lbailly/config-perso
1
0
Fork 0
Code Pull requests Projects Releases Packages Activity

~

Browse source
This commit is contained in:
catvayor 2024-10-03 17:42:38 +02:00
parent d300b876f9
commit 3440bc178c
Signed by: lbailly
GPG key ID: CE3E645251AC63F3
9 changed files with 128 additions and 335 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
hive.nix
View file

@ -166,12 +166,17 @@ in
perl perl
git git
]; ];
boot.supportedFilesystems = [ "bcachefs" ];
programs.zsh.enable = true; programs.zsh.enable = true;
services.openssh.enable = true; services.openssh.enable = true;
services.qemuGuest.enable = true; services.qemuGuest.enable = true;
boot.supportedFilesystems = {
bcachefs = true;
zfs = lib.mkForce false;
};
boot.kernelParams = [ "console=ttyS0" ]; boot.kernelParams = [ "console=ttyS0" ];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
services.getty.autologinUser = lib.mkForce "root"; services.getty.autologinUser = lib.mkForce "root";
system.stateVersion = lib.mkForce "24.11";
}; };
kat-kexec = kat-kexec =
@ -212,5 +217,6 @@ in
zfs = lib.mkForce false; zfs = lib.mkForce false;
}; };
services.getty.autologinUser = lib.mkForce "root"; services.getty.autologinUser = lib.mkForce "root";
system.stateVersion = lib.mkForce "24.11";
}; };
} }

30
kat/default.nix
View file

@ -35,12 +35,19 @@ with lib;
''; '';
}; };
}; };
boot.tmp.useTmpfs = true;
boot = {
tmp.useTmpfs = true;
supportedFilesystems.bcachefs = mkDefault true;
kernelPackages = pkgs.linuxPackages_latest;
};
networking = { networking = {
useNetworkd = true; useNetworkd = true;
nftables.enable = true; nftables.enable = true;
}; };
systemd.network.enable = true; systemd.network.enable = true;
nix = { nix = {
nixPath = [ nixPath = [
"nixpkgs=${builtins.storePath pkgs.path}" "nixpkgs=${builtins.storePath pkgs.path}"
@ -50,6 +57,27 @@ with lib;
settings.nix-path = config.nix.nixPath; settings.nix-path = config.nix.nixPath;
package = pkgs.lix; package = pkgs.lix;
}; };
time.timeZone = mkDefault "Europe/Paris";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = mkDefault "fr";
};
environment.systemPackages = with pkgs; [
tree
ranger
ripgrep
wget
git
lazygit
btop
screen
nix-search-cli
nix-output-monitor
];
services = { services = {
resolved.enable = !config.boot.isContainer; resolved.enable = !config.boot.isContainer;
openssh.settings = { openssh.settings = {

42
machines/kat-mail-test/default.nix
View file

@ -16,14 +16,13 @@ in
./modo.nix ./modo.nix
]; ];
boot.loader.systemd-boot.enable = true; boot.loader = {
boot.loader.efi.canTouchEfiVariables = true; systemd-boot.enable = true;
boot.supportedFilesystems = [ "bcachefs" ]; efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxPackages_latest; };
time.timeZone = "Europe/Paris";
networking = { networking = {
useNetworkd = lib.mkForce false;
interfaces."enp1s0" = { interfaces."enp1s0" = {
useDHCP = false; useDHCP = false;
ipv4.addresses = [ ipv4.addresses = [
@ -50,34 +49,11 @@ in
]; ];
}; };
i18n.defaultLocale = "en_US.UTF-8"; services = {
console = { openssh.enable = true;
font = "Lat2-Terminus16"; netbird.enable = true;
keyMap = "fr";
}; };
services.dbus.packages = with pkgs; [ dconf ];
nixpkgs.config.allowUnfree = true;
programs.zsh.enable = true;
environment.systemPackages = with pkgs; [
wget
nix-search-cli
git
btop
ranger
screen
];
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
services.openssh.enable = true;
networking.firewall.enable = false; networking.firewall.enable = false;
security.acme = { security.acme = {
@ -113,7 +89,5 @@ in
certificateScheme = "acme"; certificateScheme = "acme";
}; };
services.netbird.enable = true;
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }

47
machines/kat-manah/default.nix
View file

@ -5,17 +5,22 @@
nodes, nodes,
... ...
}: }:
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
boot.kernel.sysctl."net.ipv4.ip_forward" = true; boot = {
boot.loader.systemd-boot.enable = true; loader = {
boot.loader.efi.canTouchEfiVariables = true; systemd-boot.enable = true;
boot.supportedFilesystems = [ "bcachefs" ]; efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxPackages_latest; };
kernel.sysctl."net.ipv4.ip_forward" = true;
kernelModules = [
"kvm-intel"
"kvm-amd"
];
};
kat.wireguardPubKey = "2rMQV5fyBhl7t/0j70iPOfEr/lAWQfLXQKMwtzaXxnM="; kat.wireguardPubKey = "2rMQV5fyBhl7t/0j70iPOfEr/lAWQfLXQKMwtzaXxnM=";
systemd.network = { systemd.network = {
@ -61,42 +66,14 @@
}; };
}; };
time.timeZone = "Europe/Paris";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "fr";
};
services.dbus.packages = with pkgs; [ dconf ];
nixpkgs.config.allowUnfree = true;
programs.zsh.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
wget
brightnessctl
nix-search-cli
git
btop
ranger
dnsmasq dnsmasq
screen tcpdump
]; ];
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
services.openssh.enable = true; services.openssh.enable = true;
services.netbird.enable = true; services.netbird.enable = true;
boot.kernelModules = [
"kvm-intel"
"kvm-amd"
];
programs.virt-manager.enable = true; programs.virt-manager.enable = true;
virtualisation.libvirtd.enable = true; virtualisation.libvirtd.enable = true;

36
machines/kat-orchid/default.nix
View file

@ -1,5 +1,3 @@
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ {
config, config,
lib, lib,
@ -13,14 +11,13 @@
./disks.nix ./disks.nix
]; ];
boot.loader.systemd-boot.enable = true; boot.loader = {
boot.loader.efi.canTouchEfiVariables = true; systemd-boot.enable = true;
boot.supportedFilesystems = [ "bcachefs" ]; efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxPackages_latest; };
time.timeZone = "Europe/Paris";
networking = { networking = {
useNetworkd = lib.mkForce false;
interfaces."enp1s0" = { interfaces."enp1s0" = {
useDHCP = false; useDHCP = false;
ipv4.addresses = [ ipv4.addresses = [
@ -47,31 +44,8 @@
]; ];
}; };
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "fr";
};
services.dbus.packages = with pkgs; [ dconf ];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
wget
nix-search-cli
git
btop
ranger
screen
tree
];
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
services.openssh.enable = true; services.openssh.enable = true;
networking.firewall.enable = false; networking.firewall.enable = false;

103
machines/kat-probook/default.nix
View file

@ -13,86 +13,65 @@
# ./router.nix # ./router.nix
]; ];
boot.loader.systemd-boot.enable = true; boot.loader = {
boot.loader.efi.canTouchEfiVariables = true; systemd-boot.enable = true;
boot.supportedFilesystems = [ "bcachefs" ]; efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxPackages_latest; };
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
networking.nftables.enable = true;
time.timeZone = "Europe/Paris";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "fr";
};
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { hardware.bluetooth = {
enable = true; enable = true;
alsa.enable = true; powerOnBoot = false;
alsa.support32Bit = true;
pulse.enable = true;
};
hardware = {
bluetooth = {
enable = true;
powerOnBoot = false;
};
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ brightnessctl ];
wget
brightnessctl
nix-search-cli
git
btop
ranger
tree
lazygit
nix-output-monitor
ripgrep
];
fonts.packages = with pkgs; [ fonts.packages = with pkgs; [
fira-code-nerdfont fira-code-nerdfont
font-awesome font-awesome
]; ];
programs.gnupg.agent = { services = {
enable = true; pipewire = {
enableSSHSupport = true; enable = true;
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
};
syncthing = {
enable = true;
systemService = true;
dataDir = "/home/catvayor";
user = "catvayor";
group = "users";
openDefaultPorts = true;
settings = {
folders."essentials" = {
path = "~/essentials";
id = "vgpwu-fk3ct";
devices = [
"katel"
];
};
devices.katel.id = "DYOKK7J-HZAF5S7-FYTHQF5-UD5GJZ2-4JMV5I5-STUM3HG-5YM2JPR-LATJNAZ";
};
};
netbird.enable = true;
}; };
services.syncthing = { programs = {
enable = true; steam.enable = true;
systemService = true; virt-manager.enable = true;
dataDir = "/home/catvayor"; gnupg.agent = {
user = "catvayor"; enable = true;
group = "users"; enableSSHSupport = true;
openDefaultPorts = true;
settings = {
folders."essentials" = {
path = "~/essentials";
id = "vgpwu-fk3ct";
devices = [
"katest"
"katel"
];
};
devices.katest.id = "UPVXT7D-ZQF4E3J-4WKLLRV-2KF7323-7VOMEJJ-4PZVXW4-UQ2YABE-G7ID4AD";
devices.katel.id = "DYOKK7J-HZAF5S7-FYTHQF5-UD5GJZ2-4JMV5I5-STUM3HG-5YM2JPR-LATJNAZ";
}; };
}; };
services.netbird.enable = true;
programs.steam.enable = true;
# boot.kernelModules = [ "kvm-intel" "kvm-amd" ];
programs.virt-manager.enable = true;
# virtualisation.libvirtd.enable = true;
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }

44
machines/kat-son/default.nix
View file

@ -1,5 +1,3 @@
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ {
config, config,
lib, lib,
@ -12,14 +10,13 @@
./disks.nix ./disks.nix
]; ];
boot.loader.systemd-boot.enable = true; boot.loader = {
boot.loader.efi.canTouchEfiVariables = true; systemd-boot.enable = true;
boot.supportedFilesystems = [ "bcachefs" ]; efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxPackages_latest; };
time.timeZone = "Europe/Paris";
networking = { networking = {
useNetworkd = lib.mkForce false;
interfaces."enp1s0" = { interfaces."enp1s0" = {
useDHCP = false; useDHCP = false;
ipv4.addresses = [ ipv4.addresses = [
@ -46,35 +43,6 @@
]; ];
}; };
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "fr";
};
services.dbus.packages = with pkgs; [ dconf ];
nixpkgs.config.allowUnfree = true;
programs.zsh.enable = true;
environment.systemPackages = with pkgs; [
wget
nix-search-cli
git
btop
ranger
screen
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
services.openssh.enable = true; services.openssh.enable = true;
networking.firewall.enable = false; networking.firewall.enable = false;
@ -93,5 +61,5 @@
}; };
}; };
system.stateVersion = "23.11"; # Did you read the comment? system.stateVersion = "23.11";
} }

92
machines/kat-virt/default.nix
View file

@ -4,18 +4,16 @@
pkgs, pkgs,
... ...
}: }:
{ {
imports = [ ./hardware-configuration.nix ]; imports = [ ./hardware-configuration.nix ];
boot.loader.systemd-boot.enable = true; boot.loader = {
boot.loader.efi.canTouchEfiVariables = true; systemd-boot.enable = true;
boot.supportedFilesystems = [ "bcachefs" ]; efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxPackages_latest; };
time.timeZone = "Europe/Paris";
networking = { networking = {
useNetworkd = lib.mkForce false;
interfaces."enp1s0" = { interfaces."enp1s0" = {
useDHCP = false; useDHCP = false;
ipv4.addresses = [ ipv4.addresses = [
@ -42,59 +40,6 @@
]; ];
}; };
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "fr";
};
# Enable the X11 windowing system.
# services.xserver.enable = true;
# security.polkit.enable = true;
# programs.light.enable = true;
services.dbus.packages = with pkgs; [ dconf ];
nixpkgs.config.allowUnfree = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
programs.zsh.enable = true;
environment.systemPackages = with pkgs; [
wget
nix-search-cli
git
btop
ranger
screen
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true; services.openssh.enable = true;
security.acme = { security.acme = {
@ -113,32 +58,7 @@
}; };
}; };
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false; networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system system.stateVersion = "23.11";
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
} }

61
machines/kat-watcher/default.nix
View file

@ -11,23 +11,18 @@
./disks.nix ./disks.nix
]; ];
boot = { boot.loader.grub = {
loader.grub = { enable = true;
enable = true; efiSupport = true;
efiSupport = true; efiInstallAsRemovable = true;
efiInstallAsRemovable = true;
};
supportedFilesystems = [ "bcachefs" ];
kernelPackages = pkgs.linuxPackages_latest;
}; };
time.timeZone = "Europe/Paris"; kat.wireguardPubKey = "BgLBrWG7DRj2Gwoyj+vHZTjiB3gPEnwVcDFEQH/BYgg=";
networking = { networking = {
useNetworkd = true;
useDHCP = false; useDHCP = false;
firewall.allowedUDPPorts = [ 1194 ];
}; };
kat.wireguardPubKey = "BgLBrWG7DRj2Gwoyj+vHZTjiB3gPEnwVcDFEQH/BYgg=";
systemd.network = { systemd.network = {
enable = true; enable = true;
networks = { networks = {
@ -77,22 +72,16 @@
wireguardPeers = [ wireguardPeers = [
{ {
AllowedIPs = [ AllowedIPs = [
"10.42.0.1/32" "10.42.0.1/32"
]; ];
PublicKey = nodes.kat-manah.config.kat.wireguardPubKey; PublicKey = nodes.kat-manah.config.kat.wireguardPubKey;
} }
]; ];
}; };
}; };
}; };
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "fr";
};
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "root@katvayor.net"; defaults.email = "root@katvayor.net";
@ -105,33 +94,11 @@
''; '';
}; };
services.dbus.packages = with pkgs; [ dconf ]; environment.systemPackages = with pkgs; [ tcpdump ];
programs.zsh.enable = true; services = {
openssh.enable = true;
environment.systemPackages = with pkgs; [ netbird.enable = true;
wget
nix-search-cli
git
btop
ranger
screen
];
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
services.openssh.enable = true;
services.netbird.enable = true;
networking = {
nftables.enable = true;
firewall = {
allowedTCPPorts = [ 22 ];
allowedUDPPorts = [ 1194 ];
};
}; };
system.stateVersion = "23.11"; system.stateVersion = "23.11";