From 56520c977d0df70be80b222097bbf1401b92210a Mon Sep 17 00:00:00 2001 From: DuN0z Date: Thu, 9 Oct 2025 14:14:43 +0200 Subject: [PATCH 01/48] Fix: xsession bspwm --- hm/desktop/bspwm.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hm/desktop/bspwm.nix b/hm/desktop/bspwm.nix index 302d6b8..b92376e 100644 --- a/hm/desktop/bspwm.nix +++ b/hm/desktop/bspwm.nix @@ -37,7 +37,7 @@ xsession = { enable = true; - xsession.windowManager.bspwm = { + windowManager.bspwm = { enable = true; # Démarrages au login X From ce4201eb4e16dc4ccbb313f9f007b1ffb3fa7ebe Mon Sep 17 00:00:00 2001 From: DuN0z Date: Thu, 9 Oct 2025 14:21:55 +0200 Subject: [PATCH 02/48] Fix: Pennsardin IP --- hosts/pennsardin/configuration.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hosts/pennsardin/configuration.nix b/hosts/pennsardin/configuration.nix index a2b0acf..314ac4b 100644 --- a/hosts/pennsardin/configuration.nix +++ b/hosts/pennsardin/configuration.nix @@ -54,16 +54,16 @@ useDHCP = false; ipv4.addresses = [ { - address = "192.168.0.2"; + address = "192.168.50.12"; prefixLength = 24; } ]; }; defaultGateway = { interface = "br0"; - address = "192.168.0.254"; + address = "192.168.50.1"; }; - nameservers = ["192.168.0.254" "1.1.1.1"]; + nameservers = ["192.168.50.1" "1.1.1.1"]; bridges.br0.interfaces = ["enp11s0"]; }; systemd.network = { From e3c3d5ee8be7611c0f264032d6e40beef68eafae Mon Sep 17 00:00:00 2001 From: DuN0z Date: Thu, 9 Oct 2025 17:40:43 +0200 Subject: [PATCH 03/48] Fix: imports --- config/globals.nix | 7 +++++-- hosts/terre-neuvas/configuration.nix | 10 ++++++---- modules/services/forgejo.nix | 4 ++-- modules/services/goaccess.nix | 4 ++-- modules/services/outline.nix | 6 +++--- modules/sites/levr.porzh.me.nix | 6 +++--- modules/sites/porzh.me.nix | 4 ++-- 7 files changed, 23 insertions(+), 18 deletions(-) diff --git a/config/globals.nix b/config/globals.nix index b6e4dd0..c2ccdcb 100644 --- a/config/globals.nix +++ b/config/globals.nix @@ -16,13 +16,16 @@ pennsardin = { ip = "192.168.50.12"; }; + terre-neuvas = { + ip = "192.168.50.11"; + }; }; services = { forgejo = { home = "/var/lib/services/forgejo"; url = "govel.porzh.me"; - port = "3000"; + port = 3000; }; goaccess = { home = "/var/lib/www/goaccess"; @@ -35,7 +38,7 @@ }; outline = { url = "notes.porzh.me"; - port = "3001"; + port = 3001; }; }; } diff --git a/hosts/terre-neuvas/configuration.nix b/hosts/terre-neuvas/configuration.nix index 77b7456..92e1453 100644 --- a/hosts/terre-neuvas/configuration.nix +++ b/hosts/terre-neuvas/configuration.nix @@ -5,7 +5,9 @@ config, pkgs, ... -}: { +}: let +globals = import ../../config/globals.nix ; +in { nix.settings.experimental-features = ["nix-command" "flakes"]; imports = [ # Include the results of the hardware scan. @@ -55,16 +57,16 @@ useDHCP = false; ipv4.addresses = [ { - address = "192.168.0.3"; + address = globals.network.terre-neuvas.ip; prefixLength = 24; } ]; }; defaultGateway = { interface = "br0"; - address = "192.168.0.254"; + address = globals.network.gateway; }; - nameservers = ["192.168.0.254" "1.1.1.1"]; + nameservers = [ globals.network.gateway "1.1.1.1"]; bridges.br0.interfaces = ["eno1"]; }; systemd.network = { diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index be5b644..ad0fb13 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -1,6 +1,6 @@ {pkgs, ...}: let - import ../../config/globals.nix; + globals = import ../../config/globals.nix; in { # --- Utilisateur dédié --- users.users.git = { @@ -44,7 +44,7 @@ in { enable = true; virtualHosts.${globals.services.forgejo.url} = { extraConfig = '' - reverse_proxy localhost:${globals.services.forgejo.port} + reverse_proxy localhost:${toString globals.services.forgejo.port} ''; }; }; diff --git a/modules/services/goaccess.nix b/modules/services/goaccess.nix index c39c469..7391f20 100644 --- a/modules/services/goaccess.nix +++ b/modules/services/goaccess.nix @@ -1,6 +1,6 @@ {pkgs, ...}: let - imports = ../../config/globals.nix ; + globals = import ../../config/globals.nix ; in { environment.systemPackages = with pkgs; [ goaccess @@ -25,7 +25,7 @@ in { }; services.caddy = { virtualHosts = { - globals.services.goaccess.url = { + "${globals.services.goaccess.url}" = { extraConfig = '' root * ${globals.services.goaccess.home} file_server browse diff --git a/modules/services/outline.nix b/modules/services/outline.nix index 8aaefd8..7594138 100644 --- a/modules/services/outline.nix +++ b/modules/services/outline.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: let - import ../../config/globals.nix ; + globals = import ../../config/globals.nix ; in { services = { outline = { @@ -11,7 +11,7 @@ in { smtp = { host = globals.smtp.host ; username = globals.smtp.user ; - passwordFile = "/run/secrets/proton_pass"; + passwordFile = "/etc/secrets/protonpass"; fromEmail = globals.smtp.user; replyEmail = globals.smtp.user; port = globals.smtp.port; @@ -23,7 +23,7 @@ in { enable = true; virtualHosts.${globals.services.outline.url} = { extraConfig = '' - reverse_proxy localhost:${globals.services.outline.port} + reverse_proxy localhost:${toString globals.services.outline.port} ''; }; }; diff --git a/modules/sites/levr.porzh.me.nix b/modules/sites/levr.porzh.me.nix index 08c0839..ee0b1ac 100644 --- a/modules/sites/levr.porzh.me.nix +++ b/modules/sites/levr.porzh.me.nix @@ -1,6 +1,6 @@ { pkgs, lib, ...}: let - import = ../../config/globals.nix ; + globals = import ../../config/globals.nix ; in { environment.systemPackages = with pkgs; [ hugo @@ -44,7 +44,7 @@ in { services.caddy = { enable = true; virtualHosts = { - globals.services.levr.url = { + "${globals.services.levr.url}" = { extraConfig = '' @http { protocol http @@ -54,7 +54,7 @@ in { file_server log { - output file /var/log/caddy/access-${global.services.levr.url}.log + output file /var/log/caddy/access-${globals.services.levr.url}.log } ''; }; diff --git a/modules/sites/porzh.me.nix b/modules/sites/porzh.me.nix index 5ce0726..5491bb3 100644 --- a/modules/sites/porzh.me.nix +++ b/modules/sites/porzh.me.nix @@ -1,5 +1,5 @@ {pkgs, ...}: let - import ../../config/globals.nix ; + globals = import ../../config/globals.nix ; porzhSite = pkgs.stdenv.mkDerivation { pname = "porzh-site"; version = "1.0"; @@ -14,7 +14,7 @@ in { services.caddy = { enable = true; virtualHosts = { - globals.domain = { + "${globals.domain}" = { serverAliases = [ "www.${globals.domain}" ]; extraConfig = '' root * ${porzhSite} From fd5f22ae655d700f2c6244569e6de1fb6858bb39 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Thu, 9 Oct 2025 14:27:25 +0200 Subject: [PATCH 04/48] Refactor: global.nix --- config/globals.nix | 13 +++++++++++++ hm/common/git.nix | 9 ++++++--- modules/common/smtp.nix | 15 +++++++++------ 3 files changed, 28 insertions(+), 9 deletions(-) create mode 100644 config/globals.nix diff --git a/config/globals.nix b/config/globals.nix new file mode 100644 index 0000000..53ffe13 --- /dev/null +++ b/config/globals.nix @@ -0,0 +1,13 @@ +{ + domain = "porzh.me"; + admin = { + email = "dun0z@porzh.me"; + name = "DuN0z"; + }; + + smtp = { + host = "smtp.protonmail.ch"; + port = 587 ; + user = "contact@porzh.me"; + }; +} diff --git a/hm/common/git.nix b/hm/common/git.nix index ec4c03b..2399f41 100644 --- a/hm/common/git.nix +++ b/hm/common/git.nix @@ -1,8 +1,11 @@ -_: { +_: +let +globals = import ../../config/globals.nix; +in { programs.git = { enable = true; - userName = "DuN0z"; - userEmail = "dun0z@porzh.me"; + userName = globals.admin.name; + userEmail = globals.admin.email; }; } # vim: set ts=2 sw=2 sts=2 et : diff --git a/modules/common/smtp.nix b/modules/common/smtp.nix index 51a3a4d..d185e82 100644 --- a/modules/common/smtp.nix +++ b/modules/common/smtp.nix @@ -1,16 +1,19 @@ -{ config, pkgs, lib, ... }: { +{ config, pkgs, lib, ... }: +let +globals = import ../../config/globals.nix; +in { programs.msmtp = { enable = true; accounts.default = { - host = "smtp.protonmail.ch"; - port = 587; + host = globals.smtp.host; + port = globals.smtp.port; auth = true; tls = true; tls_starttls = true; - user = "contact@porzh.me"; + user = globals.smtp.user; passwordeval = "cat /run/secrets/proton_pass"; - from = "contact@porzh.me"; + from = globals.smtp.user; }; }; @@ -23,4 +26,4 @@ ]; environment.pathsToLink = [ "/etc/alternatives" "/usr/sbin" ]; - } +} From 845c3373ba09dfa62903ad93648299a0cfaaf591 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Thu, 9 Oct 2025 17:46:15 +0200 Subject: [PATCH 05/48] refactor --- hm/users/lomig-desktop.nix | 1 - hosts/pennsardin/configuration.nix | 34 ++++++++++++++++++------------ modules/common/networking.nix | 2 -- modules/roles/workstation.nix | 8 ------- modules/services/forgejo.nix | 19 ++++++++++------- modules/services/goaccess.nix | 11 ++++++---- modules/services/outline.nix | 23 +++++++++++--------- modules/sites/levr.porzh.me.nix | 17 +++++++++------ modules/sites/porzh.me.nix | 5 +++-- 9 files changed, 65 insertions(+), 55 deletions(-) diff --git a/hm/users/lomig-desktop.nix b/hm/users/lomig-desktop.nix index b0c7d7a..9be4152 100644 --- a/hm/users/lomig-desktop.nix +++ b/hm/users/lomig-desktop.nix @@ -3,7 +3,6 @@ ../desktop/bspwm.nix ./lomig.nix ]; - home.stateVersion = "25.05"; # ou ton actuelle home = { packages = with pkgs; [ fastfetch diff --git a/hosts/pennsardin/configuration.nix b/hosts/pennsardin/configuration.nix index 314ac4b..149c804 100644 --- a/hosts/pennsardin/configuration.nix +++ b/hosts/pennsardin/configuration.nix @@ -1,4 +1,7 @@ -{pkgs, ...}: { +{pkgs, ...}: +let + globals = import ../../config/globals.nix; +in { imports = [ ../../profiles/workstation-bspwm.nix ../../modules/hardware/bepovim.nix @@ -37,7 +40,7 @@ users.users.lomig = { isNormalUser = true; - extraGroups = ["networkmanager" "lp" "wheel"]; + extraGroups = [ "lp" "wheel"]; shell = pkgs.zsh; }; @@ -49,21 +52,26 @@ networking = { useNetworkd = true; firewall.allowedTCPPorts = [22 80 5900 5901 5902]; - interfaces.enp11s0.useDHCP = false; - interfaces.br0 = { - useDHCP = false; - ipv4.addresses = [ - { - address = "192.168.50.12"; - prefixLength = 24; - } - ]; + interfaces = { + enp11s0 = { + useDHCP = false; + wakeOnLan.enable = true ; + br0 = { + useDHCP = false; + ipv4.addresses = [ + { + address = globals.network.pennsardin.ip; + prefixLength = 24; + } + ]; + }; }; + defaultGateway = { interface = "br0"; - address = "192.168.50.1"; + address = globals.network.gateway; }; - nameservers = ["192.168.50.1" "1.1.1.1"]; + nameservers = [ globals.network.gateway "1.1.1.1"]; bridges.br0.interfaces = ["enp11s0"]; }; systemd.network = { diff --git a/modules/common/networking.nix b/modules/common/networking.nix index 54957af..98478b6 100644 --- a/modules/common/networking.nix +++ b/modules/common/networking.nix @@ -1,8 +1,6 @@ _: { networking = { nameservers = ["1.1.1.1" "8.8.8.8"]; - # dhcpcd.extraConfig = "nohook resolv.conf"; firewall.enable = true; - interfaces.enp11s0.wakeOnLan.enable = true; }; } diff --git a/modules/roles/workstation.nix b/modules/roles/workstation.nix index 0ccf5d6..b99a5c7 100644 --- a/modules/roles/workstation.nix +++ b/modules/roles/workstation.nix @@ -1,18 +1,10 @@ {pkgs, ...}: { imports = [ ../common/nix.nix - - # Matériel ../hardware/gpu-amd.nix ../hardware/sensors-zenpower.nix - - # Virtualisation/tuning ../virtual/kvm-amd.nix ../virtual/vfio.nix - - # Dev - # ../dev/qemu.nix - # ../virtual/truenas.nix # seulement si tu l’utilises sur ce host ]; environment.systemPackages = with pkgs; [ diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 14c4c94..be5b644 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -1,4 +1,7 @@ -{pkgs, ...}: { +{pkgs, ...}: +let + import ../../config/globals.nix; +in { # --- Utilisateur dédié --- users.users.git = { isSystemUser = true; @@ -20,10 +23,10 @@ }; settings = { server = { - DOMAIN = "govel.porzh.me"; - ROOT_URL = "https://govel.porzh.me/"; - SSH_DOMAIN = "govel.porzh.me"; - HTTP_PORT = 3000; + DOMAIN = globals.services.forgejo.url ; + ROOT_URL = "https://${globals.services.forgejo.url}/"; + SSH_DOMAIN = globals.services.forgejo.url; + HTTP_PORT = globals.services.forgejo.port; SSH_PORT = 22; START_SSH_SERVER = false; }; @@ -32,16 +35,16 @@ REGISTER_EMAIL_CONFIRM = false; }; repository = { - DEFAULT_BRANCH = "main"; + DEFAULT_BRANCH = "master"; }; }; }; openssh.enable = true; caddy = { enable = true; - virtualHosts."govel.porzh.me" = { + virtualHosts.${globals.services.forgejo.url} = { extraConfig = '' - reverse_proxy localhost:3000 + reverse_proxy localhost:${globals.services.forgejo.port} ''; }; }; diff --git a/modules/services/goaccess.nix b/modules/services/goaccess.nix index 35e95f8..c39c469 100644 --- a/modules/services/goaccess.nix +++ b/modules/services/goaccess.nix @@ -1,4 +1,7 @@ -{pkgs, ...}: { +{pkgs, ...}: +let + imports = ../../config/globals.nix ; +in { environment.systemPackages = with pkgs; [ goaccess ]; @@ -7,7 +10,7 @@ systemd.services.goaccess-report = { description = "Generate GoAccess HTML report"; serviceConfig = { - ExecStart = "${pkgs.goaccess}/bin/goaccess /var/log/caddy/access-levr.porzh.me.log --log-format=CADDY -o /var/www/goaccess/index.html"; + ExecStart = "${pkgs.goaccess}/bin/goaccess /var/log/caddy/access-${globals.services.levr.url}.log --log-format=CADDY -o ${globals.services.goaccess.home}/index.html"; }; }; @@ -22,9 +25,9 @@ }; services.caddy = { virtualHosts = { - "koum.porzh.me" = { + globals.services.goaccess.url = { extraConfig = '' - root * /var/www/goaccess + root * ${globals.services.goaccess.home} file_server browse try_files {path} {path}/ /index.html diff --git a/modules/services/outline.nix b/modules/services/outline.nix index be601f0..8aaefd8 100644 --- a/modules/services/outline.nix +++ b/modules/services/outline.nix @@ -1,26 +1,29 @@ -{ config, pkgs, lib, ... }: { +{ config, pkgs, lib, ... }: +let + import ../../config/globals.nix ; +in { services = { outline = { enable = true; - port = 3002 ; - publicUrl = "http://notes.porzh.me"; + port = globals.services.outline.port ; + publicUrl = "http://${globals.services.outline.url}"; forceHttps = true; smtp = { - host = "smtp.protonmail.ch"; - username = "contact@porzh.me"; + host = globals.smtp.host ; + username = globals.smtp.user ; passwordFile = "/run/secrets/proton_pass"; - fromEmail = "contact@porzh.me"; - replyEmail = "contact@porzh.me"; - port = 587 ; + fromEmail = globals.smtp.user; + replyEmail = globals.smtp.user; + port = globals.smtp.port; secure = false; }; storage.storageType = "local"; }; caddy = { enable = true; - virtualHosts."notes.porzh.me" = { + virtualHosts.${globals.services.outline.url} = { extraConfig = '' - reverse_proxy localhost:3002 + reverse_proxy localhost:${globals.services.outline.port} ''; }; }; diff --git a/modules/sites/levr.porzh.me.nix b/modules/sites/levr.porzh.me.nix index 41fa232..08c0839 100644 --- a/modules/sites/levr.porzh.me.nix +++ b/modules/sites/levr.porzh.me.nix @@ -1,4 +1,7 @@ -{ pkgs, lib, ...}: { +{ pkgs, lib, ...}: +let + import = ../../config/globals.nix ; +in { environment.systemPackages = with pkgs; [ hugo ]; @@ -6,8 +9,8 @@ description = "Auto build du blog hugo"; serviceConfig = { Type = "oneshot"; - WorkingDirectory = "/srv/blog" ; - ExecStart = ''${pkgs.hugo}/bin/hugo --minify build -d /srv/blog/public''; + WorkingDirectory = globals.services.levr.home ; + ExecStart = ''${pkgs.hugo}/bin/hugo --minify build -d ${globals.services.levr.build}''; User = "lomig"; }; }; @@ -23,7 +26,7 @@ description = "Synchronisation du dépôt Hugo"; serviceConfig = { Type = "oneshot"; - WorkingDirectory = "/srv/blog"; + WorkingDirectory = globals.services.levr.home; ExecStart = "${pkgs.git}/bin/git pull origin master"; User = "lomig"; }; @@ -41,17 +44,17 @@ services.caddy = { enable = true; virtualHosts = { - "levr.porzh.me" = { + globals.services.levr.url = { extraConfig = '' @http { protocol http } redir @http https://{host}{uri} permanent - root * /srv/blog/public + root * ${globals.services.levr.build} file_server log { - output file /var/log/caddy/access-levr.porzh.me.log + output file /var/log/caddy/access-${global.services.levr.url}.log } ''; }; diff --git a/modules/sites/porzh.me.nix b/modules/sites/porzh.me.nix index 145e665..5ce0726 100644 --- a/modules/sites/porzh.me.nix +++ b/modules/sites/porzh.me.nix @@ -1,4 +1,5 @@ {pkgs, ...}: let + import ../../config/globals.nix ; porzhSite = pkgs.stdenv.mkDerivation { pname = "porzh-site"; version = "1.0"; @@ -13,8 +14,8 @@ in { services.caddy = { enable = true; virtualHosts = { - "porzh.me" = { - serverAliases = ["www.porzh.me"]; + globals.domain = { + serverAliases = [ "www.${globals.domain}" ]; extraConfig = '' root * ${porzhSite} file_server From 5deefc17b2bf46725b2842128ac8121eac4cf0fa Mon Sep 17 00:00:00 2001 From: DuN0z Date: Thu, 9 Oct 2025 18:40:13 +0200 Subject: [PATCH 06/48] Add: specific system user for levr.porzh.me --- config/globals.nix | 1 + modules/sites/levr.porzh.me.nix | 23 ++++++++++++++++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/config/globals.nix b/config/globals.nix index c2ccdcb..8a0f54d 100644 --- a/config/globals.nix +++ b/config/globals.nix @@ -35,6 +35,7 @@ home = "/var/lib/services/levr"; build = "/var/lib/www/levr"; url = "levr.porzh.me"; + user = "levr"; }; outline = { url = "notes.porzh.me"; diff --git a/modules/sites/levr.porzh.me.nix b/modules/sites/levr.porzh.me.nix index ee0b1ac..24cffca 100644 --- a/modules/sites/levr.porzh.me.nix +++ b/modules/sites/levr.porzh.me.nix @@ -11,7 +11,7 @@ in { Type = "oneshot"; WorkingDirectory = globals.services.levr.home ; ExecStart = ''${pkgs.hugo}/bin/hugo --minify build -d ${globals.services.levr.build}''; - User = "lomig"; + User = "levr"; }; }; systemd.timers.hugo-build = { @@ -28,7 +28,7 @@ in { Type = "oneshot"; WorkingDirectory = globals.services.levr.home; ExecStart = "${pkgs.git}/bin/git pull origin master"; - User = "lomig"; + User = "levr"; }; environment = { PATH = lib.mkForce "${pkgs.openssh}/bin"; @@ -60,4 +60,21 @@ in { }; }; }; - } + users = { + users = { + "${globals.services.levr.user}" = { + isSystemUser = true ; + group = globals.services.levr.user ; + home = globals.services.levr.home ; + createHome = true ; + description = "User for hugo-blog builds and deployments"; + }; + }; + groups.${globals.services.levr.user} = {}; + }; + + systemd.tmpfiles.rules = [ + "d ${globals.services.levr.home} 0755 levr levr -" + "d ${globals.services.levr.build} 0755 levr levr -" + ]; +} From 4a10a54faa44646139a097b0caac8541a0421c5d Mon Sep 17 00:00:00 2001 From: DuN0z Date: Thu, 9 Oct 2025 22:40:34 +0200 Subject: [PATCH 07/48] Fix: nix syntax error --- hosts/pennsardin/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/pennsardin/configuration.nix b/hosts/pennsardin/configuration.nix index 149c804..d58438d 100644 --- a/hosts/pennsardin/configuration.nix +++ b/hosts/pennsardin/configuration.nix @@ -56,6 +56,7 @@ in { enp11s0 = { useDHCP = false; wakeOnLan.enable = true ; + }; br0 = { useDHCP = false; ipv4.addresses = [ From 86f45df8250e8206a6734867cc9e9553fde1cae3 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Fri, 10 Oct 2025 20:29:51 +0200 Subject: [PATCH 08/48] Add: wikijs --- config/globals.nix | 4 ---- hosts/pennsardin/configuration.nix | 24 +++++++++++++++++++++++ modules/services/outline.nix | 31 ------------------------------ modules/services/wikijs.nix | 29 ++++++++++++++++++++++++++++ profiles/server-selfhosted.nix | 2 +- 5 files changed, 54 insertions(+), 36 deletions(-) delete mode 100644 modules/services/outline.nix create mode 100644 modules/services/wikijs.nix diff --git a/config/globals.nix b/config/globals.nix index 8a0f54d..7dd7ff6 100644 --- a/config/globals.nix +++ b/config/globals.nix @@ -37,9 +37,5 @@ url = "levr.porzh.me"; user = "levr"; }; - outline = { - url = "notes.porzh.me"; - port = 3001; - }; }; } diff --git a/hosts/pennsardin/configuration.nix b/hosts/pennsardin/configuration.nix index d58438d..d04905d 100644 --- a/hosts/pennsardin/configuration.nix +++ b/hosts/pennsardin/configuration.nix @@ -29,6 +29,30 @@ in { options = ["defaults" "hidepid=2"]; neededForBoot = true; }; + "/home/lomig/Documents" = { + device = "/srv/raid/home-data/Documents"; + options = [ "bind" ]; + }; + "/home/lomig/Images" = { + device = "/srv/raid/home-data/Images"; + options = [ "bind" ]; + }; + "/home/lomig/Musique" = { + device = "/srv/raid/home-data/Musique"; + options = [ "bind" ]; + }; + "/home/lomig/Téléchargements" = { + device = "/srv/raid/home-data/Téléchargements"; + options = [ "bind" ]; + }; + "/home/lomig/Vidéos" = { + device = "/srv/raid/home-data/Vidéos"; + options = [ "bind" ]; + }; + "/home/lomig/nixos-config" = { + device = "/srv/raid/home-data/nixos-config"; + options = [ "bind" ]; + }; "/srv/raid" = { device = "/dev/disk/by-uuid/85f72160-4720-463a-9dc6-7c5216733f2b"; fsType = "btrfs"; diff --git a/modules/services/outline.nix b/modules/services/outline.nix deleted file mode 100644 index 7594138..0000000 --- a/modules/services/outline.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, pkgs, lib, ... }: -let - globals = import ../../config/globals.nix ; -in { - services = { - outline = { - enable = true; - port = globals.services.outline.port ; - publicUrl = "http://${globals.services.outline.url}"; - forceHttps = true; - smtp = { - host = globals.smtp.host ; - username = globals.smtp.user ; - passwordFile = "/etc/secrets/protonpass"; - fromEmail = globals.smtp.user; - replyEmail = globals.smtp.user; - port = globals.smtp.port; - secure = false; - }; - storage.storageType = "local"; - }; - caddy = { - enable = true; - virtualHosts.${globals.services.outline.url} = { - extraConfig = '' - reverse_proxy localhost:${toString globals.services.outline.port} - ''; - }; - }; - }; -} diff --git a/modules/services/wikijs.nix b/modules/services/wikijs.nix new file mode 100644 index 0000000..f17ec9f --- /dev/null +++ b/modules/services/wikijs.nix @@ -0,0 +1,29 @@ +{ pkgs, ... }: +{ + systemd.services.wiki-js = { + requires = [ "postgresql.service" ]; + after = [ "postgresql.service" ]; + }; + services.wiki-js = { + enable = true; + port = 3002 ; + settings.db = { + db = "wiki-js"; + host = "/run/postgresql"; + type = "postgres"; + user = "wiki-js"; + }; + }; + services.postgresql = { + enable = true; + ensureDatabases = [ "wiki-js" ]; + ensureUsers = [{ + name = "wiki-js"; + ensureDBOwnership = true; + }]; + }; + + services.caddy.virtualHosts."notes.porzh.me".extraConfig = '' + reverse_proxy 127.0.0.1:3004 + ''; +} diff --git a/profiles/server-selfhosted.nix b/profiles/server-selfhosted.nix index f2a1dff..1f76436 100644 --- a/profiles/server-selfhosted.nix +++ b/profiles/server-selfhosted.nix @@ -6,7 +6,7 @@ ../modules/common/qemu.nix ../modules/services/printing.nix ../modules/services/goaccess.nix - ../modules/services/outline.nix + ../modules/services/wikijs.nix ../modules/sites/porzh.me.nix ../modules/sites/levr.porzh.me.nix ]; From 55b119c778da1cfd07b9a6cff4247eceed938faa Mon Sep 17 00:00:00 2001 From: DuN0z Date: Fri, 10 Oct 2025 21:03:03 +0200 Subject: [PATCH 09/48] Fix: wikijs configuration --- config/globals.nix | 4 ++++ modules/services/wikijs.nix | 24 ++++++++++++++---------- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/config/globals.nix b/config/globals.nix index 7dd7ff6..6977146 100644 --- a/config/globals.nix +++ b/config/globals.nix @@ -37,5 +37,9 @@ url = "levr.porzh.me"; user = "levr"; }; + wikijs = { + url = "notes.porzh.me"; + port = 3002 ; + }; }; } diff --git a/modules/services/wikijs.nix b/modules/services/wikijs.nix index f17ec9f..8da2a7e 100644 --- a/modules/services/wikijs.nix +++ b/modules/services/wikijs.nix @@ -1,18 +1,22 @@ { pkgs, ... }: -{ +let + globals = import ../../config/globals.nix ; +in { systemd.services.wiki-js = { requires = [ "postgresql.service" ]; after = [ "postgresql.service" ]; }; services.wiki-js = { enable = true; - port = 3002 ; - settings.db = { - db = "wiki-js"; - host = "/run/postgresql"; - type = "postgres"; - user = "wiki-js"; - }; + settings = { + db = { + db = "wiki-js"; + host = "/run/postgresql"; + type = "postgres"; + user = "wiki-js"; + }; + port = 3002 ; + }; }; services.postgresql = { enable = true; @@ -23,7 +27,7 @@ }]; }; - services.caddy.virtualHosts."notes.porzh.me".extraConfig = '' - reverse_proxy 127.0.0.1:3004 + services.caddy.virtualHosts.${globals.services.wikijs.url}.extraConfig = '' + reverse_proxy localhost:${toString globals.services.wikijs.port} ''; } From a6f85e6d5990d6dbae4155377388d16f07518bc8 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Sun, 12 Oct 2025 08:25:38 +0200 Subject: [PATCH 10/48] FLAKE: update --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index a155089..53a0e95 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1759573136, - "narHash": "sha256-ILSPD0Dm8p0w0fCVzOx98ZH8yFDrR75GmwmH3fS2VnE=", + "lastModified": 1760239230, + "narHash": "sha256-eqSP/BAbQwNTlQ/6yuK0yILzZAPNNj91gp6oIfVtu/E=", "owner": "nix-community", "repo": "home-manager", - "rev": "5f06ceafc6c9b773a776b9195c3f47bbe1defa43", + "rev": "c4aaddeaecc09554c92518fd904e3e84b497ed09", "type": "github" }, "original": { @@ -64,11 +64,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1759381078, - "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", + "lastModified": 1760038930, + "narHash": "sha256-Oncbh0UmHjSlxO7ErQDM3KM0A5/Znfofj2BSzlHLeVw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", + "rev": "0b4defa2584313f3b781240b29d61f6f9f7e0df3", "type": "github" }, "original": { @@ -80,11 +80,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1759439645, - "narHash": "sha256-oiAyQaRilPk525Z5aTtTNWNzSrcdJ7IXM0/PL3CGlbI=", + "lastModified": 1759994382, + "narHash": "sha256-wSK+3UkalDZRVHGCRikZ//CyZUJWDJkBDTQX1+G77Ow=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "879bd460b3d3e8571354ce172128fbcbac1ed633", + "rev": "5da4a26309e796daa7ffca72df93dbe53b8164c7", "type": "github" }, "original": { @@ -96,11 +96,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1759543899, - "narHash": "sha256-yu9gsM5Tw4wHxZLSywbyvLnNkn/0qvcQ0r3D5FbIf9w=", + "lastModified": 1760161054, + "narHash": "sha256-PO3cKHFIQEPI0dr/SzcZwG50cHXfjoIqP2uS5W78OXg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6c4f138b35597e4676611e7ea341c251a98112f9", + "rev": "e18d8ec6fafaed55561b7a1b54eb1c1ce3ffa2c5", "type": "github" }, "original": { @@ -116,11 +116,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1759614609, - "narHash": "sha256-psvkqVBJDv/A2I5pXOIn5rFWYCx0C2ogUmYNA/WH1ys=", + "lastModified": 1760244049, + "narHash": "sha256-NTF95tGxmhrBQiREvxLK928ovkzJloEsuHLhwN2GDCY=", "owner": "nix-community", "repo": "NUR", - "rev": "2edcb08c08b541088834d35cf560601038b3c3a2", + "rev": "5fbc6ffa12c03d608618fc1986cf9fdab44fc5d5", "type": "github" }, "original": { From 5b12e9360f457f466db10151d220b0464bcd4437 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Mon, 13 Oct 2025 13:44:38 +0200 Subject: [PATCH 11/48] Fix: no suspend if ssh session --- modules/common/energy.nix | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/modules/common/energy.nix b/modules/common/energy.nix index 31635c5..eed44d0 100644 --- a/modules/common/energy.nix +++ b/modules/common/energy.nix @@ -1,8 +1,42 @@ -_: { +{ config, pkgs, ... }: { services.logind.settings.Login = { IdleAction = "suspend"; IdleActionSec = "5min"; HandleLidSwitch = "suspend"; HandleLidSwitchDocked = "ignore"; }; + + systemd.services.ssh-suspend-inhibitor = { + description = "Prevent suspend when SSH sessions are active"; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "simple"; + Restart = "always"; + ExecStart = pkgs.writeShellScript "ssh-inhibitor" '' + while true; do + # Vérifie s'il y a des sessions SSH actives + if ${pkgs.procps}/bin/pgrep -x sshd >/dev/null && \ + [ $(${pkgs.procps}/bin/pgrep -P $(${pkgs.procps}/bin/pgrep -x sshd) | wc -l) -gt 0 ]; then + # Il y a des sessions SSH, on crée un inhibitor s'il n'existe pas + if [ ! -f /tmp/ssh-inhibitor.lock ]; then + ${pkgs.systemd}/bin/systemd-inhibit --what=idle:sleep \ + --who="SSH Session" \ + --why="SSH session active" \ + --mode=block \ + sleep infinity & + echo $! > /tmp/ssh-inhibitor.lock + fi + else + # Pas de sessions SSH, on retire l'inhibitor + if [ -f /tmp/ssh-inhibitor.lock ]; then + kill $(cat /tmp/ssh-inhibitor.lock) 2>/dev/null || true + rm /tmp/ssh-inhibitor.lock + fi + fi + sleep 10 + done + ''; + }; + }; } From 1731f5ea7dd7b4623f11b9ee011d323d370bc2a4 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Mon, 13 Oct 2025 13:46:26 +0200 Subject: [PATCH 12/48] Add: modules for sensors --- hosts/pennsardin/configuration.nix | 8 +++++++- modules/hardware/gpu-amd.nix | 2 -- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/hosts/pennsardin/configuration.nix b/hosts/pennsardin/configuration.nix index d04905d..9a9717a 100644 --- a/hosts/pennsardin/configuration.nix +++ b/hosts/pennsardin/configuration.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: +{pkgs, config, ...}: let globals = import ../../config/globals.nix; in { @@ -11,8 +11,14 @@ in { networking.hostName = "pennsardin"; boot.kernelPackages = pkgs.linuxPackages_latest; + boot.extraModulePackages = [ config.boot.kernelPackages.nct6687d ]; + boot.kernelModules = [ "nct6683" "k10temp" "i2c-dev" ] ; boot.swraid.enable = true; + environment.systemPackages = with pkgs; [ + lm_sensors + ]; + fileSystems = { "/" = { device = "/dev/disk/by-uuid/b1a1ae71-4277-45d5-a3d2-f49354f263d4"; diff --git a/modules/hardware/gpu-amd.nix b/modules/hardware/gpu-amd.nix index caa4f31..981f849 100644 --- a/modules/hardware/gpu-amd.nix +++ b/modules/hardware/gpu-amd.nix @@ -44,6 +44,4 @@ "radeon.cik_support=0" ]; - # Si un module sonde "k10temp" gêne : - boot.blacklistedKernelModules = ["k10temp"]; } From 98cd87c47dba8bb11c14a2820bbf1ca198ac5734 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Tue, 14 Oct 2025 07:37:44 +0200 Subject: [PATCH 13/48] Fix: add firewall --- hosts/terre-neuvas/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/terre-neuvas/configuration.nix b/hosts/terre-neuvas/configuration.nix index 92e1453..2774051 100644 --- a/hosts/terre-neuvas/configuration.nix +++ b/hosts/terre-neuvas/configuration.nix @@ -52,6 +52,7 @@ in { networking = { useNetworkd = true; firewall.allowedTCPPorts = [22 80 5900 5901 5902]; + firewall.enable = true ; interfaces.eno1.useDHCP = false; interfaces.br0 = { useDHCP = false; @@ -85,5 +86,7 @@ in { networkConfig.Bridge = "br0"; }; }; + + system.stateVersion = "25.05"; # Did you read the comment? } From 815e095f4ff2aa82c491c037be6c525bc722f012 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Thu, 16 Oct 2025 10:27:01 +0200 Subject: [PATCH 14/48] Fix: back to forgejo original config --- config/globals.nix | 3 ++- modules/services/forgejo.nix | 34 ++++++++-------------------------- 2 files changed, 10 insertions(+), 27 deletions(-) diff --git a/config/globals.nix b/config/globals.nix index 6977146..7c64ec5 100644 --- a/config/globals.nix +++ b/config/globals.nix @@ -23,8 +23,9 @@ services = { forgejo = { - home = "/var/lib/services/forgejo"; + home = "/var/lib/forgejo"; url = "govel.porzh.me"; + user = "git"; port = 3000; }; goaccess = { diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index ad0fb13..0cee315 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -3,23 +3,23 @@ let globals = import ../../config/globals.nix; in { # --- Utilisateur dédié --- - users.users.git = { + users.users.${globals.services.forgejo.user} = { isSystemUser = true; - home = "/var/lib/forgejo"; + home = globals.services.forgejo.home; shell = pkgs.bash; - group = "git"; + group = globals.services.forgejo.user; }; - users.groups.git = {}; + users.groups.${globals.services.forgejo.user} = {}; # --- Forgejo --- services = { forgejo = { enable = true; - user = "git"; - group = "git"; + user = globals.services.forgejo.user; + group = globals.services.forgejo.user; database = { type = "sqlite3"; - path = "/var/lib/forgejo/data/gitea.db"; + path = "${globals.services.forgejo.home}/data/gitea.db"; }; settings = { server = { @@ -27,7 +27,6 @@ in { ROOT_URL = "https://${globals.services.forgejo.url}/"; SSH_DOMAIN = globals.services.forgejo.url; HTTP_PORT = globals.services.forgejo.port; - SSH_PORT = 22; START_SSH_SERVER = false; }; service = { @@ -49,22 +48,5 @@ in { }; }; }; - - # --- Ouvrir les ports nécessaires --- - networking.firewall = { - allowedTCPPorts = [80 443 2222]; - interfaces."eth0".allowedTCPPorts = [22]; - }; - # --- Pour que Forgejo génère les bonnes URLs Git --- - # networking.hostName = "git"; # non strictement obligatoire - - # --- Optionnel : config DNS --- - # git.lomig.me -> ton IP publique (ou IP locale si LAN) - - # --- Pour te cloner un dépôt : --- - # git clone git@git.lomig.me:lomig/nom-du-repo.git - - # --- Astuce : génère une paire de clés pour l’accès SSH Git --- - # ssh-keygen -t ed25519 -f ~/.ssh/id_git_forgejo - # puis ajoute la clé publique dans ton compte Forgejo + networking.firewall.allowedTCPPorts = [80 443 22 ]; } From fd12d647e4c44cbd75a0e7932427b76a9545ed03 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Thu, 16 Oct 2025 10:27:26 +0200 Subject: [PATCH 15/48] Fix: remove local adress from stats --- modules/services/goaccess.nix | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/modules/services/goaccess.nix b/modules/services/goaccess.nix index 7391f20..2cc069c 100644 --- a/modules/services/goaccess.nix +++ b/modules/services/goaccess.nix @@ -6,11 +6,23 @@ in { goaccess ]; - # Service pour générer le rapport statique GoAccess + environment.etc."local/bin/generate-goaccess.sh".text = '' + #!/bin/sh + set -eu + + RAW_LOG="/var/log/caddy/access-${globals.services.levr.url}.log" + CLEAN_LOG="/tmp/goaccess-clean.log" + REPORT="${globals.services.goaccess.home}/index.html" + + ${pkgs.gnugrep}/bin/grep -v '192.168.' "$RAW_LOG" > "$CLEAN_LOG" + ${pkgs.goaccess}/bin/goaccess "$CLEAN_LOG" --log-format=CADDY -o "$REPORT"; + ''; + environment.etc."local/bin/generate-goaccess.sh".mode = "0755"; + systemd.services.goaccess-report = { description = "Generate GoAccess HTML report"; serviceConfig = { - ExecStart = "${pkgs.goaccess}/bin/goaccess /var/log/caddy/access-${globals.services.levr.url}.log --log-format=CADDY -o ${globals.services.goaccess.home}/index.html"; + ExecStart = "/etc/local/bin/generate-goaccess.sh"; }; }; @@ -35,4 +47,8 @@ in { }; }; }; + + systemd.tmpfiles.rules = [ + "d ${globals.services.goaccess.home} 0755 root root -" + ]; } From 53c0163cccc4d92f06fb5f60d644191905796964 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Fri, 17 Oct 2025 22:43:24 +0200 Subject: [PATCH 16/48] Add: Agenix for caddy goaccess page --- flake.lock | 124 ++++++++++++++++++++++++++++++---- flake.nix | 4 ++ modules/services/goaccess.nix | 35 +++++++++- secrets/goaccess-password.age | Bin 0 -> 389 bytes secrets/secrets.nix | 8 +++ 5 files changed, 154 insertions(+), 17 deletions(-) create mode 100644 secrets/goaccess-password.age create mode 100644 secrets/secrets.nix diff --git a/flake.lock b/flake.lock index 53a0e95..17eda5c 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,48 @@ { "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1754433428, + "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", + "owner": "ryantm", + "repo": "agenix", + "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -24,15 +67,16 @@ "home-manager": { "inputs": { "nixpkgs": [ - "nixpkgs-unstable" + "agenix", + "nixpkgs" ] }, "locked": { - "lastModified": 1760239230, - "narHash": "sha256-eqSP/BAbQwNTlQ/6yuK0yILzZAPNNj91gp6oIfVtu/E=", + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", "owner": "nix-community", "repo": "home-manager", - "rev": "c4aaddeaecc09554c92518fd904e3e84b497ed09", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", "type": "github" }, "original": { @@ -62,18 +106,38 @@ "type": "github" } }, - "nixpkgs": { + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, "locked": { - "lastModified": 1760038930, - "narHash": "sha256-Oncbh0UmHjSlxO7ErQDM3KM0A5/Znfofj2BSzlHLeVw=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "0b4defa2584313f3b781240b29d61f6f9f7e0df3", + "lastModified": 1760239230, + "narHash": "sha256-eqSP/BAbQwNTlQ/6yuK0yILzZAPNNj91gp6oIfVtu/E=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "c4aaddeaecc09554c92518fd904e3e84b497ed09", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1754028485, + "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "59e69648d345d6e8fef86158c555730fa12af9de", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } @@ -110,10 +174,26 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1760038930, + "narHash": "sha256-Oncbh0UmHjSlxO7ErQDM3KM0A5/Znfofj2BSzlHLeVw=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "0b4defa2584313f3b781240b29d61f6f9f7e0df3", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1760244049, @@ -131,12 +211,28 @@ }, "root": { "inputs": { - "home-manager": "home-manager", + "agenix": "agenix", + "home-manager": "home-manager_2", "home-manager-stable": "home-manager-stable", "nixpkgs-stable": "nixpkgs-stable", "nixpkgs-unstable": "nixpkgs-unstable", "nur": "nur" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 37e242a..48f841b 100644 --- a/flake.nix +++ b/flake.nix @@ -13,6 +13,7 @@ inputs.nixpkgs.follows = "nixpkgs-unstable"; }; nur.url = "github:nix-community/NUR"; + agenix.url = "github:ryantm/agenix"; }; outputs = { @@ -21,6 +22,7 @@ home-manager-stable, home-manager, nur, + agenix, ... }: let mkUnstablePkgsWithNur = { @@ -50,10 +52,12 @@ }; terre-neuvas = nixpkgs-stable.lib.nixosSystem { + specialArgs = { inherit agenix; }; system = "x86_64-linux"; modules = [ ./hosts/terre-neuvas/configuration.nix home-manager-stable.nixosModules.home-manager + agenix.nixosModules.default ]; }; diff --git a/modules/services/goaccess.nix b/modules/services/goaccess.nix index 2cc069c..b403917 100644 --- a/modules/services/goaccess.nix +++ b/modules/services/goaccess.nix @@ -1,7 +1,14 @@ -{pkgs, ...}: +{pkgs, config, ...}: let globals = import ../../config/globals.nix ; in { + age.secrets.goaccess-password = { + file = ../../secrets/goaccess-password.age; + owner = "caddy"; + group = "caddy"; + mode = "0400"; + }; + environment.systemPackages = with pkgs; [ goaccess ]; @@ -26,7 +33,6 @@ in { }; }; - # Timer pour régénérer le rapport toutes les heures systemd.timers.goaccess-report = { description = "Hourly GoAccess report generation"; wantedBy = ["timers.target"]; @@ -35,20 +41,43 @@ in { Persistent = true; }; }; + + systemd.services."goaccess-auth-sync" = { + description = "Sync goaccess password for Caddy"; + wantedBy = [ "caddy.service" ]; + before = [ "caddy.service" ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = pkgs.writeScript "sync-goaccess-auth" '' + #!${pkgs.bash}/bin/bash + mkdir -p /etc/caddy/extra + cp /run/agenix/goaccess-password /etc/caddy/extra/goaccess-auth.conf + chown caddy:caddy /etc/caddy/extra/goaccess-auth.conf + chmod 400 /etc/caddy/extra/goaccess-auth.conf + ''; + }; + }; + services.caddy = { virtualHosts = { "${globals.services.goaccess.url}" = { extraConfig = '' root * ${globals.services.goaccess.home} + + basic_auth /* { + import /etc/caddy/extra/goaccess-auth.conf + } + file_server browse try_files {path} {path}/ /index.html - ''; + }; }; }; systemd.tmpfiles.rules = [ "d ${globals.services.goaccess.home} 0755 root root -" + "d /etc/caddy/extra 0750 caddy caddy -" ]; } diff --git a/secrets/goaccess-password.age b/secrets/goaccess-password.age new file mode 100644 index 0000000000000000000000000000000000000000..20d710c87bc1de24bdeaa778ca5f6840d82039f7 GIT binary patch literal 389 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7*3NVaNmmGnG;zr; zHZ)2rNy&*wt@11=PV{y6j0!f$%P&jxb+t?>@h-0{DhN$63gxOSb@UH#uXORwOO0?W z$u=`DFAXXW%k-~|^zjOI)XoViEw3tf$}==DPe-@SGB{A%FkQhtF<9TkFe=KzvBb@+ zsyr&pEZN1y!>1rgyVA`w$)%(;JfqO0EYQi(&6TS-%fLHNzsjjB+oasjE7Zv{r7*?G zCEPF5#H=#R+bb(8v8*&bGQ=`DGM!6TS63n2G~dNPCC|My*fK3NBPl~aIkzO)BGM!) zB{Rj`G|4p2z%k9zIkPIf!j(%vQlsJEx_PWm1!iSgI#~S*f7O;=wMOpwm9GcC*xTM} z-w^s``vu$o2UpICv^#O!@Jpz6xgGbCjGQ<7B@^fFu5&u6efF(r6dS{j#lGu;`0gZr YXZf+G;q;TpoqDUS`j=eZY;}Aw06`Ry`~Uy| literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..6f16f6f --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,8 @@ +let + serveur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPRVxB7usThGHf8cuSPE4sjdqSaPNlwWAZPEo1wUgHz6 root@terre-neuvas"; + admin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxranFaz3jRfvYE2M6FvRUWjzviIWjWd1mucgKeuSK2 lomig@nixos"; +in +{ + "goaccess-password.age".publicKeys = [ serveur admin ]; +} + From e8b1d7c26977b2586f6d8c464005c6f7e53aa587 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Sat, 18 Oct 2025 05:58:11 +0200 Subject: [PATCH 17/48] Delete: ftp.nix --- modules/services/ftp.nix | 67 ---------------------------------------- 1 file changed, 67 deletions(-) delete mode 100644 modules/services/ftp.nix diff --git a/modules/services/ftp.nix b/modules/services/ftp.nix deleted file mode 100644 index d077278..0000000 --- a/modules/services/ftp.nix +++ /dev/null @@ -1,67 +0,0 @@ -_: { - # ------------------------------------------------- - # 1️⃣ Création de l’utilisateur système dédié FTP - # ------------------------------------------------- - users.users.ftpuser = { - isSystemUser = true; # pas de login shell - description = "Compte FTP dédié"; - home = "/srv/ftp/ftpuser"; - createHome = true; - group = "ftpuser"; - shell = "/usr/bin/nologin"; - }; - users.groups.ftpuser = {}; - - services.openssh = { - extraConfig = '' - Match User ftpuser - ChrootDirectory /srv/ftp/ftpuser - ForceCommand internal-sftp - AllowTcpForwarding no - X11Forwarding no - ''; - }; - - # ------------------------------------------------- - # 2️⃣ Permissions du répertoire home (méthode A) - # ------------------------------------------------- - system.activationScripts.setupFtp = '' - # Répertoire racine du chroot – lecture‑seule - chmod a-w /srv/ftp/ftpuser - # Sous‑répertoire où l’on peut écrire - mkdir -p /srv/ftp/ftpuser/upload - chown ftpuser:ftpuser /srv/ftp/ftpuser/upload - chmod 755 /srv/ftp/ftpuser/upload - ''; - - # ------------------------------------------------- - # 3️⃣ Configuration du serveur vsftpd - # ------------------------------------------------- - services.vsftpd = { - enable = true; - - # Autoriser les comptes locaux (system users) - localUsers = true; - - # Refuser l’accès anonyme (sécurité renforcée) - anonymousUser = false; - - # Chroot chaque utilisateur local dans son $HOME - chrootlocalUser = true; - allowWriteableChroot = true; - - extraConfig = '' - pasv_min_port=40000 - pasv_max_port=40004 - ''; - }; - - # ------------------------------------------------- - # 4️⃣ Ouverture des ports dans le firewall NixOS - # ------------------------------------------------- - networking.firewall = { - allowedTCPPorts = [21 40000 40001 40002 40003 40004]; - # Si vous utilisez FTPS implicite (port 990) : - # allowedTCPPorts = [ 21 990 40000 40001 40002 40003 40004 ]; - }; -} From 94fc05580d7f5955ba9e140e367e537247dbae75 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Sat, 18 Oct 2025 05:59:40 +0200 Subject: [PATCH 18/48] Delete: pihole file --- modules/services/pihole.nix | 24 ------------------------ 1 file changed, 24 deletions(-) delete mode 100644 modules/services/pihole.nix diff --git a/modules/services/pihole.nix b/modules/services/pihole.nix deleted file mode 100644 index 78e4dc4..0000000 --- a/modules/services/pihole.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - virtualisation.oci-containers.containers.pihole = { - image = "pihole/pihole:latest"; - autoStart = true; - - ports = [ - "53:53/udp" - "53:53/tcp" - "80:80/tcp" - ]; - - environment = { - TZ = "Europe/Paris"; - WEBPASSWORD = "changeme"; # Change à ta convenance - PIHOLE_DNS_ = "1.1.1.1;1.0.0.1"; - }; - - volumes = [ - "/srv/pihole/etc-pihole:/etc/pihole" - "/srv/pihole/etc-dnsmasq.d:/etc/dnsmasq.d" - ]; - extraOptions = ["--cap-add=NET_ADMIN"]; - }; -} From 1e2e10879776dc00b529f6073c44daed0bd5bd44 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Sat, 18 Oct 2025 06:39:16 +0200 Subject: [PATCH 19/48] Refactor: delete overkill layers --- hosts/pennsardin/configuration.nix | 51 ++++++++++++++++++++++++++-- hosts/terre-neuvas/configuration.nix | 38 +++++++++++++++++++-- modules/roles/server.nix | 19 ----------- modules/roles/workstation.nix | 27 --------------- profiles/server-selfhosted.nix | 30 ---------------- profiles/workstation-bspwm.nix | 39 --------------------- 6 files changed, 85 insertions(+), 119 deletions(-) delete mode 100644 modules/roles/server.nix delete mode 100644 modules/roles/workstation.nix delete mode 100644 profiles/server-selfhosted.nix delete mode 100644 profiles/workstation-bspwm.nix diff --git a/hosts/pennsardin/configuration.nix b/hosts/pennsardin/configuration.nix index 9a9717a..98df612 100644 --- a/hosts/pennsardin/configuration.nix +++ b/hosts/pennsardin/configuration.nix @@ -3,9 +3,29 @@ let globals = import ../../config/globals.nix; in { imports = [ - ../../profiles/workstation-bspwm.nix - ../../modules/hardware/bepovim.nix ../../modules/common/nix.nix + ../../modules/hardware/bepovim.nix + ../modules/desktop/xorg-bspwm.nix + ../modules/common/base.nix + ../modules/common/fonts.nix + ../modules/common/networking.nix + ../modules/common/plymouth.nix + ../modules/common/audio.nix + ../modules/common/bluetooth.nix + ../modules/common/gaming.nix + ../modules/common/lockscreen.nix + ../modules/common/energy.nix + ../modules/common/qemu.nix + ../modules/common/smtp.nix + + ../modules/hardware/firmware.nix + ../modules/hardware/gpu-amd.nix + ../modules/hardware/sensors-zenpower.nix + + ../modules/services/printing.nix + + ../modules/virtual/kvm-amd.nix + ../modules/virtual/vfio.nix ]; networking.hostName = "pennsardin"; @@ -17,8 +37,35 @@ in { environment.systemPackages = with pkgs; [ lm_sensors + btrfs-progs + cifs-utils + evtest + git + vim + wget + curl + ripgrep + fd + pciutils + usbutils + p7zip + gdu + glances + parted + tmux + xorg.xauth + xorg.xkbcomp + xorg.xev ]; + services.openssh = { + enable = true; + settings = { + X11Forwarding = true; + X11DisplayOffset = 10; + }; + }; + fileSystems = { "/" = { device = "/dev/disk/by-uuid/b1a1ae71-4277-45d5-a3d2-f49354f263d4"; diff --git a/hosts/terre-neuvas/configuration.nix b/hosts/terre-neuvas/configuration.nix index 2774051..b90388b 100644 --- a/hosts/terre-neuvas/configuration.nix +++ b/hosts/terre-neuvas/configuration.nix @@ -12,9 +12,18 @@ in { imports = [ # Include the results of the hardware scan. ./hardware.nix - ../../profiles/server-selfhosted.nix - ../../modules/services/ftp.nix + ../../modules/common/nix.nix + ../../modules/roles/server.nix + ../../modules/common/base.nix + ../../modules/common/smtp.nix + ../../modules/common/qemu.nix + + ../../modules/services/goaccess.nix + ../../modules/services/wikijs.nix ../../modules/services/forgejo.nix + ../../modules/sites/porzh.me.nix + ../../modules/sites/levr.porzh.me.nix + ]; # Bootloader. @@ -48,7 +57,32 @@ in { environment.systemPackages = with pkgs; [ neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. git + + btrfs-progs + cifs-utils + lm_sensors + wakeonlan + wget + curl + ripgrep + fd + pciutils + usbutils + p7zip + gdu + glances + tmux + ]; + + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + PubkeyAuthentication = true; + }; + }; + networking = { useNetworkd = true; firewall.allowedTCPPorts = [22 80 5900 5901 5902]; diff --git a/modules/roles/server.nix b/modules/roles/server.nix deleted file mode 100644 index 67c158d..0000000 --- a/modules/roles/server.nix +++ /dev/null @@ -1,19 +0,0 @@ -{pkgs, ...}: { - imports = [ - ../common/nix.nix - ]; - - environment.systemPackages = with pkgs; [ - git - wget - curl - ripgrep - fd - pciutils - usbutils - p7zip - gdu - glances - tmux - ]; -} diff --git a/modules/roles/workstation.nix b/modules/roles/workstation.nix deleted file mode 100644 index b99a5c7..0000000 --- a/modules/roles/workstation.nix +++ /dev/null @@ -1,27 +0,0 @@ -{pkgs, ...}: { - imports = [ - ../common/nix.nix - ../hardware/gpu-amd.nix - ../hardware/sensors-zenpower.nix - ../virtual/kvm-amd.nix - ../virtual/vfio.nix - ]; - - environment.systemPackages = with pkgs; [ - git - vim - wget - curl - ripgrep - fd - pciutils - usbutils - p7zip - gdu - glances - parted - tmux - discord - xorg.xauth - ]; -} diff --git a/profiles/server-selfhosted.nix b/profiles/server-selfhosted.nix deleted file mode 100644 index 1f76436..0000000 --- a/profiles/server-selfhosted.nix +++ /dev/null @@ -1,30 +0,0 @@ -{pkgs, ...}: { - imports = [ - ../modules/roles/server.nix - ../modules/common/base.nix - ../modules/common/smtp.nix - ../modules/common/qemu.nix - ../modules/services/printing.nix - ../modules/services/goaccess.nix - ../modules/services/wikijs.nix - ../modules/sites/porzh.me.nix - ../modules/sites/levr.porzh.me.nix - ]; - - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - PubkeyAuthentication = true; - }; - }; - - environment.systemPackages = with pkgs; [ - btrfs-progs - cifs-utils - lm_sensors - wakeonlan - ]; -} -# vim: set ts=2 sw=2 sts=2 et : - diff --git a/profiles/workstation-bspwm.nix b/profiles/workstation-bspwm.nix deleted file mode 100644 index 6a1fa38..0000000 --- a/profiles/workstation-bspwm.nix +++ /dev/null @@ -1,39 +0,0 @@ -{pkgs, ...}: { - imports = [ - ../modules/roles/workstation.nix - ../modules/desktop/xorg-bspwm.nix - ../modules/common/base.nix - ../modules/common/fonts.nix - ../modules/common/networking.nix - ../modules/common/plymouth.nix - ../modules/hardware/firmware.nix - ../modules/hardware/gpu-amd.nix - ../modules/common/audio.nix - ../modules/common/bluetooth.nix - ../modules/common/gaming.nix - ../modules/services/printing.nix - ../modules/common/lockscreen.nix - ../modules/common/energy.nix - ../modules/common/qemu.nix - ../modules/common/smtp.nix - ]; - - services.openssh = { - enable = true; - settings = { - X11Forwarding = true; - X11DisplayOffset = 10; - }; - }; - - environment.systemPackages = with pkgs; [ - btrfs-progs - cifs-utils - evtest - lm_sensors - xorg.xev - xorg.xkbcomp - ]; -} -# vim: set ts=2 sw=2 sts=2 et : - From c59eb8b821fe851f044f06e4529155110887f536 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Sat, 18 Oct 2025 07:57:56 +0200 Subject: [PATCH 20/48] Fix: bad path for modules --- hosts/pennsardin/configuration.nix | 36 +++++++++++++++--------------- secrets/agenix/pennsardin.pub | 1 + 2 files changed, 19 insertions(+), 18 deletions(-) create mode 100644 secrets/agenix/pennsardin.pub diff --git a/hosts/pennsardin/configuration.nix b/hosts/pennsardin/configuration.nix index 98df612..bb5a009 100644 --- a/hosts/pennsardin/configuration.nix +++ b/hosts/pennsardin/configuration.nix @@ -5,27 +5,27 @@ in { imports = [ ../../modules/common/nix.nix ../../modules/hardware/bepovim.nix - ../modules/desktop/xorg-bspwm.nix - ../modules/common/base.nix - ../modules/common/fonts.nix - ../modules/common/networking.nix - ../modules/common/plymouth.nix - ../modules/common/audio.nix - ../modules/common/bluetooth.nix - ../modules/common/gaming.nix - ../modules/common/lockscreen.nix - ../modules/common/energy.nix - ../modules/common/qemu.nix - ../modules/common/smtp.nix + ../../modules/desktop/xorg-bspwm.nix + ../../modules/common/base.nix + ../../modules/common/fonts.nix + ../../modules/common/networking.nix + ../../modules/common/plymouth.nix + ../../modules/common/audio.nix + ../../modules/common/bluetooth.nix + ../../modules/common/gaming.nix + ../../modules/common/lockscreen.nix + ../../modules/common/energy.nix + ../../modules/common/qemu.nix + ../../modules/common/smtp.nix - ../modules/hardware/firmware.nix - ../modules/hardware/gpu-amd.nix - ../modules/hardware/sensors-zenpower.nix + ../../modules/hardware/firmware.nix + ../../modules/hardware/gpu-amd.nix + ../../modules/hardware/sensors-zenpower.nix - ../modules/services/printing.nix + ../../modules/services/printing.nix - ../modules/virtual/kvm-amd.nix - ../modules/virtual/vfio.nix + ../../modules/virtual/kvm-amd.nix + ../../modules/virtual/vfio.nix ]; networking.hostName = "pennsardin"; diff --git a/secrets/agenix/pennsardin.pub b/secrets/agenix/pennsardin.pub new file mode 100644 index 0000000..e16be5e --- /dev/null +++ b/secrets/agenix/pennsardin.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICZto2/k9ZiYzWxWM6sfZLq/fIUVDc3BwPb+00dOahkk root@pennsardin From 2955d80de6deb228dc50b79089676cb626c96e61 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Mon, 20 Oct 2025 07:46:55 +0200 Subject: [PATCH 21/48] Fix: bad import --- hosts/terre-neuvas/configuration.nix | 1 - modules/sites/levr.porzh.me.nix | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/hosts/terre-neuvas/configuration.nix b/hosts/terre-neuvas/configuration.nix index b90388b..9fa6a92 100644 --- a/hosts/terre-neuvas/configuration.nix +++ b/hosts/terre-neuvas/configuration.nix @@ -13,7 +13,6 @@ in { # Include the results of the hardware scan. ./hardware.nix ../../modules/common/nix.nix - ../../modules/roles/server.nix ../../modules/common/base.nix ../../modules/common/smtp.nix ../../modules/common/qemu.nix diff --git a/modules/sites/levr.porzh.me.nix b/modules/sites/levr.porzh.me.nix index 24cffca..7215cd7 100644 --- a/modules/sites/levr.porzh.me.nix +++ b/modules/sites/levr.porzh.me.nix @@ -27,7 +27,7 @@ in { serviceConfig = { Type = "oneshot"; WorkingDirectory = globals.services.levr.home; - ExecStart = "${pkgs.git}/bin/git pull origin master"; + ExecStart = "${pkgs.git}/bin/git pull --rebase origin master"; User = "levr"; }; environment = { From 14f57637f171f45d65bbd7177ba36fe1f488c8e9 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Mon, 20 Oct 2025 07:47:29 +0200 Subject: [PATCH 22/48] FLAKE: update --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 17eda5c..bfb7fd5 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1754433428, - "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", + "lastModified": 1760836749, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", + "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", "type": "github" }, "original": { @@ -113,11 +113,11 @@ ] }, "locked": { - "lastModified": 1760239230, - "narHash": "sha256-eqSP/BAbQwNTlQ/6yuK0yILzZAPNNj91gp6oIfVtu/E=", + "lastModified": 1760929667, + "narHash": "sha256-nZh6uvc71nVNaf/y+wesnjwsmJ6IZZUnP2EzpZe48To=", "owner": "nix-community", "repo": "home-manager", - "rev": "c4aaddeaecc09554c92518fd904e3e84b497ed09", + "rev": "189c21cf879669008ccf06e78a553f17e88d8ef0", "type": "github" }, "original": { @@ -144,11 +144,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1759994382, - "narHash": "sha256-wSK+3UkalDZRVHGCRikZ//CyZUJWDJkBDTQX1+G77Ow=", + "lastModified": 1760725957, + "narHash": "sha256-tdoIhL/NlER290HfSjOkgi4jfmjeqmqrzgnmiMtGepE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5da4a26309e796daa7ffca72df93dbe53b8164c7", + "rev": "81b927b14b7b3988334d5282ef9cba802e193fe1", "type": "github" }, "original": { @@ -160,11 +160,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1760161054, - "narHash": "sha256-PO3cKHFIQEPI0dr/SzcZwG50cHXfjoIqP2uS5W78OXg=", + "lastModified": 1760921481, + "narHash": "sha256-5aDRQrm4gUCIicnpKi2jo7K8M33i7C56uAmNmaiJQFs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e18d8ec6fafaed55561b7a1b54eb1c1ce3ffa2c5", + "rev": "773d463d37341ffc8bd05a704156e87b195173be", "type": "github" }, "original": { @@ -176,11 +176,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1760038930, - "narHash": "sha256-Oncbh0UmHjSlxO7ErQDM3KM0A5/Znfofj2BSzlHLeVw=", + "lastModified": 1760878510, + "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0b4defa2584313f3b781240b29d61f6f9f7e0df3", + "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", "type": "github" }, "original": { @@ -196,11 +196,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1760244049, - "narHash": "sha256-NTF95tGxmhrBQiREvxLK928ovkzJloEsuHLhwN2GDCY=", + "lastModified": 1760938759, + "narHash": "sha256-R/ZiW9qW+NGsFDF1Hvl4lIiPrfn+o2HFMTBsUaaWNoc=", "owner": "nix-community", "repo": "NUR", - "rev": "5fbc6ffa12c03d608618fc1986cf9fdab44fc5d5", + "rev": "96bc3f5b3f1cb0760e7a3876b317bd55b248cb3b", "type": "github" }, "original": { From e7e57b90af351ad2ec483a36142d93c878ec3c23 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Mon, 20 Oct 2025 08:00:46 +0200 Subject: [PATCH 23/48] Fix: git options change --- hm/common/git.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hm/common/git.nix b/hm/common/git.nix index 2399f41..897afa0 100644 --- a/hm/common/git.nix +++ b/hm/common/git.nix @@ -4,8 +4,10 @@ globals = import ../../config/globals.nix; in { programs.git = { enable = true; - userName = globals.admin.name; - userEmail = globals.admin.email; + settings.user = { + name = globals.admin.name; + email = globals.admin.email; + }; }; } # vim: set ts=2 sw=2 sts=2 et : From c6e5dc2762dabffa09fc0e4dfbfba5649ef5c21b Mon Sep 17 00:00:00 2001 From: DuN0z Date: Tue, 21 Oct 2025 23:55:59 +0200 Subject: [PATCH 24/48] Delete: colours.nix --- hm/common/colours.nix | 1 - 1 file changed, 1 deletion(-) delete mode 100644 hm/common/colours.nix diff --git a/hm/common/colours.nix b/hm/common/colours.nix deleted file mode 100644 index eed7124..0000000 --- a/hm/common/colours.nix +++ /dev/null @@ -1 +0,0 @@ -_: {} From 55aad968ab0f80e20a1870aeec179a9acfbd3216 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Wed, 22 Oct 2025 08:18:41 +0200 Subject: [PATCH 25/48] Add: neovim git configuration --- flake.lock | 59 +++++++++++--- flake.nix | 10 +++ hm/common/nvim.nix | 125 ----------------------------- hm/users/lomig.nix | 30 ++++++- hosts/pennsardin/configuration.nix | 1 + 5 files changed, 85 insertions(+), 140 deletions(-) delete mode 100644 hm/common/nvim.nix diff --git a/flake.lock b/flake.lock index bfb7fd5..e04f1d0 100644 --- a/flake.lock +++ b/flake.lock @@ -113,11 +113,11 @@ ] }, "locked": { - "lastModified": 1760929667, - "narHash": "sha256-nZh6uvc71nVNaf/y+wesnjwsmJ6IZZUnP2EzpZe48To=", + "lastModified": 1761081701, + "narHash": "sha256-IwpfaKg5c/WWQiy8b5QGaVPMvoEQ2J6kpwRFdpVpBNQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "189c21cf879669008ccf06e78a553f17e88d8ef0", + "rev": "9b4a2a7c4fbd75b422f00794af02d6edb4d9d315", "type": "github" }, "original": { @@ -144,11 +144,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1760725957, - "narHash": "sha256-tdoIhL/NlER290HfSjOkgi4jfmjeqmqrzgnmiMtGepE=", + "lastModified": 1760862643, + "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "81b927b14b7b3988334d5282ef9cba802e193fe1", + "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c", "type": "github" }, "original": { @@ -160,11 +160,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1760921481, - "narHash": "sha256-5aDRQrm4gUCIicnpKi2jo7K8M33i7C56uAmNmaiJQFs=", + "lastModified": 1761077392, + "narHash": "sha256-CvXrgrSqL4FSRBpnw2jYJgSDd+cQU2xv08i9jId5REo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "773d463d37341ffc8bd05a704156e87b195173be", + "rev": "78e184ebc71ffe05ce6ebf4175bc462c7ee42a8e", "type": "github" }, "original": { @@ -190,17 +190,31 @@ "type": "github" } }, + "nixpkgs_3": { + "locked": { + "lastModified": 1760965567, + "narHash": "sha256-0JDOal5P7xzzAibvD0yTE3ptyvoVOAL0rcELmDdtSKg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "cb82756ecc37fa623f8cf3e88854f9bf7f64af93", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, "nur": { "inputs": { "flake-parts": "flake-parts", "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1760938759, - "narHash": "sha256-R/ZiW9qW+NGsFDF1Hvl4lIiPrfn+o2HFMTBsUaaWNoc=", + "lastModified": 1761113343, + "narHash": "sha256-rRDrmrPAeqwnwPlmmUt8SPrkCs1zZfbMc1/eTc9Mx/I=", "owner": "nix-community", "repo": "NUR", - "rev": "96bc3f5b3f1cb0760e7a3876b317bd55b248cb3b", + "rev": "e16244aee8fd17d81458001de1657a6df23971e2", "type": "github" }, "original": { @@ -209,6 +223,24 @@ "type": "github" } }, + "nvim-config": { + "inputs": { + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1761113802, + "narHash": "sha256-HuP5TTFNzrxuro6UeA8+++BCV9x9rLhQ0bW5lbU3fTM=", + "ref": "refs/heads/master", + "rev": "154c606ecbc9069df8289e81b46025a6f9820867", + "revCount": 5, + "type": "git", + "url": "https://govel.porzh.me/DuN0z/neovim-config.git" + }, + "original": { + "type": "git", + "url": "https://govel.porzh.me/DuN0z/neovim-config.git" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -216,7 +248,8 @@ "home-manager-stable": "home-manager-stable", "nixpkgs-stable": "nixpkgs-stable", "nixpkgs-unstable": "nixpkgs-unstable", - "nur": "nur" + "nur": "nur", + "nvim-config": "nvim-config" } }, "systems": { diff --git a/flake.nix b/flake.nix index 48f841b..37c0869 100644 --- a/flake.nix +++ b/flake.nix @@ -14,6 +14,7 @@ }; nur.url = "github:nix-community/NUR"; agenix.url = "github:ryantm/agenix"; + nvim-config.url = "git+https://govel.porzh.me/DuN0z/neovim-config.git"; }; outputs = { @@ -23,6 +24,7 @@ home-manager, nur, agenix, + nvim-config, ... }: let mkUnstablePkgsWithNur = { @@ -37,6 +39,7 @@ in { nixosConfigurations = { pennsardin = nixpkgs-unstable.lib.nixosSystem { + specialArgs = { inherit nvim-config; }; system = "x86_64-linux"; pkgs = mkUnstablePkgsWithNur { system = "x86_64-linux"; @@ -48,6 +51,13 @@ modules = [ ./hosts/pennsardin/configuration.nix home-manager.nixosModules.home-manager + { + home-manager = { + useGlobalPkgs = true ; + useUserPackages = true ; + extraSpecialArgs = {inherit nvim-config; }; + }; + } ]; }; diff --git a/hm/common/nvim.nix b/hm/common/nvim.nix deleted file mode 100644 index 81ad9f0..0000000 --- a/hm/common/nvim.nix +++ /dev/null @@ -1,125 +0,0 @@ -{pkgs, ...}: { - programs.neovim = { - enable = true; - withNodeJs = true; - withPython3 = true; - - defaultEditor = true; - viAlias = true; - vimAlias = true; - - coc.enable = true; - - plugins = with pkgs.vimPlugins; [ - goyo-vim - nerdtree - limelight-vim - ]; - - extraConfig = '' - set number - set relativenumber - set scrolloff=4 - set signcolumn=yes - - set mouse=a - set clipboard=unnamedplus - - set ignorecase - set smartcase - set incsearch - - set tabstop=2 - set shiftwidth=2 - set expandtab - - set splitright - set splitbelow - set termguicolors - set updatetime=300 - - set undofile - - let mapleader = " " - - colorscheme retrobox - syntax enable - - nnoremap :Goyo - inoremap :Goyo - - let g:goyo_width = 100 - - command! Q qall! - - " --- Fichiers d’état : swap / backup / undo --- - let s:state = has('unix') ? $HOME . '/.local/state/nvim' : $HOME . '/nvim-state' - - " Crée les dossiers si besoin (silencieusement) - silent! call mkdir(s:state . '/swap', 'p') - silent! call mkdir(s:state . '/backup', 'p') - silent! call mkdir(s:state . '/undo', 'p') - - augroup MdNoSuggest - autocmd! - autocmd FileType markdown let b:coc_suggest_disable = 1 | let b:coc_diagnostic_disable = 1 - augroup END - - " Goyo : pas de coupure de mots + Limelight auto - autocmd User GoyoEnter - \ let w:_wrap=&l:wrap | let w:_tw=&l:textwidth | let w:_fo=&l:formatoptions | - \ setlocal wrap linebreak nolist textwidth=0 | - \ setlocal formatoptions-=t formatoptions-=c formatoptions-=r formatoptions-=o formatoptions-=l | - \ Limelight - - autocmd User GoyoLeave - \ if exists('w:_wrap') | let &l:wrap=w:_wrap | unlet w:_wrap | endif | - \ if exists('w:_tw') | let &l:textwidth=w:_tw | unlet w:_tw | endif | - \ if exists('w:_fo') | let &l:formatoptions=w:_fo | unlet w:_fo | endif | - \ Limelight! - - " Swap files (fichiers d’échange) - set directory^=~/.local/state/nvim/swap// - - " Backups (copie avant écriture) – optionnel mais utile - set backup - set writebackup - set backupdir=~/.local/state/nvim/backup// - - " Undo persistant (♥ pour la rédaction) - set undofile - set undodir=~/.local/state/nvim/undo// - - " --- Résolution auto des conflits de swap --- - augroup ResolveSwap - autocmd! - " Si un swap existe quand on ouvre un fichier… - autocmd SwapExists * call s:ResolveSwap(v:swapname, expand('')) - augroup END - - function! s:ResolveSwap(swapname, filename) abort - " Si le fichier sur disque est plus récent que le swap -> on édite quand même (e) - if getftime(a:filename) > getftime(a:swapname) - let v:swapchoice = 'e' " edit anyway (ignore le swap) - else - " Sinon, ouvre en lecture seule par prudence (o). - " Tu pourras décider ensuite (écraser, récupérer, diff). - let v:swapchoice = 'o' - endif - endfunction - - " Rendre les messages de swap moins dramatiques - set shortmess+=A - - inoremap pumvisible() ? coc#pum#confirm() : "\" - ''; - - extraPackages = with pkgs; [ - ripgrep - fd - xclip - ]; - }; -} -# vim: set ts=2 sw=2 sts=2 et : - diff --git a/hm/users/lomig.nix b/hm/users/lomig.nix index 54ece41..c94ba6b 100644 --- a/hm/users/lomig.nix +++ b/hm/users/lomig.nix @@ -1,6 +1,5 @@ -{pkgs, ...}: { +{pkgs, nvim-config, ...}: { imports = [ - ../common/nvim.nix ../../hm/common/git.nix ../../hm/common/zsh.nix ]; @@ -11,9 +10,36 @@ packages = with pkgs; [ bat tree + ruff + pyright + gcc + marksman + lua-language-server ]; }; + + programs.neovim = { + enable = true ; + viAlias = true ; + vimAlias = true; + }; + home.file.".config/nvim" = { + source = nvim-config ; + recursive = true ; + }; + programs.zsh.enable = true; + programs.ruff = { + enable = true ; + settings = { + line-length = 100; + per-file-ignores = { "__init__.py" = [ "F401" ]; }; + lint = { + select = [ "E4" "E7" "E9" "F" ]; + ignore = [ ]; + }; + }; + }; } # vim: set ts=2 sw=2 sts=2 et : diff --git a/hosts/pennsardin/configuration.nix b/hosts/pennsardin/configuration.nix index bb5a009..dd1a899 100644 --- a/hosts/pennsardin/configuration.nix +++ b/hosts/pennsardin/configuration.nix @@ -63,6 +63,7 @@ in { settings = { X11Forwarding = true; X11DisplayOffset = 10; + X11UseLocalhost = true ; }; }; From 1a2f93f9771fe58317943a05f2e6068fc6a96f8b Mon Sep 17 00:00:00 2001 From: DuN0z Date: Wed, 22 Oct 2025 09:37:47 +0200 Subject: [PATCH 26/48] Fix: nvim config in separate file --- hm/common/nvim.nix | 32 ++++++++++++++++++++++++++++++++ hm/users/lomig.nix | 31 +++---------------------------- 2 files changed, 35 insertions(+), 28 deletions(-) create mode 100644 hm/common/nvim.nix diff --git a/hm/common/nvim.nix b/hm/common/nvim.nix new file mode 100644 index 0000000..64c9a1c --- /dev/null +++ b/hm/common/nvim.nix @@ -0,0 +1,32 @@ +{ pkgs, nvim-config, ...}: { + home.packages = with pkgs; [ + ruff + pyright + gcc + marksman + lua-language-server + ]; + + programs.neovim = { + enable = true ; + viAlias = true ; + vimAlias = true; + }; + home.file.".config/nvim" = { + source = nvim-config ; + recursive = true ; + }; + programs.ruff = { + enable = true ; + settings = { + line-length = 100; + per-file-ignores = { "__init__.py" = [ "F401" ]; }; + lint = { + select = [ "E4" "E7" "E9" "F" ]; + ignore = [ ]; + }; + }; + }; +} + +# vim: set ts=2 sw=2 sts=2 et : diff --git a/hm/users/lomig.nix b/hm/users/lomig.nix index c94ba6b..f1e427a 100644 --- a/hm/users/lomig.nix +++ b/hm/users/lomig.nix @@ -1,45 +1,20 @@ {pkgs, nvim-config, ...}: { imports = [ ../../hm/common/git.nix + ../../hm/common/nvim.nix ../../hm/common/zsh.nix ]; - home.stateVersion = "25.05"; # ou ton actuelle home = { username = "lomig"; homeDirectory = "/home/lomig"; packages = with pkgs; [ bat tree - ruff - pyright - gcc - marksman - lua-language-server ]; }; - programs.neovim = { - enable = true ; - viAlias = true ; - vimAlias = true; - }; - home.file.".config/nvim" = { - source = nvim-config ; - recursive = true ; - }; - programs.zsh.enable = true; - programs.ruff = { - enable = true ; - settings = { - line-length = 100; - per-file-ignores = { "__init__.py" = [ "F401" ]; }; - lint = { - select = [ "E4" "E7" "E9" "F" ]; - ignore = [ ]; - }; - }; - }; + + home.stateVersion = "25.05"; # ou ton actuelle } # vim: set ts=2 sw=2 sts=2 et : - From 1dc4d79e20fd865daef9582338a9478f5f7ca300 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Thu, 23 Oct 2025 03:32:00 +0200 Subject: [PATCH 27/48] Fix: git for stable version --- flake.nix | 9 ++++++++- hm/common/git.nix | 12 +++++++++--- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index 37c0869..d39d8bd 100644 --- a/flake.nix +++ b/flake.nix @@ -62,11 +62,18 @@ }; terre-neuvas = nixpkgs-stable.lib.nixosSystem { - specialArgs = { inherit agenix; }; + specialArgs = { inherit agenix; inherit nvim-config; }; system = "x86_64-linux"; modules = [ ./hosts/terre-neuvas/configuration.nix home-manager-stable.nixosModules.home-manager + { + home-manager = { + useGlobalPkgs = true ; + useUserPackages = true ; + extraSpecialArgs = {inherit nvim-config; }; + }; + } agenix.nixosModules.default ]; }; diff --git a/hm/common/git.nix b/hm/common/git.nix index 897afa0..770d55d 100644 --- a/hm/common/git.nix +++ b/hm/common/git.nix @@ -1,14 +1,20 @@ -_: +{ lib, config, ...}: let globals = import ../../config/globals.nix; +nixosRelease = lib.attrByPath [ "system" "nixos" "release" ] "0.0" config; +newGit = lib.versionAtLeast nixosRelease "25.11"; in { - programs.git = { + programs.git = if newGit then { enable = true; settings.user = { name = globals.admin.name; email = globals.admin.email; + }; + } else { + enable = true; + userName = globals.admin.name; + userEmail = globals.admin.email; }; - }; } # vim: set ts=2 sw=2 sts=2 et : From 392e7790f4f214835f5d0650a1eace6f405d1b04 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Thu, 23 Oct 2025 09:08:06 +0200 Subject: [PATCH 28/48] Add: disko pennsardin --- disko/pennsardin.nix | 185 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 185 insertions(+) create mode 100644 disko/pennsardin.nix diff --git a/disko/pennsardin.nix b/disko/pennsardin.nix new file mode 100644 index 0000000..3f1e614 --- /dev/null +++ b/disko/pennsardin.nix @@ -0,0 +1,185 @@ +{ ... }: { + disko.devices = { + disk.main = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "512MiB"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot/efi"; + mountOptions = [ "umask=0077" "noauto" ]; + }; + }; + + rescue = { + size = "8GiB"; + type = "8300"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/rescue"; + mountOptions = [ "nofail" "noauto" "nosuid" "nodev" "noexec" ]; + }; + }; + + root = { + size = "100%"; + type = "8e00"; # LVM partition + content = { + type = "lvm_pv"; + vg = "vg-main"; + }; + }; + }; + }; + }; + + lvm_vg."vg-main" = { + type = "lvm_vg"; + lvs = { + # -- Système principal -- + lv-root = { + size = "100G"; + content = { + type = "btrfs"; + mountpoint = "/"; + mountOptions = [ "compress=zstd:3" "noatime" "space_cache=v2" "discard=async" ]; + }; + }; + + lv-home = { + size = "100G"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + mountpoint = "/home"; + mountOptions = [ + "compress=zstd:3" + "noatime" + "nodev" + "nosuid" + "space_cache=v2" + "discard=async" + ]; + subvolumes = { + "@homebin" = { + mountpoint = "/home/dunoz/bin"; + mountOptions = [ + "compress=zstd:3" + "noatime" + "nodev" + "nosuid" + "space_cache=v2" + "discard=async" + "subvol=@homebin" + ]; + }; + }; + }; + }; + + lv-nix = { + size = "80G"; + content = { + type = "btrfs"; + mountpoint = "/nix"; + mountOptions = [ "compress=zstd:3" "noatime" "space_cache=v2" "discard=async" ]; + }; + }; + + lv-var = { + size = "50G"; + content = { + type = "btrfs"; + mountpoint = "/var"; + mountOptions = [ "compress=zstd:3" "noatime" "nodev" "nosuid" "space_cache=v2" "discard=async" ]; + }; + }; + + # -- Données & builds (no COW) -- + lv-work = { + size = "100G"; + content = { + type = "btrfs"; + mountpoint = "/home/dunoz/Work"; + mountOptions = [ "nodatacow" "noatime" "nodev" "space_cache=v2" "discard=async" ]; + }; + }; + + lv-games = { + size = "200G"; + content = { + type = "btrfs"; + mountpoint = "/home/dunoz/.local/share/Steam"; + mountOptions = [ "nodatacow" "noatime" "nodev" "space_cache=v2" "discard=async" ]; + }; + }; + + lv-qemu = { + size = "200G"; + content = { + type = "btrfs"; + mountpoint = "/var/lib/libvirt/images"; + mountOptions = [ "nodatacow" "noatime" "nodev" "nosuid" "space_cache=v2" "discard=async" ]; + }; + }; + + lv-container = { + size = "20G"; + content = { + type = "btrfs"; + mountpoint = "/var/lib/machines"; + mountOptions = [ "nodatacow" "noatime" "nodev" "nosuid" "space_cache=v2" "discard=async" ]; + }; + }; + }; + }; + + filesystem.raid = { + type = "filesystem"; + device = "/dev/md0"; + format = "btrfs"; + mountpoint = "/srv/raid"; + mountOptions = [ "compress=zstd:3" "noatime" "nofail" "noexec" "nodev" "nosuid" "space_cache=v2" "discard=async" ]; + }; + + bindmounts = { + docs = { + device = "/srv/raid/home-data/Documents"; + mountpoint = "/home/dunoz/Documents"; + options = [ "bind" "nofail" "nosuid" "nodev" "noexec" ]; + }; + images = { + device = "/srv/raid/home-data/Images"; + mountpoint = "/home/dunoz/Images"; + options = [ "bind" "nofail" "nosuid" "nodev" "noexec" ]; + }; + music = { + device = "/srv/raid/home-data/Musique"; + mountpoint = "/home/dunoz/Musique"; + options = [ "bind" "nofail" "nosuid" "nodev" "noexec" ]; + }; + downloads = { + device = "/srv/raid/home-data/Téléchargements"; + mountpoint = "/home/dunoz/Téléchargements"; + options = [ "bind" "nofail" "nosuid" "nodev" "noexec" ]; + }; + videos = { + device = "/srv/raid/home-data/Vidéos"; + mountpoint = "/home/dunoz/Vidéos"; + options = [ "bind" "nofail" "nosuid" "nodev" "noexec" ]; + }; + config = { + device = "/srv/raid/home-data/nixos-config"; + mountpoint = "/home/dunoz/nixos-config"; + options = [ "bind" "nofail" "nosuid" "nodev" ]; + }; + }; + }; +} From 68fc91b3f7f3d59ee752bde3d871b69b3b83b5d5 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Sun, 26 Oct 2025 09:28:26 +0100 Subject: [PATCH 29/48] FLAKE: update --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index e04f1d0..bbc40a1 100644 --- a/flake.lock +++ b/flake.lock @@ -113,11 +113,11 @@ ] }, "locked": { - "lastModified": 1761081701, - "narHash": "sha256-IwpfaKg5c/WWQiy8b5QGaVPMvoEQ2J6kpwRFdpVpBNQ=", + "lastModified": 1761446278, + "narHash": "sha256-RHABglEx32ruvQ+4OqPibeZC/reBfDEBaqKJF0pe4YE=", "owner": "nix-community", "repo": "home-manager", - "rev": "9b4a2a7c4fbd75b422f00794af02d6edb4d9d315", + "rev": "64020f453bdf3634bf88a6bbce7f3e56183c8b2b", "type": "github" }, "original": { @@ -144,11 +144,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1760862643, - "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=", + "lastModified": 1761173472, + "narHash": "sha256-m9W0dYXflzeGgKNravKJvTMR4Qqa2MVD11AwlGMufeE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c", + "rev": "c8aa8cc00a5cb57fada0851a038d35c08a36a2bb", "type": "github" }, "original": { @@ -160,11 +160,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1761077392, - "narHash": "sha256-CvXrgrSqL4FSRBpnw2jYJgSDd+cQU2xv08i9jId5REo=", + "lastModified": 1761458099, + "narHash": "sha256-XeAdn1NidGKXSwlepyjH+n58hsCDqbpx1M8sdDM2Ggc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "78e184ebc71ffe05ce6ebf4175bc462c7ee42a8e", + "rev": "d8cc1036c65d3c9468a91443a75b51276279ac61", "type": "github" }, "original": { @@ -176,11 +176,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "lastModified": 1761114652, + "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c", "type": "github" }, "original": { @@ -192,11 +192,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1760965567, - "narHash": "sha256-0JDOal5P7xzzAibvD0yTE3ptyvoVOAL0rcELmDdtSKg=", + "lastModified": 1761349956, + "narHash": "sha256-tH3wHnOJms+U4k/rK2Nn1RfBrhffX92jLP/2VndSn0w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cb82756ecc37fa623f8cf3e88854f9bf7f64af93", + "rev": "02f2cb8e0feb4596d20cc52fda73ccee960e3538", "type": "github" }, "original": { @@ -210,11 +210,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1761113343, - "narHash": "sha256-rRDrmrPAeqwnwPlmmUt8SPrkCs1zZfbMc1/eTc9Mx/I=", + "lastModified": 1761464682, + "narHash": "sha256-2imv08WWOHYWcnQrYjrwu3E51lRiTC4juOlpjxv7PFw=", "owner": "nix-community", "repo": "NUR", - "rev": "e16244aee8fd17d81458001de1657a6df23971e2", + "rev": "9884b590665cf055b01b82dadd0e489401e5fa51", "type": "github" }, "original": { From 000d1c4833f06db317a64c554efc47dad396234f Mon Sep 17 00:00:00 2001 From: DuN0z Date: Wed, 29 Oct 2025 08:52:21 +0100 Subject: [PATCH 30/48] Fix: no more *-small repositories --- flake.lock | 20 ++++++++++---------- flake.nix | 3 ++- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index bbc40a1..5463905 100644 --- a/flake.lock +++ b/flake.lock @@ -113,11 +113,11 @@ ] }, "locked": { - "lastModified": 1761446278, - "narHash": "sha256-RHABglEx32ruvQ+4OqPibeZC/reBfDEBaqKJF0pe4YE=", + "lastModified": 1761468550, + "narHash": "sha256-nY4vyN1QdHhC5Gj3545fI2Y7FSr/gs8ID4gPmF8HPww=", "owner": "nix-community", "repo": "home-manager", - "rev": "64020f453bdf3634bf88a6bbce7f3e56183c8b2b", + "rev": "1830716059bfee7cbcfbfcc38d7be98e482a5762", "type": "github" }, "original": { @@ -160,16 +160,16 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1761458099, - "narHash": "sha256-XeAdn1NidGKXSwlepyjH+n58hsCDqbpx1M8sdDM2Ggc=", + "lastModified": 1761114652, + "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d8cc1036c65d3c9468a91443a75b51276279ac61", + "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable-small", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -210,11 +210,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1761464682, - "narHash": "sha256-2imv08WWOHYWcnQrYjrwu3E51lRiTC4juOlpjxv7PFw=", + "lastModified": 1761468518, + "narHash": "sha256-jQlJViRdv9ntXlY/w1KZ2g5qgAyblpbL4pVxLzUO63Q=", "owner": "nix-community", "repo": "NUR", - "rev": "9884b590665cf055b01b82dadd0e489401e5fa51", + "rev": "e7ef6f5eb509d8f704192d30bfeb41348a22a915", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index d39d8bd..6f6ee3a 100644 --- a/flake.nix +++ b/flake.nix @@ -7,7 +7,7 @@ url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs-stable"; }; - nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; + nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs-unstable"; @@ -38,6 +38,7 @@ }; in { nixosConfigurations = { + pennsardin = nixpkgs-unstable.lib.nixosSystem { specialArgs = { inherit nvim-config; }; system = "x86_64-linux"; From 567d2949f9152eed804e144100a476cf04df5804 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Wed, 29 Oct 2025 08:53:20 +0100 Subject: [PATCH 31/48] Fix: Optimise imports --- hm/desktop/bspwm.nix | 3 --- hm/users/lomig-desktop.nix | 2 ++ hm/users/lomig.nix | 1 - modules/common/qemu.nix | 1 + 4 files changed, 3 insertions(+), 4 deletions(-) diff --git a/hm/desktop/bspwm.nix b/hm/desktop/bspwm.nix index b92376e..120bccb 100644 --- a/hm/desktop/bspwm.nix +++ b/hm/desktop/bspwm.nix @@ -4,9 +4,6 @@ lib, ... }: { - imports = [ - ../common/browser.nix - ]; home.packages = with pkgs; [ bspwm sxhkd diff --git a/hm/users/lomig-desktop.nix b/hm/users/lomig-desktop.nix index 9be4152..392ce71 100644 --- a/hm/users/lomig-desktop.nix +++ b/hm/users/lomig-desktop.nix @@ -1,6 +1,8 @@ {pkgs, ...}: { imports = [ ../desktop/bspwm.nix + ../common/browser.nix + ../common/nvim.nix ./lomig.nix ]; home = { diff --git a/hm/users/lomig.nix b/hm/users/lomig.nix index f1e427a..965c91c 100644 --- a/hm/users/lomig.nix +++ b/hm/users/lomig.nix @@ -1,7 +1,6 @@ {pkgs, nvim-config, ...}: { imports = [ ../../hm/common/git.nix - ../../hm/common/nvim.nix ../../hm/common/zsh.nix ]; home = { diff --git a/modules/common/qemu.nix b/modules/common/qemu.nix index ddb4ecf..c86e61c 100644 --- a/modules/common/qemu.nix +++ b/modules/common/qemu.nix @@ -8,6 +8,7 @@ environment.systemPackages = with pkgs; [ qemu qemu_kvm + tunctl virtiofsd ]; From 667179af2a922c2f06add95a167ef55b039e3813 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Wed, 29 Oct 2025 09:08:35 +0100 Subject: [PATCH 32/48] Fix: Picom in its own file --- hm/{desktop => }/common/picom.nix | 3 ++- hm/desktop/bspwm.nix | 15 +++------------ 2 files changed, 5 insertions(+), 13 deletions(-) rename hm/{desktop => }/common/picom.nix (96%) diff --git a/hm/desktop/common/picom.nix b/hm/common/picom.nix similarity index 96% rename from hm/desktop/common/picom.nix rename to hm/common/picom.nix index 8f21aa2..514c6ce 100644 --- a/hm/desktop/common/picom.nix +++ b/hm/common/picom.nix @@ -1,4 +1,5 @@ -_: { +{ pkgs, ... }: { + home.packages = pkgs.picom ; services.picom = { enable = true; backend = "glx"; # plus fluide si ta carte gère bien OpenGL diff --git a/hm/desktop/bspwm.nix b/hm/desktop/bspwm.nix index 120bccb..0230ff6 100644 --- a/hm/desktop/bspwm.nix +++ b/hm/desktop/bspwm.nix @@ -4,6 +4,9 @@ lib, ... }: { + imports = [ + ../common/picom.nix + ]; home.packages = with pkgs; [ bspwm sxhkd @@ -13,7 +16,6 @@ rofi feh font-awesome - picom xorg.xset xidlehook betterlockscreen @@ -29,7 +31,6 @@ protonvpn-gui ]; - # Gère le ssh-agent proprement côté user services.ssh-agent.enable = true; xsession = { @@ -37,7 +38,6 @@ windowManager.bspwm = { enable = true; - # Démarrages au login X startupPrograms = [ "sxhkd -m 1" "setxkbmap bepovim" @@ -55,14 +55,6 @@ }; }; - # xsession.initExtra = '' - # xset s 300 300 - # xset s on - # xset s noblank - # xset +dpms - # xset dpms 0 0 500 - # ''; - services = { sxhkd = { enable = true; @@ -138,7 +130,6 @@ }; }; - # xidlehook (user service) systemd.user.services.xidlehook = { Unit.Description = "Idle: lock at 5min, suspend at ~8min"; Service = { From cf06d8b10ccb6d8d165f70f57f95cd3cd1ead2a7 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Wed, 29 Oct 2025 09:11:21 +0100 Subject: [PATCH 33/48] Add: script to get imports hierarchy --- scripts/imports.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100755 scripts/imports.sh diff --git a/scripts/imports.sh b/scripts/imports.sh new file mode 100755 index 0000000..101e153 --- /dev/null +++ b/scripts/imports.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash + +find $HOME/nixos-config -name "*.nix" | while read -r file; do + imports=$(awk ' + /imports[[:space:]]*=/ {flag=1} + flag {print} + /\]/ && flag {flag=0} + ' "$file" | grep -vE 'imports[[:space:]]*=' | grep -v '\[' | grep -v '\]' | sed 's/^[[:space:]]*//; s/[[:space:]]*$//') + + if [[ -n "$imports" ]]; then + echo "$file imports:" + echo "$imports" | sed 's/^/ |--- /' + echo + fi +done From 7a1225d3ef1f26ec972d73c078f9557c1a570a9a Mon Sep 17 00:00:00 2001 From: DuN0z Date: Wed, 29 Oct 2025 09:16:21 +0100 Subject: [PATCH 34/48] Fix: picom - bad package definition --- hm/common/picom.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hm/common/picom.nix b/hm/common/picom.nix index 514c6ce..1b215aa 100644 --- a/hm/common/picom.nix +++ b/hm/common/picom.nix @@ -1,5 +1,5 @@ { pkgs, ... }: { - home.packages = pkgs.picom ; + home.packages = [ pkgs.picom ] ; services.picom = { enable = true; backend = "glx"; # plus fluide si ta carte gère bien OpenGL From e2177beef1de56cd00d0fb0fc83a791022f534db Mon Sep 17 00:00:00 2001 From: DuN0z Date: Wed, 29 Oct 2025 10:05:40 +0100 Subject: [PATCH 35/48] Fix: betterlockscreen in its own file --- hm/common/betterlockscreen.nix | 21 +++++++++++++++++++++ hm/desktop/bspwm.nix | 19 +------------------ 2 files changed, 22 insertions(+), 18 deletions(-) create mode 100644 hm/common/betterlockscreen.nix diff --git a/hm/common/betterlockscreen.nix b/hm/common/betterlockscreen.nix new file mode 100644 index 0000000..7261626 --- /dev/null +++ b/hm/common/betterlockscreen.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }:{ + home.packages = with pkgs; [ + xidlehook + betterlockscreen + ]; + + systemd.user.services.xidlehook = { + Unit.Description = "Idle: lock at 5min, suspend at ~8min"; + Service = { + ExecStart = '' + ${pkgs.xidlehook}/bin/xidlehook \ + --detect-sleep \ + --not-when-fullscreen \ + --timer 300 "${pkgs.betterlockscreen}/bin/betterlockscreen -l dim" "" \ + --timer 500 "systemctl suspend" "" + ''; + Restart = "always"; + }; + Install.WantedBy = ["graphical-session.target"]; + }; +} diff --git a/hm/desktop/bspwm.nix b/hm/desktop/bspwm.nix index 0230ff6..45d7b8f 100644 --- a/hm/desktop/bspwm.nix +++ b/hm/desktop/bspwm.nix @@ -6,6 +6,7 @@ }: { imports = [ ../common/picom.nix + ../common/betterlockscreen.nix ]; home.packages = with pkgs; [ bspwm @@ -16,9 +17,6 @@ rofi feh font-awesome - xorg.xset - xidlehook - betterlockscreen pywal16 imagemagick pulsemixer @@ -130,21 +128,6 @@ }; }; - systemd.user.services.xidlehook = { - Unit.Description = "Idle: lock at 5min, suspend at ~8min"; - Service = { - ExecStart = '' - ${pkgs.xidlehook}/bin/xidlehook \ - --detect-sleep \ - --not-when-fullscreen \ - --timer 300 "${pkgs.betterlockscreen}/bin/betterlockscreen -l dim" "" \ - --timer 500 "systemctl suspend" "" - ''; - Restart = "always"; - }; - Install.WantedBy = ["graphical-session.target"]; - }; - programs = { alacritty = { enable = true; From cfe1fbf185b03d656cc6861b23324d0d7348e7a1 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Wed, 29 Oct 2025 18:31:07 +0100 Subject: [PATCH 36/48] Add: Penduick on Thinkpad T480 --- flake.nix | 27 +++++++++- hm/users/dunoz-desktop.nix | 18 +++++++ hm/users/dunoz.nix | 19 +++++++ hosts/penduick/configuration.nix | 54 +++++++++++++++++++ hosts/penduick/hardware-configuration.nix | 66 +++++++++++++++++++++++ 5 files changed, 183 insertions(+), 1 deletion(-) create mode 100644 hm/users/dunoz-desktop.nix create mode 100644 hm/users/dunoz.nix create mode 100644 hosts/penduick/configuration.nix create mode 100644 hosts/penduick/hardware-configuration.nix diff --git a/flake.nix b/flake.nix index 6f6ee3a..e81df2e 100644 --- a/flake.nix +++ b/flake.nix @@ -38,7 +38,6 @@ }; in { nixosConfigurations = { - pennsardin = nixpkgs-unstable.lib.nixosSystem { specialArgs = { inherit nvim-config; }; system = "x86_64-linux"; @@ -79,6 +78,32 @@ ]; }; + penduick = nixpkgs-unstable.lib.nixosSystem { + specialArgs = { inherit nvim-config; }; + system = "x86_64-linux"; + pkgs = mkUnstablePkgsWithNur { + system = "x86_64-linux"; + config = { + allowUnfree = true; + allowUnsupportedSystem = true; + }; + }; + + modules = [ + ./hosts/penduick/configuration.nix + home-manager.nixosModules.home-manager + { + home-manager = { + useGlobalPkgs = true ; + useUserPackages = true ; + extraSpecialArgs = {inherit nvim-config; }; + }; + } + agenix.nixosModules.default + ]; + + }; + forbann = nixpkgs-stable.lib.nixosSystem { system = "x86_64-linux"; modules = [ diff --git a/hm/users/dunoz-desktop.nix b/hm/users/dunoz-desktop.nix new file mode 100644 index 0000000..8b017b8 --- /dev/null +++ b/hm/users/dunoz-desktop.nix @@ -0,0 +1,18 @@ +{pkgs, ...}: { + imports = [ + ../desktop/bspwm.nix + ../common/browser.nix + ../common/nvim.nix + ./dunoz.nix + ]; + home = { + packages = with pkgs; [ + fastfetch + nerd-fonts.iosevka + proton-pass + smug + ]; + }; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/hm/users/dunoz.nix b/hm/users/dunoz.nix new file mode 100644 index 0000000..b32120c --- /dev/null +++ b/hm/users/dunoz.nix @@ -0,0 +1,19 @@ +{pkgs, nvim-config, ...}: { + imports = [ + ../../hm/common/git.nix + ../../hm/common/zsh.nix + ]; + home = { + username = "dunoz"; + homeDirectory = "/home/dunoz"; + packages = with pkgs; [ + bat + tree + ]; + }; + + programs.zsh.enable = true; + + home.stateVersion = "25.05"; # ou ton actuelle +} +# vim: set ts=2 sw=2 sts=2 et : diff --git a/hosts/penduick/configuration.nix b/hosts/penduick/configuration.nix new file mode 100644 index 0000000..0bc789a --- /dev/null +++ b/hosts/penduick/configuration.nix @@ -0,0 +1,54 @@ +{ config, pkgs, ... }: +let + globals = import ../../config/globals.nix; +in { + imports = [ + ./hardware-configuration.nix + ../../modules/desktop/xorg-bspwm.nix + ../../modules/common/nix.nix + ../../modules/common/base.nix + ../../modules/common/fonts.nix + ../../modules/common/networking.nix + ../../modules/common/plymouth.nix + ../../modules/common/audio.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.initrd.luks.devices.cryptroot.device = "/dev/nvme0n1p3"; + + networking.hostName = "penduick"; + networking.networkmanager.enable = true; + + console.keyMap = "fr"; + + services.openssh.enable = true; + services.openssh.settings = { + PermitRootLogin = "no"; + PasswordAuthentication = true; + }; + + users.users.dunoz = { + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" ]; + initialPassword = "temp"; + }; + + home-manager = { + useGlobalPkgs = true ; + users.dunoz = import ../../hm/users/dunoz-desktop.nix ; + }; + + environment.systemPackages = with pkgs; [ + vim git btop htop wget curl + neovim + ]; + + + + +# Optionnel mais utile pour SSH au démarrage +systemd.services.sshd.wantedBy = [ "multi-user.target" ]; + + system.stateVersion = "25.05"; +} diff --git a/hosts/penduick/hardware-configuration.nix b/hosts/penduick/hardware-configuration.nix new file mode 100644 index 0000000..a473630 --- /dev/null +++ b/hosts/penduick/hardware-configuration.nix @@ -0,0 +1,66 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/233c2886-05e4-4f9f-a708-6c920c7d9e32"; + fsType = "btrfs"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/09b55bee-0134-4e96-8183-e85412fa7724"; + fsType = "btrfs"; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/4ce480f5-8212-4b28-b275-a0250c2edae1"; + fsType = "btrfs"; + }; + + fileSystems."/var" = + { device = "/dev/disk/by-uuid/f54d2ebe-f1ca-4471-a9a5-6959280984ee"; + fsType = "btrfs"; + }; + + fileSystems."/persist" = + { device = "/dev/disk/by-uuid/829b6a38-e49a-46ca-8737-b21c86c93352"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/B68E-0AAC"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + fileSystems."/rescue" = + { device = "/dev/disk/by-uuid/af3f9f20-2a6c-44e2-ad81-f07bd18ae283"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/41fcc628-50bf-43df-9daa-0095b45fd9bd"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} From 09e28be9db5427246265d6228cf904daeee13c1f Mon Sep 17 00:00:00 2001 From: DuN0z Date: Wed, 29 Oct 2025 19:06:52 +0100 Subject: [PATCH 37/48] Fix: Last kernel on Penduick --- hosts/penduick/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/penduick/configuration.nix b/hosts/penduick/configuration.nix index 0bc789a..bca57b8 100644 --- a/hosts/penduick/configuration.nix +++ b/hosts/penduick/configuration.nix @@ -13,6 +13,7 @@ in { ../../modules/common/audio.nix ]; + boot.kernelPackages = pkgs.linuxPackages_latest; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.initrd.luks.devices.cryptroot.device = "/dev/nvme0n1p3"; From 1151aaa3cb6291f201bfa5e667ef3d0d63810ba7 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Wed, 29 Oct 2025 22:57:34 +0100 Subject: [PATCH 38/48] Add: alias for agenix --- hm/common/zsh.nix | 1 + hosts/penduick/configuration.nix | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/hm/common/zsh.nix b/hm/common/zsh.nix index 7f1a8f1..2cd45b5 100644 --- a/hm/common/zsh.nix +++ b/hm/common/zsh.nix @@ -20,6 +20,7 @@ _: { shellAliases = { h = "history"; upd = "sudo nixos-rebuild switch --flake $HOME/nixos-config#pennsardin; source ~/.zshrc"; + agenix = "nix run github:ryantm/agenix --"; }; shellGlobalAliases = { G = "| grep"; diff --git a/hosts/penduick/configuration.nix b/hosts/penduick/configuration.nix index bca57b8..21862f2 100644 --- a/hosts/penduick/configuration.nix +++ b/hosts/penduick/configuration.nix @@ -33,6 +33,7 @@ in { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" ]; initialPassword = "temp"; + shell = pkgs.zsh; }; home-manager = { @@ -41,7 +42,7 @@ in { }; environment.systemPackages = with pkgs; [ - vim git btop htop wget curl + git htop wget curl neovim ]; From 55c3398a43ad95d85c5672b732306b0839d35e32 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Thu, 30 Oct 2025 08:19:01 +0100 Subject: [PATCH 39/48] Add: encrypted password for dunoz user --- hosts/penduick/configuration.nix | 16 +++++++++++----- secrets/dunoz-password-penduick.age | Bin 0 -> 308 bytes secrets/secrets.nix | 2 ++ 3 files changed, 13 insertions(+), 5 deletions(-) create mode 100644 secrets/dunoz-password-penduick.age diff --git a/hosts/penduick/configuration.nix b/hosts/penduick/configuration.nix index 21862f2..865887b 100644 --- a/hosts/penduick/configuration.nix +++ b/hosts/penduick/configuration.nix @@ -29,11 +29,16 @@ in { PasswordAuthentication = true; }; - users.users.dunoz = { - isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" ]; - initialPassword = "temp"; - shell = pkgs.zsh; + age.identityPaths = [ "/etc/agenix/penduick.key" ]; + age.secrets."dunoz-password-penduick".file = ../../secrets/dunoz-password-penduick.age; + users= { + mutableUsers = false ; + users.dunoz = { + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" ]; + hashedPasswordFile = config.age.secrets."dunoz-password-penduick".path; + shell = pkgs.zsh; + }; }; home-manager = { @@ -44,6 +49,7 @@ in { environment.systemPackages = with pkgs; [ git htop wget curl neovim + age ssh-to-age ]; diff --git a/secrets/dunoz-password-penduick.age b/secrets/dunoz-password-penduick.age new file mode 100644 index 0000000000000000000000000000000000000000..cf0ffeda54be93ca37818fba39f655c142142ab0 GIT binary patch literal 308 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR2FFfuhYv{Wz%O35=#PqIjJEvhm%cQtT} zFibRa^~yCY^R0}kaxN;(@wP~GH1`NJ%I4B{HV!kZEc5g%tV+!aD021iD9Mg23N5Zm zFAJ+MNsFp1&T~vF3w6#aF6PqJ)m6w3%1?7LO)*G{$}$a04@+}QGw=%aaZPne4>2~+ zDD+7+w=nlGwFtH_bmTg~mwxQnI-MWya(dZY9xmC(B%XeAT552Q5`$%t>H53Qk@nFq z4eC#r^*cRUa{Pqu!kT!FGj|#`YA#&DuyfAoU20b>qT){mIa`(L+Lgpu&z57KYx#Sl z$8(!Aa>1?vZ~8rU2Kju;@UOWdd#x@qc7x3Gyu0%Rn$A{FPxRvyaEq6?<5FeRJfCO6 J1J%!-t^m{wcMJdk literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 6f16f6f..24d20cf 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,8 +1,10 @@ let serveur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPRVxB7usThGHf8cuSPE4sjdqSaPNlwWAZPEo1wUgHz6 root@terre-neuvas"; admin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxranFaz3jRfvYE2M6FvRUWjzviIWjWd1mucgKeuSK2 lomig@nixos"; + penduick = "age1rnyey8shjxyaq43dzlnhtfkcm3ra4hy3ygh6c46w4xmr7fe9fe3s00nh2r"; in { "goaccess-password.age".publicKeys = [ serveur admin ]; + "dunoz-password-penduick.age".publicKeys = [ penduick ]; } From 3c9f6bddbf0e662cd8edbff654b472e13d7243f8 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Sun, 2 Nov 2025 08:43:56 +0100 Subject: [PATCH 40/48] Fix: better config for thinkpad --- hm/common/polybar.nix | 38 ++++++++++++++++++++++++++++++++ hm/desktop/bspwm.nix | 38 +++----------------------------- hosts/penduick/configuration.nix | 7 +++++- 3 files changed, 47 insertions(+), 36 deletions(-) create mode 100644 hm/common/polybar.nix diff --git a/hm/common/polybar.nix b/hm/common/polybar.nix new file mode 100644 index 0000000..446d013 --- /dev/null +++ b/hm/common/polybar.nix @@ -0,0 +1,38 @@ +{ pkgs, ... }: { + services = { + polybar = { + enable = true; + script = "polybar main &"; + config = { + "bar/main" = { + width = "100%"; + height = "28"; + font-0 = "Iosevka Nerd Font:style=regular:pixelsize=12;2"; + font-1 = "Font Awesome 6 Free:style=Solid:pixelsize=10;2"; + modules-left = "bspwm"; + modules-center = "date"; + modules-right = "pulseaudio memory cpu"; + }; + "module/bspwm" = { + type = "internal/bspwm"; + label-focused = "%name%"; + label-focused-foreground = "#e6e0de"; + label-focused-padding = 2; + label-occupied = "%name%"; + label-occupied-padding = 2; + label-urgent = "%name%"; + label-urgent-background = "#e42127"; + label-urgent-foreground = "#ffffff"; + label-empty = "%name%"; + label-empty-foreground = "#645d56"; + label-empty-padding = 2; + }; + "module/date" = { + type = "internal/date"; + interval = 60; + date = "%d-%m-%Y %H:%M"; + }; + }; + }; + }; +} diff --git a/hm/desktop/bspwm.nix b/hm/desktop/bspwm.nix index 45d7b8f..a8d371c 100644 --- a/hm/desktop/bspwm.nix +++ b/hm/desktop/bspwm.nix @@ -5,8 +5,9 @@ ... }: { imports = [ - ../common/picom.nix ../common/betterlockscreen.nix + ../common/picom.nix + ../common/polybar.nix ]; home.packages = with pkgs; [ bspwm @@ -93,39 +94,6 @@ "super + t" = "bspc node -t tiled"; }; }; - polybar = { - enable = true; - script = "polybar main &"; - config = { - "bar/main" = { - width = "100%"; - height = "28"; - font-1 = "Font Awesome 6 Free:style=Solid:pixelsize=10;2"; - modules-left = "bspwm"; - modules-center = "date"; - modules-right = "pulseaudio memory cpu"; - }; - "module/bspwm" = { - type = "internal/bspwm"; - label-focused = "%name%"; - label-focused-foreground = "#e6e0de"; - label-focused-padding = 2; - label-occupied = "%name%"; - label-occupied-padding = 2; - label-urgent = "%name%"; - label-urgent-background = "#e42127"; - label-urgent-foreground = "#ffffff"; - label-empty = "%name%"; - label-empty-foreground = "#645d56"; - label-empty-padding = 2; - }; - "module/date" = { - type = "internal/date"; - interval = 60; - date = "%d-%m-%Y %H:%M"; - }; - }; - }; }; programs = { @@ -146,7 +114,7 @@ family = lib.mkForce "Iosevka Nerd Font"; style = "Italic"; }; - size = lib.mkForce 9; + size = lib.mkForce 8; }; }; }; diff --git a/hosts/penduick/configuration.nix b/hosts/penduick/configuration.nix index 865887b..40fa0f4 100644 --- a/hosts/penduick/configuration.nix +++ b/hosts/penduick/configuration.nix @@ -52,7 +52,12 @@ in { age ssh-to-age ]; - + security.pam.services.i3lock = { + text = '' + auth required pam_unix.so + account required pam_unix.so + ''; + }; # Optionnel mais utile pour SSH au démarrage From 3d2c218dc0656564d2509c1a4f581461deb2511d Mon Sep 17 00:00:00 2001 From: DuN0z Date: Sun, 2 Nov 2025 08:47:04 +0100 Subject: [PATCH 41/48] FLAKE: update --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 5463905..662d1ab 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1760836749, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1761656077, + "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", "owner": "ryantm", "repo": "agenix", - "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", + "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", "type": "github" }, "original": { @@ -113,11 +113,11 @@ ] }, "locked": { - "lastModified": 1761468550, - "narHash": "sha256-nY4vyN1QdHhC5Gj3545fI2Y7FSr/gs8ID4gPmF8HPww=", + "lastModified": 1762041416, + "narHash": "sha256-rmJKABRXnhFjjI6RB/MnEvLTQa569zu684Th9y6UlOI=", "owner": "nix-community", "repo": "home-manager", - "rev": "1830716059bfee7cbcfbfcc38d7be98e482a5762", + "rev": "c0016dd14773f4ca0b467b74c7cdcc501570df4b", "type": "github" }, "original": { @@ -144,11 +144,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1761173472, - "narHash": "sha256-m9W0dYXflzeGgKNravKJvTMR4Qqa2MVD11AwlGMufeE=", + "lastModified": 1761597516, + "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c8aa8cc00a5cb57fada0851a038d35c08a36a2bb", + "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", "type": "github" }, "original": { @@ -160,11 +160,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1761114652, - "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=", + "lastModified": 1761907660, + "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c", + "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", "type": "github" }, "original": { @@ -176,11 +176,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1761114652, - "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=", + "lastModified": 1761907660, + "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", "owner": "nixos", "repo": "nixpkgs", - "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c", + "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", "type": "github" }, "original": { @@ -192,11 +192,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1761349956, - "narHash": "sha256-tH3wHnOJms+U4k/rK2Nn1RfBrhffX92jLP/2VndSn0w=", + "lastModified": 1761880412, + "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "02f2cb8e0feb4596d20cc52fda73ccee960e3538", + "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386", "type": "github" }, "original": { @@ -210,11 +210,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1761468518, - "narHash": "sha256-jQlJViRdv9ntXlY/w1KZ2g5qgAyblpbL4pVxLzUO63Q=", + "lastModified": 1762068669, + "narHash": "sha256-KObpKbQBvSO+ljj8c3WS0/U2CHDLJ0I33OR5VJe7e7Y=", "owner": "nix-community", "repo": "NUR", - "rev": "e7ef6f5eb509d8f704192d30bfeb41348a22a915", + "rev": "444c0afcfca45be817078de9b012e5dcb3f902be", "type": "github" }, "original": { From 201666c577e52fc2628815997edf787cfe4fbfc6 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Sun, 2 Nov 2025 10:12:01 +0100 Subject: [PATCH 42/48] Changes: Penduick to plasma --- hm/users/dunoz-desktop.nix | 1 - hosts/penduick/configuration.nix | 9 +-------- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/hm/users/dunoz-desktop.nix b/hm/users/dunoz-desktop.nix index 8b017b8..6db724f 100644 --- a/hm/users/dunoz-desktop.nix +++ b/hm/users/dunoz-desktop.nix @@ -1,6 +1,5 @@ {pkgs, ...}: { imports = [ - ../desktop/bspwm.nix ../common/browser.nix ../common/nvim.nix ./dunoz.nix diff --git a/hosts/penduick/configuration.nix b/hosts/penduick/configuration.nix index 40fa0f4..a254499 100644 --- a/hosts/penduick/configuration.nix +++ b/hosts/penduick/configuration.nix @@ -4,7 +4,7 @@ let in { imports = [ ./hardware-configuration.nix - ../../modules/desktop/xorg-bspwm.nix + ../../modules/desktop/plasma.nix ../../modules/common/nix.nix ../../modules/common/base.nix ../../modules/common/fonts.nix @@ -52,13 +52,6 @@ in { age ssh-to-age ]; - security.pam.services.i3lock = { - text = '' - auth required pam_unix.so - account required pam_unix.so - ''; - }; - # Optionnel mais utile pour SSH au démarrage systemd.services.sshd.wantedBy = [ "multi-user.target" ]; From 87f60899c566abdb07ebb707b6ba880196bcced4 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Wed, 5 Nov 2025 03:53:52 +0100 Subject: [PATCH 43/48] Add: automatic nix clean --- modules/common/nix.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/common/nix.nix b/modules/common/nix.nix index f1f6fd4..13de898 100644 --- a/modules/common/nix.nix +++ b/modules/common/nix.nix @@ -4,6 +4,12 @@ experimental-features = ["nix-command" "flakes"]; }; + nix.gc = { + automatic = true ; + dates = "daily" ; + options = "--delete-older-than 7d" ; + }; + nixpkgs.config = { # allowUnfree = true; # allowUnsupportedSystem = true; From a42007c7c5437211d4446a1c2a2197c9e5b5d555 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Wed, 5 Nov 2025 09:25:38 +0100 Subject: [PATCH 44/48] Fix: no more vaapiVdpau --- modules/hardware/gpu-amd.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/hardware/gpu-amd.nix b/modules/hardware/gpu-amd.nix index 981f849..dc65bfc 100644 --- a/modules/hardware/gpu-amd.nix +++ b/modules/hardware/gpu-amd.nix @@ -23,7 +23,6 @@ libva-utils libvdpau libva-vdpau-driver - vaapiVdpau libvdpau-va-gl vulkan-tools vulkan-loader From 0c76b0443dd458c5eec29cb9f4b60779f4d8746d Mon Sep 17 00:00:00 2001 From: DuN0z Date: Sun, 9 Nov 2025 10:48:19 +0100 Subject: [PATCH 45/48] Add: passwd with agenix --- hosts/penduick/configuration.nix | 9 +++++---- secrets/dunoz-password-penduick.age | Bin 308 -> 305 bytes secrets/secrets.nix | 3 ++- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/hosts/penduick/configuration.nix b/hosts/penduick/configuration.nix index a254499..f5ef4a2 100644 --- a/hosts/penduick/configuration.nix +++ b/hosts/penduick/configuration.nix @@ -29,14 +29,14 @@ in { PasswordAuthentication = true; }; - age.identityPaths = [ "/etc/agenix/penduick.key" ]; - age.secrets."dunoz-password-penduick".file = ../../secrets/dunoz-password-penduick.age; + age.identityPaths = [ "/etc/agenix/penduick.key" "/etc/agenix/dunoz-admin.key" ]; + # age.secrets."dunoz-password-penduick".file = ../../secrets/dunoz-password-penduick.age; users= { - mutableUsers = false ; + # mutableUsers = false ; users.dunoz = { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" ]; - hashedPasswordFile = config.age.secrets."dunoz-password-penduick".path; + # passwordFile = config.age.secrets."dunoz-password-penduick".path; shell = pkgs.zsh; }; }; @@ -50,6 +50,7 @@ in { git htop wget curl neovim age ssh-to-age + weechat ]; diff --git a/secrets/dunoz-password-penduick.age b/secrets/dunoz-password-penduick.age index cf0ffeda54be93ca37818fba39f655c142142ab0..69cddd9f976b01177b76aeb13ca1137a2e1924fe 100644 GIT binary patch delta 282 zcmdnOw2^6oLVby;zDbo^nqR)DN1?uJVzRGyQD$mNRhea0s!>RWQ$eAAxKC<&YD&71 zBUf>uv8iK~v#Y5`SV($dra`iwe{xc|sk5m;u}`YAW4TGNXOLN1l5e_^FPE;JLWGg2 zsiCDprH4m_wwbe=d6;XOv9V!Laz;+Mvt>bkSy*U!RJ~J3p=ENqV_Lp(dSO-|S5RoN zlX;16RFGGsd!?y+dbxH%UZP)sziXyjWVxePo_2a+sdKVlXkK7Gm#(g^LY7xpwqu}W znqP2vWl?x$WtnGKRcT16S7~WVhL3SonUQ6Hr)fcow@Z}?*Ts${dTDEIO$B#&PTKY@ g{M)s!U75m*{q_djlA1p^C%C+P0vF_*5cu0noL zewveMia}CTmT6deSej#+fmf)HYpP3nh_QJ_p--y0MZLL)sYS4bp(ED;zVu_q*6I9s zm($DM@^HyMCh_!}(^7+blo%|FOxNFajB(Gsx##hJVc!*=u!? nu^VKb=iQwr&~#R;dU~QCr+{0$#2uF^qvrWM6CS93_H+dR0b+19 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 24d20cf..bc436c2 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -2,9 +2,10 @@ let serveur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPRVxB7usThGHf8cuSPE4sjdqSaPNlwWAZPEo1wUgHz6 root@terre-neuvas"; admin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxranFaz3jRfvYE2M6FvRUWjzviIWjWd1mucgKeuSK2 lomig@nixos"; penduick = "age1rnyey8shjxyaq43dzlnhtfkcm3ra4hy3ygh6c46w4xmr7fe9fe3s00nh2r"; + dunoz = "age1ppu60aw0v5wxhrc0gyqmgrukh2a5uaxwqxxmuy0w3fv4tnt02ycqrrgmue"; in { "goaccess-password.age".publicKeys = [ serveur admin ]; - "dunoz-password-penduick.age".publicKeys = [ penduick ]; + "dunoz-password-penduick.age".publicKeys = [ penduick dunoz ]; } From 9c751878a4c4a00d4f495e127d8d8fcd64ce1c7f Mon Sep 17 00:00:00 2001 From: DuN0z Date: Sun, 9 Nov 2025 10:50:05 +0100 Subject: [PATCH 46/48] FLAKE: update --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 662d1ab..60609f4 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1761656077, - "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", "type": "github" }, "original": { @@ -113,11 +113,11 @@ ] }, "locked": { - "lastModified": 1762041416, - "narHash": "sha256-rmJKABRXnhFjjI6RB/MnEvLTQa569zu684Th9y6UlOI=", + "lastModified": 1762661401, + "narHash": "sha256-SVmijc8t23UMwru5f/9X1Ak5bSwvYkm0OQ5SxR7hOB0=", "owner": "nix-community", "repo": "home-manager", - "rev": "c0016dd14773f4ca0b467b74c7cdcc501570df4b", + "rev": "c053d701d64f0727f62e0269c7940da5805bc9bc", "type": "github" }, "original": { @@ -144,11 +144,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1761597516, - "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", + "lastModified": 1762498405, + "narHash": "sha256-Zg/SCgCaAioc0/SVZQJxuECGPJy+OAeBcGeA5okdYDc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", + "rev": "6faeb062ee4cf4f105989d490831713cc5a43ee1", "type": "github" }, "original": { @@ -160,11 +160,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1761907660, - "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", + "lastModified": 1762363567, + "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", + "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4", "type": "github" }, "original": { @@ -176,11 +176,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1761907660, - "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", + "lastModified": 1762363567, + "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", + "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4", "type": "github" }, "original": { @@ -192,11 +192,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1761880412, - "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", + "lastModified": 1762482733, + "narHash": "sha256-g/da4FzvckvbiZT075Sb1/YDNDr+tGQgh4N8i5ceYMg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386", + "rev": "e1ebeec86b771e9d387dd02d82ffdc77ac753abc", "type": "github" }, "original": { @@ -210,11 +210,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1762068669, - "narHash": "sha256-KObpKbQBvSO+ljj8c3WS0/U2CHDLJ0I33OR5VJe7e7Y=", + "lastModified": 1762679825, + "narHash": "sha256-UC76XvjMPl+Ewqw7Wd0S3eJyZDjMYT2gyZ3TmYIEjWQ=", "owner": "nix-community", "repo": "NUR", - "rev": "444c0afcfca45be817078de9b012e5dcb3f902be", + "rev": "058934d7b0a1313547b3ab52af42d9f362e925ac", "type": "github" }, "original": { From a74fa0ebb0bb1d8243e09bd060a85e1f95e260aa Mon Sep 17 00:00:00 2001 From: DuN0z Date: Wed, 19 Nov 2025 10:12:33 +0100 Subject: [PATCH 47/48] FLAKE: update --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 60609f4..0591134 100644 --- a/flake.lock +++ b/flake.lock @@ -113,11 +113,11 @@ ] }, "locked": { - "lastModified": 1762661401, - "narHash": "sha256-SVmijc8t23UMwru5f/9X1Ak5bSwvYkm0OQ5SxR7hOB0=", + "lastModified": 1763416652, + "narHash": "sha256-8EBEEvtzQ11LCxpQHMNEBQAGtQiCu/pqP9zSovDSbNM=", "owner": "nix-community", "repo": "home-manager", - "rev": "c053d701d64f0727f62e0269c7940da5805bc9bc", + "rev": "ea164b7c9ccdc2321379c2ff78fd4317b4c41312", "type": "github" }, "original": { @@ -144,11 +144,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1762498405, - "narHash": "sha256-Zg/SCgCaAioc0/SVZQJxuECGPJy+OAeBcGeA5okdYDc=", + "lastModified": 1763334038, + "narHash": "sha256-LBVOyaH6NFzQ3X/c6vfMZ9k4SV2ofhpxeL9YnhHNJQQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6faeb062ee4cf4f105989d490831713cc5a43ee1", + "rev": "4c8cdd5b1a630e8f72c9dd9bf582b1afb3127d2c", "type": "github" }, "original": { @@ -160,11 +160,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1762363567, - "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=", + "lastModified": 1763421233, + "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4", + "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", "type": "github" }, "original": { @@ -176,11 +176,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1762363567, - "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=", + "lastModified": 1763421233, + "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4", + "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", "type": "github" }, "original": { @@ -192,11 +192,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1762482733, - "narHash": "sha256-g/da4FzvckvbiZT075Sb1/YDNDr+tGQgh4N8i5ceYMg=", + "lastModified": 1763464769, + "narHash": "sha256-AJHrsT7VoeQzErpBRlLJM1SODcaayp0joAoEA35yiwM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e1ebeec86b771e9d387dd02d82ffdc77ac753abc", + "rev": "6f374686605df381de8541c072038472a5ea2e2d", "type": "github" }, "original": { @@ -210,11 +210,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1762679825, - "narHash": "sha256-UC76XvjMPl+Ewqw7Wd0S3eJyZDjMYT2gyZ3TmYIEjWQ=", + "lastModified": 1763542474, + "narHash": "sha256-RyjHH2N5TVJkoKX5K8MDP9gJR1Ydxgxw6U84SU/mr3g=", "owner": "nix-community", "repo": "NUR", - "rev": "058934d7b0a1313547b3ab52af42d9f362e925ac", + "rev": "4e765e10392bfa86064d8ecefcbc94bb79656862", "type": "github" }, "original": { From 212b3f98ac6237726950ca3a2607c3a0f50a674f Mon Sep 17 00:00:00 2001 From: DuN0z Date: Mon, 24 Nov 2025 12:52:33 +0100 Subject: [PATCH 48/48] FLAKE: update --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 0591134..e353458 100644 --- a/flake.lock +++ b/flake.lock @@ -113,11 +113,11 @@ ] }, "locked": { - "lastModified": 1763416652, - "narHash": "sha256-8EBEEvtzQ11LCxpQHMNEBQAGtQiCu/pqP9zSovDSbNM=", + "lastModified": 1763963090, + "narHash": "sha256-zR7uDZdQUUC+gBOi4byefMvIZuSBeMC6GswGNsTgQlM=", "owner": "nix-community", "repo": "home-manager", - "rev": "ea164b7c9ccdc2321379c2ff78fd4317b4c41312", + "rev": "7702d14879e8f0148fa168e38f3eaa2650fa0d85", "type": "github" }, "original": { @@ -144,11 +144,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1763334038, - "narHash": "sha256-LBVOyaH6NFzQ3X/c6vfMZ9k4SV2ofhpxeL9YnhHNJQQ=", + "lastModified": 1763622513, + "narHash": "sha256-1jQnuyu82FpiSxowrF/iFK6Toh9BYprfDqfs4BB+19M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4c8cdd5b1a630e8f72c9dd9bf582b1afb3127d2c", + "rev": "c58bc7f5459328e4afac201c5c4feb7c818d604b", "type": "github" }, "original": { @@ -160,11 +160,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1763421233, - "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", + "lastModified": 1763835633, + "narHash": "sha256-HzxeGVID5MChuCPESuC0dlQL1/scDKu+MmzoVBJxulM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", + "rev": "050e09e091117c3d7328c7b2b7b577492c43c134", "type": "github" }, "original": { @@ -176,11 +176,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1763421233, - "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", + "lastModified": 1763835633, + "narHash": "sha256-HzxeGVID5MChuCPESuC0dlQL1/scDKu+MmzoVBJxulM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", + "rev": "050e09e091117c3d7328c7b2b7b577492c43c134", "type": "github" }, "original": { @@ -192,11 +192,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1763464769, - "narHash": "sha256-AJHrsT7VoeQzErpBRlLJM1SODcaayp0joAoEA35yiwM=", + "lastModified": 1763806073, + "narHash": "sha256-FHsEKDvfWpzdADWj99z7vBk4D716Ujdyveo5+A048aI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6f374686605df381de8541c072038472a5ea2e2d", + "rev": "878e468e02bfabeda08c79250f7ad583037f2227", "type": "github" }, "original": { @@ -210,11 +210,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1763542474, - "narHash": "sha256-RyjHH2N5TVJkoKX5K8MDP9gJR1Ydxgxw6U84SU/mr3g=", + "lastModified": 1763983952, + "narHash": "sha256-nSWNqQezb6bhu5eYxF+lqzXj8h/sVD2C/CMV/JXK7Bw=", "owner": "nix-community", "repo": "NUR", - "rev": "4e765e10392bfa86064d8ecefcbc94bb79656862", + "rev": "3f55dad0778bfaa302e87d87326ec02e7100ff98", "type": "github" }, "original": {