DuN0z/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: DuN0z:57c445fd565cf1de56ce6338fcd87a13712d38f9
Branches Tags
DuN0z:master
DuN0z:refactor
DuN0z:main
..
compare: DuN0z:fd9f5e202cd650a64de261715199893f4ee0505c
Branches Tags
DuN0z:master
DuN0z:refactor
DuN0z:main

2 commits
57c445fd56 ... fd9f5e202c

Author SHA1 Message Date
DuN0z
fd9f5e202c CHANGES: NetworkManager to systemd-networkd 2025-10-04 09:46:20 +02:00
DuN0z
bb18183277 Fix: split qemu configuration 2025-10-04 07:08:16 +02:00
9 changed files with 88 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/pennsardin/configuration.nix
View file

@ -2,7 +2,6 @@
imports = [ imports = [
../../profiles/workstation-bspwm.nix ../../profiles/workstation-bspwm.nix
../../modules/hardware/bepovim.nix ../../modules/hardware/bepovim.nix
# ../../modules/dev/qemu.nix
../../modules/common/nix.nix ../../modules/common/nix.nix
]; ];
@ -49,6 +48,11 @@
users.lomig = import ../../hm/users/lomig-desktop.nix; users.lomig = import ../../hm/users/lomig-desktop.nix;
}; };
networking = {
firewall.allowedTCPPorts = [5900 5901 5902];
bridges.br0.interfaces = ["enp11s0"];
};
system.stateVersion = "25.05"; # pour éviter les hurlements inutiles system.stateVersion = "25.05"; # pour éviter les hurlements inutiles
} }

40
hosts/terre-neuvas/configuration.nix
View file

@ -20,7 +20,6 @@
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "terre-neuvas"; # Define your hostname. networking.hostName = "terre-neuvas"; # Define your hostname.
networking.networkmanager.enable = true;
# Configure keymap in X11 # Configure keymap in X11
services.xserver.xkb = { services.xserver.xkb = {
@ -33,7 +32,7 @@
users.users.lomig = { users.users.lomig = {
isNormalUser = true; isNormalUser = true;
extraGroups = ["networkmanager" "lp" "wheel" "docker" ]; extraGroups = [ "lp" "wheel" "docker" ];
shell = pkgs.zsh; shell = pkgs.zsh;
}; };
@ -49,6 +48,41 @@
git git
hugo hugo
]; ];
networking.firewall.allowedTCPPorts = [ 80 ]; networking = {
useNetworkd = true ;
firewall.allowedTCPPorts = [ 22 80 5900 5901 5902 ];
interfaces.eno1.useDHCP = false ;
interfaces.br0 = {
useDHCP = false ;
ipv4.addresses = [
{
address = "192.168.0.3";
prefixLength = 24 ;
}
];
};
defaultGateway = {
interface = "br0" ;
address = "192.168.0.254" ;
};
nameservers = [ "192.168.0.254" "1.1.1.1" ];
bridges.br0.interfaces = [ "eno1" ];
};
systemd.network = {
enable = true ;
netdevs."br0" = {
netdevConfig = {
Name = "br0";
Kind = "bridge";
};
};
networks."br0" = {
matchConfig.Name = "br0" ;
};
networks."eno1" = {
matchConfig.Name = "eno1";
networkConfig.Bridge = "br0";
};
};
system.stateVersion = "25.05"; # Did you read the comment? system.stateVersion = "25.05"; # Did you read the comment?
} }

4
hosts/terre-neuvas/hardware.nix
View file

@ -10,7 +10,7 @@
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = lib.mkAfter [ "kvm-intel" "tun" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
@ -37,7 +37,7 @@
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; # networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;

3
modules/common/networking.nix
View file

@ -1,8 +1,7 @@
_: { _: {
networking = { networking = {
networkmanager.enable = true;
nameservers = ["1.1.1.1" "8.8.8.8"]; nameservers = ["1.1.1.1" "8.8.8.8"];
dhcpcd.extraConfig = "nohook resolv.conf"; # dhcpcd.extraConfig = "nohook resolv.conf";
firewall.enable = true; firewall.enable = true;
interfaces.enp11s0.wakeOnLan.enable = true ; interfaces.enp11s0.wakeOnLan.enable = true ;
}; };

37
modules/common/qemu.nix Normal file
View file

@ -0,0 +1,37 @@
{
lib,
pkgs,
...
}: {
boot.kernelModules = lib.mkAfter ["tun"];
environment.systemPackages = with pkgs; [
qemu_kvm
virtiofsd
];
services = {
udev.extraRules = ''
SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660"
'';
spice-vdagentd.enable = true;
resolved.enable = true;
};
virtualisation.libvirtd = {
enable = true;
qemu = {
swtpm.enable = true;
ovmf.enable = true;
ovmf.packages = [pkgs.OVMFFull.fd];
runAsRoot = false;
};
};
users.users.lomig.extraGroups = ["libvirtd" "kvm" "input"];
environment.etc."qemu/bridge.conf".text = ''
allow br0
'';
}
# vim: set ts=2 sw=2 sts=2 et :

54
modules/dev/qemu.nix
View file

@ -1,54 +0,0 @@
{
lib,
pkgs,
...
}: {
imports = [
# ../virtual/truenas.nix
];
boot.kernelModules = lib.mkAfter ["tun"];
environment.systemPackages = with pkgs; [
qemu_kvm
virtiofsd
];
services = {
udev.extraRules = ''
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500b0179482", GROUP="disk", MODE="0660"
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc529430", GROUP="disk", MODE="0660"
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc53994a", GROUP="disk", MODE="0660"
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc5551d4", GROUP="disk", MODE="0660"
SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660"
'';
spice-vdagentd.enable = true;
resolved.enable = true;
};
virtualisation.libvirtd = {
enable = true;
qemu = {
swtpm.enable = true;
ovmf.enable = true;
ovmf.packages = [pkgs.OVMFFull.fd];
runAsRoot = false;
};
};
users.users.lomig.extraGroups = ["libvirtd" "kvm" "input"];
networking = {
firewall.allowedTCPPorts = [5900 5901 5902];
useDHCP = false;
bridges.br0.interfaces = ["enp11s0"];
};
systemd.network.networks."10-br0" = {
matchConfig.Name = "br0";
networkConfig.DHCP = "yes";
};
environment.etc."qemu/bridge.conf".text = ''
allow br0
'';
}
# vim: set ts=2 sw=2 sts=2 et :

8
modules/sites/levr.porzh.me.nix
View file

@ -42,8 +42,8 @@
# ----------------------------------------------------------------- # -----------------------------------------------------------------
# 3⃣ Ouverture du firewall (ports 80 et 443) # 3⃣ Ouverture du firewall (ports 80 et 443)
# ----------------------------------------------------------------- # -----------------------------------------------------------------
networking.firewall.allowedTCPPorts = [ # networking.firewall.allowedTCPPorts = [
80 # HTTP (pour la redirection ACME) # 80 # HTTP (pour la redirection ACME)
443 # HTTPS (site final) # 443 # HTTPS (site final)
]; # ];
} }

2
profiles/server-selfhosted.nix
View file

@ -2,7 +2,7 @@
imports = [ imports = [
../modules/roles/server.nix ../modules/roles/server.nix
../modules/common/base.nix ../modules/common/base.nix
../modules/common/networking.nix ../modules/common/qemu.nix
../modules/services/printing.nix ../modules/services/printing.nix
# ../modules/services/goaccess.nix # ../modules/services/goaccess.nix
../modules/sites/porzh.me.nix ../modules/sites/porzh.me.nix

1
profiles/workstation-bspwm.nix
View file

@ -14,6 +14,7 @@
../modules/services/printing.nix ../modules/services/printing.nix
../modules/common/lockscreen.nix ../modules/common/lockscreen.nix
../modules/common/energy.nix ../modules/common/energy.nix
../modules/common/qemu.nix
]; ];
services.openssh = { services.openssh = {