gros menage chez hackens milieu

hosts/milieu/configuration.nix

@@ -8,7 +8,6 @@
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
-      ../../shared/nur.nix
       ../../profiles/shared-hackens
     ];
 
@@ -23,6 +22,7 @@
 
   networking.hostName = "hackens-milieu"; # Define your hostname.
 
+  boot.kernelPackages = pkgs.linuxPackages_5_15;
 
   # The global useDHCP flag is deprecated, therefore explicitly set to false here.
   # Per-interface useDHCP will be mandatory in the future, so this generated config

hosts/milieu/hardware-configuration.nix

@@ -13,6 +13,8 @@
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
+  # boot.kernelParams = [ "nomodeset" ];
+
   fileSystems."/" =
     { device = "/dev/disk/by-label/nixos-root";
       fsType = "btrfs";

nur.nix

@@ -1,9 +0,0 @@
-{ pkgs, config, lib, ... }:
-{
-  imports = [
-    ../myModules
-  ];
-  nixpkgs.config.packageOverrides = {
-    hackens = import ./myPkgs { inherit pkgs; };
-  };
-}

profiles/shared-hackens/backups.nix

@@ -1,11 +0,0 @@
-{ pkgs, ... }: {
-  # BorgBackup repositories
-  services.borgbackup.repos = {
-    hackens-desktop = {
-      authorizedKeys = [
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDcKULx/AgnqBsgwRX2BfV8waq6JXIkvZHhu9Y8paofM8awq6Om56BZoA7AV45YOcJxO/eFDOxSegXXmt22s4WjIf8I049aMdsW54BNpFpC/h18cMzm5ylKVGHl1ier/WXxpBsA8YU++YdRlGHPpKnhCtYLnBzD4Q5h+05GMIHismNZP1aGpE9s01FuP8eaDDkZUba7oSpn03AA77DBw4/2ZreSbqo96Z6WwiG09KeZvxFtEIk98EQtmiExB2fwsK3/JIxIBCoZHh4SzERcslxxGgzdppd6NhhSh7g523zhiihLaTAPNXBovGm5wcKOU9uWe+pUWEbwV04E+809aVbkJOdYBCtIf8M91meqpupA8jK38uquePHEFvpNr5UmY0qUlJCoqTvoqg9XgrfJVjlPEmYknj/QjQzkA4k19y8njsyEjnYOBL6tsztg6Igl+NZXjBAPuAzxCsfHOtWw1WM5gANwqOL0V9f7+14yST3HwweqjHRj4xky6ritxK+ujfc= hackens@hackens-desktop-1"
-      ];
-      path = "/var/backups/hackens-desktop";
-    };
-  };
-}

profiles/shared-hackens/default.nix

@@ -1,24 +1,13 @@
 { pkgs, ... }: {
   imports = [
-    ./system.nix
-    ./backups.nix
-    ./vpn-network
-    ./hosts.nix
-    ./syncthing.nix
-    ./programs.nix
-    ./audio.nix
-    ./mosquitto.nix
-    ./graphics.nix
-    ./monitoring.nix
-    ./users.nix
-    ./i18n.nix
-    ./vim.nix
-    ./dns.nix
-    ./nightworker.nix
-    ./ssd.nix
     ./aarch64.nix
-    ./latex.nix
+    ./audio.nix
+    ./dns
     ./gnome.nix
-    # ./netboot-server.nix # -- fix quick xyz mode.
+    ./i18n.nix
+    ./programs.nix
+    ./system.nix
+    ./users.nix
+    ./vim.nix
   ];
 }

profiles/shared-hackens/dns/default.nix

@@ -15,7 +15,7 @@ in
       ipv6_servers = true;
       require_dnssec = true;
 
-      forwarding_rules = ./dns/forwarding.txt;
+      forwarding_rules = ./forwarding.txt;
 
       query_log = if debugDNS then {
         file = "/dev/stdout";

profiles/shared-hackens/gnome.nix

@@ -5,4 +5,6 @@
     displayManager.gdm.enable = true;
     desktopManager.gnome.enable = true;
   };
+  services.xserver.layout = "fr";
+  services.autorandr.enable = true;
 }

profiles/shared-hackens/graphics.nix

@@ -1,10 +0,0 @@
-{ pkgs, ... }:
-{
-  imports = [ ./i3.nix ];
-
-  # Enable the X11 windowing system.
-  services.xserver.enable = true;
-  services.xserver.layout = "fr";
-
-  services.autorandr.enable = true;
-}

profiles/shared-hackens/hosts.nix

@@ -1,3 +0,0 @@
-{ pkgs, ... }:
-{
-}

profiles/shared-hackens/i3.nix

@@ -1,51 +0,0 @@
-{ pkgs, config, lib, ... }:
-{
-  environment.pathsToLink = [ "/libexec" ];
-  environment.sessionVariables.TERMINAL = [ "kitty" ];
-  environment.variables = {
-    TERMINAL = "kitty";
-    BROWSER = "firefox";
-  };
-  services.xserver = {
-    displayManager = lib.mkIf (!config.services.xserver.displayManager.gdm.enable) {
-      autoLogin = {
-        enable = true;
-        user = "hackens";
-      };
-    };
-
-    windowManager.i3 = {
-      enable = true;
-      extraSessionCommands = ''
-        ${pkgs.xorg.xset}/bin/xset r rate 200 50
-      '';
-      extraPackages = with pkgs; [
-        rofi
-        dunst
-        i3status-rust
-        i3lock
-        kitty
-      ];
-    };
-  };
-
-  fonts.fonts = with pkgs; [
-    hack-font
-    noto-fonts
-    noto-fonts-cjk
-    noto-fonts-emoji
-    liberation_ttf
-    fira-code
-    fira-code-symbols
-    dina-font
-    proggyfonts
-    powerline-fonts
-    font-awesome
-  ];
-
-  services.picom = {
-    enable = true;
-    vSync = true;
-  };
-}
-

profiles/shared-hackens/kde.nix

@@ -1,6 +0,0 @@
-{ ... }:
-{
-    # Enable the KDE Desktop Environment.
-  services.xserver.displayManager.sddm.enable = true;
-  services.xserver.desktopManager.plasma5.enable = true;
-}

profiles/shared-hackens/latex.nix

@@ -1,4 +0,0 @@
-{ pkgs, ... }:
-{
-  environment.systemPackages = [ pkgs.texlive.combined.scheme-full ];
-}

profiles/shared-hackens/monitoring.nix

@@ -1,59 +0,0 @@
-{ pkgs, config, ... }:
-{
-  # Monitoring
-  services.netdata.enable = true;
-  systemd.services.netdata.restartTriggers = map (name: config.environment.etc."netdata/${name}.conf".source) [
-    "health_alarm_notify"
-    "stream"
-    "fping"
-  ];
-  environment.etc."netdata/stream.conf" = {
-    user = "netdata";
-    group = "netdata";
-    mode = "0600";
-    text = ''
-      # hackens-desktop
-      [074e699a-4206-4e13-baa7-e4524326f1e0]
-        enabled = yes
-        default history = 3600
-        default memory mode = dbengine
-        health enabled by default = auto
-        allow from = 192.168.1.117, 2001:470:1f13:21d:49fd:1d82:d2ff:d868
-
-      # hackens-openwrt
-      [cab3fe1e-576b-420d-b301-84308e44f340]
-        enabled = yes
-        default history = 3600
-        default memory mode = dbengine
-        health enabled by default = auto
-        allow from = 192.168.1.1, 2001:470:1f13:21d::1
-    '';
-  };
-  environment.etc."netdata/health_alarm_notify.conf" = {
-    user = "netdata";
-    group = "netdata";
-    mode = "0600";
-    text = ''
-      # External tools
-      nc="${pkgs.netcat}/bin/nc"
-
-      # IRC configuration
-      SEND_IRC="YES"
-      DEFAULT_RECIPIENT_IRC="#hackens-status"
-      IRC_NETWORK="ens.wtf"
-      IRC_NICKNAME="hackens"
-      IRC_REALNAME="hackENS netdata monitoring"
-    '';
-  };
-  environment.etc."netdata/fping.conf" = {
-    user = "netdata";
-    group = "netdata";
-    mode = "0600";
-    text = ''
-      fping="${pkgs.fping}/bin/fping"
-      hosts="hackens.org hack.ens.fr sas.eleves.ens.fr argonaut.ens.wtf clipper.ens.fr merle.eleves.ens.fr"
-    '';
-  };
-  services.smartd.enable = true;
-  services.smartd.extraOptions = [ "-A /var/log/smartd/" ]; # For netdata.
-}

profiles/shared-hackens/mosquitto.nix

@@ -1,30 +0,0 @@
-{ ... }:
-let
-  port = 1883;
-in
-{
-  services.mosquitto = {
-    enable = true;
-    logType = [ "all" ];
-    listeners = [
-      {
-        address = "0.0.0.0";
-        acl = [ "topic readwrite #" ];
-        port = port;
-        settings = {
-          allow_anonymous = true;
-        };
-      }
-    ];
-    bridges.hackensOrg = {
-      topics = [ "# both" ];
-      addresses = [
-        {
-          address = "new.hackens.org";
-        }
-      ];
-    };
-  };
-  networking.firewall.allowedTCPPorts = [ port ];
-}
-

profiles/shared-hackens/netboot-server.nix

@@ -1,8 +0,0 @@
-{ pkgs, ... }:
-{
-  services.pixiecore = {
-    enable = true;
-    openFirwalle = true;
-    dhcpNoBind = true;
-  };
-}

profiles/shared-hackens/programs.nix

@@ -6,46 +6,29 @@
   programs.wireshark.enable = true;
 
   environment.systemPackages = with pkgs; [
-    kitty
-    # Todolist
-    taskwarrior
-
-    # Slicers
-    super-slicer
-    # prusa-slicer TODO: it is broken
-
-    # CAD/3D
-    blender openscad # kicad-with-packages3d freecad
-    # Microcontrollers
-    arduino arduino-cli stm32flash stm32loader
-    # FPGA
-    # python38Packages.nmigen python38Packages.nmigen-soc python38Packages.nmigen-boards
-    verilog verilator yosys symbiyosys mcy
-    # Reverse engineering
-    ghidra-bin apktool pwndbg
-    radare2
-
     # IRC
     weechat
 
+    # Latex
+    texlive.combined.scheme-full
+
     # Editors
     vscodium emacs neovim
 
-    # Utilities
-    minicom
     smartmontools
-    starship
-    wget firefox ripgrep chromium
+    wget
+    firefox
+    ripgrep
     nmap
     htop
     dnsutils
-    ncdu lazygit
+    ncdu 
+    lazygit
 
     # Networking
-    speedtest-cli iperf
+    speedtest-cli
+    iperf
 
-    # CNC
-    inkscape
   ];
 
   programs.chromium = {

profiles/shared-hackens/result

@@ -0,0 +1 @@
+/nix/store/q3gp3rnx0y5pxdq7jlhj1x3bqrisv7pp-nixos-system-hackens-milieu-23.05pre442253.befc83905c9

profiles/shared-hackens/ssd.nix

@@ -1,6 +0,0 @@
-{ pkgs, ... }:
-{
-  services.fstrim = {
-    enable = true;
-  };
-}

profiles/shared-hackens/syncthing.nix

@@ -1,9 +0,0 @@
-{ pkgs, ... }:
-{
-  services.syncthing = {
-    enable = true;
-    user = "hackens";
-    openDefaultPorts = true;
-    dataDir = "/home/hackens";
-  };
-}

profiles/shared-hackens/system.nix

@@ -5,6 +5,11 @@
     allowReboot = false;
   };
 
+  # SSD stuff
+  services.fstrim = {
+    enable = true;
+  };
+
   # Auto-GC and store optimizations
   nix = {
     trustedUsers = [ "root" "hackens" ];
@@ -24,8 +29,13 @@
   };
 
   services.locate.enable = true;
+
+  # ssh
   services.openssh.enable = true;
   services.openssh.passwordAuthentication = false;
+
+  # We are on a trusted network
   networking.firewall.enable = false;
+
   documentation.info.enable = false;
 }

profiles/shared-hackens/users.nix

@@ -4,6 +4,7 @@ let
     ../../pubkeys/raito.keys
     ../../pubkeys/gdd.keys
     ../../pubkeys/BiBi.keys
+    ../../pubkeys/sinavir.keys
   ];
 in
 {

profiles/shared-hackens/vim.nix

@@ -4,7 +4,6 @@
     git
     (neovim.override {
       vimAlias = true;
-      configure.plug.plugins = with vimPlugins; [ vim-nix vim-lastplace ];
     })
   ];
 }

profiles/shared-hackens/vpn-network/default.nix

@@ -1,17 +0,0 @@
-{ pkgs, ... }:
-{
-  imports = [ 
-    ./wg-peers.nix
-  ];
-
-  networking.wireguard.interfaces.wghackens = {
-    ips = [ "192.168.2.1/24" ];
-    listenPort = 51820;
-
-    privateKeyFile = "/etc/secrets/wghackens";
-    generatePrivateKeyFile = true;
-  };
-
-  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
-}
-

profiles/shared-hackens/vpn-network/wg-peers.nix

@@ -1,22 +0,0 @@
-{ ... }:
-let
-  startPrefix = "192.168.2";
-  mkPeer = i: publicKey: {
-    inherit publicKey;
-    allowedIPs = [ "${startPrefix}.${toString i}/32" ]; # Only one IP.
-  };
-in
-  {
-    # Comment s'ajouter ?
-    # Ajouter un élément dans la liste sous la forme
-    # (mkPeer i "publicKey")
-    # i := c'est le i dans 192.168.2.i qui sera l'IP « allouée » sur le tunnel
-    # publicKey := votre clef publique WireGuard
-    # si on veut mettre une presharedKey, faut rajouter une entrée manuellement en suivant la doc :).
-    # Ne pas oublier un commentaire à la fin de l'entrée pour documenter qui est quoi.
-    # Clef publique actuelle: 95dW/JJDnbOelgot/yWMJMswCzHdQGCqPDvriwq9CT4=
-    networking.wireguard.interfaces.wghackens.peers = [
-      (mkPeer 2 "ed5ib4LwK6YvRDqUPyvLnbS0onrBQpFApv5HreYuMHs=") # Raito
-      (mkPeer 3 "cm0G/YTSnu4sD72wMqXjNqDuauTh5XJHf/nvE0gOpFk=") # BiBi
-    ];
-  }

pubkeys/raito.keys

@@ -1,3 +1,3 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGtS70Y1Merif66/G4bsP1/E3jyjiqjf7ZMsU07lw+Wf
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKIIcqryU28FkV+UpiTnGCOfwKO5jFhkdvU7a7Ew2KoZ
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA4m2d+oCEWCceZMC1Th4IT7HO2/Z6DyJOXYLbCc8GGn

shared/nur.nix

@@ -1,14 +0,0 @@
-{ lib, pkgs, ... }:
-let
-  agenix = pkgs.fetchFromGitHub {
-    owner = "ryantm";
-    repo = "agenix";
-    rev = "7e5e58b98c3dcbf497543ff6f22591552ebfe65b";
-  };
-in {
-  nixpkgs.config.packageOverrides = {
-    hackens = import ./myPkgs { inherit pkgs; };
-  };
-  imports = [ "${agenix}/modules/age.nix" ]
-    ++ lib.attrValues (import ./myModules);
-}