From 2f0b5cf661842e9b0eecd13c2edbbc929cb72e80 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Thu, 9 Oct 2025 14:27:25 +0200 Subject: [PATCH 1/6] Refactor: global.nix --- config/globals.nix | 13 +++++++++++++ hm/common/git.nix | 9 ++++++--- modules/common/smtp.nix | 15 +++++++++------ 3 files changed, 28 insertions(+), 9 deletions(-) create mode 100644 config/globals.nix diff --git a/config/globals.nix b/config/globals.nix new file mode 100644 index 0000000..53ffe13 --- /dev/null +++ b/config/globals.nix @@ -0,0 +1,13 @@ +{ + domain = "porzh.me"; + admin = { + email = "dun0z@porzh.me"; + name = "DuN0z"; + }; + + smtp = { + host = "smtp.protonmail.ch"; + port = 587 ; + user = "contact@porzh.me"; + }; +} diff --git a/hm/common/git.nix b/hm/common/git.nix index ec4c03b..2399f41 100644 --- a/hm/common/git.nix +++ b/hm/common/git.nix @@ -1,8 +1,11 @@ -_: { +_: +let +globals = import ../../config/globals.nix; +in { programs.git = { enable = true; - userName = "DuN0z"; - userEmail = "dun0z@porzh.me"; + userName = globals.admin.name; + userEmail = globals.admin.email; }; } # vim: set ts=2 sw=2 sts=2 et : diff --git a/modules/common/smtp.nix b/modules/common/smtp.nix index 51a3a4d..d185e82 100644 --- a/modules/common/smtp.nix +++ b/modules/common/smtp.nix @@ -1,16 +1,19 @@ -{ config, pkgs, lib, ... }: { +{ config, pkgs, lib, ... }: +let +globals = import ../../config/globals.nix; +in { programs.msmtp = { enable = true; accounts.default = { - host = "smtp.protonmail.ch"; - port = 587; + host = globals.smtp.host; + port = globals.smtp.port; auth = true; tls = true; tls_starttls = true; - user = "contact@porzh.me"; + user = globals.smtp.user; passwordeval = "cat /run/secrets/proton_pass"; - from = "contact@porzh.me"; + from = globals.smtp.user; }; }; @@ -23,4 +26,4 @@ ]; environment.pathsToLink = [ "/etc/alternatives" "/usr/sbin" ]; - } +} From 330958fba43925652f81729910afd8136fe84413 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Thu, 9 Oct 2025 15:34:37 +0200 Subject: [PATCH 2/6] REFACTOR: Add config vars file --- hm/desktop/bspwm.nix | 2 +- hm/users/lomig-desktop.nix | 1 - hosts/pennsardin/configuration.nix | 34 ++++++++++++++++++------------ modules/common/networking.nix | 2 -- modules/roles/workstation.nix | 8 ------- modules/services/forgejo.nix | 19 ++++++++++------- modules/services/goaccess.nix | 11 ++++++---- modules/services/outline.nix | 23 +++++++++++--------- modules/sites/levr.porzh.me.nix | 17 +++++++++------ modules/sites/porzh.me.nix | 5 +++-- 10 files changed, 66 insertions(+), 56 deletions(-) diff --git a/hm/desktop/bspwm.nix b/hm/desktop/bspwm.nix index 302d6b8..b92376e 100644 --- a/hm/desktop/bspwm.nix +++ b/hm/desktop/bspwm.nix @@ -37,7 +37,7 @@ xsession = { enable = true; - xsession.windowManager.bspwm = { + windowManager.bspwm = { enable = true; # Démarrages au login X diff --git a/hm/users/lomig-desktop.nix b/hm/users/lomig-desktop.nix index b0c7d7a..9be4152 100644 --- a/hm/users/lomig-desktop.nix +++ b/hm/users/lomig-desktop.nix @@ -3,7 +3,6 @@ ../desktop/bspwm.nix ./lomig.nix ]; - home.stateVersion = "25.05"; # ou ton actuelle home = { packages = with pkgs; [ fastfetch diff --git a/hosts/pennsardin/configuration.nix b/hosts/pennsardin/configuration.nix index a2b0acf..149c804 100644 --- a/hosts/pennsardin/configuration.nix +++ b/hosts/pennsardin/configuration.nix @@ -1,4 +1,7 @@ -{pkgs, ...}: { +{pkgs, ...}: +let + globals = import ../../config/globals.nix; +in { imports = [ ../../profiles/workstation-bspwm.nix ../../modules/hardware/bepovim.nix @@ -37,7 +40,7 @@ users.users.lomig = { isNormalUser = true; - extraGroups = ["networkmanager" "lp" "wheel"]; + extraGroups = [ "lp" "wheel"]; shell = pkgs.zsh; }; @@ -49,21 +52,26 @@ networking = { useNetworkd = true; firewall.allowedTCPPorts = [22 80 5900 5901 5902]; - interfaces.enp11s0.useDHCP = false; - interfaces.br0 = { - useDHCP = false; - ipv4.addresses = [ - { - address = "192.168.0.2"; - prefixLength = 24; - } - ]; + interfaces = { + enp11s0 = { + useDHCP = false; + wakeOnLan.enable = true ; + br0 = { + useDHCP = false; + ipv4.addresses = [ + { + address = globals.network.pennsardin.ip; + prefixLength = 24; + } + ]; + }; }; + defaultGateway = { interface = "br0"; - address = "192.168.0.254"; + address = globals.network.gateway; }; - nameservers = ["192.168.0.254" "1.1.1.1"]; + nameservers = [ globals.network.gateway "1.1.1.1"]; bridges.br0.interfaces = ["enp11s0"]; }; systemd.network = { diff --git a/modules/common/networking.nix b/modules/common/networking.nix index 54957af..98478b6 100644 --- a/modules/common/networking.nix +++ b/modules/common/networking.nix @@ -1,8 +1,6 @@ _: { networking = { nameservers = ["1.1.1.1" "8.8.8.8"]; - # dhcpcd.extraConfig = "nohook resolv.conf"; firewall.enable = true; - interfaces.enp11s0.wakeOnLan.enable = true; }; } diff --git a/modules/roles/workstation.nix b/modules/roles/workstation.nix index 0ccf5d6..b99a5c7 100644 --- a/modules/roles/workstation.nix +++ b/modules/roles/workstation.nix @@ -1,18 +1,10 @@ {pkgs, ...}: { imports = [ ../common/nix.nix - - # Matériel ../hardware/gpu-amd.nix ../hardware/sensors-zenpower.nix - - # Virtualisation/tuning ../virtual/kvm-amd.nix ../virtual/vfio.nix - - # Dev - # ../dev/qemu.nix - # ../virtual/truenas.nix # seulement si tu l’utilises sur ce host ]; environment.systemPackages = with pkgs; [ diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 14c4c94..be5b644 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -1,4 +1,7 @@ -{pkgs, ...}: { +{pkgs, ...}: +let + import ../../config/globals.nix; +in { # --- Utilisateur dédié --- users.users.git = { isSystemUser = true; @@ -20,10 +23,10 @@ }; settings = { server = { - DOMAIN = "govel.porzh.me"; - ROOT_URL = "https://govel.porzh.me/"; - SSH_DOMAIN = "govel.porzh.me"; - HTTP_PORT = 3000; + DOMAIN = globals.services.forgejo.url ; + ROOT_URL = "https://${globals.services.forgejo.url}/"; + SSH_DOMAIN = globals.services.forgejo.url; + HTTP_PORT = globals.services.forgejo.port; SSH_PORT = 22; START_SSH_SERVER = false; }; @@ -32,16 +35,16 @@ REGISTER_EMAIL_CONFIRM = false; }; repository = { - DEFAULT_BRANCH = "main"; + DEFAULT_BRANCH = "master"; }; }; }; openssh.enable = true; caddy = { enable = true; - virtualHosts."govel.porzh.me" = { + virtualHosts.${globals.services.forgejo.url} = { extraConfig = '' - reverse_proxy localhost:3000 + reverse_proxy localhost:${globals.services.forgejo.port} ''; }; }; diff --git a/modules/services/goaccess.nix b/modules/services/goaccess.nix index 35e95f8..c39c469 100644 --- a/modules/services/goaccess.nix +++ b/modules/services/goaccess.nix @@ -1,4 +1,7 @@ -{pkgs, ...}: { +{pkgs, ...}: +let + imports = ../../config/globals.nix ; +in { environment.systemPackages = with pkgs; [ goaccess ]; @@ -7,7 +10,7 @@ systemd.services.goaccess-report = { description = "Generate GoAccess HTML report"; serviceConfig = { - ExecStart = "${pkgs.goaccess}/bin/goaccess /var/log/caddy/access-levr.porzh.me.log --log-format=CADDY -o /var/www/goaccess/index.html"; + ExecStart = "${pkgs.goaccess}/bin/goaccess /var/log/caddy/access-${globals.services.levr.url}.log --log-format=CADDY -o ${globals.services.goaccess.home}/index.html"; }; }; @@ -22,9 +25,9 @@ }; services.caddy = { virtualHosts = { - "koum.porzh.me" = { + globals.services.goaccess.url = { extraConfig = '' - root * /var/www/goaccess + root * ${globals.services.goaccess.home} file_server browse try_files {path} {path}/ /index.html diff --git a/modules/services/outline.nix b/modules/services/outline.nix index be601f0..8aaefd8 100644 --- a/modules/services/outline.nix +++ b/modules/services/outline.nix @@ -1,26 +1,29 @@ -{ config, pkgs, lib, ... }: { +{ config, pkgs, lib, ... }: +let + import ../../config/globals.nix ; +in { services = { outline = { enable = true; - port = 3002 ; - publicUrl = "http://notes.porzh.me"; + port = globals.services.outline.port ; + publicUrl = "http://${globals.services.outline.url}"; forceHttps = true; smtp = { - host = "smtp.protonmail.ch"; - username = "contact@porzh.me"; + host = globals.smtp.host ; + username = globals.smtp.user ; passwordFile = "/run/secrets/proton_pass"; - fromEmail = "contact@porzh.me"; - replyEmail = "contact@porzh.me"; - port = 587 ; + fromEmail = globals.smtp.user; + replyEmail = globals.smtp.user; + port = globals.smtp.port; secure = false; }; storage.storageType = "local"; }; caddy = { enable = true; - virtualHosts."notes.porzh.me" = { + virtualHosts.${globals.services.outline.url} = { extraConfig = '' - reverse_proxy localhost:3002 + reverse_proxy localhost:${globals.services.outline.port} ''; }; }; diff --git a/modules/sites/levr.porzh.me.nix b/modules/sites/levr.porzh.me.nix index 41fa232..08c0839 100644 --- a/modules/sites/levr.porzh.me.nix +++ b/modules/sites/levr.porzh.me.nix @@ -1,4 +1,7 @@ -{ pkgs, lib, ...}: { +{ pkgs, lib, ...}: +let + import = ../../config/globals.nix ; +in { environment.systemPackages = with pkgs; [ hugo ]; @@ -6,8 +9,8 @@ description = "Auto build du blog hugo"; serviceConfig = { Type = "oneshot"; - WorkingDirectory = "/srv/blog" ; - ExecStart = ''${pkgs.hugo}/bin/hugo --minify build -d /srv/blog/public''; + WorkingDirectory = globals.services.levr.home ; + ExecStart = ''${pkgs.hugo}/bin/hugo --minify build -d ${globals.services.levr.build}''; User = "lomig"; }; }; @@ -23,7 +26,7 @@ description = "Synchronisation du dépôt Hugo"; serviceConfig = { Type = "oneshot"; - WorkingDirectory = "/srv/blog"; + WorkingDirectory = globals.services.levr.home; ExecStart = "${pkgs.git}/bin/git pull origin master"; User = "lomig"; }; @@ -41,17 +44,17 @@ services.caddy = { enable = true; virtualHosts = { - "levr.porzh.me" = { + globals.services.levr.url = { extraConfig = '' @http { protocol http } redir @http https://{host}{uri} permanent - root * /srv/blog/public + root * ${globals.services.levr.build} file_server log { - output file /var/log/caddy/access-levr.porzh.me.log + output file /var/log/caddy/access-${global.services.levr.url}.log } ''; }; diff --git a/modules/sites/porzh.me.nix b/modules/sites/porzh.me.nix index 145e665..5ce0726 100644 --- a/modules/sites/porzh.me.nix +++ b/modules/sites/porzh.me.nix @@ -1,4 +1,5 @@ {pkgs, ...}: let + import ../../config/globals.nix ; porzhSite = pkgs.stdenv.mkDerivation { pname = "porzh-site"; version = "1.0"; @@ -13,8 +14,8 @@ in { services.caddy = { enable = true; virtualHosts = { - "porzh.me" = { - serverAliases = ["www.porzh.me"]; + globals.domain = { + serverAliases = [ "www.${globals.domain}" ]; extraConfig = '' root * ${porzhSite} file_server From 36d368063a1391bfce05638b7c68e6c43746c109 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Thu, 9 Oct 2025 15:36:54 +0200 Subject: [PATCH 3/6] Fix: Forgot config file :-) --- config/globals.nix | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/config/globals.nix b/config/globals.nix index 53ffe13..b6e4dd0 100644 --- a/config/globals.nix +++ b/config/globals.nix @@ -10,4 +10,32 @@ port = 587 ; user = "contact@porzh.me"; }; + + network = { + gateway = "192.168.50.1"; + pennsardin = { + ip = "192.168.50.12"; + }; + }; + + services = { + forgejo = { + home = "/var/lib/services/forgejo"; + url = "govel.porzh.me"; + port = "3000"; + }; + goaccess = { + home = "/var/lib/www/goaccess"; + url = "koum.porzh.me"; + }; + levr = { + home = "/var/lib/services/levr"; + build = "/var/lib/www/levr"; + url = "levr.porzh.me"; + }; + outline = { + url = "notes.porzh.me"; + port = "3001"; + }; + }; } From e3c3d5ee8be7611c0f264032d6e40beef68eafae Mon Sep 17 00:00:00 2001 From: DuN0z Date: Thu, 9 Oct 2025 17:40:43 +0200 Subject: [PATCH 4/6] Fix: imports --- config/globals.nix | 7 +++++-- hosts/terre-neuvas/configuration.nix | 10 ++++++---- modules/services/forgejo.nix | 4 ++-- modules/services/goaccess.nix | 4 ++-- modules/services/outline.nix | 6 +++--- modules/sites/levr.porzh.me.nix | 6 +++--- modules/sites/porzh.me.nix | 4 ++-- 7 files changed, 23 insertions(+), 18 deletions(-) diff --git a/config/globals.nix b/config/globals.nix index b6e4dd0..c2ccdcb 100644 --- a/config/globals.nix +++ b/config/globals.nix @@ -16,13 +16,16 @@ pennsardin = { ip = "192.168.50.12"; }; + terre-neuvas = { + ip = "192.168.50.11"; + }; }; services = { forgejo = { home = "/var/lib/services/forgejo"; url = "govel.porzh.me"; - port = "3000"; + port = 3000; }; goaccess = { home = "/var/lib/www/goaccess"; @@ -35,7 +38,7 @@ }; outline = { url = "notes.porzh.me"; - port = "3001"; + port = 3001; }; }; } diff --git a/hosts/terre-neuvas/configuration.nix b/hosts/terre-neuvas/configuration.nix index 77b7456..92e1453 100644 --- a/hosts/terre-neuvas/configuration.nix +++ b/hosts/terre-neuvas/configuration.nix @@ -5,7 +5,9 @@ config, pkgs, ... -}: { +}: let +globals = import ../../config/globals.nix ; +in { nix.settings.experimental-features = ["nix-command" "flakes"]; imports = [ # Include the results of the hardware scan. @@ -55,16 +57,16 @@ useDHCP = false; ipv4.addresses = [ { - address = "192.168.0.3"; + address = globals.network.terre-neuvas.ip; prefixLength = 24; } ]; }; defaultGateway = { interface = "br0"; - address = "192.168.0.254"; + address = globals.network.gateway; }; - nameservers = ["192.168.0.254" "1.1.1.1"]; + nameservers = [ globals.network.gateway "1.1.1.1"]; bridges.br0.interfaces = ["eno1"]; }; systemd.network = { diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index be5b644..ad0fb13 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -1,6 +1,6 @@ {pkgs, ...}: let - import ../../config/globals.nix; + globals = import ../../config/globals.nix; in { # --- Utilisateur dédié --- users.users.git = { @@ -44,7 +44,7 @@ in { enable = true; virtualHosts.${globals.services.forgejo.url} = { extraConfig = '' - reverse_proxy localhost:${globals.services.forgejo.port} + reverse_proxy localhost:${toString globals.services.forgejo.port} ''; }; }; diff --git a/modules/services/goaccess.nix b/modules/services/goaccess.nix index c39c469..7391f20 100644 --- a/modules/services/goaccess.nix +++ b/modules/services/goaccess.nix @@ -1,6 +1,6 @@ {pkgs, ...}: let - imports = ../../config/globals.nix ; + globals = import ../../config/globals.nix ; in { environment.systemPackages = with pkgs; [ goaccess @@ -25,7 +25,7 @@ in { }; services.caddy = { virtualHosts = { - globals.services.goaccess.url = { + "${globals.services.goaccess.url}" = { extraConfig = '' root * ${globals.services.goaccess.home} file_server browse diff --git a/modules/services/outline.nix b/modules/services/outline.nix index 8aaefd8..7594138 100644 --- a/modules/services/outline.nix +++ b/modules/services/outline.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: let - import ../../config/globals.nix ; + globals = import ../../config/globals.nix ; in { services = { outline = { @@ -11,7 +11,7 @@ in { smtp = { host = globals.smtp.host ; username = globals.smtp.user ; - passwordFile = "/run/secrets/proton_pass"; + passwordFile = "/etc/secrets/protonpass"; fromEmail = globals.smtp.user; replyEmail = globals.smtp.user; port = globals.smtp.port; @@ -23,7 +23,7 @@ in { enable = true; virtualHosts.${globals.services.outline.url} = { extraConfig = '' - reverse_proxy localhost:${globals.services.outline.port} + reverse_proxy localhost:${toString globals.services.outline.port} ''; }; }; diff --git a/modules/sites/levr.porzh.me.nix b/modules/sites/levr.porzh.me.nix index 08c0839..ee0b1ac 100644 --- a/modules/sites/levr.porzh.me.nix +++ b/modules/sites/levr.porzh.me.nix @@ -1,6 +1,6 @@ { pkgs, lib, ...}: let - import = ../../config/globals.nix ; + globals = import ../../config/globals.nix ; in { environment.systemPackages = with pkgs; [ hugo @@ -44,7 +44,7 @@ in { services.caddy = { enable = true; virtualHosts = { - globals.services.levr.url = { + "${globals.services.levr.url}" = { extraConfig = '' @http { protocol http @@ -54,7 +54,7 @@ in { file_server log { - output file /var/log/caddy/access-${global.services.levr.url}.log + output file /var/log/caddy/access-${globals.services.levr.url}.log } ''; }; diff --git a/modules/sites/porzh.me.nix b/modules/sites/porzh.me.nix index 5ce0726..5491bb3 100644 --- a/modules/sites/porzh.me.nix +++ b/modules/sites/porzh.me.nix @@ -1,5 +1,5 @@ {pkgs, ...}: let - import ../../config/globals.nix ; + globals = import ../../config/globals.nix ; porzhSite = pkgs.stdenv.mkDerivation { pname = "porzh-site"; version = "1.0"; @@ -14,7 +14,7 @@ in { services.caddy = { enable = true; virtualHosts = { - globals.domain = { + "${globals.domain}" = { serverAliases = [ "www.${globals.domain}" ]; extraConfig = '' root * ${porzhSite} From fd5f22ae655d700f2c6244569e6de1fb6858bb39 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Thu, 9 Oct 2025 14:27:25 +0200 Subject: [PATCH 5/6] Refactor: global.nix --- config/globals.nix | 13 +++++++++++++ hm/common/git.nix | 9 ++++++--- modules/common/smtp.nix | 15 +++++++++------ 3 files changed, 28 insertions(+), 9 deletions(-) create mode 100644 config/globals.nix diff --git a/config/globals.nix b/config/globals.nix new file mode 100644 index 0000000..53ffe13 --- /dev/null +++ b/config/globals.nix @@ -0,0 +1,13 @@ +{ + domain = "porzh.me"; + admin = { + email = "dun0z@porzh.me"; + name = "DuN0z"; + }; + + smtp = { + host = "smtp.protonmail.ch"; + port = 587 ; + user = "contact@porzh.me"; + }; +} diff --git a/hm/common/git.nix b/hm/common/git.nix index ec4c03b..2399f41 100644 --- a/hm/common/git.nix +++ b/hm/common/git.nix @@ -1,8 +1,11 @@ -_: { +_: +let +globals = import ../../config/globals.nix; +in { programs.git = { enable = true; - userName = "DuN0z"; - userEmail = "dun0z@porzh.me"; + userName = globals.admin.name; + userEmail = globals.admin.email; }; } # vim: set ts=2 sw=2 sts=2 et : diff --git a/modules/common/smtp.nix b/modules/common/smtp.nix index 51a3a4d..d185e82 100644 --- a/modules/common/smtp.nix +++ b/modules/common/smtp.nix @@ -1,16 +1,19 @@ -{ config, pkgs, lib, ... }: { +{ config, pkgs, lib, ... }: +let +globals = import ../../config/globals.nix; +in { programs.msmtp = { enable = true; accounts.default = { - host = "smtp.protonmail.ch"; - port = 587; + host = globals.smtp.host; + port = globals.smtp.port; auth = true; tls = true; tls_starttls = true; - user = "contact@porzh.me"; + user = globals.smtp.user; passwordeval = "cat /run/secrets/proton_pass"; - from = "contact@porzh.me"; + from = globals.smtp.user; }; }; @@ -23,4 +26,4 @@ ]; environment.pathsToLink = [ "/etc/alternatives" "/usr/sbin" ]; - } +} From 845c3373ba09dfa62903ad93648299a0cfaaf591 Mon Sep 17 00:00:00 2001 From: DuN0z Date: Thu, 9 Oct 2025 17:46:15 +0200 Subject: [PATCH 6/6] refactor --- hm/users/lomig-desktop.nix | 1 - hosts/pennsardin/configuration.nix | 34 ++++++++++++++++++------------ modules/common/networking.nix | 2 -- modules/roles/workstation.nix | 8 ------- modules/services/forgejo.nix | 19 ++++++++++------- modules/services/goaccess.nix | 11 ++++++---- modules/services/outline.nix | 23 +++++++++++--------- modules/sites/levr.porzh.me.nix | 17 +++++++++------ modules/sites/porzh.me.nix | 5 +++-- 9 files changed, 65 insertions(+), 55 deletions(-) diff --git a/hm/users/lomig-desktop.nix b/hm/users/lomig-desktop.nix index b0c7d7a..9be4152 100644 --- a/hm/users/lomig-desktop.nix +++ b/hm/users/lomig-desktop.nix @@ -3,7 +3,6 @@ ../desktop/bspwm.nix ./lomig.nix ]; - home.stateVersion = "25.05"; # ou ton actuelle home = { packages = with pkgs; [ fastfetch diff --git a/hosts/pennsardin/configuration.nix b/hosts/pennsardin/configuration.nix index 314ac4b..149c804 100644 --- a/hosts/pennsardin/configuration.nix +++ b/hosts/pennsardin/configuration.nix @@ -1,4 +1,7 @@ -{pkgs, ...}: { +{pkgs, ...}: +let + globals = import ../../config/globals.nix; +in { imports = [ ../../profiles/workstation-bspwm.nix ../../modules/hardware/bepovim.nix @@ -37,7 +40,7 @@ users.users.lomig = { isNormalUser = true; - extraGroups = ["networkmanager" "lp" "wheel"]; + extraGroups = [ "lp" "wheel"]; shell = pkgs.zsh; }; @@ -49,21 +52,26 @@ networking = { useNetworkd = true; firewall.allowedTCPPorts = [22 80 5900 5901 5902]; - interfaces.enp11s0.useDHCP = false; - interfaces.br0 = { - useDHCP = false; - ipv4.addresses = [ - { - address = "192.168.50.12"; - prefixLength = 24; - } - ]; + interfaces = { + enp11s0 = { + useDHCP = false; + wakeOnLan.enable = true ; + br0 = { + useDHCP = false; + ipv4.addresses = [ + { + address = globals.network.pennsardin.ip; + prefixLength = 24; + } + ]; + }; }; + defaultGateway = { interface = "br0"; - address = "192.168.50.1"; + address = globals.network.gateway; }; - nameservers = ["192.168.50.1" "1.1.1.1"]; + nameservers = [ globals.network.gateway "1.1.1.1"]; bridges.br0.interfaces = ["enp11s0"]; }; systemd.network = { diff --git a/modules/common/networking.nix b/modules/common/networking.nix index 54957af..98478b6 100644 --- a/modules/common/networking.nix +++ b/modules/common/networking.nix @@ -1,8 +1,6 @@ _: { networking = { nameservers = ["1.1.1.1" "8.8.8.8"]; - # dhcpcd.extraConfig = "nohook resolv.conf"; firewall.enable = true; - interfaces.enp11s0.wakeOnLan.enable = true; }; } diff --git a/modules/roles/workstation.nix b/modules/roles/workstation.nix index 0ccf5d6..b99a5c7 100644 --- a/modules/roles/workstation.nix +++ b/modules/roles/workstation.nix @@ -1,18 +1,10 @@ {pkgs, ...}: { imports = [ ../common/nix.nix - - # Matériel ../hardware/gpu-amd.nix ../hardware/sensors-zenpower.nix - - # Virtualisation/tuning ../virtual/kvm-amd.nix ../virtual/vfio.nix - - # Dev - # ../dev/qemu.nix - # ../virtual/truenas.nix # seulement si tu l’utilises sur ce host ]; environment.systemPackages = with pkgs; [ diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 14c4c94..be5b644 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -1,4 +1,7 @@ -{pkgs, ...}: { +{pkgs, ...}: +let + import ../../config/globals.nix; +in { # --- Utilisateur dédié --- users.users.git = { isSystemUser = true; @@ -20,10 +23,10 @@ }; settings = { server = { - DOMAIN = "govel.porzh.me"; - ROOT_URL = "https://govel.porzh.me/"; - SSH_DOMAIN = "govel.porzh.me"; - HTTP_PORT = 3000; + DOMAIN = globals.services.forgejo.url ; + ROOT_URL = "https://${globals.services.forgejo.url}/"; + SSH_DOMAIN = globals.services.forgejo.url; + HTTP_PORT = globals.services.forgejo.port; SSH_PORT = 22; START_SSH_SERVER = false; }; @@ -32,16 +35,16 @@ REGISTER_EMAIL_CONFIRM = false; }; repository = { - DEFAULT_BRANCH = "main"; + DEFAULT_BRANCH = "master"; }; }; }; openssh.enable = true; caddy = { enable = true; - virtualHosts."govel.porzh.me" = { + virtualHosts.${globals.services.forgejo.url} = { extraConfig = '' - reverse_proxy localhost:3000 + reverse_proxy localhost:${globals.services.forgejo.port} ''; }; }; diff --git a/modules/services/goaccess.nix b/modules/services/goaccess.nix index 35e95f8..c39c469 100644 --- a/modules/services/goaccess.nix +++ b/modules/services/goaccess.nix @@ -1,4 +1,7 @@ -{pkgs, ...}: { +{pkgs, ...}: +let + imports = ../../config/globals.nix ; +in { environment.systemPackages = with pkgs; [ goaccess ]; @@ -7,7 +10,7 @@ systemd.services.goaccess-report = { description = "Generate GoAccess HTML report"; serviceConfig = { - ExecStart = "${pkgs.goaccess}/bin/goaccess /var/log/caddy/access-levr.porzh.me.log --log-format=CADDY -o /var/www/goaccess/index.html"; + ExecStart = "${pkgs.goaccess}/bin/goaccess /var/log/caddy/access-${globals.services.levr.url}.log --log-format=CADDY -o ${globals.services.goaccess.home}/index.html"; }; }; @@ -22,9 +25,9 @@ }; services.caddy = { virtualHosts = { - "koum.porzh.me" = { + globals.services.goaccess.url = { extraConfig = '' - root * /var/www/goaccess + root * ${globals.services.goaccess.home} file_server browse try_files {path} {path}/ /index.html diff --git a/modules/services/outline.nix b/modules/services/outline.nix index be601f0..8aaefd8 100644 --- a/modules/services/outline.nix +++ b/modules/services/outline.nix @@ -1,26 +1,29 @@ -{ config, pkgs, lib, ... }: { +{ config, pkgs, lib, ... }: +let + import ../../config/globals.nix ; +in { services = { outline = { enable = true; - port = 3002 ; - publicUrl = "http://notes.porzh.me"; + port = globals.services.outline.port ; + publicUrl = "http://${globals.services.outline.url}"; forceHttps = true; smtp = { - host = "smtp.protonmail.ch"; - username = "contact@porzh.me"; + host = globals.smtp.host ; + username = globals.smtp.user ; passwordFile = "/run/secrets/proton_pass"; - fromEmail = "contact@porzh.me"; - replyEmail = "contact@porzh.me"; - port = 587 ; + fromEmail = globals.smtp.user; + replyEmail = globals.smtp.user; + port = globals.smtp.port; secure = false; }; storage.storageType = "local"; }; caddy = { enable = true; - virtualHosts."notes.porzh.me" = { + virtualHosts.${globals.services.outline.url} = { extraConfig = '' - reverse_proxy localhost:3002 + reverse_proxy localhost:${globals.services.outline.port} ''; }; }; diff --git a/modules/sites/levr.porzh.me.nix b/modules/sites/levr.porzh.me.nix index 41fa232..08c0839 100644 --- a/modules/sites/levr.porzh.me.nix +++ b/modules/sites/levr.porzh.me.nix @@ -1,4 +1,7 @@ -{ pkgs, lib, ...}: { +{ pkgs, lib, ...}: +let + import = ../../config/globals.nix ; +in { environment.systemPackages = with pkgs; [ hugo ]; @@ -6,8 +9,8 @@ description = "Auto build du blog hugo"; serviceConfig = { Type = "oneshot"; - WorkingDirectory = "/srv/blog" ; - ExecStart = ''${pkgs.hugo}/bin/hugo --minify build -d /srv/blog/public''; + WorkingDirectory = globals.services.levr.home ; + ExecStart = ''${pkgs.hugo}/bin/hugo --minify build -d ${globals.services.levr.build}''; User = "lomig"; }; }; @@ -23,7 +26,7 @@ description = "Synchronisation du dépôt Hugo"; serviceConfig = { Type = "oneshot"; - WorkingDirectory = "/srv/blog"; + WorkingDirectory = globals.services.levr.home; ExecStart = "${pkgs.git}/bin/git pull origin master"; User = "lomig"; }; @@ -41,17 +44,17 @@ services.caddy = { enable = true; virtualHosts = { - "levr.porzh.me" = { + globals.services.levr.url = { extraConfig = '' @http { protocol http } redir @http https://{host}{uri} permanent - root * /srv/blog/public + root * ${globals.services.levr.build} file_server log { - output file /var/log/caddy/access-levr.porzh.me.log + output file /var/log/caddy/access-${global.services.levr.url}.log } ''; }; diff --git a/modules/sites/porzh.me.nix b/modules/sites/porzh.me.nix index 145e665..5ce0726 100644 --- a/modules/sites/porzh.me.nix +++ b/modules/sites/porzh.me.nix @@ -1,4 +1,5 @@ {pkgs, ...}: let + import ../../config/globals.nix ; porzhSite = pkgs.stdenv.mkDerivation { pname = "porzh-site"; version = "1.0"; @@ -13,8 +14,8 @@ in { services.caddy = { enable = true; virtualHosts = { - "porzh.me" = { - serverAliases = ["www.porzh.me"]; + globals.domain = { + serverAliases = [ "www.${globals.domain}" ]; extraConfig = '' root * ${porzhSite} file_server