beastie/dev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: beastie:81c83f6264e6800cb8024fe178f911e58e8a0225
Branches Tags
beastie:main
...
compare: beastie:main
Branches Tags
beastie:main

50 Commits
81c83f6264 ... main

Author SHA1 Message Date
Jérémie SALVI
3679f36e67 Add gaming skills 2025-12-21 18:32:18 +01:00
Jérémie SALVI
d10cc381df add nextcloud to desktop 2025-12-21 17:47:38 +01:00
Jérémie SALVI
cc6ebd5224 Install nextcloud-client additions 2025-12-12 22:53:03 +01:00
Jérémie SALVI
d51e8ed455 Add /dev/sda luks partition to crypttab, and install nextcloud-client 2025-12-12 22:04:23 +01:00
Jérémie SALVI
2a751ee1d4 configure remote wake on lan and ipv6 2025-12-12 07:50:43 +01:00
Jérémie SALVI
792fe03d93 Add wake online 2025-12-12 04:42:32 +01:00
Jérémie SALVI
918d42ff71 Add wake online 2025-12-12 04:42:20 +01:00
Jérémie SALVI
87993b83fe restore qemu to kemu_full 2025-12-11 15:16:47 +01:00
Jérémie SALVI
74962924b8 revert flake to a working build 2025-12-09 01:46:47 +01:00
Jérémie SALVI
520f40e1bc revert flake 2025-12-08 13:14:03 +01:00
Jérémie SALVI
1655f3096d before flake update 2025-12-08 12:04:41 +01:00
Jérémie SALVI
5fb0c51777 flake update 2025-12-02 16:30:27 +01:00
Jérémie SALVI
91e8ccbb4f flake update 2025-12-02 16:25:57 +01:00
Jérémie SALVI
ff17f33531 Creating kvm test server 2025-11-22 13:05:42 +01:00
Jérémie SALVI
59b184cc2c before flake update 2025-11-21 10:17:59 +01:00
Jérémie SALVI
a925119154 flake update 2025-11-08 15:14:53 +01:00
Jérémie SALVI
e406793840 flake update 2025-11-08 15:10:23 +01:00
Jérémie SALVI
9c0bf5fabf add libvirt and virt manager 2025-10-29 21:27:18 +01:00
Jérémie SALVI
7fa9f95ce4 after flake update 2025-10-29 14:26:06 +01:00
Jérémie SALVI
e5e4fe04ea after flake update 2025-10-28 14:17:30 +01:00
Jérémie SALVI
73cc922bed Add aider 2025-10-20 12:51:18 +02:00
Jérémie SALVI
3e07666c13 after flake update 2025-10-20 11:36:11 +02:00
Jérémie SALVI
b4cd147221 add autosuggestions to zsh 2025-10-20 03:30:41 +02:00
Jérémie SALVI
4a65f5e537 use only nmcli with nmaplet 2025-10-16 00:29:12 +02:00
Jérémie SALVI
f16f941daf use only nmcli 2025-10-16 00:19:15 +02:00
Jérémie SALVI
24fa6a4700 some work improvments 2025-10-15 23:22:24 +02:00
Jérémie SALVI
3b74e79fed Change waybar colors 2025-10-13 20:29:02 +02:00
Jérémie SALVI
18cc8751c9 Improve waybar and custom scripts 2025-10-13 20:23:43 +02:00
Jérémie SALVI
e1d128f28a Improving shell 2025-10-13 18:29:23 +02:00
Jérémie SALVI
3df4363583 Merge remote-tracking branch 'refs/remotes/origin/main' 2025-10-08 22:39:02 +02:00
Jérémie SALVI
2ca9cac5c7 Add tor Browser 2025-10-08 22:36:01 +02:00
Jérémie SALVI
2507a645eb Add vscode extension 2025-10-08 10:55:23 +02:00
Jérémie SALVI
abf22d0216 improve interface for work-nix (nmapplet) 2025-10-08 10:47:07 +02:00
Jérémie SALVI
f3300382c3 add lmstudio 2025-10-08 02:59:01 +02:00
Jérémie SALVI
0225add932 before update flake 2025-10-07 23:09:55 +02:00
Jérémie SALVI
4d70049361 Add hyprlock.conf 2025-10-07 23:04:51 +02:00
Jérémie SALVI
578b8b04f6 Ajust screenbar 2025-10-07 16:29:50 +02:00
Jérémie SALVI
9291b952e2 Split config between home and work 2025-10-07 15:47:16 +02:00
Jérémie SALVI
8bc6a0157c Add modules for work.nix 2025-10-06 22:33:34 +02:00
Jérémie SALVI
6a36122522 Add wireguard, ollama, openwebui 2025-10-06 17:11:31 +02:00
Jérémie SALVI
e9f5889194 Adding vscodium vith extensions and nvtop 2025-10-05 19:39:46 +02:00
Jérémie SALVI
c4f94bf3bb Adding vscodium vith extensions and nvtop 2025-10-05 19:38:38 +02:00
Jérémie SALVI
9c5244a272 add ollama 2025-10-04 17:37:53 +02:00
Jérémie SALVI
c860a23726 add nvtop and yt-dlp 2025-10-04 16:12:38 +02:00
Jérémie SALVI
56286a1088 Add nixfmt and pwgen 2025-10-02 21:48:48 +02:00
Jérémie SALVI
83a2e55fd7 Add automout secrets via sops 2025-10-02 15:51:59 +02:00
Jérémie SALVI
ba557d70d3 Add openfortivpn.nix with sops secrets. 2025-10-02 10:50:29 +02:00
Jérémie SALVI
96afcd2c67 Refactor : remove common hosts and move to modules 2025-09-26 01:42:40 +02:00
Jérémie SALVI
6135e433a6 Add pipewire 2025-09-26 01:06:40 +02:00
Jérémie SALVI
dc6e082a50 Add pipewire and nvidia 2025-09-26 01:06:26 +02:00
63 changed files with 1847 additions and 480 deletions
Expand all files Collapse all files

30
TODO.md Normal file
View File

@@ -0,0 +1,30 @@
- automatic grabage
- gaming
- printers
- libvirt
- wireguard
- update script
- alerting script
- waybar colors
- waybar per hosts
- wayland per hosts
- neovim in a module
- nmapplet
## Gaming
ICD fails when vulkaninfo --summary
refactor
lutris GTK error
gamescope doesn't work
## Move old scripts
## Ansible
install ansible with vsphere sdk
## Refactor
Refactorer en s'inspirant de https://github.com/EmergentMind/nix-config
Plus de if, utiliser les paths comme lui
Flake plus simple avec un map host ?
Moins de dossiers, plus de files.nix
Ce qui est unique à un host reste dans le dossier hosts/myhost

51
flake.lock generated
View File

@@ -3,15 +3,15 @@
"disko": { "disko": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs-unstable"
] ]
}, },
"locked": { "locked": {
"lastModified": 1757508292, "lastModified": 1766150702,
"narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=", "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "146f45bee02b8bd88812cfce6ffc0f933788875a", "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -23,11 +23,11 @@
"mysecrets": { "mysecrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1758805800, "lastModified": 1765518969,
"narHash": "sha256-gpsVmfnAx5WvuJccSEFFCGQauVwTtMOvNX8MU2rAh9g=", "narHash": "sha256-hKJGo0+i7xHDMhN8kicOLT0PA8x8zRzleQs2I2XWVLg=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "e323fa4ec284046bd64842e70123ffadfa2b859f", "rev": "e1c2c590e4655cf887173478765663d20a7efffd",
"revCount": 6, "revCount": 19,
"type": "git", "type": "git",
"url": "file:///home/beastie/nixos/secrets" "url": "file:///home/beastie/nixos/secrets"
}, },
@@ -36,13 +36,29 @@
"url": "file:///home/beastie/nixos/secrets" "url": "file:///home/beastie/nixos/secrets"
} }
}, },
"nixpkgs": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1757745802, "lastModified": 1766014764,
"narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", "narHash": "sha256-+73VffE5GP5fvbib6Hs1Su6LehG+9UV1Kzs90T2gBLA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2b0d2b456e4e8452cf1c16d00118d145f31160f9",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1766070988,
"narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -56,22 +72,23 @@
"inputs": { "inputs": {
"disko": "disko", "disko": "disko",
"mysecrets": "mysecrets", "mysecrets": "mysecrets",
"nixpkgs": "nixpkgs", "nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unstable": "nixpkgs-unstable",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
} }
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs-unstable"
] ]
}, },
"locked": { "locked": {
"lastModified": 1758007585, "lastModified": 1766289575,
"narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=", "narHash": "sha256-BOKCwOQQIP4p9z8DasT5r+qjri3x7sPCOq+FTjY8Z+o=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139", "rev": "9836912e37aef546029e48c8749834735a6b9dad",
"type": "github" "type": "github"
}, },
"original": { "original": {

15
flake.nix
View File

@@ -2,16 +2,17 @@
description = "A very basic flake"; description = "A very basic flake";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
disko = { disko = {
url = "github:nix-community/disko"; url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs-unstable";
}; };
sops-nix = { sops-nix = {
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs-unstable";
}; };
mysecrets = { mysecrets = {
@@ -46,10 +47,10 @@
{ {
nixosConfigurations = { nixosConfigurations = {
#nixos-anywhere -- --flake './#generic' --generate-hardware-config nixos-generate-config ./hosts/generic/hardware-configuration.nix --target-host beastie@192.168.122.204 #nixos-anywhere -- --flake './#generic' --generate-hardware-config nixos-generate-config ./hosts/generic/hardware-configuration.nix --target-host beastie@192.168.122.204
generic = mkSystem inputs.nixpkgs "x86_64-linux" "generic" "beastie"; generic = mkSystem inputs.nixpkgs-stable "x86_64-linux" "generic" "beastie";
test-kvm = mkSystem inputs.nixpkgs "x86_64-linux" "test-kvm" "beastie"; test-kvm = mkSystem inputs.nixpkgs-stable "x86_64-linux" "test-kvm" "beastie";
home-nix = mkSystem inputs.nixpkgs "x86_64-linux" "home-nix" "beastie"; home-nix = mkSystem inputs.nixpkgs-unstable "x86_64-linux" "home-nix" "beastie";
work-nix = mkSystem inputs.nixpkgs "x86_64-linux" "work-nix" "beastie"; work-nix = mkSystem inputs.nixpkgs-unstable "x86_64-linux" "work-nix" "beastie";
# live-usb = mkSystem inputs.nixpkgs "x86_64-linux" "live-usb" "beastie"; # live-usb = mkSystem inputs.nixpkgs "x86_64-linux" "live-usb" "beastie";
#nixos-rebuild switch --flake ./#home-nix --sudo #nixos-rebuild switch --flake ./#home-nix --sudo
}; };

3
hosts/generic/default.nix
View File

@@ -5,7 +5,7 @@
... ...
}: }:
{ {
system.stateVersion = "25.11"; system.stateVersion = "25.05";
imports = [ imports = [
./disk-config.nix ./disk-config.nix
@@ -83,6 +83,7 @@
pkgs.nixos-anywhere pkgs.nixos-anywhere
pkgs.nixos-generators pkgs.nixos-generators
pkgs.ssh-to-age pkgs.ssh-to-age
pkgs.htop
]; ];
services.openssh.enable = true; services.openssh.enable = true;

76
hosts/generic/disk-config.nix
View File

@@ -6,7 +6,7 @@
disk = { disk = {
main = { main = {
type = "disk"; type = "disk";
device = "/dev/nvme0n1"; device = "/dev/vda";
content = { content = {
type = "gpt"; type = "gpt";
partitions = { partitions = {
@@ -23,42 +23,88 @@
}; };
SYS = { SYS = {
size = "100%"; size = "100%";
type = "8309"; type = "8300";
name = "SYS"; name = "SYS";
content = {
type = "luks";
name = "rootfs";
settings = {
allowDiscards = true;
};
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = [ "-f --nodiscard --label root" ]; extraArgs = [ "-f --nodiscard --label root" ];
subvolumes = { subvolumes = {
"@" = { "@" = {
mountpoint = "/"; mountpoint = "/";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
}; };
"@root" = { "@root" = {
mountpoint = "/root"; mountpoint = "/root";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
}; };
"@home" = { "@home" = {
mountpoint = "/home"; mountpoint = "/home";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
}; };
"@nix" = { "@nix" = {
mountpoint = "/nix"; mountpoint = "/nix";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
}; };
"@var" = { "@var" = {
mountpoint = "/var"; mountpoint = "/var";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
}; };
"@games" = { "@data" = {
mountpoint = "/games"; mountpoint = "/games";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
}; };
"@backups" = {
mountpoint = "/games";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
}; };
}; };
}; };

5
hosts/generic/hardware-configuration.nix
View File

@@ -5,14 +5,13 @@
{ {
imports = imports =
[ (modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

22
hosts/home-nix/default.nix
View File

@@ -1,6 +1,4 @@
{ {
pkgs,
username,
hostname, hostname,
modulesPath, modulesPath,
inputs, inputs,
@@ -11,29 +9,9 @@
imports = builtins.trace "${inputs.mysecrets}" [ imports = builtins.trace "${inputs.mysecrets}" [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
./network.nix
./disk-config.nix ./disk-config.nix
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/core ../../modules/core
../../modules/optionnals/hosts/${hostname}.nix ../../modules/optionnals/hosts/${hostname}.nix
]; ];
boot.kernelPackages = pkgs.linuxPackages_latest;
time.timeZone = "Europe/Paris";
nix = {
settings = {
## Enable flakes
experimental-features = [
"nix-command"
"flakes"
];
## Users trusted to use flake command
trusted-users = [
"root"
"${username}"
];
};
};
} }

54
hosts/home-nix/disk-config.nix
View File

@@ -37,27 +37,69 @@
subvolumes = { subvolumes = {
"@" = { "@" = {
mountpoint = "/"; mountpoint = "/";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
}; };
"@root" = { "@root" = {
mountpoint = "/root"; mountpoint = "/root";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
}; };
"@home" = { "@home" = {
mountpoint = "/home"; mountpoint = "/home";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
}; };
"@nix" = { "@nix" = {
mountpoint = "/nix"; mountpoint = "/nix";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
}; };
"@var" = { "@var" = {
mountpoint = "/var"; mountpoint = "/var";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
}; };
"@games" = { "@games" = {
mountpoint = "/games"; mountpoint = "/games";
mountOptions = [ "defaults" "ssd" "compress=zstd" "autodefrag" "noatime" "nodiscard" ]; mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
}; };
}; };
}; };

37
hosts/home-nix/hardware-configuration.nix
View File

@@ -1,18 +1,47 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
environment.etc."crypttab".text = ''
datafs UUID=5ca962a7-537f-46ce-ba50-9cc9cefd012b /etc/secrets/datafs.key luks
'';
fileSystems."/data" = {
device = "/dev/disk/by-uuid/a8ea6a7b-3733-40d8-bee8-45806aaacfe1";
fsType = "btrfs";
options = [
"defaults"
"compress=zstd"
"autodefrag"
"noatime"
"nofail"
];
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

29
hosts/home-nix/network.nix
View File

@@ -1,29 +0,0 @@
{
hostname,
...
}:
{
networking = {
hostName = "${hostname}";
interfaces.enp1s0 = {
ipv4.addresses = [
{
address = "192.168.0.2";
prefixLength = 24;
}
];
};
defaultGateway = {
address = "192.168.0.254";
interface = "enp1s0";
};
nameservers = [
"9.9.9.9"
"2001:41d0:303:20da::1"
"217.182.138.218"
];
networkmanager.enable = true;
firewall.enable = true;
};
}

39
hosts/test-kvm/default.nix
View File

@@ -7,50 +7,13 @@
... ...
}: }:
{ {
system.stateVersion = "25.11"; system.stateVersion = "25.05";
imports = builtins.trace "${inputs.mysecrets}" [ imports = builtins.trace "${inputs.mysecrets}" [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
./network.nix
./disk-config.nix ./disk-config.nix
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/core ../../modules/core
../../modules/optionnals/hosts/${hostname}.nix ../../modules/optionnals/hosts/${hostname}.nix
]; ];
boot.kernelPackages = pkgs.linuxPackages_latest;
time.timeZone = "Europe/Paris";
nix = {
settings = {
## Enable flakes
experimental-features = [
"nix-command"
"flakes"
];
## Users trusted to use flake command
trusted-users = [
"root"
"${username}"
];
};
};
## Enable virtualisation guest settings
services.qemuGuest.enable = true;
services.spice-vdagentd.enable = true;
services.xserver = {
videoDrivers = [ "modesetting" ]; # Driver vidéo optimisé pour QEMU/KVM
};
environment.systemPackages = [
pkgs.spice-gtk # Outils SPICE
pkgs.spice-protocol # Protocoles SPICE
];
#fileSystems."/" = {
# device = "/dev/vda2"; # Disque virtuel typique
# fsType = "btrfs";
#};
} }

89
hosts/test-kvm/disk-config.nix
View File

@@ -10,22 +10,103 @@
content = { content = {
type = "gpt"; type = "gpt";
partitions = { partitions = {
ESP = { EFI = {
size = "512M"; size = "512M";
type = "EF00"; type = "EF00";
name = "EFI";
content = { content = {
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
}; };
}; };
root = { SYS = {
size = "100%"; size = "100%";
type = "8300"; type = "8300";
name = "SYS";
content = { content = {
type = "filesystem"; type = "btrfs";
format = "btrfs"; extraArgs = [ "-f --nodiscard --label root" ];
subvolumes = {
"@" = {
mountpoint = "/"; mountpoint = "/";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@root" = {
mountpoint = "/root";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@var" = {
mountpoint = "/var";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@data" = {
mountpoint = "/games";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
"@backups" = {
mountpoint = "/games";
mountOptions = [
"defaults"
"ssd"
"compress=zstd"
"autodefrag"
"noatime"
"nodiscard"
];
};
};
}; };
}; };
}; };

34
hosts/test-kvm/hardware-configuration.nix
View File

@@ -1,38 +1,16 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, modulesPath, ... }:
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ imports =
(modulesPath + "/profiles/qemu-guest.nix") [ (modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
"ahci" boot.initrd.kernelModules = [ ];
"xhci_pci" boot.kernelModules = [ "kvm-intel" ];
"virtio_pci"
"sr_mod"
"virtio_blk"
"virtio_scsi"
"virtio_net"
"virtio_blk"
];
boot.initrd.kernelModules = [
"virtio_balloon"
"virtio_console"
"virtio_rng"
];
boot.kernelModules = [
"kvm-intel"
"virtio-gpu"
];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

29
hosts/test-kvm/network.nix
View File

@@ -1,29 +0,0 @@
{
hostname,
...
}:
{
networking = {
hostName = "${hostname}";
interfaces.enp1s0 = {
ipv4.addresses = [
{
address = "192.168.122.100";
prefixLength = 24;
}
];
};
defaultGateway = {
address = "192.168.122.1";
interface = "enp1s0";
};
nameservers = [
"9.9.9.9"
"2001:41d0:303:20da::1"
"217.182.138.218"
];
networkmanager.enable = true;
firewall.enable = true;
};
}

22
hosts/work-nix/default.nix
View File

@@ -1,6 +1,4 @@
{ {
pkgs,
username,
hostname, hostname,
modulesPath, modulesPath,
inputs, inputs,
@@ -11,28 +9,8 @@
imports = builtins.trace "${inputs.mysecrets}" [ imports = builtins.trace "${inputs.mysecrets}" [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
./network.nix
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/core ../../modules/core
../../modules/optionnals/hosts/${hostname}.nix ../../modules/optionnals/hosts/${hostname}.nix
]; ];
boot.kernelPackages = pkgs.linuxPackages_latest;
time.timeZone = "Europe/Paris";
nix = {
settings = {
## Enable flakes
experimental-features = [
"nix-command"
"flakes"
];
## Users trusted to use flake command
trusted-users = [
"root"
"${username}"
];
};
};
} }

11
hosts/work-nix/network.nix
View File

@@ -1,11 +0,0 @@
{
hostname,
...
}:
{
networking = {
hostName = "${hostname}";
networkmanager.enable = true;
firewall.enable = true;
};
}

1
modules/core/default.nix
View File

@@ -6,6 +6,7 @@
./grub.nix ./grub.nix
./packages.nix ./packages.nix
./ssh.nix ./ssh.nix
./system.nix
./tty.nix ./tty.nix
./users.nix ./users.nix
]; ];

6
modules/core/packages.nix
View File

@@ -19,6 +19,12 @@
pkgs.nixos-generators pkgs.nixos-generators
pkgs.efibootmgr pkgs.efibootmgr
pkgs.gptfdisk pkgs.gptfdisk
pkgs.duf
pkgs.jq
pkgs.bash
pkgs.fzf
pkgs.bc
pkgs.wakeonlan
]; ];
services = { services = {
locate = { locate = {

34
modules/core/system.nix Normal file
View File

@@ -0,0 +1,34 @@
{
pkgs,
username,
hostname,
...
}:
{
boot.kernelPackages = pkgs.linuxPackages_latest;
time.timeZone = "Europe/Paris";
nix = {
settings = {
## Enable flakes
experimental-features = [
"nix-command"
"flakes"
];
## Users trusted to use flake command
trusted-users = [
"root"
"${username}"
];
## Use 24 cores during building phases
cores = 24;
max-jobs = "auto";
};
};
networking = {
hostName = "${hostname}";
firewall.enable = true;
};
}

71
modules/core/tty.nix
View File

@@ -1,11 +1,6 @@
{ {
config,
pkgs,
... ...
}@attrs: }:
let
cfg = config.services.getty;
in
{ {
environment = { environment = {
etc = { etc = {
@@ -15,13 +10,73 @@ in
ls = "ls --color=auto"; ls = "ls --color=auto";
ll = "ls --color=auto -lha"; ll = "ls --color=auto -lha";
grep = "grep --color=auto"; grep = "grep --color=auto";
egrep = "egrep --color=auto";
frep = "frep --color=auto";
ip = "ip -color=auto"; ip = "ip -color=auto";
vi = "nvim"; vi = "nvim";
df = "df -h";
du = "du -h";
}; };
# Defined in /etc/set-environnement. Require session restart
variables = { variables = {
XDG_CONFIG_HOME = "$HOME/.config";
XDG_CACHE_HOME = "$HOME/.cache";
XDG_DATA_HOME = "$HOME/.local/share";
ZDOTDIR = "$HOME/.config/zsh";
TERMINAL = "kitty";
EDITOR = "nvim"; EDITOR = "nvim";
HISTSIZE = 20000; BROWSER = "firefox";
HISTTIMEFORMAT = "%F %T "; HISTSIZE = 200000;
SAVEHIST = 200000;
}; };
}; };
programs.zsh = {
enable = true;
enableCompletion = true;
syntaxHighlighting.enable = true;
autosuggestions.enable = true;
histSize = 200000;
histFile = "$HOME/.config/zsh/.zsh_history";
setOptions = [
"SHARE_HISTORY"
];
promptInit = ''
stty stop undef # Disable ctrl+s to freeze terminal
# Get keycode by typing Ctrl+v in your terminal then the key or key combination you want
bindkey '^[OA' history-beginning-search-backward
bindkey '^[OB' history-beginning-search-forward
zstyle ':completion:*' menu select
zmodload zsh/complist
# enable dotfiles in tab directory completion
setopt globdots
fzf-history() {
local selected
selected=$(fc -l 1 | fzf --tac --no-sort | sed 's/^[ ]*[0-9]*[ ]*//')
if [[ -n "$selected" ]]; then
BUFFER="$selected"
CURSOR=$#BUFFER
fi
zle redisplay
}
zle -N fzf-history
bindkey '^R' fzf-history
# Fonction SSH avec fzf
fzf-ssh() {
local selected
selected=$(fc -l 1 | grep 'ssh ' | fzf --tac --no-sort | sed 's/^[ ]*[0-9]*[ ]*//')
if [[ -n "$selected" ]]; then
BUFFER="$selected"
CURSOR=$#BUFFER
fi
zle redisplay
}
zle -N fzf-ssh
bindkey '^S' fzf-ssh
'';
};
} }

5
modules/core/users.nix
View File

@@ -1,6 +1,7 @@
{ {
config, config,
username, username,
pkgs,
... ...
}: }:
{ {
@@ -13,13 +14,13 @@
description = "Admin account"; description = "Admin account";
extraGroups = [ extraGroups = [
"wheel" "wheel"
"networkmanager"
"audio" "audio"
"video" "video"
]; ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKMJ3TkEmRQcX7RQijNa2km6a2xXJk6M6FERh7C9nTJ" config.sops.secrets."ssh_keys/beastie_priv".path
]; ];
shell = pkgs.zsh;
}; };
root = { root = {
password = null; password = null;

46
modules/optionnals/ai.nix Normal file
View File

@@ -0,0 +1,46 @@
{
pkgs,
...
}:
{
# Activer Ollama comme service
# services.ollama = {
# enable = true;
# acceleration = "cuda";
# environmentVariables = {
# OLLAMA_FLASH_ATTENTION = "1"; # ← Flash Attention
# OLLAMA_NUM_PARALLEL = "2"; # ← Requêtes parallèles
# OLLAMA_MAX_LOADED_MODELS = "1"; # ← Garder 2 modèles en VRAM
# OLLAMA_KEEP_ALIVE = "5m";
# };
# };
# services.open-webui = {
# enable = true;
# port = 8080; # Port par défaut
# host = "127.0.0.1"; # Localhost uniquement
# openFirewall = true;
# # Pour accès réseau : host = "0.0.0.0";
# environment = {
# ANONYMIZED_TELEMETRY = "True";
# DO_NOT_TRACK = "True";
# SCARF_NO_ANALYTICS = "True";
# # URL d'Ollama (local)
# OLLAMA_BASE_URL = "http://127.0.0.1:11434";
# # Autres options optionnelles (https://docs.openwebui.com/getting-started/env-configuration/#web-search)
# WEBUI_AUTH = "False"; # Desactive l'authentification
# # ENABLE_WEB_SEARCH = "True";
# # ENABLE_SEARCH_QUERY_GENERATION = "True";
# # WEB_SEARCH_ENGINE = "duckduckgo";
# # WEB_LOADER_ENGINE = "safe_web";
# };
# };
environment = {
systemPackages = [
pkgs.lmstudio
pkgs.aider-chat-full
];
variables = {
OLLAMA_API_BASE = "http://localhost:11434";
};
};
}

97
modules/optionnals/desktop/code.nix Normal file
View File

@@ -0,0 +1,97 @@
{
pkgs,
lib,
...
}:
let
open-remote-ssh = pkgs.stdenv.mkDerivation rec {
pname = "vscode-extension-open-remote-ssh";
version = "0.0.49";
vscodeExtUniqueId = "jeanp413.open-remote-ssh";
vscodeExtPublisher = "jeanp413";
src = pkgs.fetchurl {
url = "https://github.com/jeanp413/open-remote-ssh/releases/download/v${version}/open-remote-ssh-${version}.vsix";
# To obtain the correct hash, run:
# nix-prefetch-url --type sha256 https://github.com/jeanp413/open-remote-ssh/releases/download/v0.0.49/open-remote-ssh-0.0.49.vsix | xargs -I {} nix hash to-sri --type sha256 {}
# Temporarily use lib.fakeHash to have Nix give you the correct hash
# sha256 = lib.fakeHash;
# Then replace with the hash returned in the error
sha256 = "sha256-QfJnAAx+kO2iJ1EzWoO5HLogJKg3RiC3hg1/u2Jm6t4=";
};
nativeBuildInputs = [
pkgs.unzip
];
# No automatic unpacking for .vsix files
dontUnpack = true;
configurePhase = ''
runHook preConfigure
# Create a temporary directory to extract the .vsix
mkdir -p extract
cd extract
# A .vsix is a ZIP file, we decompress it
unzip -q "$src"
runHook postConfigure
'';
buildPhase = ''
runHook preBuild
# Nothing to build, everything is precompiled in the .vsix
runHook postBuild
'';
installPhase = ''
runHook preInstall
# Create the directory structure expected by VS Code
mkdir -p "$out/share/vscode/extensions"
# The extension content is in the 'extension' folder of the .vsix
# Copy it to the directory with the name {publisher}.{name}-{version}
cp -r extension "$out/share/vscode/extensions/${vscodeExtUniqueId}"
runHook postInstall
'';
meta = {
description = "Open Remote - SSH";
homepage = "https://github.com/jeanp413/open-remote-ssh";
license = lib.licenses.mit;
platforms = lib.platforms.all;
};
};
in
{
environment.systemPackages = [
(pkgs.vscode-with-extensions.override {
vscode = pkgs.vscodium;
vscodeExtensions = [
# pkgs.vscode-extensions.continue.continue
pkgs.vscode-extensions.catppuccin.catppuccin-vsc
pkgs.vscode-extensions.catppuccin.catppuccin-vsc-icons
pkgs.vscode-extensions.jnoortheen.nix-ide
pkgs.vscode-extensions.redhat.ansible
pkgs.vscode-extensions.redhat.vscode-yaml
pkgs.vscode-extensions.ms-azuretools.vscode-docker
pkgs.vscode-extensions.mads-hartmann.bash-ide-vscode
]
++ [ open-remote-ssh ];
})
pkgs.nodejs_24
pkgs.nodePackages.npm
pkgs.gcc
pkgs.gnumake
pkgs.nixd
pkgs.nixfmt-rfc-style
pkgs.ansible
pkgs.python313
];
}

19
modules/optionnals/desktop/config/etc/xdg/hypr/hyprland-home-nix.conf
View File

@@ -2,13 +2,14 @@
### MONITORS ### ### MONITORS ###
################ ################
# See https://wiki.hyprland.org/Configuring/Monitors/ # See https://wiki.hyprland.org/Configuring/Monitors/
monitor=Virtual-1,1920x1080,0x0,1 monitor=HDMI-A-1,1920x1080@60,0x0,1
monitor=HDMI-A-2,1920x1080@60,1920x0,1
workspace = 1, monitor:Virtual-1 workspace = 1, monitor:HDMI-A-1
workspace = 2, monitor:Virtual-1 workspace = 2, monitor:HDMI-A-1
workspace = 3, monitor:Virtual-1 workspace = 3, monitor:HDMI-A-1
workspace = 4, monitor:Virtual-1 workspace = 4, monitor:HDMI-A-1
workspace = 5, monitor:Virtual-1 workspace = 5, monitor:HDMI-A-2
workspace = 6, monitor:Virtual-1 workspace = 6, monitor:HDMI-A-2
workspace = 7, monitor:Virtual-1 workspace = 7, monitor:HDMI-A-2
workspace = 8, monitor:Virtual-1 workspace = 8, monitor:HDMI-A-2

18
modules/optionnals/desktop/config/etc/xdg/hypr/hyprland-work-nix.conf
View File

@@ -2,14 +2,18 @@
### MONITORS ### ### MONITORS ###
################ ################
# See https://wiki.hyprland.org/Configuring/Monitors/ # See https://wiki.hyprland.org/Configuring/Monitors/
monitor=eDP-1,1920x1200,0x0,1 monitor=DP-4,1920x1080@60,0x0,1
monitor=DP-5,3840x2160@60,1920x0,1.5
monitor=eDP-1,1920x1200@60,4480x0,1
workspace = 1, monitor:eDP-1 workspace = 1, monitor:DP-4
workspace = 2, monitor:eDP-1 workspace = 2, monitor:DP-4
workspace = 3, monitor:eDP-1 workspace = 3, monitor:DP-4
workspace = 4, monitor:eDP-1 workspace = 4, monitor:DP-5
workspace = 5, monitor:eDP-1 workspace = 5, monitor:DP-5
workspace = 6, monitor:eDP-1 workspace = 6, monitor:DP-5
workspace = 7, monitor:eDP-1 workspace = 7, monitor:eDP-1
workspace = 8, monitor:eDP-1 workspace = 8, monitor:eDP-1
workspace = 9, monitor:eDP-1 workspace = 9, monitor:eDP-1
exec-once = systemctl --user restart nm-applet.service

7
modules/optionnals/desktop/config/etc/xdg/hypr/hyprland.conf
View File

@@ -14,14 +14,14 @@ ecosystem {
################### ###################
$terminal = kitty $terminal = kitty
source = /etc/xdg/hypr/rofi.conf
################# #################
### AUTOSTART ### ### AUTOSTART ###
################# #################
exec-once = waybar &
exec-once = hyprpaper exec-once = hyprpaper
exec-once = waybar
exec-once = nextcloud
############################# #############################
### ENVIRONMENT VARIABLES ### ### ENVIRONMENT VARIABLES ###
@@ -210,9 +210,10 @@ device {
$mainMod = SUPER # Sets "Windows" key as main modifier $mainMod = SUPER # Sets "Windows" key as main modifier
# Apps shortcut # Apps shortcut
bind = $mainMod, D, exec, $rofi bind = $mainMod, D, exec, rofi -show drun -show-icons -config /etc/xdg/rofi/config.rasi
bind = $mainMod, L, exec, /etc/xdg/scripts/wayland-disconnect.sh bind = $mainMod, L, exec, /etc/xdg/scripts/wayland-disconnect.sh
bind = $mainMod, M, exec, /etc/xdg/scripts/wayland-mpv.sh bind = $mainMod, M, exec, /etc/xdg/scripts/wayland-mpv.sh
bind = $mainMod, K, exec, /etc/xdg/scripts/rofi-ssh.sh
bind = $mainMod SHIFT, P, exec, pavucontrol bind = $mainMod SHIFT, P, exec, pavucontrol
bind = $mainMod SHIFT, T, exec, teams-for-linux bind = $mainMod SHIFT, T, exec, teams-for-linux
bind = $mainMod SHIFT, D, exec, discord bind = $mainMod SHIFT, D, exec, discord

100
modules/optionnals/desktop/config/etc/xdg/hypr/hyprlock.conf
View File

@@ -0,0 +1,100 @@
source = /etc/xdg/hypr/frappe.conf
$accent = $mauve
$accentAlpha = $mauveAlpha
$font = JetBrainsMono Nerd Font
# GENERAL
general {
hide_cursor = true
}
# BACKGROUND
background {
monitor =
path = screenshot
blur_passes = 2
color = $base
}
# LAYOUT
label {
monitor =
text = Layout: $LAYOUT
color = $blue
font_size = 15
font_family = $font
position = 30, -30
halign = left
valign = top
}
# TIME
label {
monitor =
text = $TIME
color = $blue
font_size = 90
font_family = $font
position = -30, 0
halign = right
valign = top
}
# DATE
label {
monitor =
text = cmd[update:43200000] date +"%A, %d %B %Y"
color = $sapphire
font_size = 25
font_family = $font
position = -30, -150
halign = right
valign = top
}
# FINGERPRINT
{
monitor = "";
text = "$FPRINTPROMPT";
color = "$text";
font_size = 14;
font_family = $font;
position = "0, -107";
halign = "center";
valign = "center";
}
# USER AVATAR
image {
monitor =
path = $HOME/.face
size = 100
border_color = $accent
position = 0, 75
halign = center
valign = center
}
# INPUT FIELD
input-field {
monitor =
size = 300, 60
outline_thickness = 4
dots_size = 0.2
dots_spacing = 0.2
dots_center = true
outer_color = $sky
inner_color = $surface0
font_color = $teal
fade_on_empty = false
placeholder_text = <span foreground="##$textAlpha"><i>󰌾 Logged in as </i><span foreground="##$tealAlpha">$USER</span></span>
hide_input = false
check_color = $accent
fail_color = $red
fail_text = <i>$FAIL <b>($ATTEMPTS)</b></i>
capslock_color = $yellow
position = 0, -47
halign = center
valign = center
}

2
modules/optionnals/desktop/config/etc/xdg/hypr/hyprpaper.conf
View File

@@ -0,0 +1,2 @@
preload = ~/Downloads/wallpaper.jpeg
wallpaper = , ~/Downloads/wallpaper.jpeg

16
modules/optionnals/desktop/config/etc/xdg/rofi/mpv.rasi Normal file
View File

@@ -0,0 +1,16 @@
@import "launcher.rasi"
window {
width: 50%;
height: 50%;
margin: 0px;
location: center;
anchor: center;
}
mainbox {
children: [inputbar,listview];
}
listview {
columns: 1;
}

12
modules/optionnals/desktop/config/etc/xdg/rofi/ssh.rasi Normal file
View File

@@ -0,0 +1,12 @@
@import "launcher.rasi"
window {
width: 50%;
height: 50%;
margin: 0px;
location: center;
anchor: center;
}
mainbox {
children: [inputbar,listview];
}

7
modules/optionnals/desktop/config/etc/xdg/scripts/rofi-ssh.sh Executable file
View File

@@ -0,0 +1,7 @@
#!/usr/bin/env bash
selected=$(cat ~/.config/zsh/.zsh_history | sed 's/^[ ]*[0-9]*[ ]*//' | grep '^ssh ' | rofi -dmenu -i -theme /etc/xdg/rofi/ssh.rasi -p SSH)
if [[ -n "$selected" ]]; then
kitty -e $selected
fi

26
modules/optionnals/desktop/config/etc/xdg/scripts/waybar-mailbox.sh Executable file
View File

@@ -0,0 +1,26 @@
#!/usr/bin/env bash
_USER=beastie
_PASSWD='}q6658JD~{}{oiRWsb~Q{P@SV=Qsy,ae'
_SERVER=unixyourbrain.org
_FOLDER=Admin
set -e
cd -- "$(dirname -- "$0")"
_DIRNAME="$(pwd)"
### Sourcer à partir des secrets
#source ~/.config/polybar/imap_creds
_COUNT=$(curl -u "$_USER:$_PASSWD" "imaps://$_SERVER" -X "STATUS $_FOLDER (UNSEEN)" 2>/dev/null | \
sed -e 's/)\r//' -e 's/.*UNSEEN //')
_UNSEEN=$(curl -u "$_USER:$_PASSWD" "imaps://$_SERVER/$_FOLDER" -X "SEARCH UNSEEN" 2>/dev/null | \
sed -e "s|\\r||" -e "s|* SEARCH ||" -e "s| |,|g")
_MAILS=$(curl -v -u "$_USER:$_PASSWD" "imaps://$_SERVER/$_FOLDER" -X "FETCH $_UNSEEN BODY.PEEK[HEADER.FIELDS (From Subject)]" 2>&1 | \
sed -e "s|\\r||" | awk '/< Subject|< From/ {sub(/^< /, ""); printf "%s\\n", $0}')
printf '{"text": "%s ", "tooltip": "%s"}' "$_COUNT" "$_MAILS"

2
modules/optionnals/desktop/config/etc/xdg/scripts/update.sh → modules/optionnals/desktop/config/etc/xdg/scripts/waybar-update.sh
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
cd ~/nixos-dotfiles || exit cd ~/nixos/dotfiles || exit
# Obtenir le hash actuel # Obtenir le hash actuel
current_hash=$(nix flake metadata --json 2>/dev/null | jq -r '.locks.nodes.nixpkgs.locked.rev') current_hash=$(nix flake metadata --json 2>/dev/null | jq -r '.locks.nodes.nixpkgs.locked.rev')

31
modules/optionnals/desktop/config/etc/xdg/scripts/wayland-disconnect.sh Executable file
View File

@@ -0,0 +1,31 @@
#!/usr/bin/env bash
selected=$(printf "Lock\0icon\x1fsystem-lock-screen
Update\0icon\x1fsystem-software-update
Shutdown\0icon\x1fsystem-shutdown
Reboot\0icon\x1fsystem-reboot
Exit hyprland\0icon\x1fsystem-log-out
Reload hyprland\0icon\x1fsystem-log-out" | rofi -dmenu -show-icons -i -theme /etc/xdg/rofi/disconnect.rasi -p System)
echo "$selected"
case $selected in
"Lock")
/nix/store/4pwvyyjrc7frwkycbszakd7z6nf44qgv-hyprlock-0.9.2/bin/hyprlock
;;
"Update")
kitty /usr/local/share/dotfiles/scripts/update.sh
;;
"Shutdown")
systemctl poweroff
;;
"Reboot")
reboot
;;
"Exit hyprland")
hyprctl dispatch exit
;;
"Reload hyprland")
hyprctl reload
;;
esac

31
modules/optionnals/desktop/config/etc/xdg/scripts/wayland-mpv.sh Executable file
View File

@@ -0,0 +1,31 @@
#!/usr/bin/env bash
cd -- "$(dirname -- "$0")" || exit
## if not $1
if [[ -z $1 ]]
then
_LINES=$(curl "http://10.0.0.1:2013" 2>/dev/null | sed -e "s|.*<a href=\"\([^\"]*\).*|$1\1|" -e "s/.*<.*\|.*C=D.*\|.*\/\/$\|.*.nfo//" -e "/^$/d")
else
_LINES="$(curl "http://10.0.0.1:2013/$1" 2>/dev/null | sed -e "s|.*<a href=\"\([^\"]*\).*|$1\1|" -e "s/.*<.*\|.*C=D.*\|.*\/\/$\|.*.nfo//" -e "/^$/d")"
fi
_RESULT=$(rofi -dmenu -i -theme /etc/xdg/rofi/mpv.rasi -p Mpv <<< "$_LINES")
# If no output
echo "$_RESULT"
if [[ -z $_RESULT ]]
then
echo "no output, exiting"
exit 0
fi
#if line end vith /
if [[ "$_RESULT" =~ .*/$ ]]
then
echo "output is a directory"
./wayland-mpv.sh "$_RESULT"
exit 0
fi
mpv "http://10.0.0.1:2013/$_RESULT"

111
modules/optionnals/desktop/config/etc/xdg/waybar/config-home-nix.jsonc Normal file
View File

@@ -0,0 +1,111 @@
{
"position": "top",
"reload_style_on_change": true,
"modules-left": [
"custom/logo",
"cpu",
"memory",
"disk",
"network",
"pulseaudio"
],
"modules-center": [
"hyprland/workspaces"
],
"modules-right": [
"custom/alert",
"custom/maj",
"clock",
"tray"
],
"custom/logo": {
"format": "{icon}",
"format-icons": {
"default": "  "
}
},
"cpu": {
"format": "  {usage}% ",
"tooltip": true
},
"memory": {
"format": "  {percentage}% ",
"tooltip": true,
"tooltip-format": "asd: {used:0.2f} G / {total:0.2f} G"
},
"disk": {
"interval": 300,
"format": "  {percentage_used}% ",
"path": "/"
},
"network": {
"format-wifi": "<span size='12000'> 󰤨 </span>{essid} ",
"format-ethernet": "  {ipaddr} ",
"tooltip-format": " 󰅧 {bandwidthUpBytes} 󰅢 {bandwidthDownBytes}",
"format-linked": " 󱘖 {ifname} (No IP) ",
"format-disconnected": "  Disconnected ",
"format-alt": " 󰤨 {signalStrength}% ",
"interval": 1
},
"pulseaudio": {
"format": "{icon}{volume}% ",
"format-muted": " 󰖁 0% ",
"format-icons": {
"headphone": "  ",
"hands-free": "  ",
"headset": "  ",
"phone": "  ",
"portable": "  ",
"car": "  ",
"default": [
"  ",
"  ",
"  "
]
},
"on-click-right": "pavucontrol -t 3",
"on-click": "pactl -- set-sink-mute 0 toggle",
"tooltip": false,
"tooltip-format": "{volume}%",
"scroll-step": 5.0,
},
"hyprland/workspaces": {
"disable-scroll": false,
"all-outputs": false,
"on-click": "activate",
"persistent-workspaces": {
"HDMI-A-1": [1, 2, 3, 4],
"HDMI-A-2": [5, 6, 7, 8],
},
"format": "{name}",
"format-icons": {
"default": ""
}
},
"custom/alert": {
"exec": "/etc/xdg/scripts/waybar-mailbox.sh",
"interval": 300,
"return-type": "json",
"format": "{icon}{text}",
"format-icons": {
"default": "  "
}
},
"custom/maj": {
"exec": "/etc/xdg/scripts/waybar-update.sh",
"interval": 300,
"return-type": "json",
"format": "{icon}{text}",
"format-icons": {
"default": "  "
}
},
"clock": {
"format": "  {:%a %d %H:%M} ",
"tooltip-format": "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>"
},
"tray": {
"icon-size": 18,
"spacing": 6
}
}

22
modules/optionnals/desktop/config/etc/xdg/waybar/config.jsonc → modules/optionnals/desktop/config/etc/xdg/waybar/config-work-nix.jsonc
View File

@@ -7,12 +7,13 @@
"memory", "memory",
"disk", "disk",
"network", "network",
"pulseaudio", "pulseaudio"
], ],
"modules-center": [ "modules-center": [
"hyprland/workspaces" "hyprland/workspaces"
], ],
"modules-right": [ "modules-right": [
"custom/alert",
"custom/maj", "custom/maj",
"clock", "clock",
"tray" "tray"
@@ -34,7 +35,7 @@
}, },
"disk": { "disk": {
"interval": 300, "interval": 300,
"format": "  {percentage_free}% ", "format": "  {percentage_used}% ",
"path": "/" "path": "/"
}, },
"network": { "network": {
@@ -73,17 +74,26 @@
"all-outputs": false, "all-outputs": false,
"on-click": "activate", "on-click": "activate",
"persistent-workspaces": { "persistent-workspaces": {
"HDMI-A-1": [1, 2, 3], "DP-4": [1, 2, 3],
"HDMI-A-2": [4, 5, 6], "DP-5": [4, 5, 6],
"eDP-1": [7, 8, 9], "eDP-1": [7, 8, 9],
}, },
"format": "{name}", "format": "{name}",
"format-icons": { "format-icons": {
"default": "", "default": ""
}
}, },
"custom/alert": {
"exec": "/etc/xdg/scripts/waybar-mailbox.sh",
"interval": 300,
"return-type": "json",
"format": "{icon}{text}",
"format-icons": {
"default": "  "
}
}, },
"custom/maj": { "custom/maj": {
"exec": "/etc/xdg/scripts/update.sh", "exec": "/etc/xdg/scripts/waybar-update.sh",
"interval": 300, "interval": 300,
"return-type": "json", "return-type": "json",
"format": "{icon}{text}", "format": "{icon}{text}",

4
modules/optionnals/desktop/config/etc/xdg/waybar/custom-home-nix.css Normal file
View File

@@ -0,0 +1,4 @@
#workspaces {
padding: 0 5px;
min-width: 152px;
}

4
modules/optionnals/desktop/config/etc/xdg/waybar/custom-work-nix.css Normal file
View File

@@ -0,0 +1,4 @@
#workspaces {
padding: 0 5px;
min-width: 122px;
}

41
modules/optionnals/desktop/config/etc/xdg/waybar/style.css
View File

@@ -1,4 +1,5 @@
@import "colors.css"; @import "colors.css";
@import "custom.css";
* { * {
/*font-family: "Font Awesome 6 Free Solid", "Font Awesome 6 Free Regular", "Font Awesome 6 Brands Regular", "CaskaydiaCove Nerd Font Propo";*/ /*font-family: "Font Awesome 6 Free Solid", "Font Awesome 6 Free Regular", "Font Awesome 6 Brands Regular", "CaskaydiaCove Nerd Font Propo";*/
@@ -23,6 +24,7 @@
#disk, #disk,
#network, #network,
#workspaces, #workspaces,
#custom-alert,
#custom-maj, #custom-maj,
#pulseaudio, #pulseaudio,
#memory, #memory,
@@ -42,11 +44,6 @@
color: @green; color: @green;
} }
#workspaces {
padding: 0 5px;
min-width: 152px;
}
#workspaces button { #workspaces button {
background-color: @overlay0; background-color: @overlay0;
margin: 5px 5px; margin: 5px 5px;
@@ -91,24 +88,40 @@
background: @red; background: @red;
} }
#network { #custom-logo {
color: @pink; color: @red;
}
#pulseaudio {
color: @yellow;
} }
#cpu { #cpu {
color: @blue; color: @peach;
} }
#memory { #memory {
color: @green; color: @maroon;
}
#disk {
color: @pink;
}
#network {
color: @flamingo;
}
#pulseaudio {
color: @rosewater;
}
#custom-alert {
color: @sky;
}
#custom-maj {
color: @sapphire;
} }
#clock { #clock {
color: @red; color: @blue;
} }
#tray { #tray {

18
modules/optionnals/desktop/gaming.nix Normal file
View File

@@ -0,0 +1,18 @@
{
pkgs,
...
}:
{
hardware.graphics.enable32Bit = true;
programs.steam.enable = true;
programs.steam.gamescopeSession.enable = true;
programs.gamemode.enable = true;
environment.systemPackages = with pkgs; [
vulkan-tools
lutris
wine-staging
winetricks
mangohud
protonup-ng
];
}

8
modules/optionnals/desktop/kitty.nix
View File

@@ -18,17 +18,15 @@
}; };
}; };
programs = { programs = {
starship.enable = true; zsh = {
bash = {
promptInit = '' promptInit = ''
[[ "$TERM" == "xterm-kitty" ]] && export TERM="xterm" [[ "$TERM" == "xterm-kitty" ]] && export TERM="xterm-256color"
[[ -f ${pkgs.nitch}/bin/nitch ]] && nitch [[ -f ${pkgs.nitch}/bin/nitch ]] && nitch
if [[ -z $DISPLAY ]] && [[ $(tty) = /dev/tty1 ]]; then if [[ -z $DISPLAY ]] && [[ $(tty) = /dev/tty1 ]]; then
hyprland --config /etc/xdg/hypr/hyprland.conf hyprland --config /etc/xdg/hypr/hyprland.conf
fi fi
''; '';
}; };
starship.enable = true;
}; };
} }

12
modules/optionnals/desktop/nextcloud.nix Normal file
View File

@@ -0,0 +1,12 @@
{
pkgs,
...
}:
{
services.gnome.gnome-keyring.enable = true;
environment.systemPackages = [
pkgs.nextcloud-client
pkgs.seahorse
];
}

24
modules/optionnals/desktop/nvidia.nix
View File

@@ -0,0 +1,24 @@
{
pkgs,
config,
...
}:
{
services.xserver.videoDrivers = [ "nvidia" ];
hardware = {
graphics = {
# enable opengl
enable = true;
enable32Bit = true;
};
nvidia = {
modesetting.enable = true;
powerManagement.enable = false;
powerManagement.finegrained = false;
open = true;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.latest;
};
};
environment.systemPackages = [ pkgs.nvtopPackages.full ];
}

6
modules/optionnals/desktop/packages.nix
View File

@@ -6,8 +6,10 @@
environment.systemPackages = [ environment.systemPackages = [
pkgs.remmina pkgs.remmina
pkgs.mpv pkgs.mpv
pkgs.yt-dlp
pkgs.chromium pkgs.chromium
pkgs.firefox pkgs.firefox
pkgs.thunderbird
pkgs.keepassxc pkgs.keepassxc
pkgs.nwg-look pkgs.nwg-look
pkgs.gimp pkgs.gimp
@@ -22,12 +24,14 @@
pkgs.papirus-icon-theme pkgs.papirus-icon-theme
pkgs.catppuccin-cursors pkgs.catppuccin-cursors
pkgs.catppuccin-gtk pkgs.catppuccin-gtk
pkgs.vscodium pkgs.postman
]; ];
fonts.packages = [ fonts.packages = [
pkgs.nerd-fonts.dejavu-sans-mono pkgs.nerd-fonts.dejavu-sans-mono
pkgs.nerd-fonts.comic-shanns-mono pkgs.nerd-fonts.comic-shanns-mono
pkgs.nerd-fonts.roboto-mono pkgs.nerd-fonts.roboto-mono
pkgs.nerd-fonts.caskaydia-cove pkgs.nerd-fonts.caskaydia-cove
pkgs.nerd-fonts.jetbrains-mono
pkgs.nerd-fonts.fira-code
]; ];
} }

20
modules/optionnals/desktop/pipewire.nix Normal file
View File

@@ -0,0 +1,20 @@
{
lib,
config,
pkgs,
...
}:
{
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
environment.systemPackages = with pkgs; [
pavucontrol
pulseaudio # for pactl
easyeffects
];
}

72
modules/optionnals/desktop/rofi.nix
View File

@@ -6,78 +6,6 @@
environment = { environment = {
etc = { etc = {
"xdg/rofi".source = ./config/etc/xdg/rofi; "xdg/rofi".source = ./config/etc/xdg/rofi;
"xdg/scripts/wayland-disconnect.sh" = {
text = ''
#!/usr/bin/env bash
selected=$(printf "Lock\0icon\x1fsystem-lock-screen
Update\0icon\x1fsystem-software-update
Shutdown\0icon\x1fsystem-shutdown
Reboot\0icon\x1fsystem-reboot
Exit hyprland\0icon\x1fsystem-log-out
Reload hyprland\0icon\x1fsystem-log-out" | ${pkgs.rofi}/bin/rofi -dmenu -show-icons -i -theme /etc/xdg/rofi/disconnect.rasi -p System)
echo "$selected"
case $selected in
"Lock")
${pkgs.hyprlock}/bin/hyprlock
;;
"Update")
kitty /usr/local/share/dotfiles/scripts/update.sh
;;
"Shutdown")
systemctl poweroff
;;
"Reboot")
reboot
;;
"Exit hyprland")
hyprctl dispatch exit
;;
"Reload hyprland")
hyprctl reload
;;
esac
'';
mode = "0755";
};
"xdg/scripts/wayland-mpv.sh" = {
text = ''
#!/usr/bin/env bash
cd -- "$(dirname -- "$0")" || exit
## if not $1
if [[ -z $1 ]]
then
_LINES=$(curl "http://10.0.0.1:2013" 2>/dev/null | sed -e "s|.*<a href=\"\([^\"]*\).*|$1\1|" -e "s/.*<.*\|.*C=D.*\|.*\/\/$\|.*.nfo//" -e "/^$/d")
else
_LINES="$(curl "http://10.0.0.1:2013/$1" 2>/dev/null | sed -e "s|.*<a href=\"\([^\"]*\).*|$1\1|" -e "s/.*<.*\|.*C=D.*\|.*\/\/$\|.*.nfo//" -e "/^$/d")"
fi
_RESULT=$(${pkgs.rofi}/bin/rofi -dmenu -config /etc/xdg/rofi/config.rasi -i <<< "$_LINES")
# If no output
echo "$_RESULT"
if [[ -z $_RESULT ]]
then
echo "no output, exiting"
exit 0
fi
#if line end vith /
if [[ "$_RESULT" =~ .*/$ ]]
then
echo "output is a directory"
./wayland-mpv.sh "$_RESULT"
exit 0
fi
mpv "http://10.0.0.1:2013/$_RESULT"
'';
mode = "0755";
};
}; };
}; };
} }

145
modules/optionnals/desktop/starship.nix
View File

@@ -1,16 +1,88 @@
{ {
pkgs,
... ...
}: }:
{ {
environment.sessionVariables = {
KUBECONFIG = "$HOME/.kube/config";
};
programs.starship = { programs.starship = {
enable = true; enable = true;
settings = { settings = {
add_newline = true; add_newline = true;
command_timeout = 1300; command_timeout = 1300;
scan_timeout = 50; scan_timeout = 50;
format = "$hostname$username$directory[](bg:pink fg:green)$nix_shell$git_branch$git_status[ ](bg:pink)[](fg:pink)$line_break$character"; format = "[](fg:surface1)$hostname$username$directory$git_branch$git_status[](fg:base bg:sky)$fill$kubernetes$time[ ](fg:surface1)$line_break[ ](fg:surface1)";
right_format = "[](fg:surface1)";
palette = "catppuccin_frappe"; palette = "catppuccin_frappe";
hostname = {
ssh_only = false;
format = "[](bg:base fg:mauve)[ $hostname ](bg:mauve fg:base)[](bg:mauve fg:blue)";
disabled = false;
};
username = {
style_user = "bg:blue fg:base";
style_root = "bg:red fg:base bold";
format = "[ $user ]($style)[](bg:blue fg:sapphire)";
show_always = true;
disabled = false;
};
directory = {
format = "[ $path ](bg:sapphire fg:base)[](bg:sapphire fg:sky)";
truncation_length = 3;
truncation_symbol = "/";
};
directory.substitutions = {
Documents = "󰈙 Documents";
Downloads = " Downloads";
Music = "󰝚 Music";
Pictures = " Pictures";
Developer = "󰲋 Developer";
};
git_branch = {
symbol = " ";
format = "[ $symbol$branch(:$remote_branch) ](fg:base bg:sky)";
disabled = false;
};
git_status = {
format = "([$all_status$ahead_behind ](fg:base bg:sky))";
conflicted = "😵";
ahead = "";
behind = "";
diverged = "😵";
up_to_date = "";
untracked = "";
stashed = "📦";
modified = "";
#staged = "[($count)](fg:base bg:sapphire)"
staged = "";
renamed = "";
deleted = "";
disabled = false;
};
kubernetes = {
disabled = false;
format = "[](fg:blue bg:base)[ ($namespace)/($cluster) ](fg:base bg:blue)[](bg:blue fg:mauve)";
};
time = {
disabled = false;
format = "[ $time ](fg:base bg:mauve)";
time_format = "%R";
utc_time_offset = "2";
};
fill = {
symbol = "";
style = "surface1";
};
palettes.catppuccin_frappe = { palettes.catppuccin_frappe = {
rosewater = "#f2d5cf"; rosewater = "#f2d5cf";
flamingo = "#eebebe"; flamingo = "#eebebe";
@@ -39,75 +111,6 @@
mantle = "#292c3c"; mantle = "#292c3c";
crust = "#232634"; crust = "#232634";
}; };
hostname = {
ssh_only = false;
ssh_symbol = "󰣀";
format = "(bg:blue fg:base)[ $ssh_symbol $hostname ](bg:blue fg:base)[](bg:teal fg:blue)";
trim_at = "companyname.com";
disabled = false;
};
username = {
show_always = true;
style_user = "bg:teal fg:base";
style_root = "bg:red fg:base";
format = "[ $user ]($style)[](bg:green fg:teal)";
};
directory = {
style = "bg:green fg:base";
format = "[ $path ]($style)";
truncation_length = 3;
truncation_symbol = "/";
};
nix_shell = {
disabled = false;
impure_msg = "[impure shell](bold red)";
pure_msg = "[pure shell](bold green)";
unknown_msg = "[unknown shell](bold yellow)";
format = "[ ($name)](bold bg:pink fg:base)";
};
directory.substitutions = {
Documents = "󰈙 ";
Downloads = " Downloads";
Music = "󰝚 ";
Pictures = " ";
Developer = "󰲋 ";
};
git_branch = {
symbol = "";
style = "bg: pink";
format = "[[ $symbol $branch ](bg:pink fg:base)]($style)";
};
git_status = {
style = "bg:pink fg:base";
format = "([$modified$untracked$ahead_behind]($style))";
ahead = "";
behind = "";
modified = "";
untracked = "";
up_to_date = "";
};
line_break = {
disabled = false;
};
character = {
disabled = false;
success_symbol = "[](bold fg:green)";
error_symbol = "[](bold fg:red)";
vimcmd_symbol = "[](bold fg:creen)";
vimcmd_replace_one_symbol = "[](bold fg:purple)";
vimcmd_replace_symbol = "[](bold fg:purple)";
vimcmd_visual_symbol = "[](bold fg:lavender)";
};
}; };
}; };
} }

7
modules/optionnals/desktop/virt-manager.nix Normal file
View File

@@ -0,0 +1,7 @@
{
...
}:
{
programs.virt-manager.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
}

32
modules/optionnals/desktop/wayland.nix
View File

@@ -1,6 +1,7 @@
{ {
hostname, hostname,
pkgs, pkgs,
username,
... ...
}: }:
{ {
@@ -27,13 +28,32 @@
"xdg/hypr/hyprland-host.conf".source = ./config/etc/xdg/hypr/hyprland-${hostname}.conf; "xdg/hypr/hyprland-host.conf".source = ./config/etc/xdg/hypr/hyprland-${hostname}.conf;
"xdg/hypr/hyprlock.conf".source = ./config/etc/xdg/hypr/hyprlock.conf; "xdg/hypr/hyprlock.conf".source = ./config/etc/xdg/hypr/hyprlock.conf;
"xdg/hypr/hyprpaper.conf".source = ./config/etc/xdg/hypr/hyprpaper.conf; "xdg/hypr/hyprpaper.conf".source = ./config/etc/xdg/hypr/hyprpaper.conf;
"xdg/hypr/rofi.conf" = { "xdg/waybar/colors.css".source = ./config/etc/xdg/waybar/colors.css;
text = '' "xdg/waybar/config.jsonc".source = ./config/etc/xdg/waybar/config-${hostname}.jsonc;
$rofi = ${pkgs.rofi}/bin/rofi -show drun -show-icons -config /etc/xdg/rofi/config.rasi "xdg/waybar/style.css".source = ./config/etc/xdg/waybar/style.css;
''; "xdg/waybar/custom.css".source = ./config/etc/xdg/waybar/custom-${hostname}.css;
"xdg/scripts/rofi-ssh.sh".source = ./config/etc/xdg/scripts/rofi-ssh.sh;
"xdg/scripts/waybar-mailbox.sh".source = ./config/etc/xdg/scripts/waybar-mailbox.sh;
"xdg/scripts/waybar-update.sh".source = ./config/etc/xdg/scripts/waybar-update.sh;
"xdg/scripts/wayland-disconnect.sh".source = ./config/etc/xdg/scripts/wayland-disconnect.sh;
"xdg/scripts/wayland-mpv.sh".source = ./config/etc/xdg/scripts/wayland-mpv.sh;
};
};
sops = {
secrets = {
"ldap_unxiyourbrain/username" = {
owner = "${username}";
};
"ldap_unxiyourbrain/password" = {
owner = "${username}";
};
"ldap_unxiyourbrain/server" = {
owner = "${username}";
};
"ldap_unxiyourbrain/folder" = {
owner = "${username}";
}; };
"xdg/waybar".source = ./config/etc/xdg/waybar;
"xdg/scripts/update.sh".source = ./config/etc/xdg/scripts/update.sh;
}; };
}; };
} }

121
modules/optionnals/hosts/home-nix.nix
View File

@@ -1,19 +1,136 @@
{ {
config,
pkgs,
... ...
}: }:
{ {
imports = [ imports = [
../sops-desktop.nix #../ai.nix
../sudo-nopasswd.nix
../autologin.nix ../autologin.nix
../k8s.nix
../libvirt.nix
../openfortivpn.nix
../options.nix
../packages.nix
../sops-desktop.nix
../ssh.nix ../ssh.nix
../sudo-nopasswd.nix
../wakeonlan.nix
### Import GUI modules ### Import GUI modules
../desktop/code.nix
../desktop/dunst.nix ../desktop/dunst.nix
../desktop/gaming.nix
../desktop/kitty.nix ../desktop/kitty.nix
../desktop/nextcloud.nix
../desktop/packages.nix ../desktop/packages.nix
../desktop/pipewire.nix
../desktop/qwerty-fr.nix ../desktop/qwerty-fr.nix
../desktop/rofi.nix ../desktop/rofi.nix
../desktop/starship.nix
../desktop/virt-manager.nix
../desktop/wayland.nix ../desktop/wayland.nix
### Import Graphics modules
../desktop/nvidia.nix
]; ];
my.laninterface = "enp5s0";
my.ipv4address = "192.168.0.2";
my.ipv4netmask = 24;
my.ipv4gateway = "192.168.0.254";
sops = {
secrets = {
"wireguard_home/publickey" = { };
"wireguard_home/presharedkey" = { };
"wireguard_home/privatekey" = { };
};
};
#services.resolved.enable = false;
networking = {
#useNetworkd = true;
#useHostResolvConf = false;
interfaces.${config.my.laninterface} = {
ipv4.addresses = [
{
address = config.my.ipv4address;
prefixLength = config.my.ipv4netmask;
}
];
};
defaultGateway = {
address = config.my.ipv4gateway;
interface = config.my.laninterface;
};
nameservers = [
#"9.9.9.9"
"10.0.0.1"
"2001:41d0:303:20da::1"
"217.182.138.218"
];
extraHosts = ''
#172.18.229.240 test-mycarto.grandbesancon.fr
172.18.21.172 errorpages.grandbesancon.fr
#172.18.23.4 dozzle.grandbesancon.fr
#172.18.22.206 toto.grandbesancon.fr
#172.18.229.3 sso.grandbesancon.fr
#172.18.20.37 sso.grandbesancon.fr
#172.18.20.229 auth.grandbesancon.fr
#172.18.20.181 traefikauth.grandbesancon.fr
'';
wireguard = {
interfaces = {
wg0 = {
ips = [
"fc00::2/56"
"10.0.0.2/16"
];
listenPort = 51820;
privateKeyFile = config.sops.secrets."wireguard_home/privatekey".path;
peers = [
{
publicKey = "X8D/RhwjpFYXm2DbtC0wY39TrFkdaw7RA7kHhbmOXnw=";
presharedKeyFile = config.sops.secrets."wireguard_home/presharedkey".path;
allowedIPs = [
"fc00::0/56"
"10.0.0.0/16"
"10.1.0.0/16"
];
endpoint = "[2001:41d0:303:20da::1]:51820";
persistentKeepalive = 15;
}
];
};
};
};
};
sops.secrets."home-nix/myipv6address" = { };
systemd.services.ipv6-setup = {
description = "Configure IPv6";
after = [
"network.target"
"sops-nix.service"
];
wants = [ "sops-nix.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = pkgs.writeShellScript "setup-ipv6" ''
${pkgs.iproute2}/bin/ip -6 addr add $(cat ${
config.sops.secrets."home-nix/myipv6address".path
})/64 dev ${config.my.laninterface} || true
'';
};
};
environment.systemPackages = [
pkgs.tor-browser
];
} }

73
modules/optionnals/hosts/test-kvm.nix
View File

@@ -1,4 +1,5 @@
{ {
pkgs,
... ...
}: }:
{ {
@@ -6,14 +7,70 @@
../sops-desktop.nix ../sops-desktop.nix
../sudo-nopasswd.nix ../sudo-nopasswd.nix
../autologin.nix ../autologin.nix
../ssh.nix ../packages.nix
### Import GUI modules ## Server
../desktop/dunst.nix ../server/starship.nix
../desktop/kitty.nix ../server/wireguard-ui.nix
../desktop/packages.nix
../desktop/qwerty-fr.nix
../desktop/rofi.nix
../desktop/wayland.nix
]; ];
## Enable virtualisation guest settings
services.qemuGuest.enable = true;
services.spice-vdagentd.enable = true;
services.xserver = {
videoDrivers = [ "modesetting" ]; # Driver vidéo optimisé pour QEMU/KVM
};
environment.systemPackages = [
pkgs.spice-gtk # Outils SPICE
pkgs.spice-protocol # Protocoles SPICE
];
systemd.network.links."10-eth0" = {
matchConfig.MACAddress = "52:54:00:a3:d7:56";
linkConfig.Name = "eth0";
};
systemd.network.netdevs."10-dummy0" = {
netdevConfig = {
Kind = "dummy";
Name = "dummy0";
};
};
networking = {
useNetworkd = true;
useDHCP = false;
interfaces = {
dummy0 = {
ipv4.addresses = [
{
address = "192.168.2.1";
prefixLength = 24;
}
];
};
eth0 = {
ipv4.addresses = [
{
address = "192.168.122.10";
prefixLength = 24;
}
];
};
};
defaultGateway = {
address = "192.168.122.1";
interface = "eth0";
};
nameservers = [
#"9.9.9.9"
"2001:41d0:303:20da::1"
"217.182.138.218"
];
extraHosts = ''
172.18.21.172 errorpages.grandbesancon.fr
'';
};
} }

24
modules/optionnals/hosts/work-nix.nix
View File

@@ -1,23 +1,43 @@
{ {
username,
... ...
}: }:
{ {
imports = [ imports = [
../sops-desktop.nix
../sudo-nopasswd.nix
../autologin.nix ../autologin.nix
../k8s.nix
../libvirt.nix
../openfortivpn.nix
../packages.nix
../sops-desktop.nix
../ssh.nix ../ssh.nix
../sudo-nopasswd.nix
### Import GUI modules ### Import GUI modules
../desktop/amd.nix
../desktop/code.nix
../desktop/dunst.nix ../desktop/dunst.nix
../desktop/kitty.nix ../desktop/kitty.nix
../desktop/packages.nix ../desktop/packages.nix
../desktop/pipewire.nix
../desktop/qwerty-fr.nix ../desktop/qwerty-fr.nix
../desktop/rofi.nix ../desktop/rofi.nix
../desktop/starship.nix ../desktop/starship.nix
../desktop/virt-manager.nix
../desktop/wayland.nix ../desktop/wayland.nix
### Import Graphics modules ### Import Graphics modules
../desktop/amd.nix ../desktop/amd.nix
]; ];
networking = {
networkmanager.enable = true;
extraHosts = ''
carto-interavtive 172.18.20.134
'';
};
users.users.${username} = {
extraGroups = [ "networkmanager" ];
};
programs.nm-applet.enable = true;
} }

22
modules/optionnals/k8s.nix Normal file
View File

@@ -0,0 +1,22 @@
{
pkgs,
...
}:
{
environment.systemPackages = [
pkgs.kubectl
pkgs.kubernetes-helm
pkgs.k9s # Interface TUI pour Kubernetes
pkgs.kubectx # Changement rapide de contexte
pkgs.kustomize
];
programs.zsh.promptInit = ''
# kubectl
source <(kubectl completion zsh)
alias k=kubectl
alias h=helm
alias kn=kubens
compdef __start_kubectl k
compdef __start_helm h
'';
}

22
modules/optionnals/libvirt.nix Normal file
View File

@@ -0,0 +1,22 @@
{
pkgs,
username,
...
}:
{
virtualisation = {
libvirtd = {
enable = true;
qemu = {
package = pkgs.qemu_full;
#package = pkgs.qemu;
runAsRoot = true;
swtpm.enable = true;
};
};
};
users.users.${username} = {
extraGroups = [ "libvirtd" ];
};
}

112
modules/optionnals/openfortivpn.nix Normal file
View File

@@ -0,0 +1,112 @@
{
config,
pkgs,
...
}:
let
openfortivpn-addroute = pkgs.writeShellScript "openfortivpn-addroute.sh" ''
sleep 2
${pkgs.iproute2}/bin/ip route add 172.16.0.0/12 dev ppp0
${pkgs.iproute2}/bin/ip route del default
${pkgs.iproute2}/bin/ip route add default via 192.168.0.254
${pkgs.coreutils-full}/bin/cat << EOF > /etc/resolv.conf
search ville.besancon
nameserver 172.18.96.1
nameserver 172.18.96.2
EOF
'';
openfortivpn-delroute = pkgs.writeShellScript "openfortivpn-delroute.sh" ''
sleep 2
${pkgs.coreutils-full}/bin/cat << EOF > /etc/resolv.conf
nameserver 10.0.0.1
nameserver 2001:41d0:303:20da::1
nameserver 217.182.138.218
nameserver 9.9.9.9
EOF
'';
myMount = description: what: where: {
inherit description what where;
type = "cifs";
options = "credentials=${config.sops.templates."gbmshares-secrets".path},uid=beastie,gid=users";
};
myAutoMount = description: where: {
inherit description where;
requires = [ "network-online.target" ];
after = [ "network-online.service" ];
wantedBy = [ "multi-user.target" ];
automountConfig = {
TimeoutIdleSec = 30;
};
};
in
{
sops = {
secrets = {
"ldap_GBM/username" = { };
"ldap_GBM/password" = { };
"ldap_GBM/domain" = { };
"openfortivpn/host" = { };
"openfortivpn/port" = { };
};
templates = {
"openfortivpn.conf" = {
content = ''
host = ${config.sops.placeholder."openfortivpn/host"}
port = ${config.sops.placeholder."openfortivpn/port"}
username = ${config.sops.placeholder."ldap_GBM/username"}
password = ${config.sops.placeholder."ldap_GBM/password"}
'';
mode = "0600";
owner = "root";
};
"gbmshares-secrets" = {
content = ''
username=${config.sops.placeholder."ldap_GBM/username"}
password=${config.sops.placeholder."ldap_GBM/password"}
domain=${config.sops.placeholder."ldap_GBM/domain"}
'';
mode = "0600";
owner = "root";
};
};
};
environment.systemPackages = [
pkgs.openfortivpn
pkgs.cifs-utils
];
systemd.services."openfortivpn" = {
enable = true;
#wantedBy = lib.mkForce [ ];
unitConfig = {
Description = "OpenFortiVPN";
After = "network-online.target";
Wants = "network-online.target systemd-networkd-wait-online.service";
Documentation = [
"man:openfortivpn(1) https://github.com/adrienverge/openfortivpn#readme https://github.com/adrienverge/openfortivpn/wiki"
];
};
serviceConfig = {
Type = "notify";
PrivateTmp = "true";
ExecStart = "${pkgs.openfortivpn}/bin/openfortivpn --no-dns -c ${config.sops.templates."openfortivpn.conf".path}";
ExecStartPost = "${openfortivpn-addroute}";
ExecStopPost = "${openfortivpn-delroute}";
Restart = "on-failure";
#OOMScoreAdjust = "-100";
};
};
systemd.mounts = [
(myMount "GBM Perso" "//vf-mc2-sfic06.ville.besancon/usr_s$/SALVIJER/Mes Documents"
"/gbmshares/perso"
)
(myMount "GBM Services" "//vf-mc2-sfic06.ville.besancon/08TIC" "/gbmshares/services")
];
systemd.automounts = [
(myAutoMount "GBM Perso automount" "/gbmshares/perso")
(myAutoMount "GBM Services automount" "/gbmshares/services")
];
}

26
modules/optionnals/options.nix Normal file
View File

@@ -0,0 +1,26 @@
{
lib,
...
}:
{
options.my.laninterface = lib.mkOption {
type = lib.types.str;
default = "enp5s0";
};
options.my.ipv4address = lib.mkOption {
type = lib.types.str;
default = "127.0.0.1";
};
options.my.ipv4netmask = lib.mkOption {
type = lib.types.int;
default = 8;
};
options.my.ipv4gateway = lib.mkOption {
type = lib.types.str;
default = "127.0.0.254";
};
options.my.wolipv6address = lib.mkOption {
type = lib.types.str;
default = "fc::0";
};
}

13
modules/optionnals/packages.nix Normal file
View File

@@ -0,0 +1,13 @@
{
pkgs,
...
}:
{
# Définition du bloc d'options pour l'environnement de système
environment = {
# Liste des paquets à installer dans le système
systemPackages = [
pkgs.pwgen # Générateur de mots de passe
];
};
}

101
modules/optionnals/server/starship.nix Normal file
View File

@@ -0,0 +1,101 @@
{
...
}:
{
environment.sessionVariables = {
KUBECONFIG = "$HOME/.kube/config";
};
programs.starship = {
enable = true;
settings = {
add_newline = true;
command_timeout = 1300;
scan_timeout = 50;
format = "[](fg:surface1)$hostname$username$directory$git_branch$git_status[](fg:base bg:sky)$fill$kubernetes$time[ ](fg:surface1)$line_break[ ](fg:surface1)";
right_format = "[](fg:surface1)";
palette = "catppuccin_frappe";
hostname = {
ssh_only = false;
format = "[](bg:base fg:mauve)[ $hostname ](bg:mauve fg:base)[](bg:mauve fg:blue)";
disabled = false;
};
username = {
style_user = "bg:blue fg:base";
style_root = "bg:red fg:base bold";
format = "[ $user ]($style)[](bg:blue fg:sapphire)";
show_always = true;
disabled = false;
};
directory = {
format = "[ $path ](bg:sapphire fg:base)[](bg:sapphire fg:sky)";
truncation_length = 3;
truncation_symbol = "/";
};
git_branch = {
symbol = " ";
format = "[ $symbol$branch(:$remote_branch) ](fg:base bg:sky)";
disabled = false;
};
git_status = {
format = "([$all_status$ahead_behind ](fg:base bg:sky))";
conflicted = "😵";
ahead = "";
behind = "";
diverged = "😵";
up_to_date = "";
untracked = "";
stashed = "📦";
modified = "";
#staged = "[($count)](fg:base bg:sapphire)"
staged = "";
renamed = "";
deleted = "";
disabled = false;
};
fill = {
symbol = "";
style = "surface1";
};
kubernetes = {
disabled = false;
format = "[](fg:blue bg:base)[ ($namespace)/($cluster) ](fg:base bg:blue)[](bg:blue fg:mauve)";
};
palettes.catppuccin_frappe = {
rosewater = "#f2d5cf";
flamingo = "#eebebe";
pink = "#f4b8e4";
mauve = "#ca9ee6";
red = "#e78284";
maroon = "#ea999c";
peach = "#ef9f76";
yellow = "#e5c890";
green = "#a6d189";
teal = "#81c8be";
sky = "#99d1db";
sapphire = "#85c1dc";
blue = "#8caaee";
lavender = "#babbf1";
text = "#c6d0f5";
subtext1 = "#b5bfe2";
subtext0 = "#a5adce";
overlay2 = "#949cbb";
overlay1 = "#838ba7";
overlay0 = "#737994";
surface2 = "#626880";
surface1 = "#51576d";
surface0 = "#414559";
base = "#303446";
mantle = "#292c3c";
crust = "#232634";
};
};
};
}

97
modules/optionnals/server/wireguard-ui.nix Normal file
View File

@@ -0,0 +1,97 @@
{
pkgs,
...
}:
{
environment.systemPackages = [
pkgs.wireguard-tools
pkgs.wireguard-ui
];
users.users.wireguard-ui = {
isSystemUser = true;
group = "wireguard-ui";
home = "/var/lib/wireguard-ui";
createHome = true;
description = "WireGuard UI service user";
};
users.groups.wireguard-ui = { };
systemd = {
tmpfiles.rules = [
"d /etc/wireguard 0750 wireguard-ui wireguard-ui -"
"d /var/lib/wireguard-ui 0750 wireguard-ui wireguard-ui -"
];
services = {
wg-quick-wg0 = {
description = "WireGuard via wg-quick(8) for wg0";
after = [
"network-online.target"
"wireguard-ui.service"
];
wants = [ "network-online.target" ];
wantedBy = [
"multi-user.target"
"sshd.service"
];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.wireguard-tools}/bin/wg-quick up wg0";
ExecStop = "${pkgs.wireguard-tools}/bin/wg-quick down wg0";
ExecReload = "${pkgs.bash}/bin/bash -c 'exec ${pkgs.wireguard-tools}/bin/wg syncconf wg0 <(exec ${pkgs.wireguard-tools}/bin/wg-quick strip wg0)'";
Environment = [ "WG_ENDPOINT_RESOLUTION_RETRIES=infinity" ];
};
};
wireguard-ui = {
description = "WireGuard UI";
documentation = [ "https://github.com/ngoduykhanh/wireguard-ui" ];
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${pkgs.wireguard-ui}/bin/wireguard-ui";
Restart = "on-failure";
WorkingDirectory = "/var/lib/wireguard-ui";
StateDirectory = "wireguard-ui";
User = "wireguard-ui";
Group = "wireguard-ui";
ReadWritePaths = [
"/var/lib/wireguard-ui"
"/etc/wireguard"
];
Environment = [
# "WGUI_ENDPOINT_ADDRESS=${config.custom.wireguard-ui.endpointAddress}"
# "WGUI_DNS=${config.custom.wireguard-ui.dns}"
];
AmbientCapabilities = "CAP_NET_ADMIN";
};
};
wg-quick-wg0-reload = {
description = "Reload WireGuard config";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.systemd}/bin/systemctl reload wg-quick-wg0.service";
};
};
};
paths.wg-quick-wg0-reload = {
description = "Watch /etc/wireguard/wg0.conf for changes";
wantedBy = [ "multi-user.target" ];
pathConfig = {
PathModified = "/etc/wireguard/wg0.conf";
};
};
};
networking.firewall.allowedTCPPorts = [ 5000 ];
networking.firewall.allowedUDPPorts = [ 51820 ];
}

12
modules/optionnals/sops-desktop.nix
View File

@@ -18,8 +18,6 @@ in
}; };
secrets = { secrets = {
"ldap_password/beastie" = {
};
"users_password/beastie" = { "users_password/beastie" = {
neededForUsers = true; neededForUsers = true;
}; };
@@ -63,6 +61,16 @@ in
mode = "0600"; mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore"; path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore";
}; };
"ssh_keys/wol_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_wol";
};
"ssh_keys/wol_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_wol.priv";
};
}; };
}; };
} }

4
modules/optionnals/ssh.nix
View File

@@ -14,6 +14,10 @@
PreferredAuthentications publickey PreferredAuthentications publickey
IdentityFile ~/.ssh/id_ecdsa_ansible IdentityFile ~/.ssh/id_ecdsa_ansible
Match User gitea
PreferredAuthentications publickey,password
IdentityFile ~/.ssh/id_ed25519
Match User gitea Host git.unixyourbrain.org Match User gitea Host git.unixyourbrain.org
PreferredAuthentications publickey,password PreferredAuthentications publickey,password
IdentityFile ~/.ssh/id_ed25519_beastie IdentityFile ~/.ssh/id_ed25519_beastie

47
modules/optionnals/wakeonlan.nix Normal file
View File

@@ -0,0 +1,47 @@
{
config,
pkgs,
hostname,
...
}:
{
systemd.services."wol${config.my.laninterface}" = {
description = "Wake-on-LAN for ${config.my.laninterface}";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.ethtool}/bin/ethtool -s ${config.my.laninterface} wol g";
RandomizedDelaySec = "30s";
};
};
environment.systemPackages = [ pkgs.ethtool ];
my.wolipv6address = "2a01:e0a:9cc:99d0:8f3a:6b2c:41d7:e9f5";
boot.initrd = {
network = {
enable = true;
ssh = {
enable = true;
port = 65234;
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2+PXfG/37rsvcVr2RAHzXmGHMr8+8iBH//1YS+zWd3"
]; # ta clé publique
hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ];
};
postCommands = ''
ip -6 addr add ${config.my.wolipv6address}/64 dev ${config.my.laninterface}
ip -6 route add default via fe80::224:d4ff:fea5:65bd dev ${config.my.laninterface}
'';
};
availableKernelModules = [ "r8169" ];
};
boot = {
kernelParams = [
"ip=${config.my.ipv4address}::255.255.255.0:${config.my.ipv4gateway}:${hostname}:${config.my.laninterface}:off"
];
};
}