diff --git a/containers/vsftpd.nix b/containers/vsftpd.nix
new file mode 100644
index 0000000..2881580
--- /dev/null
+++ b/containers/vsftpd.nix
@@ -0,0 +1,49 @@
+{ config, pkgs, ... }:
+{
+ containers.vsftpd = {
+ autoStart = true;
+ config =
+ { config, pkgs, ... }:
+ {
+ nixpkgs.overlays = [
+ (import ../overlays/vsftpd.nix)
+ ];
+ services.vsftpd = {
+ enable = true;
+ forceLocalLoginsSSL = true;
+ forceLocalDataSSL = true;
+ userlistDeny = false;
+ localUsers = true;
+ userlist = ["claire" "manu"];
+ rsaCertFile = "/var/vsftpd/vsftpd.pem";
+ extraConfig = ''
+ pasv_min_port=64000
+ pasv_max_port=65535
+ local_root=/mnt/medias
+ '';
+ };
+
+ users.extraUsers = {
+ claire = {
+ isNormalUser = true;
+ hashedPassword = "$6$Mu47EjsbNTewDkRp$XeQh6rcdvb3BUXzsGqekKImLTrMgnN0VyERoSbpI4rMPlx8oHM9NNeHZtfIiLEaZGtQ9otnbLa54jYse5Iwev1";
+ description = "Claire TREHIOU";
+ };
+
+ manu = {
+ isNormalUser = true;
+ hashedPassword = "$6$YGNIdGEclo$JcUotBS6hqlpENjjUeYhDjtrwxu10oARF4Nq4tEo072Sumr3Rl/w3ZXSHI5/3RxfvUMmJ4ulUVctBLhwrqP.g0";
+ description = "Emmanuel ZENNER";
+ };
+ };
+ };
+ bindMounts = {
+ "/var/vsftpd/vsftpd.pem" = {
+ hostPath = "/var/vsftpd/vsftpd.pem";
+ };
+ "/mnt/medias" = {
+ hostPath = "/mnt/medias";
+ };
+ };
+ };
+}
diff --git a/flake.lock b/flake.lock
deleted file mode 100644
index 05a7057..0000000
--- a/flake.lock
+++ /dev/null
@@ -1,445 +0,0 @@
-{
- "nodes": {
- "blobs": {
- "flake": false,
- "locked": {
- "lastModified": 1604995301,
- "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
- "owner": "simple-nixos-mailserver",
- "repo": "blobs",
- "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
- "type": "gitlab"
- },
- "original": {
- "owner": "simple-nixos-mailserver",
- "repo": "blobs",
- "type": "gitlab"
- }
- },
- "devshell": {
- "inputs": {
- "nixpkgs": [
- "nixvim",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1741473158,
- "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
- "owner": "numtide",
- "repo": "devshell",
- "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "devshell",
- "type": "github"
- }
- },
- "dogetipbot-telegram": {
- "inputs": {
- "nixpkgs": [
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1730148450,
- "narHash": "sha256-CSxPIeDqavQ3fJhshuNs0oS84P1p87BsbNoashKlrKg=",
- "owner": "nyanloutre",
- "repo": "dogetipbot-telegram",
- "rev": "667e318212920005917792b06e0f480b421fa6d3",
- "type": "gitlab"
- },
- "original": {
- "owner": "nyanloutre",
- "ref": "master",
- "repo": "dogetipbot-telegram",
- "type": "gitlab"
- }
- },
- "flake-compat": {
- "locked": {
- "lastModified": 1733328505,
- "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
- "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
- "revCount": 69,
- "type": "tarball",
- "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz"
- },
- "original": {
- "type": "tarball",
- "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
- }
- },
- "flake-compat_2": {
- "flake": false,
- "locked": {
- "lastModified": 1696426674,
- "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
- "owner": "edolstra",
- "repo": "flake-compat",
- "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
- "type": "github"
- },
- "original": {
- "owner": "edolstra",
- "repo": "flake-compat",
- "type": "github"
- }
- },
- "flake-parts": {
- "inputs": {
- "nixpkgs-lib": [
- "nixvim",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1743550720,
- "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
- "owner": "hercules-ci",
- "repo": "flake-parts",
- "rev": "c621e8422220273271f52058f618c94e405bb0f5",
- "type": "github"
- },
- "original": {
- "owner": "hercules-ci",
- "repo": "flake-parts",
- "type": "github"
- }
- },
- "flake-utils": {
- "inputs": {
- "systems": "systems"
- },
- "locked": {
- "lastModified": 1731533236,
- "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "git-hooks": {
- "inputs": {
- "flake-compat": [
- "nixvim",
- "flake-compat"
- ],
- "gitignore": "gitignore",
- "nixpkgs": [
- "nixvim",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1742649964,
- "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
- "owner": "cachix",
- "repo": "git-hooks.nix",
- "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
- "type": "github"
- },
- "original": {
- "owner": "cachix",
- "repo": "git-hooks.nix",
- "type": "github"
- }
- },
- "gitignore": {
- "inputs": {
- "nixpkgs": [
- "nixvim",
- "git-hooks",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1709087332,
- "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
- "owner": "hercules-ci",
- "repo": "gitignore.nix",
- "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
- "type": "github"
- },
- "original": {
- "owner": "hercules-ci",
- "repo": "gitignore.nix",
- "type": "github"
- }
- },
- "home-manager": {
- "inputs": {
- "nixpkgs": [
- "nixvim",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1744743431,
- "narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=",
- "owner": "nix-community",
- "repo": "home-manager",
- "rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387",
- "type": "github"
- },
- "original": {
- "owner": "nix-community",
- "ref": "release-24.11",
- "repo": "home-manager",
- "type": "github"
- }
- },
- "ipmihddtemp": {
- "inputs": {
- "nixpkgs": [
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1747584091,
- "narHash": "sha256-6QMKT0BrLyb2wSFEpmTjYpMS6JOLHRRAMnnM5/qN/vE=",
- "owner": "nyanloutre",
- "repo": "ipmihddtemp",
- "rev": "837ba5a66de1688e7fbce8302cfb363c42a0e1d9",
- "type": "gitlab"
- },
- "original": {
- "owner": "nyanloutre",
- "ref": "master",
- "repo": "ipmihddtemp",
- "type": "gitlab"
- }
- },
- "ixx": {
- "inputs": {
- "flake-utils": [
- "nixvim",
- "nuschtosSearch",
- "flake-utils"
- ],
- "nixpkgs": [
- "nixvim",
- "nuschtosSearch",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1737371634,
- "narHash": "sha256-fTVAWzT1UMm1lT+YxHuVPtH+DATrhYfea3B0MxG/cGw=",
- "owner": "NuschtOS",
- "repo": "ixx",
- "rev": "a1176e2a10ce745ff8f63e4af124ece8fe0b1648",
- "type": "github"
- },
- "original": {
- "owner": "NuschtOS",
- "ref": "v0.0.7",
- "repo": "ixx",
- "type": "github"
- }
- },
- "nix-darwin": {
- "inputs": {
- "nixpkgs": [
- "nixvim",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1743127615,
- "narHash": "sha256-+sMGqywrSr50BGMLMeY789mSrzjkoxZiu61eWjYS/8o=",
- "owner": "lnl7",
- "repo": "nix-darwin",
- "rev": "fc843893cecc1838a59713ee3e50e9e7edc6207c",
- "type": "github"
- },
- "original": {
- "owner": "lnl7",
- "ref": "nix-darwin-24.11",
- "repo": "nix-darwin",
- "type": "github"
- }
- },
- "nixpkgs": {
- "locked": {
- "lastModified": 1747485343,
- "narHash": "sha256-YbsZyuRE1tobO9sv0PUwg81QryYo3L1F3R3rF9bcG38=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "9b5ac7ad45298d58640540d0323ca217f32a6762",
- "type": "github"
- },
- "original": {
- "id": "nixpkgs",
- "ref": "nixos-24.11",
- "type": "indirect"
- }
- },
- "nixpkgs-4a3fc4cf7": {
- "locked": {
- "lastModified": 1716914467,
- "narHash": "sha256-KkT6YM/yNQqirtYj/frn6RRakliB8RDvGqVGGaNhdcU=",
- "owner": "nixos",
- "repo": "nixpkgs",
- "rev": "4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4",
- "type": "github"
- },
- "original": {
- "owner": "nixos",
- "repo": "nixpkgs",
- "rev": "4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4",
- "type": "github"
- }
- },
- "nixpkgs-unstable": {
- "locked": {
- "lastModified": 1747327360,
- "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46",
- "type": "github"
- },
- "original": {
- "id": "nixpkgs",
- "ref": "nixos-unstable",
- "type": "indirect"
- }
- },
- "nixvim": {
- "inputs": {
- "devshell": "devshell",
- "flake-compat": "flake-compat",
- "flake-parts": "flake-parts",
- "git-hooks": "git-hooks",
- "home-manager": "home-manager",
- "nix-darwin": "nix-darwin",
- "nixpkgs": [
- "nixpkgs"
- ],
- "nuschtosSearch": "nuschtosSearch",
- "treefmt-nix": "treefmt-nix"
- },
- "locked": {
- "lastModified": 1745963276,
- "narHash": "sha256-MpLljx/1dGnBIQlUswaUz/ZeOp44R3ngc1iBf4tyzyc=",
- "owner": "nix-community",
- "repo": "nixvim",
- "rev": "5bef8e43ce16ee704c7b9fa9f48a07ce81c5c05d",
- "type": "github"
- },
- "original": {
- "owner": "nix-community",
- "ref": "nixos-24.11",
- "repo": "nixvim",
- "type": "github"
- }
- },
- "nuschtosSearch": {
- "inputs": {
- "flake-utils": "flake-utils",
- "ixx": "ixx",
- "nixpkgs": [
- "nixvim",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1745046075,
- "narHash": "sha256-8v4y6k16Ra/fiecb4DxhsoOGtzLKgKlS+9/XJ9z0T2I=",
- "owner": "NuschtOS",
- "repo": "search",
- "rev": "066afe8643274470f4a294442aadd988356a478f",
- "type": "github"
- },
- "original": {
- "owner": "NuschtOS",
- "repo": "search",
- "type": "github"
- }
- },
- "root": {
- "inputs": {
- "dogetipbot-telegram": "dogetipbot-telegram",
- "ipmihddtemp": "ipmihddtemp",
- "nixpkgs": "nixpkgs",
- "nixpkgs-4a3fc4cf7": "nixpkgs-4a3fc4cf7",
- "nixpkgs-unstable": "nixpkgs-unstable",
- "nixvim": "nixvim",
- "simple-nixos-mailserver": "simple-nixos-mailserver"
- }
- },
- "simple-nixos-mailserver": {
- "inputs": {
- "blobs": "blobs",
- "flake-compat": "flake-compat_2",
- "nixpkgs": [
- "nixpkgs-unstable"
- ],
- "nixpkgs-24_11": [
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1746469806,
- "narHash": "sha256-kL3cc25sc0x+6gBZYjuE4566RT1E3XLQs4V8sl7D+VE=",
- "owner": "simple-nixos-mailserver",
- "repo": "nixos-mailserver",
- "rev": "14857a0309d7bbdf7c51bbfa309d0d13448ae77e",
- "type": "gitlab"
- },
- "original": {
- "owner": "simple-nixos-mailserver",
- "ref": "nixos-24.11",
- "repo": "nixos-mailserver",
- "type": "gitlab"
- }
- },
- "systems": {
- "locked": {
- "lastModified": 1681028828,
- "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
- "owner": "nix-systems",
- "repo": "default",
- "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
- "type": "github"
- },
- "original": {
- "owner": "nix-systems",
- "repo": "default",
- "type": "github"
- }
- },
- "treefmt-nix": {
- "inputs": {
- "nixpkgs": [
- "nixvim",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1744961264,
- "narHash": "sha256-aRmUh0AMwcbdjJHnytg1e5h5ECcaWtIFQa6d9gI85AI=",
- "owner": "numtide",
- "repo": "treefmt-nix",
- "rev": "8d404a69efe76146368885110f29a2ca3700bee6",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "treefmt-nix",
- "type": "github"
- }
- }
- },
- "root": "root",
- "version": 7
-}
diff --git a/flake.nix b/flake.nix
deleted file mode 100644
index a5b8cdb..0000000
--- a/flake.nix
+++ /dev/null
@@ -1,115 +0,0 @@
-{
- inputs = {
- nixpkgs.url = "flake:nixpkgs/nixos-24.11";
- nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable";
- # transmission 4.0.5 downgrade to fix tracker bug
- nixpkgs-4a3fc4cf7.url = "github:nixos/nixpkgs/4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4";
- simple-nixos-mailserver = {
- url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.11";
- inputs = {
- nixpkgs.follows = "nixpkgs-unstable";
- nixpkgs-24_11.follows = "nixpkgs";
- };
- };
- nixvim = {
- url = "github:nix-community/nixvim/nixos-24.11";
- inputs.nixpkgs.follows = "nixpkgs";
- };
- dogetipbot-telegram = {
- url = "gitlab:nyanloutre/dogetipbot-telegram/master";
- inputs.nixpkgs.follows = "nixpkgs";
- };
- ipmihddtemp = {
- url = "gitlab:nyanloutre/ipmihddtemp/master";
- inputs.nixpkgs.follows = "nixpkgs";
- };
- };
-
- outputs =
- {
- self,
- nixpkgs,
- nixpkgs-unstable,
- nixpkgs-4a3fc4cf7,
- simple-nixos-mailserver,
- nixvim,
- dogetipbot-telegram,
- ipmihddtemp,
- }@inputs:
- {
-
- packages.x86_64-linux = (import ./pkgs nixpkgs.legacyPackages.x86_64-linux);
-
- nixosConfigurations.paul-fixe = nixpkgs-unstable.lib.nixosSystem {
- system = "x86_64-linux";
- modules = [
- nixpkgs-unstable.nixosModules.notDetected
- nixvim.nixosModules.nixvim
- {
- nixpkgs.config.allowUnfree = true;
- nix = {
- settings.experimental-features = [
- "nix-command"
- "flakes"
- ];
- registry = {
- nixpkgs.to = {
- type = "path";
- path = nixpkgs-unstable.legacyPackages.x86_64-linux.path;
- };
- };
- };
- }
- ./systems/PC-Fixe/configuration.nix
- ];
- };
-
- nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem rec {
- system = "x86_64-linux";
- specialArgs = {
- inputs = inputs;
- pkgs-4a3fc4cf7 = import nixpkgs-4a3fc4cf7 {
- inherit system;
- };
- };
- modules = [
- nixpkgs-unstable.nixosModules.notDetected
- simple-nixos-mailserver.nixosModule
- nixvim.nixosModules.nixvim
- dogetipbot-telegram.nixosModule
- ipmihddtemp.nixosModule
- {
- nix = {
- settings.experimental-features = [
- "nix-command"
- "flakes"
- ];
- registry = {
- nixpkgs.to = {
- type = "path";
- path = nixpkgs.legacyPackages.x86_64-linux.path;
- };
- };
- };
- systemd.services.watcharr = {
- description = "Watcharr";
- after = [ "network.target" ];
- environment = {
- PORT = "3005";
- WATCHARR_DATA = "/var/lib/watcharr";
- };
- serviceConfig = {
- DynamicUser = true;
- StateDirectory = "watcharr";
- ExecStart = "${self.packages.x86_64-linux.watcharr}/bin/Watcharr";
- PrivateTmp = true;
- };
- wantedBy = [ "multi-user.target" ];
- };
- }
- ./systems/LoutreOS/configuration.nix
- ];
- };
-
- };
-}
diff --git a/overlays/dogetipbot-telegram.nix b/overlays/dogetipbot-telegram.nix
new file mode 100644
index 0000000..9bc16e0
--- /dev/null
+++ b/overlays/dogetipbot-telegram.nix
@@ -0,0 +1,9 @@
+self: super:
+
+{
+ dogetipbot-telegram = super.callPackage (super.fetchgit {
+ url = "https://gitlab.com/nyanloutre/dogetipbot-telegram.git";
+ rev = "3bf1c89aaccded42ce41452c72f7ebf6d4d056ca";
+ sha256 = "1gd1wi054ihbxanvj1ac7mz5ghnxab89a0r3i4hy482sglbxqcih";
+ }) { pkgs = self; };
+}
diff --git a/overlays/ledger-udev-rules.nix b/overlays/ledger-udev-rules.nix
new file mode 100644
index 0000000..495e460
--- /dev/null
+++ b/overlays/ledger-udev-rules.nix
@@ -0,0 +1,18 @@
+self: super:
+
+{
+ ledger-udev-rules = super.writeTextFile {
+ name = "ledger-udev-rules";
+ text = ''
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="1b7c", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users"
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="2b7c", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users"
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="3b7c", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users"
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="4b7c", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users"
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="1807", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users"
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="1808", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users"
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0000", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users"
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0001", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users"
+ '';
+ destination = "/etc/udev/rules.d/99-ledger.rules";
+ };
+}
diff --git a/overlays/neovim.nix b/overlays/neovim.nix
new file mode 100644
index 0000000..48d8531
--- /dev/null
+++ b/overlays/neovim.nix
@@ -0,0 +1,22 @@
+self: super:
+{
+ neovim = super.neovim.override {
+ viAlias = true;
+ vimAlias = true;
+ configure = {
+ customRC = ''
+ set shiftwidth=2
+ set softtabstop=2
+ set expandtab
+ set background=dark
+ '';
+ packages.myVimPackage = with super.vimPlugins; {
+ start = [
+ vim-startify airline sensible
+ polyglot ale fugitive
+ ];
+ opt = [ ];
+ };
+ };
+ };
+}
diff --git a/overlays/riot-web.nix b/overlays/riot-web.nix
new file mode 100644
index 0000000..74539b1
--- /dev/null
+++ b/overlays/riot-web.nix
@@ -0,0 +1,13 @@
+self: super:
+{
+ riot-web = super.riot-web.override {
+ conf = ''
+ {
+ "default_hs_url": "https://matrix.nyanlout.re",
+ "default_is_url": "https://vector.im",
+ "brand": "Nyanloutre",
+ "default_theme": "dark"
+ }
+ '';
+ };
+}
diff --git a/overlays/sudo.nix b/overlays/sudo.nix
new file mode 100644
index 0000000..229ad6e
--- /dev/null
+++ b/overlays/sudo.nix
@@ -0,0 +1,6 @@
+self: super:
+{
+ sudo = super.sudo.override {
+ withInsults = true;
+ };
+}
diff --git a/overlays/vsftpd.nix b/overlays/vsftpd.nix
new file mode 100644
index 0000000..9475490
--- /dev/null
+++ b/overlays/vsftpd.nix
@@ -0,0 +1,6 @@
+self: super:
+{
+ vsftpd = super.vsftpd.override {
+ sslEnable = true;
+ };
+}
diff --git a/pkgs/default.nix b/pkgs/default.nix
deleted file mode 100644
index f433fdd..0000000
--- a/pkgs/default.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-pkgs: {
- watcharr = pkgs.callPackage ./watcharr { };
-}
diff --git a/pkgs/site-max/default.nix b/pkgs/site-max/default.nix
new file mode 100644
index 0000000..a42387c
--- /dev/null
+++ b/pkgs/site-max/default.nix
@@ -0,0 +1,30 @@
+{ lib, stdenv, fetchFromGitHub, sassc }:
+
+stdenv.mkDerivation rec {
+ name= "site-max-${version}";
+ version = "1.0.1";
+
+ src = fetchFromGitHub {
+ owner = "nyanloutre";
+ repo = "site-max";
+ rev = "85e30457291e6a1dfe85a5d7a78f226657bad279";
+ sha256 = "0fj5w43gcvp0gq0xlknrf6yp0b48wg01686wp02fjc9npm424g0v";
+ };
+
+ buildPhase = ''
+ ${sassc}/bin/sassc -m auto -t compressed scss/creative.scss css/creative.css
+ '';
+
+ installPhase = ''
+ mkdir -p $out/
+ cp -R . $out/
+ '';
+
+ meta = {
+ description = "Site de présentation de Max Spiegel";
+ homepage = https://maxspiegel.fr/;
+ maintainers = with stdenv.lib.maintainers; [ nyanloutre ];
+ license = stdenv.lib.licenses.cc-by-nc-sa-40;
+ platforms = stdenv.lib.platforms.all;
+ };
+}
diff --git a/pkgs/watcharr/default.nix b/pkgs/watcharr/default.nix
deleted file mode 100644
index dc3cbd0..0000000
--- a/pkgs/watcharr/default.nix
+++ /dev/null
@@ -1,65 +0,0 @@
-{
- lib,
- pkgs,
- buildGoModule,
- fetchFromGitHub,
- buildNpmPackage,
- nixosTests,
- caddy,
- testers,
- installShellFiles,
- stdenv,
-}:
-
-let
- version = "1.41.0";
- src = fetchFromGitHub {
- owner = "sbondCo";
- repo = "Watcharr";
- rev = "v${version}";
- hash = "sha256-ZvCxgfZZ9pbp+NvH+IhWphJWnAwgAH0x/REPd/XxJ70=";
- };
-
- frontend = buildNpmPackage {
- pname = "watcharr-ui";
- inherit version src;
- npmDepsHash = "sha256-73paI0y4QyzkEnU99f1HeLD/hW8GP3F9N8tGGQnloH8=";
-
- installPhase = ''
- cp -r build $out
- cp package.json package-lock.json $out
- cd $out && npm ci --omit=dev
- '';
- };
-in
-buildGoModule {
- pname = "watcharr";
- inherit version;
-
- src = src + "/server";
-
- vendorHash = "sha256-86pFpS8ZSj+c7vwn0QCwzXlvVYJIf3SBj4X81zlwBWQ=";
-
- # Inject frontend assets into go embed
- prePatch = ''
- # rm -rf ui
- # ln -s ${frontend} ui
- substituteInPlace watcharr.go \
- --replace-fail ui/index.js ${frontend}/index.js \
- --replace-fail \"127.0.0.1:3000\" "\"127.0.0.1:\"+os.Getenv(\"PORT\")"
- '';
-
- buildInputs = [ pkgs.makeWrapper ];
-
- postFixup = ''
- wrapProgram "$out/bin/Watcharr" --prefix PATH : "${lib.makeBinPath [ pkgs.nodejs ]}"
- '';
-
- meta = with lib; {
- homepage = "https://watcharr.app/";
- description = "Open source, self-hostable watched list for all your content with user authentication, modern and clean UI and a very simple setup";
- license = licenses.asl20;
- # mainProgram = "caddy";
- maintainers = with maintainers; [ nyanloutre ];
- };
-}
diff --git a/services/auto-pr.nix b/services/auto-pr.nix
new file mode 100644
index 0000000..0ac765c
--- /dev/null
+++ b/services/auto-pr.nix
@@ -0,0 +1,44 @@
+{lib, config, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.services.auto-pr;
+in
+{
+ options.services.auto-pr = {
+ enable = mkEnableOption "Cron job PR mise à jour automatique";
+ };
+
+ config = mkIf cfg.enable {
+
+ systemd.services.auto-pr-bot = {
+ description = "Création d'un PR si mise à jour";
+ requires = ["network-online.target"];
+ environment = { HOME = "/var/lib/auto-pr-bot"; };
+ serviceConfig = {
+ DynamicUser = true;
+ CacheDirectory = "auto-pr-bot";
+ StateDirectory = "auto-pr-bot";
+ Type = "oneshot";
+ ExecStart = with pkgs;
+ let env = python3Packages.python.buildEnv.override {
+ extraLibs = [ python3Packages.PyGithub python3Packages.pyjwt python3Packages.colorama ];
+ ignoreCollisions = true;
+ };
+ in "${pkgs.writeShellScriptBin "run.sh" ''
+ ${env}/bin/python ${pkgs.writeScript "pr-autobot.py" "${readFile ./pr-autobot.py}"} --private-key /var/lib/auto-pr-bot/private-key.pem --app-id 19565 --installation-id 407088 --repo nyanloutre/nixpkgs --cache-dir /var/cache/auto-pr-bot
+ ''}/bin/run.sh";
+ };
+ };
+
+ systemd.timers.auto-pr-bot = {
+ description = "Timer auto PR bot";
+ requires = ["network-online.target"];
+ wantedBy = ["multi-user.target"];
+ timerConfig = { OnCalendar = "daily"; Unit = "auto-pr-bot.service"; };
+ };
+
+ };
+
+}
diff --git a/services/haproxy-acme.nix b/services/haproxy-acme.nix
new file mode 100644
index 0000000..b16cf76
--- /dev/null
+++ b/services/haproxy-acme.nix
@@ -0,0 +1,149 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.services.haproxy-acme;
+
+ nginx_port = 54321;
+
+ haproxyConf = ''
+ global
+ log /dev/log local0
+ log /dev/log local1 notice
+ user haproxy
+ group haproxy
+ ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+ ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
+ ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+ ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
+ defaults
+ option forwardfor
+ option http-server-close
+ timeout client 10s
+ timeout connect 4s
+ timeout server 30s
+ userlist LOUTRE
+ user paul password $6$6rDdCtzSVsAwB6KP$V8bR7KP7FSL2BSEh6n3op6iYhAnsVSPI2Ar3H6MwKrJ/lZRzUI8a0TwVBD2JPnAntUhLpmRudrvdq2Ls2odAy.
+ frontend public
+ bind :::80 v4v6
+ bind :::443 v4v6 ssl crt /var/lib/acme/${cfg.domaine}/full.pem alpn h2,http/1.1
+ mode http
+ acl letsencrypt-acl path_beg /.well-known/acme-challenge/
+ acl haproxy-acl path_beg /haproxy
+ redirect scheme https code 301 if !{ ssl_fc } !letsencrypt-acl
+ http-response set-header Strict-Transport-Security max-age=15768000
+ use_backend letsencrypt-backend if letsencrypt-acl
+ use_backend haproxy_stats if haproxy-acl
+
+ ${concatStrings (
+ mapAttrsToList (name: value:
+ " acl ${name}-acl hdr(host) -i ${name}\n"
+ + " use_backend ${name}-backend if ${name}-acl\n"
+ ) cfg.services)}
+
+ backend letsencrypt-backend
+ mode http
+ server letsencrypt 127.0.0.1:${toString nginx_port}
+ backend haproxy_stats
+ mode http
+ stats enable
+ stats hide-version
+ acl AuthOK_LOUTRE http_auth(LOUTRE)
+ http-request auth realm LOUTRE if !AuthOK_LOUTRE
+
+ ${concatStrings (
+ mapAttrsToList (name: value:
+ ''
+ backend ${name}-backend
+ mode http
+ ${(
+ if value.socket == "" then
+ ''
+ server ${name} ${value.ip}:${toString value.port}
+ ''
+ else
+ ''
+ server ${name} ${value.socket}
+ ''
+ )}
+ ${(if value.auth then (
+ value.extraAcls
+ + ''
+ acl AUTH_OK http_auth(LOUTRE)
+ http-request auth realm LOUTRE if ${value.aclBool}
+ ''
+ ) else "")}
+ ''
+ ) cfg.services)}
+
+ '';
+in
+{
+ options.services.haproxy-acme = {
+ enable = mkEnableOption "HAproxy + ACME";
+
+ domaine = mkOption {
+ type = types.string;
+ example = "example.com";
+ description = ''
+ Sous domaine à utiliser
+
+ Il est necessaire d'avoir un enregistrement pointant sur la wildcard de ce domaine vers le serveur
+ '';
+ };
+
+ services = mkOption {
+ type = with types; attrsOf (submodule { options = {
+ ip = mkOption { type = str; description = "IP address"; };
+ port = mkOption { type = int; description = "Port number"; };
+ socket = mkOption { type = str; description = "Emplacement du socket"; default = ""; };
+ auth = mkOption { type = bool; description = "Enable authentification"; default = false; };
+ extraAcls = mkOption { type = str; description = "ACL HaProxy suplémentaires"; default = ""; };
+ aclBool = mkOption { type = str; description = "Logique d'authentification"; default = "!AUTH_OK"; };
+ }; });
+ example = ''
+ haproxy_backends = {
+ example = { ip = "127.0.0.1"; port = 1234; auth = false; };
+ };
+ '';
+ description = "Liste des noms de domaines associés à leur backend";
+ };
+ };
+
+ config = mkIf cfg.enable {
+
+ services.haproxy.enable = true;
+
+ services.haproxy.config = haproxyConf;
+
+ services.nginx.enable = true;
+ services.nginx.virtualHosts = {
+ "acme" = {
+ listen = [ { addr = "127.0.0.1"; port = nginx_port; } ];
+ locations = { "/" = { root = "/var/www/challenges"; }; };
+ };
+ };
+
+ security.acme.certs = {
+ ${cfg.domaine} = {
+ extraDomains = mapAttrs' (name: value:
+ nameValuePair ("${name}") (null)
+ ) cfg.services;
+ webroot = "/var/www/challenges";
+ email = "paul@nyanlout.re";
+ user = "haproxy";
+ group = "haproxy";
+ postRun = ''
+ systemctl reload haproxy.service
+ '';
+ };
+ };
+ security.acme.directory = "/var/lib/acme";
+
+ networking.firewall.allowedTCPPorts = [
+ 80 443
+ ];
+
+ };
+}
diff --git a/services/mail-server.nix b/services/mail-server.nix
new file mode 100644
index 0000000..13fca17
--- /dev/null
+++ b/services/mail-server.nix
@@ -0,0 +1,67 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.services.mailserver;
+in
+{
+ options.services.mailserver = {
+ enable = mkEnableOption "Mail Server";
+ domaine = mkOption {
+ type = types.string;
+ example = "example.com";
+ description = "Nom de domaine du serveur de mails";
+ };
+ };
+
+ imports = [
+ (builtins.fetchTarball {
+ url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.0/nixos-mailserver-v2.2.0.tar.gz";
+ sha256 = "0gqzgy50hgb5zmdjiffaqp277a68564vflfpjvk1gv6079zahksc";
+ })
+ ];
+
+ config = mkIf cfg.enable {
+
+ mailserver = {
+ enable = true;
+ fqdn = "mail.${cfg.domaine}";
+ domains = [ cfg.domaine ];
+
+ # A list of all login accounts. To create the password hashes, use
+ # mkpasswd -m sha-512 "super secret password"
+ loginAccounts = {
+ "paul@${cfg.domaine}" = {
+ hashedPassword = "$6$8wWQbtqVqUoH8$pQKg0bZPcjCbuPvyhjJ1lQy949M/AgfmAye/hDEIVUnCfwtlUxC1yj8CBHpNKeiiXhd8IUqk9r0/IJNvB6okf0";
+ };
+ };
+
+ # Certificate setup
+ certificateScheme = 1;
+ certificateFile = "/var/lib/acme/${cfg.domaine}/fullchain.pem";
+ keyFile = "/var/lib/acme/${cfg.domaine}/key.pem";
+
+ # Enable IMAP and POP3
+ enableImap = true;
+ enablePop3 = true;
+ enableImapSsl = true;
+ enablePop3Ssl = true;
+
+ # Enable the ManageSieve protocol
+ enableManageSieve = true;
+ };
+
+ security.acme.certs = {
+ "${cfg.domaine}" = {
+ extraDomains = {
+ "mail.${cfg.domaine}" = null;
+ };
+ postRun = ''
+ systemctl reload dovecot2.service
+ '';
+ };
+ };
+
+ };
+}
diff --git a/services/pr-autobot.py b/services/pr-autobot.py
new file mode 100755
index 0000000..a1ad4b1
--- /dev/null
+++ b/services/pr-autobot.py
@@ -0,0 +1,74 @@
+#!/usr/bin/env python
+
+import jwt, time, urllib.request, json, datetime, argparse, sys, textwrap
+from github import Github
+from colorama import Fore, Style
+from time import sleep
+
+parser = argparse.ArgumentParser(description='Create PR to update nixpkgs fork')
+parser.add_argument('--private-key')
+parser.add_argument('--app-id')
+parser.add_argument('--installation-id')
+parser.add_argument('--repo')
+parser.add_argument('--cache-dir')
+args = vars(parser.parse_args())
+
+channel_req = urllib.request.Request(url='https://nixos.org/channels/nixos-18.09/git-revision')
+latest_commit = urllib.request.urlopen(channel_req).read().decode('utf-8')
+try:
+ previous_commit = open(args['cache_dir'] + '/git-revision', 'r').read()
+except FileNotFoundError:
+ open(args['cache_dir'] + '/git-revision', 'w').write(latest_commit)
+ print("Premier lancement, le hash du dernier commit à été sauvegardé")
+ sys.exit(0)
+
+print("Dernier commit : " + latest_commit)
+print("Commit précédent : " + previous_commit)
+
+if latest_commit != previous_commit:
+ bearer_token = jwt.encode({
+ 'iat': int(time.time()),
+ 'exp': int(time.time()) + (10 * 60),
+ 'iss': args['app_id']
+ },
+ open(args['private_key'],"r").read(),
+ algorithm='RS256')
+
+ req = urllib.request.Request(url='https://api.github.com/app/installations/' +
+ args['installation_id'] +
+ '/access_tokens',
+ method='POST')
+
+ req.add_header('Authorization', 'Bearer ' + bearer_token.decode('utf-8'))
+ req.add_header('Accept', 'application/vnd.github.machine-man-preview+json')
+
+ token = json.loads(urllib.request.urlopen(req).read().decode('utf-8'))['token']
+
+ g = Github(token)
+ repo = g.get_repo(args['repo'])
+
+ branch = "upgrade-" + datetime.datetime.now().strftime('%Y-%m-%d') + '-' + latest_commit[:11];
+
+ repo.create_git_ref('refs/heads/' + branch, latest_commit)
+
+ pr_message = textwrap.dedent("""\
+ ### Pull request automatique
+ ### Avancement mise à jour
+ - [ ] Fusionner la branche
+ """)
+
+ pr = repo.create_pull(title=branch, body=pr_message, base='nixos-18.09', head=branch)
+
+ print("Pull request numéro " + str(pr.number) + " créée")
+ print("URL : " + pr.html_url)
+
+ while pr.mergeable == None:
+ pr = repo.get_pull(pr.number)
+ sleep(1)
+
+ pr.edit(body = pr.body + "\n- [ ] Exécuter `nixos-rebuild -I nixpkgs=https://github.com/nyanloutre/nixpkgs/archive/" + pr.merge_commit_sha + ".tar.gz switch`")
+ print("État : " + ((Fore.GREEN + "Fusionnable") if pr.mergeable else (Fore.RED + "Conflit")) + Style.RESET_ALL)
+
+ open(args['cache_dir'] + '/git-revision', 'w').write(latest_commit)
+else:
+ print(Fore.GREEN + "Aucun changement détecté" + Style.RESET_ALL)
diff --git a/services/python-ci.nix b/services/python-ci.nix
new file mode 100644
index 0000000..2523d8f
--- /dev/null
+++ b/services/python-ci.nix
@@ -0,0 +1,41 @@
+{lib, config, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.services.python-ci;
+in
+{
+ options.services.python-ci = {
+ enable = mkEnableOption "Service de CI Nix écrit en Python";
+ };
+
+ config = mkIf cfg.enable {
+
+ systemd.services.python-ci = {
+ description = "CI Nix en Python";
+ requires = ["network-online.target"];
+ wantedBy = ["multi-user.target"];
+ environment = { HOME = "/var/lib/python-ci"; NIX_PATH = concatStringsSep ":" config.nix.nixPath; NIXPKGS_ALLOW_UNFREE = "1";};
+ path = with pkgs;[ nix gnutar gzip ];
+ serviceConfig = {
+ DynamicUser = true;
+ StateDirectory = "python-ci";
+ RuntimeDirectory = "python-ci";
+ RuntimeDirectoryPreserve = "yes";
+ ExecStart = with pkgs;
+ let env = python3Packages.python.buildEnv.override {
+ extraLibs = with python3Packages;[ pyramid python-gitlab ];
+ ignoreCollisions = true;
+ };
+ in "${pkgs.writeShellScriptBin "run.sh" ''
+ ${env}/bin/python ${pkgs.writeScript "python-ci.py" "${readFile ./python-ci.py}"} --port 52350 \
+ --secret /var/lib/python-ci/secret --gitlab-token /var/lib/python-ci/gitlab_token \
+ --gitea-token /var/lib/python-ci/gitea_token --output /run/python-ci
+ ''}/bin/run.sh";
+ };
+ };
+
+ };
+
+}
diff --git a/services/python-ci.py b/services/python-ci.py
new file mode 100755
index 0000000..825f402
--- /dev/null
+++ b/services/python-ci.py
@@ -0,0 +1,153 @@
+#! /usr/bin/env nix-shell
+#! nix-shell -i python3 -p "python3.withPackages(ps: [ps.pyramid ps.python-gitlab])"
+from wsgiref.simple_server import make_server
+from pyramid.config import Configurator
+from pyramid.view import view_config, view_defaults
+from pyramid.httpexceptions import HTTPNotFound
+from subprocess import check_call, CalledProcessError
+import urllib.request
+import tarfile
+from tempfile import TemporaryDirectory
+from multiprocessing import Pool
+from gitlab import Gitlab
+import urllib.request
+import json
+import argparse
+
+
+def gitlab_build(payload, gl):
+ commit = gl.projects.get(payload['project']['path_with_namespace']).commits.get(payload['checkout_sha'])
+
+ commit.statuses.create({'state': 'running', 'name': 'Python CI'})
+ print("push from " + payload['user_name'])
+ print("repo: " + payload['project']['path_with_namespace'])
+ print("commit: " + payload['checkout_sha'])
+ temp_dir = TemporaryDirectory()
+ repo_dir = temp_dir.name + '/' + payload['project']['name'] + '-' + payload['checkout_sha']
+ archive_url = payload['project']['web_url'] + '/-/archive/' + payload['checkout_sha'] + \
+ '/' + payload['project']['name'] + '-' + payload['checkout_sha'] + '.tar.gz'
+
+ with urllib.request.urlopen(archive_url) as gitlab_archive:
+ with tarfile.open(fileobj=gitlab_archive, mode='r|gz') as gitlab_repo_files:
+ gitlab_repo_files.extractall(path=temp_dir.name)
+
+ check_call(['ls', '-lha', repo_dir])
+
+ try:
+ check_call(['nix-build', '-o', args.output + '/' + payload['project']['path_with_namespace'], repo_dir])
+ except CalledProcessError:
+ commit.statuses.create({'state': 'failed', 'name': 'Python CI'})
+ print("erreur build")
+ else:
+ commit.statuses.create({'state': 'success', 'name': 'Python CI'})
+ print("build terminé")
+
+
+@view_defaults(
+ route_name="gitlab_payload", renderer="json", request_method="POST"
+)
+class GitlabHook(object):
+
+ def __init__(self, request):
+ self.request = request
+ self.payload = self.request.json
+ self.whitelist = ['nyanloutre/site-musique']
+ self.secret = open(args.secret, 'r').readline().splitlines()[0]
+ self.gitlab_token = open(args.gitlab_token, 'r').readline().splitlines()[0]
+ self.gl = Gitlab('https://gitlab.com', private_token=self.gitlab_token)
+
+ @view_config(header="X-Gitlab-Event:Push Hook")
+ def push_hook(self):
+ if self.payload['project']['path_with_namespace'] in self.whitelist and self.request.headers['X-Gitlab-Token'] == self.secret:
+ self.gl.projects.get(self.payload['project']['path_with_namespace']).commits.get(self.payload['checkout_sha']).statuses.create({'state': 'pending', 'name': 'Python CI'})
+ pool.apply_async(gitlab_build, (self.payload, self.gl))
+ return "build started"
+ else:
+ raise HTTPNotFound
+
+
+def gitea_status_update(repo, commit, token, status):
+ url = 'https://gitea.nyanlout.re/api/v1/repos/' + repo + '/statuses/' + commit
+ print(url)
+ req = urllib.request.Request(url)
+ req.add_header('Content-Type', 'application/json; charset=utf-8')
+ req.add_header('accept', 'application/json')
+ req.add_header('Authorization', 'token ' + token)
+
+ jsondata = json.dumps({'state': status}).encode('utf-8')
+ req.add_header('Content-Length', len(jsondata))
+
+ urllib.request.urlopen(req, jsondata)
+
+def gitea_build(payload, token):
+ commit = payload['after']
+ repo = payload['repository']['full_name']
+
+ gitea_status_update(repo, commit, token, 'pending')
+
+ print("push from " + payload['pusher']['username'])
+ print("repo: " + repo)
+ print("commit: " + commit)
+ temp_dir = TemporaryDirectory()
+ repo_dir = temp_dir.name + '/' + payload['repository']['name']
+ archive_url = payload['repository']['html_url'] + '/archive/' + commit + '.tar.gz'
+
+ with urllib.request.urlopen(archive_url) as gitea_archive:
+ with tarfile.open(fileobj=gitea_archive, mode='r|gz') as gitea_repo_files:
+ gitea_repo_files.extractall(path=temp_dir.name)
+
+ check_call(['ls', '-lha', repo_dir])
+
+ try:
+ check_call(['nix-build', '-o', args.output + '/' + repo, repo_dir])
+ except CalledProcessError:
+ gitea_status_update(repo, commit, token, 'failure')
+ print("erreur build")
+ else:
+ gitea_status_update(repo, commit, token, 'success')
+ print("build terminé")
+
+
+@view_defaults(
+ route_name="gitea_payload", renderer="json", request_method="POST"
+)
+class GiteaHook(object):
+
+ def __init__(self, request):
+ self.request = request
+ self.payload = self.request.json
+ self.whitelist = ['nyanloutre/site-musique', 'nyanloutre/site-max']
+ self.secret = open(args.secret, 'r').readline().splitlines()[0]
+ self.gitea_token = open(args.gitea_token, 'r').readline().splitlines()[0]
+
+ @view_config(header="X-Gitea-Event:push")
+ def push_hook(self):
+ if self.payload['repository']['full_name'] in self.whitelist and self.payload['secret'] == self.secret:
+ pool.apply_async(gitea_build, (self.payload, self.gitea_token))
+ return "build started"
+ else:
+ raise HTTPNotFound
+
+
+if __name__ == "__main__":
+ parser = argparse.ArgumentParser(description='CI server')
+ parser.add_argument('--address', help='listening address', default='127.0.0.1')
+ parser.add_argument('--port', type=int, help='listening port')
+ parser.add_argument('--output', help='output directory')
+ parser.add_argument('--secret', help='repo secret file')
+ parser.add_argument('--gitlab-token', help='gitlab token file')
+ parser.add_argument('--gitea-token', help='gitea token file')
+ args = parser.parse_args()
+
+ pool = Pool(1)
+
+ config = Configurator()
+
+ config.add_route("gitlab_payload", "/gitlab_payload")
+ config.add_route("gitea_payload", "/gitea_payload")
+ config.scan()
+
+ app = config.make_wsgi_app()
+ server = make_server(args.address, args.port, app)
+ print('listening ...')
+ server.serve_forever()
diff --git a/services/sdtdserver.nix b/services/sdtdserver.nix
new file mode 100644
index 0000000..c233150
--- /dev/null
+++ b/services/sdtdserver.nix
@@ -0,0 +1,120 @@
+{lib, config, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.services.sdtdserver;
+ gamePath = "/var/lib/sdtdserver";
+ gameOptions = {
+ ServerPort="26900";
+ ServerVisibility="2";
+ ServerName="Serveur des loutres";
+ ServerPassword="";
+ ServerMaxPlayerCount="16";
+ ServerReservedSlots="0";
+ ServerReservedSlotsPermission="100";
+ ServerAdminSlots="0";
+ ServerAdminSlotsPermission="0";
+ ServerDescription="Un serveur idiot anti gilets jaunes";
+ ServerWebsiteURL="";
+ ServerDisabledNetworkProtocols="";
+ GameWorld="Navezgane";
+ WorldGenSeed="Lakeu";
+ WorldGenSize="4096";
+ GameName="Lakeu";
+ GameDifficulty="2";
+ GameMode="GameModeSurvival";
+ ZombiesRun="0";
+ ZombieMove="0";
+ ZombieMoveNight="3";
+ ZombieFeralMove="3";
+ ZombieBMMove="3";
+ BuildCreate="false";
+ DayNightLength="60";
+ DayLightLength="18";
+ PlayerKillingMode="3";
+ PersistentPlayerProfiles="false";
+ PlayerSafeZoneLevel="5";
+ PlayerSafeZoneHours="5";
+ ControlPanelEnabled="false";
+ ControlPanelPort="8080";
+ ControlPanelPassword="CHANGEME";
+ TelnetEnabled="false";
+ TelnetPort="8081";
+ TelnetPassword="";
+ TelnetFailedLoginLimit="10";
+ TelnetFailedLoginsBlocktime="10";
+ TerminalWindowEnabled="false";
+ AdminFileName="serveradmin.xml";
+ DropOnDeath="0";
+ DropOnQuit="0";
+ BloodMoonEnemyCount="8";
+ EnemySpawnMode="true";
+ EnemyDifficulty="0";
+ BlockDurabilityModifier="100";
+ LootAbundance="100";
+ LootRespawnDays="30";
+ LandClaimSize="41";
+ LandClaimDeadZone="30";
+ LandClaimExpiryTime="3";
+ LandClaimDecayMode="0";
+ LandClaimOnlineDurabilityModifier="4";
+ LandClaimOfflineDurabilityModifier="4";
+ PartySharedKillRange="100";
+ AirDropFrequency="72";
+ AirDropMarker="false";
+ MaxSpawnedZombies="60";
+ MaxSpawnedAnimals="50";
+ EACEnabled="true";
+ HideCommandExecutionLog="0";
+ MaxUncoveredMapChunksPerPlayer="131072";
+ BedrollDeadZoneSize="15";
+ ServerLoginConfirmationText="Prout";
+ };
+ gameConfig = builtins.toFile "serverconfig.xml" ''
+
+
+ ${concatStrings (
+ mapAttrsToList (name: value:
+ " \n"
+ ) gameOptions)}
+
+ '';
+in
+{
+ options.services.sdtdserver = {
+ enable = mkEnableOption "Activation du serveur dédié 7 Days to Die";
+ };
+
+ config = mkIf cfg.enable {
+
+ systemd.services.sdtdserver = {
+ description = "Serveur dédié 7 Days to Die";
+ requires = ["network-online.target"];
+ wantedBy = ["multi-user.target"];
+ environment = { HOME = gamePath; };
+ serviceConfig = {
+ DynamicUser = true;
+ StateDirectory = "sdtdserver";
+ };
+ preStart = let
+ libPath = with pkgs; lib.makeLibraryPath [
+ stdenv.cc.cc.lib
+ ];
+ in ''
+ ${pkgs.steamcmd}/bin/steamcmd +login anonymous +force_install_dir ${gamePath} +app_update 294420 validate +quit
+ install -m666 ${gameConfig} ${gamePath}/serverconfig.xml
+ '';
+ script = ''
+ ${pkgs.steam-run}/bin/steam-run ${gamePath}/7DaysToDieServer.x86_64 -quit -batchmode -nographics -dedicated -configfile=serverconfig.xml
+ '';
+ };
+
+ networking.firewall = {
+ allowedTCPPorts = [ 26900 ];
+ allowedUDPPorts = [ 26900 26901 26902 ];
+ };
+
+ };
+
+}
diff --git a/services/site-max.nix b/services/site-max.nix
new file mode 100644
index 0000000..da900b1
--- /dev/null
+++ b/services/site-max.nix
@@ -0,0 +1,42 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.services.site-max;
+in
+{
+ options.services.site-max = {
+ enable = mkEnableOption "Site Max Spiegel";
+
+ port = mkOption {
+ type = types.int;
+ example = 54321;
+ description = "Local listening port";
+ };
+
+ domaine = mkOption {
+ type = types.str;
+ example = "example.com";
+ description = "Domaine à utiliser";
+ };
+ };
+
+ config = mkIf cfg.enable {
+
+ services.haproxy-acme.services = {
+ ${cfg.domaine} = { ip = "127.0.0.1"; port = cfg.port; auth = false; };
+ };
+
+ services.nginx = {
+ virtualHosts = {
+ "max" = {
+ listen = [ { addr = "127.0.0.1"; port = cfg.port; } ];
+ locations."/" = {
+ root = "/run/python-ci/nyanloutre/site-max";
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/services/site-musique.nix b/services/site-musique.nix
new file mode 100644
index 0000000..62cee74
--- /dev/null
+++ b/services/site-musique.nix
@@ -0,0 +1,66 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.services.site-musique;
+in
+{
+ options.services.site-musique = {
+ enable = mkEnableOption "Site musique";
+
+ port = mkOption {
+ type = types.int;
+ example = 54321;
+ description = "Local listening port";
+ };
+
+ domaine = mkOption {
+ type = types.str;
+ example = "example.com";
+ description = "Domaine à utiliser";
+ };
+ };
+
+ config = mkIf cfg.enable {
+
+ services.haproxy-acme.services = {
+ ${cfg.domaine} = { ip = "127.0.0.1"; port = cfg.port; auth = false; };
+ };
+
+ services.nginx.virtualHosts = {
+ "musique" = {
+ listen = [ { addr = "127.0.0.1"; port = cfg.port; } ];
+ locations."/" = {
+ root = "/run/python-ci/nyanloutre/site-musique";
+ index = "index.php";
+ extraConfig = ''
+ location ~* \.php$ {
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ fastcgi_pass unix:/run/phpfpm/musique;
+ include ${pkgs.nginx}/conf/fastcgi_params;
+ include ${pkgs.nginx}/conf/fastcgi.conf;
+ }
+ '';
+ };
+ };
+ };
+
+ services.phpfpm.poolConfigs.musique = ''
+ listen = /run/phpfpm/musique
+ listen.owner = nginx
+ listen.group = nginx
+ listen.mode = 0660
+ user = nginx
+ pm = dynamic
+ pm.max_children = 75
+ pm.start_servers = 2
+ pm.min_spare_servers = 1
+ pm.max_spare_servers = 20
+ pm.max_requests = 500
+ php_admin_value[error_log] = 'stderr'
+ php_admin_flag[log_errors] = on
+ catch_workers_output = yes
+ '';
+ };
+}
diff --git a/systems/ASUS-G46VW/configuration.nix b/systems/ASUS-G46VW/configuration.nix
index 4ae46d8..4dba9dc 100644
--- a/systems/ASUS-G46VW/configuration.nix
+++ b/systems/ASUS-G46VW/configuration.nix
@@ -5,12 +5,17 @@
{ config, pkgs, ... }:
{
- imports = [
- ../common-cli.nix
- ../common-gui.nix
- ./hardware-configuration.nix
+ imports =
+ [
+ ../common.nix
+ ./hardware-configuration.nix
+ ];
+
+ nixpkgs.overlays = [
+ (import ../../overlays/ledger-udev-rules.nix)
];
+ # Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.tmpOnTmpfs = true;
@@ -24,11 +29,128 @@
ENERGY_PERF_POLICY_ON_BAT=powersave
'';
- networking.hostName = "rog-paul";
+ # NVIDIA
+ services.xserver.videoDrivers = [ "nvidia" ];
+ hardware.nvidia.optimus_prime.enable = true;
+ hardware.nvidia.modesetting.enable = true;
+ hardware.nvidia.optimus_prime.nvidiaBusId = "PCI:1:0:0";
+ hardware.nvidia.optimus_prime.intelBusId = "PCI:0:2:0";
+
+ # For Steam
+ hardware.opengl.driSupport32Bit = true;
+ hardware.pulseaudio.support32Bit = true;
+ hardware.steam-hardware.enable = true;
+
+ hardware.u2f.enable = true;
+
+ services.udev.packages = with pkgs; [
+ ledger-udev-rules
+ ];
+
+ networking.hostName = "rog-paul"; # Define your hostname.
+ networking.networkmanager.enable = true; # Enables wireless support via wpa_supplicant.
+
+ # Select internationalisation properties.
+ i18n = {
+ # consoleFont = "Lat2-Terminus16";
+ consoleKeyMap = "fr";
+ defaultLocale = "fr_FR.UTF-8";
+ };
+
+ # List packages installed in system profile. To search by name, run:
+ # $ nix-env -qaP | grep wget
+ nixpkgs.config.allowUnfree = true;
+ environment.systemPackages = with pkgs; [
+ filezilla
+ wineStaging
+ winetricks
+ qbittorrent
+ transmission-remote-gtk
+ appimage-run
+ bat
+
+ gopass
+ xclip
+
+ electrum
+ electron-cash
+
+ firefox
+ torbrowser
+ chromium
+ qutebrowser
+
+ tdesktop
+ mumble
+
+ kleopatra
+ gnupg
+
+ kdeplasma-addons
+ ark
+ kate
+ kmail
+ kdeconnect
+ okular
+ yakuake
+ konversation
+ gwenview
+ kcalc
+ spectacle
+ kile
+ (texlive.combine {
+ inherit (texlive) scheme-small titling collection-langfrench cm-super;
+ })
+ imagemagick
+
+ gnome-breeze
+ arc-theme
+ materia-theme
+
+ libreoffice
+ gimp
+ vlc
+ kodiPlain
+ mpv
+
+ steam
+ sc-controller
+ steam-run
+ minecraft
+
+ glxinfo
+ i7z
+ obs-studio
+ ];
programs.wireshark.enable = true;
programs.wireshark.package = pkgs.wireshark;
+ # Some programs need SUID wrappers, can be configured further or are
+ # started in user sessions.
+ # programs.bash.enableCompletion = true;
+ # programs.mtr.enable = true;
+ programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
+ programs.browserpass.enable = true;
+ services.pcscd.enable = true;
+ services.pcscd.plugins = [
+ (pkgs.ccid.overrideAttrs (oldAttrs: rec {
+ preBuild = ''
+ echo "0x2C97:0x0001:Ledger Token" >> ./readers/supported_readers.txt
+ '';
+ })
+ )
+ ];
+
+ # List services that you want to enable:
+
+ # Enable the OpenSSH daemon.
+ # services.openssh.enable = true;
+
+ # Open ports in the firewall.
+ # networking.firewall.allowedTCPPorts = [ 8000 ];
+ # networking.firewall.allowedUDPPorts = [ ];
+ # Or disable the firewall altogether.
networking.firewall.enable = false;
networking.wireguard.interfaces = {
@@ -46,34 +168,42 @@
};
};
+ # Enable CUPS to print documents.
services.printing.enable = true;
services.printing.drivers = [ pkgs.hplip ];
+ # Enable sound.
+ sound.enable = true;
+ hardware.pulseaudio.enable = true;
+
+ # Enable the X11 windowing system.
+ services.xserver.enable = true;
+ services.xserver.layout = "fr";
+ # services.xserver.xkbOptions = "eurosign:e";
+
+ # Enable touchpad support.
services.xserver.libinput.enable = true;
services.xserver.libinput.naturalScrolling = true;
+ # Enable the KDE Desktop Environment.
+ services.xserver.displayManager.sddm.enable = true;
+ services.xserver.desktopManager.plasma5.enable = true;
+
+ # Define a user account. Don't forget to set a password with ‘passwd’.
users.extraUsers.paul = {
isNormalUser = true;
uid = 1000;
- extraGroups = [
- "wheel"
- "networkmanager"
- "wireshark"
- "dialout"
- ];
+ extraGroups = [ "wheel" "networkmanager" "wireshark" ];
};
services.syncthing.enable = true;
services.syncthing.user = "paul";
services.syncthing.group = "users";
- services.redshift = {
- enable = true;
- temperature.night = 2700;
- };
-
- location.latitude = 48.573406;
- location.longitude = 7.752111;
-
+ # This value determines the NixOS release with which your system is to be
+ # compatible, in order to avoid breaking some software such as database
+ # servers. You should change this only after NixOS release notes say you
+ # should.
system.stateVersion = "18.03"; # Did you read the comment?
+
}
diff --git a/systems/ASUS-G46VW/hardware-configuration.nix b/systems/ASUS-G46VW/hardware-configuration.nix
index e1590ef..4394c6b 100644
--- a/systems/ASUS-G46VW/hardware-configuration.nix
+++ b/systems/ASUS-G46VW/hardware-configuration.nix
@@ -1,48 +1,30 @@
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
-{
- config,
- lib,
- pkgs,
- ...
-}:
+{ config, lib, pkgs, ... }:
{
- imports = [
-
- ];
+ imports =
+ [
+ ];
- boot.initrd.availableKernelModules = [
- "xhci_pci"
- "ehci_pci"
- "ahci"
- "usb_storage"
- "sd_mod"
- ];
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
- # NVIDIA
- services.xserver.videoDrivers = [ "nvidia" ];
- hardware.nvidia.optimus_prime.enable = true;
- hardware.nvidia.modesetting.enable = true;
- hardware.nvidia.optimus_prime.nvidiaBusId = "PCI:1:0:0";
- hardware.nvidia.optimus_prime.intelBusId = "PCI:0:2:0";
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/7bd3a09b-b188-4ce7-bdcc-d5c5087edc86";
+ fsType = "ext4";
+ };
- fileSystems."/" = {
- device = "/dev/disk/by-uuid/7bd3a09b-b188-4ce7-bdcc-d5c5087edc86";
- fsType = "ext4";
- };
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/A25A-1786";
+ fsType = "vfat";
+ };
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/A25A-1786";
- fsType = "vfat";
- };
-
- swapDevices = [
- { device = "/dev/disk/by-uuid/156cd5e8-715c-48a5-9df4-14565227a6c9"; }
- ];
+ swapDevices =
+ [ { device = "/dev/disk/by-uuid/156cd5e8-715c-48a5-9df4-14565227a6c9"; }
+ ];
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix
index 2e49dde..b65f167 100644
--- a/systems/LoutreOS/configuration.nix
+++ b/systems/LoutreOS/configuration.nix
@@ -1,24 +1,21 @@
-{
- config,
- pkgs,
- inputs,
- ...
-}:
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+{ config, pkgs, ... }:
+
+let
+ gitRev = "baee8283bb858602e6b8d9c4763f11f79d4ac813";
+ nixpkgs = fetchTarball "https://github.com/nyanloutre/nixpkgs/archive/${gitRev}.tar.gz";
+in
{
imports = [
- ../common-cli.nix
+ ../common.nix
./hardware-configuration.nix
- ./network.nix
./users.nix
./services.nix
];
- nix.settings.trusted-users = [
- "root"
- "paul"
- ];
-
boot = {
loader = {
systemd-boot.enable = true;
@@ -27,43 +24,40 @@
supportedFilesystems = [ "zfs" ];
- tmp.useTmpfs = true;
-
- # Enabling both boot.enableContainers & virtualisation.containers on system.stateVersion < 22.05 is unsupported
- enableContainers = false;
+ tmpOnTmpfs = true;
};
- documentation.nixos.enable = false;
+ nix.nixPath = [
+ "nixpkgs=${nixpkgs}"
+ "nixos-config=/etc/nixos/configuration.nix"
+ ];
services.zfs = {
autoSnapshot.enable = true;
- autoScrub = {
- enable = true;
- interval = "monthly";
- };
+ autoScrub.enable = true;
};
+ networking = {
+ hostName = "loutreos"; # Define your hostname.
+ hostId = "7e66e347";
+ };
+
+ nixpkgs.overlays = [
+ (import ../../overlays/riot-web.nix)
+ ];
+
services.openssh = {
enable = true;
- settings = {
- PermitRootLogin = "no";
- PasswordAuthentication = false;
- X11Forwarding = true;
- };
+ permitRootLogin = "no";
+ passwordAuthentication = false;
};
- users = {
- groups.autossh = { };
- users.autossh = {
- home = "/home/autossh";
- createHome = true;
- group = "autossh";
- isSystemUser = true;
- };
+ networking.firewall = {
+ allowedTCPPorts = [ ];
+ allowedUDPPorts = [ ];
+ enable = true;
};
- virtualisation.podman.enable = true;
-
security.sudo.wheelNeedsPassword = false;
system.stateVersion = "18.03";
diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix
index 5421ad0..a093111 100644
--- a/systems/LoutreOS/hardware-configuration.nix
+++ b/systems/LoutreOS/hardware-configuration.nix
@@ -1,203 +1,155 @@
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
-{
- config,
- lib,
- pkgs,
- ...
-}:
+{ config, lib, pkgs, ... }:
{
- boot.initrd.availableKernelModules = [
- "ahci"
- "xhci_pci"
- "nvme"
- "usbhid"
- "usb_storage"
- "sd_mod"
- "sr_mod"
- ];
+ imports =
+ [
+ ];
+
+ boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
- fileSystems."/" = {
- device = "/dev/disk/by-uuid/fec13566-5528-4859-b185-ce37ac2665eb";
- fsType = "ext4";
- };
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/fec13566-5528-4859-b185-ce37ac2665eb";
+ fsType = "ext4";
+ };
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/5306-AD9A";
- fsType = "vfat";
- };
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/5306-AD9A";
+ fsType = "vfat";
+ };
- fileSystems."/var/lib/acme" = {
- device = "loutrepool/var/acme";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/acme" =
+ { device = "loutrepool/var/acme";
+ fsType = "zfs";
+ };
- fileSystems."/var/certs" = {
- device = "loutrepool/var/certs";
- fsType = "zfs";
- };
+ fileSystems."/var/certs" =
+ { device = "loutrepool/var/certs";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/transmission" = {
- device = "loutrepool/var/transmission";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/transmission" =
+ { device = "loutrepool/var/transmission";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/matrix-synapse" = {
- device = "loutrepool/var/matrix-synapse";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/matrix-synapse" =
+ { device = "loutrepool/var/matrix-synapse";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/radarr" = {
- device = "loutrepool/var/radarr";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/radarr" =
+ { device = "loutrepool/var/radarr";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/grafana" = {
- device = "loutrepool/var/grafana";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/grafana" =
+ { device = "loutrepool/var/grafana";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/slimserver" = {
- device = "loutrepool/var/slimserver";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/slimserver" =
+ { device = "loutrepool/var/slimserver";
+ fsType = "zfs";
+ };
- fileSystems."/var/db/influxdb" = {
- device = "loutrepool/var/influxdb";
- fsType = "zfs";
- };
+ fileSystems."/var/db/influxdb" =
+ { device = "loutrepool/var/influxdb";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/postgresql" = {
- device = "loutrepool/var/postgresql";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/postgresql" =
+ { device = "loutrepool/var/postgresql";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/syncthing" = {
- device = "loutrepool/var/syncthing";
- fsType = "zfs";
- };
+ fileSystems."/exports/steam" =
+ { device = "loutrepool/steam";
+ fsType = "zfs";
+ };
- fileSystems."/mnt/medias/incomplete" = {
- device = "loutrepool/torrent-dl";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/emby/ProgramData-Server" =
+ { device = "loutrepool/var/emby";
+ fsType = "zfs";
+ };
- fileSystems."/mnt/medias" = {
- device = "loutrepool/medias";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/syncthing" =
+ { device = "loutrepool/var/syncthing";
+ fsType = "zfs";
+ };
- fileSystems."/var/sieve" = {
- device = "loutrepool/var/sieve";
- fsType = "zfs";
- };
+ fileSystems."/mnt/medias" =
+ { device = "loutrepool/medias";
+ fsType = "zfs";
+ };
- fileSystems."/var/vmail" = {
- device = "loutrepool/var/vmail";
- fsType = "zfs";
- };
+ fileSystems."/var/sieve" =
+ { device = "loutrepool/var/sieve";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/sonarr" = {
- device = "loutrepool/var/sonarr";
- fsType = "zfs";
- };
+ fileSystems."/var/vmail" =
+ { device = "loutrepool/var/vmail";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/jackett" = {
- device = "loutrepool/var/jackett";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/sonarr" =
+ { device = "loutrepool/var/sonarr";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/gitea" = {
- device = "loutrepool/var/gitea";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/jackett" =
+ { device = "loutrepool/var/jackett";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/private/sdtdserver" = {
- device = "loutrepool/var/sdtdserver";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/gitea" =
+ { device = "loutrepool/var/gitea";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/private/factorio" = {
- device = "loutrepool/var/factorio";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/private/sdtdserver" =
+ { device = "loutrepool/var/sdtdserver";
+ fsType = "zfs";
+ };
- fileSystems."/var/dkim" = {
- device = "loutrepool/var/dkim";
- fsType = "zfs";
- };
+ fileSystems."/var/dkim" =
+ { device = "loutrepool/var/dkim";
+ fsType = "zfs";
+ };
- fileSystems."/var/vsftpd" = {
- device = "loutrepool/var/vsftpd";
- fsType = "zfs";
- };
+ fileSystems."/var/vsftpd" =
+ { device = "loutrepool/var/vsftpd";
+ fsType = "zfs";
+ };
- # fileSystems."/mnt/backup" =
- # { device = "backup";
- # fsType = "zfs";
- # };
+ fileSystems."/mnt/backup" =
+ { device = "backup";
+ fsType = "zfs";
+ };
- fileSystems."/mnt/backup_loutre" = {
- device = "loutrepool/backup";
- fsType = "zfs";
- };
+ fileSystems."/mnt/backup_loutre" =
+ { device = "loutrepool/backup";
+ fsType = "zfs";
+ };
- fileSystems."/mnt/secrets" = {
- device = "loutrepool/secrets";
- fsType = "zfs";
- };
+ fileSystems."/mnt/secrets" =
+ { device = "loutrepool/secrets";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/minecraft" = {
- device = "loutrepool/var/minecraft";
- fsType = "zfs";
- };
+ swapDevices =
+ [
+ {
+ device = "/var/swapfile";
+ size = 8096;
+ }
+ ];
- fileSystems."/var/www" = {
- device = "loutrepool/var/www";
- fsType = "zfs";
- };
-
- fileSystems."/var/lib/mastodon" = {
- device = "loutrepool/var/mastodon";
- fsType = "zfs";
- };
-
- fileSystems."/var/lib/hass" = {
- device = "loutrepool/var/hass";
- fsType = "zfs";
- };
-
- fileSystems."/var/lib/nextcloud" = {
- device = "loutrepool/var/nextcloud";
- fsType = "zfs";
- };
-
- fileSystems."/var/lib/private/photoprism" = {
- device = "loutrepool/var/photoprism";
- fsType = "zfs";
- };
-
- fileSystems."/mnt/paul-home" = {
- device = "loutrepool/zfs-replicate/paul-fixe/fastaf/home";
- fsType = "zfs";
- };
-
- fileSystems."/mnt/webdav" = {
- device = "loutrepool/webdav";
- fsType = "zfs";
- };
-
- swapDevices = [
- {
- device = "/var/swapfile";
- size = 8096;
- }
- ];
-
- nix.settings.max-jobs = lib.mkDefault 4;
+ nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}
diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix
deleted file mode 100644
index f8a5a55..0000000
--- a/systems/LoutreOS/medias.nix
+++ /dev/null
@@ -1,48 +0,0 @@
-{
- config,
- lib,
- pkgs,
- pkgs-4a3fc4cf7,
- ...
-}:
-
-{
- services = {
- transmission = {
- enable = true;
- package = pkgs-4a3fc4cf7.transmission_4;
- home = "/var/lib/transmission";
- group = "medias";
- settings = {
- rpc-bind-address = "127.0.0.1";
- rpc-port = 9091;
- rpc-host-whitelist = "*";
- rpc-whitelist-enabled = false;
- peer-port = 51413;
- incomplete-dir = "/mnt/medias/incomplete";
- download-dir = "/mnt/medias/torrent";
- };
- };
-
- radarr.enable = true;
- sonarr.enable = true;
- prowlarr.enable = true;
- jellyfin.enable = true;
- slimserver.enable = true;
- };
-
- systemd.services.transmission.serviceConfig = {
- BindPaths = [ "/mnt/medias" ];
- LimitNOFILE = 1048576;
- };
-
- networking = {
- firewall.allowedTCPPorts = [
- config.services.transmission.settings.peer-port
- ];
-
- firewall.allowedUDPPorts = [
- config.services.transmission.settings.peer-port
- ];
- };
-}
diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix
deleted file mode 100644
index f25843a..0000000
--- a/systems/LoutreOS/monitoring.nix
+++ /dev/null
@@ -1,155 +0,0 @@
-{
- pkgs,
- ...
-}:
-
-let
- domaine = "nyanlout.re";
-in
-{
- services = {
- smartd = {
- enable = true;
- defaults.monitored = "-a -o on -s (S/../.././02|L/../15/./02)";
- notifications.mail = {
- enable = true;
- recipient = "paul@nyanlout.re";
- };
- };
-
- influxdb = {
- enable = true;
- dataDir = "/var/db/influxdb";
- };
-
- telegraf = {
- enable = true;
- extraConfig = {
- agent = {
- # Mitigation for periodic high load average
- # https://github.com/influxdata/telegraf/issues/3465
- collection_jitter = "5s";
- };
- inputs = {
- zfs = {
- poolMetrics = true;
- };
- net = { };
- netstat = { };
- cpu = {
- totalcpu = true;
- };
- kernel = { };
- mem = { };
- processes = { };
- system = { };
- disk = { };
- cgroup = [
- {
- paths = [
- "/sys/fs/cgroup/system.slice/*"
- ];
- files = [
- "memory.current"
- "cpu.stat"
- ];
- }
- ];
- ipmi_sensor = {
- path = "${pkgs.ipmitool}/bin/ipmitool";
- };
- smart = {
- path = "${pkgs.writeShellScriptBin "smartctl" "/run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl $@"}/bin/smartctl";
- };
- exec = [
- {
- commands = [
- "${pkgs.python3}/bin/python ${pkgs.writeText "zpool.py" ''
- import json
- from subprocess import check_output
-
- columns = ["NAME", "SIZE", "ALLOC", "FREE", "CKPOINT", "EXPANDSZ", "FRAG", "CAP", "DEDUP", "HEALTH", "ALTROOT"]
- health = {'ONLINE':0, 'DEGRADED':11, 'OFFLINE':21, 'UNAVAIL':22, 'FAULTED':23, 'REMOVED':24}
-
- stdout = check_output(["${pkgs.zfs}/bin/zpool", "list", "-Hp"],encoding='UTF-8').split('\n')
- parsed_stdout = list(map(lambda x: dict(zip(columns,x.split('\t'))), stdout))[:-1]
-
- for pool in parsed_stdout:
- for item in pool:
- if item in ["SIZE", "ALLOC", "FREE", "FRAG", "CAP"]:
- pool[item] = int(pool[item])
- if item in ["DEDUP"]:
- pool[item] = float(pool[item])
- if item == "HEALTH":
- pool[item] = health[pool[item]]
-
- print(json.dumps(parsed_stdout))
- ''}"
- ];
- tag_keys = [ "NAME" ];
- data_format = "json";
- name_suffix = "_python_zpool";
- }
- ];
- };
- outputs = {
- influxdb = {
- database = "telegraf";
- urls = [ "http://localhost:8086" ];
- };
- };
- };
- };
-
- udev.extraRules = ''
- KERNEL=="ipmi*", MODE="660", OWNER="telegraf"
- '';
-
- grafana = {
- enable = true;
- dataDir = "/var/lib/grafana";
- settings = {
- server = {
- http_addr = "127.0.0.1";
- root_url = "https://grafana.${domaine}";
- };
- smtp = {
- enabled = true;
- from_address = "grafana@${domaine}";
- skip_verify = true;
- };
- auth = {
- disable_signout_menu = true;
- };
- "auth.basic" = {
- enabled = false;
- };
- "auth.proxy" = {
- enabled = true;
- header_name = "X-WEBAUTH-USER";
- };
- };
- };
-
- zfs.zed.settings = {
- ZED_EMAIL_ADDR = [ "paul@nyanlout.re" ];
- ZED_NOTIFY_VERBOSE = true;
- };
- };
-
- systemd.services.influxdb.serviceConfig = {
- TimeoutStartSec = "10min";
- };
-
- security.sudo.extraRules = [
- {
- commands = [
- {
- command = "${pkgs.smartmontools}/bin/smartctl";
- options = [ "NOPASSWD" ];
- }
- ];
- users = [ "telegraf" ];
- }
- ];
-}
diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix
deleted file mode 100644
index 80ae72a..0000000
--- a/systems/LoutreOS/network.nix
+++ /dev/null
@@ -1,391 +0,0 @@
-{
- config,
- pkgs,
- inputs,
- ...
-}:
-
-{
- boot = {
- kernel.sysctl = {
- "net.ipv6.conf.all.forwarding" = true;
- "net.ipv6.conf.default.forwarding" = true;
- "net.ipv4.conf.all.forwarding" = true;
- "net.ipv4.conf.default.forwarding" = true;
- };
- };
-
- # Enable LTE drivers
- hardware.usb-modeswitch.enable = true;
-
- ##################
- # NETWORK CONFIG #
- ##################
-
- # eno1 -> VLAN100 -> Internet
- # eno2 -> LAN
- # eno3 -> Pas utilisé
- # eno4 -> Pas utilisé
- # enp0s21u1 -> Clé 4G Bouygues
- # wg0 -> Tunnel Wireguard ARN
-
- networking = {
- hostName = "loutreos"; # Define your hostname.
- hostId = "7e66e347";
-
- useNetworkd = true;
- useDHCP = false;
-
- nameservers = [
- # https://www.dns0.eu/fr
- "193.110.81.0"
- "185.253.5.0"
- ];
-
- vlans = {
- bouygues = {
- id = 100;
- interface = "eno1";
- };
- };
-
- interfaces = {
- bouygues = {
- # Adresse MAC BBox : https://lafibre.info/remplacer-bbox/informations-de-connexion-ftth/msg598303/#msg598303
- macAddress = "E8:AD:A6:21:73:68";
- useDHCP = true;
- };
- eno2 = {
- ipv4.addresses = [
- {
- address = "10.30.0.1";
- prefixLength = 16;
- }
- ];
- };
- enp0s21u1.useDHCP = true;
- };
-
- nftables = {
- enable = true;
- flushRuleset = false;
- tables = {
- "multi-wan-routing" = {
- family = "inet";
- content = ''
- chain PREROUTING {
- type filter hook prerouting priority mangle; policy accept;
- # Restore the packet's CONNMARK to the MARK for existing incoming connections
- counter meta mark set ct mark
- # If packet MARK is set, then it means that there is already a connection mark
- meta mark != 0x00000000 counter accept
- # Else, we need to mark the packet.
- # If the packet is incoming on bouygues then set MARK to 1, LTE MARK 2 and VPN MARK 3
- iifname "bouygues" counter meta mark set 0x1
- iifname "enp0s21u1" counter meta mark set 0x2
- iifname "wg0" counter meta mark set 0x3
- # Save new mark in CONNMARK
- counter ct mark set mark
- }
-
- chain OUTPUT {
- type route hook output priority mangle; policy accept;
- # Restore CONNMARK to MARK for outgoing packets before final routing decision
- counter meta mark set ct mark
- }
-
- chain POSTROUTING {
- type filter hook postrouting priority mangle; policy accept;
- # Save MARK to CONNMARK
- counter ct mark set mark
- }
- '';
- };
-
- "redirect-external-to-local" = {
- family = "ip";
- content = ''
- chain PREROUTING {
- type nat hook prerouting priority dstnat; policy accept;
- # Redirect local network request from server external IP to internal IP
- # This allow access to server without internet access
- ip saddr 10.30.0.0/16 ip daddr 176.180.172.105 counter dnat to 10.30.0.1
- }
- '';
- };
- };
- };
-
- firewall = {
- enable = true;
- allowedTCPPorts = [
- 80
- 443
- ];
- allowedUDPPorts = [ ];
-
- # Open ports on local netwok only
- interfaces.eno2 = {
- allowedTCPPorts = [
- 111
- 2049
- 4000
- 4001
- 4002 # NFS
- 3483
- 9000
- 9090 # Slimserver
- 1935 # RTMP
- ];
- allowedUDPPorts = [
- 111
- 2049
- 4000
- 4001
- 4002 # NFS
- 3483 # Slimserver
- 67 # DHCP
- ];
- };
-
- # Don't forward incoming IPv6 requests to local network
- filterForward = true;
- extraForwardRules = ''
- # Forward all IPv6 traffic from local network
- iifname "eno2" counter accept
- '';
- };
- };
-
- systemd.services.systemd-networkd = {
- unitConfig = {
- RequiresMountsFor = "/mnt/secrets/wireguard";
- };
- serviceConfig = {
- LoadCredential = [
- "network.wireguard.private.wg0:/mnt/secrets/wireguard/wireguard.private"
- "network.wireguard.preshared.wg0:/mnt/secrets/wireguard/wireguard.preshared"
- ];
- };
- };
-
- #################
- # ROUTING RULES #
- #################
-
- # 0: from all lookup local
- # 60: from all iif lo dport 25 lookup vpn # mails are forced to vpn table
- # 32766: from all lookup main # main table should contain no default routes, only local network routes
- # 32767: from all lookup default
- # 41000: from all fwmark 0x1 lookup fiber # fwmark indicate established connection that must go through same interface
- # 42000: from all fwmark 0x2 lookup lte
- # 43000: from all fwmark 0x3 lookup vpn
- # 51000: from all lookup fiber # first table encountered with a default route if fiber is up
- # 52000: from all lookup lte # first table encountered with a default route if fiber is down
-
- systemd.network =
- let
- routeTables = {
- fiber = 1;
- lte = 2;
- vpn = 3;
- };
- in
- {
- enable = true;
-
- config = {
- inherit routeTables;
- addRouteTablesToIPRoute2 = true;
- };
-
- # Wireguard ARN device configuation
- netdevs = {
- "10-wg0" = {
- netdevConfig = {
- Kind = "wireguard";
- Name = "wg0";
- MTUBytes = "1450";
- };
- wireguardConfig = {
- PrivateKey = "@network.wireguard.private.wg0";
- RouteTable = routeTables.vpn;
- };
- wireguardPeers = [
- {
- Endpoint = "89.234.141.83:8095";
- PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g=";
- PresharedKey = "@network.wireguard.preshared.wg0";
- AllowedIPs = [
- "0.0.0.0/0"
- "::/0"
- ];
- PersistentKeepalive = 15;
- }
- ];
- };
- };
-
- networks = {
- #########
- # FIBER #
- #########
-
- # Set route metric to highest priority
- # Set DHCP client magic settings for Bouygues
- "40-bouygues" = {
- dhcpV4Config.RouteTable = routeTables.fiber;
-
- dhcpV6Config = {
- DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68";
- WithoutRA = "solicit";
- };
-
- ipv6AcceptRAConfig = {
- DHCPv6Client = true;
- RouteTable = routeTables.fiber;
- };
-
- networkConfig = {
- KeepConfiguration = "dhcp-on-stop";
- IPv6AcceptRA = true;
- DHCPPrefixDelegation = true;
- };
-
- # Static attribution of first IPv6 subnet
- dhcpPrefixDelegationConfig.SubnetId = "0";
-
- # Route everything to fiber link with a priority of 40000
- routingPolicyRules = [
- {
- FirewallMark = 1;
- Table = routeTables.fiber;
- Priority = 41000;
- Family = "both";
- }
- {
- Table = routeTables.fiber;
- Priority = 51000;
- Family = "both";
- }
- ];
- };
-
- # Don't check VLAN physical interface as it is not directly used
- "40-eno1".linkConfig.RequiredForOnline = "no";
-
- #######
- # LTE #
- #######
-
- # Set LTE route to lower priority
- "40-enp0s21u1" = {
- dhcpV4Config.RouteTable = routeTables.lte;
-
- # Route all to lte link with a priority of 50000
- routingPolicyRules = [
- {
- FirewallMark = 2;
- Table = routeTables.lte;
- Priority = 42000;
- Family = "both";
- }
- {
- Table = routeTables.lte;
- Priority = 52000;
- Family = "both";
- }
- ];
- };
-
- #######
- # VPN #
- #######
-
- # Wireguard ARN network configuation
- "10-wg0" = {
- matchConfig.Name = "wg0";
- address = [
- "89.234.141.196/32"
- "2a00:5881:8119:400::1/128"
- ];
- routingPolicyRules = [
- # Route outgoing emails to VPN table
- {
- IncomingInterface = "lo";
- DestinationPort = "25";
- Table = routeTables.vpn;
- Priority = 60;
- Family = "both";
- }
- # Route packets originating from wg0 device to VPN table
- # Allow server to respond on the wg0 interface requests
- {
- FirewallMark = 3;
- Table = routeTables.vpn;
- Priority = 43000;
- Family = "both";
- }
- ];
- };
-
- #######
- # LAN #
- #######
-
- # LAN DHCP server config
- "40-eno2" = {
- networkConfig = {
- IPv6SendRA = true;
- DHCPPrefixDelegation = true;
- DHCPServer = true;
- IPMasquerade = "ipv4";
- };
- dhcpServerConfig = {
- EmitRouter = true;
- EmitDNS = true;
- DNS = [
- # https://www.dns0.eu/fr
- "193.110.81.0"
- "185.253.5.0"
- ];
- };
- dhcpServerStaticLeases = [
- # IPMI
- {
- Address = "10.30.1.1";
- MACAddress = "ac:1f:6b:4b:01:15";
- }
- # paul-fixe
- {
- Address = "10.30.50.1";
- MACAddress = "b4:2e:99:ed:24:26";
- }
- # salonled
- {
- Address = "10.30.40.1";
- MACAddress = "e0:98:06:85:e9:ce";
- }
- # miroir-bleu
- {
- Address = "10.30.40.2";
- MACAddress = "e0:98:06:86:38:fc";
- }
- # miroir-orange
- {
- Address = "10.30.40.3";
- MACAddress = "50:02:91:78:be:be";
- }
- ];
- ipv6SendRAConfig = {
- EmitDNS = true;
- DNS = [
- # https://www.dns0.eu/fr
- "2a0f:fc80::"
- "2a0f:fc81::"
- ];
- };
- };
- };
- };
-}
diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix
index 967130c..f246a1e 100644
--- a/systems/LoutreOS/services.nix
+++ b/systems/LoutreOS/services.nix
@@ -1,145 +1,310 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
+{ config, lib, pkgs, ... }:
with lib;
let
domaine = "nyanlout.re";
- sendMail =
- to: subject: message:
- pkgs.writeShellScriptBin "mail.sh" ''
- ${pkgs.system-sendmail}/bin/sendmail ${to} <> ./readers/supported_readers.txt
+ '';
+ })
+ )
+ ];
networking.firewall.enable = false;
- services.displayManager.autoLogin.user = "paul";
+ # Enable sound.
+ sound.enable = true;
+ hardware.pulseaudio.enable = true;
+ # Enable the X11 windowing system.
+ services.xserver.enable = true;
+ services.xserver.layout = "fr";
+
+ # Enable the KDE Desktop Environment.
+ services.xserver.displayManager.sddm.enable = true;
+ services.xserver.desktopManager.plasma5.enable = true;
+
+ # Define a user account. Don't forget to set a password with ‘passwd’.
users.users.paul = {
isNormalUser = true;
- extraGroups = [
- "wheel"
- "networkmanager"
- "wireshark"
- "input"
- "dialout"
- "libvirtd"
- "vboxusers"
- ];
+ extraGroups = [ "wheel" "networkmanager" "wireshark" "input" ];
uid = 1000;
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDstFRwMoTEip5IBSYE4dUj3miO0LsKrnUKQJmp7d5QYo3VhXk43jU6VUU0tVAegkzWLlQ3ohoFns+8bZyf7hj7roftrDfoC9bbbx4ihhWrZTlF0gzoH4t52yetFO5eC/tV2sm/zFoa+3IWLokOEFmAoknAVag1MmVLXTQ6WPoTPD4UsX/D3lyE4dbSKxHpMOIjqIdqSEgO0BeTdnHe5afvGXXO1VYTvPsGDHT9w8EHwQV9JXIPn7KVOp3qin7OwvFFrrB3QbiEVTJvGiH2hrfxcARTN/+TxGtf+aOFeuQykURG9Wz/aBK60EWE0wGrzuIymxtNdOR1NhmnNrUZ976Tb9WdR7FC+yM6+/kdfICy+sGQmmn8TLsGvcJTT/pl4Pa9uRAKjRJuLIEgYY6W/ms9lCRyf484yRkDlq+V0BPuN9Jy6Eb7x+tmZNkpEtkqso7wfXD8sf5BIwv2K69SVMpfTswydHGmDwHZ0zaDKGlyCiyJ1QGqUhCTXqtYVq+kQ3AcjKcysMwVEmwx/ySu0XFuV8oUkl9XK/RUoc++sMEd0EbHcn8uwCmBARNX+GLQ03vxwyMW3HyneP8EAxoqtSepZXbTdVP/0i+l7EUUeA7zsaWfU2a82ktZWpVPFGfxkuo0l3zLF19EsXPKZNqlRfkOWjSgp+qWihAkQIQk3GoduQ== openpgp:0x75EE3375"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3fEmkmrhccW8NegIk/Ubu6Yw80VCQ1ttG419e+1V1wkJPXFAqcIhffwrIlz81dJ47T+H+zeptpAX8U1Gbk1B5ZH4DW8OcqU6ymM+j6g/gICpvrjJUOpdgyA3GIOjuBJGijGQGggDw1k2SdopAVV1H38YUAJ33RGDvjLJO6VREYLDYLF4oaDp8ann7Wn8BpX2T7cRvhrzqcwbEGaw1f/xrLE5KklOb6pOHRWFJMxW83d8OKiLkQvM4vFGlvvG0/AKGZaZWHDXS7ldoyAv+vnN8DrIxmWEQjdNLfAwYDBHp6XqE0slde4dqBjVHji5+ajFr7eJnrzc4IXsHJ1jM9xGB paul@loutreos"
- ];
};
- services.openssh.enable = true;
- services.openssh.settings = {
- PasswordAuthentication = false;
- X11Forwarding = true;
- };
+ services.syncthing.enable = true;
+ services.syncthing.user = "paul";
+ services.syncthing.group = "users";
- services.xserver.deviceSection = ''
- Option "metamodes" "DP-4: 3440x1440_144 +0+0 {AllowGSYNCCompatible=On}"
- '';
+ virtualisation.rkt.enable = true;
- services.printing.enable = true;
- services.printing.drivers = [ pkgs.hplip ];
+ # This value determines the NixOS release with which your system is to be
+ # compatible, in order to avoid breaking some software such as database
+ # servers. You should change this only after NixOS release notes say you
+ # should.
+ system.stateVersion = "18.09"; # Did you read the comment?
- systemd.services = {
- zfs-replication.serviceConfig.StateDirectory = "zfs-replication";
- };
-
- boot.enableContainers = false;
- system.stateVersion = "20.03";
}
diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix
index 4768bab..eeebbd8 100644
--- a/systems/PC-Fixe/hardware-configuration.nix
+++ b/systems/PC-Fixe/hardware-configuration.nix
@@ -1,79 +1,66 @@
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
-{
- config,
- lib,
- pkgs,
- ...
-}:
+{ config, lib, pkgs, ... }:
{
- boot.initrd.availableKernelModules = [
- "nvme"
- "xhci_pci"
- "ahci"
- "usbhid"
- "usb_storage"
- "sd_mod"
- ];
- boot.initrd.kernelModules = [ "dm-snapshot" ];
- boot.kernelModules = [
- "kvm-amd"
- "coretemp"
- "it87"
- ];
- boot.extraModulePackages = [ ];
-
- services.xserver.videoDrivers = [ "nvidia" ];
- hardware.cpu.amd.updateMicrocode = true;
- hardware.nvidia = {
- open = false;
- modesetting.enable = true;
- package = config.boot.kernelPackages.nvidiaPackages.latest;
- };
-
- fileSystems."/" = {
- device = "rpool/root/nixos";
- fsType = "zfs";
- };
-
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/F4EC-57DF";
- fsType = "vfat";
- };
-
- fileSystems."/home" = {
- device = "fastaf/home";
- fsType = "zfs";
- };
-
- fileSystems."/mnt/steam" = {
- device = "fastaf/steam";
- fsType = "zfs";
- };
-
- fileSystems."/mnt/games" = {
- device = "fastaf/games";
- fsType = "zfs";
- };
-
- # fileSystems."/mnt/hdd" =
- # { device = "/dev/mapper/ManjaroVG-ManjaroRoot";
- # fsType = "ext4";
- # };
-
- fileSystems."/mnt/medias" = {
- device = "10.30.0.1:/mnt/medias";
- fsType = "nfs";
- options = [
- "x-systemd.automount"
- "noauto"
+ imports =
+ [
];
- };
+
+ boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "firewire_ohci" "pata_marvell" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
+ boot.kernelModules = [ "kvm-intel" "nct6775" ];
+ boot.extraModulePackages = [ ];
+ boot.blacklistedKernelModules = [ "hid-steam" ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/509a5842-56fe-40bd-8b00-6bda87e02e5e";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/A225-07A5";
+ fsType = "vfat";
+ };
+
+ fileSystems."/mnt/hdd" =
+ { device = "/dev/mapper/ManjaroVG-ManjaroRoot";
+ fsType = "ext4";
+ };
+
+ fileSystems."/home/paul/Documents" =
+ { device = "/mnt/hdd/paul/Documents";
+ options = [ "bind" ];
+ };
+
+ fileSystems."/home/paul/Downloads" =
+ { device = "/mnt/hdd/paul/Téléchargements";
+ options = [ "bind" ];
+ };
+
+ fileSystems."/home/paul/Music" =
+ { device = "/mnt/hdd/paul/Musique";
+ options = [ "bind" ];
+ };
+
+ fileSystems."/home/paul/Pictures" =
+ { device = "/mnt/hdd/paul/Images";
+ options = [ "bind" ];
+ };
+
+ fileSystems."/home/paul/Videos" =
+ { device = "/mnt/hdd/paul/Vidéos";
+ options = [ "bind" ];
+ };
+
+ fileSystems."/mnt/steam" =
+ { device = "192.168.0.5:/exports/steam";
+ fsType = "nfs";
+ options = ["x-systemd.automount" "noauto"];
+ };
swapDevices = [ ];
- nix.settings.max-jobs = lib.mkDefault 12;
- powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+ nix.maxJobs = lib.mkDefault 4;
+ powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
}
diff --git a/systems/common-cli.nix b/systems/common-cli.nix
deleted file mode 100644
index 4da4392..0000000
--- a/systems/common-cli.nix
+++ /dev/null
@@ -1,202 +0,0 @@
-{ pkgs, ... }:
-
-{
-
- time.timeZone = "Europe/Paris";
-
- programs.nixvim = {
- enable = true;
- viAlias = true;
- vimAlias = true;
- colorschemes.catppuccin.enable = true;
- highlight.ExtraWhitespace.bg = "red"; # Highlight extra white spaces
- performance = {
- byteCompileLua = {
- enable = true;
- nvimRuntime = true;
- configs = true;
- plugins = true;
- };
- };
- opts = {
- updatetime = 100; # Faster completion
-
- # Line numbers
- number = true; # Display the absolute line number of the current line
- hidden = true; # Keep closed buffer open in the background
- mouse = "a"; # Enable mouse control
- mousemodel = "extend"; # Mouse right-click extends the current selection
- splitbelow = true; # A new window is put below the current one
- splitright = true; # A new window is put right of the current one
-
- modeline = true; # Tags such as 'vim:ft=sh'
- modelines = 100; # Sets the type of modelines
- undofile = true; # Automatically save and restore undo history
- incsearch = true; # Incremental search: show match for partly typed search command
- ignorecase = true; # When the search query is lower-case, match both lower and upper-case patterns
- smartcase = true; # Override the 'ignorecase' option if the search pattern contains upper case characters
- cursorline = true; # Highlight the screen line of the cursor
- cursorcolumn = true; # Highlight the screen column of the cursor
- signcolumn = "yes"; # Whether to show the signcolumn
- laststatus = 3; # When to use a status line for the last window
- fileencoding = "utf-8"; # File-content encoding for the current buffer
- termguicolors = true; # Enables 24-bit RGB color in the |TUI|
- wrap = false; # Prevent text from wrapping
-
- # Tab options
- tabstop = 2; # Number of spaces a in the text stands for (local to buffer)
- shiftwidth = 2; # Number of spaces used for each step of (auto)indent (local to buffer)
- softtabstop = 0; # If non-zero, number of spaces to insert for a (local to buffer)
- expandtab = true; # Expand to spaces in Insert mode (local to buffer)
- autoindent = true; # Do clever autoindenting
-
- showmatch = true; # when closing a bracket, briefly flash the matching one
- matchtime = 1; # duration of that flashing n deci-seconds
- startofline = true; # motions like "G" also move to the first char
- report = 9001; # disable "x more/fewer lines" messages
- };
- plugins = {
- lualine.enable = true;
- lsp = {
- enable = true;
- inlayHints = true;
- servers = {
- nixd.enable = true;
- ruff.enable = true;
- };
- };
- lspkind.enable = true;
- lsp-lines.enable = true;
- lsp-signature.enable = true;
- bufferline.enable = true;
- telescope.enable = true;
- which-key.enable = true;
- treesitter = {
- enable = true;
- settings = {
- highlight = {
- enable = true;
- additional_vim_regex_highlighting = true;
- };
-
- indent = {
- enable = true;
- };
- };
- };
- cmp = {
- enable = true;
- autoEnableSources = true;
- settings.sources = [
- { name = "nvim_lsp"; }
- { name = "path"; }
- { name = "buffer"; }
- ];
- };
- };
- };
-
- environment.systemPackages = with pkgs; [
- # Gestionnaires de version
- tig
- gitAndTools.hub
- quilt
-
- # Gestion de paquets
- nix-prefetch-scripts
- nox
- nix-index
-
- # Système
- smartmontools
- htop
- lshw
- usbutils
-
- # Réseau
- inetutils
- rclone
- lftp
- nfs-utils
- nmap
-
- # Divers
- fzf
- file
- ncdu
- yt-dlp
- tldr
- starship
-
- # Audio
- beets
-
- # Outils
- borgbackup
- binutils
- bat
- molly-guard
- nix-template
- lz4
-
- # Développement
- openssl
- treefmt
- nixfmt-rfc-style
- ];
-
- users.defaultUserShell = pkgs.zsh;
- programs = {
- tmux = {
- enable = true;
- clock24 = true;
- };
-
- zsh = {
- enable = true;
- autosuggestions.enable = true;
- enableCompletion = true;
- syntaxHighlighting.enable = true;
- interactiveShellInit = ''
- source "$(${pkgs.fzf}/bin/fzf-share)/key-bindings.zsh"
- eval "$(starship init zsh)"
- '';
- ohMyZsh = {
- enable = true;
- plugins = [
- "git"
- "colored-man-pages"
- "command-not-found"
- "extract"
- "nix"
- ];
- customPkgs = with pkgs; [
- nix-zsh-completions
- ];
- };
- };
-
- bash.interactiveShellInit = ''
- eval "$(starship init bash)"
- '';
-
- git.enable = true;
- };
-
- environment.variables =
- let
- starshipConfToml = pkgs.writeText "starship.toml" ''
- [[battery.display]]
- threshold = 50
- '';
- in
- {
- EDITOR = "nvim";
- STARSHIP_CONFIG = "${starshipConfToml}";
- };
-
- nix.gc.automatic = true;
- nix.gc.options = "--delete-older-than 15d";
- systemd.timers.nix-gc.timerConfig.Persistent = true;
-
-}
diff --git a/systems/common-gui.nix b/systems/common-gui.nix
deleted file mode 100644
index cdcad6c..0000000
--- a/systems/common-gui.nix
+++ /dev/null
@@ -1,157 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- environment.systemPackages = with pkgs; [
- filezilla
- qbittorrent
- transmission-remote-gtk
-
- sc-controller
- steam-run
- prismlauncher
- lutris
- teamspeak_client
- ryujinx
-
- betaflight-configurator
-
- ledger-live-desktop
- monero-gui
-
- tor-browser-bundle-bin
- brave
-
- tdesktop
- element-desktop
- mumble
- discord
-
- kdePackages.kleopatra
- gnupg
- gopass
- xclip
-
- kdePackages.kdeplasma-addons
- kdePackages.ark
- kdePackages.kate
- kdePackages.kmail
- kdePackages.kdeconnect-kde
- kdePackages.okular
- kdePackages.yakuake
- kdePackages.konversation
- kdePackages.gwenview
- kdePackages.kcalc
- kdePackages.spectacle
- kdePackages.kinfocenter
- kile
- (texlive.combine {
- inherit (texlive)
- scheme-small
- titling
- collection-langfrench
- cm-super
- ;
- })
-
- libsForQt5.breeze-gtk
-
- libreoffice
-
- gimp
- inkscape
- imagemagick
- obs-studio
- vlc
- mpv
-
- glxinfo
- i7z
- pavucontrol
- ];
-
- fonts.packages = with pkgs; [
- nerd-fonts.jetbrains-mono
- nerd-fonts.ubuntu-mono
- nerd-fonts.fira-mono
- ];
-
- i18n = {
- defaultLocale = "fr_FR.UTF-8";
- };
-
- console.keyMap = "fr";
-
- networking.networkmanager.enable = true;
-
- systemd.extraConfig = "DefaultLimitNOFILE=1048576";
-
- security = {
- pam.loginLimits = [
- {
- domain = "*";
- type = "hard";
- item = "nofile";
- value = "1048576";
- }
- ];
- rtkit.enable = true;
- };
-
- programs = {
- gnupg.agent = {
- enable = true;
- enableSSHSupport = true;
- };
- browserpass.enable = true;
- steam.enable = true;
- firefox.enable = true;
- appimage.enable = true;
- };
-
- services = {
- # desktopManager.plasma6.enable = true;
- displayManager = {
- sddm = {
- enable = true;
- # wayland.enable = true;
- autoLogin.relogin = true;
- };
- };
- xserver = {
- enable = true;
- xkb.layout = "fr";
- exportConfiguration = true;
- desktopManager.plasma5.enable = true;
- };
- pipewire = {
- enable = true;
- alsa.enable = true;
- alsa.support32Bit = true;
- pulse.enable = true;
- extraConfig.pipewire = {
- "10-clock-rate" = {
- "context.properties" = {
- "default.clock.allowed-rates" = [ 48000 ];
- };
- };
- };
- };
- udev.packages = with pkgs; [ ledger-udev-rules ];
- pcscd.enable = true;
- };
-
- environment.etc = {
- "mpv/mpv.conf" = {
- text = ''
- profile=gpu-hq
- scale=ewa_lanczossharp
- cscale=ewa_lanczossharp
- video-sync=display-resample
- interpolation
- tscale=oversample
- '';
- };
- # CK3 fix
- "ssl/certs/f387163d.0".source = "${pkgs.cacert.unbundled}/etc/ssl/certs/Starfield_Class_2_CA.crt";
- };
-}
diff --git a/systems/common.nix b/systems/common.nix
new file mode 100644
index 0000000..460716e
--- /dev/null
+++ b/systems/common.nix
@@ -0,0 +1,93 @@
+{ config, pkgs, ... }:
+
+{
+
+ time.timeZone = "Europe/Paris";
+
+ nixpkgs.overlays = [
+ (import ../overlays/sudo.nix)
+ (import ../overlays/neovim.nix)
+ ];
+
+ nixpkgs.config.allowUnfree = true;
+ environment.systemPackages = with pkgs; [
+ # Editeurs
+ neovim
+
+ # Gestionnaires de version
+ gitFull
+ tig
+
+ # Gestion de paquets
+ nix-prefetch-scripts
+ nox
+ nix-index
+
+ # Système
+ smartmontools
+ htop
+ lshw
+ usbutils
+
+ # Réseau
+ telnet
+ rclone
+ lftp
+ wireguard
+ nfsUtils
+ nmap
+
+ # Divers
+ fzf
+ file
+ ncdu
+ youtube-dl
+ tldr
+
+ # Audio
+ beets
+
+ # Outils
+ borgbackup
+
+ # Développement
+ openssl
+ ];
+
+ programs.tmux = {
+ enable = true;
+ clock24 = true;
+ };
+
+ users.defaultUserShell = pkgs.zsh;
+ programs.zsh = {
+ enable = true;
+ autosuggestions.enable = true;
+ enableCompletion = true;
+ syntaxHighlighting.enable = true;
+ interactiveShellInit = ''
+ source "$(${pkgs.fzf}/bin/fzf-share)/key-bindings.zsh"
+ '';
+ ohMyZsh = {
+ enable = true;
+ plugins = [ "git" "colored-man-pages" "command-not-found" "extract" "nix" ];
+ customPkgs = with pkgs;[
+ spaceship-prompt
+ nix-zsh-completions
+ ];
+ theme = "spaceship";
+ };
+ };
+
+ environment.variables = {
+ EDITOR = "nvim";
+ SPACESHIP_TIME_SHOW = "true";
+ SPACESHIP_BATTERY_THRESHOLD = "50";
+ SPACESHIP_EXIT_CODE_SHOW = "true";
+ };
+
+ nix.gc.automatic = true;
+ nix.gc.options = "--delete-older-than 15d";
+ systemd.timers.nix-gc.timerConfig.Persistent = true;
+
+}
diff --git a/treefmt.toml b/treefmt.toml
deleted file mode 100644
index d8118ce..0000000
--- a/treefmt.toml
+++ /dev/null
@@ -1,3 +0,0 @@
-[formatter.nixfmt-rfc-style]
-command = "nixfmt"
-includes = ["*.nix"]