DuN0z/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: DuN0z:ce4201eb4e16dc4ccbb313f9f007b1ffb3fa7ebe
Branches Tags
DuN0z:master
DuN0z:refactor
DuN0z:main
..
compare: DuN0z:441cd5eff9fbfba32a63bc12e636332721bfcb50
Branches Tags
DuN0z:master
DuN0z:refactor
DuN0z:main

7 commits
ce4201eb4e ... 441cd5eff9

Author SHA1 Message Date
DuN0z
441cd5eff9 Refactor 2025-10-09 17:50:49 +02:00
DuN0z
845c3373ba refactor 2025-10-09 17:46:15 +02:00
DuN0z
fd5f22ae65 Refactor: global.nix 2025-10-09 17:41:20 +02:00
DuN0z
e3c3d5ee8b Fix: imports 2025-10-09 17:40:43 +02:00
DuN0z
36d368063a Fix: Forgot config file :-) 2025-10-09 15:36:54 +02:00
DuN0z
330958fba4 REFACTOR: Add config vars file 2025-10-09 15:34:37 +02:00
DuN0z
2f0b5cf661 Refactor: global.nix 2025-10-09 14:27:25 +02:00
13 changed files with 131 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

44
config/globals.nix Normal file
View file

@ -0,0 +1,44 @@
{
domain = "porzh.me";
admin = {
email = "dun0z@porzh.me";
name = "DuN0z";
};
smtp = {
host = "smtp.protonmail.ch";
port = 587 ;
user = "contact@porzh.me";
};
network = {
gateway = "192.168.50.1";
pennsardin = {
ip = "192.168.50.12";
};
terre-neuvas = {
ip = "192.168.50.11";
};
};
services = {
forgejo = {
home = "/var/lib/services/forgejo";
url = "govel.porzh.me";
port = 3000;
};
goaccess = {
home = "/var/lib/www/goaccess";
url = "koum.porzh.me";
};
levr = {
home = "/var/lib/services/levr";
build = "/var/lib/www/levr";
url = "levr.porzh.me";
};
outline = {
url = "notes.porzh.me";
port = 3001;
};
};
}

9
hm/common/git.nix
View file

@ -1,8 +1,11 @@
_: {
_:
let
globals = import ../../config/globals.nix;
in {
programs.git = {
enable = true;
userName = "DuN0z";
userEmail = "dun0z@porzh.me";
userName = globals.admin.name;
userEmail = globals.admin.email;
};
}
# vim: set ts=2 sw=2 sts=2 et :

1
hm/users/lomig-desktop.nix
View file

@ -3,7 +3,6 @@
../desktop/bspwm.nix
./lomig.nix
];
home.stateVersion = "25.05"; # ou ton actuelle
home = {
packages = with pkgs; [
fastfetch

22
hosts/pennsardin/configuration.nix
View file

@ -1,4 +1,7 @@
{pkgs, ...}: {
{pkgs, ...}:
let
globals = import ../../config/globals.nix;
in {
imports = [
../../profiles/workstation-bspwm.nix
../../modules/hardware/bepovim.nix
@ -37,7 +40,7 @@
users.users.lomig = {
isNormalUser = true;
extraGroups = ["networkmanager" "lp" "wheel"];
extraGroups = [ "lp" "wheel"];
shell = pkgs.zsh;
};
@ -49,21 +52,26 @@
networking = {
useNetworkd = true;
firewall.allowedTCPPorts = [22 80 5900 5901 5902];
interfaces.enp11s0.useDHCP = false;
interfaces.br0 = {
interfaces = {
enp11s0 = {
useDHCP = false;
wakeOnLan.enable = true ;
br0 = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.50.12";
address = globals.network.pennsardin.ip;
prefixLength = 24;
}
];
};
};
defaultGateway = {
interface = "br0";
address = "192.168.50.1";
address = globals.network.gateway;
};
nameservers = ["192.168.50.1" "1.1.1.1"];
nameservers = [ globals.network.gateway "1.1.1.1"];
bridges.br0.interfaces = ["enp11s0"];
};
systemd.network = {

10
hosts/terre-neuvas/configuration.nix
View file

@ -5,7 +5,9 @@
config,
pkgs,
...
}: {
}: let
globals = import ../../config/globals.nix ;
in {
nix.settings.experimental-features = ["nix-command" "flakes"];
imports = [
# Include the results of the hardware scan.
@ -55,16 +57,16 @@
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.0.3";
address = globals.network.terre-neuvas.ip;
prefixLength = 24;
}
];
};
defaultGateway = {
interface = "br0";
address = "192.168.0.254";
address = globals.network.gateway;
};
nameservers = ["192.168.0.254" "1.1.1.1"];
nameservers = [ globals.network.gateway "1.1.1.1"];
bridges.br0.interfaces = ["eno1"];
};
systemd.network = {

2
modules/common/networking.nix
View file

@ -1,8 +1,6 @@
_: {
networking = {
nameservers = ["1.1.1.1" "8.8.8.8"];
# dhcpcd.extraConfig = "nohook resolv.conf";
firewall.enable = true;
interfaces.enp11s0.wakeOnLan.enable = true;
};
}

15
modules/common/smtp.nix
View file

@ -1,16 +1,19 @@
{ config, pkgs, lib, ... }: {
{ config, pkgs, lib, ... }:
let
globals = import ../../config/globals.nix;
in {
programs.msmtp = {
enable = true;
accounts.default = {
host = "smtp.protonmail.ch";
port = 587;
host = globals.smtp.host;
port = globals.smtp.port;
auth = true;
tls = true;
tls_starttls = true;
user = "contact@porzh.me";
user = globals.smtp.user;
passwordeval = "cat /run/secrets/proton_pass";
from = "contact@porzh.me";
from = globals.smtp.user;
};
};
@ -23,4 +26,4 @@
];
environment.pathsToLink = [ "/etc/alternatives" "/usr/sbin" ];
}
}

8
modules/roles/workstation.nix
View file

@ -1,18 +1,10 @@
{pkgs, ...}: {
imports = [
../common/nix.nix
# Matériel
../hardware/gpu-amd.nix
../hardware/sensors-zenpower.nix
# Virtualisation/tuning
../virtual/kvm-amd.nix
../virtual/vfio.nix
# Dev
# ../dev/qemu.nix
# ../virtual/truenas.nix # seulement si tu lutilises sur ce host
];
environment.systemPackages = with pkgs; [

19
modules/services/forgejo.nix
View file

@ -1,4 +1,7 @@
{pkgs, ...}: {
{pkgs, ...}:
let
globals = import ../../config/globals.nix;
in {
# --- Utilisateur dédié ---
users.users.git = {
isSystemUser = true;
@ -20,10 +23,10 @@
};
settings = {
server = {
DOMAIN = "govel.porzh.me";
ROOT_URL = "https://govel.porzh.me/";
SSH_DOMAIN = "govel.porzh.me";
HTTP_PORT = 3000;
DOMAIN = globals.services.forgejo.url ;
ROOT_URL = "https://${globals.services.forgejo.url}/";
SSH_DOMAIN = globals.services.forgejo.url;
HTTP_PORT = globals.services.forgejo.port;
SSH_PORT = 22;
START_SSH_SERVER = false;
};
@ -32,16 +35,16 @@
REGISTER_EMAIL_CONFIRM = false;
};
repository = {
DEFAULT_BRANCH = "main";
DEFAULT_BRANCH = "master";
};
};
};
openssh.enable = true;
caddy = {
enable = true;
virtualHosts."govel.porzh.me" = {
virtualHosts.${globals.services.forgejo.url} = {
extraConfig = ''
reverse_proxy localhost:3000
reverse_proxy localhost:${toString globals.services.forgejo.port}
'';
};
};

11
modules/services/goaccess.nix
View file

@ -1,4 +1,7 @@
{pkgs, ...}: {
{pkgs, ...}:
let
globals = import ../../config/globals.nix ;
in {
environment.systemPackages = with pkgs; [
goaccess
];
@ -7,7 +10,7 @@
systemd.services.goaccess-report = {
description = "Generate GoAccess HTML report";
serviceConfig = {
ExecStart = "${pkgs.goaccess}/bin/goaccess /var/log/caddy/access-levr.porzh.me.log --log-format=CADDY -o /var/www/goaccess/index.html";
ExecStart = "${pkgs.goaccess}/bin/goaccess /var/log/caddy/access-${globals.services.levr.url}.log --log-format=CADDY -o ${globals.services.goaccess.home}/index.html";
};
};
@ -22,9 +25,9 @@
};
services.caddy = {
virtualHosts = {
"koum.porzh.me" = {
"${globals.services.goaccess.url}" = {
extraConfig = ''
root * /var/www/goaccess
root * ${globals.services.goaccess.home}
file_server browse
try_files {path} {path}/ /index.html

25
modules/services/outline.nix
View file

@ -1,26 +1,29 @@
{ config, pkgs, lib, ... }: {
{ config, pkgs, lib, ... }:
let
globals = import ../../config/globals.nix ;
in {
services = {
outline = {
enable = true;
port = 3002 ;
publicUrl = "http://notes.porzh.me";
port = globals.services.outline.port ;
publicUrl = "http://${globals.services.outline.url}";
forceHttps = true;
smtp = {
host = "smtp.protonmail.ch";
username = "contact@porzh.me";
passwordFile = "/run/secrets/proton_pass";
fromEmail = "contact@porzh.me";
replyEmail = "contact@porzh.me";
port = 587 ;
host = globals.smtp.host ;
username = globals.smtp.user ;
passwordFile = "/etc/secrets/protonpass";
fromEmail = globals.smtp.user;
replyEmail = globals.smtp.user;
port = globals.smtp.port;
secure = false;
};
storage.storageType = "local";
};
caddy = {
enable = true;
virtualHosts."notes.porzh.me" = {
virtualHosts.${globals.services.outline.url} = {
extraConfig = ''
reverse_proxy localhost:3002
reverse_proxy localhost:${toString globals.services.outline.port}
'';
};
};

17
modules/sites/levr.porzh.me.nix
View file

@ -1,4 +1,7 @@
{ pkgs, lib, ...}: {
{ pkgs, lib, ...}:
let
globals = import ../../config/globals.nix ;
in {
environment.systemPackages = with pkgs; [
hugo
];
@ -6,8 +9,8 @@
description = "Auto build du blog hugo";
serviceConfig = {
Type = "oneshot";
WorkingDirectory = "/srv/blog" ;
ExecStart = ''${pkgs.hugo}/bin/hugo --minify build -d /srv/blog/public'';
WorkingDirectory = globals.services.levr.home ;
ExecStart = ''${pkgs.hugo}/bin/hugo --minify build -d ${globals.services.levr.build}'';
User = "lomig";
};
};
@ -23,7 +26,7 @@
description = "Synchronisation du dépôt Hugo";
serviceConfig = {
Type = "oneshot";
WorkingDirectory = "/srv/blog";
WorkingDirectory = globals.services.levr.home;
ExecStart = "${pkgs.git}/bin/git pull origin master";
User = "lomig";
};
@ -41,17 +44,17 @@
services.caddy = {
enable = true;
virtualHosts = {
"levr.porzh.me" = {
"${globals.services.levr.url}" = {
extraConfig = ''
@http {
protocol http
}
redir @http https://{host}{uri} permanent
root * /srv/blog/public
root * ${globals.services.levr.build}
file_server
log {
output file /var/log/caddy/access-levr.porzh.me.log
output file /var/log/caddy/access-${globals.services.levr.url}.log
}
'';
};

5
modules/sites/porzh.me.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: let
globals = import ../../config/globals.nix ;
porzhSite = pkgs.stdenv.mkDerivation {
pname = "porzh-site";
version = "1.0";
@ -13,8 +14,8 @@ in {
services.caddy = {
enable = true;
virtualHosts = {
"porzh.me" = {
serverAliases = ["www.porzh.me"];
"${globals.domain}" = {
serverAliases = [ "www.${globals.domain}" ];
extraConfig = ''
root * ${porzhSite}
file_server