diff --git a/containers/vsftpd.nix b/containers/vsftpd.nix
deleted file mode 100644
index 2881580e..00000000
--- a/containers/vsftpd.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-{ config, pkgs, ... }:
-{
- containers.vsftpd = {
- autoStart = true;
- config =
- { config, pkgs, ... }:
- {
- nixpkgs.overlays = [
- (import ../overlays/vsftpd.nix)
- ];
- services.vsftpd = {
- enable = true;
- forceLocalLoginsSSL = true;
- forceLocalDataSSL = true;
- userlistDeny = false;
- localUsers = true;
- userlist = ["claire" "manu"];
- rsaCertFile = "/var/vsftpd/vsftpd.pem";
- extraConfig = ''
- pasv_min_port=64000
- pasv_max_port=65535
- local_root=/mnt/medias
- '';
- };
-
- users.extraUsers = {
- claire = {
- isNormalUser = true;
- hashedPassword = "$6$Mu47EjsbNTewDkRp$XeQh6rcdvb3BUXzsGqekKImLTrMgnN0VyERoSbpI4rMPlx8oHM9NNeHZtfIiLEaZGtQ9otnbLa54jYse5Iwev1";
- description = "Claire TREHIOU";
- };
-
- manu = {
- isNormalUser = true;
- hashedPassword = "$6$YGNIdGEclo$JcUotBS6hqlpENjjUeYhDjtrwxu10oARF4Nq4tEo072Sumr3Rl/w3ZXSHI5/3RxfvUMmJ4ulUVctBLhwrqP.g0";
- description = "Emmanuel ZENNER";
- };
- };
- };
- bindMounts = {
- "/var/vsftpd/vsftpd.pem" = {
- hostPath = "/var/vsftpd/vsftpd.pem";
- };
- "/mnt/medias" = {
- hostPath = "/mnt/medias";
- };
- };
- };
-}
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 00000000..05a70578
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,445 @@
+{
+ "nodes": {
+ "blobs": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1604995301,
+ "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
+ "owner": "simple-nixos-mailserver",
+ "repo": "blobs",
+ "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
+ "type": "gitlab"
+ },
+ "original": {
+ "owner": "simple-nixos-mailserver",
+ "repo": "blobs",
+ "type": "gitlab"
+ }
+ },
+ "devshell": {
+ "inputs": {
+ "nixpkgs": [
+ "nixvim",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1741473158,
+ "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
+ "owner": "numtide",
+ "repo": "devshell",
+ "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "devshell",
+ "type": "github"
+ }
+ },
+ "dogetipbot-telegram": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1730148450,
+ "narHash": "sha256-CSxPIeDqavQ3fJhshuNs0oS84P1p87BsbNoashKlrKg=",
+ "owner": "nyanloutre",
+ "repo": "dogetipbot-telegram",
+ "rev": "667e318212920005917792b06e0f480b421fa6d3",
+ "type": "gitlab"
+ },
+ "original": {
+ "owner": "nyanloutre",
+ "ref": "master",
+ "repo": "dogetipbot-telegram",
+ "type": "gitlab"
+ }
+ },
+ "flake-compat": {
+ "locked": {
+ "lastModified": 1733328505,
+ "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+ "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+ "revCount": 69,
+ "type": "tarball",
+ "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz"
+ },
+ "original": {
+ "type": "tarball",
+ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
+ }
+ },
+ "flake-compat_2": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1696426674,
+ "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-parts": {
+ "inputs": {
+ "nixpkgs-lib": [
+ "nixvim",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1743550720,
+ "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "rev": "c621e8422220273271f52058f618c94e405bb0f5",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "type": "github"
+ }
+ },
+ "flake-utils": {
+ "inputs": {
+ "systems": "systems"
+ },
+ "locked": {
+ "lastModified": 1731533236,
+ "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "git-hooks": {
+ "inputs": {
+ "flake-compat": [
+ "nixvim",
+ "flake-compat"
+ ],
+ "gitignore": "gitignore",
+ "nixpkgs": [
+ "nixvim",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1742649964,
+ "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
+ "owner": "cachix",
+ "repo": "git-hooks.nix",
+ "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "repo": "git-hooks.nix",
+ "type": "github"
+ }
+ },
+ "gitignore": {
+ "inputs": {
+ "nixpkgs": [
+ "nixvim",
+ "git-hooks",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1709087332,
+ "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "type": "github"
+ }
+ },
+ "home-manager": {
+ "inputs": {
+ "nixpkgs": [
+ "nixvim",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1744743431,
+ "narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=",
+ "owner": "nix-community",
+ "repo": "home-manager",
+ "rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "ref": "release-24.11",
+ "repo": "home-manager",
+ "type": "github"
+ }
+ },
+ "ipmihddtemp": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1747584091,
+ "narHash": "sha256-6QMKT0BrLyb2wSFEpmTjYpMS6JOLHRRAMnnM5/qN/vE=",
+ "owner": "nyanloutre",
+ "repo": "ipmihddtemp",
+ "rev": "837ba5a66de1688e7fbce8302cfb363c42a0e1d9",
+ "type": "gitlab"
+ },
+ "original": {
+ "owner": "nyanloutre",
+ "ref": "master",
+ "repo": "ipmihddtemp",
+ "type": "gitlab"
+ }
+ },
+ "ixx": {
+ "inputs": {
+ "flake-utils": [
+ "nixvim",
+ "nuschtosSearch",
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "nixvim",
+ "nuschtosSearch",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1737371634,
+ "narHash": "sha256-fTVAWzT1UMm1lT+YxHuVPtH+DATrhYfea3B0MxG/cGw=",
+ "owner": "NuschtOS",
+ "repo": "ixx",
+ "rev": "a1176e2a10ce745ff8f63e4af124ece8fe0b1648",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NuschtOS",
+ "ref": "v0.0.7",
+ "repo": "ixx",
+ "type": "github"
+ }
+ },
+ "nix-darwin": {
+ "inputs": {
+ "nixpkgs": [
+ "nixvim",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1743127615,
+ "narHash": "sha256-+sMGqywrSr50BGMLMeY789mSrzjkoxZiu61eWjYS/8o=",
+ "owner": "lnl7",
+ "repo": "nix-darwin",
+ "rev": "fc843893cecc1838a59713ee3e50e9e7edc6207c",
+ "type": "github"
+ },
+ "original": {
+ "owner": "lnl7",
+ "ref": "nix-darwin-24.11",
+ "repo": "nix-darwin",
+ "type": "github"
+ }
+ },
+ "nixpkgs": {
+ "locked": {
+ "lastModified": 1747485343,
+ "narHash": "sha256-YbsZyuRE1tobO9sv0PUwg81QryYo3L1F3R3rF9bcG38=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "9b5ac7ad45298d58640540d0323ca217f32a6762",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-24.11",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs-4a3fc4cf7": {
+ "locked": {
+ "lastModified": 1716914467,
+ "narHash": "sha256-KkT6YM/yNQqirtYj/frn6RRakliB8RDvGqVGGaNhdcU=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4",
+ "type": "github"
+ }
+ },
+ "nixpkgs-unstable": {
+ "locked": {
+ "lastModified": 1747327360,
+ "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-unstable",
+ "type": "indirect"
+ }
+ },
+ "nixvim": {
+ "inputs": {
+ "devshell": "devshell",
+ "flake-compat": "flake-compat",
+ "flake-parts": "flake-parts",
+ "git-hooks": "git-hooks",
+ "home-manager": "home-manager",
+ "nix-darwin": "nix-darwin",
+ "nixpkgs": [
+ "nixpkgs"
+ ],
+ "nuschtosSearch": "nuschtosSearch",
+ "treefmt-nix": "treefmt-nix"
+ },
+ "locked": {
+ "lastModified": 1745963276,
+ "narHash": "sha256-MpLljx/1dGnBIQlUswaUz/ZeOp44R3ngc1iBf4tyzyc=",
+ "owner": "nix-community",
+ "repo": "nixvim",
+ "rev": "5bef8e43ce16ee704c7b9fa9f48a07ce81c5c05d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "ref": "nixos-24.11",
+ "repo": "nixvim",
+ "type": "github"
+ }
+ },
+ "nuschtosSearch": {
+ "inputs": {
+ "flake-utils": "flake-utils",
+ "ixx": "ixx",
+ "nixpkgs": [
+ "nixvim",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1745046075,
+ "narHash": "sha256-8v4y6k16Ra/fiecb4DxhsoOGtzLKgKlS+9/XJ9z0T2I=",
+ "owner": "NuschtOS",
+ "repo": "search",
+ "rev": "066afe8643274470f4a294442aadd988356a478f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NuschtOS",
+ "repo": "search",
+ "type": "github"
+ }
+ },
+ "root": {
+ "inputs": {
+ "dogetipbot-telegram": "dogetipbot-telegram",
+ "ipmihddtemp": "ipmihddtemp",
+ "nixpkgs": "nixpkgs",
+ "nixpkgs-4a3fc4cf7": "nixpkgs-4a3fc4cf7",
+ "nixpkgs-unstable": "nixpkgs-unstable",
+ "nixvim": "nixvim",
+ "simple-nixos-mailserver": "simple-nixos-mailserver"
+ }
+ },
+ "simple-nixos-mailserver": {
+ "inputs": {
+ "blobs": "blobs",
+ "flake-compat": "flake-compat_2",
+ "nixpkgs": [
+ "nixpkgs-unstable"
+ ],
+ "nixpkgs-24_11": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1746469806,
+ "narHash": "sha256-kL3cc25sc0x+6gBZYjuE4566RT1E3XLQs4V8sl7D+VE=",
+ "owner": "simple-nixos-mailserver",
+ "repo": "nixos-mailserver",
+ "rev": "14857a0309d7bbdf7c51bbfa309d0d13448ae77e",
+ "type": "gitlab"
+ },
+ "original": {
+ "owner": "simple-nixos-mailserver",
+ "ref": "nixos-24.11",
+ "repo": "nixos-mailserver",
+ "type": "gitlab"
+ }
+ },
+ "systems": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
+ "treefmt-nix": {
+ "inputs": {
+ "nixpkgs": [
+ "nixvim",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1744961264,
+ "narHash": "sha256-aRmUh0AMwcbdjJHnytg1e5h5ECcaWtIFQa6d9gI85AI=",
+ "owner": "numtide",
+ "repo": "treefmt-nix",
+ "rev": "8d404a69efe76146368885110f29a2ca3700bee6",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "treefmt-nix",
+ "type": "github"
+ }
+ }
+ },
+ "root": "root",
+ "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 00000000..a5b8cdbe
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,115 @@
+{
+ inputs = {
+ nixpkgs.url = "flake:nixpkgs/nixos-24.11";
+ nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable";
+ # transmission 4.0.5 downgrade to fix tracker bug
+ nixpkgs-4a3fc4cf7.url = "github:nixos/nixpkgs/4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4";
+ simple-nixos-mailserver = {
+ url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.11";
+ inputs = {
+ nixpkgs.follows = "nixpkgs-unstable";
+ nixpkgs-24_11.follows = "nixpkgs";
+ };
+ };
+ nixvim = {
+ url = "github:nix-community/nixvim/nixos-24.11";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
+ dogetipbot-telegram = {
+ url = "gitlab:nyanloutre/dogetipbot-telegram/master";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
+ ipmihddtemp = {
+ url = "gitlab:nyanloutre/ipmihddtemp/master";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
+ };
+
+ outputs =
+ {
+ self,
+ nixpkgs,
+ nixpkgs-unstable,
+ nixpkgs-4a3fc4cf7,
+ simple-nixos-mailserver,
+ nixvim,
+ dogetipbot-telegram,
+ ipmihddtemp,
+ }@inputs:
+ {
+
+ packages.x86_64-linux = (import ./pkgs nixpkgs.legacyPackages.x86_64-linux);
+
+ nixosConfigurations.paul-fixe = nixpkgs-unstable.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules = [
+ nixpkgs-unstable.nixosModules.notDetected
+ nixvim.nixosModules.nixvim
+ {
+ nixpkgs.config.allowUnfree = true;
+ nix = {
+ settings.experimental-features = [
+ "nix-command"
+ "flakes"
+ ];
+ registry = {
+ nixpkgs.to = {
+ type = "path";
+ path = nixpkgs-unstable.legacyPackages.x86_64-linux.path;
+ };
+ };
+ };
+ }
+ ./systems/PC-Fixe/configuration.nix
+ ];
+ };
+
+ nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem rec {
+ system = "x86_64-linux";
+ specialArgs = {
+ inputs = inputs;
+ pkgs-4a3fc4cf7 = import nixpkgs-4a3fc4cf7 {
+ inherit system;
+ };
+ };
+ modules = [
+ nixpkgs-unstable.nixosModules.notDetected
+ simple-nixos-mailserver.nixosModule
+ nixvim.nixosModules.nixvim
+ dogetipbot-telegram.nixosModule
+ ipmihddtemp.nixosModule
+ {
+ nix = {
+ settings.experimental-features = [
+ "nix-command"
+ "flakes"
+ ];
+ registry = {
+ nixpkgs.to = {
+ type = "path";
+ path = nixpkgs.legacyPackages.x86_64-linux.path;
+ };
+ };
+ };
+ systemd.services.watcharr = {
+ description = "Watcharr";
+ after = [ "network.target" ];
+ environment = {
+ PORT = "3005";
+ WATCHARR_DATA = "/var/lib/watcharr";
+ };
+ serviceConfig = {
+ DynamicUser = true;
+ StateDirectory = "watcharr";
+ ExecStart = "${self.packages.x86_64-linux.watcharr}/bin/Watcharr";
+ PrivateTmp = true;
+ };
+ wantedBy = [ "multi-user.target" ];
+ };
+ }
+ ./systems/LoutreOS/configuration.nix
+ ];
+ };
+
+ };
+}
diff --git a/overlays/dogetipbot-telegram.nix b/overlays/dogetipbot-telegram.nix
deleted file mode 100644
index 9bc16e05..00000000
--- a/overlays/dogetipbot-telegram.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-self: super:
-
-{
- dogetipbot-telegram = super.callPackage (super.fetchgit {
- url = "https://gitlab.com/nyanloutre/dogetipbot-telegram.git";
- rev = "3bf1c89aaccded42ce41452c72f7ebf6d4d056ca";
- sha256 = "1gd1wi054ihbxanvj1ac7mz5ghnxab89a0r3i4hy482sglbxqcih";
- }) { pkgs = self; };
-}
diff --git a/overlays/ledger-udev-rules.nix b/overlays/ledger-udev-rules.nix
deleted file mode 100644
index 495e4606..00000000
--- a/overlays/ledger-udev-rules.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-self: super:
-
-{
- ledger-udev-rules = super.writeTextFile {
- name = "ledger-udev-rules";
- text = ''
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="1b7c", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users"
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="2b7c", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users"
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="3b7c", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users"
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="4b7c", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users"
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="1807", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users"
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="1808", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users"
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0000", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users"
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0001", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users"
- '';
- destination = "/etc/udev/rules.d/99-ledger.rules";
- };
-}
diff --git a/overlays/neovim.nix b/overlays/neovim.nix
deleted file mode 100644
index 48d85316..00000000
--- a/overlays/neovim.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-self: super:
-{
- neovim = super.neovim.override {
- viAlias = true;
- vimAlias = true;
- configure = {
- customRC = ''
- set shiftwidth=2
- set softtabstop=2
- set expandtab
- set background=dark
- '';
- packages.myVimPackage = with super.vimPlugins; {
- start = [
- vim-startify airline sensible
- polyglot ale fugitive
- ];
- opt = [ ];
- };
- };
- };
-}
diff --git a/overlays/riot-web.nix b/overlays/riot-web.nix
deleted file mode 100644
index 74539b12..00000000
--- a/overlays/riot-web.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-self: super:
-{
- riot-web = super.riot-web.override {
- conf = ''
- {
- "default_hs_url": "https://matrix.nyanlout.re",
- "default_is_url": "https://vector.im",
- "brand": "Nyanloutre",
- "default_theme": "dark"
- }
- '';
- };
-}
diff --git a/overlays/sudo.nix b/overlays/sudo.nix
deleted file mode 100644
index 229ad6ea..00000000
--- a/overlays/sudo.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-self: super:
-{
- sudo = super.sudo.override {
- withInsults = true;
- };
-}
diff --git a/overlays/vsftpd.nix b/overlays/vsftpd.nix
deleted file mode 100644
index 9475490e..00000000
--- a/overlays/vsftpd.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-self: super:
-{
- vsftpd = super.vsftpd.override {
- sslEnable = true;
- };
-}
diff --git a/pkgs/default.nix b/pkgs/default.nix
new file mode 100644
index 00000000..f433fdd2
--- /dev/null
+++ b/pkgs/default.nix
@@ -0,0 +1,3 @@
+pkgs: {
+ watcharr = pkgs.callPackage ./watcharr { };
+}
diff --git a/pkgs/site-max/default.nix b/pkgs/site-max/default.nix
deleted file mode 100644
index a42387cb..00000000
--- a/pkgs/site-max/default.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ lib, stdenv, fetchFromGitHub, sassc }:
-
-stdenv.mkDerivation rec {
- name= "site-max-${version}";
- version = "1.0.1";
-
- src = fetchFromGitHub {
- owner = "nyanloutre";
- repo = "site-max";
- rev = "85e30457291e6a1dfe85a5d7a78f226657bad279";
- sha256 = "0fj5w43gcvp0gq0xlknrf6yp0b48wg01686wp02fjc9npm424g0v";
- };
-
- buildPhase = ''
- ${sassc}/bin/sassc -m auto -t compressed scss/creative.scss css/creative.css
- '';
-
- installPhase = ''
- mkdir -p $out/
- cp -R . $out/
- '';
-
- meta = {
- description = "Site de présentation de Max Spiegel";
- homepage = https://maxspiegel.fr/;
- maintainers = with stdenv.lib.maintainers; [ nyanloutre ];
- license = stdenv.lib.licenses.cc-by-nc-sa-40;
- platforms = stdenv.lib.platforms.all;
- };
-}
diff --git a/pkgs/watcharr/default.nix b/pkgs/watcharr/default.nix
new file mode 100644
index 00000000..dc3cbd0a
--- /dev/null
+++ b/pkgs/watcharr/default.nix
@@ -0,0 +1,65 @@
+{
+ lib,
+ pkgs,
+ buildGoModule,
+ fetchFromGitHub,
+ buildNpmPackage,
+ nixosTests,
+ caddy,
+ testers,
+ installShellFiles,
+ stdenv,
+}:
+
+let
+ version = "1.41.0";
+ src = fetchFromGitHub {
+ owner = "sbondCo";
+ repo = "Watcharr";
+ rev = "v${version}";
+ hash = "sha256-ZvCxgfZZ9pbp+NvH+IhWphJWnAwgAH0x/REPd/XxJ70=";
+ };
+
+ frontend = buildNpmPackage {
+ pname = "watcharr-ui";
+ inherit version src;
+ npmDepsHash = "sha256-73paI0y4QyzkEnU99f1HeLD/hW8GP3F9N8tGGQnloH8=";
+
+ installPhase = ''
+ cp -r build $out
+ cp package.json package-lock.json $out
+ cd $out && npm ci --omit=dev
+ '';
+ };
+in
+buildGoModule {
+ pname = "watcharr";
+ inherit version;
+
+ src = src + "/server";
+
+ vendorHash = "sha256-86pFpS8ZSj+c7vwn0QCwzXlvVYJIf3SBj4X81zlwBWQ=";
+
+ # Inject frontend assets into go embed
+ prePatch = ''
+ # rm -rf ui
+ # ln -s ${frontend} ui
+ substituteInPlace watcharr.go \
+ --replace-fail ui/index.js ${frontend}/index.js \
+ --replace-fail \"127.0.0.1:3000\" "\"127.0.0.1:\"+os.Getenv(\"PORT\")"
+ '';
+
+ buildInputs = [ pkgs.makeWrapper ];
+
+ postFixup = ''
+ wrapProgram "$out/bin/Watcharr" --prefix PATH : "${lib.makeBinPath [ pkgs.nodejs ]}"
+ '';
+
+ meta = with lib; {
+ homepage = "https://watcharr.app/";
+ description = "Open source, self-hostable watched list for all your content with user authentication, modern and clean UI and a very simple setup";
+ license = licenses.asl20;
+ # mainProgram = "caddy";
+ maintainers = with maintainers; [ nyanloutre ];
+ };
+}
diff --git a/services/auto-pr.nix b/services/auto-pr.nix
deleted file mode 100644
index 0ac765c1..00000000
--- a/services/auto-pr.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{lib, config, pkgs, ... }:
-
-with lib;
-
-let
- cfg = config.services.auto-pr;
-in
-{
- options.services.auto-pr = {
- enable = mkEnableOption "Cron job PR mise à jour automatique";
- };
-
- config = mkIf cfg.enable {
-
- systemd.services.auto-pr-bot = {
- description = "Création d'un PR si mise à jour";
- requires = ["network-online.target"];
- environment = { HOME = "/var/lib/auto-pr-bot"; };
- serviceConfig = {
- DynamicUser = true;
- CacheDirectory = "auto-pr-bot";
- StateDirectory = "auto-pr-bot";
- Type = "oneshot";
- ExecStart = with pkgs;
- let env = python3Packages.python.buildEnv.override {
- extraLibs = [ python3Packages.PyGithub python3Packages.pyjwt python3Packages.colorama ];
- ignoreCollisions = true;
- };
- in "${pkgs.writeShellScriptBin "run.sh" ''
- ${env}/bin/python ${pkgs.writeScript "pr-autobot.py" "${readFile ./pr-autobot.py}"} --private-key /var/lib/auto-pr-bot/private-key.pem --app-id 19565 --installation-id 407088 --repo nyanloutre/nixpkgs --cache-dir /var/cache/auto-pr-bot
- ''}/bin/run.sh";
- };
- };
-
- systemd.timers.auto-pr-bot = {
- description = "Timer auto PR bot";
- requires = ["network-online.target"];
- wantedBy = ["multi-user.target"];
- timerConfig = { OnCalendar = "daily"; Unit = "auto-pr-bot.service"; };
- };
-
- };
-
-}
diff --git a/services/haproxy-acme.nix b/services/haproxy-acme.nix
deleted file mode 100644
index b16cf76f..00000000
--- a/services/haproxy-acme.nix
+++ /dev/null
@@ -1,149 +0,0 @@
-{ lib, config, pkgs, ... }:
-
-with lib;
-
-let
- cfg = config.services.haproxy-acme;
-
- nginx_port = 54321;
-
- haproxyConf = ''
- global
- log /dev/log local0
- log /dev/log local1 notice
- user haproxy
- group haproxy
- ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
- ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
- ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
- ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
- defaults
- option forwardfor
- option http-server-close
- timeout client 10s
- timeout connect 4s
- timeout server 30s
- userlist LOUTRE
- user paul password $6$6rDdCtzSVsAwB6KP$V8bR7KP7FSL2BSEh6n3op6iYhAnsVSPI2Ar3H6MwKrJ/lZRzUI8a0TwVBD2JPnAntUhLpmRudrvdq2Ls2odAy.
- frontend public
- bind :::80 v4v6
- bind :::443 v4v6 ssl crt /var/lib/acme/${cfg.domaine}/full.pem alpn h2,http/1.1
- mode http
- acl letsencrypt-acl path_beg /.well-known/acme-challenge/
- acl haproxy-acl path_beg /haproxy
- redirect scheme https code 301 if !{ ssl_fc } !letsencrypt-acl
- http-response set-header Strict-Transport-Security max-age=15768000
- use_backend letsencrypt-backend if letsencrypt-acl
- use_backend haproxy_stats if haproxy-acl
-
- ${concatStrings (
- mapAttrsToList (name: value:
- " acl ${name}-acl hdr(host) -i ${name}\n"
- + " use_backend ${name}-backend if ${name}-acl\n"
- ) cfg.services)}
-
- backend letsencrypt-backend
- mode http
- server letsencrypt 127.0.0.1:${toString nginx_port}
- backend haproxy_stats
- mode http
- stats enable
- stats hide-version
- acl AuthOK_LOUTRE http_auth(LOUTRE)
- http-request auth realm LOUTRE if !AuthOK_LOUTRE
-
- ${concatStrings (
- mapAttrsToList (name: value:
- ''
- backend ${name}-backend
- mode http
- ${(
- if value.socket == "" then
- ''
- server ${name} ${value.ip}:${toString value.port}
- ''
- else
- ''
- server ${name} ${value.socket}
- ''
- )}
- ${(if value.auth then (
- value.extraAcls
- + ''
- acl AUTH_OK http_auth(LOUTRE)
- http-request auth realm LOUTRE if ${value.aclBool}
- ''
- ) else "")}
- ''
- ) cfg.services)}
-
- '';
-in
-{
- options.services.haproxy-acme = {
- enable = mkEnableOption "HAproxy + ACME";
-
- domaine = mkOption {
- type = types.string;
- example = "example.com";
- description = ''
- Sous domaine à utiliser
-
- Il est necessaire d'avoir un enregistrement pointant sur la wildcard de ce domaine vers le serveur
- '';
- };
-
- services = mkOption {
- type = with types; attrsOf (submodule { options = {
- ip = mkOption { type = str; description = "IP address"; };
- port = mkOption { type = int; description = "Port number"; };
- socket = mkOption { type = str; description = "Emplacement du socket"; default = ""; };
- auth = mkOption { type = bool; description = "Enable authentification"; default = false; };
- extraAcls = mkOption { type = str; description = "ACL HaProxy suplémentaires"; default = ""; };
- aclBool = mkOption { type = str; description = "Logique d'authentification"; default = "!AUTH_OK"; };
- }; });
- example = ''
- haproxy_backends = {
- example = { ip = "127.0.0.1"; port = 1234; auth = false; };
- };
- '';
- description = "Liste des noms de domaines associés à leur backend";
- };
- };
-
- config = mkIf cfg.enable {
-
- services.haproxy.enable = true;
-
- services.haproxy.config = haproxyConf;
-
- services.nginx.enable = true;
- services.nginx.virtualHosts = {
- "acme" = {
- listen = [ { addr = "127.0.0.1"; port = nginx_port; } ];
- locations = { "/" = { root = "/var/www/challenges"; }; };
- };
- };
-
- security.acme.certs = {
- ${cfg.domaine} = {
- extraDomains = mapAttrs' (name: value:
- nameValuePair ("${name}") (null)
- ) cfg.services;
- webroot = "/var/www/challenges";
- email = "paul@nyanlout.re";
- user = "haproxy";
- group = "haproxy";
- postRun = ''
- systemctl reload haproxy.service
- '';
- };
- };
- security.acme.directory = "/var/lib/acme";
-
- networking.firewall.allowedTCPPorts = [
- 80 443
- ];
-
- };
-}
diff --git a/services/mail-server.nix b/services/mail-server.nix
deleted file mode 100644
index 13fca175..00000000
--- a/services/mail-server.nix
+++ /dev/null
@@ -1,67 +0,0 @@
-{ lib, config, pkgs, ... }:
-
-with lib;
-
-let
- cfg = config.services.mailserver;
-in
-{
- options.services.mailserver = {
- enable = mkEnableOption "Mail Server";
- domaine = mkOption {
- type = types.string;
- example = "example.com";
- description = "Nom de domaine du serveur de mails";
- };
- };
-
- imports = [
- (builtins.fetchTarball {
- url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.0/nixos-mailserver-v2.2.0.tar.gz";
- sha256 = "0gqzgy50hgb5zmdjiffaqp277a68564vflfpjvk1gv6079zahksc";
- })
- ];
-
- config = mkIf cfg.enable {
-
- mailserver = {
- enable = true;
- fqdn = "mail.${cfg.domaine}";
- domains = [ cfg.domaine ];
-
- # A list of all login accounts. To create the password hashes, use
- # mkpasswd -m sha-512 "super secret password"
- loginAccounts = {
- "paul@${cfg.domaine}" = {
- hashedPassword = "$6$8wWQbtqVqUoH8$pQKg0bZPcjCbuPvyhjJ1lQy949M/AgfmAye/hDEIVUnCfwtlUxC1yj8CBHpNKeiiXhd8IUqk9r0/IJNvB6okf0";
- };
- };
-
- # Certificate setup
- certificateScheme = 1;
- certificateFile = "/var/lib/acme/${cfg.domaine}/fullchain.pem";
- keyFile = "/var/lib/acme/${cfg.domaine}/key.pem";
-
- # Enable IMAP and POP3
- enableImap = true;
- enablePop3 = true;
- enableImapSsl = true;
- enablePop3Ssl = true;
-
- # Enable the ManageSieve protocol
- enableManageSieve = true;
- };
-
- security.acme.certs = {
- "${cfg.domaine}" = {
- extraDomains = {
- "mail.${cfg.domaine}" = null;
- };
- postRun = ''
- systemctl reload dovecot2.service
- '';
- };
- };
-
- };
-}
diff --git a/services/pr-autobot.py b/services/pr-autobot.py
deleted file mode 100755
index a1ad4b10..00000000
--- a/services/pr-autobot.py
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/usr/bin/env python
-
-import jwt, time, urllib.request, json, datetime, argparse, sys, textwrap
-from github import Github
-from colorama import Fore, Style
-from time import sleep
-
-parser = argparse.ArgumentParser(description='Create PR to update nixpkgs fork')
-parser.add_argument('--private-key')
-parser.add_argument('--app-id')
-parser.add_argument('--installation-id')
-parser.add_argument('--repo')
-parser.add_argument('--cache-dir')
-args = vars(parser.parse_args())
-
-channel_req = urllib.request.Request(url='https://nixos.org/channels/nixos-18.09/git-revision')
-latest_commit = urllib.request.urlopen(channel_req).read().decode('utf-8')
-try:
- previous_commit = open(args['cache_dir'] + '/git-revision', 'r').read()
-except FileNotFoundError:
- open(args['cache_dir'] + '/git-revision', 'w').write(latest_commit)
- print("Premier lancement, le hash du dernier commit à été sauvegardé")
- sys.exit(0)
-
-print("Dernier commit : " + latest_commit)
-print("Commit précédent : " + previous_commit)
-
-if latest_commit != previous_commit:
- bearer_token = jwt.encode({
- 'iat': int(time.time()),
- 'exp': int(time.time()) + (10 * 60),
- 'iss': args['app_id']
- },
- open(args['private_key'],"r").read(),
- algorithm='RS256')
-
- req = urllib.request.Request(url='https://api.github.com/app/installations/' +
- args['installation_id'] +
- '/access_tokens',
- method='POST')
-
- req.add_header('Authorization', 'Bearer ' + bearer_token.decode('utf-8'))
- req.add_header('Accept', 'application/vnd.github.machine-man-preview+json')
-
- token = json.loads(urllib.request.urlopen(req).read().decode('utf-8'))['token']
-
- g = Github(token)
- repo = g.get_repo(args['repo'])
-
- branch = "upgrade-" + datetime.datetime.now().strftime('%Y-%m-%d') + '-' + latest_commit[:11];
-
- repo.create_git_ref('refs/heads/' + branch, latest_commit)
-
- pr_message = textwrap.dedent("""\
- ### Pull request automatique
- ### Avancement mise à jour
- - [ ] Fusionner la branche
- """)
-
- pr = repo.create_pull(title=branch, body=pr_message, base='nixos-18.09', head=branch)
-
- print("Pull request numéro " + str(pr.number) + " créée")
- print("URL : " + pr.html_url)
-
- while pr.mergeable == None:
- pr = repo.get_pull(pr.number)
- sleep(1)
-
- pr.edit(body = pr.body + "\n- [ ] Exécuter `nixos-rebuild -I nixpkgs=https://github.com/nyanloutre/nixpkgs/archive/" + pr.merge_commit_sha + ".tar.gz switch`")
- print("État : " + ((Fore.GREEN + "Fusionnable") if pr.mergeable else (Fore.RED + "Conflit")) + Style.RESET_ALL)
-
- open(args['cache_dir'] + '/git-revision', 'w').write(latest_commit)
-else:
- print(Fore.GREEN + "Aucun changement détecté" + Style.RESET_ALL)
diff --git a/services/python-ci.nix b/services/python-ci.nix
deleted file mode 100644
index 2523d8f6..00000000
--- a/services/python-ci.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-{lib, config, pkgs, ... }:
-
-with lib;
-
-let
- cfg = config.services.python-ci;
-in
-{
- options.services.python-ci = {
- enable = mkEnableOption "Service de CI Nix écrit en Python";
- };
-
- config = mkIf cfg.enable {
-
- systemd.services.python-ci = {
- description = "CI Nix en Python";
- requires = ["network-online.target"];
- wantedBy = ["multi-user.target"];
- environment = { HOME = "/var/lib/python-ci"; NIX_PATH = concatStringsSep ":" config.nix.nixPath; NIXPKGS_ALLOW_UNFREE = "1";};
- path = with pkgs;[ nix gnutar gzip ];
- serviceConfig = {
- DynamicUser = true;
- StateDirectory = "python-ci";
- RuntimeDirectory = "python-ci";
- RuntimeDirectoryPreserve = "yes";
- ExecStart = with pkgs;
- let env = python3Packages.python.buildEnv.override {
- extraLibs = with python3Packages;[ pyramid python-gitlab ];
- ignoreCollisions = true;
- };
- in "${pkgs.writeShellScriptBin "run.sh" ''
- ${env}/bin/python ${pkgs.writeScript "python-ci.py" "${readFile ./python-ci.py}"} --port 52350 \
- --secret /var/lib/python-ci/secret --gitlab-token /var/lib/python-ci/gitlab_token \
- --gitea-token /var/lib/python-ci/gitea_token --output /run/python-ci
- ''}/bin/run.sh";
- };
- };
-
- };
-
-}
diff --git a/services/python-ci.py b/services/python-ci.py
deleted file mode 100755
index 825f4022..00000000
--- a/services/python-ci.py
+++ /dev/null
@@ -1,153 +0,0 @@
-#! /usr/bin/env nix-shell
-#! nix-shell -i python3 -p "python3.withPackages(ps: [ps.pyramid ps.python-gitlab])"
-from wsgiref.simple_server import make_server
-from pyramid.config import Configurator
-from pyramid.view import view_config, view_defaults
-from pyramid.httpexceptions import HTTPNotFound
-from subprocess import check_call, CalledProcessError
-import urllib.request
-import tarfile
-from tempfile import TemporaryDirectory
-from multiprocessing import Pool
-from gitlab import Gitlab
-import urllib.request
-import json
-import argparse
-
-
-def gitlab_build(payload, gl):
- commit = gl.projects.get(payload['project']['path_with_namespace']).commits.get(payload['checkout_sha'])
-
- commit.statuses.create({'state': 'running', 'name': 'Python CI'})
- print("push from " + payload['user_name'])
- print("repo: " + payload['project']['path_with_namespace'])
- print("commit: " + payload['checkout_sha'])
- temp_dir = TemporaryDirectory()
- repo_dir = temp_dir.name + '/' + payload['project']['name'] + '-' + payload['checkout_sha']
- archive_url = payload['project']['web_url'] + '/-/archive/' + payload['checkout_sha'] + \
- '/' + payload['project']['name'] + '-' + payload['checkout_sha'] + '.tar.gz'
-
- with urllib.request.urlopen(archive_url) as gitlab_archive:
- with tarfile.open(fileobj=gitlab_archive, mode='r|gz') as gitlab_repo_files:
- gitlab_repo_files.extractall(path=temp_dir.name)
-
- check_call(['ls', '-lha', repo_dir])
-
- try:
- check_call(['nix-build', '-o', args.output + '/' + payload['project']['path_with_namespace'], repo_dir])
- except CalledProcessError:
- commit.statuses.create({'state': 'failed', 'name': 'Python CI'})
- print("erreur build")
- else:
- commit.statuses.create({'state': 'success', 'name': 'Python CI'})
- print("build terminé")
-
-
-@view_defaults(
- route_name="gitlab_payload", renderer="json", request_method="POST"
-)
-class GitlabHook(object):
-
- def __init__(self, request):
- self.request = request
- self.payload = self.request.json
- self.whitelist = ['nyanloutre/site-musique']
- self.secret = open(args.secret, 'r').readline().splitlines()[0]
- self.gitlab_token = open(args.gitlab_token, 'r').readline().splitlines()[0]
- self.gl = Gitlab('https://gitlab.com', private_token=self.gitlab_token)
-
- @view_config(header="X-Gitlab-Event:Push Hook")
- def push_hook(self):
- if self.payload['project']['path_with_namespace'] in self.whitelist and self.request.headers['X-Gitlab-Token'] == self.secret:
- self.gl.projects.get(self.payload['project']['path_with_namespace']).commits.get(self.payload['checkout_sha']).statuses.create({'state': 'pending', 'name': 'Python CI'})
- pool.apply_async(gitlab_build, (self.payload, self.gl))
- return "build started"
- else:
- raise HTTPNotFound
-
-
-def gitea_status_update(repo, commit, token, status):
- url = 'https://gitea.nyanlout.re/api/v1/repos/' + repo + '/statuses/' + commit
- print(url)
- req = urllib.request.Request(url)
- req.add_header('Content-Type', 'application/json; charset=utf-8')
- req.add_header('accept', 'application/json')
- req.add_header('Authorization', 'token ' + token)
-
- jsondata = json.dumps({'state': status}).encode('utf-8')
- req.add_header('Content-Length', len(jsondata))
-
- urllib.request.urlopen(req, jsondata)
-
-def gitea_build(payload, token):
- commit = payload['after']
- repo = payload['repository']['full_name']
-
- gitea_status_update(repo, commit, token, 'pending')
-
- print("push from " + payload['pusher']['username'])
- print("repo: " + repo)
- print("commit: " + commit)
- temp_dir = TemporaryDirectory()
- repo_dir = temp_dir.name + '/' + payload['repository']['name']
- archive_url = payload['repository']['html_url'] + '/archive/' + commit + '.tar.gz'
-
- with urllib.request.urlopen(archive_url) as gitea_archive:
- with tarfile.open(fileobj=gitea_archive, mode='r|gz') as gitea_repo_files:
- gitea_repo_files.extractall(path=temp_dir.name)
-
- check_call(['ls', '-lha', repo_dir])
-
- try:
- check_call(['nix-build', '-o', args.output + '/' + repo, repo_dir])
- except CalledProcessError:
- gitea_status_update(repo, commit, token, 'failure')
- print("erreur build")
- else:
- gitea_status_update(repo, commit, token, 'success')
- print("build terminé")
-
-
-@view_defaults(
- route_name="gitea_payload", renderer="json", request_method="POST"
-)
-class GiteaHook(object):
-
- def __init__(self, request):
- self.request = request
- self.payload = self.request.json
- self.whitelist = ['nyanloutre/site-musique', 'nyanloutre/site-max']
- self.secret = open(args.secret, 'r').readline().splitlines()[0]
- self.gitea_token = open(args.gitea_token, 'r').readline().splitlines()[0]
-
- @view_config(header="X-Gitea-Event:push")
- def push_hook(self):
- if self.payload['repository']['full_name'] in self.whitelist and self.payload['secret'] == self.secret:
- pool.apply_async(gitea_build, (self.payload, self.gitea_token))
- return "build started"
- else:
- raise HTTPNotFound
-
-
-if __name__ == "__main__":
- parser = argparse.ArgumentParser(description='CI server')
- parser.add_argument('--address', help='listening address', default='127.0.0.1')
- parser.add_argument('--port', type=int, help='listening port')
- parser.add_argument('--output', help='output directory')
- parser.add_argument('--secret', help='repo secret file')
- parser.add_argument('--gitlab-token', help='gitlab token file')
- parser.add_argument('--gitea-token', help='gitea token file')
- args = parser.parse_args()
-
- pool = Pool(1)
-
- config = Configurator()
-
- config.add_route("gitlab_payload", "/gitlab_payload")
- config.add_route("gitea_payload", "/gitea_payload")
- config.scan()
-
- app = config.make_wsgi_app()
- server = make_server(args.address, args.port, app)
- print('listening ...')
- server.serve_forever()
diff --git a/services/sdtdserver.nix b/services/sdtdserver.nix
deleted file mode 100644
index c2331505..00000000
--- a/services/sdtdserver.nix
+++ /dev/null
@@ -1,120 +0,0 @@
-{lib, config, pkgs, ... }:
-
-with lib;
-
-let
- cfg = config.services.sdtdserver;
- gamePath = "/var/lib/sdtdserver";
- gameOptions = {
- ServerPort="26900";
- ServerVisibility="2";
- ServerName="Serveur des loutres";
- ServerPassword="";
- ServerMaxPlayerCount="16";
- ServerReservedSlots="0";
- ServerReservedSlotsPermission="100";
- ServerAdminSlots="0";
- ServerAdminSlotsPermission="0";
- ServerDescription="Un serveur idiot anti gilets jaunes";
- ServerWebsiteURL="";
- ServerDisabledNetworkProtocols="";
- GameWorld="Navezgane";
- WorldGenSeed="Lakeu";
- WorldGenSize="4096";
- GameName="Lakeu";
- GameDifficulty="2";
- GameMode="GameModeSurvival";
- ZombiesRun="0";
- ZombieMove="0";
- ZombieMoveNight="3";
- ZombieFeralMove="3";
- ZombieBMMove="3";
- BuildCreate="false";
- DayNightLength="60";
- DayLightLength="18";
- PlayerKillingMode="3";
- PersistentPlayerProfiles="false";
- PlayerSafeZoneLevel="5";
- PlayerSafeZoneHours="5";
- ControlPanelEnabled="false";
- ControlPanelPort="8080";
- ControlPanelPassword="CHANGEME";
- TelnetEnabled="false";
- TelnetPort="8081";
- TelnetPassword="";
- TelnetFailedLoginLimit="10";
- TelnetFailedLoginsBlocktime="10";
- TerminalWindowEnabled="false";
- AdminFileName="serveradmin.xml";
- DropOnDeath="0";
- DropOnQuit="0";
- BloodMoonEnemyCount="8";
- EnemySpawnMode="true";
- EnemyDifficulty="0";
- BlockDurabilityModifier="100";
- LootAbundance="100";
- LootRespawnDays="30";
- LandClaimSize="41";
- LandClaimDeadZone="30";
- LandClaimExpiryTime="3";
- LandClaimDecayMode="0";
- LandClaimOnlineDurabilityModifier="4";
- LandClaimOfflineDurabilityModifier="4";
- PartySharedKillRange="100";
- AirDropFrequency="72";
- AirDropMarker="false";
- MaxSpawnedZombies="60";
- MaxSpawnedAnimals="50";
- EACEnabled="true";
- HideCommandExecutionLog="0";
- MaxUncoveredMapChunksPerPlayer="131072";
- BedrollDeadZoneSize="15";
- ServerLoginConfirmationText="Prout";
- };
- gameConfig = builtins.toFile "serverconfig.xml" ''
-
-
- ${concatStrings (
- mapAttrsToList (name: value:
- " \n"
- ) gameOptions)}
-
- '';
-in
-{
- options.services.sdtdserver = {
- enable = mkEnableOption "Activation du serveur dédié 7 Days to Die";
- };
-
- config = mkIf cfg.enable {
-
- systemd.services.sdtdserver = {
- description = "Serveur dédié 7 Days to Die";
- requires = ["network-online.target"];
- wantedBy = ["multi-user.target"];
- environment = { HOME = gamePath; };
- serviceConfig = {
- DynamicUser = true;
- StateDirectory = "sdtdserver";
- };
- preStart = let
- libPath = with pkgs; lib.makeLibraryPath [
- stdenv.cc.cc.lib
- ];
- in ''
- ${pkgs.steamcmd}/bin/steamcmd +login anonymous +force_install_dir ${gamePath} +app_update 294420 validate +quit
- install -m666 ${gameConfig} ${gamePath}/serverconfig.xml
- '';
- script = ''
- ${pkgs.steam-run}/bin/steam-run ${gamePath}/7DaysToDieServer.x86_64 -quit -batchmode -nographics -dedicated -configfile=serverconfig.xml
- '';
- };
-
- networking.firewall = {
- allowedTCPPorts = [ 26900 ];
- allowedUDPPorts = [ 26900 26901 26902 ];
- };
-
- };
-
-}
diff --git a/services/site-max.nix b/services/site-max.nix
deleted file mode 100644
index da900b12..00000000
--- a/services/site-max.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-{ lib, config, pkgs, ... }:
-
-with lib;
-
-let
- cfg = config.services.site-max;
-in
-{
- options.services.site-max = {
- enable = mkEnableOption "Site Max Spiegel";
-
- port = mkOption {
- type = types.int;
- example = 54321;
- description = "Local listening port";
- };
-
- domaine = mkOption {
- type = types.str;
- example = "example.com";
- description = "Domaine à utiliser";
- };
- };
-
- config = mkIf cfg.enable {
-
- services.haproxy-acme.services = {
- ${cfg.domaine} = { ip = "127.0.0.1"; port = cfg.port; auth = false; };
- };
-
- services.nginx = {
- virtualHosts = {
- "max" = {
- listen = [ { addr = "127.0.0.1"; port = cfg.port; } ];
- locations."/" = {
- root = "/run/python-ci/nyanloutre/site-max";
- };
- };
- };
- };
- };
-}
diff --git a/services/site-musique.nix b/services/site-musique.nix
deleted file mode 100644
index 62cee74a..00000000
--- a/services/site-musique.nix
+++ /dev/null
@@ -1,66 +0,0 @@
-{ lib, config, pkgs, ... }:
-
-with lib;
-
-let
- cfg = config.services.site-musique;
-in
-{
- options.services.site-musique = {
- enable = mkEnableOption "Site musique";
-
- port = mkOption {
- type = types.int;
- example = 54321;
- description = "Local listening port";
- };
-
- domaine = mkOption {
- type = types.str;
- example = "example.com";
- description = "Domaine à utiliser";
- };
- };
-
- config = mkIf cfg.enable {
-
- services.haproxy-acme.services = {
- ${cfg.domaine} = { ip = "127.0.0.1"; port = cfg.port; auth = false; };
- };
-
- services.nginx.virtualHosts = {
- "musique" = {
- listen = [ { addr = "127.0.0.1"; port = cfg.port; } ];
- locations."/" = {
- root = "/run/python-ci/nyanloutre/site-musique";
- index = "index.php";
- extraConfig = ''
- location ~* \.php$ {
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/run/phpfpm/musique;
- include ${pkgs.nginx}/conf/fastcgi_params;
- include ${pkgs.nginx}/conf/fastcgi.conf;
- }
- '';
- };
- };
- };
-
- services.phpfpm.poolConfigs.musique = ''
- listen = /run/phpfpm/musique
- listen.owner = nginx
- listen.group = nginx
- listen.mode = 0660
- user = nginx
- pm = dynamic
- pm.max_children = 75
- pm.start_servers = 2
- pm.min_spare_servers = 1
- pm.max_spare_servers = 20
- pm.max_requests = 500
- php_admin_value[error_log] = 'stderr'
- php_admin_flag[log_errors] = on
- catch_workers_output = yes
- '';
- };
-}
diff --git a/systems/ASUS-G46VW/configuration.nix b/systems/ASUS-G46VW/configuration.nix
index 4dba9dc0..4ae46d88 100644
--- a/systems/ASUS-G46VW/configuration.nix
+++ b/systems/ASUS-G46VW/configuration.nix
@@ -5,17 +5,12 @@
{ config, pkgs, ... }:
{
- imports =
- [
- ../common.nix
- ./hardware-configuration.nix
- ];
-
- nixpkgs.overlays = [
- (import ../../overlays/ledger-udev-rules.nix)
+ imports = [
+ ../common-cli.nix
+ ../common-gui.nix
+ ./hardware-configuration.nix
];
- # Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.tmpOnTmpfs = true;
@@ -29,128 +24,11 @@
ENERGY_PERF_POLICY_ON_BAT=powersave
'';
- # NVIDIA
- services.xserver.videoDrivers = [ "nvidia" ];
- hardware.nvidia.optimus_prime.enable = true;
- hardware.nvidia.modesetting.enable = true;
- hardware.nvidia.optimus_prime.nvidiaBusId = "PCI:1:0:0";
- hardware.nvidia.optimus_prime.intelBusId = "PCI:0:2:0";
-
- # For Steam
- hardware.opengl.driSupport32Bit = true;
- hardware.pulseaudio.support32Bit = true;
- hardware.steam-hardware.enable = true;
-
- hardware.u2f.enable = true;
-
- services.udev.packages = with pkgs; [
- ledger-udev-rules
- ];
-
- networking.hostName = "rog-paul"; # Define your hostname.
- networking.networkmanager.enable = true; # Enables wireless support via wpa_supplicant.
-
- # Select internationalisation properties.
- i18n = {
- # consoleFont = "Lat2-Terminus16";
- consoleKeyMap = "fr";
- defaultLocale = "fr_FR.UTF-8";
- };
-
- # List packages installed in system profile. To search by name, run:
- # $ nix-env -qaP | grep wget
- nixpkgs.config.allowUnfree = true;
- environment.systemPackages = with pkgs; [
- filezilla
- wineStaging
- winetricks
- qbittorrent
- transmission-remote-gtk
- appimage-run
- bat
-
- gopass
- xclip
-
- electrum
- electron-cash
-
- firefox
- torbrowser
- chromium
- qutebrowser
-
- tdesktop
- mumble
-
- kleopatra
- gnupg
-
- kdeplasma-addons
- ark
- kate
- kmail
- kdeconnect
- okular
- yakuake
- konversation
- gwenview
- kcalc
- spectacle
- kile
- (texlive.combine {
- inherit (texlive) scheme-small titling collection-langfrench cm-super;
- })
- imagemagick
-
- gnome-breeze
- arc-theme
- materia-theme
-
- libreoffice
- gimp
- vlc
- kodiPlain
- mpv
-
- steam
- sc-controller
- steam-run
- minecraft
-
- glxinfo
- i7z
- obs-studio
- ];
+ networking.hostName = "rog-paul";
programs.wireshark.enable = true;
programs.wireshark.package = pkgs.wireshark;
- # Some programs need SUID wrappers, can be configured further or are
- # started in user sessions.
- # programs.bash.enableCompletion = true;
- # programs.mtr.enable = true;
- programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
- programs.browserpass.enable = true;
- services.pcscd.enable = true;
- services.pcscd.plugins = [
- (pkgs.ccid.overrideAttrs (oldAttrs: rec {
- preBuild = ''
- echo "0x2C97:0x0001:Ledger Token" >> ./readers/supported_readers.txt
- '';
- })
- )
- ];
-
- # List services that you want to enable:
-
- # Enable the OpenSSH daemon.
- # services.openssh.enable = true;
-
- # Open ports in the firewall.
- # networking.firewall.allowedTCPPorts = [ 8000 ];
- # networking.firewall.allowedUDPPorts = [ ];
- # Or disable the firewall altogether.
networking.firewall.enable = false;
networking.wireguard.interfaces = {
@@ -168,42 +46,34 @@
};
};
- # Enable CUPS to print documents.
services.printing.enable = true;
services.printing.drivers = [ pkgs.hplip ];
- # Enable sound.
- sound.enable = true;
- hardware.pulseaudio.enable = true;
-
- # Enable the X11 windowing system.
- services.xserver.enable = true;
- services.xserver.layout = "fr";
- # services.xserver.xkbOptions = "eurosign:e";
-
- # Enable touchpad support.
services.xserver.libinput.enable = true;
services.xserver.libinput.naturalScrolling = true;
- # Enable the KDE Desktop Environment.
- services.xserver.displayManager.sddm.enable = true;
- services.xserver.desktopManager.plasma5.enable = true;
-
- # Define a user account. Don't forget to set a password with ‘passwd’.
users.extraUsers.paul = {
isNormalUser = true;
uid = 1000;
- extraGroups = [ "wheel" "networkmanager" "wireshark" ];
+ extraGroups = [
+ "wheel"
+ "networkmanager"
+ "wireshark"
+ "dialout"
+ ];
};
services.syncthing.enable = true;
services.syncthing.user = "paul";
services.syncthing.group = "users";
- # This value determines the NixOS release with which your system is to be
- # compatible, in order to avoid breaking some software such as database
- # servers. You should change this only after NixOS release notes say you
- # should.
- system.stateVersion = "18.03"; # Did you read the comment?
+ services.redshift = {
+ enable = true;
+ temperature.night = 2700;
+ };
+ location.latitude = 48.573406;
+ location.longitude = 7.752111;
+
+ system.stateVersion = "18.03"; # Did you read the comment?
}
diff --git a/systems/ASUS-G46VW/hardware-configuration.nix b/systems/ASUS-G46VW/hardware-configuration.nix
index 4394c6b2..e1590ef9 100644
--- a/systems/ASUS-G46VW/hardware-configuration.nix
+++ b/systems/ASUS-G46VW/hardware-configuration.nix
@@ -1,30 +1,48 @@
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
{
- imports =
- [
- ];
+ imports = [
+
+ ];
- boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ];
+ boot.initrd.availableKernelModules = [
+ "xhci_pci"
+ "ehci_pci"
+ "ahci"
+ "usb_storage"
+ "sd_mod"
+ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/7bd3a09b-b188-4ce7-bdcc-d5c5087edc86";
- fsType = "ext4";
- };
+ # NVIDIA
+ services.xserver.videoDrivers = [ "nvidia" ];
+ hardware.nvidia.optimus_prime.enable = true;
+ hardware.nvidia.modesetting.enable = true;
+ hardware.nvidia.optimus_prime.nvidiaBusId = "PCI:1:0:0";
+ hardware.nvidia.optimus_prime.intelBusId = "PCI:0:2:0";
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/A25A-1786";
- fsType = "vfat";
- };
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/7bd3a09b-b188-4ce7-bdcc-d5c5087edc86";
+ fsType = "ext4";
+ };
- swapDevices =
- [ { device = "/dev/disk/by-uuid/156cd5e8-715c-48a5-9df4-14565227a6c9"; }
- ];
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/A25A-1786";
+ fsType = "vfat";
+ };
+
+ swapDevices = [
+ { device = "/dev/disk/by-uuid/156cd5e8-715c-48a5-9df4-14565227a6c9"; }
+ ];
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix
index b65f1675..2e49dde2 100644
--- a/systems/LoutreOS/configuration.nix
+++ b/systems/LoutreOS/configuration.nix
@@ -1,21 +1,24 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
+{
+ config,
+ pkgs,
+ inputs,
+ ...
+}:
-{ config, pkgs, ... }:
-
-let
- gitRev = "baee8283bb858602e6b8d9c4763f11f79d4ac813";
- nixpkgs = fetchTarball "https://github.com/nyanloutre/nixpkgs/archive/${gitRev}.tar.gz";
-in
{
imports = [
- ../common.nix
+ ../common-cli.nix
./hardware-configuration.nix
+ ./network.nix
./users.nix
./services.nix
];
+ nix.settings.trusted-users = [
+ "root"
+ "paul"
+ ];
+
boot = {
loader = {
systemd-boot.enable = true;
@@ -24,40 +27,43 @@ in
supportedFilesystems = [ "zfs" ];
- tmpOnTmpfs = true;
+ tmp.useTmpfs = true;
+
+ # Enabling both boot.enableContainers & virtualisation.containers on system.stateVersion < 22.05 is unsupported
+ enableContainers = false;
};
- nix.nixPath = [
- "nixpkgs=${nixpkgs}"
- "nixos-config=/etc/nixos/configuration.nix"
- ];
+ documentation.nixos.enable = false;
services.zfs = {
autoSnapshot.enable = true;
- autoScrub.enable = true;
+ autoScrub = {
+ enable = true;
+ interval = "monthly";
+ };
};
- networking = {
- hostName = "loutreos"; # Define your hostname.
- hostId = "7e66e347";
- };
-
- nixpkgs.overlays = [
- (import ../../overlays/riot-web.nix)
- ];
-
services.openssh = {
enable = true;
- permitRootLogin = "no";
- passwordAuthentication = false;
+ settings = {
+ PermitRootLogin = "no";
+ PasswordAuthentication = false;
+ X11Forwarding = true;
+ };
};
- networking.firewall = {
- allowedTCPPorts = [ ];
- allowedUDPPorts = [ ];
- enable = true;
+ users = {
+ groups.autossh = { };
+ users.autossh = {
+ home = "/home/autossh";
+ createHome = true;
+ group = "autossh";
+ isSystemUser = true;
+ };
};
+ virtualisation.podman.enable = true;
+
security.sudo.wheelNeedsPassword = false;
system.stateVersion = "18.03";
diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix
index a093111e..5421ad07 100644
--- a/systems/LoutreOS/hardware-configuration.nix
+++ b/systems/LoutreOS/hardware-configuration.nix
@@ -1,155 +1,203 @@
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
{
- imports =
- [
- ];
-
- boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+ boot.initrd.availableKernelModules = [
+ "ahci"
+ "xhci_pci"
+ "nvme"
+ "usbhid"
+ "usb_storage"
+ "sd_mod"
+ "sr_mod"
+ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/fec13566-5528-4859-b185-ce37ac2665eb";
- fsType = "ext4";
- };
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/fec13566-5528-4859-b185-ce37ac2665eb";
+ fsType = "ext4";
+ };
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/5306-AD9A";
- fsType = "vfat";
- };
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/5306-AD9A";
+ fsType = "vfat";
+ };
- fileSystems."/var/lib/acme" =
- { device = "loutrepool/var/acme";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/acme" = {
+ device = "loutrepool/var/acme";
+ fsType = "zfs";
+ };
- fileSystems."/var/certs" =
- { device = "loutrepool/var/certs";
- fsType = "zfs";
- };
+ fileSystems."/var/certs" = {
+ device = "loutrepool/var/certs";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/transmission" =
- { device = "loutrepool/var/transmission";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/transmission" = {
+ device = "loutrepool/var/transmission";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/matrix-synapse" =
- { device = "loutrepool/var/matrix-synapse";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/matrix-synapse" = {
+ device = "loutrepool/var/matrix-synapse";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/radarr" =
- { device = "loutrepool/var/radarr";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/radarr" = {
+ device = "loutrepool/var/radarr";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/grafana" =
- { device = "loutrepool/var/grafana";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/grafana" = {
+ device = "loutrepool/var/grafana";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/slimserver" =
- { device = "loutrepool/var/slimserver";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/slimserver" = {
+ device = "loutrepool/var/slimserver";
+ fsType = "zfs";
+ };
- fileSystems."/var/db/influxdb" =
- { device = "loutrepool/var/influxdb";
- fsType = "zfs";
- };
+ fileSystems."/var/db/influxdb" = {
+ device = "loutrepool/var/influxdb";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/postgresql" =
- { device = "loutrepool/var/postgresql";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/postgresql" = {
+ device = "loutrepool/var/postgresql";
+ fsType = "zfs";
+ };
- fileSystems."/exports/steam" =
- { device = "loutrepool/steam";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/syncthing" = {
+ device = "loutrepool/var/syncthing";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/emby/ProgramData-Server" =
- { device = "loutrepool/var/emby";
- fsType = "zfs";
- };
+ fileSystems."/mnt/medias/incomplete" = {
+ device = "loutrepool/torrent-dl";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/syncthing" =
- { device = "loutrepool/var/syncthing";
- fsType = "zfs";
- };
+ fileSystems."/mnt/medias" = {
+ device = "loutrepool/medias";
+ fsType = "zfs";
+ };
- fileSystems."/mnt/medias" =
- { device = "loutrepool/medias";
- fsType = "zfs";
- };
+ fileSystems."/var/sieve" = {
+ device = "loutrepool/var/sieve";
+ fsType = "zfs";
+ };
- fileSystems."/var/sieve" =
- { device = "loutrepool/var/sieve";
- fsType = "zfs";
- };
+ fileSystems."/var/vmail" = {
+ device = "loutrepool/var/vmail";
+ fsType = "zfs";
+ };
- fileSystems."/var/vmail" =
- { device = "loutrepool/var/vmail";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/sonarr" = {
+ device = "loutrepool/var/sonarr";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/sonarr" =
- { device = "loutrepool/var/sonarr";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/jackett" = {
+ device = "loutrepool/var/jackett";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/jackett" =
- { device = "loutrepool/var/jackett";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/gitea" = {
+ device = "loutrepool/var/gitea";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/gitea" =
- { device = "loutrepool/var/gitea";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/private/sdtdserver" = {
+ device = "loutrepool/var/sdtdserver";
+ fsType = "zfs";
+ };
- fileSystems."/var/lib/private/sdtdserver" =
- { device = "loutrepool/var/sdtdserver";
- fsType = "zfs";
- };
+ fileSystems."/var/lib/private/factorio" = {
+ device = "loutrepool/var/factorio";
+ fsType = "zfs";
+ };
- fileSystems."/var/dkim" =
- { device = "loutrepool/var/dkim";
- fsType = "zfs";
- };
+ fileSystems."/var/dkim" = {
+ device = "loutrepool/var/dkim";
+ fsType = "zfs";
+ };
- fileSystems."/var/vsftpd" =
- { device = "loutrepool/var/vsftpd";
- fsType = "zfs";
- };
+ fileSystems."/var/vsftpd" = {
+ device = "loutrepool/var/vsftpd";
+ fsType = "zfs";
+ };
- fileSystems."/mnt/backup" =
- { device = "backup";
- fsType = "zfs";
- };
+ # fileSystems."/mnt/backup" =
+ # { device = "backup";
+ # fsType = "zfs";
+ # };
- fileSystems."/mnt/backup_loutre" =
- { device = "loutrepool/backup";
- fsType = "zfs";
- };
+ fileSystems."/mnt/backup_loutre" = {
+ device = "loutrepool/backup";
+ fsType = "zfs";
+ };
- fileSystems."/mnt/secrets" =
- { device = "loutrepool/secrets";
- fsType = "zfs";
- };
+ fileSystems."/mnt/secrets" = {
+ device = "loutrepool/secrets";
+ fsType = "zfs";
+ };
- swapDevices =
- [
- {
- device = "/var/swapfile";
- size = 8096;
- }
- ];
+ fileSystems."/var/lib/minecraft" = {
+ device = "loutrepool/var/minecraft";
+ fsType = "zfs";
+ };
- nix.maxJobs = lib.mkDefault 4;
+ fileSystems."/var/www" = {
+ device = "loutrepool/var/www";
+ fsType = "zfs";
+ };
+
+ fileSystems."/var/lib/mastodon" = {
+ device = "loutrepool/var/mastodon";
+ fsType = "zfs";
+ };
+
+ fileSystems."/var/lib/hass" = {
+ device = "loutrepool/var/hass";
+ fsType = "zfs";
+ };
+
+ fileSystems."/var/lib/nextcloud" = {
+ device = "loutrepool/var/nextcloud";
+ fsType = "zfs";
+ };
+
+ fileSystems."/var/lib/private/photoprism" = {
+ device = "loutrepool/var/photoprism";
+ fsType = "zfs";
+ };
+
+ fileSystems."/mnt/paul-home" = {
+ device = "loutrepool/zfs-replicate/paul-fixe/fastaf/home";
+ fsType = "zfs";
+ };
+
+ fileSystems."/mnt/webdav" = {
+ device = "loutrepool/webdav";
+ fsType = "zfs";
+ };
+
+ swapDevices = [
+ {
+ device = "/var/swapfile";
+ size = 8096;
+ }
+ ];
+
+ nix.settings.max-jobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}
diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix
new file mode 100644
index 00000000..f8a5a551
--- /dev/null
+++ b/systems/LoutreOS/medias.nix
@@ -0,0 +1,48 @@
+{
+ config,
+ lib,
+ pkgs,
+ pkgs-4a3fc4cf7,
+ ...
+}:
+
+{
+ services = {
+ transmission = {
+ enable = true;
+ package = pkgs-4a3fc4cf7.transmission_4;
+ home = "/var/lib/transmission";
+ group = "medias";
+ settings = {
+ rpc-bind-address = "127.0.0.1";
+ rpc-port = 9091;
+ rpc-host-whitelist = "*";
+ rpc-whitelist-enabled = false;
+ peer-port = 51413;
+ incomplete-dir = "/mnt/medias/incomplete";
+ download-dir = "/mnt/medias/torrent";
+ };
+ };
+
+ radarr.enable = true;
+ sonarr.enable = true;
+ prowlarr.enable = true;
+ jellyfin.enable = true;
+ slimserver.enable = true;
+ };
+
+ systemd.services.transmission.serviceConfig = {
+ BindPaths = [ "/mnt/medias" ];
+ LimitNOFILE = 1048576;
+ };
+
+ networking = {
+ firewall.allowedTCPPorts = [
+ config.services.transmission.settings.peer-port
+ ];
+
+ firewall.allowedUDPPorts = [
+ config.services.transmission.settings.peer-port
+ ];
+ };
+}
diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix
new file mode 100644
index 00000000..f25843af
--- /dev/null
+++ b/systems/LoutreOS/monitoring.nix
@@ -0,0 +1,155 @@
+{
+ pkgs,
+ ...
+}:
+
+let
+ domaine = "nyanlout.re";
+in
+{
+ services = {
+ smartd = {
+ enable = true;
+ defaults.monitored = "-a -o on -s (S/../.././02|L/../15/./02)";
+ notifications.mail = {
+ enable = true;
+ recipient = "paul@nyanlout.re";
+ };
+ };
+
+ influxdb = {
+ enable = true;
+ dataDir = "/var/db/influxdb";
+ };
+
+ telegraf = {
+ enable = true;
+ extraConfig = {
+ agent = {
+ # Mitigation for periodic high load average
+ # https://github.com/influxdata/telegraf/issues/3465
+ collection_jitter = "5s";
+ };
+ inputs = {
+ zfs = {
+ poolMetrics = true;
+ };
+ net = { };
+ netstat = { };
+ cpu = {
+ totalcpu = true;
+ };
+ kernel = { };
+ mem = { };
+ processes = { };
+ system = { };
+ disk = { };
+ cgroup = [
+ {
+ paths = [
+ "/sys/fs/cgroup/system.slice/*"
+ ];
+ files = [
+ "memory.current"
+ "cpu.stat"
+ ];
+ }
+ ];
+ ipmi_sensor = {
+ path = "${pkgs.ipmitool}/bin/ipmitool";
+ };
+ smart = {
+ path = "${pkgs.writeShellScriptBin "smartctl" "/run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl $@"}/bin/smartctl";
+ };
+ exec = [
+ {
+ commands = [
+ "${pkgs.python3}/bin/python ${pkgs.writeText "zpool.py" ''
+ import json
+ from subprocess import check_output
+
+ columns = ["NAME", "SIZE", "ALLOC", "FREE", "CKPOINT", "EXPANDSZ", "FRAG", "CAP", "DEDUP", "HEALTH", "ALTROOT"]
+ health = {'ONLINE':0, 'DEGRADED':11, 'OFFLINE':21, 'UNAVAIL':22, 'FAULTED':23, 'REMOVED':24}
+
+ stdout = check_output(["${pkgs.zfs}/bin/zpool", "list", "-Hp"],encoding='UTF-8').split('\n')
+ parsed_stdout = list(map(lambda x: dict(zip(columns,x.split('\t'))), stdout))[:-1]
+
+ for pool in parsed_stdout:
+ for item in pool:
+ if item in ["SIZE", "ALLOC", "FREE", "FRAG", "CAP"]:
+ pool[item] = int(pool[item])
+ if item in ["DEDUP"]:
+ pool[item] = float(pool[item])
+ if item == "HEALTH":
+ pool[item] = health[pool[item]]
+
+ print(json.dumps(parsed_stdout))
+ ''}"
+ ];
+ tag_keys = [ "NAME" ];
+ data_format = "json";
+ name_suffix = "_python_zpool";
+ }
+ ];
+ };
+ outputs = {
+ influxdb = {
+ database = "telegraf";
+ urls = [ "http://localhost:8086" ];
+ };
+ };
+ };
+ };
+
+ udev.extraRules = ''
+ KERNEL=="ipmi*", MODE="660", OWNER="telegraf"
+ '';
+
+ grafana = {
+ enable = true;
+ dataDir = "/var/lib/grafana";
+ settings = {
+ server = {
+ http_addr = "127.0.0.1";
+ root_url = "https://grafana.${domaine}";
+ };
+ smtp = {
+ enabled = true;
+ from_address = "grafana@${domaine}";
+ skip_verify = true;
+ };
+ auth = {
+ disable_signout_menu = true;
+ };
+ "auth.basic" = {
+ enabled = false;
+ };
+ "auth.proxy" = {
+ enabled = true;
+ header_name = "X-WEBAUTH-USER";
+ };
+ };
+ };
+
+ zfs.zed.settings = {
+ ZED_EMAIL_ADDR = [ "paul@nyanlout.re" ];
+ ZED_NOTIFY_VERBOSE = true;
+ };
+ };
+
+ systemd.services.influxdb.serviceConfig = {
+ TimeoutStartSec = "10min";
+ };
+
+ security.sudo.extraRules = [
+ {
+ commands = [
+ {
+ command = "${pkgs.smartmontools}/bin/smartctl";
+ options = [ "NOPASSWD" ];
+ }
+ ];
+ users = [ "telegraf" ];
+ }
+ ];
+}
diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix
new file mode 100644
index 00000000..80ae72ae
--- /dev/null
+++ b/systems/LoutreOS/network.nix
@@ -0,0 +1,391 @@
+{
+ config,
+ pkgs,
+ inputs,
+ ...
+}:
+
+{
+ boot = {
+ kernel.sysctl = {
+ "net.ipv6.conf.all.forwarding" = true;
+ "net.ipv6.conf.default.forwarding" = true;
+ "net.ipv4.conf.all.forwarding" = true;
+ "net.ipv4.conf.default.forwarding" = true;
+ };
+ };
+
+ # Enable LTE drivers
+ hardware.usb-modeswitch.enable = true;
+
+ ##################
+ # NETWORK CONFIG #
+ ##################
+
+ # eno1 -> VLAN100 -> Internet
+ # eno2 -> LAN
+ # eno3 -> Pas utilisé
+ # eno4 -> Pas utilisé
+ # enp0s21u1 -> Clé 4G Bouygues
+ # wg0 -> Tunnel Wireguard ARN
+
+ networking = {
+ hostName = "loutreos"; # Define your hostname.
+ hostId = "7e66e347";
+
+ useNetworkd = true;
+ useDHCP = false;
+
+ nameservers = [
+ # https://www.dns0.eu/fr
+ "193.110.81.0"
+ "185.253.5.0"
+ ];
+
+ vlans = {
+ bouygues = {
+ id = 100;
+ interface = "eno1";
+ };
+ };
+
+ interfaces = {
+ bouygues = {
+ # Adresse MAC BBox : https://lafibre.info/remplacer-bbox/informations-de-connexion-ftth/msg598303/#msg598303
+ macAddress = "E8:AD:A6:21:73:68";
+ useDHCP = true;
+ };
+ eno2 = {
+ ipv4.addresses = [
+ {
+ address = "10.30.0.1";
+ prefixLength = 16;
+ }
+ ];
+ };
+ enp0s21u1.useDHCP = true;
+ };
+
+ nftables = {
+ enable = true;
+ flushRuleset = false;
+ tables = {
+ "multi-wan-routing" = {
+ family = "inet";
+ content = ''
+ chain PREROUTING {
+ type filter hook prerouting priority mangle; policy accept;
+ # Restore the packet's CONNMARK to the MARK for existing incoming connections
+ counter meta mark set ct mark
+ # If packet MARK is set, then it means that there is already a connection mark
+ meta mark != 0x00000000 counter accept
+ # Else, we need to mark the packet.
+ # If the packet is incoming on bouygues then set MARK to 1, LTE MARK 2 and VPN MARK 3
+ iifname "bouygues" counter meta mark set 0x1
+ iifname "enp0s21u1" counter meta mark set 0x2
+ iifname "wg0" counter meta mark set 0x3
+ # Save new mark in CONNMARK
+ counter ct mark set mark
+ }
+
+ chain OUTPUT {
+ type route hook output priority mangle; policy accept;
+ # Restore CONNMARK to MARK for outgoing packets before final routing decision
+ counter meta mark set ct mark
+ }
+
+ chain POSTROUTING {
+ type filter hook postrouting priority mangle; policy accept;
+ # Save MARK to CONNMARK
+ counter ct mark set mark
+ }
+ '';
+ };
+
+ "redirect-external-to-local" = {
+ family = "ip";
+ content = ''
+ chain PREROUTING {
+ type nat hook prerouting priority dstnat; policy accept;
+ # Redirect local network request from server external IP to internal IP
+ # This allow access to server without internet access
+ ip saddr 10.30.0.0/16 ip daddr 176.180.172.105 counter dnat to 10.30.0.1
+ }
+ '';
+ };
+ };
+ };
+
+ firewall = {
+ enable = true;
+ allowedTCPPorts = [
+ 80
+ 443
+ ];
+ allowedUDPPorts = [ ];
+
+ # Open ports on local netwok only
+ interfaces.eno2 = {
+ allowedTCPPorts = [
+ 111
+ 2049
+ 4000
+ 4001
+ 4002 # NFS
+ 3483
+ 9000
+ 9090 # Slimserver
+ 1935 # RTMP
+ ];
+ allowedUDPPorts = [
+ 111
+ 2049
+ 4000
+ 4001
+ 4002 # NFS
+ 3483 # Slimserver
+ 67 # DHCP
+ ];
+ };
+
+ # Don't forward incoming IPv6 requests to local network
+ filterForward = true;
+ extraForwardRules = ''
+ # Forward all IPv6 traffic from local network
+ iifname "eno2" counter accept
+ '';
+ };
+ };
+
+ systemd.services.systemd-networkd = {
+ unitConfig = {
+ RequiresMountsFor = "/mnt/secrets/wireguard";
+ };
+ serviceConfig = {
+ LoadCredential = [
+ "network.wireguard.private.wg0:/mnt/secrets/wireguard/wireguard.private"
+ "network.wireguard.preshared.wg0:/mnt/secrets/wireguard/wireguard.preshared"
+ ];
+ };
+ };
+
+ #################
+ # ROUTING RULES #
+ #################
+
+ # 0: from all lookup local
+ # 60: from all iif lo dport 25 lookup vpn # mails are forced to vpn table
+ # 32766: from all lookup main # main table should contain no default routes, only local network routes
+ # 32767: from all lookup default
+ # 41000: from all fwmark 0x1 lookup fiber # fwmark indicate established connection that must go through same interface
+ # 42000: from all fwmark 0x2 lookup lte
+ # 43000: from all fwmark 0x3 lookup vpn
+ # 51000: from all lookup fiber # first table encountered with a default route if fiber is up
+ # 52000: from all lookup lte # first table encountered with a default route if fiber is down
+
+ systemd.network =
+ let
+ routeTables = {
+ fiber = 1;
+ lte = 2;
+ vpn = 3;
+ };
+ in
+ {
+ enable = true;
+
+ config = {
+ inherit routeTables;
+ addRouteTablesToIPRoute2 = true;
+ };
+
+ # Wireguard ARN device configuation
+ netdevs = {
+ "10-wg0" = {
+ netdevConfig = {
+ Kind = "wireguard";
+ Name = "wg0";
+ MTUBytes = "1450";
+ };
+ wireguardConfig = {
+ PrivateKey = "@network.wireguard.private.wg0";
+ RouteTable = routeTables.vpn;
+ };
+ wireguardPeers = [
+ {
+ Endpoint = "89.234.141.83:8095";
+ PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g=";
+ PresharedKey = "@network.wireguard.preshared.wg0";
+ AllowedIPs = [
+ "0.0.0.0/0"
+ "::/0"
+ ];
+ PersistentKeepalive = 15;
+ }
+ ];
+ };
+ };
+
+ networks = {
+ #########
+ # FIBER #
+ #########
+
+ # Set route metric to highest priority
+ # Set DHCP client magic settings for Bouygues
+ "40-bouygues" = {
+ dhcpV4Config.RouteTable = routeTables.fiber;
+
+ dhcpV6Config = {
+ DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68";
+ WithoutRA = "solicit";
+ };
+
+ ipv6AcceptRAConfig = {
+ DHCPv6Client = true;
+ RouteTable = routeTables.fiber;
+ };
+
+ networkConfig = {
+ KeepConfiguration = "dhcp-on-stop";
+ IPv6AcceptRA = true;
+ DHCPPrefixDelegation = true;
+ };
+
+ # Static attribution of first IPv6 subnet
+ dhcpPrefixDelegationConfig.SubnetId = "0";
+
+ # Route everything to fiber link with a priority of 40000
+ routingPolicyRules = [
+ {
+ FirewallMark = 1;
+ Table = routeTables.fiber;
+ Priority = 41000;
+ Family = "both";
+ }
+ {
+ Table = routeTables.fiber;
+ Priority = 51000;
+ Family = "both";
+ }
+ ];
+ };
+
+ # Don't check VLAN physical interface as it is not directly used
+ "40-eno1".linkConfig.RequiredForOnline = "no";
+
+ #######
+ # LTE #
+ #######
+
+ # Set LTE route to lower priority
+ "40-enp0s21u1" = {
+ dhcpV4Config.RouteTable = routeTables.lte;
+
+ # Route all to lte link with a priority of 50000
+ routingPolicyRules = [
+ {
+ FirewallMark = 2;
+ Table = routeTables.lte;
+ Priority = 42000;
+ Family = "both";
+ }
+ {
+ Table = routeTables.lte;
+ Priority = 52000;
+ Family = "both";
+ }
+ ];
+ };
+
+ #######
+ # VPN #
+ #######
+
+ # Wireguard ARN network configuation
+ "10-wg0" = {
+ matchConfig.Name = "wg0";
+ address = [
+ "89.234.141.196/32"
+ "2a00:5881:8119:400::1/128"
+ ];
+ routingPolicyRules = [
+ # Route outgoing emails to VPN table
+ {
+ IncomingInterface = "lo";
+ DestinationPort = "25";
+ Table = routeTables.vpn;
+ Priority = 60;
+ Family = "both";
+ }
+ # Route packets originating from wg0 device to VPN table
+ # Allow server to respond on the wg0 interface requests
+ {
+ FirewallMark = 3;
+ Table = routeTables.vpn;
+ Priority = 43000;
+ Family = "both";
+ }
+ ];
+ };
+
+ #######
+ # LAN #
+ #######
+
+ # LAN DHCP server config
+ "40-eno2" = {
+ networkConfig = {
+ IPv6SendRA = true;
+ DHCPPrefixDelegation = true;
+ DHCPServer = true;
+ IPMasquerade = "ipv4";
+ };
+ dhcpServerConfig = {
+ EmitRouter = true;
+ EmitDNS = true;
+ DNS = [
+ # https://www.dns0.eu/fr
+ "193.110.81.0"
+ "185.253.5.0"
+ ];
+ };
+ dhcpServerStaticLeases = [
+ # IPMI
+ {
+ Address = "10.30.1.1";
+ MACAddress = "ac:1f:6b:4b:01:15";
+ }
+ # paul-fixe
+ {
+ Address = "10.30.50.1";
+ MACAddress = "b4:2e:99:ed:24:26";
+ }
+ # salonled
+ {
+ Address = "10.30.40.1";
+ MACAddress = "e0:98:06:85:e9:ce";
+ }
+ # miroir-bleu
+ {
+ Address = "10.30.40.2";
+ MACAddress = "e0:98:06:86:38:fc";
+ }
+ # miroir-orange
+ {
+ Address = "10.30.40.3";
+ MACAddress = "50:02:91:78:be:be";
+ }
+ ];
+ ipv6SendRAConfig = {
+ EmitDNS = true;
+ DNS = [
+ # https://www.dns0.eu/fr
+ "2a0f:fc80::"
+ "2a0f:fc81::"
+ ];
+ };
+ };
+ };
+ };
+}
diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix
index f246a1e9..967130c4 100644
--- a/systems/LoutreOS/services.nix
+++ b/systems/LoutreOS/services.nix
@@ -1,310 +1,145 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
with lib;
let
domaine = "nyanlout.re";
- riot_port = 52345;
- pgmanage_port = 52347;
- max_port = 52348;
- musique_port = 52349;
+ sendMail =
+ to: subject: message:
+ pkgs.writeShellScriptBin "mail.sh" ''
+ ${pkgs.system-sendmail}/bin/sendmail ${to} <> ./readers/supported_readers.txt
- '';
- })
- )
- ];
+ programs = {
+ wireshark.enable = true;
+ alvr.enable = true;
+ };
networking.firewall.enable = false;
- # Enable sound.
- sound.enable = true;
- hardware.pulseaudio.enable = true;
+ services.displayManager.autoLogin.user = "paul";
- # Enable the X11 windowing system.
- services.xserver.enable = true;
- services.xserver.layout = "fr";
-
- # Enable the KDE Desktop Environment.
- services.xserver.displayManager.sddm.enable = true;
- services.xserver.desktopManager.plasma5.enable = true;
-
- # Define a user account. Don't forget to set a password with ‘passwd’.
users.users.paul = {
isNormalUser = true;
- extraGroups = [ "wheel" "networkmanager" "wireshark" "input" ];
+ extraGroups = [
+ "wheel"
+ "networkmanager"
+ "wireshark"
+ "input"
+ "dialout"
+ "libvirtd"
+ "vboxusers"
+ ];
uid = 1000;
+ openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDstFRwMoTEip5IBSYE4dUj3miO0LsKrnUKQJmp7d5QYo3VhXk43jU6VUU0tVAegkzWLlQ3ohoFns+8bZyf7hj7roftrDfoC9bbbx4ihhWrZTlF0gzoH4t52yetFO5eC/tV2sm/zFoa+3IWLokOEFmAoknAVag1MmVLXTQ6WPoTPD4UsX/D3lyE4dbSKxHpMOIjqIdqSEgO0BeTdnHe5afvGXXO1VYTvPsGDHT9w8EHwQV9JXIPn7KVOp3qin7OwvFFrrB3QbiEVTJvGiH2hrfxcARTN/+TxGtf+aOFeuQykURG9Wz/aBK60EWE0wGrzuIymxtNdOR1NhmnNrUZ976Tb9WdR7FC+yM6+/kdfICy+sGQmmn8TLsGvcJTT/pl4Pa9uRAKjRJuLIEgYY6W/ms9lCRyf484yRkDlq+V0BPuN9Jy6Eb7x+tmZNkpEtkqso7wfXD8sf5BIwv2K69SVMpfTswydHGmDwHZ0zaDKGlyCiyJ1QGqUhCTXqtYVq+kQ3AcjKcysMwVEmwx/ySu0XFuV8oUkl9XK/RUoc++sMEd0EbHcn8uwCmBARNX+GLQ03vxwyMW3HyneP8EAxoqtSepZXbTdVP/0i+l7EUUeA7zsaWfU2a82ktZWpVPFGfxkuo0l3zLF19EsXPKZNqlRfkOWjSgp+qWihAkQIQk3GoduQ== openpgp:0x75EE3375"
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3fEmkmrhccW8NegIk/Ubu6Yw80VCQ1ttG419e+1V1wkJPXFAqcIhffwrIlz81dJ47T+H+zeptpAX8U1Gbk1B5ZH4DW8OcqU6ymM+j6g/gICpvrjJUOpdgyA3GIOjuBJGijGQGggDw1k2SdopAVV1H38YUAJ33RGDvjLJO6VREYLDYLF4oaDp8ann7Wn8BpX2T7cRvhrzqcwbEGaw1f/xrLE5KklOb6pOHRWFJMxW83d8OKiLkQvM4vFGlvvG0/AKGZaZWHDXS7ldoyAv+vnN8DrIxmWEQjdNLfAwYDBHp6XqE0slde4dqBjVHji5+ajFr7eJnrzc4IXsHJ1jM9xGB paul@loutreos"
+ ];
};
- services.syncthing.enable = true;
- services.syncthing.user = "paul";
- services.syncthing.group = "users";
+ services.openssh.enable = true;
+ services.openssh.settings = {
+ PasswordAuthentication = false;
+ X11Forwarding = true;
+ };
- virtualisation.rkt.enable = true;
+ services.xserver.deviceSection = ''
+ Option "metamodes" "DP-4: 3440x1440_144 +0+0 {AllowGSYNCCompatible=On}"
+ '';
- # This value determines the NixOS release with which your system is to be
- # compatible, in order to avoid breaking some software such as database
- # servers. You should change this only after NixOS release notes say you
- # should.
- system.stateVersion = "18.09"; # Did you read the comment?
+ services.printing.enable = true;
+ services.printing.drivers = [ pkgs.hplip ];
+ systemd.services = {
+ zfs-replication.serviceConfig.StateDirectory = "zfs-replication";
+ };
+
+ boot.enableContainers = false;
+ system.stateVersion = "20.03";
}
diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix
index eeebbd8d..4768bab6 100644
--- a/systems/PC-Fixe/hardware-configuration.nix
+++ b/systems/PC-Fixe/hardware-configuration.nix
@@ -1,66 +1,79 @@
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
{
- imports =
- [
- ];
-
- boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "firewire_ohci" "pata_marvell" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
- boot.kernelModules = [ "kvm-intel" "nct6775" ];
+ boot.initrd.availableKernelModules = [
+ "nvme"
+ "xhci_pci"
+ "ahci"
+ "usbhid"
+ "usb_storage"
+ "sd_mod"
+ ];
+ boot.initrd.kernelModules = [ "dm-snapshot" ];
+ boot.kernelModules = [
+ "kvm-amd"
+ "coretemp"
+ "it87"
+ ];
boot.extraModulePackages = [ ];
- boot.blacklistedKernelModules = [ "hid-steam" ];
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/509a5842-56fe-40bd-8b00-6bda87e02e5e";
- fsType = "ext4";
- };
+ services.xserver.videoDrivers = [ "nvidia" ];
+ hardware.cpu.amd.updateMicrocode = true;
+ hardware.nvidia = {
+ open = false;
+ modesetting.enable = true;
+ package = config.boot.kernelPackages.nvidiaPackages.latest;
+ };
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/A225-07A5";
- fsType = "vfat";
- };
+ fileSystems."/" = {
+ device = "rpool/root/nixos";
+ fsType = "zfs";
+ };
- fileSystems."/mnt/hdd" =
- { device = "/dev/mapper/ManjaroVG-ManjaroRoot";
- fsType = "ext4";
- };
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/F4EC-57DF";
+ fsType = "vfat";
+ };
- fileSystems."/home/paul/Documents" =
- { device = "/mnt/hdd/paul/Documents";
- options = [ "bind" ];
- };
+ fileSystems."/home" = {
+ device = "fastaf/home";
+ fsType = "zfs";
+ };
- fileSystems."/home/paul/Downloads" =
- { device = "/mnt/hdd/paul/Téléchargements";
- options = [ "bind" ];
- };
+ fileSystems."/mnt/steam" = {
+ device = "fastaf/steam";
+ fsType = "zfs";
+ };
- fileSystems."/home/paul/Music" =
- { device = "/mnt/hdd/paul/Musique";
- options = [ "bind" ];
- };
+ fileSystems."/mnt/games" = {
+ device = "fastaf/games";
+ fsType = "zfs";
+ };
- fileSystems."/home/paul/Pictures" =
- { device = "/mnt/hdd/paul/Images";
- options = [ "bind" ];
- };
+ # fileSystems."/mnt/hdd" =
+ # { device = "/dev/mapper/ManjaroVG-ManjaroRoot";
+ # fsType = "ext4";
+ # };
- fileSystems."/home/paul/Videos" =
- { device = "/mnt/hdd/paul/Vidéos";
- options = [ "bind" ];
- };
-
- fileSystems."/mnt/steam" =
- { device = "192.168.0.5:/exports/steam";
- fsType = "nfs";
- options = ["x-systemd.automount" "noauto"];
- };
+ fileSystems."/mnt/medias" = {
+ device = "10.30.0.1:/mnt/medias";
+ fsType = "nfs";
+ options = [
+ "x-systemd.automount"
+ "noauto"
+ ];
+ };
swapDevices = [ ];
- nix.maxJobs = lib.mkDefault 4;
- powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
+ nix.settings.max-jobs = lib.mkDefault 12;
+ powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}
diff --git a/systems/common-cli.nix b/systems/common-cli.nix
new file mode 100644
index 00000000..4da43920
--- /dev/null
+++ b/systems/common-cli.nix
@@ -0,0 +1,202 @@
+{ pkgs, ... }:
+
+{
+
+ time.timeZone = "Europe/Paris";
+
+ programs.nixvim = {
+ enable = true;
+ viAlias = true;
+ vimAlias = true;
+ colorschemes.catppuccin.enable = true;
+ highlight.ExtraWhitespace.bg = "red"; # Highlight extra white spaces
+ performance = {
+ byteCompileLua = {
+ enable = true;
+ nvimRuntime = true;
+ configs = true;
+ plugins = true;
+ };
+ };
+ opts = {
+ updatetime = 100; # Faster completion
+
+ # Line numbers
+ number = true; # Display the absolute line number of the current line
+ hidden = true; # Keep closed buffer open in the background
+ mouse = "a"; # Enable mouse control
+ mousemodel = "extend"; # Mouse right-click extends the current selection
+ splitbelow = true; # A new window is put below the current one
+ splitright = true; # A new window is put right of the current one
+
+ modeline = true; # Tags such as 'vim:ft=sh'
+ modelines = 100; # Sets the type of modelines
+ undofile = true; # Automatically save and restore undo history
+ incsearch = true; # Incremental search: show match for partly typed search command
+ ignorecase = true; # When the search query is lower-case, match both lower and upper-case patterns
+ smartcase = true; # Override the 'ignorecase' option if the search pattern contains upper case characters
+ cursorline = true; # Highlight the screen line of the cursor
+ cursorcolumn = true; # Highlight the screen column of the cursor
+ signcolumn = "yes"; # Whether to show the signcolumn
+ laststatus = 3; # When to use a status line for the last window
+ fileencoding = "utf-8"; # File-content encoding for the current buffer
+ termguicolors = true; # Enables 24-bit RGB color in the |TUI|
+ wrap = false; # Prevent text from wrapping
+
+ # Tab options
+ tabstop = 2; # Number of spaces a in the text stands for (local to buffer)
+ shiftwidth = 2; # Number of spaces used for each step of (auto)indent (local to buffer)
+ softtabstop = 0; # If non-zero, number of spaces to insert for a (local to buffer)
+ expandtab = true; # Expand to spaces in Insert mode (local to buffer)
+ autoindent = true; # Do clever autoindenting
+
+ showmatch = true; # when closing a bracket, briefly flash the matching one
+ matchtime = 1; # duration of that flashing n deci-seconds
+ startofline = true; # motions like "G" also move to the first char
+ report = 9001; # disable "x more/fewer lines" messages
+ };
+ plugins = {
+ lualine.enable = true;
+ lsp = {
+ enable = true;
+ inlayHints = true;
+ servers = {
+ nixd.enable = true;
+ ruff.enable = true;
+ };
+ };
+ lspkind.enable = true;
+ lsp-lines.enable = true;
+ lsp-signature.enable = true;
+ bufferline.enable = true;
+ telescope.enable = true;
+ which-key.enable = true;
+ treesitter = {
+ enable = true;
+ settings = {
+ highlight = {
+ enable = true;
+ additional_vim_regex_highlighting = true;
+ };
+
+ indent = {
+ enable = true;
+ };
+ };
+ };
+ cmp = {
+ enable = true;
+ autoEnableSources = true;
+ settings.sources = [
+ { name = "nvim_lsp"; }
+ { name = "path"; }
+ { name = "buffer"; }
+ ];
+ };
+ };
+ };
+
+ environment.systemPackages = with pkgs; [
+ # Gestionnaires de version
+ tig
+ gitAndTools.hub
+ quilt
+
+ # Gestion de paquets
+ nix-prefetch-scripts
+ nox
+ nix-index
+
+ # Système
+ smartmontools
+ htop
+ lshw
+ usbutils
+
+ # Réseau
+ inetutils
+ rclone
+ lftp
+ nfs-utils
+ nmap
+
+ # Divers
+ fzf
+ file
+ ncdu
+ yt-dlp
+ tldr
+ starship
+
+ # Audio
+ beets
+
+ # Outils
+ borgbackup
+ binutils
+ bat
+ molly-guard
+ nix-template
+ lz4
+
+ # Développement
+ openssl
+ treefmt
+ nixfmt-rfc-style
+ ];
+
+ users.defaultUserShell = pkgs.zsh;
+ programs = {
+ tmux = {
+ enable = true;
+ clock24 = true;
+ };
+
+ zsh = {
+ enable = true;
+ autosuggestions.enable = true;
+ enableCompletion = true;
+ syntaxHighlighting.enable = true;
+ interactiveShellInit = ''
+ source "$(${pkgs.fzf}/bin/fzf-share)/key-bindings.zsh"
+ eval "$(starship init zsh)"
+ '';
+ ohMyZsh = {
+ enable = true;
+ plugins = [
+ "git"
+ "colored-man-pages"
+ "command-not-found"
+ "extract"
+ "nix"
+ ];
+ customPkgs = with pkgs; [
+ nix-zsh-completions
+ ];
+ };
+ };
+
+ bash.interactiveShellInit = ''
+ eval "$(starship init bash)"
+ '';
+
+ git.enable = true;
+ };
+
+ environment.variables =
+ let
+ starshipConfToml = pkgs.writeText "starship.toml" ''
+ [[battery.display]]
+ threshold = 50
+ '';
+ in
+ {
+ EDITOR = "nvim";
+ STARSHIP_CONFIG = "${starshipConfToml}";
+ };
+
+ nix.gc.automatic = true;
+ nix.gc.options = "--delete-older-than 15d";
+ systemd.timers.nix-gc.timerConfig.Persistent = true;
+
+}
diff --git a/systems/common-gui.nix b/systems/common-gui.nix
new file mode 100644
index 00000000..cdcad6cb
--- /dev/null
+++ b/systems/common-gui.nix
@@ -0,0 +1,157 @@
+{ config, pkgs, ... }:
+
+{
+ environment.systemPackages = with pkgs; [
+ filezilla
+ qbittorrent
+ transmission-remote-gtk
+
+ sc-controller
+ steam-run
+ prismlauncher
+ lutris
+ teamspeak_client
+ ryujinx
+
+ betaflight-configurator
+
+ ledger-live-desktop
+ monero-gui
+
+ tor-browser-bundle-bin
+ brave
+
+ tdesktop
+ element-desktop
+ mumble
+ discord
+
+ kdePackages.kleopatra
+ gnupg
+ gopass
+ xclip
+
+ kdePackages.kdeplasma-addons
+ kdePackages.ark
+ kdePackages.kate
+ kdePackages.kmail
+ kdePackages.kdeconnect-kde
+ kdePackages.okular
+ kdePackages.yakuake
+ kdePackages.konversation
+ kdePackages.gwenview
+ kdePackages.kcalc
+ kdePackages.spectacle
+ kdePackages.kinfocenter
+ kile
+ (texlive.combine {
+ inherit (texlive)
+ scheme-small
+ titling
+ collection-langfrench
+ cm-super
+ ;
+ })
+
+ libsForQt5.breeze-gtk
+
+ libreoffice
+
+ gimp
+ inkscape
+ imagemagick
+ obs-studio
+ vlc
+ mpv
+
+ glxinfo
+ i7z
+ pavucontrol
+ ];
+
+ fonts.packages = with pkgs; [
+ nerd-fonts.jetbrains-mono
+ nerd-fonts.ubuntu-mono
+ nerd-fonts.fira-mono
+ ];
+
+ i18n = {
+ defaultLocale = "fr_FR.UTF-8";
+ };
+
+ console.keyMap = "fr";
+
+ networking.networkmanager.enable = true;
+
+ systemd.extraConfig = "DefaultLimitNOFILE=1048576";
+
+ security = {
+ pam.loginLimits = [
+ {
+ domain = "*";
+ type = "hard";
+ item = "nofile";
+ value = "1048576";
+ }
+ ];
+ rtkit.enable = true;
+ };
+
+ programs = {
+ gnupg.agent = {
+ enable = true;
+ enableSSHSupport = true;
+ };
+ browserpass.enable = true;
+ steam.enable = true;
+ firefox.enable = true;
+ appimage.enable = true;
+ };
+
+ services = {
+ # desktopManager.plasma6.enable = true;
+ displayManager = {
+ sddm = {
+ enable = true;
+ # wayland.enable = true;
+ autoLogin.relogin = true;
+ };
+ };
+ xserver = {
+ enable = true;
+ xkb.layout = "fr";
+ exportConfiguration = true;
+ desktopManager.plasma5.enable = true;
+ };
+ pipewire = {
+ enable = true;
+ alsa.enable = true;
+ alsa.support32Bit = true;
+ pulse.enable = true;
+ extraConfig.pipewire = {
+ "10-clock-rate" = {
+ "context.properties" = {
+ "default.clock.allowed-rates" = [ 48000 ];
+ };
+ };
+ };
+ };
+ udev.packages = with pkgs; [ ledger-udev-rules ];
+ pcscd.enable = true;
+ };
+
+ environment.etc = {
+ "mpv/mpv.conf" = {
+ text = ''
+ profile=gpu-hq
+ scale=ewa_lanczossharp
+ cscale=ewa_lanczossharp
+ video-sync=display-resample
+ interpolation
+ tscale=oversample
+ '';
+ };
+ # CK3 fix
+ "ssl/certs/f387163d.0".source = "${pkgs.cacert.unbundled}/etc/ssl/certs/Starfield_Class_2_CA.crt";
+ };
+}
diff --git a/systems/common.nix b/systems/common.nix
deleted file mode 100644
index 460716e0..00000000
--- a/systems/common.nix
+++ /dev/null
@@ -1,93 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-
- time.timeZone = "Europe/Paris";
-
- nixpkgs.overlays = [
- (import ../overlays/sudo.nix)
- (import ../overlays/neovim.nix)
- ];
-
- nixpkgs.config.allowUnfree = true;
- environment.systemPackages = with pkgs; [
- # Editeurs
- neovim
-
- # Gestionnaires de version
- gitFull
- tig
-
- # Gestion de paquets
- nix-prefetch-scripts
- nox
- nix-index
-
- # Système
- smartmontools
- htop
- lshw
- usbutils
-
- # Réseau
- telnet
- rclone
- lftp
- wireguard
- nfsUtils
- nmap
-
- # Divers
- fzf
- file
- ncdu
- youtube-dl
- tldr
-
- # Audio
- beets
-
- # Outils
- borgbackup
-
- # Développement
- openssl
- ];
-
- programs.tmux = {
- enable = true;
- clock24 = true;
- };
-
- users.defaultUserShell = pkgs.zsh;
- programs.zsh = {
- enable = true;
- autosuggestions.enable = true;
- enableCompletion = true;
- syntaxHighlighting.enable = true;
- interactiveShellInit = ''
- source "$(${pkgs.fzf}/bin/fzf-share)/key-bindings.zsh"
- '';
- ohMyZsh = {
- enable = true;
- plugins = [ "git" "colored-man-pages" "command-not-found" "extract" "nix" ];
- customPkgs = with pkgs;[
- spaceship-prompt
- nix-zsh-completions
- ];
- theme = "spaceship";
- };
- };
-
- environment.variables = {
- EDITOR = "nvim";
- SPACESHIP_TIME_SHOW = "true";
- SPACESHIP_BATTERY_THRESHOLD = "50";
- SPACESHIP_EXIT_CODE_SHOW = "true";
- };
-
- nix.gc.automatic = true;
- nix.gc.options = "--delete-older-than 15d";
- systemd.timers.nix-gc.timerConfig.Persistent = true;
-
-}
diff --git a/treefmt.toml b/treefmt.toml
new file mode 100644
index 00000000..d8118cef
--- /dev/null
+++ b/treefmt.toml
@@ -0,0 +1,3 @@
+[formatter.nixfmt-rfc-style]
+command = "nixfmt"
+includes = ["*.nix"]