beastie/dev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: beastie:80508b51b3be3accfb100d41b9b93acc77f4a501
Branches Tags
beastie:main
...
compare: beastie:main
Branches Tags
beastie:main

48 Commits
80508b51b3 ... main

Author SHA1 Message Date
Jérémie SALVI
4abb2bf1eb change ipv6 address for wake onlan 2026-04-02 13:13:47 +02:00
Jérémie SALVI
9a336f76dc add talos utilities 2026-03-02 00:24:34 +01:00
Jérémie SALVI
b0d8309d65 add talos utilities 2026-03-02 00:22:41 +01:00
Jérémie SALVI
d319db25bb Merge branch 'main' of git.unixyourbrain.org:beastie/dev 2026-02-10 18:19:23 +01:00
Jérémie SALVI
961e9c475e Reorganise sops. 2026-02-10 18:18:12 +01:00
Jérémie SALVI
27fb3915b6 add docker cli to work-nix 2026-02-04 14:33:07 +01:00
Jérémie SALVI
73de596c29 Add openldap to core packages 2026-02-04 13:13:36 +01:00
Jérémie SALVI
37a04ee295 after update 2026-02-04 00:55:04 +01:00
Jérémie SALVI
a175338e9d debug windowrules 2026-02-03 13:28:21 +01:00
Jérémie SALVI
90a2fcdc43 after uupdate 2026-01-28 13:57:25 +01:00
Jérémie SALVI
1ed75f156b debug windowrules 2026-01-23 15:50:41 +01:00
Jérémie SALVI
709f96436d remove clear password 2026-01-22 00:01:25 +01:00
Jérémie SALVI
367e86389a add CLAUDE.md 2026-01-21 22:13:08 +01:00
Jérémie SALVI
e30d2d5641 Add claude and debug waybar-update,sh 2026-01-21 21:53:17 +01:00
Jérémie SALVI
5ad6fa0f09 add samba 2026-01-21 21:06:53 +01:00
Jérémie SALVI
c18d5adbc3 add hosts 2026-01-20 11:56:45 +01:00
Jérémie SALVI
033dabbd17 add wireguard-tools 2026-01-19 12:49:36 +01:00
Jérémie SALVI
fcf06511d4 before update 2026-01-19 12:10:21 +01:00
Jérémie SALVI
f9bfcbac85 Update and debug hyprland due to new version 2026-01-09 05:52:10 +01:00
Jérémie SALVI
493f1bc25e Drnug gaming skils 2026-01-09 02:42:11 +01:00
Jérémie SALVI
eacb5795b6 Add gaming skills 2025-12-21 18:32:18 +01:00
Jérémie SALVI
bbda5534f4 add nextcloud to desktop 2025-12-21 17:47:38 +01:00
Jérémie SALVI
ee4185f519 Install nextcloud-client additions 2025-12-12 22:53:03 +01:00
Jérémie SALVI
0d693c6e11 Add /dev/sda luks partition to crypttab, and install nextcloud-client 2025-12-12 22:04:23 +01:00
Jérémie SALVI
f5e8be7432 configure remote wake on lan and ipv6 2025-12-12 07:50:43 +01:00
Jérémie SALVI
639dfb6276 Add wake online 2025-12-12 04:42:32 +01:00
Jérémie SALVI
a89996a6df Add wake online 2025-12-12 04:42:20 +01:00
Jérémie SALVI
ee4e8d6b1e restore qemu to kemu_full 2025-12-11 15:16:47 +01:00
Jérémie SALVI
9d061556ff revert flake to a working build 2025-12-09 01:46:47 +01:00
Jérémie SALVI
3b7e77e9d8 revert flake 2025-12-08 13:14:03 +01:00
Jérémie SALVI
e105020552 before flake update 2025-12-08 12:04:41 +01:00
Jérémie SALVI
933ebb980a flake update 2025-12-02 16:30:27 +01:00
Jérémie SALVI
bda184fc02 flake update 2025-12-02 16:25:57 +01:00
Jérémie SALVI
c2dc087510 Creating kvm test server 2025-11-22 13:05:42 +01:00
Jérémie SALVI
0c522ead1f before flake update 2025-11-21 10:17:59 +01:00
Jérémie SALVI
1cb02d2249 flake update 2025-11-08 15:14:53 +01:00
Jérémie SALVI
06b4c1b187 flake update 2025-11-08 15:10:23 +01:00
Jérémie SALVI
7286b93459 add libvirt and virt manager 2025-10-29 21:27:18 +01:00
Jérémie SALVI
7fa5f7e492 after flake update 2025-10-29 14:26:06 +01:00
Jérémie SALVI
f5f8476652 after flake update 2025-10-28 14:17:30 +01:00
Jérémie SALVI
e7dead2c9e Add aider 2025-10-20 12:51:18 +02:00
Jérémie SALVI
b68f3829b7 after flake update 2025-10-20 11:36:11 +02:00
Jérémie SALVI
a7fa0cefc7 add autosuggestions to zsh 2025-10-20 03:30:41 +02:00
Jérémie SALVI
115a7c334b use only nmcli with nmaplet 2025-10-16 00:29:12 +02:00
Jérémie SALVI
681759c8a7 use only nmcli 2025-10-16 00:19:15 +02:00
Jérémie SALVI
3211b0c84f some work improvments 2025-10-15 23:22:24 +02:00
Jérémie SALVI
0f0d4ca519 Change waybar colors 2025-10-13 20:29:02 +02:00
Jérémie SALVI
d7e1e8e018 Improve waybar and custom scripts 2025-10-13 20:23:43 +02:00
53 changed files with 1221 additions and 404 deletions
Expand all files Collapse all files

71
CLAUDE.md Normal file
View File

@@ -0,0 +1,71 @@
# CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
## Overview
NixOS dotfiles repository using Nix Flakes for managing multiple machines. Configuration is in French (comments, docs).
## Build & Deploy Commands
```bash
# Rebuild and switch configuration (local)
sudo nixos-rebuild switch --flake .#<hostname>
# Rebuild on remote machine
nixos-rebuild switch --flake .#<hostname> --target-host beastie@<ip> --sudo
# Bootstrap new machine with nixos-anywhere
nixos-anywhere --flake .#generic --target-host root@<ip> \
--generate-hardware-config nixos-generate-config ./hosts/generic/hardware-configuration.nix
# Generate custom ISO
nixos-generate --format iso --configuration ./iso/customiso.nix -o ~/Downloads/nixos.iso
# Update flake inputs
nix flake update
# Update secrets after adding new host key
sops updatekeys secrets.yaml
nix flake update mysecrets
```
## Architecture
**Flake Inputs:**
- `nixpkgs-stable` (25.05) and `nixpkgs-unstable` channels
- `disko` for declarative disk partitioning
- `sops-nix` for encrypted secrets
- `mysecrets` - local git repo at `/home/beastie/nixos/secrets` (required dependency)
**Hosts:** `generic` (ISO), `test-kvm` (stable), `home-nix` (unstable), `work-nix` (unstable)
**Module Hierarchy:**
1. `modules/core/` - Applied to ALL hosts (grub, ssh, packages, users, tty, system)
2. `modules/optionnals/` - Selectively imported per host
3. `modules/optionnals/hosts/<hostname>.nix` - Host-specific networking, services
4. `modules/optionnals/desktop/` - Desktop environment modules (Hyprland, apps)
## Key Patterns
**Custom Options** (`modules/optionnals/options.nix`):
- `my.laninterface`, `my.ipv4address`, `my.ipv4netmask`, `my.ipv4gateway`, `my.wolipv6address`
**Special Args** passed to all modules via flake.nix:
- `hostname` and `username` - used for host/user-specific configuration
**Secrets (sops-nix):**
- Encrypted YAML in separate `mysecrets` repo
- Referenced via `config.sops.secrets.<name>.path` or `config.sops.templates`
- Age encryption with SSH host keys
**XDG Config Distribution:**
- Desktop configs (hyprland, waybar, kitty, rofi) use `environment.etc."xdg/<app>".source`
- Host-specific variants: `hyprland-${hostname}.conf`
## Important Considerations
- Test changes on `test-kvm` before deploying to production hosts
- `mysecrets` flake input must exist locally at `/home/beastie/nixos/secrets`
- Different hosts use different `stateVersion` (25.05 vs 25.11)
- Core module changes affect ALL machines

51
flake.lock generated
View File

@@ -3,15 +3,15 @@
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1758287904,
"narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=",
"lastModified": 1769524058,
"narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
"owner": "nix-community",
"repo": "disko",
"rev": "67ff9807dd148e704baadbd4fd783b54282ca627",
"rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
"type": "github"
},
"original": {
@@ -23,11 +23,11 @@
"mysecrets": {
"flake": false,
"locked": {
"lastModified": 1759883911,
"narHash": "sha256-IAKCQ9dIeMAdoi4fQdJAdWlLrNh/PURqGz7pmlo9cUw=",
"lastModified": 1769035388,
"narHash": "sha256-Uaih4r++akPmfACCTAUZ21tb5wKD6ms2dLtzqE8f304=",
"ref": "refs/heads/main",
"rev": "7e39f4cde171d9273efddf2153d972d6fbf2a710",
"revCount": 15,
"rev": "d3c44cb624ae2c1a13a172346fb5422d27e59348",
"revCount": 20,
"type": "git",
"url": "file:///home/beastie/nixos/secrets"
},
@@ -36,13 +36,29 @@
"url": "file:///home/beastie/nixos/secrets"
}
},
"nixpkgs": {
"nixpkgs-stable": {
"locked": {
"lastModified": 1760038930,
"narHash": "sha256-Oncbh0UmHjSlxO7ErQDM3KM0A5/Znfofj2BSzlHLeVw=",
"lastModified": 1767313136,
"narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1770115704,
"narHash": "sha256-KHFT9UWOF2yRPlAnSXQJh6uVcgNcWlFqqiAZ7OVlHNc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0b4defa2584313f3b781240b29d61f6f9f7e0df3",
"rev": "e6eae2ee2110f3d31110d5c222cd395303343b08",
"type": "github"
},
"original": {
@@ -56,22 +72,23 @@
"inputs": {
"disko": "disko",
"mysecrets": "mysecrets",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unstable": "nixpkgs-unstable",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1759635238,
"narHash": "sha256-UvzKi02LMFP74csFfwLPAZ0mrE7k6EiYaKecplyX9Qk=",
"lastModified": 1770145881,
"narHash": "sha256-ktjWTq+D5MTXQcL9N6cDZXUf9kX8JBLLBLT0ZyOTSYY=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "6e5a38e08a2c31ae687504196a230ae00ea95133",
"rev": "17eea6f3816ba6568b8c81db8a4e6ca438b30b7c",
"type": "github"
},
"original": {

15
flake.nix
View File

@@ -2,16 +2,17 @@
description = "A very basic flake";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
mysecrets = {
@@ -46,10 +47,10 @@
{
nixosConfigurations = {
#nixos-anywhere -- --flake './#generic' --generate-hardware-config nixos-generate-config ./hosts/generic/hardware-configuration.nix --target-host beastie@192.168.122.204
generic = mkSystem inputs.nixpkgs "x86_64-linux" "generic" "beastie";
test-kvm = mkSystem inputs.nixpkgs "x86_64-linux" "test-kvm" "beastie";
home-nix = mkSystem inputs.nixpkgs "x86_64-linux" "home-nix" "beastie";
work-nix = mkSystem inputs.nixpkgs "x86_64-linux" "work-nix" "beastie";
generic = mkSystem inputs.nixpkgs-stable "x86_64-linux" "generic" "beastie";
test-kvm = mkSystem inputs.nixpkgs-stable "x86_64-linux" "test-kvm" "beastie";
home-nix = mkSystem inputs.nixpkgs-unstable "x86_64-linux" "home-nix" "beastie";
work-nix = mkSystem inputs.nixpkgs-unstable "x86_64-linux" "work-nix" "beastie";
# live-usb = mkSystem inputs.nixpkgs "x86_64-linux" "live-usb" "beastie";
#nixos-rebuild switch --flake ./#home-nix --sudo
};

5
hosts/generic/default.nix
View File

@@ -5,8 +5,8 @@
...
}:
{
system.stateVersion = "25.11";
system.stateVersion = "25.05";
imports = [
./disk-config.nix
./hardware-configuration.nix
@@ -83,6 +83,7 @@
pkgs.nixos-anywhere
pkgs.nixos-generators
pkgs.ssh-to-age
pkgs.htop
];
services.openssh.enable = true;

116
hosts/generic/disk-config.nix
View File

@@ -6,7 +6,7 @@
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
device = "/dev/vda";
content = {
type = "gpt";
partitions = {
@@ -23,42 +23,88 @@
};
SYS = {
size = "100%";
type = "8309";
type = "8300";
name = "SYS";
content = {
type = "luks";
name = "rootfs";
settings = {
allowDiscards = true;
};
content = {
type = "btrfs";
extraArgs = [ "-f --nodiscard --label root" ];
subvolumes = {
"@" = {
mountpoint = "/";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
};
"@root" = {
mountpoint = "/root";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
};
"@home" = {
mountpoint = "/home";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
};
"@var" = {
mountpoint = "/var";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
};
"@games" = {
mountpoint = "/games";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
};
type = "btrfs";
extraArgs = [ "-f --nodiscard --label root" ];
subvolumes = {
"@" = {
mountpoint = "/";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@root" = {
mountpoint = "/root";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@var" = {
mountpoint = "/var";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@data" = {
mountpoint = "/games";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@backups" = {
mountpoint = "/games";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
};
};

5
hosts/generic/hardware-configuration.nix
View File

@@ -5,14 +5,13 @@
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

6
hosts/home-nix/default.nix
View File

@@ -1,6 +1,4 @@
{
pkgs,
username,
hostname,
modulesPath,
inputs,
@@ -8,7 +6,7 @@
}:
{
system.stateVersion = "25.11";
imports = builtins.trace "${inputs.mysecrets}" [
(modulesPath + "/installer/scan/not-detected.nix")
./disk-config.nix
@@ -16,4 +14,4 @@
../../modules/core
../../modules/optionnals/hosts/${hostname}.nix
];
}
}

54
hosts/home-nix/disk-config.nix
View File

@@ -37,27 +37,69 @@
subvolumes = {
"@" = {
mountpoint = "/";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@root" = {
mountpoint = "/root";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@var" = {
mountpoint = "/var";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@games" = {
mountpoint = "/games";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ];
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
};
};

39
hosts/home-nix/hardware-configuration.nix
View File

@@ -1,18 +1,47 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
modulesPath,
...
}:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
environment.etc."crypttab".text = ''
datafs UUID=5ca962a7-537f-46ce-ba50-9cc9cefd012b /etc/secrets/datafs.key luks
'';
fileSystems."/data" = {
device = "/dev/disk/by-uuid/a8ea6a7b-3733-40d8-bee8-45806aaacfe1";
fsType = "btrfs";
options = [
"defaults"
"compress=zstd"
"autodefrag"
"noatime"
"nofail"
];
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

39
hosts/test-kvm/default.nix
View File

@@ -7,50 +7,13 @@
...
}:
{
system.stateVersion = "25.11";
system.stateVersion = "25.05";
imports = builtins.trace "${inputs.mysecrets}" [
(modulesPath + "/installer/scan/not-detected.nix")
./network.nix
./disk-config.nix
./hardware-configuration.nix
../../modules/core
../../modules/optionnals/hosts/${hostname}.nix
];
boot.kernelPackages = pkgs.linuxPackages_latest;
time.timeZone = "Europe/Paris";
nix = {
settings = {
## Enable flakes
experimental-features = [
"nix-command"
"flakes"
];
## Users trusted to use flake command
trusted-users = [
"root"
"${username}"
];
};
};
## Enable virtualisation guest settings
services.qemuGuest.enable = true;
services.spice-vdagentd.enable = true;
services.xserver = {
videoDrivers = [ "modesetting" ]; # Driver vidéo optimisé pour QEMU/KVM
};
environment.systemPackages = [
pkgs.spice-gtk # Outils SPICE
pkgs.spice-protocol # Protocoles SPICE
];
#fileSystems."/" = {
# device = "/dev/vda2"; # Disque virtuel typique
# fsType = "btrfs";
#};
}

91
hosts/test-kvm/disk-config.nix
View File

@@ -10,22 +10,103 @@
content = {
type = "gpt";
partitions = {
ESP = {
EFI = {
size = "512M";
type = "EF00";
name = "EFI";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
SYS = {
size = "100%";
type = "8300";
name = "SYS";
content = {
type = "filesystem";
format = "btrfs";
mountpoint = "/";
type = "btrfs";
extraArgs = [ "-f --nodiscard --label root" ];
subvolumes = {
"@" = {
mountpoint = "/";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@root" = {
mountpoint = "/root";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@var" = {
mountpoint = "/var";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@data" = {
mountpoint = "/games";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@backups" = {
mountpoint = "/games";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
};
};
};
};

36
hosts/test-kvm/hardware-configuration.nix
View File

@@ -1,38 +1,16 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"sr_mod"
"virtio_blk"
"virtio_scsi"
"virtio_net"
"virtio_blk"
];
boot.initrd.kernelModules = [
"virtio_balloon"
"virtio_console"
"virtio_rng"
];
boot.kernelModules = [
"kvm-intel"
"virtio-gpu"
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

2
hosts/work-nix/default.nix
View File

@@ -1,6 +1,4 @@
{
pkgs,
username,
hostname,
modulesPath,
inputs,

1
modules/core/default.nix
View File

@@ -5,6 +5,7 @@
imports = [
./grub.nix
./packages.nix
./sops.nix
./ssh.nix
./system.nix
./tty.nix

4
modules/core/packages.nix
View File

@@ -15,6 +15,7 @@
pkgs.unzip
pkgs.sops
pkgs.ssh-to-age
pkgs.age
pkgs.nixos-anywhere
pkgs.nixos-generators
pkgs.efibootmgr
@@ -23,6 +24,9 @@
pkgs.jq
pkgs.bash
pkgs.fzf
pkgs.bc
pkgs.wakeonlan
pkgs.openssl
];
services = {
locate = {

19
modules/core/sops.nix Normal file
View File

@@ -0,0 +1,19 @@
{
inputs,
...
}:
let
secretsPath = builtins.toString inputs.mysecrets;
in
{
sops = {
defaultSopsFile = "${secretsPath}/secrets.yaml";
age = {
sshKeyPaths = [
"/etc/ssh/ssh_host_ed25519_key"
];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
};
}

8
modules/core/system.nix
View File

@@ -2,8 +2,6 @@
pkgs,
username,
hostname,
modulesPath,
inputs,
...
}:
{
@@ -23,12 +21,14 @@
"root"
"${username}"
];
## Use 24 cores during building phases
cores = 24;
max-jobs = "auto";
};
};
networking = {
hostName = "${hostname}";
networkmanager.enable = true;
firewall.enable = true;
};
}
}

16
modules/core/tty.nix
View File

@@ -17,6 +17,7 @@
df = "df -h";
du = "du -h";
};
# Defined in /etc/set-environnement. Require session restart
variables = {
XDG_CONFIG_HOME = "$HOME/.config";
XDG_CACHE_HOME = "$HOME/.cache";
@@ -33,22 +34,12 @@
enable = true;
enableCompletion = true;
syntaxHighlighting.enable = true;
autosuggestions.enable = false;
autosuggestions.enable = true;
histSize = 200000;
histFile = "$HOME/.config/zsh/.zsh_history";
setOptions = [
"SHARE_HISTORY"
];
# shellInit = ''
# export XDG_CONFIG_HOME=$HOME/.config
# export XDG_CACHE_HOME=$HOME/.cache
# export XDG_DATA_HOME=$HOME/.local/share
# export ZDOTDIR=$HOME/.config/zsh
# export TERMINAL=kitty
# export EDITOR=nvim
# export BROWSER=firefox
# export SAVEHIST=200000
# '';
promptInit = ''
stty stop undef # Disable ctrl+s to freeze terminal
@@ -59,6 +50,9 @@
zstyle ':completion:*' menu select
zmodload zsh/complist
# enable dotfiles in tab directory completion
setopt globdots
fzf-history() {
local selected
selected=$(fc -l 1 | fzf --tac --no-sort | sed 's/^[ ]*[0-9]*[ ]*//')

6
modules/core/users.nix
View File

@@ -5,6 +5,11 @@
...
}:
{
sops.secrets = {
"users_password/beastie" = {
neededForUsers = true;
};
};
users = {
users = {
${username} = {
@@ -14,7 +19,6 @@
description = "Admin account";
extraGroups = [
"wheel"
"networkmanager"
"audio"
"video"
];

68
modules/optionnals/ai.nix
View File

@@ -4,37 +4,43 @@
}:
{
# Activer Ollama comme service
services.ollama = {
enable = true;
acceleration = "cuda";
environmentVariables = {
OLLAMA_FLASH_ATTENTION = "1"; # ← Flash Attention
OLLAMA_NUM_PARALLEL = "2"; # ← Requêtes parallèles
OLLAMA_MAX_LOADED_MODELS = "1"; # ← Garder 2 modèles en VRAM
OLLAMA_KEEP_ALIVE = "5m";
# services.ollama = {
# enable = true;
# acceleration = "cuda";
# environmentVariables = {
# OLLAMA_FLASH_ATTENTION = "1"; # ← Flash Attention
# OLLAMA_NUM_PARALLEL = "2"; # ← Requêtes parallèles
# OLLAMA_MAX_LOADED_MODELS = "1"; # ← Garder 2 modèles en VRAM
# OLLAMA_KEEP_ALIVE = "5m";
# };
# };
# services.open-webui = {
# enable = true;
# port = 8080; # Port par défaut
# host = "127.0.0.1"; # Localhost uniquement
# openFirewall = true;
# # Pour accès réseau : host = "0.0.0.0";
# environment = {
# ANONYMIZED_TELEMETRY = "True";
# DO_NOT_TRACK = "True";
# SCARF_NO_ANALYTICS = "True";
# # URL d'Ollama (local)
# OLLAMA_BASE_URL = "http://127.0.0.1:11434";
# # Autres options optionnelles (https://docs.openwebui.com/getting-started/env-configuration/#web-search)
# WEBUI_AUTH = "False"; # Desactive l'authentification
# # ENABLE_WEB_SEARCH = "True";
# # ENABLE_SEARCH_QUERY_GENERATION = "True";
# # WEB_SEARCH_ENGINE = "duckduckgo";
# # WEB_LOADER_ENGINE = "safe_web";
# };
# };
environment = {
systemPackages = [
pkgs.lmstudio
pkgs.aider-chat-full
];
variables = {
OLLAMA_API_BASE = "http://localhost:11434";
};
};
services.open-webui = {
enable = true;
port = 8080; # Port par défaut
host = "127.0.0.1"; # Localhost uniquement
openFirewall = true;
# Pour accès réseau : host = "0.0.0.0";
environment = {
ANONYMIZED_TELEMETRY = "True";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
# URL d'Ollama (local)
OLLAMA_BASE_URL = "http://127.0.0.1:11434";
# Autres options optionnelles (https://docs.openwebui.com/getting-started/env-configuration/#web-search)
WEBUI_AUTH = "False"; # Desactive l'authentification
# ENABLE_WEB_SEARCH = "True";
# ENABLE_SEARCH_QUERY_GENERATION = "True";
# WEB_SEARCH_ENGINE = "duckduckgo";
# WEB_LOADER_ENGINE = "safe_web";
};
};
environment.systemPackages = [ pkgs.lmstudio ];
}

34
modules/optionnals/desktop/code.nix
View File

@@ -71,27 +71,31 @@ let
in
{
environment.systemPackages = [
(pkgs.vscode-with-extensions.override {
vscode = pkgs.vscodium;
vscodeExtensions = [
pkgs.vscode-extensions.continue.continue
pkgs.vscode-extensions.catppuccin.catppuccin-vsc
pkgs.vscode-extensions.catppuccin.catppuccin-vsc-icons
pkgs.vscode-extensions.jnoortheen.nix-ide
pkgs.vscode-extensions.redhat.ansible
pkgs.vscode-extensions.redhat.vscode-yaml
pkgs.vscode-extensions.ms-azuretools.vscode-docker
pkgs.vscode-extensions.mads-hartmann.bash-ide-vscode
]
++ [ open-remote-ssh ];
})
# (pkgs.vscode-with-extensions.override {
# vscode = pkgs.vscodium;
# vscodeExtensions = [
# # pkgs.vscode-extensions.continue.continue
# pkgs.vscode-extensions.catppuccin.catppuccin-vsc
# pkgs.vscode-extensions.catppuccin.catppuccin-vsc-icons
# pkgs.vscode-extensions.jnoortheen.nix-ide
# pkgs.vscode-extensions.redhat.ansible
# pkgs.vscode-extensions.redhat.vscode-yaml
# pkgs.vscode-extensions.ms-azuretools.vscode-docker
# pkgs.vscode-extensions.mads-hartmann.bash-ide-vscode
# ]
# ++ [ open-remote-ssh ];
# })
pkgs.vscodium
pkgs.nodejs_24
pkgs.nodePackages.npm
pkgs.gcc
pkgs.gnumake
pkgs.nixd
pkgs.nixfmt-rfc-style
pkgs.nixfmt
pkgs.ansible
pkgs.python313
pkgs.claude-code
pkgs.nodejs
pkgs.php
];
}

2
modules/optionnals/desktop/config/etc/xdg/hypr/hyprland-home-nix.conf
View File

@@ -13,3 +13,5 @@ workspace = 5, monitor:HDMI-A-2
workspace = 6, monitor:HDMI-A-2
workspace = 7, monitor:HDMI-A-2
workspace = 8, monitor:HDMI-A-2
exec-once = nextcloud

25
modules/optionnals/desktop/config/etc/xdg/hypr/hyprland.conf
View File

@@ -14,7 +14,6 @@ ecosystem {
###################
$terminal = kitty
source = /etc/xdg/hypr/rofi.conf
#################
### AUTOSTART ###
@@ -23,7 +22,6 @@ source = /etc/xdg/hypr/rofi.conf
exec-once = hyprpaper
exec-once = waybar
#############################
### ENVIRONMENT VARIABLES ###
#############################
@@ -166,8 +164,8 @@ master {
# https://wiki.hyprland.org/Configuring/Variables/#misc
misc {
force_default_wallpaper = -1 # Set to 0 or 1 to disable the anime mascot wallpapers
disable_hyprland_logo = false # If true disables the random hyprland logo / anime girl background. :(
force_default_wallpaper = 1 # Set to 0 or 1 to disable the anime mascot wallpapers
disable_hyprland_logo = true # If true disables the random hyprland logo / anime girl background. :(
}
@@ -211,9 +209,10 @@ device {
$mainMod = SUPER # Sets "Windows" key as main modifier
# Apps shortcut
bind = $mainMod, D, exec, $rofi
bind = $mainMod, D, exec, rofi -show drun -show-icons -config /etc/xdg/rofi/config.rasi
bind = $mainMod, L, exec, /etc/xdg/scripts/wayland-disconnect.sh
bind = $mainMod, M, exec, /etc/xdg/scripts/wayland-mpv.sh
bind = $mainMod, K, exec, /etc/xdg/scripts/rofi-ssh.sh
bind = $mainMod SHIFT, P, exec, pavucontrol
bind = $mainMod SHIFT, T, exec, teams-for-linux
bind = $mainMod SHIFT, D, exec, discord
@@ -309,15 +308,17 @@ bindl = , XF86AudioPrev, exec, playerctl previous
# windowrule = float,class:^(kitty)$,title:^(kitty)$
# Ignore maximize requests from apps. You'll probably like this.
windowrule = suppressevent maximize, class:.*
# windowrule = suppressevent maximize, class:.*
# Fix some dragging issues with XWayland
windowrule = nofocus,class:^$,title:^$,xwayland:1,floating:1,fullscreen:0,pinned:0
# windowrule = nofocus,class:^$,title:^$,xwayland:1,floating:1,fullscreen:0,pinned:0
# Supprimer la transparence pour des applications spécifiques
windowrulev2 = opacity 1.0 override,class:firefox
windowrulev2 = opacity 1.0 override,class:^(chromium)$
windowrulev2 = opacity 1.0 override,class:^(mpv)$
windowrulev2 = opacity 1.0 override,class:^(mpv)$
# Opacity order : active, inactive, fullscreen
windowrule = match:class firefox, opacity 1.0 override 0.95 override 1.0 override
windowrule = match:class chromium, opacity 1.0 override 0.95 override 1.0 override
windowrule = match:class mpv, opacity 0.95 override 0.80 override 1.0 override
#windowrule = match:class mpv, fullscreen override
#windowrulev2 = fullscreen,class:^(mpv)$
windowrulev2 = fullscreen,class:^(mpv)$

9
modules/optionnals/desktop/config/etc/xdg/hypr/hyprpaper.conf
View File

@@ -1,2 +1,7 @@
preload = ~/Downloads/wallpaper.jpeg
wallpaper = , ~/Downloads/wallpaper.jpeg
wallpaper {
monitor =
path = ~/Downloads/wallpaper.jpeg
fit_mode = cover
}
splash = false

16
modules/optionnals/desktop/config/etc/xdg/rofi/mpv.rasi Normal file
View File

@@ -0,0 +1,16 @@
@import "launcher.rasi"
window {
width: 50%;
height: 50%;
margin: 0px;
location: center;
anchor: center;
}
mainbox {
children: [inputbar,listview];
}
listview {
columns: 1;
}

12
modules/optionnals/desktop/config/etc/xdg/rofi/ssh.rasi Normal file
View File

@@ -0,0 +1,12 @@
@import "launcher.rasi"
window {
width: 50%;
height: 50%;
margin: 0px;
location: center;
anchor: center;
}
mainbox {
children: [inputbar,listview];
}

7
modules/optionnals/desktop/config/etc/xdg/scripts/rofi-ssh.sh Executable file
View File

@@ -0,0 +1,7 @@
#!/usr/bin/env bash
selected=$(cat ~/.config/zsh/.zsh_history | sed 's/^[ ]*[0-9]*[ ]*//' | grep '^ssh ' | rofi -dmenu -i -theme /etc/xdg/rofi/ssh.rasi -p SSH)
if [[ -n "$selected" ]]; then
kitty -e $selected
fi

26
modules/optionnals/desktop/config/etc/xdg/scripts/waybar-mailbox.sh Executable file
View File

@@ -0,0 +1,26 @@
#!/usr/bin/env bash
_USER=beastie
_PASSWD=$(cat /run/secrets/ldap_unxiyourbrain/password)
_SERVER=unixyourbrain.org
_FOLDER=Admin
set -e
cd -- "$(dirname -- "$0")"
_DIRNAME="$(pwd)"
### Sourcer à partir des secrets
#source ~/.config/polybar/imap_creds
_COUNT=$(curl -u "$_USER:$_PASSWD" "imaps://$_SERVER" -X "STATUS $_FOLDER (UNSEEN)" 2>/dev/null | \
sed -e 's/)\r//' -e 's/.*UNSEEN //')
_UNSEEN=$(curl -u "$_USER:$_PASSWD" "imaps://$_SERVER/$_FOLDER" -X "SEARCH UNSEEN" 2>/dev/null | \
sed -e "s|\\r||" -e "s|* SEARCH ||" -e "s| |,|g")
_MAILS=$(curl -v -u "$_USER:$_PASSWD" "imaps://$_SERVER/$_FOLDER" -X "FETCH $_UNSEEN BODY.PEEK[HEADER.FIELDS (From Subject)]" 2>&1 | \
sed -e "s|\\r||" | awk '/< Subject|< From/ {sub(/^< /, ""); printf "%s\\n", $0}')
printf '{"text": "%s ", "tooltip": "%s"}' "$_COUNT" "$_MAILS"

6
modules/optionnals/desktop/config/etc/xdg/scripts/update.sh → modules/optionnals/desktop/config/etc/xdg/scripts/waybar-update.sh
View File

@@ -3,13 +3,13 @@
cd ~/nixos/dotfiles || exit
# Obtenir le hash actuel
current_hash=$(nix flake metadata --json 2>/dev/null | jq -r '.locks.nodes.nixpkgs.locked.rev')
current_hash=$(nix flake metadata --json 2>/dev/null | jq -r '.locks.nodes."nixpkgs-unstable".locked.rev')
# Obtenir le hash le plus récent
latest_hash=$(nix flake metadata github:NixOS/nixpkgs/nixos-unstable --json | jq -r '.locked.rev')
# Date du commit local
local_commit_date=$(nix flake metadata --json 2>/dev/null | jq -r '.locks.nodes.nixpkgs.locked.lastModified')
local_commit_date=$(nix flake metadata --json 2>/dev/null | jq -r '.locks.nodes."nixpkgs-unstable".locked.lastModified')
local_commit_date=$(date -d "@${local_commit_date}" "+%d/%m/%Y à %H:%M")
if [ "$current_hash" != "$latest_hash" ]; then
@@ -17,7 +17,7 @@ if [ "$current_hash" != "$latest_hash" ]; then
maj_count=$(curl -s "https://api.github.com/repos/NixOS/nixpkgs/compare/${current_hash}...${latest_hash}" | jq -r '.ahead_by // 0' 2>/dev/null || echo "?")
# Date du commit distant
remote_commit_date=$(curl -s https://api.github.com/repos/NixOS/nixpkgs/commits/c87b95e25065c028d31a94f06a62927d18763fdf | jq -r '.commit.author.date')
remote_commit_date=$(curl -s https://api.github.com/repos/NixOS/nixpkgs/commits/${latest_hash} | jq -r '.commit.author.date')
remote_commit_date=$(date -d "${remote_commit_date}" "+%d/%m/%Y à %H:%M")
printf '{"text": "%s ", "tooltip": "Commit distant : %s\\nCommit local : %s"}' "${maj_count}" "${remote_commit_date}" "${local_commit_date}"
# Compter les commits entre les deux

31
modules/optionnals/desktop/config/etc/xdg/scripts/wayland-disconnect.sh Executable file
View File

@@ -0,0 +1,31 @@
#!/usr/bin/env bash
selected=$(printf "Lock\0icon\x1fsystem-lock-screen
Update\0icon\x1fsystem-software-update
Shutdown\0icon\x1fsystem-shutdown
Reboot\0icon\x1fsystem-reboot
Exit hyprland\0icon\x1fsystem-log-out
Reload hyprland\0icon\x1fsystem-log-out" | rofi -dmenu -show-icons -i -theme /etc/xdg/rofi/disconnect.rasi -p System)
echo "$selected"
case $selected in
"Lock")
/nix/store/4pwvyyjrc7frwkycbszakd7z6nf44qgv-hyprlock-0.9.2/bin/hyprlock
;;
"Update")
kitty /usr/local/share/dotfiles/scripts/update.sh
;;
"Shutdown")
systemctl poweroff
;;
"Reboot")
reboot
;;
"Exit hyprland")
hyprctl dispatch exit
;;
"Reload hyprland")
hyprctl reload
;;
esac

31
modules/optionnals/desktop/config/etc/xdg/scripts/wayland-mpv.sh Executable file
View File

@@ -0,0 +1,31 @@
#!/usr/bin/env bash
cd -- "$(dirname -- "$0")" || exit
## if not $1
if [[ -z $1 ]]
then
_LINES=$(curl "http://10.0.0.1:2013" 2>/dev/null | sed -e "s|.*<a href=\"\([^\"]*\).*|$1\1|" -e "s/.*<.*\|.*C=D.*\|.*\/\/$\|.*.nfo//" -e "/^$/d")
else
_LINES="$(curl "http://10.0.0.1:2013/$1" 2>/dev/null | sed -e "s|.*<a href=\"\([^\"]*\).*|$1\1|" -e "s/.*<.*\|.*C=D.*\|.*\/\/$\|.*.nfo//" -e "/^$/d")"
fi
_RESULT=$(rofi -dmenu -i -theme /etc/xdg/rofi/mpv.rasi -p Mpv <<< "$_LINES")
# If no output
echo "$_RESULT"
if [[ -z $_RESULT ]]
then
echo "no output, exiting"
exit 0
fi
#if line end vith /
if [[ "$_RESULT" =~ .*/$ ]]
then
echo "output is a directory"
./wayland-mpv.sh "$_RESULT"
exit 0
fi
mpv "http://10.0.0.1:2013/$_RESULT"

18
modules/optionnals/desktop/config/etc/xdg/waybar/config-home-nix.jsonc
View File

@@ -7,12 +7,13 @@
"memory",
"disk",
"network",
"pulseaudio",
"pulseaudio"
],
"modules-center": [
"hyprland/workspaces"
],
"modules-right": [
"custom/alert",
"custom/maj",
"clock",
"tray"
@@ -78,11 +79,20 @@
},
"format": "{name}",
"format-icons": {
"default": "",
},
"default": ""
}
},
"custom/alert": {
"exec": "/etc/xdg/scripts/waybar-mailbox.sh",
"interval": 300,
"return-type": "json",
"format": "{icon}{text}",
"format-icons": {
"default": "  "
}
},
"custom/maj": {
"exec": "/etc/xdg/scripts/update.sh",
"exec": "/etc/xdg/scripts/waybar-update.sh",
"interval": 300,
"return-type": "json",
"format": "{icon}{text}",

18
modules/optionnals/desktop/config/etc/xdg/waybar/config-work-nix.jsonc
View File

@@ -7,12 +7,13 @@
"memory",
"disk",
"network",
"pulseaudio",
"pulseaudio"
],
"modules-center": [
"hyprland/workspaces"
],
"modules-right": [
"custom/alert",
"custom/maj",
"clock",
"tray"
@@ -79,11 +80,20 @@
},
"format": "{name}",
"format-icons": {
"default": "",
},
"default": ""
}
},
"custom/alert": {
"exec": "/etc/xdg/scripts/waybar-mailbox.sh",
"interval": 300,
"return-type": "json",
"format": "{icon}{text}",
"format-icons": {
"default": "  "
}
},
"custom/maj": {
"exec": "/etc/xdg/scripts/update.sh",
"exec": "/etc/xdg/scripts/waybar-update.sh",
"interval": 300,
"return-type": "json",
"format": "{icon}{text}",

35
modules/optionnals/desktop/config/etc/xdg/waybar/style.css
View File

@@ -24,6 +24,7 @@
#disk,
#network,
#workspaces,
#custom-alert,
#custom-maj,
#pulseaudio,
#memory,
@@ -87,24 +88,40 @@
background: @red;
}
#network {
color: @pink;
}
#pulseaudio {
color: @yellow;
#custom-logo {
color: @red;
}
#cpu {
color: @blue;
color: @peach;
}
#memory {
color: @green;
color: @maroon;
}
#disk {
color: @pink;
}
#network {
color: @flamingo;
}
#pulseaudio {
color: @rosewater;
}
#custom-alert {
color: @sky;
}
#custom-maj {
color: @sapphire;
}
#clock {
color: @red;
color: @blue;
}
#tray {

18
modules/optionnals/desktop/gaming.nix Normal file
View File

@@ -0,0 +1,18 @@
{
pkgs,
...
}:
{
hardware.graphics.enable32Bit = true;
programs.steam.enable = true;
programs.steam.gamescopeSession.enable = true;
programs.gamemode.enable = true;
environment.systemPackages = with pkgs; [
vulkan-tools
lutris
wine-staging
winetricks
mangohud
protonup-ng
];
}

2
modules/optionnals/desktop/kitty.nix
View File

@@ -23,7 +23,7 @@
[[ "$TERM" == "xterm-kitty" ]] && export TERM="xterm-256color"
[[ -f ${pkgs.nitch}/bin/nitch ]] && nitch
if [[ -z $DISPLAY ]] && [[ $(tty) = /dev/tty1 ]]; then
hyprland --config /etc/xdg/hypr/hyprland.conf
start-hyprland -- --config /etc/xdg/hypr/hyprland.conf
fi
'';
};

12
modules/optionnals/desktop/nextcloud.nix Normal file
View File

@@ -0,0 +1,12 @@
{
pkgs,
...
}:
{
services.gnome.gnome-keyring.enable = true;
environment.systemPackages = [
pkgs.nextcloud-client
pkgs.seahorse
];
}

4
modules/optionnals/desktop/nvidia.nix
View File

@@ -20,5 +20,7 @@
package = config.boot.kernelPackages.nvidiaPackages.latest;
};
};
environment.systemPackages = [ pkgs.nvtopPackages.full ];
environment.systemPackages = [
pkgs.nvtopPackages.full
];
}

7
modules/optionnals/desktop/packages.nix
View File

@@ -6,9 +6,11 @@
environment.systemPackages = [
pkgs.remmina
pkgs.mpv
pkgs.jellyfin-mpv-shim
pkgs.yt-dlp
pkgs.chromium
pkgs.firefox
pkgs.thunderbird
pkgs.keepassxc
pkgs.nwg-look
pkgs.gimp
@@ -24,6 +26,11 @@
pkgs.catppuccin-cursors
pkgs.catppuccin-gtk
pkgs.postman
pkgs.samba
pkgs.openldap
pkgs.argocd
pkgs.talosctl
pkgs.talhelper
];
fonts.packages = [
pkgs.nerd-fonts.dejavu-sans-mono

72
modules/optionnals/desktop/rofi.nix
View File

@@ -6,78 +6,6 @@
environment = {
etc = {
"xdg/rofi".source = ./config/etc/xdg/rofi;
"xdg/scripts/wayland-disconnect.sh" = {
text = ''
#!/usr/bin/env bash
selected=$(printf "Lock\0icon\x1fsystem-lock-screen
Update\0icon\x1fsystem-software-update
Shutdown\0icon\x1fsystem-shutdown
Reboot\0icon\x1fsystem-reboot
Exit hyprland\0icon\x1fsystem-log-out
Reload hyprland\0icon\x1fsystem-log-out" | ${pkgs.rofi}/bin/rofi -dmenu -show-icons -i -theme /etc/xdg/rofi/disconnect.rasi -p System)
echo "$selected"
case $selected in
"Lock")
${pkgs.hyprlock}/bin/hyprlock
;;
"Update")
kitty /usr/local/share/dotfiles/scripts/update.sh
;;
"Shutdown")
systemctl poweroff
;;
"Reboot")
reboot
;;
"Exit hyprland")
hyprctl dispatch exit
;;
"Reload hyprland")
hyprctl reload
;;
esac
'';
mode = "0755";
};
"xdg/scripts/wayland-mpv.sh" = {
text = ''
#!/usr/bin/env bash
cd -- "$(dirname -- "$0")" || exit
## if not $1
if [[ -z $1 ]]
then
_LINES=$(curl "http://10.0.0.1:2013" 2>/dev/null | sed -e "s|.*<a href=\"\([^\"]*\).*|$1\1|" -e "s/.*<.*\|.*C=D.*\|.*\/\/$\|.*.nfo//" -e "/^$/d")
else
_LINES="$(curl "http://10.0.0.1:2013/$1" 2>/dev/null | sed -e "s|.*<a href=\"\([^\"]*\).*|$1\1|" -e "s/.*<.*\|.*C=D.*\|.*\/\/$\|.*.nfo//" -e "/^$/d")"
fi
_RESULT=$(${pkgs.rofi}/bin/rofi -dmenu -config /etc/xdg/rofi/config.rasi -i <<< "$_LINES")
# If no output
echo "$_RESULT"
if [[ -z $_RESULT ]]
then
echo "no output, exiting"
exit 0
fi
#if line end vith /
if [[ "$_RESULT" =~ .*/$ ]]
then
echo "output is a directory"
./wayland-mpv.sh "$_RESULT"
exit 0
fi
mpv "http://10.0.0.1:2013/$_RESULT"
'';
mode = "0755";
};
};
};
}

1
modules/optionnals/desktop/starship.nix
View File

@@ -1,5 +1,4 @@
{
pkgs,
...
}:
{

7
modules/optionnals/desktop/virt-manager.nix Normal file
View File

@@ -0,0 +1,7 @@
{
...
}:
{
programs.virt-manager.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
}

12
modules/optionnals/desktop/wayland.nix
View File

@@ -28,16 +28,16 @@
"xdg/hypr/hyprland-host.conf".source = ./config/etc/xdg/hypr/hyprland-${hostname}.conf;
"xdg/hypr/hyprlock.conf".source = ./config/etc/xdg/hypr/hyprlock.conf;
"xdg/hypr/hyprpaper.conf".source = ./config/etc/xdg/hypr/hyprpaper.conf;
"xdg/hypr/rofi.conf" = {
text = ''
$rofi = ${pkgs.rofi}/bin/rofi -show drun -show-icons -config /etc/xdg/rofi/config.rasi
'';
};
"xdg/waybar/colors.css".source = ./config/etc/xdg/waybar/colors.css;
"xdg/waybar/config.jsonc".source = ./config/etc/xdg/waybar/config-${hostname}.jsonc;
"xdg/waybar/style.css".source = ./config/etc/xdg/waybar/style.css;
"xdg/waybar/custom.css".source = ./config/etc/xdg/waybar/custom-${hostname}.css;
"xdg/scripts/update.sh".source = ./config/etc/xdg/scripts/update.sh;
"xdg/scripts/rofi-ssh.sh".source = ./config/etc/xdg/scripts/rofi-ssh.sh;
"xdg/scripts/waybar-mailbox.sh".source = ./config/etc/xdg/scripts/waybar-mailbox.sh;
"xdg/scripts/waybar-update.sh".source = ./config/etc/xdg/scripts/waybar-update.sh;
"xdg/scripts/wayland-disconnect.sh".source = ./config/etc/xdg/scripts/wayland-disconnect.sh;
"xdg/scripts/wayland-mpv.sh".source = ./config/etc/xdg/scripts/wayland-mpv.sh;
};
};
sops = {

8
modules/optionnals/docker.nix Normal file
View File

@@ -0,0 +1,8 @@
{
username,
...
}:
{
virtualisation.docker.enable = true;
users.users.${username}.extraGroups = [ "docker" ];
}

60
modules/optionnals/hosts/home-nix.nix
View File

@@ -5,30 +5,42 @@
}:
{
imports = [
../ai.nix
#../ai.nix
../autologin.nix
../docker.nix
../k8s.nix
../libvirt.nix
../openfortivpn.nix
../options.nix
../packages.nix
../sops-desktop.nix
../ssh.nix
../sudo-nopasswd.nix
../wakeonlan.nix
### Import GUI modules
../desktop/code.nix
../desktop/dunst.nix
../desktop/gaming.nix
../desktop/kitty.nix
../desktop/nextcloud.nix
../desktop/packages.nix
../desktop/pipewire.nix
../desktop/qwerty-fr.nix
../desktop/rofi.nix
../desktop/starship.nix
../desktop/virt-manager.nix
../desktop/wayland.nix
### Import Graphics modules
../desktop/nvidia.nix
];
my.laninterface = "enp5s0";
my.ipv4address = "192.168.0.2";
my.ipv4netmask = 24;
my.ipv4gateway = "192.168.0.254";
sops = {
secrets = {
"wireguard_home/publickey" = { };
@@ -37,25 +49,31 @@
};
};
#services.resolved.enable = false;
networking = {
interfaces.enp5s0 = {
#useNetworkd = true;
#useHostResolvConf = false;
interfaces.${config.my.laninterface} = {
ipv4.addresses = [
{
address = "192.168.0.2";
prefixLength = 24;
address = config.my.ipv4address;
prefixLength = config.my.ipv4netmask;
}
];
};
defaultGateway = {
address = "192.168.0.254";
interface = "enp5s0";
address = config.my.ipv4gateway;
interface = config.my.laninterface;
};
nameservers = [
#"9.9.9.9"
"10.0.0.1"
"9.9.9.9"
"2001:41d0:303:20da::1"
"217.182.138.218"
];
extraHosts = ''
#172.18.229.240 test-mycarto.grandbesancon.fr
172.18.21.172 errorpages.grandbesancon.fr
#172.18.23.4 dozzle.grandbesancon.fr
#172.18.22.206 toto.grandbesancon.fr
@@ -63,6 +81,8 @@
#172.18.20.37 sso.grandbesancon.fr
#172.18.20.229 auth.grandbesancon.fr
#172.18.20.181 traefikauth.grandbesancon.fr
172.18.21.174 test-patchmon.grandbesancon.fr
172.18.229.240 test-mycarto-autonome.grandbesancon.fr
'';
wireguard = {
interfaces = {
@@ -90,5 +110,29 @@
};
};
};
environment.systemPackages = [ pkgs.tor-browser ];
sops.secrets."home-nix/myipv6address" = { };
systemd.services.ipv6-setup = {
description = "Configure IPv6";
after = [
"network.target"
"sops-nix.service"
];
wants = [ "sops-nix.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = pkgs.writeShellScript "setup-ipv6" ''
${pkgs.iproute2}/bin/ip -6 addr add $(cat ${
config.sops.secrets."home-nix/myipv6address".path
})/64 dev ${config.my.laninterface} || true
'';
};
};
environment.systemPackages = [
pkgs.tor-browser
];
}

73
modules/optionnals/hosts/test-kvm.nix
View File

@@ -1,4 +1,5 @@
{
pkgs,
...
}:
{
@@ -6,14 +7,70 @@
../sops-desktop.nix
../sudo-nopasswd.nix
../autologin.nix
../ssh.nix
../packages.nix
### Import GUI modules
../desktop/dunst.nix
../desktop/kitty.nix
../desktop/packages.nix
../desktop/qwerty-fr.nix
../desktop/rofi.nix
../desktop/wayland.nix
## Server
../server/starship.nix
../server/wireguard-ui.nix
];
## Enable virtualisation guest settings
services.qemuGuest.enable = true;
services.spice-vdagentd.enable = true;
services.xserver = {
videoDrivers = [ "modesetting" ]; # Driver vidéo optimisé pour QEMU/KVM
};
environment.systemPackages = [
pkgs.spice-gtk # Outils SPICE
pkgs.spice-protocol # Protocoles SPICE
];
systemd.network.links."10-eth0" = {
matchConfig.MACAddress = "52:54:00:a3:d7:56";
linkConfig.Name = "eth0";
};
systemd.network.netdevs."10-dummy0" = {
netdevConfig = {
Kind = "dummy";
Name = "dummy0";
};
};
networking = {
useNetworkd = true;
useDHCP = false;
interfaces = {
dummy0 = {
ipv4.addresses = [
{
address = "192.168.2.1";
prefixLength = 24;
}
];
};
eth0 = {
ipv4.addresses = [
{
address = "192.168.122.10";
prefixLength = 24;
}
];
};
};
defaultGateway = {
address = "192.168.122.1";
interface = "eth0";
};
nameservers = [
#"9.9.9.9"
"2001:41d0:303:20da::1"
"217.182.138.218"
];
extraHosts = ''
172.18.21.172 errorpages.grandbesancon.fr
'';
};
}

20
modules/optionnals/hosts/work-nix.nix
View File

@@ -1,11 +1,14 @@
{
pkgs,
username,
...
}:
{
imports = [
../autologin.nix
../docker.nix
../k8s.nix
../libvirt.nix
../openfortivpn.nix
../packages.nix
../sops-desktop.nix
@@ -22,12 +25,27 @@
../desktop/qwerty-fr.nix
../desktop/rofi.nix
../desktop/starship.nix
../desktop/virt-manager.nix
../desktop/wayland.nix
### Import Graphics modules
../desktop/amd.nix
];
networking.wireless.iwd.enable = true;
networking = {
networkmanager.enable = true;
extraHosts = ''
carto-interavtive 172.18.20.134
test-patchmon.grandbesancon.fr 172.18.21.174
test-crowdsec.grandbesancon.fr 172.18.21.67
test-syslog.grandbesancon.fr 172.18.21.67
'';
};
users.users.${username} = {
extraGroups = [ "networkmanager" ];
};
programs.nm-applet.enable = true;
environment.systemPackages = [
pkgs.wireguard-tools
];
}

27
modules/optionnals/libvirt.nix Normal file
View File

@@ -0,0 +1,27 @@
{
pkgs,
username,
...
}:
{
users.users.${username} = {
extraGroups = [ "libvirtd" ];
};
virtualisation = {
libvirtd = {
enable = true;
qemu = {
package = pkgs.qemu_full;
#package = pkgs.qemu;
runAsRoot = true;
swtpm.enable = true;
vhostUserPackages = [
pkgs.virtiofsd
];
};
};
};
environment.systemPackages = with pkgs; [
virtiofsd
];
}

26
modules/optionnals/options.nix Normal file
View File

@@ -0,0 +1,26 @@
{
lib,
...
}:
{
options.my.laninterface = lib.mkOption {
type = lib.types.str;
default = "enp5s0";
};
options.my.ipv4address = lib.mkOption {
type = lib.types.str;
default = "127.0.0.1";
};
options.my.ipv4netmask = lib.mkOption {
type = lib.types.int;
default = 8;
};
options.my.ipv4gateway = lib.mkOption {
type = lib.types.str;
default = "127.0.0.254";
};
options.my.wolipv6address = lib.mkOption {
type = lib.types.str;
default = "fc::0";
};
}

101
modules/optionnals/server/starship.nix Normal file
View File

@@ -0,0 +1,101 @@
{
...
}:
{
environment.sessionVariables = {
KUBECONFIG = "$HOME/.kube/config";
};
programs.starship = {
enable = true;
settings = {
add_newline = true;
command_timeout = 1300;
scan_timeout = 50;
format = "[](fg:surface1)$hostname$username$directory$git_branch$git_status[](fg:base bg:sky)$fill$kubernetes$time[ ](fg:surface1)$line_break[ ](fg:surface1)";
right_format = "[](fg:surface1)";
palette = "catppuccin_frappe";
hostname = {
ssh_only = false;
format = "[](bg:base fg:mauve)[ $hostname ](bg:mauve fg:base)[](bg:mauve fg:blue)";
disabled = false;
};
username = {
style_user = "bg:blue fg:base";
style_root = "bg:red fg:base bold";
format = "[ $user ]($style)[](bg:blue fg:sapphire)";
show_always = true;
disabled = false;
};
directory = {
format = "[ $path ](bg:sapphire fg:base)[](bg:sapphire fg:sky)";
truncation_length = 3;
truncation_symbol = "/";
};
git_branch = {
symbol = " ";
format = "[ $symbol$branch(:$remote_branch) ](fg:base bg:sky)";
disabled = false;
};
git_status = {
format = "([$all_status$ahead_behind ](fg:base bg:sky))";
conflicted = "😵";
ahead = "";
behind = "";
diverged = "😵";
up_to_date = "";
untracked = "";
stashed = "📦";
modified = "";
#staged = "[($count)](fg:base bg:sapphire)"
staged = "";
renamed = "";
deleted = "";
disabled = false;
};
fill = {
symbol = "";
style = "surface1";
};
kubernetes = {
disabled = false;
format = "[](fg:blue bg:base)[ ($namespace)/($cluster) ](fg:base bg:blue)[](bg:blue fg:mauve)";
};
palettes.catppuccin_frappe = {
rosewater = "#f2d5cf";
flamingo = "#eebebe";
pink = "#f4b8e4";
mauve = "#ca9ee6";
red = "#e78284";
maroon = "#ea999c";
peach = "#ef9f76";
yellow = "#e5c890";
green = "#a6d189";
teal = "#81c8be";
sky = "#99d1db";
sapphire = "#85c1dc";
blue = "#8caaee";
lavender = "#babbf1";
text = "#c6d0f5";
subtext1 = "#b5bfe2";
subtext0 = "#a5adce";
overlay2 = "#949cbb";
overlay1 = "#838ba7";
overlay0 = "#737994";
surface2 = "#626880";
surface1 = "#51576d";
surface0 = "#414559";
base = "#303446";
mantle = "#292c3c";
crust = "#232634";
};
};
};
}

97
modules/optionnals/server/wireguard-ui.nix Normal file
View File

@@ -0,0 +1,97 @@
{
pkgs,
...
}:
{
environment.systemPackages = [
pkgs.wireguard-tools
pkgs.wireguard-ui
];
users.users.wireguard-ui = {
isSystemUser = true;
group = "wireguard-ui";
home = "/var/lib/wireguard-ui";
createHome = true;
description = "WireGuard UI service user";
};
users.groups.wireguard-ui = { };
systemd = {
tmpfiles.rules = [
"d /etc/wireguard 0750 wireguard-ui wireguard-ui -"
"d /var/lib/wireguard-ui 0750 wireguard-ui wireguard-ui -"
];
services = {
wg-quick-wg0 = {
description = "WireGuard via wg-quick(8) for wg0";
after = [
"network-online.target"
"wireguard-ui.service"
];
wants = [ "network-online.target" ];
wantedBy = [
"multi-user.target"
"sshd.service"
];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.wireguard-tools}/bin/wg-quick up wg0";
ExecStop = "${pkgs.wireguard-tools}/bin/wg-quick down wg0";
ExecReload = "${pkgs.bash}/bin/bash -c 'exec ${pkgs.wireguard-tools}/bin/wg syncconf wg0 <(exec ${pkgs.wireguard-tools}/bin/wg-quick strip wg0)'";
Environment = [ "WG_ENDPOINT_RESOLUTION_RETRIES=infinity" ];
};
};
wireguard-ui = {
description = "WireGuard UI";
documentation = [ "https://github.com/ngoduykhanh/wireguard-ui" ];
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${pkgs.wireguard-ui}/bin/wireguard-ui";
Restart = "on-failure";
WorkingDirectory = "/var/lib/wireguard-ui";
StateDirectory = "wireguard-ui";
User = "wireguard-ui";
Group = "wireguard-ui";
ReadWritePaths = [
"/var/lib/wireguard-ui"
"/etc/wireguard"
];
Environment = [
# "WGUI_ENDPOINT_ADDRESS=${config.custom.wireguard-ui.endpointAddress}"
# "WGUI_DNS=${config.custom.wireguard-ui.dns}"
];
AmbientCapabilities = "CAP_NET_ADMIN";
};
};
wg-quick-wg0-reload = {
description = "Reload WireGuard config";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.systemd}/bin/systemctl reload wg-quick-wg0.service";
};
};
};
paths.wg-quick-wg0-reload = {
description = "Watch /etc/wireguard/wg0.conf for changes";
wantedBy = [ "multi-user.target" ];
pathConfig = {
PathModified = "/etc/wireguard/wg0.conf";
};
};
};
networking.firewall.allowedTCPPorts = [ 5000 ];
networking.firewall.allowedUDPPorts = [ 51820 ];
}

109
modules/optionnals/sops-desktop.nix
View File

@@ -1,66 +1,61 @@
{
inputs,
username,
...
}:
let
secretsPath = builtins.toString inputs.mysecrets;
in
{
sops = {
defaultSopsFile = "${secretsPath}/secrets.yaml";
age = {
sshKeyPaths = [
"/etc/ssh/ssh_host_ed25519_key"
];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
sops.secrets = {
"users_password/beastie" = {
neededForUsers = true;
};
secrets = {
"users_password/beastie" = {
neededForUsers = true;
};
"ssh_keys/default_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519.pub";
};
"ssh_keys/default_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519";
};
"ssh_keys/ansible_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_ansible.pub";
};
"ssh_keys/ansible_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_ansible";
};
"ssh_keys/beastie_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_beastie.pub";
};
"ssh_keys/beastie_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_beastie";
};
"ssh_keys/gitea_semaphore_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore.pub";
};
"ssh_keys/gitea_semaphore_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore";
};
"ssh_keys/default_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519.pub";
};
"ssh_keys/default_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519";
};
"ssh_keys/ansible_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_ansible.pub";
};
"ssh_keys/ansible_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_ansible";
};
"ssh_keys/beastie_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_beastie.pub";
};
"ssh_keys/beastie_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_beastie";
};
"ssh_keys/gitea_semaphore_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore.pub";
};
"ssh_keys/gitea_semaphore_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore";
};
"ssh_keys/wol_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_wol";
};
"ssh_keys/wol_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_wol.priv";
};
};
}

47
modules/optionnals/wakeonlan.nix Normal file
View File

@@ -0,0 +1,47 @@
{
config,
pkgs,
hostname,
...
}:
{
systemd.services."wol${config.my.laninterface}" = {
description = "Wake-on-LAN for ${config.my.laninterface}";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.ethtool}/bin/ethtool -s ${config.my.laninterface} wol g";
RandomizedDelaySec = "30s";
};
};
environment.systemPackages = [ pkgs.ethtool ];
my.wolipv6address = "2a01:e0a:f5d:3400:6b2c:41d7:e9f5";
boot.initrd = {
network = {
enable = true;
ssh = {
enable = true;
port = 65234;
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2+PXfG/37rsvcVr2RAHzXmGHMr8+8iBH//1YS+zWd3"
]; # ta clé publique
hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ];
};
postCommands = ''
ip -6 addr add ${config.my.wolipv6address}/64 dev ${config.my.laninterface}
ip -6 route add default via fe80::3a07:16ff:fe11:45a8 dev ${config.my.laninterface}
'';
};
availableKernelModules = [ "r8169" ];
};
boot = {
kernelParams = [
"ip=${config.my.ipv4address}::255.255.255.0:${config.my.ipv4gateway}:${hostname}:${config.my.laninterface}:off"
];
};
}