From bb18183277fc6b32a2c8fa5347fbc1fdc73e9d1b Mon Sep 17 00:00:00 2001 From: DuN0z Date: Sat, 4 Oct 2025 07:08:16 +0200 Subject: [PATCH 1/2] Fix: split qemu configuration --- hosts/pennsardin/configuration.nix | 6 +++++- hosts/terre-neuvas/configuration.nix | 5 ++++- modules/{dev => common}/qemu.nix | 11 +---------- profiles/server-selfhosted.nix | 1 + profiles/workstation-bspwm.nix | 1 + 5 files changed, 12 insertions(+), 12 deletions(-) rename modules/{dev => common}/qemu.nix (56%) diff --git a/hosts/pennsardin/configuration.nix b/hosts/pennsardin/configuration.nix index 4d26e18..8acbd41 100644 --- a/hosts/pennsardin/configuration.nix +++ b/hosts/pennsardin/configuration.nix @@ -2,7 +2,6 @@ imports = [ ../../profiles/workstation-bspwm.nix ../../modules/hardware/bepovim.nix -# ../../modules/dev/qemu.nix ../../modules/common/nix.nix ]; @@ -49,6 +48,11 @@ users.lomig = import ../../hm/users/lomig-desktop.nix; }; + networking = { + firewall.allowedTCPPorts = [5900 5901 5902]; + bridges.br0.interfaces = ["enp11s0"]; + }; + system.stateVersion = "25.05"; # pour éviter les hurlements inutiles } diff --git a/hosts/terre-neuvas/configuration.nix b/hosts/terre-neuvas/configuration.nix index d7dc8f4..5a37621 100644 --- a/hosts/terre-neuvas/configuration.nix +++ b/hosts/terre-neuvas/configuration.nix @@ -49,6 +49,9 @@ git hugo ]; - networking.firewall.allowedTCPPorts = [ 80 ]; + networking = { + firewall.allowedTCPPorts = [ 80 5900 5901 5902 ]; + bridges.br0.interfaces = [ "eno1" ]; + }; system.stateVersion = "25.05"; # Did you read the comment? } diff --git a/modules/dev/qemu.nix b/modules/common/qemu.nix similarity index 56% rename from modules/dev/qemu.nix rename to modules/common/qemu.nix index e70e4ab..f80d147 100644 --- a/modules/dev/qemu.nix +++ b/modules/common/qemu.nix @@ -3,9 +3,6 @@ pkgs, ... }: { - imports = [ -# ../virtual/truenas.nix - ]; boot.kernelModules = lib.mkAfter ["tun"]; environment.systemPackages = with pkgs; [ qemu_kvm @@ -14,11 +11,7 @@ services = { udev.extraRules = '' - # SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500b0179482", GROUP="disk", MODE="0660" - # SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc529430", GROUP="disk", MODE="0660" - # SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc53994a", GROUP="disk", MODE="0660" - # SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc5551d4", GROUP="disk", MODE="0660" - SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660" + SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660" ''; spice-vdagentd.enable = true; resolved.enable = true; @@ -36,9 +29,7 @@ users.users.lomig.extraGroups = ["libvirtd" "kvm" "input"]; networking = { - firewall.allowedTCPPorts = [5900 5901 5902]; useDHCP = false; - bridges.br0.interfaces = ["enp11s0"]; }; systemd.network.networks."10-br0" = { diff --git a/profiles/server-selfhosted.nix b/profiles/server-selfhosted.nix index 23492a2..e4b564d 100644 --- a/profiles/server-selfhosted.nix +++ b/profiles/server-selfhosted.nix @@ -3,6 +3,7 @@ ../modules/roles/server.nix ../modules/common/base.nix ../modules/common/networking.nix + ../modules/common/qemu.nix ../modules/services/printing.nix # ../modules/services/goaccess.nix ../modules/sites/porzh.me.nix diff --git a/profiles/workstation-bspwm.nix b/profiles/workstation-bspwm.nix index 9db2891..44f789a 100644 --- a/profiles/workstation-bspwm.nix +++ b/profiles/workstation-bspwm.nix @@ -14,6 +14,7 @@ ../modules/services/printing.nix ../modules/common/lockscreen.nix ../modules/common/energy.nix + ../modules/common/qemu.nix ]; services.openssh = { From fd9f5e202cd650a64de261715199893f4ee0505c Mon Sep 17 00:00:00 2001 From: DuN0z Date: Sat, 4 Oct 2025 09:46:20 +0200 Subject: [PATCH 2/2] CHANGES: NetworkManager to systemd-networkd --- hosts/terre-neuvas/configuration.nix | 37 +++++++++++++++++++++++++--- hosts/terre-neuvas/hardware.nix | 4 +-- modules/common/networking.nix | 3 +-- modules/common/qemu.nix | 8 ------ modules/sites/levr.porzh.me.nix | 8 +++--- profiles/server-selfhosted.nix | 1 - 6 files changed, 41 insertions(+), 20 deletions(-) diff --git a/hosts/terre-neuvas/configuration.nix b/hosts/terre-neuvas/configuration.nix index 5a37621..86b0267 100644 --- a/hosts/terre-neuvas/configuration.nix +++ b/hosts/terre-neuvas/configuration.nix @@ -20,7 +20,6 @@ boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "terre-neuvas"; # Define your hostname. - networking.networkmanager.enable = true; # Configure keymap in X11 services.xserver.xkb = { @@ -33,7 +32,7 @@ users.users.lomig = { isNormalUser = true; - extraGroups = ["networkmanager" "lp" "wheel" "docker" ]; + extraGroups = [ "lp" "wheel" "docker" ]; shell = pkgs.zsh; }; @@ -50,8 +49,40 @@ hugo ]; networking = { - firewall.allowedTCPPorts = [ 80 5900 5901 5902 ]; + useNetworkd = true ; + firewall.allowedTCPPorts = [ 22 80 5900 5901 5902 ]; + interfaces.eno1.useDHCP = false ; + interfaces.br0 = { + useDHCP = false ; + ipv4.addresses = [ + { + address = "192.168.0.3"; + prefixLength = 24 ; + } + ]; + }; + defaultGateway = { + interface = "br0" ; + address = "192.168.0.254" ; + }; + nameservers = [ "192.168.0.254" "1.1.1.1" ]; bridges.br0.interfaces = [ "eno1" ]; }; + systemd.network = { + enable = true ; + netdevs."br0" = { + netdevConfig = { + Name = "br0"; + Kind = "bridge"; + }; + }; + networks."br0" = { + matchConfig.Name = "br0" ; + }; + networks."eno1" = { + matchConfig.Name = "eno1"; + networkConfig.Bridge = "br0"; + }; + }; system.stateVersion = "25.05"; # Did you read the comment? } diff --git a/hosts/terre-neuvas/hardware.nix b/hosts/terre-neuvas/hardware.nix index 9bb56d2..8c1dc15 100644 --- a/hosts/terre-neuvas/hardware.nix +++ b/hosts/terre-neuvas/hardware.nix @@ -10,7 +10,7 @@ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; + boot.kernelModules = lib.mkAfter [ "kvm-intel" "tun" ]; boot.extraModulePackages = [ ]; fileSystems."/" = @@ -37,7 +37,7 @@ # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; + # networking.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; diff --git a/modules/common/networking.nix b/modules/common/networking.nix index 20186a4..17e8015 100644 --- a/modules/common/networking.nix +++ b/modules/common/networking.nix @@ -1,8 +1,7 @@ _: { networking = { - networkmanager.enable = true; nameservers = ["1.1.1.1" "8.8.8.8"]; - dhcpcd.extraConfig = "nohook resolv.conf"; +# dhcpcd.extraConfig = "nohook resolv.conf"; firewall.enable = true; interfaces.enp11s0.wakeOnLan.enable = true ; }; diff --git a/modules/common/qemu.nix b/modules/common/qemu.nix index f80d147..a701233 100644 --- a/modules/common/qemu.nix +++ b/modules/common/qemu.nix @@ -28,14 +28,6 @@ }; users.users.lomig.extraGroups = ["libvirtd" "kvm" "input"]; - networking = { - useDHCP = false; - }; - - systemd.network.networks."10-br0" = { - matchConfig.Name = "br0"; - networkConfig.DHCP = "yes"; - }; environment.etc."qemu/bridge.conf".text = '' allow br0 diff --git a/modules/sites/levr.porzh.me.nix b/modules/sites/levr.porzh.me.nix index c5c5ee2..bd556c7 100644 --- a/modules/sites/levr.porzh.me.nix +++ b/modules/sites/levr.porzh.me.nix @@ -42,8 +42,8 @@ # ----------------------------------------------------------------- # 3️⃣ Ouverture du firewall (ports 80 et 443) # ----------------------------------------------------------------- - networking.firewall.allowedTCPPorts = [ - 80 # HTTP (pour la redirection ACME) - 443 # HTTPS (site final) - ]; +# networking.firewall.allowedTCPPorts = [ +# 80 # HTTP (pour la redirection ACME) +# 443 # HTTPS (site final) +# ]; } diff --git a/profiles/server-selfhosted.nix b/profiles/server-selfhosted.nix index e4b564d..c5a3bed 100644 --- a/profiles/server-selfhosted.nix +++ b/profiles/server-selfhosted.nix @@ -2,7 +2,6 @@ imports = [ ../modules/roles/server.nix ../modules/common/base.nix - ../modules/common/networking.nix ../modules/common/qemu.nix ../modules/services/printing.nix # ../modules/services/goaccess.nix