diff --git a/hosts/pennsardin/configuration.nix b/hosts/pennsardin/configuration.nix index 8acbd41..4d26e18 100644 --- a/hosts/pennsardin/configuration.nix +++ b/hosts/pennsardin/configuration.nix @@ -2,6 +2,7 @@ imports = [ ../../profiles/workstation-bspwm.nix ../../modules/hardware/bepovim.nix +# ../../modules/dev/qemu.nix ../../modules/common/nix.nix ]; @@ -48,11 +49,6 @@ users.lomig = import ../../hm/users/lomig-desktop.nix; }; - networking = { - firewall.allowedTCPPorts = [5900 5901 5902]; - bridges.br0.interfaces = ["enp11s0"]; - }; - system.stateVersion = "25.05"; # pour éviter les hurlements inutiles } diff --git a/hosts/terre-neuvas/configuration.nix b/hosts/terre-neuvas/configuration.nix index 86b0267..d7dc8f4 100644 --- a/hosts/terre-neuvas/configuration.nix +++ b/hosts/terre-neuvas/configuration.nix @@ -20,6 +20,7 @@ boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "terre-neuvas"; # Define your hostname. + networking.networkmanager.enable = true; # Configure keymap in X11 services.xserver.xkb = { @@ -32,7 +33,7 @@ users.users.lomig = { isNormalUser = true; - extraGroups = [ "lp" "wheel" "docker" ]; + extraGroups = ["networkmanager" "lp" "wheel" "docker" ]; shell = pkgs.zsh; }; @@ -48,41 +49,6 @@ git hugo ]; - networking = { - useNetworkd = true ; - firewall.allowedTCPPorts = [ 22 80 5900 5901 5902 ]; - interfaces.eno1.useDHCP = false ; - interfaces.br0 = { - useDHCP = false ; - ipv4.addresses = [ - { - address = "192.168.0.3"; - prefixLength = 24 ; - } - ]; - }; - defaultGateway = { - interface = "br0" ; - address = "192.168.0.254" ; - }; - nameservers = [ "192.168.0.254" "1.1.1.1" ]; - bridges.br0.interfaces = [ "eno1" ]; - }; - systemd.network = { - enable = true ; - netdevs."br0" = { - netdevConfig = { - Name = "br0"; - Kind = "bridge"; - }; - }; - networks."br0" = { - matchConfig.Name = "br0" ; - }; - networks."eno1" = { - matchConfig.Name = "eno1"; - networkConfig.Bridge = "br0"; - }; - }; + networking.firewall.allowedTCPPorts = [ 80 ]; system.stateVersion = "25.05"; # Did you read the comment? } diff --git a/hosts/terre-neuvas/hardware.nix b/hosts/terre-neuvas/hardware.nix index 8c1dc15..9bb56d2 100644 --- a/hosts/terre-neuvas/hardware.nix +++ b/hosts/terre-neuvas/hardware.nix @@ -10,7 +10,7 @@ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = lib.mkAfter [ "kvm-intel" "tun" ]; + boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; fileSystems."/" = @@ -37,7 +37,7 @@ # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - # networking.useDHCP = lib.mkDefault true; + networking.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; diff --git a/modules/common/networking.nix b/modules/common/networking.nix index 17e8015..20186a4 100644 --- a/modules/common/networking.nix +++ b/modules/common/networking.nix @@ -1,7 +1,8 @@ _: { networking = { + networkmanager.enable = true; nameservers = ["1.1.1.1" "8.8.8.8"]; -# dhcpcd.extraConfig = "nohook resolv.conf"; + dhcpcd.extraConfig = "nohook resolv.conf"; firewall.enable = true; interfaces.enp11s0.wakeOnLan.enable = true ; }; diff --git a/modules/common/qemu.nix b/modules/common/qemu.nix deleted file mode 100644 index a701233..0000000 --- a/modules/common/qemu.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - lib, - pkgs, - ... -}: { - boot.kernelModules = lib.mkAfter ["tun"]; - environment.systemPackages = with pkgs; [ - qemu_kvm - virtiofsd - ]; - - services = { - udev.extraRules = '' - SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660" - ''; - spice-vdagentd.enable = true; - resolved.enable = true; - }; - - virtualisation.libvirtd = { - enable = true; - qemu = { - swtpm.enable = true; - ovmf.enable = true; - ovmf.packages = [pkgs.OVMFFull.fd]; - runAsRoot = false; - }; - }; - - users.users.lomig.extraGroups = ["libvirtd" "kvm" "input"]; - - environment.etc."qemu/bridge.conf".text = '' - allow br0 - ''; -} -# vim: set ts=2 sw=2 sts=2 et : - diff --git a/modules/dev/qemu.nix b/modules/dev/qemu.nix new file mode 100644 index 0000000..e70e4ab --- /dev/null +++ b/modules/dev/qemu.nix @@ -0,0 +1,54 @@ +{ + lib, + pkgs, + ... +}: { + imports = [ +# ../virtual/truenas.nix + ]; + boot.kernelModules = lib.mkAfter ["tun"]; + environment.systemPackages = with pkgs; [ + qemu_kvm + virtiofsd + ]; + + services = { + udev.extraRules = '' + # SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500b0179482", GROUP="disk", MODE="0660" + # SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc529430", GROUP="disk", MODE="0660" + # SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc53994a", GROUP="disk", MODE="0660" + # SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc5551d4", GROUP="disk", MODE="0660" + SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660" + ''; + spice-vdagentd.enable = true; + resolved.enable = true; + }; + + virtualisation.libvirtd = { + enable = true; + qemu = { + swtpm.enable = true; + ovmf.enable = true; + ovmf.packages = [pkgs.OVMFFull.fd]; + runAsRoot = false; + }; + }; + + users.users.lomig.extraGroups = ["libvirtd" "kvm" "input"]; + networking = { + firewall.allowedTCPPorts = [5900 5901 5902]; + useDHCP = false; + bridges.br0.interfaces = ["enp11s0"]; + }; + + systemd.network.networks."10-br0" = { + matchConfig.Name = "br0"; + networkConfig.DHCP = "yes"; + }; + + environment.etc."qemu/bridge.conf".text = '' + allow br0 + ''; +} +# vim: set ts=2 sw=2 sts=2 et : + diff --git a/modules/sites/levr.porzh.me.nix b/modules/sites/levr.porzh.me.nix index bd556c7..c5c5ee2 100644 --- a/modules/sites/levr.porzh.me.nix +++ b/modules/sites/levr.porzh.me.nix @@ -42,8 +42,8 @@ # ----------------------------------------------------------------- # 3️⃣ Ouverture du firewall (ports 80 et 443) # ----------------------------------------------------------------- -# networking.firewall.allowedTCPPorts = [ -# 80 # HTTP (pour la redirection ACME) -# 443 # HTTPS (site final) -# ]; + networking.firewall.allowedTCPPorts = [ + 80 # HTTP (pour la redirection ACME) + 443 # HTTPS (site final) + ]; } diff --git a/profiles/server-selfhosted.nix b/profiles/server-selfhosted.nix index c5a3bed..23492a2 100644 --- a/profiles/server-selfhosted.nix +++ b/profiles/server-selfhosted.nix @@ -2,7 +2,7 @@ imports = [ ../modules/roles/server.nix ../modules/common/base.nix - ../modules/common/qemu.nix + ../modules/common/networking.nix ../modules/services/printing.nix # ../modules/services/goaccess.nix ../modules/sites/porzh.me.nix diff --git a/profiles/workstation-bspwm.nix b/profiles/workstation-bspwm.nix index 44f789a..9db2891 100644 --- a/profiles/workstation-bspwm.nix +++ b/profiles/workstation-bspwm.nix @@ -14,7 +14,6 @@ ../modules/services/printing.nix ../modules/common/lockscreen.nix ../modules/common/energy.nix - ../modules/common/qemu.nix ]; services.openssh = {