sts=2 et :

19
modules/virtual/vfio.nix Normal file
View file

@ -0,0 +1,19 @@
{lib, ...}: {
# Ajoute dans linitrd sans auto-référencer loption
boot = {
initrd.kernelModules = lib.mkAfter [
"vfio_pci"
"vfio"
"vfio_iommu_type1"
];
# Ajoute les params IOMMU proprement
kernelParams = lib.mkAfter [
"amd_iommu=on"
"iommu=pt"
];
# Valeur par défaut (sans référencer config.*)
kernel.sysctl."vm.nr_hugepages" = lib.mkDefault 1024;
};
}

31
profiles/workstation-bspwm.nix Normal file
View file

@ -0,0 +1,31 @@
{pkgs, ...}: {
imports = [
../modules/roles/workstation.nix
../modules/desktop/xorg-bspwm.nix
../modules/common/base.nix
../modules/common/networking.nix
../modules/common/plymouth.nix
../modules/hardware/firmware.nix
../modules/hardware/gpu-amd.nix
../modules/common/audio.nix
../modules/common/bluetooth.nix
../modules/common/gaming.nix
../modules/services/printing.nix
../modules/dev/qemu.nix
../modules/common/lockscreen.nix
../modules/common/energy.nix
];
services.openssh.enable = true;
environment.systemPackages = with pkgs; [
btrfs-progs
cifs-utils
evtest
lm_sensors
xorg.xev
xorg.xkbcomp
];
}
# vim: set ts=2 sw=2 sts=2 et :

24
user/lomig.nix
View file

@ -1,24 +0,0 @@
{ config, pkgs, lib, desktop, ... }:
{
imports = [
../apps/browser.nix
../apps/picom.nix
../apps/zsh.nix
];
home.username = "lomig";
home.homeDirectory = "/home/lomig";
home.packages = with pkgs; [
bat
nerd-fonts.iosevka
obsidian
telegram-desktop
tree
fastfetch
];
programs.zsh.enable = true;
home.stateVersion = "25.05"; # ou ton actuelle
}
# vim: set ts=2 sw=2 sts=2 et :

176
wm/bspwm.nix
View file

@ -1,176 +0,0 @@
{ config, pkgs, lib, ... }:
{
services = {
xserver = {
enable = true ;
displayManager = {
lightdm.enable = true ;
};
windowManager.bspwm.enable = true ;
};
desktopManager = {
gnome.enable = lib.mkForce false ;
plasma6.enable = lib.mkForce false ;
};
displayManager = {
gdm.enable = lib.mkForce false ;
sddm.enable = lib.mkForce false ;
};
};
home-manager.users.lomig = { pkgs, ... }: {
home.packages = with pkgs; [
bspwm sxhkd xorg.xinit xterm
alacritty rofi feh font-awesome
picom xorg.xset xidlehook betterlockscreen
pywal16 imagemagick
pulsemixer
];
xsession.enable = true ;
xsession.initExtra = ''
xset s 300 300
xset s on
xsession s noblank
xset +dpms
xset dpms 0 0 500
'';
systemd.user.services.xidlehook = {
Unit.Description = "Idle actions (lock at 1m, suspend at 5m)";
Service = {
ExecStart = ''
${pkgs.xidlehook}/bin/xidlehook \
--detect-sleep \
--not-when-fullscreen \
--timer 300 "${pkgs.betterlockscreen}/bin/betterlockscreen -l dim" "" \
--timer 500 "systemctl suspend" ""
'';
Restart = "always";
};
Install.WantedBy = [ "graphical-session.target" ];
};
xsession.windowManager.bspwm = {
enable = true ;
startupPrograms = [
"killall polybar"
"eval $(ssh-agent -s); ssh-add ~/.ssh/github"
"setxkbmap bepovim"
"sxhkd -m 1"
"xrandr \\
--output DisplayPort-1 --rate 60 --pos 0x0"
"while pgrep -x polybar >/dev/null; do sleep 0.2; done"
"polybar"
"bash ~/.fehbg"
"bspc rule -a floorp desktop=^focused follow=on"
];
extraConfig = ''
bspc config borderless_monocle true
bspc config gapless_monocle true
bspc config single_monocle true
bspc monitor -d I II III IV V VI
'';
};
services.sxhkd = {
enable = true ;
extraOptions = [ "-m 1" ] ;
keybindings = {
"super + Return" = "alacritty";
"super + c" = "bspc node -c";
"Menu" = "rofi -show drun";
"super + space" = "rofi -show drun";
# Aller au bureau ^1 .. ^6
"F1" = "bspc desktop -f ^1";
"F2" = "bspc desktop -f ^2";
"F3" = "bspc desktop -f ^3";
"F4" = "bspc desktop -f ^4";
"F5" = "bspc desktop -f ^5";
"F6" = "bspc desktop -f ^6";
# Déplacer la fenetre courante vers le bureau cible et suivre
"shift + F1" = "bspc node -d ^1 --follow";
"shift + F2" = "bspc node -d ^2 --follow";
"shift + F3" = "bspc node -d ^3 --follow";
"shift + F4" = "bspc node -d ^4 --follow";
"shift + F5" = "bspc node -d ^5 --follow";
"shift + F6" = "bspc node -d ^6 --follow";
# Focus dans un meme bureau
"super + h" = "bspc node -f west";
"super + j" = "bspc node -f south";
"super + k" = "bspc node -f north";
"super + l" = "bspc node -f east";
# Swap la fenetre dans le bureau
"super + shift + h" = "bspc node -s west";
"super + shift + j" = "bspc node -s south";
"super + shift + k" = "bspc node -s north";
"super + shift + l" = "bspc node -s east";
# Gestion du tiling
"super + f" = "bspc node -t fullscreen" ;
"super + s" = "bspc node -t floating" ;
"super + shift + t" = "bspc node -t pseudo_tiled" ;
"super + t" = "bspc node -t tiled" ;
};
};
services.polybar = {
enable = true ;
script = "polybar main &";
config = {
"bar/main" = {
width = "100%";
height = "28";
background = "\\\${colors.background}";
foreground = "\\\${colors.foreground}";
font-0 = "Iosevka Nerd Font:size=10;2";
font-1 = "Font Awesome 6 Free:style=Solid:pixelsize=10;2";
modules-left = "bspwm";
modules-center = "date";
modules-right = "pulseaudio memory cpu";
};
"module/bspwm" = {
type = "internal/bspwm";
label-focused = "%name%";
label-focused-background = "\\\${colors.primary}";
label-focused-foreground = "#e6e0de";
label-focused-padding = 2;
label-occupied = "%name%";
label-occupied-padding = 2;
label-urgent = "%name%";
label-urgent-background = "#e42127";
label-urgent-foreground = "#ffffff";
label-empty = "%name%";
label-empty-foreground = "#645d56";
label-empty-padding = 2;
};
"module/date" = {
type = "internal/date";
interval = 60;
date = "%d-%m-%Y %H:%M";
};
};
};
programs.alacritty.enable = true ;
programs.alacritty.settings = {
general.import = [
"~/.cache/wal/colors-alacritty.toml"
];
font = {
normal = { family = "Iosevka Nerd Font"; style = "Regular"; };
bold = { family = "Iosevka Nerd Font"; style = "Bold"; };
italic = { family = "Iosevka Nerd Font"; style = "Italic"; };
size = 9;
};
};
};
}
# vim: set ts=2 sw=2 sts=2 et :

19
wm/gnome.nix
View file

@ -1,19 +0,0 @@
{ config, pkgs, lib, ... }:
{
services = {
displayManager = {
gdm.enable = true ;
sddm.enable = lib.mkForce false ;
};
desktopManager = {
gnome.enable = true ;
plasma6.enable = lib.mkForce false ;
};
xserver = {
windowManager.bspwm.enable = lib.mkForce false ;
displayManager.lightdm.enable = lib.mkForce false ;
};
};
}
# vim: set ts=2 sw=2 sts=2 et :

19
wm/plasma.nix
View file

@ -1,19 +0,0 @@
{ config, pkgs, lib, ... }:
{
services = {
displayManager = {
gdm.enable = lib.mkForce false ;
sddm.enable = true ;
};
desktopManager = {
gnome.enable = lib.mkForce false ;
plasma6.enable = true ;
};
xserver = {
windowManager.bspwm.enable = lib.mkForce false ;
displayManager.lightdm.enable = lib.mkForce false ;
};
};
}
# vim: set ts=2 sw=2 sts=2 et :