DuN0z/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: DuN0z:441cd5eff9fbfba32a63bc12e636332721bfcb50
Branches Tags
DuN0z:master
DuN0z:refactor
DuN0z:main
..
compare: DuN0z:ce4201eb4e16dc4ccbb313f9f007b1ffb3fa7ebe
Branches Tags
DuN0z:master
DuN0z:refactor
DuN0z:main

No commits in common. "441cd5eff9fbfba32a63bc12e636332721bfcb50" and "ce4201eb4e16dc4ccbb313f9f007b1ffb3fa7ebe" have entirely different histories.
441cd5eff9 ... ce4201eb4e

13 changed files with 69 additions and 131 deletions
Download patch file Download diff file Expand all files Collapse all files

44
config/globals.nix
View file

@ -1,44 +0,0 @@
{
domain = "porzh.me";
admin = {
email = "dun0z@porzh.me";
name = "DuN0z";
};
smtp = {
host = "smtp.protonmail.ch";
port = 587 ;
user = "contact@porzh.me";
};
network = {
gateway = "192.168.50.1";
pennsardin = {
ip = "192.168.50.12";
};
terre-neuvas = {
ip = "192.168.50.11";
};
};
services = {
forgejo = {
home = "/var/lib/services/forgejo";
url = "govel.porzh.me";
port = 3000;
};
goaccess = {
home = "/var/lib/www/goaccess";
url = "koum.porzh.me";
};
levr = {
home = "/var/lib/services/levr";
build = "/var/lib/www/levr";
url = "levr.porzh.me";
};
outline = {
url = "notes.porzh.me";
port = 3001;
};
};
}

9
hm/common/git.nix
View file

@ -1,11 +1,8 @@
_:
let
globals = import ../../config/globals.nix;
in {
_: {
programs.git = {
enable = true;
userName = globals.admin.name;
userEmail = globals.admin.email;
userName = "DuN0z";
userEmail = "dun0z@porzh.me";
};
}
# vim: set ts=2 sw=2 sts=2 et :

1
hm/users/lomig-desktop.nix
View file

@ -3,6 +3,7 @@
../desktop/bspwm.nix
./lomig.nix
];
home.stateVersion = "25.05"; # ou ton actuelle
home = {
packages = with pkgs; [
fastfetch

34
hosts/pennsardin/configuration.nix
View file

@ -1,7 +1,4 @@
{pkgs, ...}:
let
globals = import ../../config/globals.nix;
in {
{pkgs, ...}: {
imports = [
../../profiles/workstation-bspwm.nix
../../modules/hardware/bepovim.nix
@ -40,7 +37,7 @@ in {
users.users.lomig = {
isNormalUser = true;
extraGroups = [ "lp" "wheel"];
extraGroups = ["networkmanager" "lp" "wheel"];
shell = pkgs.zsh;
};
@ -52,26 +49,21 @@ in {
networking = {
useNetworkd = true;
firewall.allowedTCPPorts = [22 80 5900 5901 5902];
interfaces = {
enp11s0 = {
useDHCP = false;
wakeOnLan.enable = true ;
br0 = {
useDHCP = false;
ipv4.addresses = [
{
address = globals.network.pennsardin.ip;
prefixLength = 24;
}
];
};
interfaces.enp11s0.useDHCP = false;
interfaces.br0 = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.50.12";
prefixLength = 24;
}
];
};
defaultGateway = {
interface = "br0";
address = globals.network.gateway;
address = "192.168.50.1";
};
nameservers = [ globals.network.gateway "1.1.1.1"];
nameservers = ["192.168.50.1" "1.1.1.1"];
bridges.br0.interfaces = ["enp11s0"];
};
systemd.network = {

10
hosts/terre-neuvas/configuration.nix
View file

@ -5,9 +5,7 @@
config,
pkgs,
...
}: let
globals = import ../../config/globals.nix ;
in {
}: {
nix.settings.experimental-features = ["nix-command" "flakes"];
imports = [
# Include the results of the hardware scan.
@ -57,16 +55,16 @@ in {
useDHCP = false;
ipv4.addresses = [
{
address = globals.network.terre-neuvas.ip;
address = "192.168.0.3";
prefixLength = 24;
}
];
};
defaultGateway = {
interface = "br0";
address = globals.network.gateway;
address = "192.168.0.254";
};
nameservers = [ globals.network.gateway "1.1.1.1"];
nameservers = ["192.168.0.254" "1.1.1.1"];
bridges.br0.interfaces = ["eno1"];
};
systemd.network = {

2
modules/common/networking.nix
View file

@ -1,6 +1,8 @@
_: {
networking = {
nameservers = ["1.1.1.1" "8.8.8.8"];
# dhcpcd.extraConfig = "nohook resolv.conf";
firewall.enable = true;
interfaces.enp11s0.wakeOnLan.enable = true;
};
}

15
modules/common/smtp.nix
View file

@ -1,19 +1,16 @@
{ config, pkgs, lib, ... }:
let
globals = import ../../config/globals.nix;
in {
{ config, pkgs, lib, ... }: {
programs.msmtp = {
enable = true;
accounts.default = {
host = globals.smtp.host;
port = globals.smtp.port;
host = "smtp.protonmail.ch";
port = 587;
auth = true;
tls = true;
tls_starttls = true;
user = globals.smtp.user;
user = "contact@porzh.me";
passwordeval = "cat /run/secrets/proton_pass";
from = globals.smtp.user;
from = "contact@porzh.me";
};
};
@ -26,4 +23,4 @@ in {
];
environment.pathsToLink = [ "/etc/alternatives" "/usr/sbin" ];
}
}

8
modules/roles/workstation.nix
View file

@ -1,10 +1,18 @@
{pkgs, ...}: {
imports = [
../common/nix.nix
# Matériel
../hardware/gpu-amd.nix
../hardware/sensors-zenpower.nix
# Virtualisation/tuning
../virtual/kvm-amd.nix
../virtual/vfio.nix
# Dev
# ../dev/qemu.nix
# ../virtual/truenas.nix # seulement si tu lutilises sur ce host
];
environment.systemPackages = with pkgs; [

19
modules/services/forgejo.nix
View file

@ -1,7 +1,4 @@
{pkgs, ...}:
let
globals = import ../../config/globals.nix;
in {
{pkgs, ...}: {
# --- Utilisateur dédié ---
users.users.git = {
isSystemUser = true;
@ -23,10 +20,10 @@ in {
};
settings = {
server = {
DOMAIN = globals.services.forgejo.url ;
ROOT_URL = "https://${globals.services.forgejo.url}/";
SSH_DOMAIN = globals.services.forgejo.url;
HTTP_PORT = globals.services.forgejo.port;
DOMAIN = "govel.porzh.me";
ROOT_URL = "https://govel.porzh.me/";
SSH_DOMAIN = "govel.porzh.me";
HTTP_PORT = 3000;
SSH_PORT = 22;
START_SSH_SERVER = false;
};
@ -35,16 +32,16 @@ in {
REGISTER_EMAIL_CONFIRM = false;
};
repository = {
DEFAULT_BRANCH = "master";
DEFAULT_BRANCH = "main";
};
};
};
openssh.enable = true;
caddy = {
enable = true;
virtualHosts.${globals.services.forgejo.url} = {
virtualHosts."govel.porzh.me" = {
extraConfig = ''
reverse_proxy localhost:${toString globals.services.forgejo.port}
reverse_proxy localhost:3000
'';
};
};

11
modules/services/goaccess.nix
View file

@ -1,7 +1,4 @@
{pkgs, ...}:
let
globals = import ../../config/globals.nix ;
in {
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
goaccess
];
@ -10,7 +7,7 @@ in {
systemd.services.goaccess-report = {
description = "Generate GoAccess HTML report";
serviceConfig = {
ExecStart = "${pkgs.goaccess}/bin/goaccess /var/log/caddy/access-${globals.services.levr.url}.log --log-format=CADDY -o ${globals.services.goaccess.home}/index.html";
ExecStart = "${pkgs.goaccess}/bin/goaccess /var/log/caddy/access-levr.porzh.me.log --log-format=CADDY -o /var/www/goaccess/index.html";
};
};
@ -25,9 +22,9 @@ in {
};
services.caddy = {
virtualHosts = {
"${globals.services.goaccess.url}" = {
"koum.porzh.me" = {
extraConfig = ''
root * ${globals.services.goaccess.home}
root * /var/www/goaccess
file_server browse
try_files {path} {path}/ /index.html

25
modules/services/outline.nix
View file

@ -1,29 +1,26 @@
{ config, pkgs, lib, ... }:
let
globals = import ../../config/globals.nix ;
in {
{ config, pkgs, lib, ... }: {
services = {
outline = {
enable = true;
port = globals.services.outline.port ;
publicUrl = "http://${globals.services.outline.url}";
port = 3002 ;
publicUrl = "http://notes.porzh.me";
forceHttps = true;
smtp = {
host = globals.smtp.host ;
username = globals.smtp.user ;
passwordFile = "/etc/secrets/protonpass";
fromEmail = globals.smtp.user;
replyEmail = globals.smtp.user;
port = globals.smtp.port;
host = "smtp.protonmail.ch";
username = "contact@porzh.me";
passwordFile = "/run/secrets/proton_pass";
fromEmail = "contact@porzh.me";
replyEmail = "contact@porzh.me";
port = 587 ;
secure = false;
};
storage.storageType = "local";
};
caddy = {
enable = true;
virtualHosts.${globals.services.outline.url} = {
virtualHosts."notes.porzh.me" = {
extraConfig = ''
reverse_proxy localhost:${toString globals.services.outline.port}
reverse_proxy localhost:3002
'';
};
};

17
modules/sites/levr.porzh.me.nix
View file

@ -1,7 +1,4 @@
{ pkgs, lib, ...}:
let
globals = import ../../config/globals.nix ;
in {
{ pkgs, lib, ...}: {
environment.systemPackages = with pkgs; [
hugo
];
@ -9,8 +6,8 @@ in {
description = "Auto build du blog hugo";
serviceConfig = {
Type = "oneshot";
WorkingDirectory = globals.services.levr.home ;
ExecStart = ''${pkgs.hugo}/bin/hugo --minify build -d ${globals.services.levr.build}'';
WorkingDirectory = "/srv/blog" ;
ExecStart = ''${pkgs.hugo}/bin/hugo --minify build -d /srv/blog/public'';
User = "lomig";
};
};
@ -26,7 +23,7 @@ in {
description = "Synchronisation du dépôt Hugo";
serviceConfig = {
Type = "oneshot";
WorkingDirectory = globals.services.levr.home;
WorkingDirectory = "/srv/blog";
ExecStart = "${pkgs.git}/bin/git pull origin master";
User = "lomig";
};
@ -44,17 +41,17 @@ in {
services.caddy = {
enable = true;
virtualHosts = {
"${globals.services.levr.url}" = {
"levr.porzh.me" = {
extraConfig = ''
@http {
protocol http
}
redir @http https://{host}{uri} permanent
root * ${globals.services.levr.build}
root * /srv/blog/public
file_server
log {
output file /var/log/caddy/access-${globals.services.levr.url}.log
output file /var/log/caddy/access-levr.porzh.me.log
}
'';
};

5
modules/sites/porzh.me.nix
View file

@ -1,5 +1,4 @@
{pkgs, ...}: let
globals = import ../../config/globals.nix ;
porzhSite = pkgs.stdenv.mkDerivation {
pname = "porzh-site";
version = "1.0";
@ -14,8 +13,8 @@ in {
services.caddy = {
enable = true;
virtualHosts = {
"${globals.domain}" = {
serverAliases = [ "www.${globals.domain}" ];
"porzh.me" = {
serverAliases = ["www.porzh.me"];
extraConfig = ''
root * ${porzhSite}
file_server