diff --git a/README.md b/README.md index 1410c1d..eee3330 100644 --- a/README.md +++ b/README.md @@ -43,11 +43,21 @@ si on veut utiliser kexec, il faut pousser l'iso en ligne pour que le serveur ci On ajoute à `~/.ssh/config` +``` +Match User root + IdentityFile ~/.ssh/id_ed25519_beastie + PasswordAuthentication yes + PubkeyAuthentication yes +``` + +On lance l'installation à distance + ``` nixos-anywhere --flake .#generic --target-host root@192.168.122.204 -i ~/.ssh/id_ed25519_beastie --generate-hardware-config nixos-generate-config ./hosts/generic/hardware-configuration.nix ``` -si l'installation est en local, on peux créer le partitionnement avec la commande suivante : +Si l'installation est en local, on peux créer le partitionnement avec la commande suivante : + ``` sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --yes-wipe-all-disks --mode destroy,format,mount ./disko.nix ``` diff --git a/flake.lock b/flake.lock index a05c807..10ebe16 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1752718651, - "narHash": "sha256-PkaR0qmyP9q/MDN3uYa+RLeBA0PjvEQiM0rTDDBXkL8=", + "lastModified": 1757508292, + "narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=", "owner": "nix-community", "repo": "disko", - "rev": "d5ad4485e6f2edcc06751df65c5e16572877db88", + "rev": "146f45bee02b8bd88812cfce6ffc0f933788875a", "type": "github" }, "original": { @@ -23,11 +23,11 @@ "mysecrets": { "flake": false, "locked": { - "lastModified": 1753346054, - "narHash": "sha256-n7qc4vFKYip1dnLN/45UPlyxE1tOJdd9pg74HBcA96Y=", + "lastModified": 1758040565, + "narHash": "sha256-Mq2BEI6ik6W49mSBotPi4zva6CyjXqdft+A7hy4ENGw=", "ref": "refs/heads/main", - "rev": "b48db3f949bb9b24d6fa84f4216ba9452f6d6e6b", - "revCount": 2, + "rev": "4640274dc3767b3f8b968f801f9f8e3be0619415", + "revCount": 3, "type": "git", "url": "file:///home/beastie/nixos-secrets" }, @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1752364307, - "narHash": "sha256-o0Cm4fhz/ukV/excbnwkRB2sqknenkb/0T4pcgXjrp0=", - "owner": "NixOS", + "lastModified": 1757745802, + "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "b6071be3c0d9404113988e5e253eb6d71d1ddbef", + "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", "type": "github" }, "original": { @@ -67,11 +67,11 @@ ] }, "locked": { - "lastModified": 1752544651, - "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=", + "lastModified": 1758007585, + "narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2c8def626f54708a9c38a5861866660395bb3461", + "rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 12f55f1..0e5f5c0 100644 --- a/flake.nix +++ b/flake.nix @@ -48,9 +48,9 @@ #nixos-anywhere -- --flake './#generic' --generate-hardware-config nixos-generate-config ./hosts/generic/hardware-configuration.nix --target-host beastie@192.168.122.204 generic = mkSystem inputs.nixpkgs "x86_64-linux" "generic" "beastie"; test-kvm = mkSystem inputs.nixpkgs "x86_64-linux" "test-kvm" "beastie"; + home-nix = mkSystem inputs.nixpkgs "x86_64-linux" "home-nix" "beastie"; # live-usb = mkSystem inputs.nixpkgs "x86_64-linux" "live-usb" "beastie"; #nixos-rebuild switch --flake ./#home-nix --sudo - #home-nix = mkSystem inputs.nixpkgs "x86_64-linux" "home-nix" "beastie"; }; }; } diff --git a/hosts/generic/default.nix b/hosts/generic/default.nix index 6e1973d..0b68c95 100644 --- a/hosts/generic/default.nix +++ b/hosts/generic/default.nix @@ -5,6 +5,8 @@ ... }: { + system.stateVersion = "25.11"; + imports = [ ./disk-config.nix ./hardware-configuration.nix @@ -86,5 +88,4 @@ services.openssh.enable = true; networking.hostName = "${hostname}"; - system.stateVersion = "25.11"; } diff --git a/hosts/generic/disk-config.nix b/hosts/generic/disk-config.nix index bc5f3a2..155610e 100644 --- a/hosts/generic/disk-config.nix +++ b/hosts/generic/disk-config.nix @@ -17,15 +17,48 @@ type = "filesystem"; format = "vfat"; mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; }; }; - root = { + SYS = { size = "100%"; - type = "8300"; + type = "8309"; content = { - type = "filesystem"; - format = "btrfs"; - mountpoint = "/"; + type = "luks"; + name = "rootfs"; + settings = { + allowDiscards = true; + }; + content = { + type = "btrfs"; + extraArgs = [ "-f --nodiscard --label root" ]; + subvolumes = { + "@" = { + mountpoint = "/"; + mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; + }; + "@root" = { + mountpoint = "/root"; + mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; + }; + "@home" = { + mountpoint = "/home"; + mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; + }; + "@var" = { + mountpoint = "/var"; + mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; + }; + "@games" = { + mountpoint = "/games"; + mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; + }; + }; + }; }; }; }; diff --git a/hosts/generic/hardware-configuration.nix b/hosts/generic/hardware-configuration.nix index f5b54dc..85f3eaf 100644 --- a/hosts/generic/hardware-configuration.nix +++ b/hosts/generic/hardware-configuration.nix @@ -1,26 +1,14 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: +{ config, lib, pkgs, modulesPath, ... }: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ - "ahci" - "xhci_pci" - "virtio_pci" - "sr_mod" - "virtio_blk" - ]; + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; diff --git a/hosts/home-nix/default.nix b/hosts/home-nix/default.nix new file mode 100644 index 0000000..1978881 --- /dev/null +++ b/hosts/home-nix/default.nix @@ -0,0 +1,56 @@ +{ + pkgs, + username, + hostname, + modulesPath, + inputs, + ... +}: +{ + system.stateVersion = "25.11"; + + imports = builtins.trace "${inputs.mysecrets}" [ + (modulesPath + "/installer/scan/not-detected.nix") + ./network.nix + ./disk-config.nix + ./hardware-configuration.nix + ../../modules/core + ../../modules/optionnals/hosts/${hostname}.nix + ]; + + boot.kernelPackages = pkgs.linuxPackages_latest; + + time.timeZone = "Europe/Paris"; + + nix = { + settings = { + ## Enable flakes + experimental-features = [ + "nix-command" + "flakes" + ]; + ## Users trusted to use flake command + trusted-users = [ + "root" + "${username}" + ]; + }; + }; + + ## Enable virtualisation guest settings + services.qemuGuest.enable = true; + services.spice-vdagentd.enable = true; + services.xserver = { + videoDrivers = [ "modesetting" ]; # Driver vidéo optimisé pour QEMU/KVM + }; + + environment.systemPackages = [ + pkgs.spice-gtk # Outils SPICE + pkgs.spice-protocol # Protocoles SPICE + ]; + + #fileSystems."/" = { + # device = "/dev/vda2"; # Disque virtuel typique + # fsType = "btrfs"; + #}; +} diff --git a/hosts/home-nix/disk-config.nix b/hosts/home-nix/disk-config.nix new file mode 100644 index 0000000..155610e --- /dev/null +++ b/hosts/home-nix/disk-config.nix @@ -0,0 +1,69 @@ +{ + ... +}: +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/vda"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + SYS = { + size = "100%"; + type = "8309"; + content = { + type = "luks"; + name = "rootfs"; + settings = { + allowDiscards = true; + }; + content = { + type = "btrfs"; + extraArgs = [ "-f --nodiscard --label root" ]; + subvolumes = { + "@" = { + mountpoint = "/"; + mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; + }; + "@root" = { + mountpoint = "/root"; + mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; + }; + "@home" = { + mountpoint = "/home"; + mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; + }; + "@var" = { + mountpoint = "/var"; + mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; + }; + "@games" = { + mountpoint = "/games"; + mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/home-nix/hardware-configuration.nix b/hosts/home-nix/hardware-configuration.nix new file mode 100644 index 0000000..cdd437d --- /dev/null +++ b/hosts/home-nix/hardware-configuration.nix @@ -0,0 +1,25 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ + "ahci" + "xhci_pci" + "virtio_pci" + "sr_mod" + "virtio_blk" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/home-nix/network.nix b/hosts/home-nix/network.nix new file mode 100644 index 0000000..e5159ad --- /dev/null +++ b/hosts/home-nix/network.nix @@ -0,0 +1,29 @@ +{ + hostname, + ... +}: +{ + networking = { + hostName = "${hostname}"; + interfaces.enp1s0 = { + ipv4.addresses = [ + { + address = "192.168.122.100"; + prefixLength = 24; + } + ]; + }; + defaultGateway = { + address = "192.168.122.1"; + interface = "enp1s0"; + }; + nameservers = [ + "9.9.9.9" + "2001:41d0:303:20da::1" + "217.182.138.218" + ]; + networkmanager.enable = true; + + firewall.enable = true; + }; +} diff --git a/iso/customiso.nix b/iso/customiso.nix index be44b6b..4cf05d7 100644 --- a/iso/customiso.nix +++ b/iso/customiso.nix @@ -64,7 +64,6 @@ pkgs.curl pkgs.nixos-anywhere pkgs.nixos-generators - pkgs.dhcp ]; # Needed for https://github.com/NixOS/nixpkgs/issues/58959 @@ -84,5 +83,3 @@ mode = "0440"; }; } - -# Config nvim diff --git a/modules/core/packages.nix b/modules/core/packages.nix index 28fe84b..f460a31 100644 --- a/modules/core/packages.nix +++ b/modules/core/packages.nix @@ -6,7 +6,6 @@ environment.systemPackages = [ pkgs.curl pkgs.pciutils - # pkgs.clinfo <- IDC info, move to GPU pkgs.git pkgs.htop pkgs.killall