beastie/dev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Creating kvm test server

Browse Source
This commit is contained in:
Jérémie SALVI
2025-11-22 13:05:42 +01:00
parent 59b184cc2c
commit ff17f33531
19 changed files with 366 additions and 178 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
flake.lock generated
View File

@@ -3,15 +3,15 @@
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1762276996,
"narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=",
"lastModified": 1763651264,
"narHash": "sha256-8vvwZbw0s7YvBMJeyPVpWke6lg6ROgtts5N2/SMCcv4=",
"owner": "nix-community",
"repo": "disko",
"rev": "af087d076d3860760b3323f6b583f4d828c1ac17",
"rev": "e86a89079587497174ccab6d0d142a65811a4fd9",
"type": "github"
},
"original": {
@@ -23,11 +23,11 @@
"mysecrets": {
"flake": false,
"locked": {
"lastModified": 1759883911,
"narHash": "sha256-IAKCQ9dIeMAdoi4fQdJAdWlLrNh/PURqGz7pmlo9cUw=",
"lastModified": 1763731770,
"narHash": "sha256-ThIVf8jtBOKV7JzShnL/gzHEm7axiLshPie8BYkMYAI=",
"ref": "refs/heads/main",
"rev": "7e39f4cde171d9273efddf2153d972d6fbf2a710",
"revCount": 15,
"rev": "07b3f415bd89a6b571f154278c1d9b6b5ca9e473",
"revCount": 16,
"type": "git",
"url": "file:///home/beastie/nixos/secrets"
},
@@ -36,13 +36,29 @@
"url": "file:///home/beastie/nixos/secrets"
}
},
"nixpkgs": {
"nixpkgs-stable": {
"locked": {
"lastModified": 1762363567,
"narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=",
"lastModified": 1763622513,
"narHash": "sha256-1jQnuyu82FpiSxowrF/iFK6Toh9BYprfDqfs4BB+19M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c58bc7f5459328e4afac201c5c4feb7c818d604b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1763421233,
"narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4",
"rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648",
"type": "github"
},
"original": {
@@ -56,22 +72,23 @@
"inputs": {
"disko": "disko",
"mysecrets": "mysecrets",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unstable": "nixpkgs-unstable",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1760998189,
"narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",
"lastModified": 1763607916,
"narHash": "sha256-VefBA1JWRXM929mBAFohFUtQJLUnEwZ2vmYUNkFnSjE=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",
"rev": "877bb495a6f8faf0d89fc10bd142c4b7ed2bcc0b",
"type": "github"
},
"original": {

15
flake.nix
View File

@@ -2,16 +2,17 @@
description = "A very basic flake";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
mysecrets = {
@@ -46,10 +47,10 @@
{
nixosConfigurations = {
#nixos-anywhere -- --flake './#generic' --generate-hardware-config nixos-generate-config ./hosts/generic/hardware-configuration.nix --target-host beastie@192.168.122.204
generic = mkSystem inputs.nixpkgs "x86_64-linux" "generic" "beastie";
test-kvm = mkSystem inputs.nixpkgs "x86_64-linux" "test-kvm" "beastie";
home-nix = mkSystem inputs.nixpkgs "x86_64-linux" "home-nix" "beastie";
work-nix = mkSystem inputs.nixpkgs "x86_64-linux" "work-nix" "beastie";
generic = mkSystem inputs.nixpkgs-stable "x86_64-linux" "generic" "beastie";
test-kvm = mkSystem inputs.nixpkgs-stable "x86_64-linux" "test-kvm" "beastie";
home-nix = mkSystem inputs.nixpkgs-unstable "x86_64-linux" "home-nix" "beastie";
work-nix = mkSystem inputs.nixpkgs-unstable "x86_64-linux" "work-nix" "beastie";
# live-usb = mkSystem inputs.nixpkgs "x86_64-linux" "live-usb" "beastie";
#nixos-rebuild switch --flake ./#home-nix --sudo
};

3
hosts/generic/default.nix
View File

@@ -5,7 +5,7 @@
...
}:
{
system.stateVersion = "25.11";
system.stateVersion = "25.05";
imports = [
./disk-config.nix
@@ -83,6 +83,7 @@
pkgs.nixos-anywhere
pkgs.nixos-generators
pkgs.ssh-to-age
pkgs.htop
];
services.openssh.enable = true;

116
hosts/generic/disk-config.nix
View File

@@ -6,7 +6,7 @@
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
device = "/dev/vda";
content = {
type = "gpt";
partitions = {
@@ -23,42 +23,88 @@
};
SYS = {
size = "100%";
type = "8309";
type = "8300";
name = "SYS";
content = {
type = "luks";
name = "rootfs";
settings = {
allowDiscards = true;
};
content = {
type = "btrfs";
extraArgs = [ "-f --nodiscard --label root" ];
subvolumes = {
"@" = {
mountpoint = "/";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
};
"@root" = {
mountpoint = "/root";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
};
"@home" = {
mountpoint = "/home";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
};
"@var" = {
mountpoint = "/var";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
};
"@games" = {
mountpoint = "/games";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
};
type = "btrfs";
extraArgs = [ "-f --nodiscard --label root" ];
subvolumes = {
"@" = {
mountpoint = "/";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@root" = {
mountpoint = "/root";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@var" = {
mountpoint = "/var";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@data" = {
mountpoint = "/games";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@backups" = {
mountpoint = "/games";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
};
};

5
hosts/generic/hardware-configuration.nix
View File

@@ -5,14 +5,13 @@
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

2
hosts/home-nix/default.nix
View File

@@ -1,6 +1,4 @@
{
pkgs,
username,
hostname,
modulesPath,
inputs,

39
hosts/test-kvm/default.nix
View File

@@ -7,50 +7,13 @@
...
}:
{
system.stateVersion = "25.11";
system.stateVersion = "25.05";
imports = builtins.trace "${inputs.mysecrets}" [
(modulesPath + "/installer/scan/not-detected.nix")
./network.nix
./disk-config.nix
./hardware-configuration.nix
../../modules/core
../../modules/optionnals/hosts/${hostname}.nix
];
boot.kernelPackages = pkgs.linuxPackages_latest;
time.timeZone = "Europe/Paris";
nix = {
settings = {
## Enable flakes
experimental-features = [
"nix-command"
"flakes"
];
## Users trusted to use flake command
trusted-users = [
"root"
"${username}"
];
};
};
## Enable virtualisation guest settings
services.qemuGuest.enable = true;
services.spice-vdagentd.enable = true;
services.xserver = {
videoDrivers = [ "modesetting" ]; # Driver vidéo optimisé pour QEMU/KVM
};
environment.systemPackages = [
pkgs.spice-gtk # Outils SPICE
pkgs.spice-protocol # Protocoles SPICE
];
#fileSystems."/" = {
# device = "/dev/vda2"; # Disque virtuel typique
# fsType = "btrfs";
#};
}

91
hosts/test-kvm/disk-config.nix
View File

@@ -10,22 +10,103 @@
content = {
type = "gpt";
partitions = {
ESP = {
EFI = {
size = "512M";
type = "EF00";
name = "EFI";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
SYS = {
size = "100%";
type = "8300";
name = "SYS";
content = {
type = "filesystem";
format = "btrfs";
mountpoint = "/";
type = "btrfs";
extraArgs = [ "-f --nodiscard --label root" ];
subvolumes = {
"@" = {
mountpoint = "/";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@root" = {
mountpoint = "/root";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@var" = {
mountpoint = "/var";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@data" = {
mountpoint = "/games";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@backups" = {
mountpoint = "/games";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
};
};
};
};

36
hosts/test-kvm/hardware-configuration.nix
View File

@@ -1,38 +1,16 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"sr_mod"
"virtio_blk"
"virtio_scsi"
"virtio_net"
"virtio_blk"
];
boot.initrd.kernelModules = [
"virtio_balloon"
"virtio_console"
"virtio_rng"
];
boot.kernelModules = [
"kvm-intel"
"virtio-gpu"
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

2
hosts/work-nix/default.nix
View File

@@ -1,6 +1,4 @@
{
pkgs,
username,
hostname,
modulesPath,
inputs,

1
modules/core/packages.nix
View File

@@ -23,6 +23,7 @@
pkgs.jq
pkgs.bash
pkgs.fzf
pkgs.bc
];
services = {
locate = {

6
modules/core/system.nix
View File

@@ -2,8 +2,6 @@
pkgs,
username,
hostname,
modulesPath,
inputs,
...
}:
{
@@ -23,12 +21,14 @@
"root"
"${username}"
];
## Use 24 cores during building phases
cores = 24;
max-jobs = "auto";
};
};
networking = {
hostName = "${hostname}";
networkmanager.enable = true;
firewall.enable = true;
};
}

41
modules/optionnals/ai.nix
View File

@@ -14,27 +14,26 @@
OLLAMA_KEEP_ALIVE = "5m";
};
};
services.open-webui = {
enable = true;
port = 8080; # Port par défaut
host = "127.0.0.1"; # Localhost uniquement
openFirewall = true;
# Pour accès réseau : host = "0.0.0.0";
environment = {
ANONYMIZED_TELEMETRY = "True";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
# URL d'Ollama (local)
OLLAMA_BASE_URL = "http://127.0.0.1:11434";
# Autres options optionnelles (https://docs.openwebui.com/getting-started/env-configuration/#web-search)
WEBUI_AUTH = "False"; # Desactive l'authentification
# ENABLE_WEB_SEARCH = "True";
# ENABLE_SEARCH_QUERY_GENERATION = "True";
# WEB_SEARCH_ENGINE = "duckduckgo";
# WEB_LOADER_ENGINE = "safe_web";
};
};
# services.open-webui = {
# enable = true;
# port = 8080; # Port par défaut
# host = "127.0.0.1"; # Localhost uniquement
# openFirewall = true;
# # Pour accès réseau : host = "0.0.0.0";
# environment = {
# ANONYMIZED_TELEMETRY = "True";
# DO_NOT_TRACK = "True";
# SCARF_NO_ANALYTICS = "True";
# # URL d'Ollama (local)
# OLLAMA_BASE_URL = "http://127.0.0.1:11434";
# # Autres options optionnelles (https://docs.openwebui.com/getting-started/env-configuration/#web-search)
# WEBUI_AUTH = "False"; # Desactive l'authentification
# # ENABLE_WEB_SEARCH = "True";
# # ENABLE_SEARCH_QUERY_GENERATION = "True";
# # WEB_SEARCH_ENGINE = "duckduckgo";
# # WEB_LOADER_ENGINE = "safe_web";
# };
# };
environment = {
systemPackages = [
pkgs.lmstudio

2
modules/optionnals/desktop/code.nix
View File

@@ -74,7 +74,7 @@ in
(pkgs.vscode-with-extensions.override {
vscode = pkgs.vscodium;
vscodeExtensions = [
pkgs.vscode-extensions.continue.continue
# pkgs.vscode-extensions.continue.continue
pkgs.vscode-extensions.catppuccin.catppuccin-vsc
pkgs.vscode-extensions.catppuccin.catppuccin-vsc-icons
pkgs.vscode-extensions.jnoortheen.nix-ide

1
modules/optionnals/desktop/starship.nix
View File

@@ -1,5 +1,4 @@
{
pkgs,
...
}:
{

2
modules/optionnals/hosts/home-nix.nix
View File

@@ -8,6 +8,7 @@
../ai.nix
../autologin.nix
../k8s.nix
../libvirt.nix
../openfortivpn.nix
../packages.nix
../sops-desktop.nix
@@ -23,6 +24,7 @@
../desktop/qwerty-fr.nix
../desktop/rofi.nix
../desktop/starship.nix
../desktop/virt-manager.nix
../desktop/wayland.nix
### Import Graphics modules

24
modules/optionnals/hosts/test-kvm.nix
View File

@@ -1,4 +1,5 @@
{
pkgs,
...
}:
{
@@ -6,14 +7,21 @@
../sops-desktop.nix
../sudo-nopasswd.nix
../autologin.nix
../ssh.nix
../packages.nix
### Import GUI modules
../desktop/dunst.nix
../desktop/kitty.nix
../desktop/packages.nix
../desktop/qwerty-fr.nix
../desktop/rofi.nix
../desktop/wayland.nix
## Server
../server/starship.nix
];
## Enable virtualisation guest settings
services.qemuGuest.enable = true;
services.spice-vdagentd.enable = true;
services.xserver = {
videoDrivers = [ "modesetting" ]; # Driver vidéo optimisé pour QEMU/KVM
};
environment.systemPackages = [
pkgs.spice-gtk # Outils SPICE
pkgs.spice-protocol # Protocoles SPICE
];
}

3
modules/optionnals/libvirt.nix
View File

@@ -8,7 +8,8 @@
libvirtd = {
enable = true;
qemu = {
package = pkgs.qemu_full;
# package = pkgs.qemu_full;
package = pkgs.qemu;
runAsRoot = true;
swtpm.enable = true;
};

96
modules/optionnals/server/starship.nix Normal file
View File

@@ -0,0 +1,96 @@
{
...
}:
{
environment.sessionVariables = {
KUBECONFIG = "$HOME/.kube/config";
};
programs.starship = {
enable = true;
settings = {
add_newline = true;
command_timeout = 1300;
scan_timeout = 50;
format = "[](fg:surface1)$hostname$username$directory$git_branch$git_status[](fg:base bg:sky)$fill$kubernetes$time[ ](fg:surface1)$line_break[ ](fg:surface1)";
right_format = "[](fg:surface1)";
palette = "catppuccin_frappe";
hostname = {
ssh_only = false;
format = "[](bg:base fg:mauve)[ $hostname ](bg:mauve fg:base)[](bg:mauve fg:blue)";
disabled = false;
};
username = {
style_user = "bg:blue fg:base";
style_root = "bg:red fg:base bold";
format = "[ $user ]($style)[](bg:blue fg:sapphire)";
show_always = true;
disabled = false;
};
directory = {
format = "[ $path ](bg:sapphire fg:base)[](bg:sapphire fg:sky)";
truncation_length = 3;
truncation_symbol = "/";
};
git_branch = {
symbol = " ";
format = "[ $symbol$branch(:$remote_branch) ](fg:base bg:sky)";
disabled = false;
};
git_status = {
format = "([$all_status$ahead_behind ](fg:base bg:sky))";
conflicted = "😵";
ahead = "";
behind = "";
diverged = "😵";
up_to_date = "";
untracked = "";
stashed = "📦";
modified = "";
#staged = "[($count)](fg:base bg:sapphire)"
staged = "";
renamed = "";
deleted = "";
disabled = false;
};
kubernetes = {
disabled = false;
format = "[](fg:blue bg:base)[ ($namespace)/($cluster) ](fg:base bg:blue)[](bg:blue fg:mauve)";
};
palettes.catppuccin_frappe = {
rosewater = "#f2d5cf";
flamingo = "#eebebe";
pink = "#f4b8e4";
mauve = "#ca9ee6";
red = "#e78284";
maroon = "#ea999c";
peach = "#ef9f76";
yellow = "#e5c890";
green = "#a6d189";
teal = "#81c8be";
sky = "#99d1db";
sapphire = "#85c1dc";
blue = "#8caaee";
lavender = "#babbf1";
text = "#c6d0f5";
subtext1 = "#b5bfe2";
subtext0 = "#a5adce";
overlay2 = "#949cbb";
overlay1 = "#838ba7";
overlay0 = "#737994";
surface2 = "#626880";
surface1 = "#51576d";
surface0 = "#414559";
base = "#303446";
mantle = "#292c3c";
crust = "#232634";
};
};
};
}