diff --git a/Makefile b/Makefile index 2ec6926..2729856 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,9 @@ GSF=git submodule foreach TIME=time +CHRONY_STATUS=chronyc tracking +CHRONY_STATS=chronyc sources -v + all: rebuild-switch date ##--------- Commandes spécifiques pour NixOS @@ -15,6 +18,7 @@ clean-total: $(TIME) nix-collect-garbage -d clean-log: + journalctl --flush --rotate journalctl --vacuum-size=1G full-auto: submodules-update upgrade clean optimise @@ -23,16 +27,31 @@ full-auto: submodules-update upgrade clean optimise optimise: $(TIME) nix-store --optimise +rebuild-build: + nix-channel --add https://nixos.org/channels/nixos-18.03 nixos + $(TIME) time nixos-rebuild build --fallback --show-trace + rebuild-switch: $(TIME) time nixos-rebuild switch --fallback --show-trace +show-blackholed: + -@ip route |grep blackhole |wc -l| awk '{print "Il y a "$$1" route(s) en blackhole sur";system("hostname ")}' |cowsay + +show-diff-with-current: + -diff /run/current-system/configuration.nix /etc/nixos/configuration.nix + show-roots: nix-store --gc --print-roots +show-time: + -@$(CHRONY_STATUS) && $(CHRONY_STATS) + -@watch -d -n 5 "$(CHRONY_STATUS) && echo "--" && $(CHRONY_STATS)" + store-repair: $(TIME) nix-store --verify --check-contents --repair upgrade: + nix-channel --add https://nixos.org/channels/nixos-18.03 nixos $(TIME) nixos-rebuild switch --upgrade --fallback --show-trace ##--------- Commandes spécifiques pour NixOS -- Opérations non courantes @@ -41,6 +60,9 @@ download-sources: # https://nixos.org/wiki/Download_all_sources nix-store -r $$(grep -l outputHash $$(nix-store -qR $$(nix-instantiate '' -A geeqie) | grep '.drv$$')) +build-iso: + nix-build '' -A config.system.build.isoImage -I nixos-config=/etc/nixos/base/iso-image/livecd-minimal.nix + ##--------- Commandes spécifiques pour GIT push: submodules-push diff --git a/README.md b/README.md index da12b06..d3310e7 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,34 @@ # nixos-template-base Versions de NixOS supportées : -* NixOS 16.09 * NixOS unstable Ce dépôt stocke une configuration générique des machines. -Une recette dite "config-generator" adapte la configuration selon le nom de la machine (FQDN). -Actuellement, les scripts contiennent un peu de configuration spécifique pour les machines des mainteneurs. +~~Une recette dite "config-generator" adapte la configuration selon le nom de la machine (FQDN).~~ + +~~Actuellement, les scripts contiennent un peu de configuration spécifique pour les machines des mainteneurs.~~ + +# Liens +* http://howoldis.herokuapp.com/ pour savoir de quand datent les différentes releases de NixOS +* https://repology.org/repository/nix_unstable/problems pour lister les paquets avec problèmes # Notes de mise-à-jour + +## pour l'utilisation de l'annuaire (à partir de 2017-04-28) + +* faire les mises à jour de l'OS +* commiter & pusher l'état des dépôts (au cas où). Pour les différents dépôts `git a`, `git commit` puis `make tag push` +* mettre à jour les dépôts avec les dernières versions, `make submodules-update` +* vérifier que `configuration.nix` contient `services.xserver.enable = true;` pour les machines avec interface graphique +* vérifier que `configuration.nix` contient le nom de la machine `networking.hostName = "";` +* tester la configuration : `nixos-rebuild build` +* corriger et ajouter les éléments manquant (notamment dans `private/annuaire.nix` ) +* lorsque tout semble bon, vérifier : + * qu'il y a toujours des utilisateurs dans la configuration + * que le moyen d'accéder à la machine n'a pas été supprimé (surtout les machines distantes) +* lancer la commande de build de l'os : `make` :) + ## pour le passage de 16.09 à unstable * mettre à jour tous les dépôts @@ -93,14 +112,14 @@ Pour résoudre les soucis d'upgrade, il est conseillé : * se connecter à la machine * passer en root -~~~ +~~~bash sudo su - ~~~ * formater les partitions -~~~ -mkfs.ext4 -L nixos /dev/sda1 +~~~bash +mkfs.ext4 -L nixos /dev/sda1 swapoff -a mkswap /dev/sda2 swapon -a @@ -108,24 +127,28 @@ swapon -a * monter les partitions dans /mnt -~~~ +~~~bash mount /dev/sda1 /mnt/ mkdir /mnt/etc/ +mkdir /mnt/etc/nixos mkdir /etc/nixos mkdir /mnt/nix +mkdir /nix mount --bind /mnt/nix/ /nix +mkdir /mnt/tmp +mount --bind /mnt/tmp /tmp ~~~ - + * installer les paquets nécessaires -~~~ +~~~bash apt-get install bzip2 git byobu htop glances ~~~ * création d'utilisateur (n'importe quil mot de passe) -~~~ +~~~bash adduser nix groupadd -r nixbld for n in $(seq 1 10); do useradd -c "Nix build user $n" -d /var/empty -g nixbld -G nixbld -M -N -r -s "$(which nologin)" nixbld$n; done @@ -133,14 +156,14 @@ for n in $(seq 1 10); do useradd -c "Nix build user $n" -d /var/empty -g nixbld * mise-à-jour des certificats -~~~ +~~~bash update-ca-certificates ~~~ * installer nix -~~~ -chown -R nix /nix +~~~bash +chown -R nix /nix /tmp su - nix bash <(curl https://nixos.org/nix/install) exit @@ -148,26 +171,26 @@ exit * créer un profil nix pour root & un channel -~~~ -. ~nix/.nix-profile/etc/profile.d/nix.sh +~~~bash +. ~nix/.nix-profile/etc/profile.d/nix.sh nix-channel --remove nixpkgs -nix-channel --add http://nixos.org/channels/nixos-unstable nixos +nix-channel --add https://nixos.org/channels/nixos-unstable nixos nix-channel --update ~~~ * installer un editeur de texte -~~~ +~~~bash nix-env -i vim_configurable ~~~ * installation de nixos-install -~~~ +~~~bash cat < /root/configuration.nix { fileSystems."/" = {}; boot.loader.grub.enable = false; -} +} EOF export NIX_PATH=nixpkgs=/root/.nix-defexpr/channels/nixos:nixos=/root/.nix-defexpr/channels/nixos/nixos export NIXOS_CONFIG=/root/configuration.nix @@ -182,7 +205,7 @@ nix-env -i -A config.system.build.nixos-install \ si la machine existe déjà, cloner le dépôt dans /mnt/etc/nixos pour cela, créer clef ssh et l'ajouter sur la forge -~~~ +~~~bash ssh-keygen -t ed25519 cp ~/.ssh/id_ed25519* /mnt/etc/nixos/ @@ -193,13 +216,13 @@ git submodule update * monter /etc/nixos vers /mnt/etc/nixos pour que la config clonée fonctionne -~~~ +~~~bash mount --bind /mnt/etc/nixos/ /etc/nixos/ ~~~ * mettre à jour la configuration matérielle -~~~ +~~~bash export NIX_PATH=nixpkgs=/root/.nix-defexpr/channels/nixos:nixos=/root/.nix-defexpr/channels/nixos/nixos nixos-generate-config --root /mnt ~~~ @@ -210,8 +233,7 @@ notamment le périphérique utilisé par grub * installer le système sur le disque -~~~ +~~~bash unset NIXOS_CONFIG nixos-install ~~~ - diff --git a/applications/graphical/adminsys.nix b/applications/graphical/adminsys.nix index 7e5c66a..bfc6681 100644 --- a/applications/graphical/adminsys.nix +++ b/applications/graphical/adminsys.nix @@ -2,17 +2,20 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.graphical { +mkIf flags.graphical { # Paquets environment.systemPackages = with pkgs; [ # Gestion de FS - parted # Gestion graphique de partitions + gparted # Gestion graphique de partitions unetbootin # création de clefs USB bootables + + # visualisation de log + #logstalgia ]; } diff --git a/applications/graphical/bureau.nix b/applications/graphical/bureau.nix index 934d172..6ae07d6 100644 --- a/applications/graphical/bureau.nix +++ b/applications/graphical/bureau.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf profiles.isDesktopEnvironment { +mkIf currentMachine.profiles.isDesktopEnvironment { # Paquets environment.systemPackages = with pkgs; [ @@ -24,12 +24,14 @@ mkIf profiles.isDesktopEnvironment { gnome3.adwaita-icon-theme # thème d'icone - semble fonctionner avec spaceFM ## Manipulation de fichier - pcmanfm # gestionnaire de fichiers graphique - spaceFM # gestionnaire de fichiers graphique - #vifm # gestionnaire de fichiers basé sur VIM (console) + #kde5.dolphin # gestionnaire de fichiers graphique + #kde5.dolphin-plugins # gestionnaire de fichiers graphique + pcmanfm # gestionnaire de fichiers graphique + spaceFM # gestionnaire de fichiers graphique + #vifm # gestionnaire de fichiers basé sur VIM (console) ## Terminal - sakura # terminal + sakura # terminal ]; # Polices supplémentaires diff --git a/applications/graphical/bureautique.nix b/applications/graphical/bureautique.nix index a826720..a1149a4 100644 --- a/applications/graphical/bureautique.nix +++ b/applications/graphical/bureautique.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf (cfg.officeSuite && cfg.graphical) { +mkIf (flags.officeSuite && flags.graphical) { # Paquets environment.systemPackages = with pkgs; [ @@ -24,7 +24,7 @@ mkIf (cfg.officeSuite && cfg.graphical) { ## Editeur de texte #lyx # surcouche WISIWIM à LaTeX #focuswriter # outil pour l'écriture - textadept # un éditeur de texte facile pour copier-coller graphique + #textadept # un éditeur de texte facile pour copier-coller graphique #zim # outil de prise de notes, wiki de bureau ## Visionneuse diff --git a/applications/graphical/cao.nix b/applications/graphical/cao.nix index 3be3ed7..a3d2a6d 100644 --- a/applications/graphical/cao.nix +++ b/applications/graphical/cao.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf (cfg.conception-assistee && cfg.graphical) { +mkIf (flags.conception-assistee && flags.graphical) { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/graphical/cartographie.nix b/applications/graphical/cartographie.nix index c2c91b9..4c3d269 100644 --- a/applications/graphical/cartographie.nix +++ b/applications/graphical/cartographie.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf (cfg.cartographie && cfg.graphical) { +mkIf (flags.cartographie && flags.graphical) { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/graphical/client-internet.nix b/applications/graphical/client-internet.nix index e6711eb..5d463cf 100644 --- a/applications/graphical/client-internet.nix +++ b/applications/graphical/client-internet.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -# TODO: ménage -mkIf (cfg.internetSuite && cfg.graphical) { + +mkIf (flags.internetSuite && flags.graphical) { # Paquets environment.systemPackages = with pkgs; [ @@ -20,9 +20,8 @@ environment.systemPackages = with pkgs; [ ## Mail & Discussion (texte, audio) clawsMail hexchat - quassel quasselClient - mumble + #mumble pidgin thunderbird @@ -31,20 +30,4 @@ environment.systemPackages = with pkgs; [ transmission_gtk transmission_remote_gtk ]; - - nixpkgs.config.packageOverrides = pkgs: { - clawsMail = pkgs.clawsMail.override { - enablePluginFancy = false; # nécessite wekitgtk qui est troué - enablePluginPdf = true; - enablePluginRavatar = true; - enablePluginSmime = true; - enablePluginVcalendar = true; - enableSpellcheck = true; - }; - mumble = pkgs.mumble.override { pulseSupport = true; }; - }; - - #nixpkgs.config.permittedInsecurePackages = [ - # "webkitgtk-2.4.11" # pour que le plugin fancy de claws-mail fonctionne - #]; } diff --git a/applications/graphical/default-applications.nix b/applications/graphical/default-applications.nix index 34478cb..659131d 100644 --- a/applications/graphical/default-applications.nix +++ b/applications/graphical/default-applications.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf (true && cfg.graphical) { +mkIf (true && flags.graphical) { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/graphical/default.nix b/applications/graphical/default.nix index 315933b..cdcdfc7 100644 --- a/applications/graphical/default.nix +++ b/applications/graphical/default.nix @@ -2,9 +2,9 @@ let #inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in { @@ -26,6 +26,7 @@ in ./edition-photo.nix # modifier les photos & assimilé ./edition-video.nix # modifier les vidéos ./jeux.nix # jouer, tout simplement ;) + ./radio.nix # outils pour faire de la radio SDR ## if isDesktop ./adminsys.nix # pour gérer le système dans son ensemble et les services diff --git a/applications/graphical/developpement-elm.nix b/applications/graphical/developpement-elm.nix index ab11ef5..f37bc7b 100644 --- a/applications/graphical/developpement-elm.nix +++ b/applications/graphical/developpement-elm.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf (cfg.developpement-elm && cfg.graphical) { +mkIf (flags.developpement-elm && flags.graphical) { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/graphical/developpement-haskell.nix b/applications/graphical/developpement-haskell.nix index f118036..353322b 100644 --- a/applications/graphical/developpement-haskell.nix +++ b/applications/graphical/developpement-haskell.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf (cfg.developpement-haskell && cfg.graphical) { +mkIf (flags.developpement-haskell && flags.graphical) { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/graphical/developpement-java.nix b/applications/graphical/developpement-java.nix index 6e91238..2b830f3 100644 --- a/applications/graphical/developpement-java.nix +++ b/applications/graphical/developpement-java.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf (cfg.developpement-java && cfg.graphical) { +mkIf (flags.developpement-java && flags.graphical) { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/graphical/developpement-jetbrains.nix b/applications/graphical/developpement-jetbrains.nix index 3901bb3..b42320a 100644 --- a/applications/graphical/developpement-jetbrains.nix +++ b/applications/graphical/developpement-jetbrains.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf (cfg.jetbrains-licensed && cfg.graphical) { +mkIf (flags.jetbrains-licensed && flags.graphical) { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/graphical/developpement-rust.nix b/applications/graphical/developpement-rust.nix index 5a64ba1..0b6f0b4 100644 --- a/applications/graphical/developpement-rust.nix +++ b/applications/graphical/developpement-rust.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf (cfg.developpement-rust && cfg.graphical) { +mkIf (flags.developpement-rust && flags.graphical) { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/graphical/developpement.nix b/applications/graphical/developpement.nix index 2a07dd5..1389237 100644 --- a/applications/graphical/developpement.nix +++ b/applications/graphical/developpement.nix @@ -2,18 +2,18 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf (cfg.developpement && cfg.graphical) { +mkIf (flags.developpement && flags.graphical) { # Paquets environment.systemPackages = with pkgs; [ # Base de données pgadmin # interface d'administration de postgres - sqlitebrowser # interface d'administration de sqlite + #sqlitebrowser # interface d'administration de sqlite # Documentation #zeal # consulter la documentation hors ligne diff --git a/applications/graphical/edition-musique.nix b/applications/graphical/edition-musique.nix index 5f692f7..2d04441 100644 --- a/applications/graphical/edition-musique.nix +++ b/applications/graphical/edition-musique.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf (cfg.edition-musique && cfg.graphical) { +mkIf (flags.edition-musique && flags.graphical) { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/graphical/edition-photo.nix b/applications/graphical/edition-photo.nix index cdda5de..e0573ad 100644 --- a/applications/graphical/edition-photo.nix +++ b/applications/graphical/edition-photo.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf (cfg.edition-photo && cfg.graphical) { +mkIf (flags.edition-photo && flags.graphical) { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/graphical/edition-video.nix b/applications/graphical/edition-video.nix index 3314453..61f9a2b 100644 --- a/applications/graphical/edition-video.nix +++ b/applications/graphical/edition-video.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf (cfg.edition-video && cfg.graphical) { +mkIf (flags.edition-video && flags.graphical) { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/graphical/jeux.nix b/applications/graphical/jeux.nix index 8ecb8da..d426081 100644 --- a/applications/graphical/jeux.nix +++ b/applications/graphical/jeux.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf (cfg.jeux && cfg.graphical) { +mkIf (flags.jeux && flags.graphical) { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/graphical/multimedia.nix b/applications/graphical/multimedia.nix index 1124636..1ea891a 100644 --- a/applications/graphical/multimedia.nix +++ b/applications/graphical/multimedia.nix @@ -2,20 +2,15 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -# TODO ranger le spécifique pulseaudio -mkIf (cfg.multimediaSuite && cfg.graphical) { +mkIf (flags.multimediaSuite && flags.graphical) { # Paquets environment.systemPackages = with pkgs; [ - ## Audio - paprefs # préferences pulseaudio - pavucontrol # mixer pulseaudio - ## Video smplayer # lecteur vidéo vlc # lecteur vidéo diff --git a/applications/graphical/network.nix b/applications/graphical/network.nix index 93809df..15969e0 100644 --- a/applications/graphical/network.nix +++ b/applications/graphical/network.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf (true && cfg.graphical) { +mkIf (true && flags.graphical) { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/graphical/radio.nix b/applications/graphical/radio.nix new file mode 100644 index 0000000..3afa2b1 --- /dev/null +++ b/applications/graphical/radio.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkMerge mkThenElse; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; +in + +mkIf (flags.radio && flags.graphical) { + + # Paquets + environment.systemPackages = with pkgs; [ + ## GUI + gqrx # GUI + #gnuradio # Software Defined Radio (SDR) software + gnuradio-with-packages + + ## A Trier + # + #gnuradio-osmosdr # Gnuradio block for OsmoSDR and rtl-sdr + + inspectrum # Tool for analysing captured signals from sdr receivers + kalibrate-rtl # Calculate local oscillator frequency offset in RTL-SDR devices + ]; +} diff --git a/applications/graphical/securite.nix b/applications/graphical/securite.nix index 461e836..543c611 100644 --- a/applications/graphical/securite.nix +++ b/applications/graphical/securite.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf (cfg.securitySuite && cfg.graphical) { +mkIf (flags.securitySuite && flags.graphical) { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/overrides.nix b/applications/overrides.nix new file mode 100644 index 0000000..9ebd866 --- /dev/null +++ b/applications/overrides.nix @@ -0,0 +1,48 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkMerge mkThenElse; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; +in + +mkIf true { + + nixpkgs.config.packageOverrides = pkgs: { + clawsMail = pkgs.clawsMail.override { + enablePgp = true; + enablePluginArchive = true; + enablePluginFancy = false; # nécessite wekitgtk qui est troué + enablePluginPdf = true; + enablePluginRavatar = true; + enablePluginSmime = true; + enablePluginVcalendar = true; + enableSpellcheck = true; + }; + + ffmpeg-full = pkgs.ffmpeg-full.override { + nonfreeLicensing = true; + nvenc = true; + }; + + # bug connu : https://nixos.org/nix-dev/2014-December/015225.html + # find /nix/store/ -maxdepth 1 -type d -name "*gnuradio-*" + # Commande pour générer le path : find /nix/store/ -maxdepth 1 -type d -name "*gnuradio-*"|paste -d: -s - + gnuradio-with-packages = pkgs.gnuradio-with-packages.override { + extraPackages = with pkgs; [ + gnuradio-ais + gnuradio-gsm + gnuradio-nacl + gnuradio-osmosdr # support des dongle Realtek + gnuradio-rds # support du décodage de RDS sur les radio FM + ]; + }; + + mumble = pkgs.mumble.override { pulseSupport = true; }; + }; + + #nixpkgs.config.permittedInsecurePackages = [ + # "webkitgtk-2.4.11" # pour que le plugin fancy de claws-mail fonctionne + #]; +} diff --git a/applications/terminal/adminsys.nix b/applications/terminal/adminsys.nix index 723cfc5..a66799a 100644 --- a/applications/terminal/adminsys.nix +++ b/applications/terminal/adminsys.nix @@ -2,9 +2,9 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in mkIf true { @@ -12,7 +12,9 @@ mkIf true { # Paquets environment.systemPackages = with pkgs; [ # Adminsys + bind # utilisé pour les utilitaires comme dig cowsay # pour ansible & 4lulz + dhcp # client dhcp iotop lm_sensors lshw @@ -20,13 +22,15 @@ mkIf true { ntp powerline-fonts powertop - python27Packages.ansible2 - python27Packages.glances + #ansible + python36Packages.glances + pv # afficher le débit d'un flux dd if=/dev/zero | pv | dd of=/dev/null sysstat # pour la commande "iostat -x -1" de monitoring d'activité disque usbutils # Backup duplicity # création de sauvegarde chiffrées (GPG) + par2cmdline # outil de récupération de fichiers corrompus - .par2 # Compression lz4 @@ -47,7 +51,7 @@ mkIf true { ## Exploitation FS inotify-tools # être notifié lorsque le contenu d'un répertoire change - detox # The detox utility renames files to make them easier to work with. + detox # The detox utility renames files to make them easier to work with. duff # outil de recherche de fichiers en doublons rdfind # recherche de fichiers doublons pour remplacement par hard/soft link ]; diff --git a/applications/terminal/bureau.nix b/applications/terminal/bureau.nix index b72fbec..02337b1 100644 --- a/applications/terminal/bureau.nix +++ b/applications/terminal/bureau.nix @@ -2,9 +2,9 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in mkIf true { diff --git a/applications/terminal/bureautique.nix b/applications/terminal/bureautique.nix index bb2e5f4..f594437 100644 --- a/applications/terminal/bureautique.nix +++ b/applications/terminal/bureautique.nix @@ -2,17 +2,18 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.officeSuite { +mkIf flags.officeSuite { # Paquets environment.systemPackages = with pkgs; [ # Bureautique - aspell aspellDicts.fr # correction d'ortographe + aspell aspellDicts.fr # correction d'ortographe + python36Packages.grammalecte # correction gramatical # Gestion de tâche taskwarrior # gestionnaire de tâches en console diff --git a/applications/terminal/cao.nix b/applications/terminal/cao.nix index ac5da71..30f33c9 100644 --- a/applications/terminal/cao.nix +++ b/applications/terminal/cao.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.conception-assistee { +mkIf flags.conception-assistee { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/terminal/cartographie.nix b/applications/terminal/cartographie.nix index b7c80c7..f748045 100644 --- a/applications/terminal/cartographie.nix +++ b/applications/terminal/cartographie.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.cartographie { +mkIf flags.cartographie { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/terminal/client-internet.nix b/applications/terminal/client-internet.nix index 146b9f0..7ee9da1 100644 --- a/applications/terminal/client-internet.nix +++ b/applications/terminal/client-internet.nix @@ -2,23 +2,29 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -# TODO: ménage -mkIf cfg.internetSuite { + +mkIf flags.internetSuite { # Paquets environment.systemPackages = with pkgs; [ # Clients Internet ## Réseaux sociaux - #python27Packages.turses # client twitter en ncurse - python27Packages.rainbowstream # client twitter en console - rtv # client reddit en console + #turses # client twitter en ncurse + #python36Packages.rainbowstream # client twitter en console + #rtv # client reddit en console ## Mail & Discussion (texte, audio) mutt + + ## Sauvegarde nuagique (cloud storage) + #rclone + + ## P2P + rtorrent # outil de téléchargement de torrent & magnet ]; } diff --git a/applications/terminal/default-applications.nix b/applications/terminal/default-applications.nix index 598975e..ee97dfe 100644 --- a/applications/terminal/default-applications.nix +++ b/applications/terminal/default-applications.nix @@ -2,36 +2,30 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in mkIf true { # Paquets environment.systemPackages = with pkgs; [ - bind # utilisé pour les utilitaires comme dig - byobu # permet de se déconnecter d'un terminal sans l'aréter - dhcp # client dhcp - git gitAndTools.gitSVN gitAndTools.tig gti # outil de gestion de version + byobu # permet de se déconnecter d'un terminal sans l'arréter + git gitAndTools.tig gti # outil de gestion de version gnumake # pour décrire les recettes de compilation gnupg # GPG - gpm # prise en charge de la souris en console htop # monitoring - lsb-release # pour les scripts qui utilisent cet outil + lsb-release # pour les scripts qui utilisent cet outil (dont byobu) #libressl # librairie pour faire du TLS et les algorithmes de crypto par OpenBSD ncdu # outil pour voir l'espace utilisé - par2cmdline # outil de récupération de fichiers corrompus - .par2 p7zip # compression de fichier parted # partitionnement de disque pciutils pinentry # pour taper les mots de passe gpg psmisc # fournis les utilitaires comme killall, fuser, pstree - python # python -- python -m SimpleHTTPServer 8000 - #python34Packages.glances # monitoring - pwgen # générateur de mot de passe - rtorrent # TODO outil de téléchargement de torrent & magnet + #python # python -- python -m SimpleHTTPServer 8000 + shared_mime_info # MIME info tmux # nécessaire pour byobu tree # affiche une arborescence de fichiers et dossiers usbutils diff --git a/applications/terminal/default.nix b/applications/terminal/default.nix index 315933b..cdcdfc7 100644 --- a/applications/terminal/default.nix +++ b/applications/terminal/default.nix @@ -2,9 +2,9 @@ let #inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in { @@ -26,6 +26,7 @@ in ./edition-photo.nix # modifier les photos & assimilé ./edition-video.nix # modifier les vidéos ./jeux.nix # jouer, tout simplement ;) + ./radio.nix # outils pour faire de la radio SDR ## if isDesktop ./adminsys.nix # pour gérer le système dans son ensemble et les services diff --git a/applications/terminal/developpement-elm.nix b/applications/terminal/developpement-elm.nix index 3bfeab0..01a604b 100644 --- a/applications/terminal/developpement-elm.nix +++ b/applications/terminal/developpement-elm.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.developpement-elm { +mkIf flags.developpement-elm { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/terminal/developpement-haskell.nix b/applications/terminal/developpement-haskell.nix index a402bf8..62fb4ce 100644 --- a/applications/terminal/developpement-haskell.nix +++ b/applications/terminal/developpement-haskell.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.developpement-haskell { +mkIf flags.developpement-haskell { # Paquets environment.systemPackages = with pkgs; [ @@ -18,16 +18,18 @@ mkIf cfg.developpement-haskell { stack # pour les paquets en LTS de stackage ] ++ (with pkgs.haskellPackages; [ # Haskell lib - autoproc # ? procmail - darcs # Gestionnaire de version éponyme - ghc-mod - hindent # indentation code - hlint # qualite de code, analyse statique de code + astuces & bonnes pratiques - #postgrest # mapper HTTP <-> PostgreSQL - stylish-haskell # qualité de code - turtle # genre shell-scripting + autoproc # ? procmail + darcs # gestionnaire de version éponyme + ghc-mod # outil d'analyse de code haskell utilisé par IDE + hindent # indentation code + hlint # qualite de code, analyse statique de code + astuces & bonnes pratiques + #postgrest # mapper HTTP <-> PostgreSQL + servant # génération d'API REST + stylish-haskell # qualité de code + turtle # genre shell-scripting # Application perso hahp + pandoc-filter-graphviz # filtre pour utiliser graphviz à partir de pandoc ]); } diff --git a/applications/terminal/developpement-java.nix b/applications/terminal/developpement-java.nix index 880d0e5..354a193 100644 --- a/applications/terminal/developpement-java.nix +++ b/applications/terminal/developpement-java.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.developpement-java { +mkIf flags.developpement-java { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/terminal/developpement-jetbrains.nix b/applications/terminal/developpement-jetbrains.nix index de3149e..ff91e67 100644 --- a/applications/terminal/developpement-jetbrains.nix +++ b/applications/terminal/developpement-jetbrains.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.jetbrains-licensed { +mkIf flags.jetbrains-licensed { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/terminal/developpement-rust.nix b/applications/terminal/developpement-rust.nix index 0ff6ea1..40a6750 100644 --- a/applications/terminal/developpement-rust.nix +++ b/applications/terminal/developpement-rust.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.developpement-rust { +mkIf flags.developpement-rust { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/terminal/developpement.nix b/applications/terminal/developpement.nix index 495df93..7bc4cbc 100644 --- a/applications/terminal/developpement.nix +++ b/applications/terminal/developpement.nix @@ -2,28 +2,40 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.developpement { +mkIf flags.developpement { # Paquets environment.systemPackages = with pkgs; [ + # Build / outil de construction + autobuild + autoconf + automake + + # Base de données + pg_top # monitoring de PostgreSQL + sqlite # le moteur de base de données + # C / C++ - gcc # pour les appels depuis les scripts + gcc # pour les appels depuis les scripts # Gestion des sources - cloc # outil pour compter les lignes de code source - git # déjà présent dans "base" + cloc # outil pour compter les lignes de code source + git gitAndTools.gitSVN # git et git-svn mercurial subversion + # spécification + plantuml # diagrammes UML et plus si affinité + # Mono - #mono46 # interpréteur .NET + #mono46 # interpréteur .NET ## Visualisation & outils de diff - #vbindiff # diff de fichier hexadecimaux avec vim + #vbindiff # diff de fichier hexadecimaux avec vim ]; } diff --git a/applications/terminal/edition-musique.nix b/applications/terminal/edition-musique.nix index f875da7..cead741 100644 --- a/applications/terminal/edition-musique.nix +++ b/applications/terminal/edition-musique.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.edition-musique { +mkIf flags.edition-musique { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/terminal/edition-photo.nix b/applications/terminal/edition-photo.nix index bc923df..dc14969 100644 --- a/applications/terminal/edition-photo.nix +++ b/applications/terminal/edition-photo.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.edition-photo { +mkIf flags.edition-photo { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/terminal/edition-video.nix b/applications/terminal/edition-video.nix index c3ae81c..af23cb8 100644 --- a/applications/terminal/edition-video.nix +++ b/applications/terminal/edition-video.nix @@ -2,22 +2,15 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.edition-video { +mkIf flags.edition-video { # Paquets environment.systemPackages = with pkgs; [ ffmpeg-full # assemblage de flux audio & video en ligne de commande ]; - - nixpkgs.config.packageOverrides = pkgs: { - ffmpeg-full = pkgs.ffmpeg-full.override { - nonfreeLicensing = true; - nvenc = true; - }; - }; } diff --git a/applications/terminal/jeux.nix b/applications/terminal/jeux.nix index ae00806..2f1aa79 100644 --- a/applications/terminal/jeux.nix +++ b/applications/terminal/jeux.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.jeux { +mkIf flags.jeux { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/terminal/multimedia.nix b/applications/terminal/multimedia.nix index 847ffe2..717b9fb 100644 --- a/applications/terminal/multimedia.nix +++ b/applications/terminal/multimedia.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.multimediaSuite { +mkIf flags.multimediaSuite { # Paquets environment.systemPackages = with pkgs; [ diff --git a/applications/terminal/network.nix b/applications/terminal/network.nix index 5432452..9e9c263 100644 --- a/applications/terminal/network.nix +++ b/applications/terminal/network.nix @@ -2,9 +2,9 @@ let inherit (lib) mkIf; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in mkIf true { @@ -19,15 +19,14 @@ mkIf true { ## Diagnostic arp-scan + #mtr -> installé plus bas nmap # outil de scan de port réseau whois ]; - # Paquets avec setuid root - security.wrappers = { - # outil de diagnostic réseau - mtr.source = "${pkgs.mtr}/bin/mtr"; - }; + # https://github.com/NixOS/nixpkgs/issues/30335 + # Some programs need SUID wrappers, can be configured further or are started in user sessions. + programs.mtr.enable = true; networking.firewall = { allowedTCPPorts = [ diff --git a/applications/terminal/radio.nix b/applications/terminal/radio.nix new file mode 100644 index 0000000..fc196f6 --- /dev/null +++ b/applications/terminal/radio.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkMerge mkThenElse; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; +in + +mkIf flags.radio { + +# pour que ça marche +# sudo rmmod dvb_usb_rtl28xxu + +# lecture radio FM +# rtl_fm -f 96.9e6 -M wbfm -s 440000 -r 44100 - | aplay -r 44100 -f S16_LE +# rtl_fm -f 96.95e6 -M wbfm -s 441000 -r 44100 - | aplay -r 44100 -f S16_LE -t raw -c 1 +# rtl_fm -f 96.95e6 -M wbfm -s 441000 -r 44100 -E deemp - |pv| aplay -r 44100 -f S16_LE -t raw -c 1 + + # Paquets + environment.systemPackages = with pkgs; [ + gnss-sdr # Global Navigation Satellite Systems software-defined receiver + liquid-dsp # Digital signal processing library for software-defined radios + rtl-sdr # Turns your Realtek RTL2832 based DVB dongle into a SDR receiver + ]; + + # Configuration matérielle + boot.blacklistedKernelModules = [ + "dvb_usb_rtl28xxu" + ]; +} diff --git a/applications/terminal/securite.nix b/applications/terminal/securite.nix index 20b4dcf..a03980e 100644 --- a/applications/terminal/securite.nix +++ b/applications/terminal/securite.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.securitySuite { +mkIf flags.securitySuite { # Paquets environment.systemPackages = with pkgs; [ diff --git a/base.nix b/base.nix index 1717af4..c4d6c1d 100644 --- a/base.nix +++ b/base.nix @@ -1,16 +1,13 @@ { config, lib, pkgs, ... }: -let - #inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; -in - { imports = [ # moulinette de configuration - ./config-generator.nix + /*./config-generator.nix*/ + ./options.nix + + # Redéfinition d'applications et de modules + ./applications/overrides.nix # subfolders ./applications/graphical/default.nix diff --git a/config-generator.nix b/config-generator.nix index 6cd21a0..92ddc96 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -6,106 +6,21 @@ let pfl = config.r6d.profiles; comp = config.r6d.computers; host = config.networking.hostName; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in { # TODO camel case partout # TODO everything in english # TODO sortir ce qui est privé -# TODO portage du système d'annuaire de machines de capgemini ###### interface options = { - - #* Utilisé pour afecter des capacités aux machines - r6d.profiles = { - # Domaine - isDubronetwork = mkEnableOption "Pour distinguer les machines dubronetwork."; - isPrunetwork = mkEnableOption "Pour distinguer les machines prunetwork."; - # Utilisation machine - isDesktopEnvironment = mkEnableOption "Pour indiquer une machine avec interface graphique."; - isServer = mkEnableOption "Pour indiquer qu'il s'agit d'un serveur."; - isWorkstation = mkEnableOption "Pour indiquer que la machine sert à travailler."; - }; - - #* Utilisé dans les fichiers .nix - r6d.config-generator = { - #enable = mkEnableOption "Génération de la configuration d'une machine."; - awesome = mkEnableOption "Profil pour activer le gestionnaire de fenêtre awesome."; - auto-upgrade = mkEnableOption "Profil pour activer les mises à jour automatiques."; - cartographie = mkEnableOption "Profil pour activer les outils de gestion de données géographiques."; - conception-assistee = mkEnableOption "Profil pour activer les outils de conception électronique & modélisation 3D"; - database_postgres = mkEnableOption "Profil pour activer le SGBD PostgreSQL."; - developpement = mkEnableOption "Profil pour activer les outils de développement"; - developpement-elm = mkEnableOption "Profil pour activer les outils de développement Elm"; - developpement-haskell = mkEnableOption "Profil pour activer les outils de développement Haskell"; - developpement-java = mkEnableOption "Profil pour activer les outils de développement Java"; - developpement-rust = mkEnableOption "Profil pour activer les outils de développement Rust"; - docker = mkEnableOption "Profil pour l'utilisation de Docker."; - dovecot = mkEnableOption "Profil pour activer le serveur Dovecot."; - dns_autorite = mkEnableOption "Profil pour servir les fichiers de zone DNS."; - dns_resolveur = mkEnableOption "Profil pour activer un résolveur DNS local."; - edition-musique = mkEnableOption "Profil pour la création/édition de musique."; - edition-photo = mkEnableOption "Profil pour la création/édition de photos."; - edition-video = mkEnableOption "Profil pour la création/édition de video."; - elasticsearch = mkEnableOption "Profil pour activer le service elasticsearch."; - fail2ban = mkEnableOption "Profil pour activer Fail2ban."; - graphical = mkEnableOption "Profil pour activer les applications graphgiques."; - hydra-builder = mkEnableOption "Profil pour une machine qui compile pour hydra."; - hydra-core = mkEnableOption "Profil pour un serveur hydra."; - kibana = mkEnableOption "Profil pour activer le service kibana."; - internetSuite = mkEnableOption "Profil pour la suite de logiciels pour Internet."; - jetbrains-licensed = mkEnableOption "Profil pour la suite de développement Jetbrains payante (sous-ensemble)."; - jeux = mkEnableOption "Profil pour les jeux vidéos."; - laptop = mkEnableOption "Profil pour les outils spécifiques aux ordinateurs portables."; - locate = mkEnableOption "Profil pour activer la fonction locate."; - mailboxes = mkEnableOption "Profil pour stocker les mails dans des boîtes aux lettres."; - multimediaSuite = mkEnableOption "Profil pour la suite multimédia."; - murmur = mkEnableOption "Profil pour activer un serveur Mumble (murmur)"; - nix-serve-client = mkEnableOption "Profil pour que la machine soit un client de cache nix."; - nix-serve-server = mkEnableOption "Profil pour que la machine soit un serveur de cache nix."; - nixStoreProxyCache = mkEnableOption "Profil pour activer le proxy cahce nginx pour le nix store"; - officeSuite = mkEnableOption "Profil pour la suite bureautique"; - print = mkEnableOption "Profil pour activer cups & pouvoir imprimer."; - pulseaudio = mkEnableOption "Profil pour activer pulseaudio."; - rabbitmq = mkEnableOption "Profil pour activer le service de messagerie AMQP."; - radicale = mkEnableOption "Profil pour activer le service d'hébergement de calendrier + tâches & contacts."; - scanner = mkEnableOption "Profil pour que les scanners soient utilisable."; - securitySuite = mkEnableOption "Profil pour la suite de logiciels de sécurité."; - smokeping = mkEnableOption "Profil pour activer le monitoring réseau par smokeping."; - swap = mkEnableOption "Profil pour que le swap soit activé."; - virtualbox = mkEnableOption "Profil pour l'utilisation de VirtualBox."; - xmonad = mkEnableOption "Profil pour activer le gestionnaire de fenêtres xmonad."; - znc = mkEnableOption "Profil pour activer le relais IRC ZNC."; - - tincAddress = mkOption { - default = ""; - example = "192.168.1.1"; - description = "Adresse du noeud tinc local"; - type = lib.types.string; - }; - tincExtraConfig = mkOption { - default = ""; - example = '' - Mode = router - ConnecTo = bar - ''; - description = "Configuration supplémentaire pour tinc"; - type = lib.types.string; - }; - }; #* Utilisé pour avoir des raccourcis de machine r6d.computers = { - isHydra = mkEnableOption "Identification du nom de machine."; - isLatitude = mkEnableOption "Identification du nom de machine."; - isMonstre = mkEnableOption "Identification du nom de machine."; - isNeoNomade = mkEnableOption "Identification du nom de machine."; isNomade = mkEnableOption "Identification du nom de machine."; - isOcean = mkEnableOption "Identification du nom de machine."; - isPedro = mkEnableOption "Identification du nom de machine."; - isPhenom = mkEnableOption "Identification du nom de machine."; - isRadx = mkEnableOption "Identification du nom de machine."; - isRollo = mkEnableOption "Identification du nom de machine."; }; }; @@ -115,233 +30,18 @@ in config = mkMerge [ ## Définition des profils génériques - (mkIf pfl.isDesktopEnvironment { - r6d.config-generator = { - awesome = true; - internetSuite = true; - multimediaSuite = true; - officeSuite = true; - pulseaudio = true; - securitySuite = true; - }; - }) - (mkIf (pfl.isServer && !comp.isMonstre) { - r6d.config-generator = { - #database_postgres = true; - dns_autorite = true; - #dns_resolveur = true; - # inutile d'exposer la conf complète du serveur par le store tant qu'il n'y a pas de protection complémentaire - utilisation SSH ? - #nix-serve-server = true; - smokeping = true; - - #rabbitmq = true; - }; - }) # /!\ PAS un serveur (mkIf (!pfl.isServer || comp.isMonstre) { r6d.config-generator = { dns_resolveur = true; }; }) - (mkIf pfl.isWorkstation { - r6d.profiles.isDesktopEnvironment = true; - - r6d.config-generator = { - docker = true; - graphical = true; - }; - }) - - ## Profils liés à Dubronetwork - (mkIf pfl.isDubronetwork { - r6d.config-generator = { - auto-upgrade = true; - locate = true; - print = true; - }; - }) - (mkIf (pfl.isDubronetwork && pfl.isWorkstation) { - r6d.config-generator = { - cartographie = true; - conception-assistee = true; - docker = true; - developpement = true; - developpement-elm = true; - developpement-haskell = true; - developpement-java = true; - developpement-rust = true; - edition-musique = true; - edition-photo = true; - edition-video = true; - scanner = true; - virtualbox = true; - xmonad = true; - }; - }) - - ## Profils liés à Prunetwork - (mkIf pfl.isPrunetwork { - r6d.config-generator = { - auto-upgrade = true; - docker = true; - locate = true; - fail2ban = true; - smokeping = true; - swap = true; - }; - }) - (mkIf (pfl.isPrunetwork && pfl.isWorkstation) { - r6d.config-generator = { - cartographie = true; - conception-assistee = true; - docker = true; - developpement = true; - #developpement-elm = true; - developpement-haskell = true; - developpement-java = true; - developpement-rust = true; - edition-musique = true; - edition-photo = true; - edition-video = true; - hydra-core = false; # DO NOT ENABLE ON WORKSTATION, YOU CAN CRASH YOUR SYSTEM - print = true; - scanner = true; - #virtualbox = true; - #xmonad = true; - }; - }) - ## Affectation des profils aux machines - (mkIf comp.isHydra { - networking.hostName = "hydra.prunetwork.fr"; # Define your hostname. - r6d.profiles = { - isPrunetwork = true; - isServer = true; - }; - - r6d.config-generator = { - docker = true; - hydra-builder = true; - hydra-core = true; - nix-serve-server = true; - tincAddress = "192.168.12.9/24"; - tincExtraConfig = '' - ConnectTo = rollo_dubronetwork_fr - ConnectTo = ocean_prunetwork_fr - ''; - }; - }) - (mkIf comp.isOcean { - networking.hostName = "ocean.prunetwork.fr"; # Define your hostname. - r6d.profiles = { - isPrunetwork = true; - isServer = true; - }; - r6d.config-generator = { - docker = true; - hydra-builder = true; - radicale = true; - nix-serve-client = true; - nix-serve-server = true; - tincAddress = "192.168.12.6/24"; - tincExtraConfig = '' - ConnectTo = hydra_prunetwork_fr - ConnectTo = rollo_dubronetwork_fr - ''; - }; - }) - (mkIf comp.isRadx { - networking.hostName = "radx.prunetwork.fr"; # Define your hostname. - r6d.profiles = { - isPrunetwork = true; - isWorkstation = true; - }; - - r6d.config-generator = { - database_postgres = true; - elasticsearch = true; - #hydra-core = false; # DO NOT ENABLE ON WORKSTATION - kibana = true; - nix-serve-client = true; - nix-serve-server = true; - rabbitmq = true; - tincAddress = "192.168.12.3/24"; - tincExtraConfig = '' - ConnectTo = monstre_dubronetwork_fr - ConnectTo = rollo_dubronetwork_fr - ConnectTo = hydra_prunetwork_fr - ConnectTo = ocean_prunetwork_fr - ''; - virtualbox = true; - }; - }) - - (mkIf comp.isLatitude { - networking.hostName = "latitude.dubronetwork.fr"; # Define your hostname. - r6d.profiles = { - isDubronetwork = true; - isWorkstation = true; - }; - - r6d.config-generator = { - jetbrains-licensed = true; - laptop = true; - nix-serve-client = true; - nix-serve-server = true; - tincAddress = "192.168.12.2/24"; - tincExtraConfig = '' - ConnectTo = monstre_dubronetwork_fr - ConnectTo = rollo_dubronetwork_fr - ConnectTo = hydra_prunetwork_fr - ConnectTo = ocean_prunetwork_fr - ''; - }; - }) - (mkIf comp.isMonstre { - networking.hostName = "monstre.dubronetwork.fr"; # Define your hostname. - r6d.profiles = { - isDubronetwork = true; - isServer = true; - }; - - r6d.config-generator = { - fail2ban = true; - murmur = true; - nix-serve-client = true; - nix-serve-server = true; - nixStoreProxyCache = true; - tincAddress = "192.168.12.4/24"; - tincExtraConfig = '' - ConnectTo = rollo_dubronetwork_fr - ConnectTo = hydra_prunetwork_fr - ConnectTo = ocean_prunetwork_fr - ''; - }; - }) - (mkIf comp.isNeoNomade{ - networking.hostName = "neo-nomade.dubronetwork.fr"; # Define your hostname. - r6d.profiles = { - isDubronetwork = true; - isDesktopEnvironment = true; - }; - - r6d.config-generator = { - laptop = true; - graphical = true; - scanner = true; - tincAddress = "192.168.12.7/24"; - tincExtraConfig = '' - ConnectTo = monstre_dubronetwork_fr - ConnectTo = rollo_dubronetwork_fr - ConnectTo = hydra_prunetwork_fr - ConnectTo = ocean_prunetwork_fr - ''; - }; - }) # Dubro Vivo - St Malo #tincAddress = "192.168.12.8/24"; + (mkIf comp.isNomade{ networking.hostName = "nomade.dubronetwork.fr"; # Define your hostname. r6d.profiles.isDubronetwork = true; @@ -350,60 +50,5 @@ in laptop = true; }; }) - (mkIf comp.isPedro { - r6d.profiles = { - isDubronetwork = true; - isServer = true; - }; - - r6d.config-generator = { - fail2ban = true; - }; - }) - (mkIf comp.isPhenom { - networking.hostName = "phenom.dubronetwork.fr"; # Define your hostname. - r6d.profiles = { - isDubronetwork = true; - isWorkstation = true; - }; - - r6d.config-generator = { - jetbrains-licensed = true; - #hydra-core = true; - nix-serve-client = true; - nix-serve-server = true; - edition-photo = true; - tincAddress = "192.168.12.1/24"; - tincExtraConfig = '' - ConnectTo = monstre_dubronetwork_fr - ConnectTo = rollo_dubronetwork_fr - ConnectTo = hydra_prunetwork_fr - ConnectTo = ocean_prunetwork_fr - ''; - }; - }) - (mkIf comp.isRollo { - networking.hostName = "rollo.dubronetwork.fr"; # Define your hostname. - r6d.profiles = { - isDubronetwork = true; - isServer = true; - }; - - r6d.config-generator = { - dovecot = true; - fail2ban = true; - mailboxes = true; - murmur = true; - nix-serve-client = true; - nix-serve-server = true; - tincAddress = "192.168.12.5/24"; - tincExtraConfig = '' - ConnectTo = hydra_prunetwork_fr - ConnectTo = ocean_prunetwork_fr - ''; - virtualbox = true; - znc = true; - }; - }) ]; } diff --git a/configuration/auto-upgrade.nix b/configuration/auto-upgrade.nix index 48539a8..04ff7f5 100644 --- a/configuration/auto-upgrade.nix +++ b/configuration/auto-upgrade.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.auto-upgrade { +mkIf flags.auto-upgrade { # Automatic update & automatic clean diff --git a/configuration/awesome.nix b/configuration/awesome.nix index a6acd7e..ae5b73d 100644 --- a/configuration/awesome.nix +++ b/configuration/awesome.nix @@ -2,13 +2,13 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in # TODO: rc.lua par défaut (système) -mkIf cfg.awesome { +mkIf flags.awesome { environment.variables = { # Export the current path for the awesome derivation, useful for users rc.lua @@ -19,5 +19,7 @@ mkIf cfg.awesome { # beautiful.init(config.dir .. "/share/awesome//themes/zenburn/theme.lua") # AWESOME_CONFIG_DIR = "${pkgs.awesome}"; - }; + }; + + environment.etc."xdg/awesome/rc.lua".text = builtins.readFile ./../public/config-awesome-4-rc.lua; } diff --git a/configuration/default.nix b/configuration/default.nix index e58bd01..b521f55 100644 --- a/configuration/default.nix +++ b/configuration/default.nix @@ -2,9 +2,9 @@ let #inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in { @@ -15,6 +15,7 @@ in ./localisation.nix ./network.nix #./network-ipv6.nix + ./u2f.nix ./udev.nix # commandées par config-generator diff --git a/configuration/environment.nix b/configuration/environment.nix index 3b47c47..d20e764 100644 --- a/configuration/environment.nix +++ b/configuration/environment.nix @@ -2,31 +2,34 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -# TODO: ménage { # Nombre de process d'installation en parrallèle effectués par Nix nix.buildCores = 0; # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "17.03"; + system.stateVersion = "18.03"; - # copies the NixOS configuration file (usually /etc/nixos/configuration.nix) and links it from the resulting system (getting to /run/current-system/configuration.nix) + # copies the NixOS configuration file (usually /etc/nixos/configuration.nix) and links it from the resulting system (getting to /run/current-system/configuration.nix) system.copySystemConfiguration = true; # On autorise les paquets non-libres nixpkgs.config.allowUnfree = true; - # Lancement de dbus pour les utilisateurs - services.dbus.socketActivated = true; - # NixOS Hardening #security.grsecurity.enable = true; + # Ménage de /tmp au boot + boot.cleanTmpDir = true; + + # Activation des pages de manuel + programs.man.enable = true; + + # Paquets environment = { shellAliases = { @@ -58,7 +61,7 @@ in # Host keys the client accepts - order here is honored by OpenSSH HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 - KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp256,ecdh-sha2-nistp384,diffie-hellman-group-exchange-sha256 + KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr ''; diff --git a/configuration/gitconfig b/configuration/gitconfig index ca21c39..e3d4d5e 100644 --- a/configuration/gitconfig +++ b/configuration/gitconfig @@ -20,6 +20,7 @@ # Logs lol = log --graph --decorate --pretty=oneline --abbrev-commit lola = log --graph --decorate --pretty=oneline --abbrev-commit --all + not-pushed = log --branches --not --remotes [push] default = simple [core] diff --git a/configuration/laptop.nix b/configuration/laptop.nix index e9a47fb..7e69cd3 100644 --- a/configuration/laptop.nix +++ b/configuration/laptop.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.laptop { +mkIf flags.laptop { # Gestion spécifique pour PC portable diff --git a/configuration/localisation.nix b/configuration/localisation.nix index 6b773b7..aa0c60a 100644 --- a/configuration/localisation.nix +++ b/configuration/localisation.nix @@ -2,9 +2,9 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in mkIf true { diff --git a/configuration/network-ipv6.nix b/configuration/network-ipv6.nix index d3f9f0d..ab2d78a 100644 --- a/configuration/network-ipv6.nix +++ b/configuration/network-ipv6.nix @@ -2,15 +2,15 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in mkIf true { # Utilisation d'adresse IPv6 temporaire - + ## https://blog.linitx.com/control-privacy-addressing-ipv6-linux/ ## http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/x1092.html @@ -23,6 +23,7 @@ mkIf true { "net.ipv6.conf.default.temp_valid_lft" = 3600; # 1 heure "net.ipv6.conf.default.use_tempaddr" = 2; # activé + # Activation du routage "net.ipv6.conf.all.forwarding" = true; "net.ipv6.conf.default.forwarding" = true; }; diff --git a/configuration/network.nix b/configuration/network.nix index ed45a70..b6b181a 100644 --- a/configuration/network.nix +++ b/configuration/network.nix @@ -2,9 +2,9 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in mkIf true { @@ -12,10 +12,11 @@ mkIf true { # fix: Hostname -s renvoie "Unknown host" alors que hostname renvoie la bonne valeur # Il s'avère que hostname vérifie la validité du FQDN et du reverse. # Fixer ces paramètres dans les hosts permet de faire tomber en marche - networking.extraHosts = '' - 127.0.0.1 ${config.networking.hostName} + networking.extraHosts = '' + 127.0.0.1 ${config.networking.hostName} ''; + # Activation du routage boot.kernel.sysctl = { "net.ipv4.conf.all.forwarding" = true; "net.ipv4.conf.default.forwarding" = true; diff --git a/configuration/swap.nix b/configuration/swap.nix index 44cdfd0..602fdd5 100644 --- a/configuration/swap.nix +++ b/configuration/swap.nix @@ -2,15 +2,15 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.swap { +mkIf flags.swap { # Gestion du swap - + # https://en.wikipedia.org/wiki/Swappiness boot.kernel.sysctl = { # le swap est activé (!= 0) diff --git a/configuration/u2f.nix b/configuration/u2f.nix new file mode 100644 index 0000000..7898217 --- /dev/null +++ b/configuration/u2f.nix @@ -0,0 +1,41 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkMerge mkThenElse; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; +in + +mkIf true { + # Ajout du support des yobikey & hyperfido + ## source des valeurs udev : https://github.com/Yubico/libu2f-host/blob/master/70-u2f.rules + + ## source car udev sur nixos semble ancien : https://raw.githubusercontent.com/Yubico/libu2f-host/master/70-old-u2f.rules + services.udev.extraRules = '' + # this udev file should be used with udev older than 188 + ACTION!="add|change", GOTO="u2f_end" + + # Yubico YubiKey + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", GROUP="plugdev", MODE="0660" + + # Happlink (formerly Plug-Up) Security KEY + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", GROUP="plugdev", MODE="0660" + + # Neowave Keydo and Keydo AES + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d", ATTRS{idProduct}=="f1d0|f1ae", GROUP="plugdev", MODE="0660" + + # HyperSecu HyperFIDO + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0880", GROUP="plugdev", MODE="0660" + + LABEL="u2f_end" + + SUBSYSTEM=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", GROUP="audio", MODE="0666", SYMLINK+="rtl_sdr" + ''; + + security.pam.enableU2F = true; + + environment.systemPackages = with pkgs; [ + libu2f-host + ]; +} diff --git a/configuration/udev.nix b/configuration/udev.nix index bc14cf9..bbdb94b 100644 --- a/configuration/udev.nix +++ b/configuration/udev.nix @@ -2,9 +2,9 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in mkIf false { diff --git a/iso-image/Makefile.installation b/iso-image/Makefile.installation new file mode 100644 index 0000000..6d6f4e7 --- /dev/null +++ b/iso-image/Makefile.installation @@ -0,0 +1,7 @@ +all: + nixos-generate-config --root /mnt + git config --global user.email "nixos-live@example.org" + git config --global user.name "NixOS Live" + cd /mnt/etc/nixos && git init . && git add . && git commit -m "initial commit" + cd /mnt/etc/nixos && git submodule add http://gogs.prunetwork.fr:80/nixos-config/nixos-template-base.git base + cd /mnt/etc/nixos && git submodule add https://gogs.prunetwork.fr/Capgemini-CDS-Arkea/template-nixos.git capgemini-cmb diff --git a/iso-image/configuration.nix b/iso-image/configuration.nix new file mode 100644 index 0000000..b5bf770 --- /dev/null +++ b/iso-image/configuration.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + capgemini-cmb/default.nix + /nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix + nixos-template-base/base.nix + ]; + # Custom name + isoImage.isoName = pkgs.lib.mkForce "${config.isoImage.isoBaseName}-capgemini-${config.system.nixosLabel}-${pkgs.stdenv.system}.iso"; + # Avoid having the terminal flooded by kernel audit messages + boot.kernelParams = [ "audit=0" ]; + + # Files to copy to the liveCD + isoImage.contents = [ + { + source = ./Makefile.installation; + target = "/custom/Makefile"; + } + ]; + environment.shellAliases = { nixos-generate-custom-config = "cd /iso/custom/ && make";}; + networking.hostName = "nixos-livecd.corp.capgemini.com"; +} diff --git a/lib.nix b/lib.nix new file mode 100644 index 0000000..ab38ed1 --- /dev/null +++ b/lib.nix @@ -0,0 +1,50 @@ +let + lib = with import {}; pkgs.lib; + + profiles = { + isDesktopEnvironment = { + awesome = true; + internetSuite = true; + graphical = true; + multimediaSuite = true; + officeSuite = true; + pulseaudio = true; + securitySuite = true; + }; + isWorkstation = { + docker = true; + developpement = true; + developpement-elm = true; + developpement-haskell = true; + developpement-java = true; + developpement-rust = true; + }; + #isServer = { + #}; + }; + +in + +with lib; rec{ + # Apply the profiles (pre-defined + custom) to the whole directory + applyProfilesToDirectory = customProfiles: directory: + lib.mapAttrs (applyProfilesToMachine customProfiles) directory; + + # Apply the profiles (pre-defined + custom) to a machine + applyProfilesToMachine = customProfiles: machineName: machineOptions: + { configurationFlags = lib.recursiveUpdate (generateFlagsSet customProfiles machineOptions.profiles) machineOptions.configurationFlags; + configurationOptions = machineOptions.configurationOptions; + profiles = machineOptions.profiles; + }; + + # Generate a set of configuration flags based on profiles + generateFlagsSet = customProfiles: machineProfiles: + let + allProfiles = recursiveUpdate profiles customProfiles; + conditionalFlags = name: value: + if machineProfiles.${name} + then value + else {}; + in + foldr (a: b: a // b) {} (mapAttrsToList conditionalFlags allProfiles); +} diff --git a/module-template.nix b/module-template.nix index c729d46..3cb37ef 100644 --- a/module-template.nix +++ b/module-template.nix @@ -2,9 +2,9 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in mkIf true { @@ -22,4 +22,11 @@ mkIf true { allowedUDPPorts = [ ]; }; +} // { + assertions = [ + { + assertion = true; + message = "Assetion toujours valide."; + } + ]; } diff --git a/onchange b/onchange new file mode 100755 index 0000000..f3d75af --- /dev/null +++ b/onchange @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +EXCLUSION="~$|swp$|swo$" + +while inotifywait --exclude $EXCLUSION -r -e modify . +do + $@ +done diff --git a/options.nix b/options.nix new file mode 100644 index 0000000..97d38da --- /dev/null +++ b/options.nix @@ -0,0 +1,215 @@ +{ config, lib, pkgs, r6d, ... }: +let + inherit (lib) mkEnableOption mkTextOption mkIf mkMerge mkOption singleton types; + + # TODO: Anglish :) + machineOptions = types.submodule { + options = { + + configurationFlags = { + #enable = mkEnableOption "Génération de la configuration d'une machine."; + awesome = mkEnableOption "Profil pour activer le gestionnaire de fenêtre awesome."; + auto-upgrade = mkEnableOption "Profil pour activer les mises à jour automatiques."; + cartographie = mkEnableOption "Profil pour activer les outils de gestion de données géographiques."; + conception-assistee = mkEnableOption "Profil pour activer les outils de conception électronique & modélisation 3D"; + database_postgres = mkEnableOption "Profil pour activer le SGBD PostgreSQL."; + developpement = mkEnableOption "Profil pour activer les outils de développement"; + developpement-elm = mkEnableOption "Profil pour activer les outils de développement Elm"; + developpement-haskell = mkEnableOption "Profil pour activer les outils de développement Haskell"; + developpement-java = mkEnableOption "Profil pour activer les outils de développement Java"; + developpement-rust = mkEnableOption "Profil pour activer les outils de développement Rust"; + docker = mkEnableOption "Profil pour l'utilisation de Docker."; + dovecot = mkEnableOption "Profil pour activer le serveur Dovecot."; + dns_autorite = mkEnableOption "Profil pour servir les fichiers de zone DNS."; + dns_resolveur = mkEnableOption "Profil pour activer un résolveur DNS local."; + edition-musique = mkEnableOption "Profil pour la création/édition de musique."; + edition-photo = mkEnableOption "Profil pour la création/édition de photos."; + edition-video = mkEnableOption "Profil pour la création/édition de video."; + elasticsearch = mkEnableOption "Profil pour activer le service elasticsearch."; + fail2ban = mkEnableOption "Profil pour activer Fail2ban."; + graphical = mkEnableOption "Profil pour activer les applications graphgiques."; + hydra-builder = mkEnableOption "Profil pour une machine qui compile pour hydra."; + hydra-core = mkEnableOption "Profil pour un serveur hydra."; + kibana = mkEnableOption "Profil pour activer le service kibana."; + internetSuite = mkEnableOption "Profil pour la suite de logiciels pour Internet."; + jetbrains-licensed = mkEnableOption "Profil pour la suite de développement Jetbrains payante (sous-ensemble)."; + jeux = mkEnableOption "Profil pour les jeux vidéos."; + laptop = mkEnableOption "Profil pour les outils spécifiques aux ordinateurs portables."; + locate = mkEnableOption "Profil pour activer la fonction locate."; + mailboxes = mkEnableOption "Profil pour stocker les mails dans des boîtes aux lettres."; + multimediaSuite = mkEnableOption "Profil pour la suite multimédia."; + munin = mkEnableOption "Profil pour activer la supervision par Munin"; + murmur = mkEnableOption "Profil pour activer un serveur Mumble (murmur)"; + nixos-manual = mkEnableOption "Profil pour activer la documentation nixos en local sur un TTY"; + nix-serve-server = mkEnableOption "Profil pour que la machine soit un serveur de cache nix."; + nixStoreProxyCache = mkEnableOption "Profil pour activer le proxy cahce nginx pour le nix store"; + officeSuite = mkEnableOption "Profil pour la suite bureautique"; + print = mkEnableOption "Profil pour activer cups & pouvoir imprimer."; + pulseaudio = mkEnableOption "Profil pour activer pulseaudio."; + rabbitmq = mkEnableOption "Profil pour activer le service de messagerie AMQP."; + radio = mkEnableOption "Profil pour activer les outils pour faire de radio numérique - SDR."; + radicale = mkEnableOption "Profil pour activer le service d'hébergement de calendrier + tâches & contacts."; + rmilter = mkEnableOption "Profil pour activer le filtrage de mails par postfix."; + scanner = mkEnableOption "Profil pour que les scanners soient utilisable."; + securitySuite = mkEnableOption "Profil pour la suite de logiciels de sécurité."; + smokeping = mkEnableOption "Profil pour activer le monitoring réseau par smokeping."; + swap = mkEnableOption "Profil pour que le swap soit activé."; + virtualbox = mkEnableOption "Profil pour l'utilisation de VirtualBox."; + xmonad = mkEnableOption "Profil pour activer le gestionnaire de fenêtres xmonad."; + znc = mkEnableOption "Profil pour activer le relais IRC ZNC."; + }; + + configurationOptions = { + + ipAddress = mkOption { + description = "Adresse IP."; + type = lib.types.string; + }; + nix-serve-server = mkEnableOption "nix-serve server."; + nix-serve-client = { + enable = mkEnableOption "nix-serve client"; + servers = mkOption { + default = [ https://cache.nixos.org/ ]; + description = "List of nix-serve servers providing binary caches."; + type = types.listOf types.str; + }; + }; + + tinc = { + enable = mkEnableOption "Enable tinc service."; + dnsFQDN = mkOption { + example = "device.example.net."; + description = "DNS name of host pointing to tunnel IP."; + type = lib.types.string; + }; + connectToAddress = mkOption { + default = ""; + example = "192.168.1.1"; + description = "External address to connect from another node."; + type = lib.types.string; + }; + vpnAddress = mkOption { + example = "192.168.69.69/24"; + description = "VPN local node IP address."; + type = lib.types.string; + }; + vpnCidrLength = mkOption { + default = 24; + example = 24; + description = "VPN netmask length."; + type = lib.types.int; + }; + extraConfig = mkOption { + default = ""; + example = '' + Mode = router + ConnecTo = bar + ''; + description = "Configuration supplémentaire pour tinc."; + type = lib.types.string; + }; + }; + + quagga = { + enable = mkEnableOption "Enable Quagga + BGP service"; + bgpConfig = mkOption { + type = types.lines; + default = ""; + example ='' + router bgp 65001 + neighbor 10.0.0.1 remote-as 65001 + ''; + description = '' + BGP configuration statements. + ''; + }; + }; + + windowsBoot = { + enable = mkEnableOption "Activation du démarrage de Windows par Grub"; + drive = mkOption { + description = "Lecteur sur lequel est présent le système Windows (au format GRUB)"; + type = lib.types.string; + default = "hd0,1"; + }; + }; + windowsMount ={ + enable = mkEnableOption "Montage de la partition data Windows"; + device = mkOption { + description = "Lecteur sur lequel est présent le disque de data Windows"; + type = lib.types.string; + default = "/dev/sda2"; + }; + }; + }; + + profiles = { + # Domaine + isDubronetwork = mkEnableOption "Pour distinguer les machines dubronetwork."; + isDubronetworkServer = mkEnableOption "Pour distinguer les machines dubronetwork avec Server."; + isDubronetworkWorkstation = mkEnableOption "Pour distinguer les machines dubronetwork avec Workstation."; + isPrunetwork = mkEnableOption "Pour distinguer les machines prunetwork."; + isPrunetworkServer = mkEnableOption "Pour distinguer les machines prunetwork avec Server."; + isPrunetworkWorkstation = mkEnableOption "Pour distinguer les machines prunetwork avec Workstation."; + # Utilisation machine + isDesktopEnvironment = mkEnableOption "Pour indiquer une machine avec interface graphique."; + isServer = mkEnableOption "Pour indiquer qu'il s'agit d'un serveur."; + isWorkstation = mkEnableOption "Pour indiquer que la machine sert à travailler."; + }; + }; + }; + + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; +in + +{ + options = { + r6d.machines = mkOption { + type = types.attrsOf machineOptions; + description = '' + Machines directory. + ''; + }; + }; + + config = { + /** + prototype : (expression A ) && tests || !(expression A) -> réalise le test si A est satisfait, et continue sinon = pas de politique + */ + assertions = [ + { + assertion = (currentMachine.profiles.isWorkstation && (currentMachine.configurationFlags.graphical == true)) + || (!currentMachine.profiles.isWorkstation); + message = "A workstation requires a graphical environement."; + } + { + assertion = (currentMachine.profiles.isDesktopEnvironment && (currentMachine.configurationFlags.graphical == true)) + || (!currentMachine.profiles.isDesktopEnvironment); + message = "A desktop station requires a graphical environement."; + } + { + assertion = (currentMachine.profiles.isDesktopEnvironment && (config.services.xserver.enable == true)) + || (!currentMachine.profiles.isDesktopEnvironment); + message = "You need to enable xserver manually."; + } + { + assertion = (currentMachine.profiles.isServer && (currentMachine.profiles.isDesktopEnvironment == false)) + || (!currentMachine.profiles.isServer); + message = "A graphical environment is not required for a server."; + } + { + /* At least one (authorité or resolveur) */ + assertion = flags.dns_autorite || flags.dns_resolveur; + message = "DNS service is disabled. You must enable a dns recursor or autoritative."; + } + { + /* authorité xor resolveur */ + assertion = (flags.dns_autorite && ! flags.dns_resolveur) + || (!flags.dns_autorite && flags.dns_resolveur); + message = "Both authoritative and recursor DNS services can't be live simultaneously. Choose only one!"; + } + ]; + }; +} diff --git a/public/config-awesome-4-rc.lua b/public/config-awesome-4-rc.lua index 042de0c..e9bae9a 100644 --- a/public/config-awesome-4-rc.lua +++ b/public/config-awesome-4-rc.lua @@ -18,9 +18,11 @@ local hotkeys_popup = require("awful.hotkeys_popup").widget -- Check if awesome encountered an error during startup and fell back to -- another config (This code will only ever execute for the fallback config) if awesome.startup_errors then - naughty.notify({ preset = naughty.config.presets.critical, - title = "Oops, there were errors during startup!", - text = awesome.startup_errors }) + naughty.notify({ + preset = naughty.config.presets.critical, + title = "Oops, there were errors during startup!", + text = awesome.startup_errors + }) end -- Handle runtime errors after startup @@ -31,9 +33,11 @@ do if in_error then return end in_error = true - naughty.notify({ preset = naughty.config.presets.critical, - title = "Oops, an error happened!", - text = tostring(err) }) + naughty.notify({ + preset = naughty.config.presets.critical, + title = "Oops, an error happened!", + text = tostring(err) + }) in_error = false end) end @@ -95,20 +99,24 @@ end -- {{{ Menu -- Create a launcher widget and a main menu myawesomemenu = { - { "hotkeys", function() return false, hotkeys_popup.show_help end}, - { "manual", terminal .. " -e man awesome" }, - { "edit config", editor_cmd .. " " .. awesome.conffile }, - { "restart", awesome.restart }, - { "quit", function() awesome.quit() end} + { "hotkeys", function() return false, hotkeys_popup.show_help end}, + { "manual", terminal .. " -e man awesome" }, + { "edit config", editor_cmd .. " " .. awesome.conffile }, + { "restart", awesome.restart }, + { "quit", function() awesome.quit() end} } -mymainmenu = awful.menu({ items = { { "awesome", myawesomemenu, beautiful.awesome_icon }, - { "open terminal", terminal } - } - }) +mymainmenu = awful.menu({ + items = { + { "awesome", myawesomemenu, beautiful.awesome_icon }, + { "open terminal", terminal } + } +}) -mylauncher = awful.widget.launcher({ image = beautiful.awesome_icon, - menu = mymainmenu }) +mylauncher = awful.widget.launcher({ + image = beautiful.awesome_icon, + menu = mymainmenu +}) -- Menubar configuration menubar.utils.terminal = terminal -- Set the terminal for applications that require it @@ -123,46 +131,87 @@ mytextclock = wibox.widget.textclock() -- Create a wibox for each screen and add it local taglist_buttons = awful.util.table.join( - awful.button({ }, 1, function(t) t:view_only() end), - awful.button({ modkey }, 1, function(t) - if client.focus then - client.focus:move_to_tag(t) - end - end), - awful.button({ }, 3, awful.tag.viewtoggle), - awful.button({ modkey }, 3, function(t) - if client.focus then - client.focus:toggle_tag(t) - end - end), - awful.button({ }, 4, function(t) awful.tag.viewnext(t.screen) end), - awful.button({ }, 5, function(t) awful.tag.viewprev(t.screen) end) - ) + awful.button( + { }, + 1, + function(t) t:view_only() end + ), + awful.button( + { modkey }, + 1, + function(t) + if client.focus then + client.focus:move_to_tag(t) + end + end + ), + awful.button( + { }, + 3, + awful.tag.viewtoggle + ), + awful.button( + { modkey }, + 3, + function(t) + if client.focus then + client.focus:toggle_tag(t) + end + end + ), + awful.button( + { }, + 4, + function(t) awful.tag.viewnext(t.screen) end + ), + awful.button( + { }, + 5, + function(t) awful.tag.viewprev(t.screen) end + ) +) local tasklist_buttons = awful.util.table.join( - awful.button({ }, 1, function (c) - if c == client.focus then - c.minimized = true - else - -- Without this, the following - -- :isvisible() makes no sense - c.minimized = false - if not c:isvisible() and c.first_tag then - c.first_tag:view_only() - end - -- This will also un-minimize - -- the client, if needed - client.focus = c - c:raise() - end - end), - awful.button({ }, 3, client_menu_toggle_fn()), - awful.button({ }, 4, function () - awful.client.focus.byidx(1) - end), - awful.button({ }, 5, function () - awful.client.focus.byidx(-1) - end)) + awful.button( + { }, + 1, + function (c) + if c == client.focus then + c.minimized = true + else + -- Without this, the following + -- :isvisible() makes no sense + c.minimized = false + if not c:isvisible() and c.first_tag then + c.first_tag:view_only() + end + -- This will also un-minimize + -- the client, if needed + client.focus = c + c:raise() + end + end + ), + awful.button( + { }, + 3, + client_menu_toggle_fn() + ), + awful.button( + { }, + 4, + function () + awful.client.focus.byidx(1) + end + ), + awful.button( + { }, + 5, + function () + awful.client.focus.byidx(-1) + end + ) +) local function set_wallpaper(s) -- Wallpaper @@ -176,54 +225,119 @@ local function set_wallpaper(s) end end + +local iostat_tooltiptext = "" +-- Widget de monitoring de l'activité des disques https://awesomewm.org/recipes/watch/ +-- disk I/O using iostat from sysstat utilities +local iotable = {} +local iostat = awful.widget.watch("iostat -dm -y 1 1", 2, -- in Kb, use -dm for Mb + function(widget, stdout) + for line in stdout:match("(sd.*)\n"):gmatch("(.-)\n") do + local device, tps, read_s, wrtn_s, read, wrtn = + line:match("(%w+)%s*(%d+,?%d*)%s*(%d+,?%d*)%s*(%d+,?%d*)%s*(%d+,?%d*)%s*(%d+,?%d*)") + -- [1] [2] [3] [4] [5] + iotable[device] = { tps, read_s, wrtn_s, read, wrtn } + end + + local label = "" + for device,values in spairs(iotable) do + label = label..(device..": "..iotable[device][2].." MB_read/s |"..iotable[device][3].." MB_wrtn/s").."\n" + end + iostat_tooltiptext = label + + -- customize here + --widget:set_text("sda: "..iotable["sda"][2].."/"..iotable["sda"][3]) -- read_s/wrtn_s + widget:set_text("iostat") + end +) + +iostat_t = awful.tooltip({ + --objects = { }, + timer_function = function() + return iostat_tooltiptext + end, + }) + +iostat_t:add_to_object(iostat) + +-- tris d'un tableau par la clef https://stackoverflow.com/questions/15706270/sort-a-table-in-lua +function spairs(t, order) + -- collect the keys + local keys = {} + for k in pairs(t) do keys[#keys+1] = k end + + -- if order function given, sort by it by passing the table and keys a, b, + -- otherwise just sort the keys + if order then + table.sort(keys, function(a,b) return order(t, a, b) end) + else + table.sort(keys) + end + + -- return the iterator function + local i = 0 + return function() + i = i + 1 + if keys[i] then + return keys[i], t[keys[i]] + end + end +end + -- Re-set wallpaper when a screen's geometry changes (e.g. different resolution) screen.connect_signal("property::geometry", set_wallpaper) -awful.screen.connect_for_each_screen(function(s) - -- Wallpaper - set_wallpaper(s) - - -- Each screen has its own tag table. - awful.tag({ "1", "2", "3", "4", "5", "6", "7", "8", "9" }, s, awful.layout.layouts[1]) - - -- Create a promptbox for each screen - s.mypromptbox = awful.widget.prompt() - -- Create an imagebox widget which will contains an icon indicating which layout we're using. - -- We need one layoutbox per screen. - s.mylayoutbox = awful.widget.layoutbox(s) - s.mylayoutbox:buttons(awful.util.table.join( - awful.button({ }, 1, function () awful.layout.inc( 1) end), - awful.button({ }, 3, function () awful.layout.inc(-1) end), - awful.button({ }, 4, function () awful.layout.inc( 1) end), - awful.button({ }, 5, function () awful.layout.inc(-1) end))) - -- Create a taglist widget - s.mytaglist = awful.widget.taglist(s, awful.widget.taglist.filter.all, taglist_buttons) - - -- Create a tasklist widget - s.mytasklist = awful.widget.tasklist(s, awful.widget.tasklist.filter.currenttags, tasklist_buttons) - - -- Create the wibox - s.mywibox = awful.wibar({ position = "top", screen = s }) - - -- Add widgets to the wibox - s.mywibox:setup { - layout = wibox.layout.align.horizontal, - { -- Left widgets - layout = wibox.layout.fixed.horizontal, - mylauncher, - s.mytaglist, - s.mypromptbox, - }, - s.mytasklist, -- Middle widget - { -- Right widgets - layout = wibox.layout.fixed.horizontal, - mykeyboardlayout, - wibox.widget.systray(), - mytextclock, - s.mylayoutbox, - }, - } -end) +awful.screen.connect_for_each_screen( + function(s) + -- Wallpaper + set_wallpaper(s) + + -- Each screen has its own tag table. + awful.tag({ "1", "2", "3", "4", "5", "6", "7", "8", "9" }, s, awful.layout.layouts[1]) + + -- Create a promptbox for each screen + s.mypromptbox = awful.widget.prompt() + -- Create an imagebox widget which will contains an icon indicating which layout we're using. + -- We need one layoutbox per screen. + s.mylayoutbox = awful.widget.layoutbox(s) + s.mylayoutbox:buttons(awful.util.table.join( + awful.button({ }, 1, function () awful.layout.inc( 1) end), + awful.button({ }, 3, function () awful.layout.inc(-1) end), + awful.button({ }, 4, function () awful.layout.inc( 1) end), + awful.button({ }, 5, function () awful.layout.inc(-1) end) + )) + -- Create a taglist widget + s.mytaglist = awful.widget.taglist(s, awful.widget.taglist.filter.all, taglist_buttons) + + -- Create a tasklist widget + s.mytasklist = awful.widget.tasklist(s, awful.widget.tasklist.filter.currenttags, tasklist_buttons) + + -- Create the wibox + s.mywibox = awful.wibar({ position = "top", screen = s }) + + -- Add widgets to the wibox + s.mywibox:setup { + layout = wibox.layout.align.horizontal, + { -- Left widgets + layout = wibox.layout.fixed.horizontal, + mylauncher, + s.mytaglist, + s.mypromptbox + }, + s.mytasklist, -- Middle widget + { -- Right widgets + layout = wibox.layout.fixed.horizontal, + wibox.widget.textbox(' | '), + iostat, + wibox.widget.textbox(' | '), + mykeyboardlayout, + wibox.widget.systray(), + mytextclock, + s.mylayoutbox + } + } + end +) -- }}} -- {{{ Mouse bindings @@ -236,207 +350,153 @@ root.buttons(awful.util.table.join( -- {{{ Key bindings globalkeys = awful.util.table.join( - awful.key({ modkey, }, "s", hotkeys_popup.show_help, - {description="show help", group="awesome"}), - awful.key({ modkey, }, "Left", awful.tag.viewprev, - {description = "view previous", group = "tag"}), - awful.key({ modkey, }, "Right", awful.tag.viewnext, - {description = "view next", group = "tag"}), - awful.key({ modkey, }, "Escape", awful.tag.history.restore, - {description = "go back", group = "tag"}), - - awful.key({ modkey, }, "j", - function () - awful.client.focus.byidx( 1) - end, - {description = "focus next by index", group = "client"} - ), - awful.key({ modkey, }, "k", - function () - awful.client.focus.byidx(-1) - end, - {description = "focus previous by index", group = "client"} - ), - awful.key({ modkey, }, "w", function () mymainmenu:show() end, - {description = "show main menu", group = "awesome"}), + awful.key({ modkey, }, "s", hotkeys_popup.show_help, {description="show help", group="awesome"}), + awful.key({ modkey, }, "Left", awful.tag.viewprev, {description = "view previous", group = "tag"}), + awful.key({ modkey, }, "Right", awful.tag.viewnext, {description = "view next", group = "tag"}), + awful.key({ modkey, }, "Escape", awful.tag.history.restore, {description = "go back", group = "tag"}), + + awful.key({ modkey, }, "j", function () awful.client.focus.byidx( 1) end, {description = "focus next by index", group = "client"}), + awful.key({ modkey, }, "k", function () awful.client.focus.byidx(-1) end, {description = "focus previous by index", group = "client"}), + awful.key({ modkey, }, "w", function () mymainmenu:show() end, {description = "show main menu", group = "awesome"}), -- Layout manipulation - awful.key({ modkey, "Shift" }, "j", function () awful.client.swap.byidx( 1) end, - {description = "swap with next client by index", group = "client"}), - awful.key({ modkey, "Shift" }, "k", function () awful.client.swap.byidx( -1) end, - {description = "swap with previous client by index", group = "client"}), - awful.key({ modkey, "Control" }, "j", function () awful.screen.focus_relative( 1) end, - {description = "focus the next screen", group = "screen"}), - awful.key({ modkey, "Control" }, "k", function () awful.screen.focus_relative(-1) end, - {description = "focus the previous screen", group = "screen"}), - awful.key({ modkey, }, "u", awful.client.urgent.jumpto, - {description = "jump to urgent client", group = "client"}), - awful.key({ modkey, }, "Tab", - function () - awful.client.focus.history.previous() - if client.focus then - client.focus:raise() - end - end, - {description = "go back", group = "client"}), + awful.key({ modkey, "Shift" }, "j", function () awful.client.swap.byidx( 1) end, {description = "swap with next client by index", group = "client"}), + awful.key({ modkey, "Shift" }, "k", function () awful.client.swap.byidx( -1) end, {description = "swap with previous client by index", group = "client"}), + awful.key({ modkey, "Control" }, "j", function () awful.screen.focus_relative( 1) end, {description = "focus the next screen", group = "screen"}), + awful.key({ modkey, "Control" }, "k", function () awful.screen.focus_relative(-1) end, {description = "focus the previous screen", group = "screen"}), + awful.key({ modkey, }, "u", awful.client.urgent.jumpto, {description = "jump to urgent client", group = "client"}), + awful.key({ modkey, }, "Tab", function () awful.client.focus.history.previous() if client.focus then client.focus:raise() end end, + {description = "go back", group = "client"}), -- Standard program - awful.key({ modkey, }, "Return", function () awful.spawn(terminal) end, - {description = "open a terminal", group = "launcher"}), - awful.key({ modkey, "Control" }, "r", awesome.restart, - {description = "reload awesome", group = "awesome"}), - awful.key({ modkey, "Shift" }, "q", awesome.quit, - {description = "quit awesome", group = "awesome"}), - - awful.key({ modkey, }, "l", function () awful.tag.incmwfact( 0.05) end, - {description = "increase master width factor", group = "layout"}), - awful.key({ modkey, }, "h", function () awful.tag.incmwfact(-0.05) end, - {description = "decrease master width factor", group = "layout"}), - awful.key({ modkey, "Shift" }, "h", function () awful.tag.incnmaster( 1, nil, true) end, - {description = "increase the number of master clients", group = "layout"}), - awful.key({ modkey, "Shift" }, "l", function () awful.tag.incnmaster(-1, nil, true) end, - {description = "decrease the number of master clients", group = "layout"}), - awful.key({ modkey, "Control" }, "h", function () awful.tag.incncol( 1, nil, true) end, - {description = "increase the number of columns", group = "layout"}), - awful.key({ modkey, "Control" }, "l", function () awful.tag.incncol(-1, nil, true) end, - {description = "decrease the number of columns", group = "layout"}), - awful.key({ modkey, }, "space", function () awful.layout.inc( 1) end, - {description = "select next", group = "layout"}), - awful.key({ modkey, "Shift" }, "space", function () awful.layout.inc(-1) end, - {description = "select previous", group = "layout"}), - - awful.key({ modkey, "Control" }, "n", - function () - local c = awful.client.restore() - -- Focus restored client - if c then - client.focus = c - c:raise() - end - end, - {description = "restore minimized", group = "client"}), + awful.key({ modkey, }, "Return", function () awful.spawn(terminal) end, {description = "open a terminal", group = "launcher"}), + awful.key({ modkey, "Control" }, "r", awesome.restart, {description = "reload awesome", group = "awesome"}), + awful.key({ modkey, "Shift" }, "q", awesome.quit, {description = "quit awesome", group = "awesome"}), + awful.key({ modkey, }, "l", function () awful.tag.incmwfact( 0.05) end, {description = "increase master width factor", group = "layout"}), + awful.key({ modkey, }, "h", function () awful.tag.incmwfact(-0.05) end, {description = "decrease master width factor", group = "layout"}), + awful.key({ modkey, "Shift" }, "h", function () awful.tag.incnmaster( 1, nil, true) end, {description = "increase the number of master clients", group = "layout"}), + awful.key({ modkey, "Shift" }, "l", function () awful.tag.incnmaster(-1, nil, true) end, {description = "decrease the number of master clients", group = "layout"}), + awful.key({ modkey, "Control" }, "h", function () awful.tag.incncol( 1, nil, true) end, {description = "increase the number of columns", group = "layout"}), + awful.key({ modkey, "Control" }, "l", function () awful.tag.incncol(-1, nil, true) end, {description = "decrease the number of columns", group = "layout"}), + awful.key({ modkey, }, "space", function () awful.layout.inc( 1) end, {description = "select next", group = "layout"}), + awful.key({ modkey, "Shift" }, "space", function () awful.layout.inc(-1) end, {description = "select previous", group = "layout"}), + + awful.key({ modkey, "Control" }, "n", function () local c = awful.client.restore() --[[ Focus restored client ]] if c then client.focus = c c:raise() end end, + {description = "restore minimized", group = "client"}), -- Prompt - awful.key({ modkey }, "r", function () awful.screen.focused().mypromptbox:run() end, - {description = "run prompt", group = "launcher"}), + awful.key({ modkey }, "r", function () awful.screen.focused().mypromptbox:run() end, {description = "run prompt", group = "launcher"}), awful.key({ modkey }, "x", - function () - awful.prompt.run { - prompt = "Run Lua code: ", - textbox = awful.screen.focused().mypromptbox.widget, - exe_callback = awful.util.eval, - history_path = awful.util.get_cache_dir() .. "/history_eval" - } - end, - {description = "lua execute prompt", group = "awesome"}), + function () + awful.prompt.run { + prompt = "Run Lua code: ", + textbox = awful.screen.focused().mypromptbox.widget, + exe_callback = awful.util.eval, + history_path = awful.util.get_cache_dir() .. "/history_eval" + } + end, + {description = "lua execute prompt", group = "awesome"}), -- Menubar - awful.key({ modkey }, "p", function() menubar.show() end, - {description = "show the menubar", group = "launcher"}), - -- Lanceurs perso - awful.key({ modkey }, "F1", function () awful.util.spawn("firefox") end), - awful.key({ modkey }, "F2", function () awful.util.spawn("firefox") end), --- awful.key({ modkey }, "F3", function () awful.util.spawn("") end), - awful.key({ modkey }, "F4", function () awful.util.spawn("chromium") end), - awful.key({ modkey }, "F5", function () awful.util.spawn("spacefm") end), - awful.key({ modkey }, "F6", function () awful.util.spawn("vlc") end), - awful.key({ modkey }, "F7", function () awful.util.spawn("claws-mail") end), - awful.key({ modkey }, "F12", function () awful.util.spawn("slock") end), - awful.key({ modkey, "Shift" }, "F1", function () awful.util.spawn("claws-mail") end), - awful.key({ modkey, "Shift" }, "F3", function () awful.util.spawn("pcmanfm") end), - awful.key({ modkey }, "F10", function () awful.util.spawn("xrandr-auto-2") end), - awful.key({ modkey }, "F11", function () awful.util.spawn("xrandr-auto") end) --- awful.key({ modkey, "Shift" }, "F11", function () awful.util.spawn("/home/taeradan/bin/xrandr-left") end), --- awful.key({ modkey, "Control" }, "F11", function () awful.util.spawn("/home/taeradan/bin/xrandr-right") end), + awful.key({ modkey }, "p", function() menubar.show() end, {description = "show the menubar", group = "launcher"}), + -- Lanceurs perso + awful.key({ modkey }, "F1", function () awful.util.spawn("firefox") end, {description = "Lance Firefox", group = "Lanceurs personnels"}), + awful.key({ modkey }, "F2", function () awful.util.spawn("firefox") end, {description = "Lance Firefox", group = "Lanceurs personnels"}), + awful.key({ modkey }, "F3", function () awful.util.spawn("gqrx") end, {description = "Lance gqrx", group = "Lanceurs personnels"}), + awful.key({ modkey }, "F4", function () awful.util.spawn("chromium") end, {description = "Lance Chromium", group = "Lanceurs personnels"}), + awful.key({ modkey }, "F5", function () awful.util.spawn("spacefm") end, {description = "Lance spacefm", group = "Lanceurs personnels"}), + awful.key({ modkey }, "F6", function () awful.util.spawn("vlc") end, {description = "Lance vlc", group = "Lanceurs personnels"}), + awful.key({ modkey }, "F7", function () awful.util.spawn("claws-mail") end, {description = "Lance claws", group = "Lanceurs personnels"}), + awful.key({ modkey }, "F11", function () awful.util.spawn("xrandr-auto") end, {description = "Lance le script xrandr-auto", group = "Lanceurs personnels"}), + awful.key({ modkey }, "F12", function () awful.util.spawn("slock") end, {description = "Verouille la session avec slock", group = "Lanceurs personnels"}), + awful.key({ modkey, "Shift" }, "F1", function () awful.util.spawn("claws-mail") end, {description = "Lance claws", group = "Lanceurs personnels"}), + awful.key({ modkey, "Shift" }, "F3", function () awful.util.spawn("pcmanfm") end, {description = "Lance pcmanfm", group = "Lanceurs personnels"}), + awful.key({ modkey, "Shift" }, "F6", function () awful.util.spawn("clementine") end, {description = "Lance clementine", group = "Lanceurs personnels"}), + awful.key({ modkey, "Shift" }, "F11", function () awful.util.spawn("xrandr-auto-2") end, {description = "Lance le script xrandr-auto-2", group = "Lanceurs personnels"}) + -- awful.key({ modkey, "Shift" }, "F11", function () awful.util.spawn("/home/taeradan/bin/xrandr-left") end), + -- awful.key({ modkey, "Control" }, "F11", function () awful.util.spawn("/home/taeradan/bin/xrandr-right") end), ) clientkeys = awful.util.table.join( - awful.key({ modkey, }, "f", - function (c) - c.fullscreen = not c.fullscreen - c:raise() - end, - {description = "toggle fullscreen", group = "client"}), - awful.key({ modkey, "Shift" }, "c", function (c) c:kill() end, - {description = "close", group = "client"}), - awful.key({ modkey, "Control" }, "space", awful.client.floating.toggle , - {description = "toggle floating", group = "client"}), - awful.key({ modkey, "Control" }, "Return", function (c) c:swap(awful.client.getmaster()) end, - {description = "move to master", group = "client"}), - awful.key({ modkey, }, "o", function (c) c:move_to_screen() end, - {description = "move to screen", group = "client"}), - awful.key({ modkey, }, "t", function (c) c.ontop = not c.ontop end, - {description = "toggle keep on top", group = "client"}), - awful.key({ modkey, }, "n", - function (c) - -- The client currently has the input focus, so it cannot be - -- minimized, since minimized clients can't have the focus. - c.minimized = true - end , - {description = "minimize", group = "client"}), - awful.key({ modkey, }, "m", - function (c) - c.maximized = not c.maximized - c:raise() - end , - {description = "maximize", group = "client"}) + awful.key({ modkey, }, "f", function (c) c.fullscreen = not c.fullscreen c:raise() end, {description = "toggle fullscreen", group = "client"}), + awful.key({ modkey, "Shift" }, "c", function (c) c:kill() end, {description = "close", group = "client"}), + awful.key({ modkey, "Control" }, "space", awful.client.floating.toggle , {description = "toggle floating", group = "client"}), + awful.key({ modkey, "Control" }, "Return", function (c) c:swap(awful.client.getmaster()) end, {description = "move to master", group = "client"}), + awful.key({ modkey, }, "o", function (c) c:move_to_screen() end, {description = "move to screen", group = "client"}), + awful.key({ modkey, }, "t", function (c) c.ontop = not c.ontop end, {description = "toggle keep on top", group = "client"}), + awful.key({ modkey, }, "n", function (c) --[[ The client currently has the input focus, so it cannot be minimized, since minimized clients can't have the focus. ]] c.minimized = true end , + {description = "minimize", group = "client"}), + awful.key({ modkey, }, "m", function (c) c.maximized = not c.maximized c:raise() end , {description = "maximize", group = "client"}) ) -- Bind all key numbers to tags. -- Be careful: we use keycodes to make it works on any keyboard layout. -- This should map on the top row of your keyboard, usually 1 to 9. for i = 1, 9 do - globalkeys = awful.util.table.join(globalkeys, + globalkeys = awful.util.table.join( + globalkeys, -- View tag only. - awful.key({ modkey }, "#" .. i + 9, - function () - local screen = awful.screen.focused() - local tag = screen.tags[i] - if tag then - tag:view_only() - end - end, - {description = "view tag #"..i, group = "tag"}), + awful.key( + { modkey }, + "#" .. i + 9, + function () + local screen = awful.screen.focused() + local tag = screen.tags[i] + if tag then + tag:view_only() + end + end, + {description = "view tag #"..i, group = "tag"} + ), -- Toggle tag display. - awful.key({ modkey, "Control" }, "#" .. i + 9, - function () - local screen = awful.screen.focused() - local tag = screen.tags[i] - if tag then - awful.tag.viewtoggle(tag) - end - end, - {description = "toggle tag #" .. i, group = "tag"}), + awful.key( + { modkey, "Control" }, + "#" .. i + 9, + function () + local screen = awful.screen.focused() + local tag = screen.tags[i] + if tag then + awful.tag.viewtoggle(tag) + end + end, + {description = "toggle tag #" .. i, group = "tag"} + ), -- Move client to tag. - awful.key({ modkey, "Shift" }, "#" .. i + 9, - function () - if client.focus then - local tag = client.focus.screen.tags[i] - if tag then - client.focus:move_to_tag(tag) - end - end - end, - {description = "move focused client to tag #"..i, group = "tag"}), + awful.key( + { modkey, "Shift" }, + "#" .. i + 9, + function () + if client.focus then + local tag = client.focus.screen.tags[i] + if tag then + client.focus:move_to_tag(tag) + end + end + end, + {description = "move focused client to tag #"..i, group = "tag"} + ), -- Toggle tag on focused client. - awful.key({ modkey, "Control", "Shift" }, "#" .. i + 9, - function () - if client.focus then - local tag = client.focus.screen.tags[i] - if tag then - client.focus:toggle_tag(tag) - end - end - end, - {description = "toggle focused client on tag #" .. i, group = "tag"}) + awful.key( + { modkey, "Control", "Shift" }, + "#" .. i + 9, + function () + if client.focus then + local tag = client.focus.screen.tags[i] + if tag then + client.focus:toggle_tag(tag) + end + end + end, + {description = "toggle focused client on tag #" .. i, group = "tag"} + ) ) end clientbuttons = awful.util.table.join( - awful.button({ }, 1, function (c) client.focus = c; c:raise() end), - awful.button({ modkey }, 1, awful.mouse.client.move), - awful.button({ modkey }, 3, awful.mouse.client.resize)) +awful.button({ }, 1, function (c) client.focus = c; c:raise() end), +awful.button({ modkey }, 1, awful.mouse.client.move), +awful.button({ modkey }, 3, awful.mouse.client.resize)) -- Set keys root.keys(globalkeys) @@ -446,119 +506,142 @@ root.keys(globalkeys) -- Rules to apply to new clients (through the "manage" signal). awful.rules.rules = { -- All clients will match this rule. - { rule = { }, - properties = { border_width = beautiful.border_width, - border_color = beautiful.border_normal, - focus = awful.client.focus.filter, - raise = true, - keys = clientkeys, - buttons = clientbuttons, - screen = awful.screen.preferred, - placement = awful.placement.no_overlap+awful.placement.no_offscreen - } - }, - - -- Floating clients. - { rule_any = { - instance = { - "DTA", -- Firefox addon DownThemAll. - "copyq", -- Includes session name in class. - }, - class = { - "Arandr", - "Gpick", - "Kruler", - "MessageWin", -- kalarm. - "Sxiv", - "Wpa_gui", - "pinentry", - "veromix", - "xtightvncviewer"}, - - name = { - "Event Tester", -- xev. - }, - role = { - "AlarmWindow", -- Thunderbird's calendar. - "pop-up", -- e.g. Google Chrome's (detached) Developer Tools. - } - }, properties = { floating = true }}, - - -- Add titlebars to normal clients and dialogs - { rule_any = {type = { "normal", "dialog" } - }, properties = { titlebars_enabled = false } - }, - - -- Set Firefox to always map on the tag named "2" on screen 1. - -- { rule = { class = "Firefox" }, - -- properties = { screen = 1, tag = "2" } }, + { + rule = { }, + properties = { + border_width = beautiful.border_width, + border_color = beautiful.border_normal, + focus = awful.client.focus.filter, + raise = true, + keys = clientkeys, + buttons = clientbuttons, + screen = awful.screen.preferred, + placement = awful.placement.no_overlap+awful.placement.no_offscreen + } + }, + -- Floating clients. + { + rule_any = { + instance = { + "DTA", -- Firefox addon DownThemAll. + "copyq", -- Includes session name in class. + }, + class = { + "Arandr", + "Gpick", + "Kruler", + "MessageWin", -- kalarm. + "Sxiv", + "Wpa_gui", + "pinentry", + "veromix", + "xtightvncviewer" + }, + name = { + "Event Tester", -- xev. + }, + role = { + "AlarmWindow", -- Thunderbird's calendar. + "pop-up", -- e.g. Google Chrome's (detached) Developer Tools. + } + }, + properties = { floating = true } + }, + + -- Add titlebars to normal clients and dialogs + { + rule_any = { + type = { "normal", "dialog" } + }, + properties = { titlebars_enabled = false } + }, + + -- Set Firefox to always map on the tag named "2" on screen 1. + -- { rule = { class = "Firefox" }, + -- properties = { screen = 1, tag = "2" } }, } -- }}} -- {{{ Signals -- Signal function to execute when a new client appears. -client.connect_signal("manage", function (c) - -- Set the windows at the slave, - -- i.e. put it at the end of others instead of setting it master. - -- if not awesome.startup then awful.client.setslave(c) end - - if awesome.startup and - not c.size_hints.user_position - and not c.size_hints.program_position then - -- Prevent clients from being unreachable after screen count changes. - awful.placement.no_offscreen(c) +client.connect_signal( + "manage", + function (c) + --[[ Set the windows at the slave, i.e. put it at the end of others instead of setting it master.]] + -- if not awesome.startup then awful.client.setslave(c) end + + if awesome.startup and + not c.size_hints.user_position + and not c.size_hints.program_position then + --[[ Prevent clients from being unreachable after screen count changes.]] + awful.placement.no_offscreen(c) + end end -end) +) -- Add a titlebar if titlebars_enabled is set to true in the rules. -client.connect_signal("request::titlebars", function(c) - -- buttons for the titlebar - local buttons = awful.util.table.join( - awful.button({ }, 1, function() - client.focus = c - c:raise() - awful.mouse.client.move(c) - end), - awful.button({ }, 3, function() - client.focus = c - c:raise() - awful.mouse.client.resize(c) - end) - ) - - awful.titlebar(c) : setup { - { -- Left - awful.titlebar.widget.iconwidget(c), - buttons = buttons, - layout = wibox.layout.fixed.horizontal - }, - { -- Middle - { -- Title - align = "center", - widget = awful.titlebar.widget.titlewidget(c) +client.connect_signal( + "request::titlebars", + function(c) + -- buttons for the titlebar + local buttons = awful.util.table.join( + awful.button( + { }, + 1, + function() + client.focus = c + c:raise() + awful.mouse.client.move(c) + end + ), + awful.button( + { }, + 3, + function() + client.focus = c + c:raise() + awful.mouse.client.resize(c) + end + ) + ) + + awful.titlebar(c) : setup { + { -- Left + awful.titlebar.widget.iconwidget(c), + buttons = buttons, + layout = wibox.layout.fixed.horizontal }, - buttons = buttons, - layout = wibox.layout.flex.horizontal - }, - { -- Right - awful.titlebar.widget.floatingbutton (c), - awful.titlebar.widget.maximizedbutton(c), - awful.titlebar.widget.stickybutton (c), - awful.titlebar.widget.ontopbutton (c), - awful.titlebar.widget.closebutton (c), - layout = wibox.layout.fixed.horizontal() - }, - layout = wibox.layout.align.horizontal - } -end) + { -- Middle + { -- Title + align = "center", + widget = awful.titlebar.widget.titlewidget(c) + }, + buttons = buttons, + layout = wibox.layout.flex.horizontal + }, + { -- Right + awful.titlebar.widget.floatingbutton (c), + awful.titlebar.widget.maximizedbutton(c), + awful.titlebar.widget.stickybutton (c), + awful.titlebar.widget.ontopbutton (c), + awful.titlebar.widget.closebutton (c), + layout = wibox.layout.fixed.horizontal() + }, + layout = wibox.layout.align.horizontal + } + end +) -- Enable sloppy focus, so that focus follows mouse. -client.connect_signal("mouse::enter", function(c) - if awful.layout.get(c.screen) ~= awful.layout.suit.magnifier +client.connect_signal( + "mouse::enter", + function(c) + if awful.layout.get(c.screen) ~= awful.layout.suit.magnifier and awful.client.focus.filter(c) then - client.focus = c + client.focus = c + end end -end) +) client.connect_signal("focus", function(c) c.border_color = beautiful.border_focus end) client.connect_signal("unfocus", function(c) c.border_color = beautiful.border_normal end) diff --git a/services/dbus.nix b/services/dbus.nix new file mode 100644 index 0000000..78faab8 --- /dev/null +++ b/services/dbus.nix @@ -0,0 +1,13 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkMerge mkThenElse; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; +in + +mkIf true { + # Lancement de dbus pour les utilisateurs + services.dbus.socketActivated = true; +} diff --git a/services/default.nix b/services/default.nix index c2eb2f3..8f86e92 100644 --- a/services/default.nix +++ b/services/default.nix @@ -2,34 +2,39 @@ let #inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in { imports = [ # installées systématiquement + ./dbus.nix + ./gpm.nix ./haveged.nix ./monitoring-munin.nix ./ssh.nix + ./yubikey.nix # commandées par config-generator ## option de configuration spécifique - ./print.nix # configuration de base de cups - ./docker.nix # activer docker + ./print.nix # configuration de base de cups + ./docker.nix # activer docker ./elasticsearch.nix # service de stockage et recher de données ./hoogle.nix # service hoogle pour haskell ./hydra-build.nix # service de construction de paquet. -> la machine compile des paquets ./hydra-core.nix # service pour l'instance d'hydra ./kibana.nix # service de visualisation de données stockées dans elasticsearch - ./locate.nix # service locate - ./virtualbox.nix # activer virtualbox - ./xmonad/xmonad.nix # pour le gestionaire de fenêtre xmonad + # TODO: réactiver locate + #./locate.nix # service locate + ./nixos-manual.nix # documentation nixos sur TTY + ./virtualbox.nix # activer virtualbox + ./xmonad/xmonad.nix # pour le gestionaire de fenêtre xmonad ## if isDesktop ./pulseaudio.nix # activation du serveur audio - ./scanner.nix # utilisation d'un scanner + ./scanner.nix # utilisation d'un scanner ./x11.nix # activation du serveur graphique X ]; } diff --git a/services/docker.nix b/services/docker.nix index b9594ac..9663f89 100644 --- a/services/docker.nix +++ b/services/docker.nix @@ -2,18 +2,18 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.docker { +mkIf flags.docker { # Paquets environment.systemPackages = with pkgs; [ # Ecosystème Docker docker - python27Packages.docker_compose + python36Packages.docker_compose ]; virtualisation.docker.enable = true; diff --git a/services/elasticsearch.nix b/services/elasticsearch.nix index f0718dc..f3f4974 100644 --- a/services/elasticsearch.nix +++ b/services/elasticsearch.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.elasticsearch { +mkIf flags.elasticsearch { # Paquets environment.systemPackages = with pkgs; [ diff --git a/services/gpm.nix b/services/gpm.nix new file mode 100644 index 0000000..6bbcb44 --- /dev/null +++ b/services/gpm.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkMerge mkThenElse; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; +in + +mkIf true { + + # prise en charge de la souris en console + services.gpm.enable = true; +} diff --git a/services/haveged.nix b/services/haveged.nix index 851b125..35a272c 100644 --- a/services/haveged.nix +++ b/services/haveged.nix @@ -2,9 +2,9 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in mkIf true { diff --git a/services/hoogle.nix b/services/hoogle.nix index 83f39a7..cb8760f 100644 --- a/services/hoogle.nix +++ b/services/hoogle.nix @@ -2,15 +2,15 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.developpement-haskell { +mkIf flags.developpement-haskell { services.hoogle = { enable = true; - # port 8080 + port = 10080; }; } diff --git a/services/hydra-build.nix b/services/hydra-build.nix index 3233fb6..42aeb13 100644 --- a/services/hydra-build.nix +++ b/services/hydra-build.nix @@ -2,31 +2,40 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in # TODO: ménage -mkIf cfg.hydra-builder { +mkIf flags.hydra-builder { # Paquets environment.systemPackages = with pkgs; [ - qemu kvm + qemu + virtualbox ]; # Services ## Services de virtualisation utilisé pour les tests hydra - virtualisation.docker.enable = true; - virtualisation.libvirtd.enable = true; - virtualisation.libvirtd.enableKVM = true; - #virtualisation.virtualbox.guest.enable = true; - virtualisation.virtualbox.host.enable = true; - virtualisation.virtualbox.host.headless = true; + virtualisation = { + docker.enable = true; + libvirtd = { + enable = true; + }; + virtualbox = { + #guest.enable = true; + host.enable = true; + host.headless = true; + }; + }; - ## Ménage automatique tous les jours - nix.gc.automatic = true; + ## Ménage automatique tous les jours - Frequent garbage collection is a good idea for build machines. + nix.gc = { + automatic = true; + dates = "*:0/30"; + }; # users.users."hydrabld" = { # description = "Execution des jobs hydra"; diff --git a/services/hydra-core.nix b/services/hydra-core.nix index a145991..0688dfd 100644 --- a/services/hydra-core.nix +++ b/services/hydra-core.nix @@ -2,9 +2,9 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; #### https://github.com/NixOS/hydra/issues/413 @@ -23,7 +23,7 @@ let # hydra-queue-runner --status | json_pp in # TODO: passe de ménage -mkIf cfg.hydra-core { +mkIf flags.hydra-core { # Paquets environment.systemPackages = with pkgs; [ @@ -76,7 +76,7 @@ mkIf cfg.hydra-core { ### Machines connues programs.ssh.knownHosts = { - "hydra.prunetwork.fr".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHqja/yYsQeS5amZKPUG+EKSIkjEN6fYW54Fzvj1pFaP"; + "hydra.prunetwork.fr".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDYrZu31+/ybhel7LNPNgsALEoMHwTc1OiTcmJnXZ3He"; "monstre.dubronetwork.fr".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTTrLhq1Cwm0rpnwEIxSLqVrJWZnt+/9dt+SKd8NiIc"; "pedro.dubronetwork.fr".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM7fjo2ysLqlfSo6BKnc6I6m1ayoPrbwEEyTKZmUzsOD"; "ocean.prunetwork.fr".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINCaRuTl8iCTUE4XInOpkSlwQj5Re4w4Iq+gNIlJe8pA"; diff --git a/services/kibana.nix b/services/kibana.nix index 5b8d300..b002ef3 100644 --- a/services/kibana.nix +++ b/services/kibana.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.kibana { +mkIf flags.kibana { # Paquets environment.systemPackages = with pkgs; [ diff --git a/services/locate.nix b/services/locate.nix index 73f43f3..adac879 100644 --- a/services/locate.nix +++ b/services/locate.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.locate { +mkIf flags.locate { # Services services.locate = { diff --git a/services/monitoring-munin.nix b/services/monitoring-munin.nix index d8e6835..ebde24e 100644 --- a/services/monitoring-munin.nix +++ b/services/monitoring-munin.nix @@ -2,14 +2,13 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -# TODO: ajouter option # TODO: changer adresse mail -mkIf true { +mkIf flags.munin { # Paquets environment.systemPackages = with pkgs; [ @@ -22,11 +21,26 @@ mkIf true { ## Noeud de supervision munin = pas de stockage des données locales services.munin-node = { enable = true; + extraConfig = '' + # Ignore the apc_nis plugin, as it throws errors as I don't have an UPS. + # It's there because munin-node-configure is called with the contrib group, + # and the plugin has no method to check whether there's a compatible UPS available. + ignore_file ^apc_nis$ + + ignore_file ^sensors_-wrapped$ + ignore_file ^.sensors_-wrapped$ + ''; }; systemd.services.munin-node = { path = with pkgs; [ munin lm_sensors ]; serviceConfig.TimeoutStartSec = "3min"; }; + users.extraUsers.munin = { + #extraGroups = [ "postfix" "root" ]; + extraGroups = [ "postfix" ]; + }; + + # chmod a+rX -Rv /var/lib/postfix/queue/ ## Munin server -- generate /var/www/munin services.munin-cron = { @@ -34,9 +48,22 @@ mkIf true { hosts = '' [${config.networking.hostName}] address 127.0.0.1 + df._dev_sda2.warning 35 + use_node_name yes + #contacts syslog + contacts email ''; + # http://sametmax.com/monitorez-vos-serveurs-avec-munin-et-notifications-par-email/ + # http://guide.munin-monitoring.org/en/latest/tutorial/alert.html#syntax-of-warning-and-critical extraGlobalConfig = '' - contact.email.command ${pkgs.mutt}/bin/mutt -F /etc/nixos/base/public/services/munin-muttrc -s "Munin notification for ''${var:host}" jean-pierre@ocean.prunetwork.fr + #--- + #contact.email.command ${pkgs.mutt}/bin/mutt -F /etc/nixos/base/services/munin-muttrc -s "Munin notification for ${config.networking.hostName}" root@ocean.prunetwork.fr + contact.email.command /run/current-system/sw/bin/mutt -F /etc/nixos/base/services/munin-muttrc -s "Munin notification for ${config.networking.hostName}" root@ocean.prunetwork.fr + contact.syslog.command /run/current-system/sw/bin/logger -p user.crit -t "Munin notification for ${config.networking.hostName}" + + #--- + contact.email.always_send ok,warning,critical,unknown + contact.syslog.always_send ok,warning,critical,unknown ''; }; diff --git a/services/nixos-manual.nix b/services/nixos-manual.nix new file mode 100644 index 0000000..fe7227a --- /dev/null +++ b/services/nixos-manual.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkMerge mkThenElse; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; +in + +mkIf flags.nixos-manual { + + # Paquets + environment.systemPackages = with pkgs; [ + bc + mailutils + ]; + + # Services + + ## documentation sur ctrl + alt + F8 + services.nixosManual = { + enable = true; + showManual = true; + }; + + # Réseau + networking.firewall = { + allowedTCPPorts = [ + ]; + allowedUDPPorts = [ + ]; + }; +} diff --git a/services/print.nix b/services/print.nix index de71ef2..1362bac 100644 --- a/services/print.nix +++ b/services/print.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.print { +mkIf flags.print { # Services ## Enable CUPS to print documents. diff --git a/services/pulseaudio.nix b/services/pulseaudio.nix index cec8b10..98c1445 100644 --- a/services/pulseaudio.nix +++ b/services/pulseaudio.nix @@ -2,12 +2,21 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.pulseaudio { +mkIf flags.pulseaudio { + + # Notes + # commande pour lister les cartes son : pacmd list-cards + + # Paquets + environment.systemPackages = with pkgs; [ + paprefs # préferences pulseaudio + pavucontrol # mixer pulseaudio + ]; # Pulse Audio hardware.pulseaudio = { diff --git a/services/scanner.nix b/services/scanner.nix index 36c2713..e320186 100644 --- a/services/scanner.nix +++ b/services/scanner.nix @@ -2,20 +2,29 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.scanner { +mkIf flags.scanner { # Paquets environment.systemPackages = with pkgs; [ + # Driver + hplip # Scanner HP + python27Packages.pyqt4 # dépendance hplip + + # Outils pour exploiter les scanners simple-scan ]; # Services hardware.sane.enable = true; + services.saned = { + enable = true; + extraConfig = "192.168.0.0/24"; + }; # Réseau networking.firewall = { diff --git a/services/ssh.nix b/services/ssh.nix index f332370..8c13f95 100644 --- a/services/ssh.nix +++ b/services/ssh.nix @@ -2,9 +2,9 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in mkIf true { diff --git a/services/virtualbox.nix b/services/virtualbox.nix index 5b1064c..8d5e874 100644 --- a/services/virtualbox.nix +++ b/services/virtualbox.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.virtualbox { +mkIf flags.virtualbox { # Paquets environment.systemPackages = with pkgs; [ diff --git a/services/x11.nix b/services/x11.nix index 32f352e..acf108d 100644 --- a/services/x11.nix +++ b/services/x11.nix @@ -2,17 +2,20 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf profiles.isDesktopEnvironment { +/** + * Il faut activer `services.xserver.enable = true;` dans configuration.nix + */ +mkIf currentMachine.profiles.isDesktopEnvironment { # Services # Enable the X11 windowing system. services.xserver = { - enable = true; + # enable = true; layout = "fr"; xkbOptions = "eurosign:e"; displayManager.lightdm.enable = true; diff --git a/services/xmonad/xmonad.nix b/services/xmonad/xmonad.nix index d55f5f7..2f1768c 100644 --- a/services/xmonad/xmonad.nix +++ b/services/xmonad/xmonad.nix @@ -2,12 +2,12 @@ let inherit (lib) mkIf mkMerge mkThenElse; - cfg = config.r6d.config-generator; - computers = config.r6d.computers; - profiles = config.r6d.profiles; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; in -mkIf cfg.xmonad { +mkIf flags.xmonad { # Paquets environment.systemPackages = with pkgs; [ diff --git a/services/yubikey.nix b/services/yubikey.nix new file mode 100644 index 0000000..2f786d7 --- /dev/null +++ b/services/yubikey.nix @@ -0,0 +1,42 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkMerge mkThenElse; + annuaire = config.r6d.machines; + currentMachine = annuaire."${config.networking.hostName}"; + flags = currentMachine.configurationFlags; +in + +mkIf true { + + # Services + # https://github.com/NixOS/nixpkgs/issues/15960 + + services = { + pcscd.enable = true; + + udev.packages = with pkgs; [ + libu2f-host + yubikey-personalization + ]; + + xserver.displayManager.sessionCommands = '' + # https://github.com/NixOS/nixpkgs/commit/5391882ebd781149e213e8817fba6ac3c503740c + gpg-connect-agent /bye + GPG_TTY=$(tty) + export GPG_TTY + ''; + }; + users.extraGroups.yubikey = {}; + + environment.systemPackages = with pkgs; [ + gnupg opensc pcsctools libu2f-host yubikey-personalization + ]; + + security.pam.enableU2F = true; + + /*users.extraUsers.joko = { + isNormalUser = true; + extraGroups = [ "wheel" "input" "audio" "video" ]; + };*/ +}