DuN0z/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: DuN0z:refactor
Branches Tags
DuN0z:master
DuN0z:refactor
DuN0z:main
..
compare: DuN0z:master
Branches Tags
DuN0z:master
DuN0z:refactor
DuN0z:main

49 commits
refactor ... master

Author SHA1 Message Date
DuN0z
212b3f98ac FLAKE: update 2025-11-24 12:52:33 +01:00
DuN0z
a74fa0ebb0 FLAKE: update 2025-11-19 10:12:33 +01:00
DuN0z
9c751878a4 FLAKE: update 2025-11-09 10:50:05 +01:00
DuN0z
0c76b0443d Add: passwd with agenix 2025-11-09 10:48:19 +01:00
DuN0z
a42007c7c5 Fix: no more vaapiVdpau 2025-11-05 09:25:38 +01:00
DuN0z
87f60899c5 Add: automatic nix clean 2025-11-05 03:53:52 +01:00
DuN0z
201666c577 Changes: Penduick to plasma 2025-11-02 10:12:01 +01:00
DuN0z
3d2c218dc0 FLAKE: update 2025-11-02 08:47:04 +01:00
DuN0z
3c9f6bddbf Fix: better config for thinkpad 2025-11-02 08:43:56 +01:00
DuN0z
55c3398a43 Add: encrypted password for dunoz user 2025-10-30 08:19:01 +01:00
DuN0z
1151aaa3cb Add: alias for agenix 2025-10-29 22:57:34 +01:00
DuN0z
09e28be9db Fix: Last kernel on Penduick 2025-10-29 19:06:52 +01:00
DuN0z
cfe1fbf185 Add: Penduick on Thinkpad T480 2025-10-29 18:31:07 +01:00
DuN0z
e2177beef1 Fix: betterlockscreen in its own file 2025-10-29 10:05:40 +01:00
DuN0z
7a1225d3ef Fix: picom - bad package definition 2025-10-29 09:16:21 +01:00
DuN0z
cf06d8b10c Add: script to get imports hierarchy 2025-10-29 09:11:21 +01:00
DuN0z
667179af2a Fix: Picom in its own file 2025-10-29 09:08:35 +01:00
DuN0z
567d2949f9 Fix: Optimise imports 2025-10-29 08:53:20 +01:00
DuN0z
000d1c4833 Fix: no more *-small repositories 2025-10-29 08:52:21 +01:00
DuN0z
68fc91b3f7 FLAKE: update 2025-10-26 09:28:26 +01:00
DuN0z
392e7790f4 Add: disko pennsardin 2025-10-23 09:08:06 +02:00
DuN0z
1dc4d79e20 Fix: git for stable version 2025-10-23 03:32:00 +02:00
DuN0z
1a2f93f977 Fix: nvim config in separate file 2025-10-22 09:37:47 +02:00
DuN0z
55aad968ab Add: neovim git configuration 2025-10-22 08:18:41 +02:00
DuN0z
c6e5dc2762 Delete: colours.nix 2025-10-21 23:55:59 +02:00
DuN0z
e7e57b90af Fix: git options change 2025-10-20 08:00:46 +02:00
DuN0z
14f57637f1 FLAKE: update 2025-10-20 07:47:29 +02:00
DuN0z
2955d80de6 Fix: bad import 2025-10-20 07:46:55 +02:00
DuN0z
c59eb8b821 Fix: bad path for modules 2025-10-18 07:57:56 +02:00
DuN0z
1e2e108797 Refactor: delete overkill layers 2025-10-18 06:39:16 +02:00
DuN0z
94fc05580d Delete: pihole file 2025-10-18 05:59:40 +02:00
DuN0z
e8b1d7c269 Delete: ftp.nix 2025-10-18 05:58:11 +02:00
DuN0z
53c0163ccc Add: Agenix for caddy goaccess page 2025-10-17 22:43:24 +02:00
DuN0z
fd12d647e4 Fix: remove local adress from stats 2025-10-16 10:27:26 +02:00
DuN0z
815e095f4f Fix: back to forgejo original config 2025-10-16 10:27:01 +02:00
DuN0z
98cd87c47d Fix: add firewall 2025-10-14 07:37:59 +02:00
DuN0z
1731f5ea7d Add: modules for sensors 2025-10-13 13:46:26 +02:00
DuN0z
5b12e9360f Fix: no suspend if ssh session 2025-10-13 13:44:38 +02:00
DuN0z
a6f85e6d59 FLAKE: update 2025-10-12 08:25:38 +02:00
DuN0z
55b119c778 Fix: wikijs configuration 2025-10-10 21:03:03 +02:00
DuN0z
86f45df825 Add: wikijs 2025-10-10 20:29:51 +02:00
DuN0z
4a10a54faa Fix: nix syntax error 2025-10-09 22:40:34 +02:00
DuN0z
5deefc17b2 Add: specific system user for levr.porzh.me 2025-10-09 18:40:13 +02:00
DuN0z
441cd5eff9 Refactor 2025-10-09 17:50:49 +02:00
DuN0z
845c3373ba refactor 2025-10-09 17:46:15 +02:00
DuN0z
fd5f22ae65 Refactor: global.nix 2025-10-09 17:41:20 +02:00
DuN0z
e3c3d5ee8b Fix: imports 2025-10-09 17:40:43 +02:00
DuN0z
ce4201eb4e Fix: Pennsardin IP 2025-10-09 14:21:55 +02:00
DuN0z
56520c977d Fix: xsession bspwm 2025-10-09 14:14:43 +02:00
41 changed files with 994 additions and 520 deletions
Download patch file Download diff file Expand all files Collapse all files

13
config/globals.nix
View file

@ -16,13 +16,17 @@
pennsardin = { pennsardin = {
ip = "192.168.50.12"; ip = "192.168.50.12";
}; };
terre-neuvas = {
ip = "192.168.50.11";
};
}; };
services = { services = {
forgejo = { forgejo = {
home = "/var/lib/services/forgejo"; home = "/var/lib/forgejo";
url = "govel.porzh.me"; url = "govel.porzh.me";
port = "3000"; user = "git";
port = 3000;
}; };
goaccess = { goaccess = {
home = "/var/lib/www/goaccess"; home = "/var/lib/www/goaccess";
@ -32,10 +36,11 @@
home = "/var/lib/services/levr"; home = "/var/lib/services/levr";
build = "/var/lib/www/levr"; build = "/var/lib/www/levr";
url = "levr.porzh.me"; url = "levr.porzh.me";
user = "levr";
}; };
outline = { wikijs = {
url = "notes.porzh.me"; url = "notes.porzh.me";
port = "3001"; port = 3002 ;
}; };
}; };
} }

185
disko/pennsardin.nix Normal file
View file

@ -0,0 +1,185 @@
{ ... }: {
disko.devices = {
disk.main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
boot = {
size = "512MiB";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot/efi";
mountOptions = [ "umask=0077" "noauto" ];
};
};
rescue = {
size = "8GiB";
type = "8300";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/rescue";
mountOptions = [ "nofail" "noauto" "nosuid" "nodev" "noexec" ];
};
};
root = {
size = "100%";
type = "8e00"; # LVM partition
content = {
type = "lvm_pv";
vg = "vg-main";
};
};
};
};
};
lvm_vg."vg-main" = {
type = "lvm_vg";
lvs = {
# -- Système principal --
lv-root = {
size = "100G";
content = {
type = "btrfs";
mountpoint = "/";
mountOptions = [ "compress=zstd:3" "noatime" "space_cache=v2" "discard=async" ];
};
};
lv-home = {
size = "100G";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
mountpoint = "/home";
mountOptions = [
"compress=zstd:3"
"noatime"
"nodev"
"nosuid"
"space_cache=v2"
"discard=async"
];
subvolumes = {
"@homebin" = {
mountpoint = "/home/dunoz/bin";
mountOptions = [
"compress=zstd:3"
"noatime"
"nodev"
"nosuid"
"space_cache=v2"
"discard=async"
"subvol=@homebin"
];
};
};
};
};
lv-nix = {
size = "80G";
content = {
type = "btrfs";
mountpoint = "/nix";
mountOptions = [ "compress=zstd:3" "noatime" "space_cache=v2" "discard=async" ];
};
};
lv-var = {
size = "50G";
content = {
type = "btrfs";
mountpoint = "/var";
mountOptions = [ "compress=zstd:3" "noatime" "nodev" "nosuid" "space_cache=v2" "discard=async" ];
};
};
# -- Données & builds (no COW) --
lv-work = {
size = "100G";
content = {
type = "btrfs";
mountpoint = "/home/dunoz/Work";
mountOptions = [ "nodatacow" "noatime" "nodev" "space_cache=v2" "discard=async" ];
};
};
lv-games = {
size = "200G";
content = {
type = "btrfs";
mountpoint = "/home/dunoz/.local/share/Steam";
mountOptions = [ "nodatacow" "noatime" "nodev" "space_cache=v2" "discard=async" ];
};
};
lv-qemu = {
size = "200G";
content = {
type = "btrfs";
mountpoint = "/var/lib/libvirt/images";
mountOptions = [ "nodatacow" "noatime" "nodev" "nosuid" "space_cache=v2" "discard=async" ];
};
};
lv-container = {
size = "20G";
content = {
type = "btrfs";
mountpoint = "/var/lib/machines";
mountOptions = [ "nodatacow" "noatime" "nodev" "nosuid" "space_cache=v2" "discard=async" ];
};
};
};
};
filesystem.raid = {
type = "filesystem";
device = "/dev/md0";
format = "btrfs";
mountpoint = "/srv/raid";
mountOptions = [ "compress=zstd:3" "noatime" "nofail" "noexec" "nodev" "nosuid" "space_cache=v2" "discard=async" ];
};
bindmounts = {
docs = {
device = "/srv/raid/home-data/Documents";
mountpoint = "/home/dunoz/Documents";
options = [ "bind" "nofail" "nosuid" "nodev" "noexec" ];
};
images = {
device = "/srv/raid/home-data/Images";
mountpoint = "/home/dunoz/Images";
options = [ "bind" "nofail" "nosuid" "nodev" "noexec" ];
};
music = {
device = "/srv/raid/home-data/Musique";
mountpoint = "/home/dunoz/Musique";
options = [ "bind" "nofail" "nosuid" "nodev" "noexec" ];
};
downloads = {
device = "/srv/raid/home-data/Téléchargements";
mountpoint = "/home/dunoz/Téléchargements";
options = [ "bind" "nofail" "nosuid" "nodev" "noexec" ];
};
videos = {
device = "/srv/raid/home-data/Vidéos";
mountpoint = "/home/dunoz/Vidéos";
options = [ "bind" "nofail" "nosuid" "nodev" "noexec" ];
};
config = {
device = "/srv/raid/home-data/nixos-config";
mountpoint = "/home/dunoz/nixos-config";
options = [ "bind" "nofail" "nosuid" "nodev" ];
};
};
};
}

179
flake.lock generated
View file

@ -1,5 +1,48 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1762618334,
"narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
"owner": "ryantm",
"repo": "agenix",
"rev": "fcdea223397448d35d9b31f798479227e80183f6",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
@ -24,15 +67,16 @@
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs-unstable" "agenix",
"nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1759573136, "lastModified": 1745494811,
"narHash": "sha256-ILSPD0Dm8p0w0fCVzOx98ZH8yFDrR75GmwmH3fS2VnE=", "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "5f06ceafc6c9b773a776b9195c3f47bbe1defa43", "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -62,29 +106,49 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs": { "home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": { "locked": {
"lastModified": 1759381078, "lastModified": 1763963090,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", "narHash": "sha256-zR7uDZdQUUC+gBOi4byefMvIZuSBeMC6GswGNsTgQlM=",
"owner": "nixos", "owner": "nix-community",
"repo": "nixpkgs", "repo": "home-manager",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", "rev": "7702d14879e8f0148fa168e38f3eaa2650fa0d85",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nix-community",
"ref": "nixos-unstable", "repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1754028485,
"narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "59e69648d345d6e8fef86158c555730fa12af9de",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1759439645, "lastModified": 1763622513,
"narHash": "sha256-oiAyQaRilPk525Z5aTtTNWNzSrcdJ7IXM0/PL3CGlbI=", "narHash": "sha256-1jQnuyu82FpiSxowrF/iFK6Toh9BYprfDqfs4BB+19M=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "879bd460b3d3e8571354ce172128fbcbac1ed633", "rev": "c58bc7f5459328e4afac201c5c4feb7c818d604b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -96,31 +160,61 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1759543899, "lastModified": 1763835633,
"narHash": "sha256-yu9gsM5Tw4wHxZLSywbyvLnNkn/0qvcQ0r3D5FbIf9w=", "narHash": "sha256-HzxeGVID5MChuCPESuC0dlQL1/scDKu+MmzoVBJxulM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6c4f138b35597e4676611e7ea341c251a98112f9", "rev": "050e09e091117c3d7328c7b2b7b577492c43c134",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-unstable-small", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1763835633,
"narHash": "sha256-HzxeGVID5MChuCPESuC0dlQL1/scDKu+MmzoVBJxulM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "050e09e091117c3d7328c7b2b7b577492c43c134",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1763806073,
"narHash": "sha256-FHsEKDvfWpzdADWj99z7vBk4D716Ujdyveo5+A048aI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "878e468e02bfabeda08c79250f7ad583037f2227",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nur": { "nur": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1759614609, "lastModified": 1763983952,
"narHash": "sha256-psvkqVBJDv/A2I5pXOIn5rFWYCx0C2ogUmYNA/WH1ys=", "narHash": "sha256-nSWNqQezb6bhu5eYxF+lqzXj8h/sVD2C/CMV/JXK7Bw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "2edcb08c08b541088834d35cf560601038b3c3a2", "rev": "3f55dad0778bfaa302e87d87326ec02e7100ff98",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -129,13 +223,48 @@
"type": "github" "type": "github"
} }
}, },
"nvim-config": {
"inputs": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1761113802,
"narHash": "sha256-HuP5TTFNzrxuro6UeA8+++BCV9x9rLhQ0bW5lbU3fTM=",
"ref": "refs/heads/master",
"rev": "154c606ecbc9069df8289e81b46025a6f9820867",
"revCount": 5,
"type": "git",
"url": "https://govel.porzh.me/DuN0z/neovim-config.git"
},
"original": {
"type": "git",
"url": "https://govel.porzh.me/DuN0z/neovim-config.git"
}
},
"root": { "root": {
"inputs": { "inputs": {
"home-manager": "home-manager", "agenix": "agenix",
"home-manager": "home-manager_2",
"home-manager-stable": "home-manager-stable", "home-manager-stable": "home-manager-stable",
"nixpkgs-stable": "nixpkgs-stable", "nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur" "nur": "nur",
"nvim-config": "nvim-config"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
} }
} }
}, },

49
flake.nix
View file

@ -7,12 +7,14 @@
url = "github:nix-community/home-manager/release-25.05"; url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs-stable"; inputs.nixpkgs.follows = "nixpkgs-stable";
}; };
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
}; };
nur.url = "github:nix-community/NUR"; nur.url = "github:nix-community/NUR";
agenix.url = "github:ryantm/agenix";
nvim-config.url = "git+https://govel.porzh.me/DuN0z/neovim-config.git";
}; };
outputs = { outputs = {
@ -21,6 +23,8 @@
home-manager-stable, home-manager-stable,
home-manager, home-manager,
nur, nur,
agenix,
nvim-config,
... ...
}: let }: let
mkUnstablePkgsWithNur = { mkUnstablePkgsWithNur = {
@ -35,6 +39,7 @@
in { in {
nixosConfigurations = { nixosConfigurations = {
pennsardin = nixpkgs-unstable.lib.nixosSystem { pennsardin = nixpkgs-unstable.lib.nixosSystem {
specialArgs = { inherit nvim-config; };
system = "x86_64-linux"; system = "x86_64-linux";
pkgs = mkUnstablePkgsWithNur { pkgs = mkUnstablePkgsWithNur {
system = "x86_64-linux"; system = "x86_64-linux";
@ -46,17 +51,59 @@
modules = [ modules = [
./hosts/pennsardin/configuration.nix ./hosts/pennsardin/configuration.nix
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{
home-manager = {
useGlobalPkgs = true ;
useUserPackages = true ;
extraSpecialArgs = {inherit nvim-config; };
};
}
]; ];
}; };
terre-neuvas = nixpkgs-stable.lib.nixosSystem { terre-neuvas = nixpkgs-stable.lib.nixosSystem {
specialArgs = { inherit agenix; inherit nvim-config; };
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
./hosts/terre-neuvas/configuration.nix ./hosts/terre-neuvas/configuration.nix
home-manager-stable.nixosModules.home-manager home-manager-stable.nixosModules.home-manager
{
home-manager = {
useGlobalPkgs = true ;
useUserPackages = true ;
extraSpecialArgs = {inherit nvim-config; };
};
}
agenix.nixosModules.default
]; ];
}; };
penduick = nixpkgs-unstable.lib.nixosSystem {
specialArgs = { inherit nvim-config; };
system = "x86_64-linux";
pkgs = mkUnstablePkgsWithNur {
system = "x86_64-linux";
config = {
allowUnfree = true;
allowUnsupportedSystem = true;
};
};
modules = [
./hosts/penduick/configuration.nix
home-manager.nixosModules.home-manager
{
home-manager = {
useGlobalPkgs = true ;
useUserPackages = true ;
extraSpecialArgs = {inherit nvim-config; };
};
}
agenix.nixosModules.default
];
};
forbann = nixpkgs-stable.lib.nixosSystem { forbann = nixpkgs-stable.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [

21
hm/common/betterlockscreen.nix Normal file
View file

@ -0,0 +1,21 @@
{ pkgs, ... }:{
home.packages = with pkgs; [
xidlehook
betterlockscreen
];
systemd.user.services.xidlehook = {
Unit.Description = "Idle: lock at 5min, suspend at ~8min";
Service = {
ExecStart = ''
${pkgs.xidlehook}/bin/xidlehook \
--detect-sleep \
--not-when-fullscreen \
--timer 300 "${pkgs.betterlockscreen}/bin/betterlockscreen -l dim" "" \
--timer 500 "systemctl suspend" ""
'';
Restart = "always";
};
Install.WantedBy = ["graphical-session.target"];
};
}

1
hm/common/colours.nix
View file

@ -1 +0,0 @@
_: {}

12
hm/common/git.nix
View file

@ -1,8 +1,16 @@
_: { lib, config, ...}:
let let
globals = import ../../config/globals.nix; globals = import ../../config/globals.nix;
nixosRelease = lib.attrByPath [ "system" "nixos" "release" ] "0.0" config;
newGit = lib.versionAtLeast nixosRelease "25.11";
in { in {
programs.git = { programs.git = if newGit then {
enable = true;
settings.user = {
name = globals.admin.name;
email = globals.admin.email;
};
} else {
enable = true; enable = true;
userName = globals.admin.name; userName = globals.admin.name;
userEmail = globals.admin.email; userEmail = globals.admin.email;

147
hm/common/nvim.nix
View file

@ -1,125 +1,32 @@
{pkgs, ...}: { { pkgs, nvim-config, ...}: {
home.packages = with pkgs; [
ruff
pyright
gcc
marksman
lua-language-server
];
programs.neovim = { programs.neovim = {
enable = true; enable = true ;
withNodeJs = true; viAlias = true ;
withPython3 = true;
defaultEditor = true;
viAlias = true;
vimAlias = true; vimAlias = true;
};
coc.enable = true; home.file.".config/nvim" = {
source = nvim-config ;
plugins = with pkgs.vimPlugins; [ recursive = true ;
goyo-vim };
nerdtree programs.ruff = {
limelight-vim enable = true ;
]; settings = {
line-length = 100;
extraConfig = '' per-file-ignores = { "__init__.py" = [ "F401" ]; };
set number lint = {
set relativenumber select = [ "E4" "E7" "E9" "F" ];
set scrolloff=4 ignore = [ ];
set signcolumn=yes };
};
set mouse=a
set clipboard=unnamedplus
set ignorecase
set smartcase
set incsearch
set tabstop=2
set shiftwidth=2
set expandtab
set splitright
set splitbelow
set termguicolors
set updatetime=300
set undofile
let mapleader = " "
colorscheme retrobox
syntax enable
nnoremap <F10> :Goyo<CR>
inoremap <F10> <Esc> :Goyo<CR>
let g:goyo_width = 100
command! Q qall!
" --- Fichiers détat : swap / backup / undo ---
let s:state = has('unix') ? $HOME . '/.local/state/nvim' : $HOME . '/nvim-state'
" Crée les dossiers si besoin (silencieusement)
silent! call mkdir(s:state . '/swap', 'p')
silent! call mkdir(s:state . '/backup', 'p')
silent! call mkdir(s:state . '/undo', 'p')
augroup MdNoSuggest
autocmd!
autocmd FileType markdown let b:coc_suggest_disable = 1 | let b:coc_diagnostic_disable = 1
augroup END
" Goyo : pas de coupure de mots + Limelight auto
autocmd User GoyoEnter
\ let w:_wrap=&l:wrap | let w:_tw=&l:textwidth | let w:_fo=&l:formatoptions |
\ setlocal wrap linebreak nolist textwidth=0 |
\ setlocal formatoptions-=t formatoptions-=c formatoptions-=r formatoptions-=o formatoptions-=l |
\ Limelight
autocmd User GoyoLeave
\ if exists('w:_wrap') | let &l:wrap=w:_wrap | unlet w:_wrap | endif |
\ if exists('w:_tw') | let &l:textwidth=w:_tw | unlet w:_tw | endif |
\ if exists('w:_fo') | let &l:formatoptions=w:_fo | unlet w:_fo | endif |
\ Limelight!
" Swap files (fichiers déchange)
set directory^=~/.local/state/nvim/swap//
" Backups (copie avant écriture) optionnel mais utile
set backup
set writebackup
set backupdir=~/.local/state/nvim/backup//
" Undo persistant ( pour la rédaction)
set undofile
set undodir=~/.local/state/nvim/undo//
" --- Résolution auto des conflits de swap ---
augroup ResolveSwap
autocmd!
" Si un swap existe quand on ouvre un fichier
autocmd SwapExists * call s:ResolveSwap(v:swapname, expand('<afile>'))
augroup END
function! s:ResolveSwap(swapname, filename) abort
" Si le fichier sur disque est plus récent que le swap -> on édite quand même (e)
if getftime(a:filename) > getftime(a:swapname)
let v:swapchoice = 'e' " edit anyway (ignore le swap)
else
" Sinon, ouvre en lecture seule par prudence (o).
" Tu pourras décider ensuite (écraser, récupérer, diff).
let v:swapchoice = 'o'
endif
endfunction
" Rendre les messages de swap moins dramatiques
set shortmess+=A
inoremap <silent><expr> <Enter> pumvisible() ? coc#pum#confirm() : "\<CR>"
'';
extraPackages = with pkgs; [
ripgrep
fd
xclip
];
}; };
} }
# vim: set ts=2 sw=2 sts=2 et :
# vim: set ts=2 sw=2 sts=2 et :

3
hm/desktop/common/picom.nix → hm/common/picom.nix
View file

@ -1,4 +1,5 @@
_: { { pkgs, ... }: {
home.packages = [ pkgs.picom ] ;
services.picom = { services.picom = {
enable = true; enable = true;
backend = "glx"; # plus fluide si ta carte gère bien OpenGL backend = "glx"; # plus fluide si ta carte gère bien OpenGL

38
hm/common/polybar.nix Normal file
View file

@ -0,0 +1,38 @@
{ pkgs, ... }: {
services = {
polybar = {
enable = true;
script = "polybar main &";
config = {
"bar/main" = {
width = "100%";
height = "28";
font-0 = "Iosevka Nerd Font:style=regular:pixelsize=12;2";
font-1 = "Font Awesome 6 Free:style=Solid:pixelsize=10;2";
modules-left = "bspwm";
modules-center = "date";
modules-right = "pulseaudio memory cpu";
};
"module/bspwm" = {
type = "internal/bspwm";
label-focused = "%name%";
label-focused-foreground = "#e6e0de";
label-focused-padding = 2;
label-occupied = "%name%";
label-occupied-padding = 2;
label-urgent = "%name%";
label-urgent-background = "#e42127";
label-urgent-foreground = "#ffffff";
label-empty = "%name%";
label-empty-foreground = "#645d56";
label-empty-padding = 2;
};
"module/date" = {
type = "internal/date";
interval = 60;
date = "%d-%m-%Y %H:%M";
};
};
};
};
}

1
hm/common/zsh.nix
View file

@ -20,6 +20,7 @@ _: {
shellAliases = { shellAliases = {
h = "history"; h = "history";
upd = "sudo nixos-rebuild switch --flake $HOME/nixos-config#pennsardin; source ~/.zshrc"; upd = "sudo nixos-rebuild switch --flake $HOME/nixos-config#pennsardin; source ~/.zshrc";
agenix = "nix run github:ryantm/agenix --";
}; };
shellGlobalAliases = { shellGlobalAliases = {
G = "| grep"; G = "| grep";

69
hm/desktop/bspwm.nix
View file

@ -5,7 +5,9 @@
... ...
}: { }: {
imports = [ imports = [
../common/browser.nix ../common/betterlockscreen.nix
../common/picom.nix
../common/polybar.nix
]; ];
home.packages = with pkgs; [ home.packages = with pkgs; [
bspwm bspwm
@ -16,10 +18,6 @@
rofi rofi
feh feh
font-awesome font-awesome
picom
xorg.xset
xidlehook
betterlockscreen
pywal16 pywal16
imagemagick imagemagick
pulsemixer pulsemixer
@ -32,7 +30,6 @@
protonvpn-gui protonvpn-gui
]; ];
# Gère le ssh-agent proprement côté user
services.ssh-agent.enable = true; services.ssh-agent.enable = true;
xsession = { xsession = {
@ -40,7 +37,6 @@
windowManager.bspwm = { windowManager.bspwm = {
enable = true; enable = true;
# Démarrages au login X
startupPrograms = [ startupPrograms = [
"sxhkd -m 1" "sxhkd -m 1"
"setxkbmap bepovim" "setxkbmap bepovim"
@ -58,14 +54,6 @@
}; };
}; };
# xsession.initExtra = ''
# xset s 300 300
# xset s on
# xset s noblank
# xset +dpms
# xset dpms 0 0 500
# '';
services = { services = {
sxhkd = { sxhkd = {
enable = true; enable = true;
@ -106,55 +94,6 @@
"super + t" = "bspc node -t tiled"; "super + t" = "bspc node -t tiled";
}; };
}; };
polybar = {
enable = true;
script = "polybar main &";
config = {
"bar/main" = {
width = "100%";
height = "28";
font-1 = "Font Awesome 6 Free:style=Solid:pixelsize=10;2";
modules-left = "bspwm";
modules-center = "date";
modules-right = "pulseaudio memory cpu";
};
"module/bspwm" = {
type = "internal/bspwm";
label-focused = "%name%";
label-focused-foreground = "#e6e0de";
label-focused-padding = 2;
label-occupied = "%name%";
label-occupied-padding = 2;
label-urgent = "%name%";
label-urgent-background = "#e42127";
label-urgent-foreground = "#ffffff";
label-empty = "%name%";
label-empty-foreground = "#645d56";
label-empty-padding = 2;
};
"module/date" = {
type = "internal/date";
interval = 60;
date = "%d-%m-%Y %H:%M";
};
};
};
};
# xidlehook (user service)
systemd.user.services.xidlehook = {
Unit.Description = "Idle: lock at 5min, suspend at ~8min";
Service = {
ExecStart = ''
${pkgs.xidlehook}/bin/xidlehook \
--detect-sleep \
--not-when-fullscreen \
--timer 300 "${pkgs.betterlockscreen}/bin/betterlockscreen -l dim" "" \
--timer 500 "systemctl suspend" ""
'';
Restart = "always";
};
Install.WantedBy = ["graphical-session.target"];
}; };
programs = { programs = {
@ -175,7 +114,7 @@
family = lib.mkForce "Iosevka Nerd Font"; family = lib.mkForce "Iosevka Nerd Font";
style = "Italic"; style = "Italic";
}; };
size = lib.mkForce 9; size = lib.mkForce 8;
}; };
}; };
}; };

17
hm/users/dunoz-desktop.nix Normal file
View file

@ -0,0 +1,17 @@
{pkgs, ...}: {
imports = [
../common/browser.nix
../common/nvim.nix
./dunoz.nix
];
home = {
packages = with pkgs; [
fastfetch
nerd-fonts.iosevka
proton-pass
smug
];
};
}
# vim: set ts=2 sw=2 sts=2 et :

19
hm/users/dunoz.nix Normal file
View file

@ -0,0 +1,19 @@
{pkgs, nvim-config, ...}: {
imports = [
../../hm/common/git.nix
../../hm/common/zsh.nix
];
home = {
username = "dunoz";
homeDirectory = "/home/dunoz";
packages = with pkgs; [
bat
tree
];
};
programs.zsh.enable = true;
home.stateVersion = "25.05"; # ou ton actuelle
}
# vim: set ts=2 sw=2 sts=2 et :

2
hm/users/lomig-desktop.nix
View file

@ -1,6 +1,8 @@
{pkgs, ...}: { {pkgs, ...}: {
imports = [ imports = [
../desktop/bspwm.nix ../desktop/bspwm.nix
../common/browser.nix
../common/nvim.nix
./lomig.nix ./lomig.nix
]; ];
home = { home = {

8
hm/users/lomig.nix
View file

@ -1,10 +1,8 @@
{pkgs, ...}: { {pkgs, nvim-config, ...}: {
imports = [ imports = [
../common/nvim.nix
../../hm/common/git.nix ../../hm/common/git.nix
../../hm/common/zsh.nix ../../hm/common/zsh.nix
]; ];
home.stateVersion = "25.05"; # ou ton actuelle
home = { home = {
username = "lomig"; username = "lomig";
homeDirectory = "/home/lomig"; homeDirectory = "/home/lomig";
@ -13,7 +11,9 @@
tree tree
]; ];
}; };
programs.zsh.enable = true; programs.zsh.enable = true;
home.stateVersion = "25.05"; # ou ton actuelle
} }
# vim: set ts=2 sw=2 sts=2 et : # vim: set ts=2 sw=2 sts=2 et :

61
hosts/penduick/configuration.nix Normal file
View file

@ -0,0 +1,61 @@
{ config, pkgs, ... }:
let
globals = import ../../config/globals.nix;
in {
imports = [
./hardware-configuration.nix
../../modules/desktop/plasma.nix
../../modules/common/nix.nix
../../modules/common/base.nix
../../modules/common/fonts.nix
../../modules/common/networking.nix
../../modules/common/plymouth.nix
../../modules/common/audio.nix
];
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.luks.devices.cryptroot.device = "/dev/nvme0n1p3";
networking.hostName = "penduick";
networking.networkmanager.enable = true;
console.keyMap = "fr";
services.openssh.enable = true;
services.openssh.settings = {
PermitRootLogin = "no";
PasswordAuthentication = true;
};
age.identityPaths = [ "/etc/agenix/penduick.key" "/etc/agenix/dunoz-admin.key" ];
# age.secrets."dunoz-password-penduick".file = ../../secrets/dunoz-password-penduick.age;
users= {
# mutableUsers = false ;
users.dunoz = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" ];
# passwordFile = config.age.secrets."dunoz-password-penduick".path;
shell = pkgs.zsh;
};
};
home-manager = {
useGlobalPkgs = true ;
users.dunoz = import ../../hm/users/dunoz-desktop.nix ;
};
environment.systemPackages = with pkgs; [
git htop wget curl
neovim
age ssh-to-age
weechat
];
# Optionnel mais utile pour SSH au démarrage
systemd.services.sshd.wantedBy = [ "multi-user.target" ];
system.stateVersion = "25.05";
}

66
hosts/penduick/hardware-configuration.nix Normal file
View file

@ -0,0 +1,66 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/233c2886-05e4-4f9f-a708-6c920c7d9e32";
fsType = "btrfs";
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/09b55bee-0134-4e96-8183-e85412fa7724";
fsType = "btrfs";
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/4ce480f5-8212-4b28-b275-a0250c2edae1";
fsType = "btrfs";
};
fileSystems."/var" =
{ device = "/dev/disk/by-uuid/f54d2ebe-f1ca-4471-a9a5-6959280984ee";
fsType = "btrfs";
};
fileSystems."/persist" =
{ device = "/dev/disk/by-uuid/829b6a38-e49a-46ca-8737-b21c86c93352";
fsType = "btrfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/B68E-0AAC";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/rescue" =
{ device = "/dev/disk/by-uuid/af3f9f20-2a6c-44e2-ad81-f07bd18ae283";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/41fcc628-50bf-43df-9daa-0095b45fd9bd"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

85
hosts/pennsardin/configuration.nix
View file

@ -1,18 +1,72 @@
{pkgs, ...}: {pkgs, config, ...}:
let let
globals = import ../../config/globals.nix; globals = import ../../config/globals.nix;
in { in {
imports = [ imports = [
../../profiles/workstation-bspwm.nix
../../modules/hardware/bepovim.nix
../../modules/common/nix.nix ../../modules/common/nix.nix
../../modules/hardware/bepovim.nix
../../modules/desktop/xorg-bspwm.nix
../../modules/common/base.nix
../../modules/common/fonts.nix
../../modules/common/networking.nix
../../modules/common/plymouth.nix
../../modules/common/audio.nix
../../modules/common/bluetooth.nix
../../modules/common/gaming.nix
../../modules/common/lockscreen.nix
../../modules/common/energy.nix
../../modules/common/qemu.nix
../../modules/common/smtp.nix
../../modules/hardware/firmware.nix
../../modules/hardware/gpu-amd.nix
../../modules/hardware/sensors-zenpower.nix
../../modules/services/printing.nix
../../modules/virtual/kvm-amd.nix
../../modules/virtual/vfio.nix
]; ];
networking.hostName = "pennsardin"; networking.hostName = "pennsardin";
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;
boot.extraModulePackages = [ config.boot.kernelPackages.nct6687d ];
boot.kernelModules = [ "nct6683" "k10temp" "i2c-dev" ] ;
boot.swraid.enable = true; boot.swraid.enable = true;
environment.systemPackages = with pkgs; [
lm_sensors
btrfs-progs
cifs-utils
evtest
git
vim
wget
curl
ripgrep
fd
pciutils
usbutils
p7zip
gdu
glances
parted
tmux
xorg.xauth
xorg.xkbcomp
xorg.xev
];
services.openssh = {
enable = true;
settings = {
X11Forwarding = true;
X11DisplayOffset = 10;
X11UseLocalhost = true ;
};
};
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-uuid/b1a1ae71-4277-45d5-a3d2-f49354f263d4"; device = "/dev/disk/by-uuid/b1a1ae71-4277-45d5-a3d2-f49354f263d4";
@ -29,6 +83,30 @@ in {
options = ["defaults" "hidepid=2"]; options = ["defaults" "hidepid=2"];
neededForBoot = true; neededForBoot = true;
}; };
"/home/lomig/Documents" = {
device = "/srv/raid/home-data/Documents";
options = [ "bind" ];
};
"/home/lomig/Images" = {
device = "/srv/raid/home-data/Images";
options = [ "bind" ];
};
"/home/lomig/Musique" = {
device = "/srv/raid/home-data/Musique";
options = [ "bind" ];
};
"/home/lomig/Téléchargements" = {
device = "/srv/raid/home-data/Téléchargements";
options = [ "bind" ];
};
"/home/lomig/Vidéos" = {
device = "/srv/raid/home-data/Vidéos";
options = [ "bind" ];
};
"/home/lomig/nixos-config" = {
device = "/srv/raid/home-data/nixos-config";
options = [ "bind" ];
};
"/srv/raid" = { "/srv/raid" = {
device = "/dev/disk/by-uuid/85f72160-4720-463a-9dc6-7c5216733f2b"; device = "/dev/disk/by-uuid/85f72160-4720-463a-9dc6-7c5216733f2b";
fsType = "btrfs"; fsType = "btrfs";
@ -56,6 +134,7 @@ in {
enp11s0 = { enp11s0 = {
useDHCP = false; useDHCP = false;
wakeOnLan.enable = true ; wakeOnLan.enable = true ;
};
br0 = { br0 = {
useDHCP = false; useDHCP = false;
ipv4.addresses = [ ipv4.addresses = [

50
hosts/terre-neuvas/configuration.nix
View file

@ -5,14 +5,24 @@
config, config,
pkgs, pkgs,
... ...
}: { }: let
globals = import ../../config/globals.nix ;
in {
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
imports = [ imports = [
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware.nix ./hardware.nix
../../profiles/server-selfhosted.nix ../../modules/common/nix.nix
../../modules/services/ftp.nix ../../modules/common/base.nix
../../modules/common/smtp.nix
../../modules/common/qemu.nix
../../modules/services/goaccess.nix
../../modules/services/wikijs.nix
../../modules/services/forgejo.nix ../../modules/services/forgejo.nix
../../modules/sites/porzh.me.nix
../../modules/sites/levr.porzh.me.nix
]; ];
# Bootloader. # Bootloader.
@ -46,25 +56,51 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
git git
btrfs-progs
cifs-utils
lm_sensors
wakeonlan
wget
curl
ripgrep
fd
pciutils
usbutils
p7zip
gdu
glances
tmux
]; ];
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PubkeyAuthentication = true;
};
};
networking = { networking = {
useNetworkd = true; useNetworkd = true;
firewall.allowedTCPPorts = [22 80 5900 5901 5902]; firewall.allowedTCPPorts = [22 80 5900 5901 5902];
firewall.enable = true ;
interfaces.eno1.useDHCP = false; interfaces.eno1.useDHCP = false;
interfaces.br0 = { interfaces.br0 = {
useDHCP = false; useDHCP = false;
ipv4.addresses = [ ipv4.addresses = [
{ {
address = "192.168.0.3"; address = globals.network.terre-neuvas.ip;
prefixLength = 24; prefixLength = 24;
} }
]; ];
}; };
defaultGateway = { defaultGateway = {
interface = "br0"; interface = "br0";
address = "192.168.0.254"; address = globals.network.gateway;
}; };
nameservers = ["192.168.0.254" "1.1.1.1"]; nameservers = [ globals.network.gateway "1.1.1.1"];
bridges.br0.interfaces = ["eno1"]; bridges.br0.interfaces = ["eno1"];
}; };
systemd.network = { systemd.network = {
@ -83,5 +119,7 @@
networkConfig.Bridge = "br0"; networkConfig.Bridge = "br0";
}; };
}; };
system.stateVersion = "25.05"; # Did you read the comment? system.stateVersion = "25.05"; # Did you read the comment?
} }

36
modules/common/energy.nix
View file

@ -1,8 +1,42 @@
_: { { config, pkgs, ... }: {
services.logind.settings.Login = { services.logind.settings.Login = {
IdleAction = "suspend"; IdleAction = "suspend";
IdleActionSec = "5min"; IdleActionSec = "5min";
HandleLidSwitch = "suspend"; HandleLidSwitch = "suspend";
HandleLidSwitchDocked = "ignore"; HandleLidSwitchDocked = "ignore";
}; };
systemd.services.ssh-suspend-inhibitor = {
description = "Prevent suspend when SSH sessions are active";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
Restart = "always";
ExecStart = pkgs.writeShellScript "ssh-inhibitor" ''
while true; do
# Vérifie s'il y a des sessions SSH actives
if ${pkgs.procps}/bin/pgrep -x sshd >/dev/null && \
[ $(${pkgs.procps}/bin/pgrep -P $(${pkgs.procps}/bin/pgrep -x sshd) | wc -l) -gt 0 ]; then
# Il y a des sessions SSH, on crée un inhibitor s'il n'existe pas
if [ ! -f /tmp/ssh-inhibitor.lock ]; then
${pkgs.systemd}/bin/systemd-inhibit --what=idle:sleep \
--who="SSH Session" \
--why="SSH session active" \
--mode=block \
sleep infinity &
echo $! > /tmp/ssh-inhibitor.lock
fi
else
# Pas de sessions SSH, on retire l'inhibitor
if [ -f /tmp/ssh-inhibitor.lock ]; then
kill $(cat /tmp/ssh-inhibitor.lock) 2>/dev/null || true
rm /tmp/ssh-inhibitor.lock
fi
fi
sleep 10
done
'';
};
};
} }

6
modules/common/nix.nix
View file

@ -4,6 +4,12 @@
experimental-features = ["nix-command" "flakes"]; experimental-features = ["nix-command" "flakes"];
}; };
nix.gc = {
automatic = true ;
dates = "daily" ;
options = "--delete-older-than 7d" ;
};
nixpkgs.config = { nixpkgs.config = {
# allowUnfree = true; # allowUnfree = true;
# allowUnsupportedSystem = true; # allowUnsupportedSystem = true;

1
modules/common/qemu.nix
View file

@ -8,6 +8,7 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
qemu qemu
qemu_kvm qemu_kvm
tunctl
virtiofsd virtiofsd
]; ];

3
modules/hardware/gpu-amd.nix
View file

@ -23,7 +23,6 @@
libva-utils libva-utils
libvdpau libvdpau
libva-vdpau-driver libva-vdpau-driver
vaapiVdpau
libvdpau-va-gl libvdpau-va-gl
vulkan-tools vulkan-tools
vulkan-loader vulkan-loader
@ -44,6 +43,4 @@
"radeon.cik_support=0" "radeon.cik_support=0"
]; ];
# Si un module sonde "k10temp" gêne :
boot.blacklistedKernelModules = ["k10temp"];
} }

19
modules/roles/server.nix
View file

@ -1,19 +0,0 @@
{pkgs, ...}: {
imports = [
../common/nix.nix
];
environment.systemPackages = with pkgs; [
git
wget
curl
ripgrep
fd
pciutils
usbutils
p7zip
gdu
glances
tmux
];
}

27
modules/roles/workstation.nix
View file

@ -1,27 +0,0 @@
{pkgs, ...}: {
imports = [
../common/nix.nix
../hardware/gpu-amd.nix
../hardware/sensors-zenpower.nix
../virtual/kvm-amd.nix
../virtual/vfio.nix
];
environment.systemPackages = with pkgs; [
git
vim
wget
curl
ripgrep
fd
pciutils
usbutils
p7zip
gdu
glances
parted
tmux
discord
xorg.xauth
];
}

38
modules/services/forgejo.nix
View file

@ -1,25 +1,25 @@
{pkgs, ...}: {pkgs, ...}:
let let
import ../../config/globals.nix; globals = import ../../config/globals.nix;
in { in {
# --- Utilisateur dédié --- # --- Utilisateur dédié ---
users.users.git = { users.users.${globals.services.forgejo.user} = {
isSystemUser = true; isSystemUser = true;
home = "/var/lib/forgejo"; home = globals.services.forgejo.home;
shell = pkgs.bash; shell = pkgs.bash;
group = "git"; group = globals.services.forgejo.user;
}; };
users.groups.git = {}; users.groups.${globals.services.forgejo.user} = {};
# --- Forgejo --- # --- Forgejo ---
services = { services = {
forgejo = { forgejo = {
enable = true; enable = true;
user = "git"; user = globals.services.forgejo.user;
group = "git"; group = globals.services.forgejo.user;
database = { database = {
type = "sqlite3"; type = "sqlite3";
path = "/var/lib/forgejo/data/gitea.db"; path = "${globals.services.forgejo.home}/data/gitea.db";
}; };
settings = { settings = {
server = { server = {
@ -27,7 +27,6 @@ in {
ROOT_URL = "https://${globals.services.forgejo.url}/"; ROOT_URL = "https://${globals.services.forgejo.url}/";
SSH_DOMAIN = globals.services.forgejo.url; SSH_DOMAIN = globals.services.forgejo.url;
HTTP_PORT = globals.services.forgejo.port; HTTP_PORT = globals.services.forgejo.port;
SSH_PORT = 22;
START_SSH_SERVER = false; START_SSH_SERVER = false;
}; };
service = { service = {
@ -44,27 +43,10 @@ in {
enable = true; enable = true;
virtualHosts.${globals.services.forgejo.url} = { virtualHosts.${globals.services.forgejo.url} = {
extraConfig = '' extraConfig = ''
reverse_proxy localhost:${globals.services.forgejo.port} reverse_proxy localhost:${toString globals.services.forgejo.port}
''; '';
}; };
}; };
}; };
networking.firewall.allowedTCPPorts = [80 443 22 ];
# --- Ouvrir les ports nécessaires ---
networking.firewall = {
allowedTCPPorts = [80 443 2222];
interfaces."eth0".allowedTCPPorts = [22];
};
# --- Pour que Forgejo génère les bonnes URLs Git ---
# networking.hostName = "git"; # non strictement obligatoire
# --- Optionnel : config DNS ---
# git.lomig.me -> ton IP publique (ou IP locale si LAN)
# --- Pour te cloner un dépôt : ---
# git clone git@git.lomig.me:lomig/nom-du-repo.git
# --- Astuce : génère une paire de clés pour laccès SSH Git ---
# ssh-keygen -t ed25519 -f ~/.ssh/id_git_forgejo
# puis ajoute la clé publique dans ton compte Forgejo
} }

67
modules/services/ftp.nix
View file

@ -1,67 +0,0 @@
_: {
# -------------------------------------------------
# 1⃣ Création de lutilisateur système dédié FTP
# -------------------------------------------------
users.users.ftpuser = {
isSystemUser = true; # pas de login shell
description = "Compte FTP dédié";
home = "/srv/ftp/ftpuser";
createHome = true;
group = "ftpuser";
shell = "/usr/bin/nologin";
};
users.groups.ftpuser = {};
services.openssh = {
extraConfig = ''
Match User ftpuser
ChrootDirectory /srv/ftp/ftpuser
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
'';
};
# -------------------------------------------------
# 2⃣ Permissions du répertoire home (méthode A)
# -------------------------------------------------
system.activationScripts.setupFtp = ''
# Répertoire racine du chroot lectureseule
chmod a-w /srv/ftp/ftpuser
# Sousrépertoire où lon peut écrire
mkdir -p /srv/ftp/ftpuser/upload
chown ftpuser:ftpuser /srv/ftp/ftpuser/upload
chmod 755 /srv/ftp/ftpuser/upload
'';
# -------------------------------------------------
# 3⃣ Configuration du serveur vsftpd
# -------------------------------------------------
services.vsftpd = {
enable = true;
# Autoriser les comptes locaux (system users)
localUsers = true;
# Refuser laccès anonyme (sécurité renforcée)
anonymousUser = false;
# Chroot chaque utilisateur local dans son $HOME
chrootlocalUser = true;
allowWriteableChroot = true;
extraConfig = ''
pasv_min_port=40000
pasv_max_port=40004
'';
};
# -------------------------------------------------
# 4⃣ Ouverture des ports dans le firewall NixOS
# -------------------------------------------------
networking.firewall = {
allowedTCPPorts = [21 40000 40001 40002 40003 40004];
# Si vous utilisez FTPS implicite (port 990) :
# allowedTCPPorts = [ 21 990 40000 40001 40002 40003 40004 ];
};
}

69
modules/services/goaccess.nix
View file

@ -1,20 +1,38 @@
{pkgs, ...}: {pkgs, config, ...}:
let let
imports = ../../config/globals.nix ; globals = import ../../config/globals.nix ;
in { in {
age.secrets.goaccess-password = {
file = ../../secrets/goaccess-password.age;
owner = "caddy";
group = "caddy";
mode = "0400";
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
goaccess goaccess
]; ];
# Service pour générer le rapport statique GoAccess environment.etc."local/bin/generate-goaccess.sh".text = ''
#!/bin/sh
set -eu
RAW_LOG="/var/log/caddy/access-${globals.services.levr.url}.log"
CLEAN_LOG="/tmp/goaccess-clean.log"
REPORT="${globals.services.goaccess.home}/index.html"
${pkgs.gnugrep}/bin/grep -v '192.168.' "$RAW_LOG" > "$CLEAN_LOG"
${pkgs.goaccess}/bin/goaccess "$CLEAN_LOG" --log-format=CADDY -o "$REPORT";
'';
environment.etc."local/bin/generate-goaccess.sh".mode = "0755";
systemd.services.goaccess-report = { systemd.services.goaccess-report = {
description = "Generate GoAccess HTML report"; description = "Generate GoAccess HTML report";
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.goaccess}/bin/goaccess /var/log/caddy/access-${globals.services.levr.url}.log --log-format=CADDY -o ${globals.services.goaccess.home}/index.html"; ExecStart = "/etc/local/bin/generate-goaccess.sh";
}; };
}; };
# Timer pour régénérer le rapport toutes les heures
systemd.timers.goaccess-report = { systemd.timers.goaccess-report = {
description = "Hourly GoAccess report generation"; description = "Hourly GoAccess report generation";
wantedBy = ["timers.target"]; wantedBy = ["timers.target"];
@ -23,16 +41,43 @@ in {
Persistent = true; Persistent = true;
}; };
}; };
services.caddy = {
virtualHosts = {
globals.services.goaccess.url = {
extraConfig = ''
root * ${globals.services.goaccess.home}
file_server browse
try_files {path} {path}/ /index.html
systemd.services."goaccess-auth-sync" = {
description = "Sync goaccess password for Caddy";
wantedBy = [ "caddy.service" ];
before = [ "caddy.service" ];
serviceConfig = {
Type = "oneshot";
ExecStart = pkgs.writeScript "sync-goaccess-auth" ''
#!${pkgs.bash}/bin/bash
mkdir -p /etc/caddy/extra
cp /run/agenix/goaccess-password /etc/caddy/extra/goaccess-auth.conf
chown caddy:caddy /etc/caddy/extra/goaccess-auth.conf
chmod 400 /etc/caddy/extra/goaccess-auth.conf
''; '';
}; };
}; };
services.caddy = {
virtualHosts = {
"${globals.services.goaccess.url}" = {
extraConfig = ''
root * ${globals.services.goaccess.home}
basic_auth /* {
import /etc/caddy/extra/goaccess-auth.conf
}
file_server browse
try_files {path} {path}/ /index.html
'';
}; };
};
};
systemd.tmpfiles.rules = [
"d ${globals.services.goaccess.home} 0755 root root -"
"d /etc/caddy/extra 0750 caddy caddy -"
];
} }

31
modules/services/outline.nix
View file

@ -1,31 +0,0 @@
{ config, pkgs, lib, ... }:
let
import ../../config/globals.nix ;
in {
services = {
outline = {
enable = true;
port = globals.services.outline.port ;
publicUrl = "http://${globals.services.outline.url}";
forceHttps = true;
smtp = {
host = globals.smtp.host ;
username = globals.smtp.user ;
passwordFile = "/run/secrets/proton_pass";
fromEmail = globals.smtp.user;
replyEmail = globals.smtp.user;
port = globals.smtp.port;
secure = false;
};
storage.storageType = "local";
};
caddy = {
enable = true;
virtualHosts.${globals.services.outline.url} = {
extraConfig = ''
reverse_proxy localhost:${globals.services.outline.port}
'';
};
};
};
}

24
modules/services/pihole.nix
View file

@ -1,24 +0,0 @@
{
virtualisation.oci-containers.containers.pihole = {
image = "pihole/pihole:latest";
autoStart = true;
ports = [
"53:53/udp"
"53:53/tcp"
"80:80/tcp"
];
environment = {
TZ = "Europe/Paris";
WEBPASSWORD = "changeme"; # Change à ta convenance
PIHOLE_DNS_ = "1.1.1.1;1.0.0.1";
};
volumes = [
"/srv/pihole/etc-pihole:/etc/pihole"
"/srv/pihole/etc-dnsmasq.d:/etc/dnsmasq.d"
];
extraOptions = ["--cap-add=NET_ADMIN"];
};
}

33
modules/services/wikijs.nix Normal file
View file

@ -0,0 +1,33 @@
{ pkgs, ... }:
let
globals = import ../../config/globals.nix ;
in {
systemd.services.wiki-js = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
services.wiki-js = {
enable = true;
settings = {
db = {
db = "wiki-js";
host = "/run/postgresql";
type = "postgres";
user = "wiki-js";
};
port = 3002 ;
};
};
services.postgresql = {
enable = true;
ensureDatabases = [ "wiki-js" ];
ensureUsers = [{
name = "wiki-js";
ensureDBOwnership = true;
}];
};
services.caddy.virtualHosts.${globals.services.wikijs.url}.extraConfig = ''
reverse_proxy localhost:${toString globals.services.wikijs.port}
'';
}

31
modules/sites/levr.porzh.me.nix
View file

@ -1,6 +1,6 @@
{ pkgs, lib, ...}: { pkgs, lib, ...}:
let let
import = ../../config/globals.nix ; globals = import ../../config/globals.nix ;
in { in {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
hugo hugo
@ -11,7 +11,7 @@ in {
Type = "oneshot"; Type = "oneshot";
WorkingDirectory = globals.services.levr.home ; WorkingDirectory = globals.services.levr.home ;
ExecStart = ''${pkgs.hugo}/bin/hugo --minify build -d ${globals.services.levr.build}''; ExecStart = ''${pkgs.hugo}/bin/hugo --minify build -d ${globals.services.levr.build}'';
User = "lomig"; User = "levr";
}; };
}; };
systemd.timers.hugo-build = { systemd.timers.hugo-build = {
@ -27,8 +27,8 @@ in {
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
WorkingDirectory = globals.services.levr.home; WorkingDirectory = globals.services.levr.home;
ExecStart = "${pkgs.git}/bin/git pull origin master"; ExecStart = "${pkgs.git}/bin/git pull --rebase origin master";
User = "lomig"; User = "levr";
}; };
environment = { environment = {
PATH = lib.mkForce "${pkgs.openssh}/bin"; PATH = lib.mkForce "${pkgs.openssh}/bin";
@ -44,7 +44,7 @@ in {
services.caddy = { services.caddy = {
enable = true; enable = true;
virtualHosts = { virtualHosts = {
globals.services.levr.url = { "${globals.services.levr.url}" = {
extraConfig = '' extraConfig = ''
@http { @http {
protocol http protocol http
@ -54,10 +54,27 @@ in {
file_server file_server
log { log {
output file /var/log/caddy/access-${global.services.levr.url}.log output file /var/log/caddy/access-${globals.services.levr.url}.log
} }
''; '';
}; };
}; };
}; };
} users = {
users = {
"${globals.services.levr.user}" = {
isSystemUser = true ;
group = globals.services.levr.user ;
home = globals.services.levr.home ;
createHome = true ;
description = "User for hugo-blog builds and deployments";
};
};
groups.${globals.services.levr.user} = {};
};
systemd.tmpfiles.rules = [
"d ${globals.services.levr.home} 0755 levr levr -"
"d ${globals.services.levr.build} 0755 levr levr -"
];
}

4
modules/sites/porzh.me.nix
View file

@ -1,5 +1,5 @@
{pkgs, ...}: let {pkgs, ...}: let
import ../../config/globals.nix ; globals = import ../../config/globals.nix ;
porzhSite = pkgs.stdenv.mkDerivation { porzhSite = pkgs.stdenv.mkDerivation {
pname = "porzh-site"; pname = "porzh-site";
version = "1.0"; version = "1.0";
@ -14,7 +14,7 @@ in {
services.caddy = { services.caddy = {
enable = true; enable = true;
virtualHosts = { virtualHosts = {
globals.domain = { "${globals.domain}" = {
serverAliases = [ "www.${globals.domain}" ]; serverAliases = [ "www.${globals.domain}" ];
extraConfig = '' extraConfig = ''
root * ${porzhSite} root * ${porzhSite}

30
profiles/server-selfhosted.nix
View file

@ -1,30 +0,0 @@
{pkgs, ...}: {
imports = [
../modules/roles/server.nix
../modules/common/base.nix
../modules/common/smtp.nix
../modules/common/qemu.nix
../modules/services/printing.nix
../modules/services/goaccess.nix
../modules/services/outline.nix
../modules/sites/porzh.me.nix
../modules/sites/levr.porzh.me.nix
];
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PubkeyAuthentication = true;
};
};
environment.systemPackages = with pkgs; [
btrfs-progs
cifs-utils
lm_sensors
wakeonlan
];
}
# vim: set ts=2 sw=2 sts=2 et :

39
profiles/workstation-bspwm.nix
View file

@ -1,39 +0,0 @@
{pkgs, ...}: {
imports = [
../modules/roles/workstation.nix
../modules/desktop/xorg-bspwm.nix
../modules/common/base.nix
../modules/common/fonts.nix
../modules/common/networking.nix
../modules/common/plymouth.nix
../modules/hardware/firmware.nix
../modules/hardware/gpu-amd.nix
../modules/common/audio.nix
../modules/common/bluetooth.nix
../modules/common/gaming.nix
../modules/services/printing.nix
../modules/common/lockscreen.nix
../modules/common/energy.nix
../modules/common/qemu.nix
../modules/common/smtp.nix
];
services.openssh = {
enable = true;
settings = {
X11Forwarding = true;
X11DisplayOffset = 10;
};
};
environment.systemPackages = with pkgs; [
btrfs-progs
cifs-utils
evtest
lm_sensors
xorg.xev
xorg.xkbcomp
];
}
# vim: set ts=2 sw=2 sts=2 et :

15
scripts/imports.sh Executable file
View file

@ -0,0 +1,15 @@
#!/usr/bin/env bash
find $HOME/nixos-config -name "*.nix" | while read -r file; do
imports=$(awk '
/imports[[:space:]]*=/ {flag=1}
flag {print}
/\]/ && flag {flag=0}
' "$file" | grep -vE 'imports[[:space:]]*=' | grep -v '\[' | grep -v '\]' | sed 's/^[[:space:]]*//; s/[[:space:]]*$//')
if [[ -n "$imports" ]]; then
echo "$file imports:"
echo "$imports" | sed 's/^/ |--- /'
echo
fi
done

1
secrets/agenix/pennsardin.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICZto2/k9ZiYzWxWM6sfZLq/fIUVDc3BwPb+00dOahkk root@pennsardin

7
secrets/dunoz-password-penduick.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> X25519 t5/4zFfNo5Hq/EacMKriedzv9je2ThBpq/WLegedg2A
sq35AzCE5HVTgqi0cNOcbW5C50sLeCAw4SIR6fbMg2M
-> X25519 yHHx+6CF7VEf331RchlwC9povVUwZBTq9cgAfo3gqjQ
RUsB7tMZRJYGy5Ggw+pnaNPOEiFYwAJn+gquCcNUnQo
--- jJVkAQ9fNSwyrWiyvIVzuTuJuudhL3zv29PI5pdKDz4
ш¤.f­=5¸I¶öWöÖõŠi£N½PÚŸ<>lSww©ðMÌÇí*

BIN
secrets/goaccess-password.age Normal file
View file

Binary file not shown.

11
secrets/secrets.nix Normal file
View file

@ -0,0 +1,11 @@
let
serveur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPRVxB7usThGHf8cuSPE4sjdqSaPNlwWAZPEo1wUgHz6 root@terre-neuvas";
admin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxranFaz3jRfvYE2M6FvRUWjzviIWjWd1mucgKeuSK2 lomig@nixos";
penduick = "age1rnyey8shjxyaq43dzlnhtfkcm3ra4hy3ygh6c46w4xmr7fe9fe3s00nh2r";
dunoz = "age1ppu60aw0v5wxhrc0gyqmgrukh2a5uaxwqxxmuy0w3fv4tnt02ycqrrgmue";
in
{
"goaccess-password.age".publicKeys = [ serveur admin ];
"dunoz-password-penduick.age".publicKeys = [ penduick dunoz ];
}