nixos-config/nixos-template-base
4
0
Fork 0
Code Issues 7 Pull Requests Releases Activity

déplacement de la configuration à la racine du dépôt (sauf rc.lua)

Browse Source
This commit is contained in:
Yves Dubromelle
2017-03-25 00:25:30 +01:00
parent c1d112a10a
commit 40426c1ad2
56 changed files with 53 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
configuration/auto-upgrade.nix Normal file
View File

@@ -0,0 +1,16 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkIf mkMerge mkThenElse;
cfg = config.r6d.config-generator;
computers = config.r6d.computers;
profiles = config.r6d.profiles;
in
mkIf cfg.auto-upgrade {
# Automatic update & automatic clean
system.autoUpgrade.enable = true;
nix.gc.automatic = true;
}

23
configuration/awesome.nix Normal file
View File

@@ -0,0 +1,23 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkIf mkMerge mkThenElse;
cfg = config.r6d.config-generator;
computers = config.r6d.computers;
profiles = config.r6d.profiles;
in
# TODO: rc.lua par défaut (système)
mkIf cfg.awesome {
environment.variables = {
# Export the current path for the awesome derivation, useful for users rc.lua
# Example usage in rc.lua :
#
# config = {}
# config.dir = os.getenv("AWESOME_CONFIG_DIR")
# beautiful.init(config.dir .. "/share/awesome//themes/zenburn/theme.lua")
#
AWESOME_CONFIG_DIR = "${pkgs.awesome}";
};
}

18
configuration/bash-interactive-init.sh Normal file
View File

@@ -0,0 +1,18 @@
# don't put duplicate lines in the history. See bash(1) for more options
# don't overwrite GNU Midnight Commander's setting of `ignorespace'.
export HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoredups
# ... or force ignoredups and ignorespace
export HISTCONTROL=ignoreboth
# append to the history file, don't overwrite it
shopt -s histappend
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize
# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm) TERM=xterm-256color;;
screen) TERM=screen-256color;;
esac

27
configuration/bash-prompt.sh Normal file
View File

@@ -0,0 +1,27 @@
# Définition des couleurs du prompt
if [[ $(tput colors) -ge 256 ]] 2>/dev/null; then
PS1_USER='\[$(tput setaf 27)\]'
PS1_HOST='\[$(tput setaf 37)\]'
PS1_ROOT='\[$(tput setaf 160)\]'
PS1_PATH='\[$(tput setaf 64)\]'
PS1_GIT='\[$(tput setaf 136)\]'
PS1_MISC='\[$(tput setaf 230)\]'
else
PS1_USER='\[$(tput setaf 4)\]'
PS1_HOST='\[$(tput setaf 6)\]'
PS1_ROOT='\[$(tput setaf 1)\]'
PS1_PATH='\[$(tput setaf 2)\]'
PS1_GIT='\[$(tput setaf 3)\]'
PS1_MISC='\[$(tput setaf 7)\]'
fi
BOLD='\[$(tput bold)\]'
RESET='\[$(tput sgr0)\]'
# Définition du prompt
if [ $UID = 0 ]; then
PS1_ID=$PS1_ROOT
else
PS1_ID=$PS1_USER'\u'$PS1_MISC@$PS1_HOST
fi
PS1=$RESET$BOLD$PS1_ID'\h '$PS1_PATH'\w'$PS1_GIT'$(__git_ps1)'"\n"$PS1_MISC'\$ '$RESET

65
configuration/environment.nix Normal file
View File

@@ -0,0 +1,65 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkIf mkMerge mkThenElse;
cfg = config.r6d.config-generator;
computers = config.r6d.computers;
profiles = config.r6d.profiles;
in
# TODO: ménage
{
# Nombre de process d'installation en parrallèle effectués par Nix
nix.buildCores = 0;
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "17.03";
# copies the NixOS configuration file (usually /etc/nixos/configuration.nix) and links it from the resulting system (getting to /run/current-system/configuration.nix)
system.copySystemConfiguration = true;
# On autorise les paquets non-libres
nixpkgs.config.allowUnfree = true;
# Lancement de dbus pour les utilisateurs
services.dbus.socketActivated = true;
# NixOS Hardening
#security.grsecurity.enable = true;
# Paquets
environment = {
shellAliases = {
byobu = "byobu-tmux";
gpg = "gpg2";
jacques-a-dit = "sudo";
tree = "tree -C";
tree1 = "tree -d -L 1";
tree2 = "tree -d -L 2";
tree3 = "tree -d -L 3";
# https://gist.github.com/amitchhajer/4461043 : Count number of code lines in git repository per user
#git-loc = "git ls-files | while read f; do git blame --line-porcelain "${f}" | grep '^author '; done | sort -f | uniq -ic | sort -n";
grep = "grep --color=auto";
vi = "vim";
byobu-adminsys = "/etc/nixos/base/byobu-adminsys";
};
etc.gitconfig.text = builtins.readFile ./gitconfig;
};
programs.bash = {
enableCompletion = true;
promptInit = builtins.readFile ./bash-prompt.sh;
interactiveShellInit = builtins.readFile ./bash-interactive-init.sh;
};
# https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern
programs.ssh.extraConfig = ''
# Ensure KnownHosts are unreadable if leaked - it is otherwise easier to know which hosts your keys have access to.
HashKnownHosts yes
# Host keys the client accepts - order here is honored by OpenSSH
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp256,ecdh-sha2-nistp384,diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
'';
}

26
configuration/gitconfig Normal file
View File

@@ -0,0 +1,26 @@
# http://www.git-attitude.fr/2014/09/15/30-options-git-qui-gagnent-a-etre-connues/
[color]
diff = auto
branch = auto
interactive = auto
pager = true
showbranch = auto
status = auto
[alias]
a = add -p
br = for-each-ref --sort=committerdate refs/heads/ --format='%(committerdate:short)\t%(authorname)\t%(refname:short)'
ci = commit
co = checkout
ff = pull --ff-only
oops = commit --amend --no-edit
# Show files ignored by git
ignored = ls-files -o -i --exclude-standard
ls = ls-files
st = status
# Logs
lol = log --graph --decorate --pretty=oneline --abbrev-commit
lola = log --graph --decorate --pretty=oneline --abbrev-commit --all
[push]
default = simple
[core]
editor = /usr/bin/env vim

33
configuration/laptop.nix Normal file
View File

@@ -0,0 +1,33 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkIf mkMerge mkThenElse;
cfg = config.r6d.config-generator;
computers = config.r6d.computers;
profiles = config.r6d.profiles;
in
mkIf cfg.laptop {
# Gestion spécifique pour PC portable
## Gestion de l'énergie
powerManagement.cpuFreqGovernor = "powersave";
## Activation d'un gestionnaire de réseau
networking.networkmanager.enable = true;
hardware.bluetooth.enable = true;
# Paquets
environment.systemPackages = with pkgs; [
networkmanagerapplet # gestionnaire réseau graphique + console (nm-applet + nmtui)
wirelesstools # fournis iwconfig
];
# Services
services.xserver.synaptics = {
enable = true;
twoFingerScroll = true;
};
}

21
configuration/localisation.nix Normal file
View File

@@ -0,0 +1,21 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkIf mkMerge mkThenElse;
cfg = config.r6d.config-generator;
computers = config.r6d.computers;
profiles = config.r6d.profiles;
in
mkIf true {
# Select internationalisation properties.
i18n = {
consoleFont = "Lat2-Terminus16";
consoleKeyMap = "fr";
defaultLocale = "fr_FR.UTF-8";
};
# Set your time zone.
time.timeZone = "Europe/Paris";
}

29
configuration/network-ipv6.nix Normal file
View File

@@ -0,0 +1,29 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkIf mkMerge mkThenElse;
cfg = config.r6d.config-generator;
computers = config.r6d.computers;
profiles = config.r6d.profiles;
in
mkIf true {
# Utilisation d'adresse IPv6 temporaire
## https://blog.linitx.com/control-privacy-addressing-ipv6-linux/
## http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/x1092.html
boot.kernel.sysctl = {
"net.ipv6.conf.all.temp_prefered_lft" = 1800; # 30 min
"net.ipv6.conf.all.temp_valid_lft" = 43200; # 12 heures
"net.ipv6.conf.all.use_tempaddr" = 2; # activé
"net.ipv6.conf.default.temp_prefered_lft" = 3600; # 1 heure
"net.ipv6.conf.default.temp_valid_lft" = 3600; # 1 heure
"net.ipv6.conf.default.use_tempaddr" = 2; # activé
"net.ipv6.conf.all.forwarding" = true;
"net.ipv6.conf.default.forwarding" = true;
};
}

23
configuration/network.nix Normal file
View File

@@ -0,0 +1,23 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkIf mkMerge mkThenElse;
cfg = config.r6d.config-generator;
computers = config.r6d.computers;
profiles = config.r6d.profiles;
in
mkIf true {
# fix: Hostname -s renvoie "Unknown host" alors que hostname renvoie la bonne valeur
# Il s'avère que hostname vérifie la validité du FQDN et du reverse.
# Fixer ces paramètres dans les hosts permet de faire tomber en marche
networking.extraHosts = ''
127.0.0.1 ${config.networking.hostName}
'';
boot.kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = true;
"net.ipv4.conf.default.forwarding" = true;
};
}

20
configuration/swap.nix Normal file
View File

@@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkIf mkMerge mkThenElse;
cfg = config.r6d.config-generator;
computers = config.r6d.computers;
profiles = config.r6d.profiles;
in
mkIf cfg.swap {
# Gestion du swap
# https://en.wikipedia.org/wiki/Swappiness
boot.kernel.sysctl = {
# le swap est activé (!= 0)
# le swap est utilisé lorsque (100 - x) % de la mémoire est déja allouée
"vm.swappiness" = 10;
};
}

18
configuration/udev.nix Normal file
View File

@@ -0,0 +1,18 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkIf mkMerge mkThenElse;
cfg = config.r6d.config-generator;
computers = config.r6d.computers;
profiles = config.r6d.profiles;
in
mkIf false {
# Définition du IO Scheduler pour les SSD
services.udev.extraRules = ''
# set deadline scheduler for non-rotating disks
# according to https://wiki.debian.org/SSDOptimization, deadline is preferred over noop
ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="deadline"
'';
}