règles d'exclusion

ajout d'un iso cutom + cible make
désactivation du parefeu
9 changed files with 271 additions and 11 deletions
--- a/.gitignore
+++ b/.gitignore
@ -4,5 +4,10 @@
 *.un~
 Session.vim
 .netrwhist
+
+# Unix
 *~
+
+# Nix build
+*.iso
 result
--- a/.gitmodules
+++ b/.gitmodules
@ -2,7 +2,3 @@
 	path = nixos-template-base
 	url = ssh://git@gogs.prunetwork.fr:10022/nixos-config/nixos-template-base.git
 	branch = nixos-unstable
-[submodule "capgemini-cmb"]
-	path = capgemini-cmb
-	url = ssh://git@gogs.prunetwork.fr:10022/Capgemini-CDS-Arkea/template-nixos.git
-    branch = master
--- a/11
+++ b/11
@ -1,5 +1,14 @@
-build-iso:
+all: submodules-update build-iso
+	@date
+
+build-iso: iso-minimal
+
+iso-minimal:
 	nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=livecd-minimal.nix

+iso-custom:
+	nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=livecd-custom.nix
+
 submodules-update:
 	git submodule update --remote
+
--- a/README.md
+++ b/README.md
@ -1,3 +1,23 @@
 # Custom NixOS Live CD

 After partitioning and mounting of your partitions under `/mnt`, go to `/iso/custom` and run `make`.
+
+## How to generate .iso from NixOS ?
+
+1. clone git repository
+
+```bash
+git clone --recursive ssh://git@gogs.prunetwork.fr:10022/nixos-config/nixos-livecd.git
+```
+
+1. run `make`
+
+```bash
+cd nixos-livecd
+make
+```
+
+1. use generated iso
+
+`nix-buil` tells you where it was generated
+
--- a/1
+++ b/1
@ -1 +0,0 @@
-Subproject commit 13a77dcccdd2aa0ef610ae86c7c31d2da70fda05
--- a/generate-config.sh
+++ b/generate-config.sh
@ -11,5 +11,4 @@ git init .
 git add .
 git commit -m "initial commit"
 git submodule add -b nixos-unstable https://gogs.prunetwork.fr/nixos-config/nixos-template-base.git base
-git submodule add -b master https://gogs.prunetwork.fr/Capgemini-CDS-Arkea/template-nixos.git capgemini-cmb
 git commit -m "templates as submodules"
--- a/livecd-custom.nix
+++ b/livecd-custom.nix
@ -0,0 +1,193 @@
+{ config, lib, pkgs, ... }:
+let
+  custom-generator = "generate-config.sh";
+  r6dLib = import ./nixos-template-base/lib.nix;
+  hostname = "nixos-livecd.grudu.net";
+  
+  dockerGitea = pkgs.dockerTools.pullImage {
+    imageName = "gitea/gitea";
+    imageTag = "latest";
+    sha256 = "0hxi9hcgrm7qp4bq9lvc0i2b84ry2m2c2dq98ajyp6j6hzn7f9pz";
+  };
+  dockerJenkins = pkgs.dockerTools.pullImage {
+    imageName = "jenkins";
+    imageTag = "latest";
+    sha256 = "1i70alhks87wl5s4yqs66f6rc5cgazna0pr8q3vn8qv99r7vwa86";
+  };
+  dockerSonar = pkgs.dockerTools.pullImage {
+    imageName = "sonarqube";
+    imageTag = "latest";
+    sha256 = "1ls3jg04flwxhf3c7jpm798zmwa9i4644jri2vymdzkwd0z63shp";
+  };
+in
+{
+  imports = [
+    /nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix
+    nixos-template-base/base.nix
+  ];
+  # Custom name
+  isoImage.isoName = pkgs.lib.mkForce "${config.isoImage.isoBaseName}-grudu.net-${config.system.nixosLabel}-${pkgs.stdenv.system}.iso";
+  # Avoid having the terminal flooded by kernel audit messages
+  boot.kernelParams = [ "audit=0" ];
+
+  # Files to copy to the liveCD
+  isoImage.contents = [
+    {
+      source = ./generate-config.sh;
+      target = "/custom/${custom-generator}";
+    }
+  ];
+  environment.shellAliases = { nixos-generate-custom-config = "/iso/custom/${custom-generator}";};
+
+  environment.systemPackages = with pkgs; [
+    # nécessaire pour bootraper
+    git
+    gpm
+    sudo
+    wget
+    vim
+
+    # Complément
+    atop                    # monitoring
+    gitstats
+    glxinfo
+    gource
+    haskellPackages.bench  # outil pour générer des benchmarks
+    haskellPackages.pandoc-filter-graphviz
+
+    #dockerGitea
+    #dockerJenkins
+    #dockerSonar
+
+    # Smokeping
+    bind
+  ];
+
+  
+  networking.hostName = "${hostname}";
+  services = {
+    openssh.enable = true;
+    virtualbox.guest.enable = true;
+    xserver.enable = true;
+  };
+
+  r6d.machines = r6dLib.applyProfilesToDirectory {} {
+    "${hostname}" = {
+      configurationFlags = {
+        dns_resolveur = true;
+        edition-photo = true;
+        jetbrains-licensed = true;
+      };
+      configurationOptions = {};
+      profiles = {
+        isDubronetwork = true;
+        isDubronetworkWorkstation = true;
+        isDesktopEnvironment = true;
+        isPrunetwork = true;
+        isPrunetworkWorkstation = true;
+        isWorkstation = true;
+      };
+    };
+  };
+
+  users.extraUsers = {
+    livecd = {
+      password = "livecd";
+      isNormalUser = true;
+      extraGroups = [
+        "audio"
+        "docker"
+        "vbox"
+        "vboxusers"
+        "wheel"
+      ];
+    };
+    root = {
+      initialPassword="root";
+    };
+  };
+  
+  # Paquets avec setuid root
+  security.wrappers = {
+    # outil de diagnostic réseau
+    fping.source = "${pkgs.fping}/bin/fping";
+  };
+
+  networking.extraHosts = ''
+    192.168.10.1 servdevbrest dev1
+    192.168.10.2 dev2
+    192.168.10.3 dev3
+    192.168.10.4 dev4
+  '';
+
+  programs.man.enable = true;
+
+  services.smokeping = {
+    enable = true;
+    imgUrl = "http://localhost:8081/cache/"; # défini dans nginx
+    probeConfig = ''
+      + FPing
+      binary = ${config.security.wrapperDir}/fping
+      + FPing6
+      binary = ${config.security.wrapperDir}/fping6
+
+      +DNS
+      #binary = ${pkgs.bind}/bin/dig
+      binary = /run/current-system/sw/bin/dig
+      forks = 5
+      offset = 50%
+      step = 300
+      timeout = 15
+    '';
+    targetConfig = ''
+      probe = FPing
+      menu = Top
+      title = Suivi de la latence reseau
+      remark = Monitoring de la latence reseau. \
+          Here you will learn all about the latency of our network.
+      + Local
+      probe = FPing
+      menu = Local
+      title = Local Network
+        ++ LocalMachine
+        menu = Local Machine
+        title = This host
+        host = localhost
+
+        ++ Servdevbrest
+        probe = FPing
+        menu = servdevbrest
+        title = Servdevbrest
+        host = 192.168.10.1
+
+	++ Servdevbrest2
+        probe = FPing
+        menu = servdevbrest2
+        title = Servdevbrest2
+        host = 192.168.10.2
+	
+	++ Servdevbrest3
+        probe = FPing
+        menu = servdevbrest3
+        title = Servdevbrest3
+        host = 192.168.10.3
+
+	++ Servdevbrest4
+        probe = FPing
+        menu = servdevbrest4
+        title = Servdevbrest4
+        host = 192.168.10.4
+
+        ++ MultiHost
+        menu = Multihost
+        title = Ensemble de mesures de latence
+        host = /Local/Servdevbrest /Local/Servdevbrest2 /Local/Servdevbrest3 /Local/Servdevbrest4
+      '';
+    };
+  # Ports ouverts
+  networking.firewall.enable=false;
+
+  # Pas besoin de mot de passe pour sudo
+  security.sudo.enable=lib.mkForce true;
+  security.sudo.wheelNeedsPassword=false;
+}
--- a/livecd-minimal.nix
+++ b/livecd-minimal.nix
@ -1,15 +1,16 @@
 { config, lib, pkgs, ... }:
 let
  custom-generator = "generate-config.sh";
+  r6dLib = import ./nixos-template-base/lib.nix;
+  hostname = "nixos-livecd.grudu.net";
 in
 {
  imports = [
-    capgemini-cmb/default.nix
    /nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix
    nixos-template-base/base.nix
  ];
  # Custom name
-  isoImage.isoName = pkgs.lib.mkForce "${config.isoImage.isoBaseName}-capgemini-${config.system.nixosLabel}-${pkgs.stdenv.system}.iso";
+  isoImage.isoName = pkgs.lib.mkForce "${config.isoImage.isoBaseName}-grudu.net-${config.system.nixosLabel}-${pkgs.stdenv.system}.iso";
  # Avoid having the terminal flooded by kernel audit messages
  boot.kernelParams = [ "audit=0" ];

@ -21,5 +22,43 @@ in
    }
  ];
  environment.shellAliases = { nixos-generate-custom-config = "/iso/custom/${custom-generator}";};
-  networking.hostName = "nixos-livecd.corp.capgemini.com";
+  networking.hostName = "${hostname}";
+  services = {
+    openssh.enable = true;
+    virtualbox.guest.enable = true;
+    xserver.enable = true;
+  };
+
+  r6d.machines = r6dLib.applyProfilesToDirectory {} {
+    "${hostname}" = {
+      configurationFlags = {
+        dns_resolveur = true;
+        edition-photo = true;
+        jetbrains-licensed = true;
+      };
+      configurationOptions = {};
+      profiles = {
+        isDubronetwork = true;
+        isDubronetworkWorkstation = true;
+        isDesktopEnvironment = true;
+        isWorkstation = true;
+      };
+    };
+  };
+
+  users.extraUsers.livecd = {
+    password = "livecd";
+    isNormalUser = true;
+    extraGroups = [
+      "audio"
+      "docker"
+      "vbox"
+      "vboxusers"
+      "wheel"
+    ];
+  };
+
+  # Ports ouverts
+  networking.firewall.enable=false;
+
 }
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 42db758638cae777f8141992d13a8c3a4e887ebf
+Subproject commit 38cf4631dd5b8fcf0fe8742b999b53d93d9df065
Author	SHA1	Message	Date
Jean-Pierre PRUNARET	06a4f2bf68	règles d'exclusion	8 years ago
Jean-Pierre PRUNARET	5759eca480	ajout d'un iso cutom + cible make	8 years ago
Jean-Pierre PRUNARET	d2b528a357	désactivation du parefeu	8 years ago
Jean-Pierre PRUNARET	12021f5525	activation des addons virtualbox	8 years ago
Jean-Pierre PRUNARET	046db7450e	MaJ module	8 years ago
Jean-Pierre PRUNARET	48b831d495	ajout d'un utilisateur livecd	8 years ago
Jean-Pierre PRUNARET	8c83cdc234	ajout documentation sur l'utilisation	8 years ago
Jean-Pierre PRUNARET	50125c448d	MaJ modules	8 years ago
Jean-Pierre PRUNARET	0ced39d580	extraction de variable pour le hostname du live	8 years ago
Jean-Pierre PRUNARET	0f148b336e	make: ajout des cibles habituelles	8 years ago
Jean-Pierre PRUNARET	9c90c5efb9	suppression dépôt CMB	8 years ago
Yves Dubromelle	3b17e61aba	import des améliorations de la branche capgemini-cmb	8 years ago
				`@ -1 +0,0 @@`
				`Subproject commit 13a77dcccdd2aa0ef610ae86c7c31d2da70fda05`