DuN0z/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: DuN0z:master
Branches Tags
DuN0z:master
DuN0z:refactor
DuN0z:main
..
compare: DuN0z:main
Branches Tags
DuN0z:master
DuN0z:refactor
DuN0z:main

No commits in common. "master" and "main" have entirely different histories.
master ... main

62 changed files with 36 additions and 2540 deletions
Download patch file Download diff file Expand all files Collapse all files

46
config/globals.nix
View file

@ -1,46 +0,0 @@
{
domain = "porzh.me";
admin = {
email = "dun0z@porzh.me";
name = "DuN0z";
};
smtp = {
host = "smtp.protonmail.ch";
port = 587 ;
user = "contact@porzh.me";
};
network = {
gateway = "192.168.50.1";
pennsardin = {
ip = "192.168.50.12";
};
terre-neuvas = {
ip = "192.168.50.11";
};
};
services = {
forgejo = {
home = "/var/lib/forgejo";
url = "govel.porzh.me";
user = "git";
port = 3000;
};
goaccess = {
home = "/var/lib/www/goaccess";
url = "koum.porzh.me";
};
levr = {
home = "/var/lib/services/levr";
build = "/var/lib/www/levr";
url = "levr.porzh.me";
user = "levr";
};
wikijs = {
url = "notes.porzh.me";
port = 3002 ;
};
};
}

15
devshell.nix
View file

@ -1,15 +0,0 @@
{pkgs}:
pkgs.mkShell {
buildInputs = with pkgs; [
alejandra # formatteur nix officiel (rapide)
statix # linting pour repérer mauvaises pratiques
deadnix # détecte le code mort / imports inutiles
];
shellHook = ''
echo "Tools dispo :"
echo " alejandra . # formate tout ton Nix"
echo " statix check # lint"
echo " deadnix . # cherche le code mort"
'';
}

185
disko/pennsardin.nix
View file

@ -1,185 +0,0 @@
{ ... }: {
disko.devices = {
disk.main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
boot = {
size = "512MiB";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot/efi";
mountOptions = [ "umask=0077" "noauto" ];
};
};
rescue = {
size = "8GiB";
type = "8300";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/rescue";
mountOptions = [ "nofail" "noauto" "nosuid" "nodev" "noexec" ];
};
};
root = {
size = "100%";
type = "8e00"; # LVM partition
content = {
type = "lvm_pv";
vg = "vg-main";
};
};
};
};
};
lvm_vg."vg-main" = {
type = "lvm_vg";
lvs = {
# -- Système principal --
lv-root = {
size = "100G";
content = {
type = "btrfs";
mountpoint = "/";
mountOptions = [ "compress=zstd:3" "noatime" "space_cache=v2" "discard=async" ];
};
};
lv-home = {
size = "100G";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
mountpoint = "/home";
mountOptions = [
"compress=zstd:3"
"noatime"
"nodev"
"nosuid"
"space_cache=v2"
"discard=async"
];
subvolumes = {
"@homebin" = {
mountpoint = "/home/dunoz/bin";
mountOptions = [
"compress=zstd:3"
"noatime"
"nodev"
"nosuid"
"space_cache=v2"
"discard=async"
"subvol=@homebin"
];
};
};
};
};
lv-nix = {
size = "80G";
content = {
type = "btrfs";
mountpoint = "/nix";
mountOptions = [ "compress=zstd:3" "noatime" "space_cache=v2" "discard=async" ];
};
};
lv-var = {
size = "50G";
content = {
type = "btrfs";
mountpoint = "/var";
mountOptions = [ "compress=zstd:3" "noatime" "nodev" "nosuid" "space_cache=v2" "discard=async" ];
};
};
# -- Données & builds (no COW) --
lv-work = {
size = "100G";
content = {
type = "btrfs";
mountpoint = "/home/dunoz/Work";
mountOptions = [ "nodatacow" "noatime" "nodev" "space_cache=v2" "discard=async" ];
};
};
lv-games = {
size = "200G";
content = {
type = "btrfs";
mountpoint = "/home/dunoz/.local/share/Steam";
mountOptions = [ "nodatacow" "noatime" "nodev" "space_cache=v2" "discard=async" ];
};
};
lv-qemu = {
size = "200G";
content = {
type = "btrfs";
mountpoint = "/var/lib/libvirt/images";
mountOptions = [ "nodatacow" "noatime" "nodev" "nosuid" "space_cache=v2" "discard=async" ];
};
};
lv-container = {
size = "20G";
content = {
type = "btrfs";
mountpoint = "/var/lib/machines";
mountOptions = [ "nodatacow" "noatime" "nodev" "nosuid" "space_cache=v2" "discard=async" ];
};
};
};
};
filesystem.raid = {
type = "filesystem";
device = "/dev/md0";
format = "btrfs";
mountpoint = "/srv/raid";
mountOptions = [ "compress=zstd:3" "noatime" "nofail" "noexec" "nodev" "nosuid" "space_cache=v2" "discard=async" ];
};
bindmounts = {
docs = {
device = "/srv/raid/home-data/Documents";
mountpoint = "/home/dunoz/Documents";
options = [ "bind" "nofail" "nosuid" "nodev" "noexec" ];
};
images = {
device = "/srv/raid/home-data/Images";
mountpoint = "/home/dunoz/Images";
options = [ "bind" "nofail" "nosuid" "nodev" "noexec" ];
};
music = {
device = "/srv/raid/home-data/Musique";
mountpoint = "/home/dunoz/Musique";
options = [ "bind" "nofail" "nosuid" "nodev" "noexec" ];
};
downloads = {
device = "/srv/raid/home-data/Téléchargements";
mountpoint = "/home/dunoz/Téléchargements";
options = [ "bind" "nofail" "nosuid" "nodev" "noexec" ];
};
videos = {
device = "/srv/raid/home-data/Vidéos";
mountpoint = "/home/dunoz/Vidéos";
options = [ "bind" "nofail" "nosuid" "nodev" "noexec" ];
};
config = {
device = "/srv/raid/home-data/nixos-config";
mountpoint = "/home/dunoz/nixos-config";
options = [ "bind" "nofail" "nosuid" "nodev" ];
};
};
};
}

273
flake.lock generated
View file

@ -1,273 +0,0 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1762618334,
"narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
"owner": "ryantm",
"repo": "agenix",
"rev": "fcdea223397448d35d9b31f798479227e80183f6",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager-stable": {
"inputs": {
"nixpkgs": [
"nixpkgs-stable"
]
},
"locked": {
"lastModified": 1758463745,
"narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.05",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1763963090,
"narHash": "sha256-zR7uDZdQUUC+gBOi4byefMvIZuSBeMC6GswGNsTgQlM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "7702d14879e8f0148fa168e38f3eaa2650fa0d85",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1754028485,
"narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "59e69648d345d6e8fef86158c555730fa12af9de",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1763622513,
"narHash": "sha256-1jQnuyu82FpiSxowrF/iFK6Toh9BYprfDqfs4BB+19M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c58bc7f5459328e4afac201c5c4feb7c818d604b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1763835633,
"narHash": "sha256-HzxeGVID5MChuCPESuC0dlQL1/scDKu+MmzoVBJxulM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "050e09e091117c3d7328c7b2b7b577492c43c134",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1763835633,
"narHash": "sha256-HzxeGVID5MChuCPESuC0dlQL1/scDKu+MmzoVBJxulM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "050e09e091117c3d7328c7b2b7b577492c43c134",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1763806073,
"narHash": "sha256-FHsEKDvfWpzdADWj99z7vBk4D716Ujdyveo5+A048aI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "878e468e02bfabeda08c79250f7ad583037f2227",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nur": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1763983952,
"narHash": "sha256-nSWNqQezb6bhu5eYxF+lqzXj8h/sVD2C/CMV/JXK7Bw=",
"owner": "nix-community",
"repo": "NUR",
"rev": "3f55dad0778bfaa302e87d87326ec02e7100ff98",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"nvim-config": {
"inputs": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1761113802,
"narHash": "sha256-HuP5TTFNzrxuro6UeA8+++BCV9x9rLhQ0bW5lbU3fTM=",
"ref": "refs/heads/master",
"rev": "154c606ecbc9069df8289e81b46025a6f9820867",
"revCount": 5,
"type": "git",
"url": "https://govel.porzh.me/DuN0z/neovim-config.git"
},
"original": {
"type": "git",
"url": "https://govel.porzh.me/DuN0z/neovim-config.git"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"home-manager": "home-manager_2",
"home-manager-stable": "home-manager-stable",
"nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur",
"nvim-config": "nvim-config"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

133
flake.nix
View file

@ -1,125 +1,32 @@
{
description = "My nixos config with WM switch capacity";
description = "Mon système NixOS flake-enabled avec Home Manager";
inputs = {
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05";
home-manager-stable = {
url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs-unstable";
inputs.nixpkgs.follows = "nixpkgs";
};
nur.url = "github:nix-community/NUR";
agenix.url = "github:ryantm/agenix";
nvim-config.url = "git+https://govel.porzh.me/DuN0z/neovim-config.git";
};
outputs = {
nixpkgs-stable,
nixpkgs-unstable,
home-manager-stable,
home-manager,
nur,
agenix,
nvim-config,
...
}: let
mkUnstablePkgsWithNur = {
system,
config ? {},
}:
import nixpkgs-unstable {
inherit system;
overlays = [nur.overlays.default];
inherit config;
};
in {
nixosConfigurations = {
pennsardin = nixpkgs-unstable.lib.nixosSystem {
specialArgs = { inherit nvim-config; };
system = "x86_64-linux";
pkgs = mkUnstablePkgsWithNur {
system = "x86_64-linux";
config = {
allowUnfree = true;
allowUnsupportedSystem = true;
};
outputs = { self, nixpkgs, home-manager, ... }:
let
system = "x86_64-linux"; # Change si tas un ordi chelou
in {
nixosConfigurations = {
pennsardin = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./hosts/pennsardin/configuration.nix
home-manager.nixosModules.home-manager
{
home-manager.useUserPackages = true;
home-manager.users.lomig = import ./home/pennsardin.nix;
}
];
};
modules = [
./hosts/pennsardin/configuration.nix
home-manager.nixosModules.home-manager
{
home-manager = {
useGlobalPkgs = true ;
useUserPackages = true ;
extraSpecialArgs = {inherit nvim-config; };
};
}
];
};
terre-neuvas = nixpkgs-stable.lib.nixosSystem {
specialArgs = { inherit agenix; inherit nvim-config; };
system = "x86_64-linux";
modules = [
./hosts/terre-neuvas/configuration.nix
home-manager-stable.nixosModules.home-manager
{
home-manager = {
useGlobalPkgs = true ;
useUserPackages = true ;
extraSpecialArgs = {inherit nvim-config; };
};
}
agenix.nixosModules.default
];
};
penduick = nixpkgs-unstable.lib.nixosSystem {
specialArgs = { inherit nvim-config; };
system = "x86_64-linux";
pkgs = mkUnstablePkgsWithNur {
system = "x86_64-linux";
config = {
allowUnfree = true;
allowUnsupportedSystem = true;
};
};
modules = [
./hosts/penduick/configuration.nix
home-manager.nixosModules.home-manager
{
home-manager = {
useGlobalPkgs = true ;
useUserPackages = true ;
extraSpecialArgs = {inherit nvim-config; };
};
}
agenix.nixosModules.default
];
};
forbann = nixpkgs-stable.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./hosts/forbann/configuration.nix
"${nixpkgs-stable}/nixos/modules/profiles/qemu-guest.nix"
];
};
};
# --- DevShell (x86_64 uniquement) ---
devShells.x86_64-linux.default = import ./devshell.nix {
pkgs = import nixpkgs-stable {system = "x86_64-linux";};
};
# --- Formatter (x86_64 uniquement) ---
formatter.x86_64-linux =
(import nixpkgs-stable {system = "x86_64-linux";}).alejandra;
};
}

21
hm/common/betterlockscreen.nix
View file

@ -1,21 +0,0 @@
{ pkgs, ... }:{
home.packages = with pkgs; [
xidlehook
betterlockscreen
];
systemd.user.services.xidlehook = {
Unit.Description = "Idle: lock at 5min, suspend at ~8min";
Service = {
ExecStart = ''
${pkgs.xidlehook}/bin/xidlehook \
--detect-sleep \
--not-when-fullscreen \
--timer 300 "${pkgs.betterlockscreen}/bin/betterlockscreen -l dim" "" \
--timer 500 "systemctl suspend" ""
'';
Restart = "always";
};
Install.WantedBy = ["graphical-session.target"];
};
}

29
hm/common/browser.nix
View file

@ -1,29 +0,0 @@
{
pkgs,
nur,
...
}: {
programs.firefox = {
enable = true;
languagePacks = ["fr"];
profiles.default = {
settings = {
"intl.locale.requested" = "fr";
"intl.accept_languages" = "fr, en-US, en";
"layers.acceleration.disabled" = true;
"gfx.webrender.all" = false;
"privacy.trackingprotection.enabled" = true;
"privacy.resistFingerprinting" = true;
"network.cookie.cookieBehavior" = 1;
};
extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [
i-dont-care-about-cookies
privacy-badger
proton-pass
ublock-origin
];
};
};
}
# vim: set ts=2 sw=2 sts=2 et :

20
hm/common/git.nix
View file

@ -1,20 +0,0 @@
{ lib, config, ...}:
let
globals = import ../../config/globals.nix;
nixosRelease = lib.attrByPath [ "system" "nixos" "release" ] "0.0" config;
newGit = lib.versionAtLeast nixosRelease "25.11";
in {
programs.git = if newGit then {
enable = true;
settings.user = {
name = globals.admin.name;
email = globals.admin.email;
};
} else {
enable = true;
userName = globals.admin.name;
userEmail = globals.admin.email;
};
}
# vim: set ts=2 sw=2 sts=2 et :

32
hm/common/nvim.nix
View file

@ -1,32 +0,0 @@
{ pkgs, nvim-config, ...}: {
home.packages = with pkgs; [
ruff
pyright
gcc
marksman
lua-language-server
];
programs.neovim = {
enable = true ;
viAlias = true ;
vimAlias = true;
};
home.file.".config/nvim" = {
source = nvim-config ;
recursive = true ;
};
programs.ruff = {
enable = true ;
settings = {
line-length = 100;
per-file-ignores = { "__init__.py" = [ "F401" ]; };
lint = {
select = [ "E4" "E7" "E9" "F" ];
ignore = [ ];
};
};
};
}
# vim: set ts=2 sw=2 sts=2 et :

51
hm/common/picom.nix
View file

@ -1,51 +0,0 @@
{ pkgs, ... }: {
home.packages = [ pkgs.picom ] ;
services.picom = {
enable = true;
backend = "glx"; # plus fluide si ta carte gère bien OpenGL
fade = true;
fadeDelta = 5; # vitesse fondu
shadow = true;
shadowOpacity = 0.5;
vSync = true; # évite le tearing
settings = {
# Transparence
inactive-opacity = 0.80;
active-opacity = 0.9;
frame-opacity = 0.90;
inactive-opacity-override = false;
# Coins arrondis
corner-radius = 8;
round-borders = 1;
rounded-corners-exclude = [
"class_g = 'Polybar'"
"class_g = 'Rofi'"
];
# Flou subtil
blur-method = "dual_kawase";
blur-strength = 4;
blur-background = true;
blur-background-frame = true;
blur-background-fixed = false;
blur-background-exclude = [
"class_g = 'Polybar'"
"class_g = 'Rofi'"
"class_g = 'Gimp'"
"window_type = 'dock'"
];
# Exclusions ombres
shadow-exclude = [
"class_g = 'Polybar'"
"class_g = 'Rofi'"
"window_type = 'dock'"
"window_type = 'desktop'"
];
};
};
}
# vim: set ts=2 sw=2 sts=2 et :

38
hm/common/polybar.nix
View file

@ -1,38 +0,0 @@
{ pkgs, ... }: {
services = {
polybar = {
enable = true;
script = "polybar main &";
config = {
"bar/main" = {
width = "100%";
height = "28";
font-0 = "Iosevka Nerd Font:style=regular:pixelsize=12;2";
font-1 = "Font Awesome 6 Free:style=Solid:pixelsize=10;2";
modules-left = "bspwm";
modules-center = "date";
modules-right = "pulseaudio memory cpu";
};
"module/bspwm" = {
type = "internal/bspwm";
label-focused = "%name%";
label-focused-foreground = "#e6e0de";
label-focused-padding = 2;
label-occupied = "%name%";
label-occupied-padding = 2;
label-urgent = "%name%";
label-urgent-background = "#e42127";
label-urgent-foreground = "#ffffff";
label-empty = "%name%";
label-empty-foreground = "#645d56";
label-empty-padding = 2;
};
"module/date" = {
type = "internal/date";
interval = 60;
date = "%d-%m-%Y %H:%M";
};
};
};
};
}

37
hm/common/zsh.nix
View file

@ -1,37 +0,0 @@
_: {
programs.dircolors.enableZshIntegration = true;
programs.zsh = {
autosuggestion.enable = true;
dirHashes = {
dl = "$HOME/Téléchargements";
nix = "$HOME/nixos-config";
};
enable = true;
enableCompletion = true;
history = {
append = true;
extended = true;
findNoDups = true;
ignoreAllDups = true;
ignoreSpace = true;
ignorePatterns = ["rm *" "cd *" "ls *" "df *" "du *" "fastfetch" "tree" "pwd" "upd"];
saveNoDups = false;
};
shellAliases = {
h = "history";
upd = "sudo nixos-rebuild switch --flake $HOME/nixos-config#pennsardin; source ~/.zshrc";
agenix = "nix run github:ryantm/agenix --";
};
shellGlobalAliases = {
G = "| grep";
M = "| more";
};
syntaxHighlighting.enable = true;
profileExtra = ''
ssh-add ~/.ssh/$(hostname)
'';
};
}
# vim: set ts=2 sw=2 sts=2 et :

141
hm/desktop/bspwm.nix
View file

@ -1,141 +0,0 @@
# hm/desktop/bspwm.nix
{
pkgs,
lib,
...
}: {
imports = [
../common/betterlockscreen.nix
../common/picom.nix
../common/polybar.nix
];
home.packages = with pkgs; [
bspwm
sxhkd
xorg.xinit
xterm
alacritty
rofi
feh
font-awesome
pywal16
imagemagick
pulsemixer
ranger
jq
file
highlight
unzip
mpv
protonvpn-gui
];
services.ssh-agent.enable = true;
xsession = {
enable = true;
windowManager.bspwm = {
enable = true;
startupPrograms = [
"sxhkd -m 1"
"setxkbmap bepovim"
"xrandr --output DisplayPort-1 --rate 60 --pos 0x0"
"polybar main"
"bash ~/.fehbg"
];
extraConfigEarly = ''
bspc config borderless_monocle true
bspc config gapless_monocle true
bspc config single_monocle true
bspc monitor -d I II III IV V VI
'';
};
};
services = {
sxhkd = {
enable = true;
extraOptions = ["-m" "1"];
keybindings = {
"super + Return" = "alacritty";
"super + c" = "bspc node -c";
"Menu" = "rofi -show drun";
"super + space" = "rofi -show drun";
"F1" = "bspc desktop -f ^1";
"F2" = "bspc desktop -f ^2";
"F3" = "bspc desktop -f ^3";
"F4" = "bspc desktop -f ^4";
"F5" = "bspc desktop -f ^5";
"F6" = "bspc desktop -f ^6";
"shift + F1" = "bspc node -d ^1 --follow";
"shift + F2" = "bspc node -d ^2 --follow";
"shift + F3" = "bspc node -d ^3 --follow";
"shift + F4" = "bspc node -d ^4 --follow";
"shift + F5" = "bspc node -d ^5 --follow";
"shift + F6" = "bspc node -d ^6 --follow";
"super + h" = "bspc node -f west";
"super + j" = "bspc node -f south";
"super + k" = "bspc node -f north";
"super + l" = "bspc node -f east";
"super + shift + h" = "bspc node -s west";
"super + shift + j" = "bspc node -s south";
"super + shift + k" = "bspc node -s north";
"super + shift + l" = "bspc node -s east";
"super + f" = "bspc node -t fullscreen";
"super + s" = "bspc node -t floating";
"super + shift + t" = "bspc node -t pseudo_tiled";
"super + t" = "bspc node -t tiled";
};
};
};
programs = {
alacritty = {
enable = true;
settings = {
general.import = ["~/.cache/wal/colors-alacritty.toml"];
font = {
normal = {
family = lib.mkForce "Iosevka Nerd Font";
style = "Regular";
};
bold = {
family = lib.mkForce "Iosevka Nerd Font";
style = "Bold";
};
italic = {
family = lib.mkForce "Iosevka Nerd Font";
style = "Italic";
};
size = lib.mkForce 8;
};
};
};
rtorrent = {
enable = true;
extraConfig = ''
directory = /srv/raid
port_range = 6881-6891
max_peers = 150
max_peers_seed = 100
protocol.pex.set = true ;
schedule = watch_directory,5,5,load.start=~/Téléchargements/*.torrent
pieces.hash.on_completion.set = no
network.max_open_files.set = 8192
session = /home/lomig/.cache/rtorrent/session
'';
};
};
home.activation.createRtorrentSessionDir = lib.hm.dag.entryAfter ["writeBoundary"] ''
mkdir -p ~/.cache/rtorrent/session
'';
}

17
hm/users/dunoz-desktop.nix
View file

@ -1,17 +0,0 @@
{pkgs, ...}: {
imports = [
../common/browser.nix
../common/nvim.nix
./dunoz.nix
];
home = {
packages = with pkgs; [
fastfetch
nerd-fonts.iosevka
proton-pass
smug
];
};
}
# vim: set ts=2 sw=2 sts=2 et :

19
hm/users/dunoz.nix
View file

@ -1,19 +0,0 @@
{pkgs, nvim-config, ...}: {
imports = [
../../hm/common/git.nix
../../hm/common/zsh.nix
];
home = {
username = "dunoz";
homeDirectory = "/home/dunoz";
packages = with pkgs; [
bat
tree
];
};
programs.zsh.enable = true;
home.stateVersion = "25.05"; # ou ton actuelle
}
# vim: set ts=2 sw=2 sts=2 et :

19
hm/users/lomig-desktop.nix
View file

@ -1,19 +0,0 @@
{pkgs, ...}: {
imports = [
../desktop/bspwm.nix
../common/browser.nix
../common/nvim.nix
./lomig.nix
];
home = {
packages = with pkgs; [
fastfetch
nerd-fonts.iosevka
obsidian
proton-pass
smug
];
};
}
# vim: set ts=2 sw=2 sts=2 et :

19
hm/users/lomig.nix
View file

@ -1,19 +0,0 @@
{pkgs, nvim-config, ...}: {
imports = [
../../hm/common/git.nix
../../hm/common/zsh.nix
];
home = {
username = "lomig";
homeDirectory = "/home/lomig";
packages = with pkgs; [
bat
tree
];
};
programs.zsh.enable = true;
home.stateVersion = "25.05"; # ou ton actuelle
}
# vim: set ts=2 sw=2 sts=2 et :

10
home/pennsardin.nix Normal file
View file

@ -0,0 +1,10 @@
{ config, pkgs, ... }:
{
home.username = "lomig";
home.homeDirectory = "/home/lomig";
programs.zsh.enable = true;
home.stateVersion = "25.05"; # ou ton actuelle
}

70
hosts/forbann/configuration.nix
View file

@ -1,70 +0,0 @@
{pkgs, ...}: {
boot = {
kernelPackages = pkgs.linuxPackages;
initrd.supportedFilesystems = ["ext4"];
loader.grub = {
enable = true;
device = "/dev/vda";
};
};
fileSystems = {
"/" = {
device = "/dev/vda1";
fsType = "ext4";
};
"/srv" = {
device = "shared0";
fsType = "9p";
options = ["trans=virtio" "version=9p2000.L" "rw"];
neededForBoot = false;
noCheck = true;
};
};
networking = {
useDHCP = true;
useNetworkd = true;
hostName = "forbann";
};
systemd = {
services.mountShared = {
description = "Mount 9p shared folder";
after = ["local-fs.target" "network.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.util-linux}/bin/mount -t 9p -o trans=virtio,version=9p2000.L shared0 /srv";
RemainAfterExit = true;
};
};
network = {
enable = true;
networks."10-eth0" = {
matchConfig.Name = "eth0";
networkConfig = {
Address = "192.168.1.10/24";
Gateway = "192.168.0.254";
DNS = "192.168.0.254";
};
};
};
};
services = {
openssh.enable = true;
rtorrent = {
enable = true;
dataDir = "/home/vmuser/torrents";
};
};
users.users.vmuser = {
isNormalUser = true;
extraGroups = ["wheel"];
password = "changeme";
};
system.stateVersion = "25.05";
}

61
hosts/penduick/configuration.nix
View file

@ -1,61 +0,0 @@
{ config, pkgs, ... }:
let
globals = import ../../config/globals.nix;
in {
imports = [
./hardware-configuration.nix
../../modules/desktop/plasma.nix
../../modules/common/nix.nix
../../modules/common/base.nix
../../modules/common/fonts.nix
../../modules/common/networking.nix
../../modules/common/plymouth.nix
../../modules/common/audio.nix
];
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.luks.devices.cryptroot.device = "/dev/nvme0n1p3";
networking.hostName = "penduick";
networking.networkmanager.enable = true;
console.keyMap = "fr";
services.openssh.enable = true;
services.openssh.settings = {
PermitRootLogin = "no";
PasswordAuthentication = true;
};
age.identityPaths = [ "/etc/agenix/penduick.key" "/etc/agenix/dunoz-admin.key" ];
# age.secrets."dunoz-password-penduick".file = ../../secrets/dunoz-password-penduick.age;
users= {
# mutableUsers = false ;
users.dunoz = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" ];
# passwordFile = config.age.secrets."dunoz-password-penduick".path;
shell = pkgs.zsh;
};
};
home-manager = {
useGlobalPkgs = true ;
users.dunoz = import ../../hm/users/dunoz-desktop.nix ;
};
environment.systemPackages = with pkgs; [
git htop wget curl
neovim
age ssh-to-age
weechat
];
# Optionnel mais utile pour SSH au démarrage
systemd.services.sshd.wantedBy = [ "multi-user.target" ];
system.stateVersion = "25.05";
}

66
hosts/penduick/hardware-configuration.nix
View file

@ -1,66 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/233c2886-05e4-4f9f-a708-6c920c7d9e32";
fsType = "btrfs";
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/09b55bee-0134-4e96-8183-e85412fa7724";
fsType = "btrfs";
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/4ce480f5-8212-4b28-b275-a0250c2edae1";
fsType = "btrfs";
};
fileSystems."/var" =
{ device = "/dev/disk/by-uuid/f54d2ebe-f1ca-4471-a9a5-6959280984ee";
fsType = "btrfs";
};
fileSystems."/persist" =
{ device = "/dev/disk/by-uuid/829b6a38-e49a-46ca-8737-b21c86c93352";
fsType = "btrfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/B68E-0AAC";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/rescue" =
{ device = "/dev/disk/by-uuid/af3f9f20-2a6c-44e2-ad81-f07bd18ae283";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/41fcc628-50bf-43df-9daa-0095b45fd9bd"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

173
hosts/pennsardin/configuration.nix
View file

@ -1,176 +1,15 @@
{pkgs, config, ...}:
let
globals = import ../../config/globals.nix;
in {
imports = [
../../modules/common/nix.nix
../../modules/hardware/bepovim.nix
../../modules/desktop/xorg-bspwm.nix
../../modules/common/base.nix
../../modules/common/fonts.nix
../../modules/common/networking.nix
../../modules/common/plymouth.nix
../../modules/common/audio.nix
../../modules/common/bluetooth.nix
../../modules/common/gaming.nix
../../modules/common/lockscreen.nix
../../modules/common/energy.nix
../../modules/common/qemu.nix
../../modules/common/smtp.nix
../../modules/hardware/firmware.nix
../../modules/hardware/gpu-amd.nix
../../modules/hardware/sensors-zenpower.nix
../../modules/services/printing.nix
../../modules/virtual/kvm-amd.nix
../../modules/virtual/vfio.nix
];
{ config, pkgs, ... }:
{
networking.hostName = "pennsardin";
time.timeZone = "Europe/Paris";
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.extraModulePackages = [ config.boot.kernelPackages.nct6687d ];
boot.kernelModules = [ "nct6683" "k10temp" "i2c-dev" ] ;
boot.swraid.enable = true;
environment.systemPackages = with pkgs; [
lm_sensors
btrfs-progs
cifs-utils
evtest
git
vim
wget
curl
ripgrep
fd
pciutils
usbutils
p7zip
gdu
glances
parted
tmux
xorg.xauth
xorg.xkbcomp
xorg.xev
];
services.openssh = {
enable = true;
settings = {
X11Forwarding = true;
X11DisplayOffset = 10;
X11UseLocalhost = true ;
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/b1a1ae71-4277-45d5-a3d2-f49354f263d4";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/1DB2-7A0F";
fsType = "vfat";
options = ["fmask=0077" "dmask=0077"];
};
"/proc" = {
device = "proc";
fsType = "proc";
options = ["defaults" "hidepid=2"];
neededForBoot = true;
};
"/home/lomig/Documents" = {
device = "/srv/raid/home-data/Documents";
options = [ "bind" ];
};
"/home/lomig/Images" = {
device = "/srv/raid/home-data/Images";
options = [ "bind" ];
};
"/home/lomig/Musique" = {
device = "/srv/raid/home-data/Musique";
options = [ "bind" ];
};
"/home/lomig/Téléchargements" = {
device = "/srv/raid/home-data/Téléchargements";
options = [ "bind" ];
};
"/home/lomig/Vidéos" = {
device = "/srv/raid/home-data/Vidéos";
options = [ "bind" ];
};
"/home/lomig/nixos-config" = {
device = "/srv/raid/home-data/nixos-config";
options = [ "bind" ];
};
"/srv/raid" = {
device = "/dev/disk/by-uuid/85f72160-4720-463a-9dc6-7c5216733f2b";
fsType = "btrfs";
options = [ "defaults" "nofail" "x-systemd.device-timeout=10" ];
};
};
swapDevices = [];
users.users.lomig = {
users.users.toto = {
isNormalUser = true;
extraGroups = [ "lp" "wheel"];
extraGroups = [ "wheel" ];
shell = pkgs.zsh;
};
home-manager = {
useGlobalPkgs = true;
users.lomig = import ../../hm/users/lomig-desktop.nix;
};
networking = {
useNetworkd = true;
firewall.allowedTCPPorts = [22 80 5900 5901 5902];
interfaces = {
enp11s0 = {
useDHCP = false;
wakeOnLan.enable = true ;
};
br0 = {
useDHCP = false;
ipv4.addresses = [
{
address = globals.network.pennsardin.ip;
prefixLength = 24;
}
];
};
};
defaultGateway = {
interface = "br0";
address = globals.network.gateway;
};
nameservers = [ globals.network.gateway "1.1.1.1"];
bridges.br0.interfaces = ["enp11s0"];
};
systemd.network = {
enable = true;
netdevs."br0" = {
netdevConfig = {
Name = "br0";
Kind = "bridge";
};
};
networks."br0" = {
matchConfig.Name = "br0";
};
networks."enp11s0" = {
matchConfig.Name = "enp11s0";
networkConfig.Bridge = "br0";
};
};
system.stateVersion = "25.05"; # pour éviter les hurlements inutiles
services.xserver.enable = true;
}
# vim: set ts=2 sw=2 sts=2 et :

1
hosts/pennsardin/hardware.nix
View file

@ -1 +0,0 @@
_: {}

125
hosts/terre-neuvas/configuration.nix
View file

@ -1,125 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
...
}: let
globals = import ../../config/globals.nix ;
in {
nix.settings.experimental-features = ["nix-command" "flakes"];
imports = [
# Include the results of the hardware scan.
./hardware.nix
../../modules/common/nix.nix
../../modules/common/base.nix
../../modules/common/smtp.nix
../../modules/common/qemu.nix
../../modules/services/goaccess.nix
../../modules/services/wikijs.nix
../../modules/services/forgejo.nix
../../modules/sites/porzh.me.nix
../../modules/sites/levr.porzh.me.nix
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "terre-neuvas"; # Define your hostname.
# Configure keymap in X11
services.xserver.xkb = {
layout = "fr";
variant = "azerty";
};
# Configure console keymap
console.keyMap = "fr";
users.users.lomig = {
isNormalUser = true;
extraGroups = ["lp" "wheel" "docker"];
shell = pkgs.zsh;
};
home-manager = {
useGlobalPkgs = true;
users.lomig = import ../../hm/users/lomig.nix;
};
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
git
btrfs-progs
cifs-utils
lm_sensors
wakeonlan
wget
curl
ripgrep
fd
pciutils
usbutils
p7zip
gdu
glances
tmux
];
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PubkeyAuthentication = true;
};
};
networking = {
useNetworkd = true;
firewall.allowedTCPPorts = [22 80 5900 5901 5902];
firewall.enable = true ;
interfaces.eno1.useDHCP = false;
interfaces.br0 = {
useDHCP = false;
ipv4.addresses = [
{
address = globals.network.terre-neuvas.ip;
prefixLength = 24;
}
];
};
defaultGateway = {
interface = "br0";
address = globals.network.gateway;
};
nameservers = [ globals.network.gateway "1.1.1.1"];
bridges.br0.interfaces = ["eno1"];
};
systemd.network = {
enable = true;
netdevs."br0" = {
netdevConfig = {
Name = "br0";
Kind = "bridge";
};
};
networks."br0" = {
matchConfig.Name = "br0";
};
networks."eno1" = {
matchConfig.Name = "eno1";
networkConfig.Bridge = "br0";
};
};
system.stateVersion = "25.05"; # Did you read the comment?
}

43
hosts/terre-neuvas/hardware.nix
View file

@ -1,43 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
initrd.kernelModules = [];
kernelModules = lib.mkAfter ["kvm-intel" "tun"];
extraModulePackages = [];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/f37e4afb-1ee2-4f70-a93c-398461405181";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/111D-E5E8";
fsType = "vfat";
options = ["fmask=0077" "dmask=0077"];
};
"/srv" = {
device = "/dev/disk/by-uuid/2ef442a9-0eab-4dc5-b17c-076e18a54873";
fsType = "btrfs";
};
};
swapDevices = [
{device = "/dev/disk/by-uuid/c3a69154-ead9-4fcc-a9b1-3b741a42ee97";}
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

10
modules/common/audio.nix
View file

@ -1,10 +0,0 @@
_: {
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
}

27
modules/common/base.nix
View file

@ -1,27 +0,0 @@
{lib, ...}: {
time.timeZone = "Europe/Paris";
i18n.defaultLocale = "fr_FR.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "fr_FR.UTF-8";
LC_IDENTIFICATION = "fr_FR.UTF-8";
LC_MEASUREMENT = "fr_FR.UTF-8";
LC_MONETARY = "fr_FR.UTF-8";
LC_NAME = "fr_FR.UTF-8";
LC_NUMERIC = "fr_FR.UTF-8";
LC_PAPER = "fr_FR.UTF-8";
LC_TELEPHONE = "fr_FR.UTF-8";
LC_TIME = "fr_FR.UTF-8";
};
# journald & coredump
systemd.coredump.enable = false;
services.journald.extraConfig = ''
SystemMaxUse=200M
RuntimeMaxUse=100M
'';
boot.tmp.cleanOnBoot = true;
environment.defaultPackages = lib.mkForce [];
programs.zsh.enable = true; # shell dispo au niveau système
}

4
modules/common/bluetooth.nix
View file

@ -1,4 +0,0 @@
_: {
hardware.bluetooth.enable = true;
services.blueman.enable = true;
}

42
modules/common/energy.nix
View file

@ -1,42 +0,0 @@
{ config, pkgs, ... }: {
services.logind.settings.Login = {
IdleAction = "suspend";
IdleActionSec = "5min";
HandleLidSwitch = "suspend";
HandleLidSwitchDocked = "ignore";
};
systemd.services.ssh-suspend-inhibitor = {
description = "Prevent suspend when SSH sessions are active";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
Restart = "always";
ExecStart = pkgs.writeShellScript "ssh-inhibitor" ''
while true; do
# Vérifie s'il y a des sessions SSH actives
if ${pkgs.procps}/bin/pgrep -x sshd >/dev/null && \
[ $(${pkgs.procps}/bin/pgrep -P $(${pkgs.procps}/bin/pgrep -x sshd) | wc -l) -gt 0 ]; then
# Il y a des sessions SSH, on crée un inhibitor s'il n'existe pas
if [ ! -f /tmp/ssh-inhibitor.lock ]; then
${pkgs.systemd}/bin/systemd-inhibit --what=idle:sleep \
--who="SSH Session" \
--why="SSH session active" \
--mode=block \
sleep infinity &
echo $! > /tmp/ssh-inhibitor.lock
fi
else
# Pas de sessions SSH, on retire l'inhibitor
if [ -f /tmp/ssh-inhibitor.lock ]; then
kill $(cat /tmp/ssh-inhibitor.lock) 2>/dev/null || true
rm /tmp/ssh-inhibitor.lock
fi
fi
sleep 10
done
'';
};
};
}

5
modules/common/fonts.nix
View file

@ -1,5 +0,0 @@
{pkgs, ...}: {
fonts.packages = with pkgs; [
dejavu_fonts
];
}

4
modules/common/gaming.nix
View file

@ -1,4 +0,0 @@
_: {
programs.steam.enable = true;
hardware.xpadneo.enable = true;
}

8
modules/common/lockscreen.nix
View file

@ -1,8 +0,0 @@
_: {
environment.etc."pam.d/i3lock".text = ''
auth include login
account include login
password include login
session include login
'';
}

6
modules/common/networking.nix
View file

@ -1,6 +0,0 @@
_: {
networking = {
nameservers = ["1.1.1.1" "8.8.8.8"];
firewall.enable = true;
};
}

17
modules/common/nix.nix
View file

@ -1,17 +0,0 @@
{config, ...}: {
nix.settings = {
auto-optimise-store = true;
experimental-features = ["nix-command" "flakes"];
};
nix.gc = {
automatic = true ;
dates = "daily" ;
options = "--delete-older-than 7d" ;
};
nixpkgs.config = {
# allowUnfree = true;
# allowUnsupportedSystem = true;
};
}

36
modules/common/plymouth.nix
View file

@ -1,36 +0,0 @@
{
lib,
pkgs,
...
}: {
boot = {
plymouth.enable = true;
plymouth.theme = "spinner";
consoleLogLevel = 3;
initrd.verbose = false;
# Ajouts "quiet/splash" propres (sans auto-référence)
kernelParams = lib.mkAfter [
"mem_sleep_default=deep"
"quiet"
"splash"
"boot.shell_on_fail"
"udev.log_priority=3"
"rd.systemd.show_status=auto"
];
loader = {
timeout = 5;
systemd-boot.enable = true;
systemd-boot.consoleMode = "max";
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
};
environment.systemPackages = with pkgs; [
nixos-bgrt-plymouth
];
}

55
modules/common/qemu.nix
View file

@ -1,55 +0,0 @@
{
lib,
pkgs,
config,
...
}: {
boot.kernelModules = lib.mkAfter ["tun"];
environment.systemPackages = with pkgs; [
qemu
qemu_kvm
tunctl
virtiofsd
];
services = {
udev.extraRules = ''
SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660"
KERNEL=="tun", GROUP="kvm", MODE="0660"
'';
spice-vdagentd.enable = true;
resolved.enable = true;
};
virtualisation.libvirtd = {
enable = true;
qemu =
if lib.versionOlder config.system.nixos.release "25.11"
then {
ovmf.enable = true;
ovmf.packages = [pkgs.OVMFFull.fd];
runAsRoot = false;
swtpm.enable = true;
}
else {
runAsRoot = false;
swtpm.enable = true;
};
};
users.users.lomig.extraGroups = ["libvirtd" "kvm" "input"];
environment.etc."qemu/bridge.conf".text = ''
allow br0
'';
security.wrappers.qemu-bridge-helper = lib.mkForce {
source = "${pkgs.qemu}/libexec/qemu-bridge-helper";
owner = "root";
group = "kvm";
setuid = true;
permissions = "u+rwx,g+rx,o+rx";
};
}
# vim: set ts=2 sw=2 sts=2 et :

29
modules/common/smtp.nix
View file

@ -1,29 +0,0 @@
{ config, pkgs, lib, ... }:
let
globals = import ../../config/globals.nix;
in {
programs.msmtp = {
enable = true;
accounts.default = {
host = globals.smtp.host;
port = globals.smtp.port;
auth = true;
tls = true;
tls_starttls = true;
user = globals.smtp.user;
passwordeval = "cat /run/secrets/proton_pass";
from = globals.smtp.user;
};
};
environment.systemPackages = [ pkgs.msmtp ];
# On place le lien symbolique dans /etc/alternatives, qui est modifiable
systemd.tmpfiles.rules = [
"L+ /etc/alternatives/sendmail - - - - ${pkgs.msmtp}/bin/msmtp"
"L+ /usr/sbin/sendmail - - - - ${pkgs.msmtp}/bin/msmtp"
];
environment.pathsToLink = [ "/etc/alternatives" "/usr/sbin" ];
}

18
modules/desktop/gnome.nix
View file

@ -1,18 +0,0 @@
{lib, ...}: {
services = {
displayManager = {
gdm.enable = true;
sddm.enable = lib.mkForce false;
};
desktopManager = {
gnome.enable = true;
plasma6.enable = lib.mkForce false;
};
xserver = {
windowManager.bspwm.enable = lib.mkForce false;
displayManager.lightdm.enable = lib.mkForce false;
};
};
}
# vim: set ts=2 sw=2 sts=2 et :

18
modules/desktop/plasma.nix
View file

@ -1,18 +0,0 @@
{lib, ...}: {
services = {
displayManager = {
gdm.enable = lib.mkForce false;
sddm.enable = true;
};
desktopManager = {
gnome.enable = lib.mkForce false;
plasma6.enable = true;
};
xserver = {
windowManager.bspwm.enable = lib.mkForce false;
displayManager.lightdm.enable = lib.mkForce false;
};
};
}
# vim: set ts=2 sw=2 sts=2 et :

21
modules/desktop/xorg-bspwm.nix
View file

@ -1,21 +0,0 @@
{lib, ...}: {
services = {
xserver = {
enable = true;
displayManager = {
lightdm.enable = true;
};
windowManager.bspwm.enable = true;
};
displayManager = {
gdm.enable = lib.mkForce false;
sddm.enable = lib.mkForce false;
};
desktopManager = {
gnome.enable = lib.mkForce false;
plasma6.enable = lib.mkForce false;
};
};
}
# vim: set ts=2 sw=2 sts=2 et :

100
modules/hardware/bepovim.nix
View file

@ -1,100 +0,0 @@
_: {
services.xserver.xkb = {
layout = "bepovim";
variant = "basic";
options = "lv3:ralt_switch";
extraLayouts.bepovim = {
description = "Clavier Bepovim 4 niveaux";
languages = ["fr"];
symbolsFile = builtins.toFile "bepovim.xkb" ''
xkb_symbols "basic" {
name[Group1] = "Bepovim";
key <ESC> { [ Escape ] };
key <AE01> { [ dollar, numbersign ] };
key <AE02> { [ less, 1, guillemotleft ] };
key <AE03> { [ greater, 2, guillemotright ] };
key <AE04> { [ parenleft, 3, bracketleft ] };
key <AE05> { [ parenright, 4, bracketright ] };
key <AE06> { [ at, 5, braceleft ] };
key <AE07> { [ plus, 6, braceright ] };
key <AE08> { [ minus, 7, asciitilde ] };
key <AE09> { [ asterisk, 8 ] };
key <AE10> { [ slash, 9, backslash ] };
key <AE11> { [ quotedbl, 0, percent ] };
key <AE12> { [ equal, ampersand ] };
key <BKSP> { [ BackSpace ] };
key <TAB> { [ Tab, ISO_Left_Tab ] };
key <AD01> { [ b, B ] };
key <AD02> { [ eacute, Eacute ] };
key <AD03> { [ p, P ] };
key <AD04> { [ o, O ] };
key <AD05> { [ r, R ] };
key <AD06> { [ dead_circumflex, grave ] };
key <AD07> { [ v, V ] };
key <AD08> { [ s, S ] };
key <AD09> { [ t, T ] };
key <AD10> { [ d, D ] };
key <AD11> { [ egrave, Egrave ] };
key <AD12> { [ ccedilla, Ccedilla ] };
key <RTRN> { [ Return ] };
key <AC01> { [ c, C ] };
key <AC02> { [ a, A ] };
key <AC03> { [ u, U ] };
key <AC04> { [ i, I ] };
key <AC05> { [ e, E, EuroSign ] };
key <AC06> { [ period, question ] };
key <AC07> { [ n, N ] };
key <AC08> { [ h, H, Left ] };
key <AC09> { [ j, J, Down ] };
key <AC10> { [ k, K, Up ] };
key <AC11> { [ l, L, Right ] };
key <AC12> { [ m, M ] };
key <LFSH> { [ Shift_L ] };
key <LSGT> { [ q, Q ] };
key <AB01> { [ w, W ] };
key <AB02> { [ agrave, Agrave ] };
key <AB03> { [ f, F ] };
key <AB04> { [ colon, bar ] };
key <AB05> { [ comma, semicolon ] };
key <AB06> { [ apostrophe, exclam ] };
key <AB07> { [ x, X ] };
key <AB08> { [ g, G ] };
key <AB09> { [ z, Z ] };
key <AB10> { [ y, Y ] };
key <DELE> { [ Up ] };
key <DOWN> { [ Left ] };
key <RGHT> { [ Down ] };
key <INS> { [ Right ] };
key <LCTL> { [ Control_L ] };
key <LALT> { [ Alt_L ] };
key <SPCE> { [ space, underscore, nobreakspace, U202F ] };
key <RALT> { [ ISO_Level3_Shift ] };
key <FK02> { [ F1, F1 ] };
key <FK03> { [ F2, F2 ] };
key <FK04> { [ F3, F3 ] };
key <FK05> { [ F4, F4 ] };
key <FK06> { [ F5, F5 ] };
key <FK07> { [ F6, F6 ] };
key <FK08> { [ F7, F7 ] };
key <FK09> { [ F8, F8 ]};
key <FK10> { [ F9, F9 ] };
key <FK11> { [ F10, F10 ] };
key <FK12> { [ F11, F11 ] };
};
'';
};
};
console = {
useXkbConfig = true;
font = "Lat2-Terminus16";
};
}
# vim: set ts=2 sw=2 sts=2 et :

12
modules/hardware/firmware.nix
View file

@ -1,12 +0,0 @@
{
lib,
pkgs,
...
}: {
hardware = {
cpu.amd.updateMicrocode = lib.mkDefault true;
firmware = [pkgs.linux-firmware];
firmwareCompression = "zstd";
enableRedistributableFirmware = true;
};
}

46
modules/hardware/gpu-amd.nix
View file

@ -1,46 +0,0 @@
{
lib,
pkgs,
...
}: {
boot = {
initrd.kernelModules = lib.mkAfter ["amdgpu"];
kernelModules = lib.mkAfter ["amdgpu"];
};
# Pilotes + options AMDGPU
services.xserver = {
enable = true;
videoDrivers = lib.mkDefault ["amdgpu"];
};
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [
mesa
libva
libva-utils
libvdpau
libva-vdpau-driver
libvdpau-va-gl
vulkan-tools
vulkan-loader
vulkan-validation-layers
];
};
environment.variables = {
LIBVA_DRIVER_NAME = "radeonsi";
VDPAU_DRIVER = "va_gl";
};
# Désactive héritage radeon pour cartes anciennes
boot.kernelParams = lib.mkAfter [
"amdgpu.si_support=0"
"amdgpu.cik_support=0"
"radeon.si_support=0"
"radeon.cik_support=0"
];
}

12
modules/hardware/sensors-zenpower.nix
View file

@ -1,12 +0,0 @@
{
config,
lib,
...
}: {
boot.kernelModules = lib.mkAfter ["zenpower"];
boot.extraModulePackages = [config.boot.kernelPackages.zenpower];
hardware.sensor.iio.enable = lib.mkDefault true;
services.hardware.bolt.enable = lib.mkDefault false;
}
# vim: set ts=2 sw=2 sts=2 et :

52
modules/services/forgejo.nix
View file

@ -1,52 +0,0 @@
{pkgs, ...}:
let
globals = import ../../config/globals.nix;
in {
# --- Utilisateur dédié ---
users.users.${globals.services.forgejo.user} = {
isSystemUser = true;
home = globals.services.forgejo.home;
shell = pkgs.bash;
group = globals.services.forgejo.user;
};
users.groups.${globals.services.forgejo.user} = {};
# --- Forgejo ---
services = {
forgejo = {
enable = true;
user = globals.services.forgejo.user;
group = globals.services.forgejo.user;
database = {
type = "sqlite3";
path = "${globals.services.forgejo.home}/data/gitea.db";
};
settings = {
server = {
DOMAIN = globals.services.forgejo.url ;
ROOT_URL = "https://${globals.services.forgejo.url}/";
SSH_DOMAIN = globals.services.forgejo.url;
HTTP_PORT = globals.services.forgejo.port;
START_SSH_SERVER = false;
};
service = {
DISABLE_REGISTRATION = true;
REGISTER_EMAIL_CONFIRM = false;
};
repository = {
DEFAULT_BRANCH = "master";
};
};
};
openssh.enable = true;
caddy = {
enable = true;
virtualHosts.${globals.services.forgejo.url} = {
extraConfig = ''
reverse_proxy localhost:${toString globals.services.forgejo.port}
'';
};
};
};
networking.firewall.allowedTCPPorts = [80 443 22 ];
}

83
modules/services/goaccess.nix
View file

@ -1,83 +0,0 @@
{pkgs, config, ...}:
let
globals = import ../../config/globals.nix ;
in {
age.secrets.goaccess-password = {
file = ../../secrets/goaccess-password.age;
owner = "caddy";
group = "caddy";
mode = "0400";
};
environment.systemPackages = with pkgs; [
goaccess
];
environment.etc."local/bin/generate-goaccess.sh".text = ''
#!/bin/sh
set -eu
RAW_LOG="/var/log/caddy/access-${globals.services.levr.url}.log"
CLEAN_LOG="/tmp/goaccess-clean.log"
REPORT="${globals.services.goaccess.home}/index.html"
${pkgs.gnugrep}/bin/grep -v '192.168.' "$RAW_LOG" > "$CLEAN_LOG"
${pkgs.goaccess}/bin/goaccess "$CLEAN_LOG" --log-format=CADDY -o "$REPORT";
'';
environment.etc."local/bin/generate-goaccess.sh".mode = "0755";
systemd.services.goaccess-report = {
description = "Generate GoAccess HTML report";
serviceConfig = {
ExecStart = "/etc/local/bin/generate-goaccess.sh";
};
};
systemd.timers.goaccess-report = {
description = "Hourly GoAccess report generation";
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "hourly";
Persistent = true;
};
};
systemd.services."goaccess-auth-sync" = {
description = "Sync goaccess password for Caddy";
wantedBy = [ "caddy.service" ];
before = [ "caddy.service" ];
serviceConfig = {
Type = "oneshot";
ExecStart = pkgs.writeScript "sync-goaccess-auth" ''
#!${pkgs.bash}/bin/bash
mkdir -p /etc/caddy/extra
cp /run/agenix/goaccess-password /etc/caddy/extra/goaccess-auth.conf
chown caddy:caddy /etc/caddy/extra/goaccess-auth.conf
chmod 400 /etc/caddy/extra/goaccess-auth.conf
'';
};
};
services.caddy = {
virtualHosts = {
"${globals.services.goaccess.url}" = {
extraConfig = ''
root * ${globals.services.goaccess.home}
basic_auth /* {
import /etc/caddy/extra/goaccess-auth.conf
}
file_server browse
try_files {path} {path}/ /index.html
'';
};
};
};
systemd.tmpfiles.rules = [
"d ${globals.services.goaccess.home} 0755 root root -"
"d /etc/caddy/extra 0750 caddy caddy -"
];
}

3
modules/services/printing.nix
View file

@ -1,3 +0,0 @@
_: {
services.printing.enable = true;
}

33
modules/services/wikijs.nix
View file

@ -1,33 +0,0 @@
{ pkgs, ... }:
let
globals = import ../../config/globals.nix ;
in {
systemd.services.wiki-js = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
services.wiki-js = {
enable = true;
settings = {
db = {
db = "wiki-js";
host = "/run/postgresql";
type = "postgres";
user = "wiki-js";
};
port = 3002 ;
};
};
services.postgresql = {
enable = true;
ensureDatabases = [ "wiki-js" ];
ensureUsers = [{
name = "wiki-js";
ensureDBOwnership = true;
}];
};
services.caddy.virtualHosts.${globals.services.wikijs.url}.extraConfig = ''
reverse_proxy localhost:${toString globals.services.wikijs.port}
'';
}

80
modules/sites/levr.porzh.me.nix
View file

@ -1,80 +0,0 @@
{ pkgs, lib, ...}:
let
globals = import ../../config/globals.nix ;
in {
environment.systemPackages = with pkgs; [
hugo
];
systemd.services.hugo-build = {
description = "Auto build du blog hugo";
serviceConfig = {
Type = "oneshot";
WorkingDirectory = globals.services.levr.home ;
ExecStart = ''${pkgs.hugo}/bin/hugo --minify build -d ${globals.services.levr.build}'';
User = "levr";
};
};
systemd.timers.hugo-build = {
description = "Timer pour rebuild du blog";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "01:10" ;
Persistent = true ;
};
};
systemd.services.blog-sync = {
description = "Synchronisation du dépôt Hugo";
serviceConfig = {
Type = "oneshot";
WorkingDirectory = globals.services.levr.home;
ExecStart = "${pkgs.git}/bin/git pull --rebase origin master";
User = "levr";
};
environment = {
PATH = lib.mkForce "${pkgs.openssh}/bin";
};
};
systemd.timers.blog-sync = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "01:00";
Persistent = true;
};
};
services.caddy = {
enable = true;
virtualHosts = {
"${globals.services.levr.url}" = {
extraConfig = ''
@http {
protocol http
}
redir @http https://{host}{uri} permanent
root * ${globals.services.levr.build}
file_server
log {
output file /var/log/caddy/access-${globals.services.levr.url}.log
}
'';
};
};
};
users = {
users = {
"${globals.services.levr.user}" = {
isSystemUser = true ;
group = globals.services.levr.user ;
home = globals.services.levr.home ;
createHome = true ;
description = "User for hugo-blog builds and deployments";
};
};
groups.${globals.services.levr.user} = {};
};
systemd.tmpfiles.rules = [
"d ${globals.services.levr.home} 0755 levr levr -"
"d ${globals.services.levr.build} 0755 levr levr -"
];
}

26
modules/sites/porzh.me.nix
View file

@ -1,26 +0,0 @@
{pkgs, ...}: let
globals = import ../../config/globals.nix ;
porzhSite = pkgs.stdenv.mkDerivation {
pname = "porzh-site";
version = "1.0";
src = ./porzh.me; # le dossier avec ton index.html, image, etc.
installPhase = ''
mkdir -p $out
cp -r * $out/
'';
};
in {
services.caddy = {
enable = true;
virtualHosts = {
"${globals.domain}" = {
serverAliases = [ "www.${globals.domain}" ];
extraConfig = ''
root * ${porzhSite}
file_server
'';
};
};
};
}

BIN
modules/sites/porzh.me/ancre.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 626 KiB

51
modules/sites/porzh.me/index.html
View file

@ -1,51 +0,0 @@
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8">
<title>Porzh.me</title>
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Merriweather:ital,wght@0,400;1,400&display=swap" rel="stylesheet">
<style>
body {
margin: 0;
height: 100vh;
display: flex;
flex-direction: column; /* Aligne les éléments verticalement */
justify-content: center; /* Centre verticalement */
align-items: center; /* Centre horizontalement */
background-color: #fff;
font-family: 'Merriweather', serif;
}
img {
max-width: 30%;
height: auto;
}
#title {
font-size: 96px;
margin-top: 20px;
}
h2 {
font-size : 36px;
margin-top: -40px;
}
li {
display: inline;
}
a {
color: black;
}
</style>
</head>
<body>
<img src="./ancre.png" alt="Ancre">
<h1 id="title">porzh.me</h1>
<h2 id="subtitle">Ma porzh stag</h2>
<ul id="services">
<li><a href="https://govel.porzh.me" target="_blank">govel</a></li> /
<li><a href="https://levr.porzh.me" target="_blank">levr</a></li>
</ul>
<span style="bold">Fièrement auto-hébergé et indépendant</span>
</body>
</html>

BIN
modules/virtual/aarch64/AAVMF_CODE.fd
View file

Binary file not shown.

BIN
modules/virtual/aarch64/AAVMF_VARS.fd
View file

Binary file not shown.

3
modules/virtual/kvm-amd.nix
View file

@ -1,3 +0,0 @@
{lib, ...}: {
boot.kernelModules = lib.mkAfter ["kvm-amd"];
}

78
modules/virtual/truenas.nix
View file

@ -1,78 +0,0 @@
{pkgs, ...}: {
boot = {
initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"];
extraModprobeConfig = ''
options vfio-pci ids=1022:43f6
'';
kernelParams = [
"amd_iommu=on"
"iommu=pt"
];
};
users.users.lomig.extraGroups = ["disk"];
security.pam.loginLimits = [
{
domain = "lomig";
type = "soft";
item = "memlock";
value = "infinity";
}
{
domain = "lomig";
type = "hard";
item = "memlock";
value = "infinity";
}
];
boot.kernel.sysctl."vm.nr_hugepages" = 1024;
fileSystems."/dev/hugepages" = {
device = "hugetlbfs";
fsType = "hugetlbfs";
};
# services.udev.extraRules = ''
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500b0179482", GROUP="disk", MODE="0660"
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc529430", GROUP="disk", MODE="0660"
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc53994a", GROUP="disk", MODE="0660"
# SUBSYSTEM=="block", ENV{ID_SERIAL}=="wwn-0x50000c500cc5551d4", GROUP="disk", MODE="0660"
# SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660"
# '';
systemd.services.truenas-vm = {
wantedBy = ["multi-user.target"];
after = ["network-online.target"];
wants = ["network-online.target"];
serviceConfig = {
RuntimeDirectory = "truenas";
ExecStartPre = "/run/current-system/sw/bin/rm -f /run/truenas/qmp.sock";
ExecStart = ''
/run/current-system/sw/bin/qemu-system-x86_64 -enable-kvm -m 4096 -smp 2 \
-drive file=/home/lomig/vm/truenas.qcow2,if=none,format=qcow2,id=os \
-device vfio-pci,host=0e:00.0 \
-netdev bridge,br=br0,id=n1,helper=/run/wrappers/bin/qemu-bridge-helper \
-device virtio-net-pci,netdev=n1,mac=52:54:00:00:01:02 \
-device virtio-blk-pci,drive=os,bootindex=0 \
-qmp unix:/run/truenas.qmp,server,nowait -display none
'';
ExecStop = ''
echo '{"execute":"system_powerdown"}' | socat - UNIX-CONNECT:/run/truenas.qmp || true ; sleep 5
'';
Restart = "on-failure";
RestartSec = 3;
StartLimitIntervalSec = 60;
StartLimitBurst = 5;
};
};
systemd.services.resume-truenas-vm = {
description = "Restart Truenas VM after resume";
wantedBy = ["sleep.target"];
after = ["sleep.target"];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.systemd}/bin/systemctl try-restart truenas-vm.service";
};
};
}
# vim: set ts=2 sw=2 sts=2 et :

19
modules/virtual/vfio.nix
View file

@ -1,19 +0,0 @@
{lib, ...}: {
# Ajoute dans linitrd sans auto-référencer loption
boot = {
initrd.kernelModules = lib.mkAfter [
"vfio_pci"
"vfio"
"vfio_iommu_type1"
];
# Ajoute les params IOMMU proprement
kernelParams = lib.mkAfter [
"amd_iommu=on"
"iommu=pt"
];
# Valeur par défaut (sans référencer config.*)
kernel.sysctl."vm.nr_hugepages" = lib.mkDefault 1024;
};
}

15
scripts/imports.sh
View file

@ -1,15 +0,0 @@
#!/usr/bin/env bash
find $HOME/nixos-config -name "*.nix" | while read -r file; do
imports=$(awk '
/imports[[:space:]]*=/ {flag=1}
flag {print}
/\]/ && flag {flag=0}
' "$file" | grep -vE 'imports[[:space:]]*=' | grep -v '\[' | grep -v '\]' | sed 's/^[[:space:]]*//; s/[[:space:]]*$//')
if [[ -n "$imports" ]]; then
echo "$file imports:"
echo "$imports" | sed 's/^/ |--- /'
echo
fi
done

1
secrets/agenix/pennsardin.pub
View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICZto2/k9ZiYzWxWM6sfZLq/fIUVDc3BwPb+00dOahkk root@pennsardin

7
secrets/dunoz-password-penduick.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> X25519 t5/4zFfNo5Hq/EacMKriedzv9je2ThBpq/WLegedg2A
sq35AzCE5HVTgqi0cNOcbW5C50sLeCAw4SIR6fbMg2M
-> X25519 yHHx+6CF7VEf331RchlwC9povVUwZBTq9cgAfo3gqjQ
RUsB7tMZRJYGy5Ggw+pnaNPOEiFYwAJn+gquCcNUnQo
--- jJVkAQ9fNSwyrWiyvIVzuTuJuudhL3zv29PI5pdKDz4
ш¤.f­=5¸I¶öWöÖõŠi£N½PÚŸ<>lSww©ðMÌÇí*

BIN
secrets/goaccess-password.age
View file

Binary file not shown.

11
secrets/secrets.nix
View file

@ -1,11 +0,0 @@
let
serveur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPRVxB7usThGHf8cuSPE4sjdqSaPNlwWAZPEo1wUgHz6 root@terre-neuvas";
admin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxranFaz3jRfvYE2M6FvRUWjzviIWjWd1mucgKeuSK2 lomig@nixos";
penduick = "age1rnyey8shjxyaq43dzlnhtfkcm3ra4hy3ygh6c46w4xmr7fe9fe3s00nh2r";
dunoz = "age1ppu60aw0v5wxhrc0gyqmgrukh2a5uaxwqxxmuy0w3fv4tnt02ycqrrgmue";
in
{
"goaccess-password.age".publicKeys = [ serveur admin ];
"dunoz-password-penduick.age".publicKeys = [ penduick dunoz ];
}