beastie/dev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: beastie:5fb0c51777de5a50e9786c4312d313ba859b7728
Branches Tags
beastie:main
...
compare: beastie:main
Branches Tags
beastie:main

11 Commits
5fb0c51777 ... main

Author SHA1 Message Date
Jérémie SALVI
3679f36e67 Add gaming skills 2025-12-21 18:32:18 +01:00
Jérémie SALVI
d10cc381df add nextcloud to desktop 2025-12-21 17:47:38 +01:00
Jérémie SALVI
cc6ebd5224 Install nextcloud-client additions 2025-12-12 22:53:03 +01:00
Jérémie SALVI
d51e8ed455 Add /dev/sda luks partition to crypttab, and install nextcloud-client 2025-12-12 22:04:23 +01:00
Jérémie SALVI
2a751ee1d4 configure remote wake on lan and ipv6 2025-12-12 07:50:43 +01:00
Jérémie SALVI
792fe03d93 Add wake online 2025-12-12 04:42:32 +01:00
Jérémie SALVI
918d42ff71 Add wake online 2025-12-12 04:42:20 +01:00
Jérémie SALVI
87993b83fe restore qemu to kemu_full 2025-12-11 15:16:47 +01:00
Jérémie SALVI
74962924b8 revert flake to a working build 2025-12-09 01:46:47 +01:00
Jérémie SALVI
520f40e1bc revert flake 2025-12-08 13:14:03 +01:00
Jérémie SALVI
1655f3096d before flake update 2025-12-08 12:04:41 +01:00
19 changed files with 426 additions and 49 deletions
Expand all files Collapse all files

32
flake.lock generated
View File

@@ -7,11 +7,11 @@
]
},
"locked": {
"lastModified": 1764627417,
"narHash": "sha256-D6xc3Rl8Ab6wucJWdvjNsGYGSxNjQHzRc2EZ6eeQ6l4=",
"lastModified": 1766150702,
"narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",
"owner": "nix-community",
"repo": "disko",
"rev": "5a88a6eceb8fd732b983e72b732f6f4b8269bef3",
"rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",
"type": "github"
},
"original": {
@@ -23,11 +23,11 @@
"mysecrets": {
"flake": false,
"locked": {
"lastModified": 1763731770,
"narHash": "sha256-ThIVf8jtBOKV7JzShnL/gzHEm7axiLshPie8BYkMYAI=",
"lastModified": 1765518969,
"narHash": "sha256-hKJGo0+i7xHDMhN8kicOLT0PA8x8zRzleQs2I2XWVLg=",
"ref": "refs/heads/main",
"rev": "07b3f415bd89a6b571f154278c1d9b6b5ca9e473",
"revCount": 16,
"rev": "e1c2c590e4655cf887173478765663d20a7efffd",
"revCount": 19,
"type": "git",
"url": "file:///home/beastie/nixos/secrets"
},
@@ -38,11 +38,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1764560356,
"narHash": "sha256-M5aFEFPppI4UhdOxwdmceJ9bDJC4T6C6CzCK1E2FZyo=",
"lastModified": 1766014764,
"narHash": "sha256-+73VffE5GP5fvbib6Hs1Su6LehG+9UV1Kzs90T2gBLA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6c8f0cca84510cc79e09ea99a299c9bc17d03cb6",
"rev": "2b0d2b456e4e8452cf1c16d00118d145f31160f9",
"type": "github"
},
"original": {
@@ -54,11 +54,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1764517877,
"narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=",
"lastModified": 1766070988,
"narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c",
"rev": "c6245e83d836d0433170a16eb185cefe0572f8b8",
"type": "github"
},
"original": {
@@ -84,11 +84,11 @@
]
},
"locked": {
"lastModified": 1764483358,
"narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=",
"lastModified": 1766289575,
"narHash": "sha256-BOKCwOQQIP4p9z8DasT5r+qjri3x7sPCOq+FTjY8Z+o=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "5aca6ff67264321d47856a2ed183729271107c9c",
"rev": "9836912e37aef546029e48c8749834735a6b9dad",
"type": "github"
},
"original": {

54
hosts/home-nix/disk-config.nix
View File

@@ -37,27 +37,69 @@
subvolumes = {
"@" = {
mountpoint = "/";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@root" = {
mountpoint = "/root";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@var" = {
mountpoint = "/var";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@games" = {
mountpoint = "/games";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
};
};

37
hosts/home-nix/hardware-configuration.nix
View File

@@ -1,18 +1,47 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
modulesPath,
...
}:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
environment.etc."crypttab".text = ''
datafs UUID=5ca962a7-537f-46ce-ba50-9cc9cefd012b /etc/secrets/datafs.key luks
'';
fileSystems."/data" = {
device = "/dev/disk/by-uuid/a8ea6a7b-3733-40d8-bee8-45806aaacfe1";
fsType = "btrfs";
options = [
"defaults"
"compress=zstd"
"autodefrag"
"noatime"
"nofail"
];
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

1
modules/core/packages.nix
View File

@@ -24,6 +24,7 @@
pkgs.bash
pkgs.fzf
pkgs.bc
pkgs.wakeonlan
];
services = {
locate = {

2
modules/core/users.nix
View File

@@ -18,7 +18,7 @@
"video"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKMJ3TkEmRQcX7RQijNa2km6a2xXJk6M6FERh7C9nTJ"
config.sops.secrets."ssh_keys/beastie_priv".path
];
shell = pkgs.zsh;
};

20
modules/optionnals/ai.nix
View File

@@ -4,16 +4,16 @@
}:
{
# Activer Ollama comme service
services.ollama = {
enable = true;
acceleration = "cuda";
environmentVariables = {
OLLAMA_FLASH_ATTENTION = "1"; # ← Flash Attention
OLLAMA_NUM_PARALLEL = "2"; # ← Requêtes parallèles
OLLAMA_MAX_LOADED_MODELS = "1"; # ← Garder 2 modèles en VRAM
OLLAMA_KEEP_ALIVE = "5m";
};
};
# services.ollama = {
# enable = true;
# acceleration = "cuda";
# environmentVariables = {
# OLLAMA_FLASH_ATTENTION = "1"; # ← Flash Attention
# OLLAMA_NUM_PARALLEL = "2"; # ← Requêtes parallèles
# OLLAMA_MAX_LOADED_MODELS = "1"; # ← Garder 2 modèles en VRAM
# OLLAMA_KEEP_ALIVE = "5m";
# };
# };
# services.open-webui = {
# enable = true;
# port = 8080; # Port par défaut

2
modules/optionnals/desktop/config/etc/xdg/hypr/hyprland.conf
View File

@@ -21,7 +21,7 @@ $terminal = kitty
exec-once = hyprpaper
exec-once = waybar
exec-once = nextcloud
#############################
### ENVIRONMENT VARIABLES ###

18
modules/optionnals/desktop/gaming.nix Normal file
View File

@@ -0,0 +1,18 @@
{
pkgs,
...
}:
{
hardware.graphics.enable32Bit = true;
programs.steam.enable = true;
programs.steam.gamescopeSession.enable = true;
programs.gamemode.enable = true;
environment.systemPackages = with pkgs; [
vulkan-tools
lutris
wine-staging
winetricks
mangohud
protonup-ng
];
}

12
modules/optionnals/desktop/nextcloud.nix Normal file
View File

@@ -0,0 +1,12 @@
{
pkgs,
...
}:
{
services.gnome.gnome-keyring.enable = true;
environment.systemPackages = [
pkgs.nextcloud-client
pkgs.seahorse
];
}

1
modules/optionnals/desktop/packages.nix
View File

@@ -9,6 +9,7 @@
pkgs.yt-dlp
pkgs.chromium
pkgs.firefox
pkgs.thunderbird
pkgs.keepassxc
pkgs.nwg-look
pkgs.gimp

54
modules/optionnals/hosts/home-nix.nix
View File

@@ -5,20 +5,24 @@
}:
{
imports = [
../ai.nix
#../ai.nix
../autologin.nix
../k8s.nix
../libvirt.nix
../openfortivpn.nix
../options.nix
../packages.nix
../sops-desktop.nix
../ssh.nix
../sudo-nopasswd.nix
../wakeonlan.nix
### Import GUI modules
../desktop/code.nix
../desktop/dunst.nix
../desktop/gaming.nix
../desktop/kitty.nix
../desktop/nextcloud.nix
../desktop/packages.nix
../desktop/pipewire.nix
../desktop/qwerty-fr.nix
@@ -31,6 +35,11 @@
../desktop/nvidia.nix
];
my.laninterface = "enp5s0";
my.ipv4address = "192.168.0.2";
my.ipv4netmask = 24;
my.ipv4gateway = "192.168.0.254";
sops = {
secrets = {
"wireguard_home/publickey" = { };
@@ -39,25 +48,31 @@
};
};
#services.resolved.enable = false;
networking = {
interfaces.enp5s0 = {
#useNetworkd = true;
#useHostResolvConf = false;
interfaces.${config.my.laninterface} = {
ipv4.addresses = [
{
address = "192.168.0.2";
prefixLength = 24;
address = config.my.ipv4address;
prefixLength = config.my.ipv4netmask;
}
];
};
defaultGateway = {
address = "192.168.0.254";
interface = "enp5s0";
address = config.my.ipv4gateway;
interface = config.my.laninterface;
};
nameservers = [
#"9.9.9.9"
"10.0.0.1"
"2001:41d0:303:20da::1"
"217.182.138.218"
];
extraHosts = ''
#172.18.229.240 test-mycarto.grandbesancon.fr
172.18.21.172 errorpages.grandbesancon.fr
#172.18.23.4 dozzle.grandbesancon.fr
#172.18.22.206 toto.grandbesancon.fr
@@ -92,5 +107,30 @@
};
};
};
environment.systemPackages = [ pkgs.tor-browser ];
sops.secrets."home-nix/myipv6address" = { };
systemd.services.ipv6-setup = {
description = "Configure IPv6";
after = [
"network.target"
"sops-nix.service"
];
wants = [ "sops-nix.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = pkgs.writeShellScript "setup-ipv6" ''
${pkgs.iproute2}/bin/ip -6 addr add $(cat ${
config.sops.secrets."home-nix/myipv6address".path
})/64 dev ${config.my.laninterface} || true
'';
};
};
environment.systemPackages = [
pkgs.tor-browser
];
}

49
modules/optionnals/hosts/test-kvm.nix
View File

@@ -11,6 +11,7 @@
## Server
../server/starship.nix
../server/wireguard-ui.nix
];
## Enable virtualisation guest settings
@@ -24,4 +25,52 @@
pkgs.spice-gtk # Outils SPICE
pkgs.spice-protocol # Protocoles SPICE
];
systemd.network.links."10-eth0" = {
matchConfig.MACAddress = "52:54:00:a3:d7:56";
linkConfig.Name = "eth0";
};
systemd.network.netdevs."10-dummy0" = {
netdevConfig = {
Kind = "dummy";
Name = "dummy0";
};
};
networking = {
useNetworkd = true;
useDHCP = false;
interfaces = {
dummy0 = {
ipv4.addresses = [
{
address = "192.168.2.1";
prefixLength = 24;
}
];
};
eth0 = {
ipv4.addresses = [
{
address = "192.168.122.10";
prefixLength = 24;
}
];
};
};
defaultGateway = {
address = "192.168.122.1";
interface = "eth0";
};
nameservers = [
#"9.9.9.9"
"2001:41d0:303:20da::1"
"217.182.138.218"
];
extraHosts = ''
172.18.21.172 errorpages.grandbesancon.fr
'';
};
}

4
modules/optionnals/libvirt.nix
View File

@@ -8,8 +8,8 @@
libvirtd = {
enable = true;
qemu = {
# package = pkgs.qemu_full;
package = pkgs.qemu;
package = pkgs.qemu_full;
#package = pkgs.qemu;
runAsRoot = true;
swtpm.enable = true;
};

26
modules/optionnals/options.nix Normal file
View File

@@ -0,0 +1,26 @@
{
lib,
...
}:
{
options.my.laninterface = lib.mkOption {
type = lib.types.str;
default = "enp5s0";
};
options.my.ipv4address = lib.mkOption {
type = lib.types.str;
default = "127.0.0.1";
};
options.my.ipv4netmask = lib.mkOption {
type = lib.types.int;
default = 8;
};
options.my.ipv4gateway = lib.mkOption {
type = lib.types.str;
default = "127.0.0.254";
};
options.my.wolipv6address = lib.mkOption {
type = lib.types.str;
default = "fc::0";
};
}

5
modules/optionnals/server/starship.nix
View File

@@ -58,6 +58,11 @@
disabled = false;
};
fill = {
symbol = "";
style = "surface1";
};
kubernetes = {
disabled = false;
format = "[](fg:blue bg:base)[ ($namespace)/($cluster) ](fg:base bg:blue)[](bg:blue fg:mauve)";

97
modules/optionnals/server/wireguard-ui.nix Normal file
View File

@@ -0,0 +1,97 @@
{
pkgs,
...
}:
{
environment.systemPackages = [
pkgs.wireguard-tools
pkgs.wireguard-ui
];
users.users.wireguard-ui = {
isSystemUser = true;
group = "wireguard-ui";
home = "/var/lib/wireguard-ui";
createHome = true;
description = "WireGuard UI service user";
};
users.groups.wireguard-ui = { };
systemd = {
tmpfiles.rules = [
"d /etc/wireguard 0750 wireguard-ui wireguard-ui -"
"d /var/lib/wireguard-ui 0750 wireguard-ui wireguard-ui -"
];
services = {
wg-quick-wg0 = {
description = "WireGuard via wg-quick(8) for wg0";
after = [
"network-online.target"
"wireguard-ui.service"
];
wants = [ "network-online.target" ];
wantedBy = [
"multi-user.target"
"sshd.service"
];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.wireguard-tools}/bin/wg-quick up wg0";
ExecStop = "${pkgs.wireguard-tools}/bin/wg-quick down wg0";
ExecReload = "${pkgs.bash}/bin/bash -c 'exec ${pkgs.wireguard-tools}/bin/wg syncconf wg0 <(exec ${pkgs.wireguard-tools}/bin/wg-quick strip wg0)'";
Environment = [ "WG_ENDPOINT_RESOLUTION_RETRIES=infinity" ];
};
};
wireguard-ui = {
description = "WireGuard UI";
documentation = [ "https://github.com/ngoduykhanh/wireguard-ui" ];
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${pkgs.wireguard-ui}/bin/wireguard-ui";
Restart = "on-failure";
WorkingDirectory = "/var/lib/wireguard-ui";
StateDirectory = "wireguard-ui";
User = "wireguard-ui";
Group = "wireguard-ui";
ReadWritePaths = [
"/var/lib/wireguard-ui"
"/etc/wireguard"
];
Environment = [
# "WGUI_ENDPOINT_ADDRESS=${config.custom.wireguard-ui.endpointAddress}"
# "WGUI_DNS=${config.custom.wireguard-ui.dns}"
];
AmbientCapabilities = "CAP_NET_ADMIN";
};
};
wg-quick-wg0-reload = {
description = "Reload WireGuard config";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.systemd}/bin/systemctl reload wg-quick-wg0.service";
};
};
};
paths.wg-quick-wg0-reload = {
description = "Watch /etc/wireguard/wg0.conf for changes";
wantedBy = [ "multi-user.target" ];
pathConfig = {
PathModified = "/etc/wireguard/wg0.conf";
};
};
};
networking.firewall.allowedTCPPorts = [ 5000 ];
networking.firewall.allowedUDPPorts = [ 51820 ];
}

10
modules/optionnals/sops-desktop.nix
View File

@@ -61,6 +61,16 @@ in
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore";
};
"ssh_keys/wol_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_wol";
};
"ssh_keys/wol_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_wol.priv";
};
};
};
}

47
modules/optionnals/wakeonlan.nix Normal file
View File

@@ -0,0 +1,47 @@
{
config,
pkgs,
hostname,
...
}:
{
systemd.services."wol${config.my.laninterface}" = {
description = "Wake-on-LAN for ${config.my.laninterface}";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.ethtool}/bin/ethtool -s ${config.my.laninterface} wol g";
RandomizedDelaySec = "30s";
};
};
environment.systemPackages = [ pkgs.ethtool ];
my.wolipv6address = "2a01:e0a:9cc:99d0:8f3a:6b2c:41d7:e9f5";
boot.initrd = {
network = {
enable = true;
ssh = {
enable = true;
port = 65234;
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2+PXfG/37rsvcVr2RAHzXmGHMr8+8iBH//1YS+zWd3"
]; # ta clé publique
hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ];
};
postCommands = ''
ip -6 addr add ${config.my.wolipv6address}/64 dev ${config.my.laninterface}
ip -6 route add default via fe80::224:d4ff:fea5:65bd dev ${config.my.laninterface}
'';
};
availableKernelModules = [ "r8169" ];
};
boot = {
kernelParams = [
"ip=${config.my.ipv4address}::255.255.255.0:${config.my.ipv4gateway}:${hostname}:${config.my.laninterface}:off"
];
};
}