change ipv6 address for wake onlan

add talos utilities
2026-04-02 13:13:47 +02:00 · 2026-03-02 00:24:34 +01:00 · 2026-03-02 00:22:41 +01:00 · 2026-02-10 18:19:23 +01:00 · 2026-02-10 18:18:12 +01:00 · 2026-02-04 14:33:07 +01:00
15 changed files with 129 additions and 90 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768923567,
-        "narHash": "sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q=",
+        "lastModified": 1769524058,
+        "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "00395d188e3594a1507f214a2f15d4ce5c07cb28",
+        "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
        "type": "github"
      },
      "original": {
@@ -54,11 +54,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1768886240,
-        "narHash": "sha256-C2TjvwYZ2VDxYWeqvvJ5XPPp6U7H66zeJlRaErJKoEM=",
+        "lastModified": 1770115704,
+        "narHash": "sha256-KHFT9UWOF2yRPlAnSXQJh6uVcgNcWlFqqiAZ7OVlHNc=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "80e4adbcf8992d3fd27ad4964fbb84907f9478b0",
+        "rev": "e6eae2ee2110f3d31110d5c222cd395303343b08",
        "type": "github"
      },
      "original": {
@@ -84,11 +84,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768863606,
-        "narHash": "sha256-1IHAeS8WtBiEo5XiyJBHOXMzECD6aaIOJmpQKzRRl64=",
+        "lastModified": 1770145881,
+        "narHash": "sha256-ktjWTq+D5MTXQcL9N6cDZXUf9kX8JBLLBLT0ZyOTSYY=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "c7067be8db2c09ab1884de67ef6c4f693973f4a2",
+        "rev": "17eea6f3816ba6568b8c81db8a4e6ca438b30b7c",
        "type": "github"
      },
      "original": {
--- a/modules/core/default.nix
+++ b/modules/core/default.nix
@@ -5,6 +5,7 @@
  imports = [
    ./grub.nix
    ./packages.nix
+    ./sops.nix
    ./ssh.nix
    ./system.nix
    ./tty.nix
--- a/modules/core/packages.nix
+++ b/modules/core/packages.nix
@@ -15,6 +15,7 @@
    pkgs.unzip
    pkgs.sops
    pkgs.ssh-to-age
+    pkgs.age
    pkgs.nixos-anywhere
    pkgs.nixos-generators
    pkgs.efibootmgr
@@ -25,7 +26,7 @@
    pkgs.fzf
    pkgs.bc
    pkgs.wakeonlan
-    pkgs.samba
+    pkgs.openssl
  ];
  services = {
    locate = {
--- a/modules/core/sops.nix
+++ b/modules/core/sops.nix
@@ -0,0 +1,19 @@
+{
+  inputs,
+  ...
+}:
+let
+  secretsPath = builtins.toString inputs.mysecrets;
+in
+{
+  sops = {
+    defaultSopsFile = "${secretsPath}/secrets.yaml";
+    age = {
+      sshKeyPaths = [
+        "/etc/ssh/ssh_host_ed25519_key"
+      ];
+      keyFile = "/var/lib/sops-nix/key.txt";
+      generateKey = true;
+    };
+  };
+}
--- a/modules/core/users.nix
+++ b/modules/core/users.nix
@@ -5,6 +5,11 @@
  ...
 }:
 {
+  sops.secrets = {
+    "users_password/beastie" = {
+      neededForUsers = true;
+    };
+  };
  users = {
    users = {
      ${username} = {
@@ -18,7 +23,7 @@
          "video"
        ];
        openssh.authorizedKeys.keys = [
-          config.sops.secrets."ssh_keys/beastie_priv".path
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKMJ3TkEmRQcX7RQijNa2km6a2xXJk6M6FERh7C9nTJ"
        ];
        shell = pkgs.zsh;
      };
--- a/modules/optionnals/desktop/code.nix
+++ b/modules/optionnals/desktop/code.nix
@@ -95,5 +95,7 @@ in
    pkgs.ansible
    pkgs.python313
    pkgs.claude-code
+    pkgs.nodejs
+    pkgs.php
  ];
 }
--- a/modules/optionnals/desktop/config/etc/xdg/hypr/hyprland.conf
+++ b/modules/optionnals/desktop/config/etc/xdg/hypr/hyprland.conf
@@ -314,8 +314,11 @@ bindl = , XF86AudioPrev, exec, playerctl previous
 # windowrule = nofocus,class:^$,title:^$,xwayland:1,floating:1,fullscreen:0,pinned:0

 # Supprimer la transparence pour des applications spécifiques
-windowrulev2 = opacity 1.0 override,class:^(firefox)$
-windowrulev2 = opacity 1.0 override,class:^(chromium)$
-windowrulev2 = opacity 1.0 override,class:^(mpv)$
+# Opacity order : active, inactive, fullscreen
+windowrule = match:class firefox, opacity 1.0 override 0.95 override 1.0 override
+windowrule = match:class chromium, opacity 1.0 override 0.95 override 1.0 override
+windowrule = match:class mpv, opacity 0.95 override 0.80 override 1.0 override
+
+#windowrule = match:class mpv, fullscreen override
+#windowrulev2 = fullscreen,class:^(mpv)$

-windowrulev2 = fullscreen,class:^(mpv)$
--- a/modules/optionnals/desktop/packages.nix
+++ b/modules/optionnals/desktop/packages.nix
@@ -26,6 +26,11 @@
    pkgs.catppuccin-cursors
    pkgs.catppuccin-gtk
    pkgs.postman
+    pkgs.samba
+    pkgs.openldap
+    pkgs.argocd
+    pkgs.talosctl
+    pkgs.talhelper
  ];
  fonts.packages = [
    pkgs.nerd-fonts.dejavu-sans-mono
--- a/modules/optionnals/docker.nix
+++ b/modules/optionnals/docker.nix
@@ -0,0 +1,8 @@
+{
+  username,
+  ...
+}:
+{
+  virtualisation.docker.enable = true;
+  users.users.${username}.extraGroups = [ "docker" ];
+}
--- a/modules/optionnals/hosts/home-nix.nix
+++ b/modules/optionnals/hosts/home-nix.nix
@@ -7,6 +7,7 @@
  imports = [
    #../ai.nix
    ../autologin.nix
+    ../docker.nix
    ../k8s.nix
    ../libvirt.nix
    ../openfortivpn.nix
@@ -80,6 +81,8 @@
      #172.18.20.37   sso.grandbesancon.fr
      #172.18.20.229  auth.grandbesancon.fr
      #172.18.20.181  traefikauth.grandbesancon.fr
+      172.18.21.174     test-patchmon.grandbesancon.fr
+      172.18.229.240    test-mycarto-autonome.grandbesancon.fr
    '';
    wireguard = {
      interfaces = {
--- a/modules/optionnals/hosts/work-nix.nix
+++ b/modules/optionnals/hosts/work-nix.nix
@@ -6,6 +6,7 @@
 {
  imports = [
    ../autologin.nix
+    ../docker.nix
    ../k8s.nix
    ../libvirt.nix
    ../openfortivpn.nix
@@ -34,7 +35,8 @@
  networking = {
    networkmanager.enable = true;
    extraHosts = ''
-      carto-interavtive 172.18.20.134
+      carto-interavtive               172.18.20.134
+      test-patchmon.grandbesancon.fr  172.18.21.174
      test-crowdsec.grandbesancon.fr  172.18.21.67
      test-syslog.grandbesancon.fr    172.18.21.67
    '';
--- a/modules/optionnals/libvirt.nix
+++ b/modules/optionnals/libvirt.nix
@@ -4,6 +4,9 @@
  ...
 }:
 {
+  users.users.${username} = {
+    extraGroups = [ "libvirtd" ];
+  };
  virtualisation = {
    libvirtd = {
      enable = true;
@@ -12,11 +15,13 @@
        #package = pkgs.qemu;
        runAsRoot = true;
        swtpm.enable = true;
+        vhostUserPackages = [
+          pkgs.virtiofsd
+        ];
      };
    };
-
-  };
-  users.users.${username} = {
-    extraGroups = [ "libvirtd" ];
  };
+  environment.systemPackages = with pkgs; [
+    virtiofsd
+  ];
 }
--- a/modules/optionnals/sops-desktop.nix
+++ b/modules/optionnals/sops-desktop.nix
@@ -1,76 +1,61 @@
 {
-  inputs,
  username,
  ...
 }:
-let
-  secretsPath = builtins.toString inputs.mysecrets;
-in
 {
-  sops = {
-    defaultSopsFile = "${secretsPath}/secrets.yaml";
-    age = {
-      sshKeyPaths = [
-        "/etc/ssh/ssh_host_ed25519_key"
-      ];
-      keyFile = "/var/lib/sops-nix/key.txt";
-      generateKey = true;
+  sops.secrets = {
+    "users_password/beastie" = {
+      neededForUsers = true;
    };
-
-    secrets = {
-      "users_password/beastie" = {
-        neededForUsers = true;
-      };
-      "ssh_keys/default_pub" = {
-        owner = "${username}";
-        mode = "0644";
-        path = "/home/${username}/.ssh/id_ed25519.pub";
-      };
-      "ssh_keys/default_priv" = {
-        owner = "${username}";
-        mode = "0600";
-        path = "/home/${username}/.ssh/id_ed25519";
-      };
-      "ssh_keys/ansible_pub" = {
-        owner = "${username}";
-        mode = "0644";
-        path = "/home/${username}/.ssh/id_ed25519_ansible.pub";
-      };
-      "ssh_keys/ansible_priv" = {
-        owner = "${username}";
-        mode = "0600";
-        path = "/home/${username}/.ssh/id_ed25519_ansible";
-      };
-      "ssh_keys/beastie_pub" = {
-        owner = "${username}";
-        mode = "0644";
-        path = "/home/${username}/.ssh/id_ed25519_beastie.pub";
-      };
-      "ssh_keys/beastie_priv" = {
-        owner = "${username}";
-        mode = "0600";
-        path = "/home/${username}/.ssh/id_ed25519_beastie";
-      };
-      "ssh_keys/gitea_semaphore_pub" = {
-        owner = "${username}";
-        mode = "0644";
-        path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore.pub";
-      };
-      "ssh_keys/gitea_semaphore_priv" = {
-        owner = "${username}";
-        mode = "0600";
-        path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore";
-      };
-      "ssh_keys/wol_pub" = {
-        owner = "${username}";
-        mode = "0644";
-        path = "/home/${username}/.ssh/id_ed25519_wol";
-      };
-      "ssh_keys/wol_priv" = {
-        owner = "${username}";
-        mode = "0600";
-        path = "/home/${username}/.ssh/id_ed25519_wol.priv";
-      };
+    "ssh_keys/default_pub" = {
+      owner = "${username}";
+      mode = "0644";
+      path = "/home/${username}/.ssh/id_ed25519.pub";
+    };
+    "ssh_keys/default_priv" = {
+      owner = "${username}";
+      mode = "0600";
+      path = "/home/${username}/.ssh/id_ed25519";
+    };
+    "ssh_keys/ansible_pub" = {
+      owner = "${username}";
+      mode = "0644";
+      path = "/home/${username}/.ssh/id_ed25519_ansible.pub";
+    };
+    "ssh_keys/ansible_priv" = {
+      owner = "${username}";
+      mode = "0600";
+      path = "/home/${username}/.ssh/id_ed25519_ansible";
+    };
+    "ssh_keys/beastie_pub" = {
+      owner = "${username}";
+      mode = "0644";
+      path = "/home/${username}/.ssh/id_ed25519_beastie.pub";
+    };
+    "ssh_keys/beastie_priv" = {
+      owner = "${username}";
+      mode = "0600";
+      path = "/home/${username}/.ssh/id_ed25519_beastie";
+    };
+    "ssh_keys/gitea_semaphore_pub" = {
+      owner = "${username}";
+      mode = "0644";
+      path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore.pub";
+    };
+    "ssh_keys/gitea_semaphore_priv" = {
+      owner = "${username}";
+      mode = "0600";
+      path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore";
+    };
+    "ssh_keys/wol_pub" = {
+      owner = "${username}";
+      mode = "0644";
+      path = "/home/${username}/.ssh/id_ed25519_wol";
+    };
+    "ssh_keys/wol_priv" = {
+      owner = "${username}";
+      mode = "0600";
+      path = "/home/${username}/.ssh/id_ed25519_wol.priv";
    };
  };
 }
--- a/modules/optionnals/wakeonlan.nix
+++ b/modules/optionnals/wakeonlan.nix
@@ -17,7 +17,7 @@
  };
  environment.systemPackages = [ pkgs.ethtool ];

-  my.wolipv6address = "2a01:e0a:9cc:99d0:8f3a:6b2c:41d7:e9f5";
+  my.wolipv6address = "2a01:e0a:f5d:3400:6b2c:41d7:e9f5";

  boot.initrd = {
    network = {
@@ -32,7 +32,7 @@
      };
      postCommands = ''
        ip -6 addr add ${config.my.wolipv6address}/64 dev ${config.my.laninterface}
-        ip -6 route add default via fe80::224:d4ff:fea5:65bd dev ${config.my.laninterface}
+        ip -6 route add default via fe80::3a07:16ff:fe11:45a8 dev ${config.my.laninterface}
      '';
    };
    availableKernelModules = [ "r8169" ];
Author	SHA1	Message	Date
Jérémie SALVI	4abb2bf1eb	change ipv6 address for wake onlan	2026-04-02 13:13:47 +02:00
Jérémie SALVI	9a336f76dc	add talos utilities	2026-03-02 00:24:34 +01:00
Jérémie SALVI	b0d8309d65	add talos utilities	2026-03-02 00:22:41 +01:00
Jérémie SALVI	d319db25bb	Merge branch 'main' of git.unixyourbrain.org:beastie/dev	2026-02-10 18:19:23 +01:00
Jérémie SALVI	961e9c475e	Reorganise sops.	2026-02-10 18:18:12 +01:00
Jérémie SALVI	27fb3915b6	add docker cli to work-nix	2026-02-04 14:33:07 +01:00
Jérémie SALVI	73de596c29	Add openldap to core packages	2026-02-04 13:13:36 +01:00
Jérémie SALVI	37a04ee295	after update	2026-02-04 00:55:04 +01:00
Jérémie SALVI	a175338e9d	debug windowrules	2026-02-03 13:28:21 +01:00
Jérémie SALVI	90a2fcdc43	after uupdate	2026-01-28 13:57:25 +01:00
Jérémie SALVI	1ed75f156b	debug windowrules	2026-01-23 15:50:41 +01:00