diff --git a/config/globals.nix b/config/globals.nix new file mode 100644 index 0000000..7c64ec5 --- /dev/null +++ b/config/globals.nix @@ -0,0 +1,46 @@ +{ + domain = "porzh.me"; + admin = { + email = "dun0z@porzh.me"; + name = "DuN0z"; + }; + + smtp = { + host = "smtp.protonmail.ch"; + port = 587 ; + user = "contact@porzh.me"; + }; + + network = { + gateway = "192.168.50.1"; + pennsardin = { + ip = "192.168.50.12"; + }; + terre-neuvas = { + ip = "192.168.50.11"; + }; + }; + + services = { + forgejo = { + home = "/var/lib/forgejo"; + url = "govel.porzh.me"; + user = "git"; + port = 3000; + }; + goaccess = { + home = "/var/lib/www/goaccess"; + url = "koum.porzh.me"; + }; + levr = { + home = "/var/lib/services/levr"; + build = "/var/lib/www/levr"; + url = "levr.porzh.me"; + user = "levr"; + }; + wikijs = { + url = "notes.porzh.me"; + port = 3002 ; + }; + }; +} diff --git a/devshell.nix b/devshell.nix new file mode 100644 index 0000000..ef9e633 --- /dev/null +++ b/devshell.nix @@ -0,0 +1,15 @@ +{pkgs}: +pkgs.mkShell { + buildInputs = with pkgs; [ + alejandra # formatteur nix officiel (rapide) + statix # linting pour repérer mauvaises pratiques + deadnix # détecte le code mort / imports inutiles + ]; + + shellHook = '' + echo "Tools dispo :" + echo " alejandra . # formate tout ton Nix" + echo " statix check # lint" + echo " deadnix . # cherche le code mort" + ''; +} diff --git a/disko/pennsardin.nix b/disko/pennsardin.nix new file mode 100644 index 0000000..3f1e614 --- /dev/null +++ b/disko/pennsardin.nix @@ -0,0 +1,185 @@ +{ ... }: { + disko.devices = { + disk.main = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "512MiB"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot/efi"; + mountOptions = [ "umask=0077" "noauto" ]; + }; + }; + + rescue = { + size = "8GiB"; + type = "8300"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/rescue"; + mountOptions = [ "nofail" "noauto" "nosuid" "nodev" "noexec" ]; + }; + }; + + root = { + size = "100%"; + type = "8e00"; # LVM partition + content = { + type = "lvm_pv"; + vg = "vg-main"; + }; + }; + }; + }; + }; + + lvm_vg."vg-main" = { + type = "lvm_vg"; + lvs = { + # -- Système principal -- + lv-root = { + size = "100G"; + content = { + type = "btrfs"; + mountpoint = "/"; + mountOptions = [ "compress=zstd:3" "noatime" "space_cache=v2" "discard=async" ]; + }; + }; + + lv-home = { + size = "100G"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + mountpoint = "/home"; + mountOptions = [ + "compress=zstd:3" + "noatime" + "nodev" + "nosuid" + "space_cache=v2" + "discard=async" + ]; + subvolumes = { + "@homebin" = { + mountpoint = "/home/dunoz/bin"; + mountOptions = [ + "compress=zstd:3" + "noatime" + "nodev" + "nosuid" + "space_cache=v2" + "discard=async" + "subvol=@homebin" + ]; + }; + }; + }; + }; + + lv-nix = { + size = "80G"; + content = { + type = "btrfs"; + mountpoint = "/nix"; + mountOptions = [ "compress=zstd:3" "noatime" "space_cache=v2" "discard=async" ]; + }; + }; + + lv-var = { + size = "50G"; + content = { + type = "btrfs"; + mountpoint = "/var"; + mountOptions = [ "compress=zstd:3" "noatime" "nodev" "nosuid" "space_cache=v2" "discard=async" ]; + }; + }; + + # -- Données & builds (no COW) -- + lv-work = { + size = "100G"; + content = { + type = "btrfs"; + mountpoint = "/home/dunoz/Work"; + mountOptions = [ "nodatacow" "noatime" "nodev" "space_cache=v2" "discard=async" ]; + }; + }; + + lv-games = { + size = "200G"; + content = { + type = "btrfs"; + mountpoint = "/home/dunoz/.local/share/Steam"; + mountOptions = [ "nodatacow" "noatime" "nodev" "space_cache=v2" "discard=async" ]; + }; + }; + + lv-qemu = { + size = "200G"; + content = { + type = "btrfs"; + mountpoint = "/var/lib/libvirt/images"; + mountOptions = [ "nodatacow" "noatime" "nodev" "nosuid" "space_cache=v2" "discard=async" ]; + }; + }; + + lv-container = { + size = "20G"; + content = { + type = "btrfs"; + mountpoint = "/var/lib/machines"; + mountOptions = [ "nodatacow" "noatime" "nodev" "nosuid" "space_cache=v2" "discard=async" ]; + }; + }; + }; + }; + + filesystem.raid = { + type = "filesystem"; + device = "/dev/md0"; + format = "btrfs"; + mountpoint = "/srv/raid"; + mountOptions = [ "compress=zstd:3" "noatime" "nofail" "noexec" "nodev" "nosuid" "space_cache=v2" "discard=async" ]; + }; + + bindmounts = { + docs = { + device = "/srv/raid/home-data/Documents"; + mountpoint = "/home/dunoz/Documents"; + options = [ "bind" "nofail" "nosuid" "nodev" "noexec" ]; + }; + images = { + device = "/srv/raid/home-data/Images"; + mountpoint = "/home/dunoz/Images"; + options = [ "bind" "nofail" "nosuid" "nodev" "noexec" ]; + }; + music = { + device = "/srv/raid/home-data/Musique"; + mountpoint = "/home/dunoz/Musique"; + options = [ "bind" "nofail" "nosuid" "nodev" "noexec" ]; + }; + downloads = { + device = "/srv/raid/home-data/Téléchargements"; + mountpoint = "/home/dunoz/Téléchargements"; + options = [ "bind" "nofail" "nosuid" "nodev" "noexec" ]; + }; + videos = { + device = "/srv/raid/home-data/Vidéos"; + mountpoint = "/home/dunoz/Vidéos"; + options = [ "bind" "nofail" "nosuid" "nodev" "noexec" ]; + }; + config = { + device = "/srv/raid/home-data/nixos-config"; + mountpoint = "/home/dunoz/nixos-config"; + options = [ "bind" "nofail" "nosuid" "nodev" ]; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..e353458 --- /dev/null +++ b/flake.lock @@ -0,0 +1,273 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "owner": "ryantm", + "repo": "agenix", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager-stable": { + "inputs": { + "nixpkgs": [ + "nixpkgs-stable" + ] + }, + "locked": { + "lastModified": 1758463745, + "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.05", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1763963090, + "narHash": "sha256-zR7uDZdQUUC+gBOi4byefMvIZuSBeMC6GswGNsTgQlM=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "7702d14879e8f0148fa168e38f3eaa2650fa0d85", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1754028485, + "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "59e69648d345d6e8fef86158c555730fa12af9de", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1763622513, + "narHash": "sha256-1jQnuyu82FpiSxowrF/iFK6Toh9BYprfDqfs4BB+19M=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c58bc7f5459328e4afac201c5c4feb7c818d604b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1763835633, + "narHash": "sha256-HzxeGVID5MChuCPESuC0dlQL1/scDKu+MmzoVBJxulM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "050e09e091117c3d7328c7b2b7b577492c43c134", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1763835633, + "narHash": "sha256-HzxeGVID5MChuCPESuC0dlQL1/scDKu+MmzoVBJxulM=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "050e09e091117c3d7328c7b2b7b577492c43c134", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1763806073, + "narHash": "sha256-FHsEKDvfWpzdADWj99z7vBk4D716Ujdyveo5+A048aI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "878e468e02bfabeda08c79250f7ad583037f2227", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nur": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1763983952, + "narHash": "sha256-nSWNqQezb6bhu5eYxF+lqzXj8h/sVD2C/CMV/JXK7Bw=", + "owner": "nix-community", + "repo": "NUR", + "rev": "3f55dad0778bfaa302e87d87326ec02e7100ff98", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nvim-config": { + "inputs": { + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1761113802, + "narHash": "sha256-HuP5TTFNzrxuro6UeA8+++BCV9x9rLhQ0bW5lbU3fTM=", + "ref": "refs/heads/master", + "rev": "154c606ecbc9069df8289e81b46025a6f9820867", + "revCount": 5, + "type": "git", + "url": "https://govel.porzh.me/DuN0z/neovim-config.git" + }, + "original": { + "type": "git", + "url": "https://govel.porzh.me/DuN0z/neovim-config.git" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "home-manager": "home-manager_2", + "home-manager-stable": "home-manager-stable", + "nixpkgs-stable": "nixpkgs-stable", + "nixpkgs-unstable": "nixpkgs-unstable", + "nur": "nur", + "nvim-config": "nvim-config" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix index 72ee031..e81df2e 100644 --- a/flake.nix +++ b/flake.nix @@ -1,32 +1,125 @@ { - description = "Mon système NixOS flake-enabled avec Home Manager"; + description = "My nixos config with WM switch capacity"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05"; + home-manager-stable = { + url = "github:nix-community/home-manager/release-25.05"; + inputs.nixpkgs.follows = "nixpkgs-stable"; + }; + nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; home-manager = { url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; }; + nur.url = "github:nix-community/NUR"; + agenix.url = "github:ryantm/agenix"; + nvim-config.url = "git+https://govel.porzh.me/DuN0z/neovim-config.git"; }; - outputs = { self, nixpkgs, home-manager, ... }: - let - system = "x86_64-linux"; # Change si t’as un ordi chelou - in { - nixosConfigurations = { - pennsardin = nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - ./hosts/pennsardin/configuration.nix - - home-manager.nixosModules.home-manager - { - home-manager.useUserPackages = true; - home-manager.users.lomig = import ./home/pennsardin.nix; - } - ]; + outputs = { + nixpkgs-stable, + nixpkgs-unstable, + home-manager-stable, + home-manager, + nur, + agenix, + nvim-config, + ... + }: let + mkUnstablePkgsWithNur = { + system, + config ? {}, + }: + import nixpkgs-unstable { + inherit system; + overlays = [nur.overlays.default]; + inherit config; + }; + in { + nixosConfigurations = { + pennsardin = nixpkgs-unstable.lib.nixosSystem { + specialArgs = { inherit nvim-config; }; + system = "x86_64-linux"; + pkgs = mkUnstablePkgsWithNur { + system = "x86_64-linux"; + config = { + allowUnfree = true; + allowUnsupportedSystem = true; + }; }; + modules = [ + ./hosts/pennsardin/configuration.nix + home-manager.nixosModules.home-manager + { + home-manager = { + useGlobalPkgs = true ; + useUserPackages = true ; + extraSpecialArgs = {inherit nvim-config; }; + }; + } + ]; + }; + + terre-neuvas = nixpkgs-stable.lib.nixosSystem { + specialArgs = { inherit agenix; inherit nvim-config; }; + system = "x86_64-linux"; + modules = [ + ./hosts/terre-neuvas/configuration.nix + home-manager-stable.nixosModules.home-manager + { + home-manager = { + useGlobalPkgs = true ; + useUserPackages = true ; + extraSpecialArgs = {inherit nvim-config; }; + }; + } + agenix.nixosModules.default + ]; + }; + + penduick = nixpkgs-unstable.lib.nixosSystem { + specialArgs = { inherit nvim-config; }; + system = "x86_64-linux"; + pkgs = mkUnstablePkgsWithNur { + system = "x86_64-linux"; + config = { + allowUnfree = true; + allowUnsupportedSystem = true; + }; + }; + + modules = [ + ./hosts/penduick/configuration.nix + home-manager.nixosModules.home-manager + { + home-manager = { + useGlobalPkgs = true ; + useUserPackages = true ; + extraSpecialArgs = {inherit nvim-config; }; + }; + } + agenix.nixosModules.default + ]; + + }; + + forbann = nixpkgs-stable.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./hosts/forbann/configuration.nix + "${nixpkgs-stable}/nixos/modules/profiles/qemu-guest.nix" + ]; }; }; -} + # --- DevShell (x86_64 uniquement) --- + devShells.x86_64-linux.default = import ./devshell.nix { + pkgs = import nixpkgs-stable {system = "x86_64-linux";}; + }; + + # --- Formatter (x86_64 uniquement) --- + formatter.x86_64-linux = + (import nixpkgs-stable {system = "x86_64-linux";}).alejandra; + }; +} diff --git a/hm/common/betterlockscreen.nix b/hm/common/betterlockscreen.nix new file mode 100644 index 0000000..7261626 --- /dev/null +++ b/hm/common/betterlockscreen.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }:{ + home.packages = with pkgs; [ + xidlehook + betterlockscreen + ]; + + systemd.user.services.xidlehook = { + Unit.Description = "Idle: lock at 5min, suspend at ~8min"; + Service = { + ExecStart = '' + ${pkgs.xidlehook}/bin/xidlehook \ + --detect-sleep \ + --not-when-fullscreen \ + --timer 300 "${pkgs.betterlockscreen}/bin/betterlockscreen -l dim" "" \ + --timer 500 "systemctl suspend" "" + ''; + Restart = "always"; + }; + Install.WantedBy = ["graphical-session.target"]; + }; +} diff --git a/hm/common/browser.nix b/hm/common/browser.nix new file mode 100644 index 0000000..51d867e --- /dev/null +++ b/hm/common/browser.nix @@ -0,0 +1,29 @@ +{ + pkgs, + nur, + ... +}: { + programs.firefox = { + enable = true; + languagePacks = ["fr"]; + profiles.default = { + settings = { + "intl.locale.requested" = "fr"; + "intl.accept_languages" = "fr, en-US, en"; + "layers.acceleration.disabled" = true; + "gfx.webrender.all" = false; + "privacy.trackingprotection.enabled" = true; + "privacy.resistFingerprinting" = true; + "network.cookie.cookieBehavior" = 1; + }; + extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [ + i-dont-care-about-cookies + privacy-badger + proton-pass + ublock-origin + ]; + }; + }; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/hm/common/git.nix b/hm/common/git.nix new file mode 100644 index 0000000..770d55d --- /dev/null +++ b/hm/common/git.nix @@ -0,0 +1,20 @@ +{ lib, config, ...}: +let +globals = import ../../config/globals.nix; +nixosRelease = lib.attrByPath [ "system" "nixos" "release" ] "0.0" config; +newGit = lib.versionAtLeast nixosRelease "25.11"; +in { + programs.git = if newGit then { + enable = true; + settings.user = { + name = globals.admin.name; + email = globals.admin.email; + }; + } else { + enable = true; + userName = globals.admin.name; + userEmail = globals.admin.email; + }; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/hm/common/nvim.nix b/hm/common/nvim.nix new file mode 100644 index 0000000..64c9a1c --- /dev/null +++ b/hm/common/nvim.nix @@ -0,0 +1,32 @@ +{ pkgs, nvim-config, ...}: { + home.packages = with pkgs; [ + ruff + pyright + gcc + marksman + lua-language-server + ]; + + programs.neovim = { + enable = true ; + viAlias = true ; + vimAlias = true; + }; + home.file.".config/nvim" = { + source = nvim-config ; + recursive = true ; + }; + programs.ruff = { + enable = true ; + settings = { + line-length = 100; + per-file-ignores = { "__init__.py" = [ "F401" ]; }; + lint = { + select = [ "E4" "E7" "E9" "F" ]; + ignore = [ ]; + }; + }; + }; +} + +# vim: set ts=2 sw=2 sts=2 et : diff --git a/hm/common/picom.nix b/hm/common/picom.nix new file mode 100644 index 0000000..1b215aa --- /dev/null +++ b/hm/common/picom.nix @@ -0,0 +1,51 @@ +{ pkgs, ... }: { + home.packages = [ pkgs.picom ] ; + services.picom = { + enable = true; + backend = "glx"; # plus fluide si ta carte gère bien OpenGL + fade = true; + fadeDelta = 5; # vitesse fondu + shadow = true; + shadowOpacity = 0.5; + vSync = true; # évite le tearing + + settings = { + # Transparence + inactive-opacity = 0.80; + active-opacity = 0.9; + frame-opacity = 0.90; + inactive-opacity-override = false; + + # Coins arrondis + corner-radius = 8; + round-borders = 1; + rounded-corners-exclude = [ + "class_g = 'Polybar'" + "class_g = 'Rofi'" + ]; + + # Flou subtil + blur-method = "dual_kawase"; + blur-strength = 4; + blur-background = true; + blur-background-frame = true; + blur-background-fixed = false; + blur-background-exclude = [ + "class_g = 'Polybar'" + "class_g = 'Rofi'" + "class_g = 'Gimp'" + "window_type = 'dock'" + ]; + + # Exclusions ombres + shadow-exclude = [ + "class_g = 'Polybar'" + "class_g = 'Rofi'" + "window_type = 'dock'" + "window_type = 'desktop'" + ]; + }; + }; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/hm/common/polybar.nix b/hm/common/polybar.nix new file mode 100644 index 0000000..446d013 --- /dev/null +++ b/hm/common/polybar.nix @@ -0,0 +1,38 @@ +{ pkgs, ... }: { + services = { + polybar = { + enable = true; + script = "polybar main &"; + config = { + "bar/main" = { + width = "100%"; + height = "28"; + font-0 = "Iosevka Nerd Font:style=regular:pixelsize=12;2"; + font-1 = "Font Awesome 6 Free:style=Solid:pixelsize=10;2"; + modules-left = "bspwm"; + modules-center = "date"; + modules-right = "pulseaudio memory cpu"; + }; + "module/bspwm" = { + type = "internal/bspwm"; + label-focused = "%name%"; + label-focused-foreground = "#e6e0de"; + label-focused-padding = 2; + label-occupied = "%name%"; + label-occupied-padding = 2; + label-urgent = "%name%"; + label-urgent-background = "#e42127"; + label-urgent-foreground = "#ffffff"; + label-empty = "%name%"; + label-empty-foreground = "#645d56"; + label-empty-padding = 2; + }; + "module/date" = { + type = "internal/date"; + interval = 60; + date = "%d-%m-%Y %H:%M"; + }; + }; + }; + }; +} diff --git a/hm/common/zsh.nix b/hm/common/zsh.nix new file mode 100644 index 0000000..2cd45b5 --- /dev/null +++ b/hm/common/zsh.nix @@ -0,0 +1,37 @@ +_: { + programs.dircolors.enableZshIntegration = true; + programs.zsh = { + autosuggestion.enable = true; + dirHashes = { + dl = "$HOME/Téléchargements"; + nix = "$HOME/nixos-config"; + }; + enable = true; + enableCompletion = true; + history = { + append = true; + extended = true; + findNoDups = true; + ignoreAllDups = true; + ignoreSpace = true; + ignorePatterns = ["rm *" "cd *" "ls *" "df *" "du *" "fastfetch" "tree" "pwd" "upd"]; + saveNoDups = false; + }; + shellAliases = { + h = "history"; + upd = "sudo nixos-rebuild switch --flake $HOME/nixos-config#pennsardin; source ~/.zshrc"; + agenix = "nix run github:ryantm/agenix --"; + }; + shellGlobalAliases = { + G = "| grep"; + M = "| more"; + }; + syntaxHighlighting.enable = true; + + profileExtra = '' + ssh-add ~/.ssh/$(hostname) + ''; + }; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/hm/desktop/bspwm.nix b/hm/desktop/bspwm.nix new file mode 100644 index 0000000..a8d371c --- /dev/null +++ b/hm/desktop/bspwm.nix @@ -0,0 +1,141 @@ +# hm/desktop/bspwm.nix +{ + pkgs, + lib, + ... +}: { + imports = [ + ../common/betterlockscreen.nix + ../common/picom.nix + ../common/polybar.nix + ]; + home.packages = with pkgs; [ + bspwm + sxhkd + xorg.xinit + xterm + alacritty + rofi + feh + font-awesome + pywal16 + imagemagick + pulsemixer + ranger + jq + file + highlight + unzip + mpv + protonvpn-gui + ]; + + services.ssh-agent.enable = true; + + xsession = { + enable = true; + windowManager.bspwm = { + enable = true; + + startupPrograms = [ + "sxhkd -m 1" + "setxkbmap bepovim" + "xrandr --output DisplayPort-1 --rate 60 --pos 0x0" + "polybar main" + "bash ~/.fehbg" + ]; + + extraConfigEarly = '' + bspc config borderless_monocle true + bspc config gapless_monocle true + bspc config single_monocle true + bspc monitor -d I II III IV V VI + ''; + }; + }; + + services = { + sxhkd = { + enable = true; + extraOptions = ["-m" "1"]; + keybindings = { + "super + Return" = "alacritty"; + "super + c" = "bspc node -c"; + "Menu" = "rofi -show drun"; + "super + space" = "rofi -show drun"; + + "F1" = "bspc desktop -f ^1"; + "F2" = "bspc desktop -f ^2"; + "F3" = "bspc desktop -f ^3"; + "F4" = "bspc desktop -f ^4"; + "F5" = "bspc desktop -f ^5"; + "F6" = "bspc desktop -f ^6"; + + "shift + F1" = "bspc node -d ^1 --follow"; + "shift + F2" = "bspc node -d ^2 --follow"; + "shift + F3" = "bspc node -d ^3 --follow"; + "shift + F4" = "bspc node -d ^4 --follow"; + "shift + F5" = "bspc node -d ^5 --follow"; + "shift + F6" = "bspc node -d ^6 --follow"; + + "super + h" = "bspc node -f west"; + "super + j" = "bspc node -f south"; + "super + k" = "bspc node -f north"; + "super + l" = "bspc node -f east"; + + "super + shift + h" = "bspc node -s west"; + "super + shift + j" = "bspc node -s south"; + "super + shift + k" = "bspc node -s north"; + "super + shift + l" = "bspc node -s east"; + + "super + f" = "bspc node -t fullscreen"; + "super + s" = "bspc node -t floating"; + "super + shift + t" = "bspc node -t pseudo_tiled"; + "super + t" = "bspc node -t tiled"; + }; + }; + }; + + programs = { + alacritty = { + enable = true; + settings = { + general.import = ["~/.cache/wal/colors-alacritty.toml"]; + font = { + normal = { + family = lib.mkForce "Iosevka Nerd Font"; + style = "Regular"; + }; + bold = { + family = lib.mkForce "Iosevka Nerd Font"; + style = "Bold"; + }; + italic = { + family = lib.mkForce "Iosevka Nerd Font"; + style = "Italic"; + }; + size = lib.mkForce 8; + }; + }; + }; + + rtorrent = { + enable = true; + extraConfig = '' + directory = /srv/raid + port_range = 6881-6891 + max_peers = 150 + max_peers_seed = 100 + protocol.pex.set = true ; + schedule = watch_directory,5,5,load.start=~/Téléchargements/*.torrent + pieces.hash.on_completion.set = no + network.max_open_files.set = 8192 + session = /home/lomig/.cache/rtorrent/session + ''; + }; + }; + + home.activation.createRtorrentSessionDir = lib.hm.dag.entryAfter ["writeBoundary"] '' + mkdir -p ~/.cache/rtorrent/session + ''; +} diff --git a/hm/users/dunoz-desktop.nix b/hm/users/dunoz-desktop.nix new file mode 100644 index 0000000..6db724f --- /dev/null +++ b/hm/users/dunoz-desktop.nix @@ -0,0 +1,17 @@ +{pkgs, ...}: { + imports = [ + ../common/browser.nix + ../common/nvim.nix + ./dunoz.nix + ]; + home = { + packages = with pkgs; [ + fastfetch + nerd-fonts.iosevka + proton-pass + smug + ]; + }; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/hm/users/dunoz.nix b/hm/users/dunoz.nix new file mode 100644 index 0000000..b32120c --- /dev/null +++ b/hm/users/dunoz.nix @@ -0,0 +1,19 @@ +{pkgs, nvim-config, ...}: { + imports = [ + ../../hm/common/git.nix + ../../hm/common/zsh.nix + ]; + home = { + username = "dunoz"; + homeDirectory = "/home/dunoz"; + packages = with pkgs; [ + bat + tree + ]; + }; + + programs.zsh.enable = true; + + home.stateVersion = "25.05"; # ou ton actuelle +} +# vim: set ts=2 sw=2 sts=2 et : diff --git a/hm/users/lomig-desktop.nix b/hm/users/lomig-desktop.nix new file mode 100644 index 0000000..392ce71 --- /dev/null +++ b/hm/users/lomig-desktop.nix @@ -0,0 +1,19 @@ +{pkgs, ...}: { + imports = [ + ../desktop/bspwm.nix + ../common/browser.nix + ../common/nvim.nix + ./lomig.nix + ]; + home = { + packages = with pkgs; [ + fastfetch + nerd-fonts.iosevka + obsidian + proton-pass + smug + ]; + }; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/hm/users/lomig.nix b/hm/users/lomig.nix new file mode 100644 index 0000000..965c91c --- /dev/null +++ b/hm/users/lomig.nix @@ -0,0 +1,19 @@ +{pkgs, nvim-config, ...}: { + imports = [ + ../../hm/common/git.nix + ../../hm/common/zsh.nix + ]; + home = { + username = "lomig"; + homeDirectory = "/home/lomig"; + packages = with pkgs; [ + bat + tree + ]; + }; + + programs.zsh.enable = true; + + home.stateVersion = "25.05"; # ou ton actuelle +} +# vim: set ts=2 sw=2 sts=2 et : diff --git a/home/pennsardin.nix b/home/pennsardin.nix deleted file mode 100644 index 8c5c58b..0000000 --- a/home/pennsardin.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, pkgs, ... }: - -{ - home.username = "lomig"; - home.homeDirectory = "/home/lomig"; - - programs.zsh.enable = true; - home.stateVersion = "25.05"; # ou ton actuelle -} - diff --git a/hosts/forbann/configuration.nix b/hosts/forbann/configuration.nix new file mode 100644 index 0000000..2eb7966 --- /dev/null +++ b/hosts/forbann/configuration.nix @@ -0,0 +1,70 @@ +{pkgs, ...}: { + boot = { + kernelPackages = pkgs.linuxPackages; + initrd.supportedFilesystems = ["ext4"]; + loader.grub = { + enable = true; + device = "/dev/vda"; + }; + }; + + fileSystems = { + "/" = { + device = "/dev/vda1"; + fsType = "ext4"; + }; + "/srv" = { + device = "shared0"; + fsType = "9p"; + options = ["trans=virtio" "version=9p2000.L" "rw"]; + neededForBoot = false; + noCheck = true; + }; + }; + + networking = { + useDHCP = true; + useNetworkd = true; + hostName = "forbann"; + }; + + systemd = { + services.mountShared = { + description = "Mount 9p shared folder"; + after = ["local-fs.target" "network.target"]; + wantedBy = ["multi-user.target"]; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.util-linux}/bin/mount -t 9p -o trans=virtio,version=9p2000.L shared0 /srv"; + RemainAfterExit = true; + }; + }; + network = { + enable = true; + networks."10-eth0" = { + matchConfig.Name = "eth0"; + networkConfig = { + Address = "192.168.1.10/24"; + Gateway = "192.168.0.254"; + DNS = "192.168.0.254"; + }; + }; + }; + }; + + services = { + openssh.enable = true; + rtorrent = { + enable = true; + dataDir = "/home/vmuser/torrents"; + }; + }; + + users.users.vmuser = { + isNormalUser = true; + extraGroups = ["wheel"]; + password = "changeme"; + }; + + system.stateVersion = "25.05"; +} diff --git a/hosts/penduick/configuration.nix b/hosts/penduick/configuration.nix new file mode 100644 index 0000000..f5ef4a2 --- /dev/null +++ b/hosts/penduick/configuration.nix @@ -0,0 +1,61 @@ +{ config, pkgs, ... }: +let + globals = import ../../config/globals.nix; +in { + imports = [ + ./hardware-configuration.nix + ../../modules/desktop/plasma.nix + ../../modules/common/nix.nix + ../../modules/common/base.nix + ../../modules/common/fonts.nix + ../../modules/common/networking.nix + ../../modules/common/plymouth.nix + ../../modules/common/audio.nix + ]; + + boot.kernelPackages = pkgs.linuxPackages_latest; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.initrd.luks.devices.cryptroot.device = "/dev/nvme0n1p3"; + + networking.hostName = "penduick"; + networking.networkmanager.enable = true; + + console.keyMap = "fr"; + + services.openssh.enable = true; + services.openssh.settings = { + PermitRootLogin = "no"; + PasswordAuthentication = true; + }; + + age.identityPaths = [ "/etc/agenix/penduick.key" "/etc/agenix/dunoz-admin.key" ]; + # age.secrets."dunoz-password-penduick".file = ../../secrets/dunoz-password-penduick.age; + users= { + # mutableUsers = false ; + users.dunoz = { + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" ]; + # passwordFile = config.age.secrets."dunoz-password-penduick".path; + shell = pkgs.zsh; + }; + }; + + home-manager = { + useGlobalPkgs = true ; + users.dunoz = import ../../hm/users/dunoz-desktop.nix ; + }; + + environment.systemPackages = with pkgs; [ + git htop wget curl + neovim + age ssh-to-age + weechat + ]; + + +# Optionnel mais utile pour SSH au démarrage +systemd.services.sshd.wantedBy = [ "multi-user.target" ]; + + system.stateVersion = "25.05"; +} diff --git a/hosts/penduick/hardware-configuration.nix b/hosts/penduick/hardware-configuration.nix new file mode 100644 index 0000000..a473630 --- /dev/null +++ b/hosts/penduick/hardware-configuration.nix @@ -0,0 +1,66 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/233c2886-05e4-4f9f-a708-6c920c7d9e32"; + fsType = "btrfs"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/09b55bee-0134-4e96-8183-e85412fa7724"; + fsType = "btrfs"; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/4ce480f5-8212-4b28-b275-a0250c2edae1"; + fsType = "btrfs"; + }; + + fileSystems."/var" = + { device = "/dev/disk/by-uuid/f54d2ebe-f1ca-4471-a9a5-6959280984ee"; + fsType = "btrfs"; + }; + + fileSystems."/persist" = + { device = "/dev/disk/by-uuid/829b6a38-e49a-46ca-8737-b21c86c93352"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/B68E-0AAC"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + fileSystems."/rescue" = + { device = "/dev/disk/by-uuid/af3f9f20-2a6c-44e2-ad81-f07bd18ae283"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/41fcc628-50bf-43df-9daa-0095b45fd9bd"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/pennsardin/configuration.nix b/hosts/pennsardin/configuration.nix index d6fcec4..dd1a899 100644 --- a/hosts/pennsardin/configuration.nix +++ b/hosts/pennsardin/configuration.nix @@ -1,15 +1,176 @@ -{ config, pkgs, ... }: +{pkgs, config, ...}: +let + globals = import ../../config/globals.nix; +in { + imports = [ + ../../modules/common/nix.nix + ../../modules/hardware/bepovim.nix + ../../modules/desktop/xorg-bspwm.nix + ../../modules/common/base.nix + ../../modules/common/fonts.nix + ../../modules/common/networking.nix + ../../modules/common/plymouth.nix + ../../modules/common/audio.nix + ../../modules/common/bluetooth.nix + ../../modules/common/gaming.nix + ../../modules/common/lockscreen.nix + ../../modules/common/energy.nix + ../../modules/common/qemu.nix + ../../modules/common/smtp.nix + + ../../modules/hardware/firmware.nix + ../../modules/hardware/gpu-amd.nix + ../../modules/hardware/sensors-zenpower.nix + + ../../modules/services/printing.nix + + ../../modules/virtual/kvm-amd.nix + ../../modules/virtual/vfio.nix + ]; -{ networking.hostName = "pennsardin"; - time.timeZone = "Europe/Paris"; - users.users.toto = { + boot.kernelPackages = pkgs.linuxPackages_latest; + boot.extraModulePackages = [ config.boot.kernelPackages.nct6687d ]; + boot.kernelModules = [ "nct6683" "k10temp" "i2c-dev" ] ; + boot.swraid.enable = true; + + environment.systemPackages = with pkgs; [ + lm_sensors + btrfs-progs + cifs-utils + evtest + git + vim + wget + curl + ripgrep + fd + pciutils + usbutils + p7zip + gdu + glances + parted + tmux + xorg.xauth + xorg.xkbcomp + xorg.xev + ]; + + services.openssh = { + enable = true; + settings = { + X11Forwarding = true; + X11DisplayOffset = 10; + X11UseLocalhost = true ; + }; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/b1a1ae71-4277-45d5-a3d2-f49354f263d4"; + fsType = "ext4"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/1DB2-7A0F"; + fsType = "vfat"; + options = ["fmask=0077" "dmask=0077"]; + }; + "/proc" = { + device = "proc"; + fsType = "proc"; + options = ["defaults" "hidepid=2"]; + neededForBoot = true; + }; + "/home/lomig/Documents" = { + device = "/srv/raid/home-data/Documents"; + options = [ "bind" ]; + }; + "/home/lomig/Images" = { + device = "/srv/raid/home-data/Images"; + options = [ "bind" ]; + }; + "/home/lomig/Musique" = { + device = "/srv/raid/home-data/Musique"; + options = [ "bind" ]; + }; + "/home/lomig/Téléchargements" = { + device = "/srv/raid/home-data/Téléchargements"; + options = [ "bind" ]; + }; + "/home/lomig/Vidéos" = { + device = "/srv/raid/home-data/Vidéos"; + options = [ "bind" ]; + }; + "/home/lomig/nixos-config" = { + device = "/srv/raid/home-data/nixos-config"; + options = [ "bind" ]; + }; + "/srv/raid" = { + device = "/dev/disk/by-uuid/85f72160-4720-463a-9dc6-7c5216733f2b"; + fsType = "btrfs"; + options = [ "defaults" "nofail" "x-systemd.device-timeout=10" ]; + }; + }; + + swapDevices = []; + + users.users.lomig = { isNormalUser = true; - extraGroups = [ "wheel" ]; + extraGroups = [ "lp" "wheel"]; shell = pkgs.zsh; }; - services.xserver.enable = true; -} + home-manager = { + useGlobalPkgs = true; + users.lomig = import ../../hm/users/lomig-desktop.nix; + }; + + networking = { + useNetworkd = true; + firewall.allowedTCPPorts = [22 80 5900 5901 5902]; + interfaces = { + enp11s0 = { + useDHCP = false; + wakeOnLan.enable = true ; + }; + br0 = { + useDHCP = false; + ipv4.addresses = [ + { + address = globals.network.pennsardin.ip; + prefixLength = 24; + } + ]; + }; + }; + + defaultGateway = { + interface = "br0"; + address = globals.network.gateway; + }; + nameservers = [ globals.network.gateway "1.1.1.1"]; + bridges.br0.interfaces = ["enp11s0"]; + }; + systemd.network = { + enable = true; + netdevs."br0" = { + netdevConfig = { + Name = "br0"; + Kind = "bridge"; + }; + }; + networks."br0" = { + matchConfig.Name = "br0"; + }; + networks."enp11s0" = { + matchConfig.Name = "enp11s0"; + networkConfig.Bridge = "br0"; + }; + }; + + system.stateVersion = "25.05"; # pour éviter les hurlements inutiles +} +# vim: set ts=2 sw=2 sts=2 et : diff --git a/hosts/pennsardin/hardware.nix b/hosts/pennsardin/hardware.nix new file mode 100644 index 0000000..eed7124 --- /dev/null +++ b/hosts/pennsardin/hardware.nix @@ -0,0 +1 @@ +_: {} diff --git a/hosts/terre-neuvas/configuration.nix b/hosts/terre-neuvas/configuration.nix new file mode 100644 index 0000000..9fa6a92 --- /dev/null +++ b/hosts/terre-neuvas/configuration.nix @@ -0,0 +1,125 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). +{ + config, + pkgs, + ... +}: let +globals = import ../../config/globals.nix ; +in { + nix.settings.experimental-features = ["nix-command" "flakes"]; + imports = [ + # Include the results of the hardware scan. + ./hardware.nix + ../../modules/common/nix.nix + ../../modules/common/base.nix + ../../modules/common/smtp.nix + ../../modules/common/qemu.nix + + ../../modules/services/goaccess.nix + ../../modules/services/wikijs.nix + ../../modules/services/forgejo.nix + ../../modules/sites/porzh.me.nix + ../../modules/sites/levr.porzh.me.nix + + ]; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "terre-neuvas"; # Define your hostname. + + # Configure keymap in X11 + services.xserver.xkb = { + layout = "fr"; + variant = "azerty"; + }; + + # Configure console keymap + console.keyMap = "fr"; + + users.users.lomig = { + isNormalUser = true; + extraGroups = ["lp" "wheel" "docker"]; + shell = pkgs.zsh; + }; + + home-manager = { + useGlobalPkgs = true; + users.lomig = import ../../hm/users/lomig.nix; + }; + + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = with pkgs; [ + neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + git + + btrfs-progs + cifs-utils + lm_sensors + wakeonlan + wget + curl + ripgrep + fd + pciutils + usbutils + p7zip + gdu + glances + tmux + + ]; + + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + PubkeyAuthentication = true; + }; + }; + + networking = { + useNetworkd = true; + firewall.allowedTCPPorts = [22 80 5900 5901 5902]; + firewall.enable = true ; + interfaces.eno1.useDHCP = false; + interfaces.br0 = { + useDHCP = false; + ipv4.addresses = [ + { + address = globals.network.terre-neuvas.ip; + prefixLength = 24; + } + ]; + }; + defaultGateway = { + interface = "br0"; + address = globals.network.gateway; + }; + nameservers = [ globals.network.gateway "1.1.1.1"]; + bridges.br0.interfaces = ["eno1"]; + }; + systemd.network = { + enable = true; + netdevs."br0" = { + netdevConfig = { + Name = "br0"; + Kind = "bridge"; + }; + }; + networks."br0" = { + matchConfig.Name = "br0"; + }; + networks."eno1" = { + matchConfig.Name = "eno1"; + networkConfig.Bridge = "br0"; + }; + }; + + + system.stateVersion = "25.05"; # Did you read the comment? +} diff --git a/hosts/terre-neuvas/hardware.nix b/hosts/terre-neuvas/hardware.nix new file mode 100644 index 0000000..16831e6 --- /dev/null +++ b/hosts/terre-neuvas/hardware.nix @@ -0,0 +1,43 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; + initrd.kernelModules = []; + kernelModules = lib.mkAfter ["kvm-intel" "tun"]; + extraModulePackages = []; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/f37e4afb-1ee2-4f70-a93c-398461405181"; + fsType = "ext4"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/111D-E5E8"; + fsType = "vfat"; + options = ["fmask=0077" "dmask=0077"]; + }; + "/srv" = { + device = "/dev/disk/by-uuid/2ef442a9-0eab-4dc5-b17c-076e18a54873"; + fsType = "btrfs"; + }; + }; + + swapDevices = [ + {device = "/dev/disk/by-uuid/c3a69154-ead9-4fcc-a9b1-3b741a42ee97";} + ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/modules/common/audio.nix b/modules/common/audio.nix new file mode 100644 index 0000000..a46f40d --- /dev/null +++ b/modules/common/audio.nix @@ -0,0 +1,10 @@ +_: { + services.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; +} diff --git a/modules/common/base.nix b/modules/common/base.nix new file mode 100644 index 0000000..cb723fc --- /dev/null +++ b/modules/common/base.nix @@ -0,0 +1,27 @@ +{lib, ...}: { + time.timeZone = "Europe/Paris"; + + i18n.defaultLocale = "fr_FR.UTF-8"; + i18n.extraLocaleSettings = { + LC_ADDRESS = "fr_FR.UTF-8"; + LC_IDENTIFICATION = "fr_FR.UTF-8"; + LC_MEASUREMENT = "fr_FR.UTF-8"; + LC_MONETARY = "fr_FR.UTF-8"; + LC_NAME = "fr_FR.UTF-8"; + LC_NUMERIC = "fr_FR.UTF-8"; + LC_PAPER = "fr_FR.UTF-8"; + LC_TELEPHONE = "fr_FR.UTF-8"; + LC_TIME = "fr_FR.UTF-8"; + }; + + # journald & coredump + systemd.coredump.enable = false; + services.journald.extraConfig = '' + SystemMaxUse=200M + RuntimeMaxUse=100M + ''; + + boot.tmp.cleanOnBoot = true; + environment.defaultPackages = lib.mkForce []; + programs.zsh.enable = true; # shell dispo au niveau système +} diff --git a/modules/common/bluetooth.nix b/modules/common/bluetooth.nix new file mode 100644 index 0000000..e1d1446 --- /dev/null +++ b/modules/common/bluetooth.nix @@ -0,0 +1,4 @@ +_: { + hardware.bluetooth.enable = true; + services.blueman.enable = true; +} diff --git a/modules/common/energy.nix b/modules/common/energy.nix new file mode 100644 index 0000000..eed44d0 --- /dev/null +++ b/modules/common/energy.nix @@ -0,0 +1,42 @@ +{ config, pkgs, ... }: { + services.logind.settings.Login = { + IdleAction = "suspend"; + IdleActionSec = "5min"; + HandleLidSwitch = "suspend"; + HandleLidSwitchDocked = "ignore"; + }; + + systemd.services.ssh-suspend-inhibitor = { + description = "Prevent suspend when SSH sessions are active"; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "simple"; + Restart = "always"; + ExecStart = pkgs.writeShellScript "ssh-inhibitor" '' + while true; do + # Vérifie s'il y a des sessions SSH actives + if ${pkgs.procps}/bin/pgrep -x sshd >/dev/null && \ + [ $(${pkgs.procps}/bin/pgrep -P $(${pkgs.procps}/bin/pgrep -x sshd) | wc -l) -gt 0 ]; then + # Il y a des sessions SSH, on crée un inhibitor s'il n'existe pas + if [ ! -f /tmp/ssh-inhibitor.lock ]; then + ${pkgs.systemd}/bin/systemd-inhibit --what=idle:sleep \ + --who="SSH Session" \ + --why="SSH session active" \ + --mode=block \ + sleep infinity & + echo $! > /tmp/ssh-inhibitor.lock + fi + else + # Pas de sessions SSH, on retire l'inhibitor + if [ -f /tmp/ssh-inhibitor.lock ]; then + kill $(cat /tmp/ssh-inhibitor.lock) 2>/dev/null || true + rm /tmp/ssh-inhibitor.lock + fi + fi + sleep 10 + done + ''; + }; + }; +} diff --git a/modules/common/fonts.nix b/modules/common/fonts.nix new file mode 100644 index 0000000..7db1fe9 --- /dev/null +++ b/modules/common/fonts.nix @@ -0,0 +1,5 @@ +{pkgs, ...}: { + fonts.packages = with pkgs; [ + dejavu_fonts + ]; +} diff --git a/modules/common/gaming.nix b/modules/common/gaming.nix new file mode 100644 index 0000000..58da8c1 --- /dev/null +++ b/modules/common/gaming.nix @@ -0,0 +1,4 @@ +_: { + programs.steam.enable = true; + hardware.xpadneo.enable = true; +} diff --git a/modules/common/lockscreen.nix b/modules/common/lockscreen.nix new file mode 100644 index 0000000..846fca1 --- /dev/null +++ b/modules/common/lockscreen.nix @@ -0,0 +1,8 @@ +_: { + environment.etc."pam.d/i3lock".text = '' + auth include login + account include login + password include login + session include login + ''; +} diff --git a/modules/common/networking.nix b/modules/common/networking.nix new file mode 100644 index 0000000..98478b6 --- /dev/null +++ b/modules/common/networking.nix @@ -0,0 +1,6 @@ +_: { + networking = { + nameservers = ["1.1.1.1" "8.8.8.8"]; + firewall.enable = true; + }; +} diff --git a/modules/common/nix.nix b/modules/common/nix.nix new file mode 100644 index 0000000..13de898 --- /dev/null +++ b/modules/common/nix.nix @@ -0,0 +1,17 @@ +{config, ...}: { + nix.settings = { + auto-optimise-store = true; + experimental-features = ["nix-command" "flakes"]; + }; + + nix.gc = { + automatic = true ; + dates = "daily" ; + options = "--delete-older-than 7d" ; + }; + + nixpkgs.config = { + # allowUnfree = true; + # allowUnsupportedSystem = true; + }; +} diff --git a/modules/common/plymouth.nix b/modules/common/plymouth.nix new file mode 100644 index 0000000..dfb5097 --- /dev/null +++ b/modules/common/plymouth.nix @@ -0,0 +1,36 @@ +{ + lib, + pkgs, + ... +}: { + boot = { + plymouth.enable = true; + plymouth.theme = "spinner"; + consoleLogLevel = 3; + initrd.verbose = false; + + # Ajouts "quiet/splash" propres (sans auto-référence) + kernelParams = lib.mkAfter [ + "mem_sleep_default=deep" + "quiet" + "splash" + "boot.shell_on_fail" + "udev.log_priority=3" + "rd.systemd.show_status=auto" + ]; + + loader = { + timeout = 5; + systemd-boot.enable = true; + systemd-boot.consoleMode = "max"; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; + }; + }; + }; + + environment.systemPackages = with pkgs; [ + nixos-bgrt-plymouth + ]; +} diff --git a/modules/common/qemu.nix b/modules/common/qemu.nix new file mode 100644 index 0000000..c86e61c --- /dev/null +++ b/modules/common/qemu.nix @@ -0,0 +1,55 @@ +{ + lib, + pkgs, + config, + ... +}: { + boot.kernelModules = lib.mkAfter ["tun"]; + environment.systemPackages = with pkgs; [ + qemu + qemu_kvm + tunctl + virtiofsd + ]; + + services = { + udev.extraRules = '' + SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660" + KERNEL=="tun", GROUP="kvm", MODE="0660" + ''; + spice-vdagentd.enable = true; + resolved.enable = true; + }; + + virtualisation.libvirtd = { + enable = true; + qemu = + if lib.versionOlder config.system.nixos.release "25.11" + then { + ovmf.enable = true; + ovmf.packages = [pkgs.OVMFFull.fd]; + runAsRoot = false; + swtpm.enable = true; + } + else { + runAsRoot = false; + swtpm.enable = true; + }; + }; + + users.users.lomig.extraGroups = ["libvirtd" "kvm" "input"]; + + environment.etc."qemu/bridge.conf".text = '' + allow br0 + ''; + + security.wrappers.qemu-bridge-helper = lib.mkForce { + source = "${pkgs.qemu}/libexec/qemu-bridge-helper"; + owner = "root"; + group = "kvm"; + setuid = true; + permissions = "u+rwx,g+rx,o+rx"; + }; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/modules/common/smtp.nix b/modules/common/smtp.nix new file mode 100644 index 0000000..d185e82 --- /dev/null +++ b/modules/common/smtp.nix @@ -0,0 +1,29 @@ +{ config, pkgs, lib, ... }: +let +globals = import ../../config/globals.nix; +in { + programs.msmtp = { + enable = true; + + accounts.default = { + host = globals.smtp.host; + port = globals.smtp.port; + auth = true; + tls = true; + tls_starttls = true; + user = globals.smtp.user; + passwordeval = "cat /run/secrets/proton_pass"; + from = globals.smtp.user; + }; + }; + + environment.systemPackages = [ pkgs.msmtp ]; + +# On place le lien symbolique dans /etc/alternatives, qui est modifiable + systemd.tmpfiles.rules = [ + "L+ /etc/alternatives/sendmail - - - - ${pkgs.msmtp}/bin/msmtp" + "L+ /usr/sbin/sendmail - - - - ${pkgs.msmtp}/bin/msmtp" + ]; + + environment.pathsToLink = [ "/etc/alternatives" "/usr/sbin" ]; +} diff --git a/modules/desktop/gnome.nix b/modules/desktop/gnome.nix new file mode 100644 index 0000000..a1e65d5 --- /dev/null +++ b/modules/desktop/gnome.nix @@ -0,0 +1,18 @@ +{lib, ...}: { + services = { + displayManager = { + gdm.enable = true; + sddm.enable = lib.mkForce false; + }; + desktopManager = { + gnome.enable = true; + plasma6.enable = lib.mkForce false; + }; + xserver = { + windowManager.bspwm.enable = lib.mkForce false; + displayManager.lightdm.enable = lib.mkForce false; + }; + }; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/modules/desktop/plasma.nix b/modules/desktop/plasma.nix new file mode 100644 index 0000000..50214bb --- /dev/null +++ b/modules/desktop/plasma.nix @@ -0,0 +1,18 @@ +{lib, ...}: { + services = { + displayManager = { + gdm.enable = lib.mkForce false; + sddm.enable = true; + }; + desktopManager = { + gnome.enable = lib.mkForce false; + plasma6.enable = true; + }; + xserver = { + windowManager.bspwm.enable = lib.mkForce false; + displayManager.lightdm.enable = lib.mkForce false; + }; + }; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/modules/desktop/xorg-bspwm.nix b/modules/desktop/xorg-bspwm.nix new file mode 100644 index 0000000..8d3a1b0 --- /dev/null +++ b/modules/desktop/xorg-bspwm.nix @@ -0,0 +1,21 @@ +{lib, ...}: { + services = { + xserver = { + enable = true; + displayManager = { + lightdm.enable = true; + }; + windowManager.bspwm.enable = true; + }; + displayManager = { + gdm.enable = lib.mkForce false; + sddm.enable = lib.mkForce false; + }; + desktopManager = { + gnome.enable = lib.mkForce false; + plasma6.enable = lib.mkForce false; + }; + }; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/modules/hardware/bepovim.nix b/modules/hardware/bepovim.nix new file mode 100644 index 0000000..9b44328 --- /dev/null +++ b/modules/hardware/bepovim.nix @@ -0,0 +1,100 @@ +_: { + services.xserver.xkb = { + layout = "bepovim"; + variant = "basic"; + options = "lv3:ralt_switch"; + extraLayouts.bepovim = { + description = "Clavier Bepovim – 4 niveaux"; + languages = ["fr"]; + symbolsFile = builtins.toFile "bepovim.xkb" '' + xkb_symbols "basic" { + name[Group1] = "Bepovim"; + + key { [ Escape ] }; + key { [ dollar, numbersign ] }; + key { [ less, 1, guillemotleft ] }; + key { [ greater, 2, guillemotright ] }; + key { [ parenleft, 3, bracketleft ] }; + key { [ parenright, 4, bracketright ] }; + key { [ at, 5, braceleft ] }; + key { [ plus, 6, braceright ] }; + key { [ minus, 7, asciitilde ] }; + key { [ asterisk, 8 ] }; + key { [ slash, 9, backslash ] }; + key { [ quotedbl, 0, percent ] }; + key { [ equal, ampersand ] }; + key { [ BackSpace ] }; + key { [ Tab, ISO_Left_Tab ] }; + + key { [ b, B ] }; + key { [ eacute, Eacute ] }; + key { [ p, P ] }; + key { [ o, O ] }; + key { [ r, R ] }; + key { [ dead_circumflex, grave ] }; + key { [ v, V ] }; + key { [ s, S ] }; + key { [ t, T ] }; + key { [ d, D ] }; + key { [ egrave, Egrave ] }; + key { [ ccedilla, Ccedilla ] }; + + key { [ Return ] }; + key { [ c, C ] }; + key { [ a, A ] }; + key { [ u, U ] }; + key { [ i, I ] }; + key { [ e, E, EuroSign ] }; + key { [ period, question ] }; + key { [ n, N ] }; + key { [ h, H, Left ] }; + key { [ j, J, Down ] }; + key { [ k, K, Up ] }; + key { [ l, L, Right ] }; + key { [ m, M ] }; + + key { [ Shift_L ] }; + key { [ q, Q ] }; + key { [ w, W ] }; + key { [ agrave, Agrave ] }; + key { [ f, F ] }; + key { [ colon, bar ] }; + key { [ comma, semicolon ] }; + key { [ apostrophe, exclam ] }; + key { [ x, X ] }; + key { [ g, G ] }; + key { [ z, Z ] }; + key { [ y, Y ] }; + + key { [ Up ] }; + key { [ Left ] }; + key { [ Down ] }; + key { [ Right ] }; + + key { [ Control_L ] }; + key { [ Alt_L ] }; + key { [ space, underscore, nobreakspace, U202F ] }; + key { [ ISO_Level3_Shift ] }; + + key { [ F1, F1 ] }; + key { [ F2, F2 ] }; + key { [ F3, F3 ] }; + key { [ F4, F4 ] }; + key { [ F5, F5 ] }; + key { [ F6, F6 ] }; + key { [ F7, F7 ] }; + key { [ F8, F8 ]}; + key { [ F9, F9 ] }; + key { [ F10, F10 ] }; + key { [ F11, F11 ] }; + }; + ''; + }; + }; + console = { + useXkbConfig = true; + font = "Lat2-Terminus16"; + }; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/modules/hardware/firmware.nix b/modules/hardware/firmware.nix new file mode 100644 index 0000000..3c6df9a --- /dev/null +++ b/modules/hardware/firmware.nix @@ -0,0 +1,12 @@ +{ + lib, + pkgs, + ... +}: { + hardware = { + cpu.amd.updateMicrocode = lib.mkDefault true; + firmware = [pkgs.linux-firmware]; + firmwareCompression = "zstd"; + enableRedistributableFirmware = true; + }; +} diff --git a/modules/hardware/gpu-amd.nix b/modules/hardware/gpu-amd.nix new file mode 100644 index 0000000..dc65bfc --- /dev/null +++ b/modules/hardware/gpu-amd.nix @@ -0,0 +1,46 @@ +{ + lib, + pkgs, + ... +}: { + boot = { + initrd.kernelModules = lib.mkAfter ["amdgpu"]; + kernelModules = lib.mkAfter ["amdgpu"]; + }; + + # Pilotes + options AMDGPU + services.xserver = { + enable = true; + videoDrivers = lib.mkDefault ["amdgpu"]; + }; + + hardware.graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ + mesa + libva + libva-utils + libvdpau + libva-vdpau-driver + libvdpau-va-gl + vulkan-tools + vulkan-loader + vulkan-validation-layers + ]; + }; + + environment.variables = { + LIBVA_DRIVER_NAME = "radeonsi"; + VDPAU_DRIVER = "va_gl"; + }; + + # Désactive héritage radeon pour cartes anciennes + boot.kernelParams = lib.mkAfter [ + "amdgpu.si_support=0" + "amdgpu.cik_support=0" + "radeon.si_support=0" + "radeon.cik_support=0" + ]; + +} diff --git a/modules/hardware/sensors-zenpower.nix b/modules/hardware/sensors-zenpower.nix new file mode 100644 index 0000000..97a155d --- /dev/null +++ b/modules/hardware/sensors-zenpower.nix @@ -0,0 +1,12 @@ +{ + config, + lib, + ... +}: { + boot.kernelModules = lib.mkAfter ["zenpower"]; + boot.extraModulePackages = [config.boot.kernelPackages.zenpower]; + hardware.sensor.iio.enable = lib.mkDefault true; + services.hardware.bolt.enable = lib.mkDefault false; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix new file mode 100644 index 0000000..0cee315 --- /dev/null +++ b/modules/services/forgejo.nix @@ -0,0 +1,52 @@ +{pkgs, ...}: +let + globals = import ../../config/globals.nix; +in { + # --- Utilisateur dédié --- + users.users.${globals.services.forgejo.user} = { + isSystemUser = true; + home = globals.services.forgejo.home; + shell = pkgs.bash; + group = globals.services.forgejo.user; + }; + users.groups.${globals.services.forgejo.user} = {}; + + # --- Forgejo --- + services = { + forgejo = { + enable = true; + user = globals.services.forgejo.user; + group = globals.services.forgejo.user; + database = { + type = "sqlite3"; + path = "${globals.services.forgejo.home}/data/gitea.db"; + }; + settings = { + server = { + DOMAIN = globals.services.forgejo.url ; + ROOT_URL = "https://${globals.services.forgejo.url}/"; + SSH_DOMAIN = globals.services.forgejo.url; + HTTP_PORT = globals.services.forgejo.port; + START_SSH_SERVER = false; + }; + service = { + DISABLE_REGISTRATION = true; + REGISTER_EMAIL_CONFIRM = false; + }; + repository = { + DEFAULT_BRANCH = "master"; + }; + }; + }; + openssh.enable = true; + caddy = { + enable = true; + virtualHosts.${globals.services.forgejo.url} = { + extraConfig = '' + reverse_proxy localhost:${toString globals.services.forgejo.port} + ''; + }; + }; + }; + networking.firewall.allowedTCPPorts = [80 443 22 ]; +} diff --git a/modules/services/goaccess.nix b/modules/services/goaccess.nix new file mode 100644 index 0000000..b403917 --- /dev/null +++ b/modules/services/goaccess.nix @@ -0,0 +1,83 @@ +{pkgs, config, ...}: +let + globals = import ../../config/globals.nix ; +in { + age.secrets.goaccess-password = { + file = ../../secrets/goaccess-password.age; + owner = "caddy"; + group = "caddy"; + mode = "0400"; + }; + + environment.systemPackages = with pkgs; [ + goaccess + ]; + + environment.etc."local/bin/generate-goaccess.sh".text = '' + #!/bin/sh + set -eu + + RAW_LOG="/var/log/caddy/access-${globals.services.levr.url}.log" + CLEAN_LOG="/tmp/goaccess-clean.log" + REPORT="${globals.services.goaccess.home}/index.html" + + ${pkgs.gnugrep}/bin/grep -v '192.168.' "$RAW_LOG" > "$CLEAN_LOG" + ${pkgs.goaccess}/bin/goaccess "$CLEAN_LOG" --log-format=CADDY -o "$REPORT"; + ''; + environment.etc."local/bin/generate-goaccess.sh".mode = "0755"; + + systemd.services.goaccess-report = { + description = "Generate GoAccess HTML report"; + serviceConfig = { + ExecStart = "/etc/local/bin/generate-goaccess.sh"; + }; + }; + + systemd.timers.goaccess-report = { + description = "Hourly GoAccess report generation"; + wantedBy = ["timers.target"]; + timerConfig = { + OnCalendar = "hourly"; + Persistent = true; + }; + }; + + systemd.services."goaccess-auth-sync" = { + description = "Sync goaccess password for Caddy"; + wantedBy = [ "caddy.service" ]; + before = [ "caddy.service" ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = pkgs.writeScript "sync-goaccess-auth" '' + #!${pkgs.bash}/bin/bash + mkdir -p /etc/caddy/extra + cp /run/agenix/goaccess-password /etc/caddy/extra/goaccess-auth.conf + chown caddy:caddy /etc/caddy/extra/goaccess-auth.conf + chmod 400 /etc/caddy/extra/goaccess-auth.conf + ''; + }; + }; + + services.caddy = { + virtualHosts = { + "${globals.services.goaccess.url}" = { + extraConfig = '' + root * ${globals.services.goaccess.home} + + basic_auth /* { + import /etc/caddy/extra/goaccess-auth.conf + } + + file_server browse + try_files {path} {path}/ /index.html + ''; + + }; + }; + }; + + systemd.tmpfiles.rules = [ + "d ${globals.services.goaccess.home} 0755 root root -" + "d /etc/caddy/extra 0750 caddy caddy -" + ]; +} diff --git a/modules/services/printing.nix b/modules/services/printing.nix new file mode 100644 index 0000000..9228648 --- /dev/null +++ b/modules/services/printing.nix @@ -0,0 +1,3 @@ +_: { + services.printing.enable = true; +} diff --git a/modules/services/wikijs.nix b/modules/services/wikijs.nix new file mode 100644 index 0000000..8da2a7e --- /dev/null +++ b/modules/services/wikijs.nix @@ -0,0 +1,33 @@ +{ pkgs, ... }: +let + globals = import ../../config/globals.nix ; +in { + systemd.services.wiki-js = { + requires = [ "postgresql.service" ]; + after = [ "postgresql.service" ]; + }; + services.wiki-js = { + enable = true; + settings = { + db = { + db = "wiki-js"; + host = "/run/postgresql"; + type = "postgres"; + user = "wiki-js"; + }; + port = 3002 ; + }; + }; + services.postgresql = { + enable = true; + ensureDatabases = [ "wiki-js" ]; + ensureUsers = [{ + name = "wiki-js"; + ensureDBOwnership = true; + }]; + }; + + services.caddy.virtualHosts.${globals.services.wikijs.url}.extraConfig = '' + reverse_proxy localhost:${toString globals.services.wikijs.port} + ''; +} diff --git a/modules/sites/levr.porzh.me.nix b/modules/sites/levr.porzh.me.nix new file mode 100644 index 0000000..7215cd7 --- /dev/null +++ b/modules/sites/levr.porzh.me.nix @@ -0,0 +1,80 @@ +{ pkgs, lib, ...}: +let + globals = import ../../config/globals.nix ; +in { + environment.systemPackages = with pkgs; [ + hugo + ]; + systemd.services.hugo-build = { + description = "Auto build du blog hugo"; + serviceConfig = { + Type = "oneshot"; + WorkingDirectory = globals.services.levr.home ; + ExecStart = ''${pkgs.hugo}/bin/hugo --minify build -d ${globals.services.levr.build}''; + User = "levr"; + }; + }; + systemd.timers.hugo-build = { + description = "Timer pour rebuild du blog"; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "01:10" ; + Persistent = true ; + }; + }; + systemd.services.blog-sync = { + description = "Synchronisation du dépôt Hugo"; + serviceConfig = { + Type = "oneshot"; + WorkingDirectory = globals.services.levr.home; + ExecStart = "${pkgs.git}/bin/git pull --rebase origin master"; + User = "levr"; + }; + environment = { + PATH = lib.mkForce "${pkgs.openssh}/bin"; + }; + }; + systemd.timers.blog-sync = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "01:00"; + Persistent = true; + }; + }; + services.caddy = { + enable = true; + virtualHosts = { + "${globals.services.levr.url}" = { + extraConfig = '' + @http { + protocol http + } + redir @http https://{host}{uri} permanent + root * ${globals.services.levr.build} + file_server + + log { + output file /var/log/caddy/access-${globals.services.levr.url}.log + } + ''; + }; + }; + }; + users = { + users = { + "${globals.services.levr.user}" = { + isSystemUser = true ; + group = globals.services.levr.user ; + home = globals.services.levr.home ; + createHome = true ; + description = "User for hugo-blog builds and deployments"; + }; + }; + groups.${globals.services.levr.user} = {}; + }; + + systemd.tmpfiles.rules = [ + "d ${globals.services.levr.home} 0755 levr levr -" + "d ${globals.services.levr.build} 0755 levr levr -" + ]; +} diff --git a/modules/sites/porzh.me.nix b/modules/sites/porzh.me.nix new file mode 100644 index 0000000..5491bb3 --- /dev/null +++ b/modules/sites/porzh.me.nix @@ -0,0 +1,26 @@ +{pkgs, ...}: let + globals = import ../../config/globals.nix ; + porzhSite = pkgs.stdenv.mkDerivation { + pname = "porzh-site"; + version = "1.0"; + src = ./porzh.me; # le dossier avec ton index.html, image, etc. + + installPhase = '' + mkdir -p $out + cp -r * $out/ + ''; + }; +in { + services.caddy = { + enable = true; + virtualHosts = { + "${globals.domain}" = { + serverAliases = [ "www.${globals.domain}" ]; + extraConfig = '' + root * ${porzhSite} + file_server + ''; + }; + }; + }; +} diff --git a/modules/sites/porzh.me/ancre.png b/modules/sites/porzh.me/ancre.png new file mode 100644 index 0000000..18e9e4c Binary files /dev/null and b/modules/sites/porzh.me/ancre.png differ diff --git a/modules/sites/porzh.me/index.html b/modules/sites/porzh.me/index.html new file mode 100644 index 0000000..1b899be --- /dev/null +++ b/modules/sites/porzh.me/index.html @@ -0,0 +1,51 @@ + + + + + Porzh.me + + + + + + + Ancre +

porzh.me

+

Ma porzh stag

+ + Fièrement auto-hébergé et indépendant + + + diff --git a/modules/virtual/aarch64/AAVMF_CODE.fd b/modules/virtual/aarch64/AAVMF_CODE.fd new file mode 100644 index 0000000..54192f7 Binary files /dev/null and b/modules/virtual/aarch64/AAVMF_CODE.fd differ diff --git a/modules/virtual/aarch64/AAVMF_VARS.fd b/modules/virtual/aarch64/AAVMF_VARS.fd new file mode 100644 index 0000000..daeef2a Binary files /dev/null and b/modules/virtual/aarch64/AAVMF_VARS.fd differ diff --git a/modules/virtual/kvm-amd.nix b/modules/virtual/kvm-amd.nix new file mode 100644 index 0000000..42b2818 --- /dev/null +++ b/modules/virtual/kvm-amd.nix @@ -0,0 +1,3 @@ +{lib, ...}: { + boot.kernelModules = lib.mkAfter ["kvm-amd"]; +} diff --git a/modules/virtual/truenas.nix b/modules/virtual/truenas.nix new file mode 100644 index 0000000..6df43bb --- /dev/null +++ b/modules/virtual/truenas.nix @@ -0,0 +1,78 @@ +{pkgs, ...}: { + boot = { + initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"]; + extraModprobeConfig = '' + options vfio-pci ids=1022:43f6 + ''; + kernelParams = [ + "amd_iommu=on" + "iommu=pt" + ]; + }; + users.users.lomig.extraGroups = ["disk"]; + security.pam.loginLimits = [ + { + domain = "lomig"; + type = "soft"; + item = "memlock"; + value = "infinity"; + } + { + domain = "lomig"; + type = "hard"; + item = "memlock"; + value = "infinity"; + } + ]; + boot.kernel.sysctl."vm.nr_hugepages" = 1024; + fileSystems."/dev/hugepages" = { + device = "hugetlbfs"; + fsType = "hugetlbfs"; + }; + + # services.udev.extraRules = '' + # SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500b0179482", GROUP="disk", MODE="0660" + # SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc529430", GROUP="disk", MODE="0660" + # SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc53994a", GROUP="disk", MODE="0660" + # SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc5551d4", GROUP="disk", MODE="0660" + # SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660" + # ''; + + systemd.services.truenas-vm = { + wantedBy = ["multi-user.target"]; + after = ["network-online.target"]; + wants = ["network-online.target"]; + serviceConfig = { + RuntimeDirectory = "truenas"; + ExecStartPre = "/run/current-system/sw/bin/rm -f /run/truenas/qmp.sock"; + ExecStart = '' + /run/current-system/sw/bin/qemu-system-x86_64 -enable-kvm -m 4096 -smp 2 \ + -drive file=/home/lomig/vm/truenas.qcow2,if=none,format=qcow2,id=os \ + -device vfio-pci,host=0e:00.0 \ + -netdev bridge,br=br0,id=n1,helper=/run/wrappers/bin/qemu-bridge-helper \ + -device virtio-net-pci,netdev=n1,mac=52:54:00:00:01:02 \ + -device virtio-blk-pci,drive=os,bootindex=0 \ + -qmp unix:/run/truenas.qmp,server,nowait -display none + ''; + ExecStop = '' + echo '{"execute":"system_powerdown"}' | socat - UNIX-CONNECT:/run/truenas.qmp || true ; sleep 5 + ''; + Restart = "on-failure"; + RestartSec = 3; + StartLimitIntervalSec = 60; + StartLimitBurst = 5; + }; + }; + + systemd.services.resume-truenas-vm = { + description = "Restart Truenas VM after resume"; + wantedBy = ["sleep.target"]; + after = ["sleep.target"]; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.systemd}/bin/systemctl try-restart truenas-vm.service"; + }; + }; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/modules/virtual/vfio.nix b/modules/virtual/vfio.nix new file mode 100644 index 0000000..a268d31 --- /dev/null +++ b/modules/virtual/vfio.nix @@ -0,0 +1,19 @@ +{lib, ...}: { + # Ajoute dans l’initrd sans auto-référencer l’option + boot = { + initrd.kernelModules = lib.mkAfter [ + "vfio_pci" + "vfio" + "vfio_iommu_type1" + ]; + + # Ajoute les params IOMMU proprement + kernelParams = lib.mkAfter [ + "amd_iommu=on" + "iommu=pt" + ]; + + # Valeur par défaut (sans référencer config.*) + kernel.sysctl."vm.nr_hugepages" = lib.mkDefault 1024; + }; +} diff --git a/scripts/imports.sh b/scripts/imports.sh new file mode 100755 index 0000000..101e153 --- /dev/null +++ b/scripts/imports.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash + +find $HOME/nixos-config -name "*.nix" | while read -r file; do + imports=$(awk ' + /imports[[:space:]]*=/ {flag=1} + flag {print} + /\]/ && flag {flag=0} + ' "$file" | grep -vE 'imports[[:space:]]*=' | grep -v '\[' | grep -v '\]' | sed 's/^[[:space:]]*//; s/[[:space:]]*$//') + + if [[ -n "$imports" ]]; then + echo "$file imports:" + echo "$imports" | sed 's/^/ |--- /' + echo + fi +done diff --git a/secrets/agenix/pennsardin.pub b/secrets/agenix/pennsardin.pub new file mode 100644 index 0000000..e16be5e --- /dev/null +++ b/secrets/agenix/pennsardin.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICZto2/k9ZiYzWxWM6sfZLq/fIUVDc3BwPb+00dOahkk root@pennsardin diff --git a/secrets/dunoz-password-penduick.age b/secrets/dunoz-password-penduick.age new file mode 100644 index 0000000..69cddd9 --- /dev/null +++ b/secrets/dunoz-password-penduick.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> X25519 t5/4zFfNo5Hq/EacMKriedzv9je2ThBpq/WLegedg2A +sq35AzCE5HVTgqi0cNOcbW5C50sLeCAw4SIR6fbMg2M +-> X25519 yHHx+6CF7VEf331RchlwC9povVUwZBTq9cgAfo3gqjQ +RUsB7tMZRJYGy5Ggw+pnaNPOEiFYwAJn+gquCcNUnQo +--- jJVkAQ9fNSwyrWiyvIVzuTuJuudhL3zv29PI5pdKDz4 +ш.f=5IWiNPlSwwM* \ No newline at end of file diff --git a/secrets/goaccess-password.age b/secrets/goaccess-password.age new file mode 100644 index 0000000..20d710c Binary files /dev/null and b/secrets/goaccess-password.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..bc436c2 --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,11 @@ +let + serveur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPRVxB7usThGHf8cuSPE4sjdqSaPNlwWAZPEo1wUgHz6 root@terre-neuvas"; + admin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxranFaz3jRfvYE2M6FvRUWjzviIWjWd1mucgKeuSK2 lomig@nixos"; + penduick = "age1rnyey8shjxyaq43dzlnhtfkcm3ra4hy3ygh6c46w4xmr7fe9fe3s00nh2r"; + dunoz = "age1ppu60aw0v5wxhrc0gyqmgrukh2a5uaxwqxxmuy0w3fv4tnt02ycqrrgmue"; +in +{ + "goaccess-password.age".publicKeys = [ serveur admin ]; + "dunoz-password-penduick.age".publicKeys = [ penduick dunoz ]; +} +