From ebac38eb13690b2d8dd9be2244be4d3d89c7d59f Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Sat, 23 Apr 2016 12:43:24 +0200 Subject: [PATCH 001/107] initial commit --- .gitignore | 11 +++++++++++ base.nix | 8 ++++++++ bash-interactive-init.sh | 18 ++++++++++++++++++ bash-prompt.sh | 27 ++++++++++++++++++++++++++ gitconfig | 16 ++++++++++++++++ localisation.nix | 13 +++++++++++++ tools.nix | 41 ++++++++++++++++++++++++++++++++++++++++ vim.nix | 19 +++++++++++++++++++ vimrc | 33 ++++++++++++++++++++++++++++++++ 9 files changed, 186 insertions(+) create mode 100644 .gitignore create mode 100644 base.nix create mode 100644 bash-interactive-init.sh create mode 100644 bash-prompt.sh create mode 100644 gitconfig create mode 100644 localisation.nix create mode 100644 tools.nix create mode 100644 vim.nix create mode 100644 vimrc diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..95a6d7d --- /dev/null +++ b/.gitignore @@ -0,0 +1,11 @@ +# Vim : +## swap +[._]*.s[a-w][a-z] +[._]s[a-w][a-z] +## session +Session.vim +## temporary +.netrwhist +*~ +## auto-generated tag files +tags diff --git a/base.nix b/base.nix new file mode 100644 index 0000000..2a380fe --- /dev/null +++ b/base.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ./tools.nix + ./localisation.nix + ]; +} diff --git a/bash-interactive-init.sh b/bash-interactive-init.sh new file mode 100644 index 0000000..3b9f2e6 --- /dev/null +++ b/bash-interactive-init.sh @@ -0,0 +1,18 @@ +# don't put duplicate lines in the history. See bash(1) for more options +# don't overwrite GNU Midnight Commander's setting of `ignorespace'. +export HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoredups +# ... or force ignoredups and ignorespace +export HISTCONTROL=ignoreboth + +# append to the history file, don't overwrite it +shopt -s histappend + +# check the window size after each command and, if necessary, +# update the values of LINES and COLUMNS. +shopt -s checkwinsize + +# set a fancy prompt (non-color, unless we know we "want" color) +case "$TERM" in + xterm) TERM=xterm-256color;; + screen) TERM=screen-256color;; +esac diff --git a/bash-prompt.sh b/bash-prompt.sh new file mode 100644 index 0000000..90affa8 --- /dev/null +++ b/bash-prompt.sh @@ -0,0 +1,27 @@ +# Définition des couleurs du prompt +if [[ $(tput colors) -ge 256 ]] 2>/dev/null; then + PS1_USER='\[$(tput setaf 27)\]' + PS1_HOST='\[$(tput setaf 37)\]' + PS1_ROOT='\[$(tput setaf 160)\]' + PS1_PATH='\[$(tput setaf 64)\]' + PS1_GIT='\[$(tput setaf 136)\]' + PS1_MISC='\[$(tput setaf 230)\]' + +else + PS1_USER='\[$(tput setaf 4)\]' + PS1_HOST='\[$(tput setaf 6)\]' + PS1_ROOT='\[$(tput setaf 1)\]' + PS1_PATH='\[$(tput setaf 2)\]' + PS1_GIT='\[$(tput setaf 3)\]' + PS1_MISC='\[$(tput setaf 7)\]' +fi +BOLD='\[$(tput bold)\]' +RESET='\[$(tput sgr0)\]' + +# Définition du prompt +if [ $UID = 0 ]; then + PS1_ID=$PS1_ROOT +else + PS1_ID=$PS1_USER'\u'$PS1_MISC@$PS1_HOST +fi +PS1=$RESET$BOLD$PS1_ID'\h '$PS1_PATH'\w'$PS1_GIT'$(__git_ps1)'"\n"$PS1_MISC'\$ '$RESET diff --git a/gitconfig b/gitconfig new file mode 100644 index 0000000..5c7c74a --- /dev/null +++ b/gitconfig @@ -0,0 +1,16 @@ +[color] + diff = auto + branch = auto + interactive = auto + pager = true + showbranch = auto + status = auto +[alias] + a = add -p + st = status + ci = commit + co = checkout +[push] + default = simple +[core] + editor = /usr/bin/env vim diff --git a/localisation.nix b/localisation.nix new file mode 100644 index 0000000..37bafcf --- /dev/null +++ b/localisation.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ... }: + +{ + # Select internationalisation properties. + i18n = { + consoleFont = "Lat2-Terminus16"; + consoleKeyMap = "fr"; + defaultLocale = "fr_FR.UTF-8"; + }; + + # Set your time zone. + time.timeZone = "Europe/Paris"; +} diff --git a/tools.nix b/tools.nix new file mode 100644 index 0000000..8075298 --- /dev/null +++ b/tools.nix @@ -0,0 +1,41 @@ +{ config, pkgs, ... }: + +{ + # List packages installed in system profile. To search by name, run: + # $ nix-env -qaP | grep wget + environment = { + systemPackages = with pkgs; [ + bind # utilisé pour les utilitaires comme dig + byobu + git gitAndTools.tig + gnupg + htop + ncdu + nmap + mtr + p7zip + parted + python34Packages.glances + pwgen + tmux + tree + (import ./vim.nix) + wget + ]; + shellAliases = { + byobu = "byobu-tmux"; + tree = "tree -C"; + tree1 = "tree -d -L 1"; + tree2 = "tree -d -L 2"; + tree3 = "tree -d -L 3"; + grep = "grep --color=auto"; + vi = "vim"; + }; + etc.gitconfig.text = builtins.readFile ./gitconfig; + }; + programs.bash = { + enableCompletion = true; + promptInit = builtins.readFile ./bash-prompt.sh; + interactiveShellInit = builtins.readFile ./bash-interactive-init.sh; + }; +} diff --git a/vim.nix b/vim.nix new file mode 100644 index 0000000..d48ae33 --- /dev/null +++ b/vim.nix @@ -0,0 +1,19 @@ +with import {}; + +vim_configurable.customize { + # Specifies the vim binary name. + # E.g. set this to "my-vim" and you need to type "my-vim" to open this vim + # This allows to have multiple vim packages installed (e.g. with a different set of plugins) + name = "vim"; + vimrcConfig.customRC = builtins.readFile ./vimrc; + vimrcConfig.vam.knownPlugins = pkgs.vimPlugins; + vimrcConfig.vam.pluginDictionaries = [ + { names = [ + # Here you can place all your vim plugins + # They are installed managed by `vam` (a vim plugin manager) + #"vim-addon-nix" + "vim-nix" + "wombat256-vim" + ]; } + ]; +} diff --git a/vimrc b/vimrc new file mode 100644 index 0000000..8123371 --- /dev/null +++ b/vimrc @@ -0,0 +1,33 @@ +" Use Vim settings, rather than Vi settings (much better!). +" This must be first, because it changes other options as a side effect. +set nocompatible + +" allow backspacing over everything in insert mode +set backspace=indent,eol,start + +if has("vms") + set nobackup " do not keep a backup file, use versions instead +else + set backup " keep a backup file +endif +set history=50 " keep 50 lines of command line history +set ruler " show the cursor position all the time +set showcmd " display incomplete commands +set incsearch " do incremental searching + +" Tab specific option +set tabstop=4 "A tab is 8 spaces +set expandtab "Always uses spaces instead of tabs +set softtabstop=4 "Insert 4 spaces when tab is pressed +set shiftwidth=4 "An indent is 4 spaces +set shiftround "Round indent to nearest shiftwidth multiple + +"""""" Réglages cosmétiques +set background=dark +set cc=80 +set number +highlight ColorColumn ctermbg=8 +"Détection de la profondeur des couleurs (8bits) +if &t_Co > 8 + colorscheme wombat256mod +endif From 2a2e988c5e67b8115e927205946735cd74e33f09 Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Sat, 23 Apr 2016 21:40:30 +0200 Subject: [PATCH 002/107] ajout de gnumake --- tools.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tools.nix b/tools.nix index 8075298..f95a48b 100644 --- a/tools.nix +++ b/tools.nix @@ -8,6 +8,7 @@ bind # utilisé pour les utilitaires comme dig byobu git gitAndTools.tig + gnumake gnupg htop ncdu From 07669adcf34cce52868733e6e21c4755d3753461 Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Wed, 4 May 2016 14:56:47 +0200 Subject: [PATCH 003/107] =?UTF-8?q?ligne=20rouge=20moche=20=C3=A0=2080c=20?= =?UTF-8?q?->=20ligne=20=C3=A0=20fond=20gris=20=C3=A0=2080=20et=20=C3=A0?= =?UTF-8?q?=20partir=20de=20120?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- vimrc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vimrc b/vimrc index 8123371..257846c 100644 --- a/vimrc +++ b/vimrc @@ -24,10 +24,11 @@ set shiftround "Round indent to nearest shiftwidth multiple """""" Réglages cosmétiques set background=dark -set cc=80 set number highlight ColorColumn ctermbg=8 "Détection de la profondeur des couleurs (8bits) if &t_Co > 8 colorscheme wombat256mod + let &colorcolumn="80,".join(range(120,999),",") + highlight ColorColumn ctermbg=235 guibg=#2c2d27 endif From 2227277cbb2087631c2c21e8f9f86a1acfeb320d Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Wed, 4 May 2016 21:51:52 +0200 Subject: [PATCH 004/107] 'which', outil utile --- tools.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tools.nix b/tools.nix index f95a48b..a45208a 100644 --- a/tools.nix +++ b/tools.nix @@ -22,6 +22,7 @@ tree (import ./vim.nix) wget + which ]; shellAliases = { byobu = "byobu-tmux"; From 606a6738c91461aa9ea4772c2fc1b9d8f0feddfe Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Fri, 6 May 2016 17:20:00 +0200 Subject: [PATCH 005/107] activation des adresses ipv6 temporaires MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -> il y a donc plusieurs @IPv6 affectées à une machine. Une adresse qui ne devrait pas changer entre les reboot + une adresse qui change régulièrement (préférence 1h, valide 1jour) --- base.nix | 1 + networking.nix | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 networking.nix diff --git a/base.nix b/base.nix index 2a380fe..b151a70 100644 --- a/base.nix +++ b/base.nix @@ -4,5 +4,6 @@ imports = [ ./tools.nix ./localisation.nix + ./networking.nix ]; } diff --git a/networking.nix b/networking.nix new file mode 100644 index 0000000..f8ebd8b --- /dev/null +++ b/networking.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: + +{ + + # Utilisation d'adresse IPv6 temporaire + # https://blog.linitx.com/control-privacy-addressing-ipv6-linux/ + + boot.kernel.sysctl = { + "net.ipv6.conf.all.temp_prefered_lft" = 3600; # 1 heure + "net.ipv6.conf.all.temp_valid_lft" = 86400; # 1 jour + "net.ipv6.conf.all.use_tempaddr" = 2; # activé + + "net.ipv6.conf.default.temp_prefered_lft" = 3600; # 1 heure + "net.ipv6.conf.default.temp_valid_lft" = 86400; # 1 jour + "net.ipv6.conf.default.use_tempaddr" = 2; # activé + }; +} From 542105d6e36af471606a24ddd01ec8397eff9933 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Fri, 6 May 2016 17:25:28 +0200 Subject: [PATCH 006/107] lien vers article "Privacy Extension IPv6 Addresses" --- networking.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/networking.nix b/networking.nix index f8ebd8b..8e10228 100644 --- a/networking.nix +++ b/networking.nix @@ -4,6 +4,7 @@ # Utilisation d'adresse IPv6 temporaire # https://blog.linitx.com/control-privacy-addressing-ipv6-linux/ + # http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/x1092.html boot.kernel.sysctl = { "net.ipv6.conf.all.temp_prefered_lft" = 3600; # 1 heure From f0c5ce1e8ceb5bf50343741032069075aa88b342 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Sun, 8 May 2016 17:51:39 +0200 Subject: [PATCH 007/107] ajout d'alias git --- gitconfig | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/gitconfig b/gitconfig index 5c7c74a..6752a6f 100644 --- a/gitconfig +++ b/gitconfig @@ -7,9 +7,16 @@ status = auto [alias] a = add -p - st = status ci = commit co = checkout + ff = pull --ff-only + # Show files ignored by git + ignored = ls-files -o -i --exclude-standard + ls = ls-files + st = status + # Logs + lol = log --graph --decorate --pretty=oneline --abbrev-commit + lola = log --graph --decorate --pretty=oneline --abbrev-commit --all [push] default = simple [core] From d7844c641cb3dec1e3b4db2cb59d458745f8bc93 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Sun, 8 May 2016 18:20:15 +0200 Subject: [PATCH 008/107] =?UTF-8?q?ajout=20du=20service=20locate=20(non=20?= =?UTF-8?q?activ=C3=A9=20dans=20base)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- locate.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 locate.nix diff --git a/locate.nix b/locate.nix new file mode 100644 index 0000000..bd5c602 --- /dev/null +++ b/locate.nix @@ -0,0 +1,11 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ]; + + services.locate= { + enable = true; + interval = "hourly"; + }; +} From ec72d97c8fa5343e8fae0a46fb606b0bfaca1650 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 9 May 2016 22:00:26 +0200 Subject: [PATCH 009/107] =?UTF-8?q?les=20expressions=20activ=C3=A9es=20"?= =?UTF-8?q?=C3=A0=20la=20main"=20sont=20s=C3=A9par=C3=A9es=20dans=20un=20d?= =?UTF-8?q?ossier?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- locate.nix => activation-manuelle/locate.nix | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename locate.nix => activation-manuelle/locate.nix (100%) diff --git a/locate.nix b/activation-manuelle/locate.nix similarity index 100% rename from locate.nix rename to activation-manuelle/locate.nix From f8890aa003fc37c628544d319d88fd50cf0311db Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Tue, 10 May 2016 22:10:41 +0200 Subject: [PATCH 010/107] ajout de lspci et lsusb --- tools.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools.nix b/tools.nix index a45208a..68dbce1 100644 --- a/tools.nix +++ b/tools.nix @@ -16,10 +16,12 @@ mtr p7zip parted + pciutils python34Packages.glances pwgen tmux tree + usbutils (import ./vim.nix) wget which From ddc89e6a6e0a78f56dfc1f60157a6b4bcd41db41 Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Thu, 12 May 2016 00:42:30 +0200 Subject: [PATCH 011/107] ajout d'un make --- Makefile | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 Makefile diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..d03de53 --- /dev/null +++ b/Makefile @@ -0,0 +1,8 @@ +all: rebuild-switch + date + +rebuild-switch: + nixos-rebuild switch + +update: + nixos-rebuild switch --upgrade From 78cb2f79767eab0dd9b2ab898d879036a5bf042b Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Sat, 14 May 2016 20:59:13 +0200 Subject: [PATCH 012/107] ajout d'une cible clean qui "collect -d 15jours" --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index d03de53..9978ca6 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,9 @@ all: rebuild-switch date +clean: + nix-collect-garbage -d --delete-older-than 15d + rebuild-switch: nixos-rebuild switch From 6a53257409686176426f08c1fcf8f91461347956 Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Mon, 16 May 2016 14:14:09 +0200 Subject: [PATCH 013/107] ajout cible de MaJ sous-modules --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index 9978ca6..5442356 100644 --- a/Makefile +++ b/Makefile @@ -7,5 +7,8 @@ clean: rebuild-switch: nixos-rebuild switch +submodules-update: + git submodule update --remote + update: nixos-rebuild switch --upgrade From 51a3a75d744bbc2c26c881374da843db9b53ba08 Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Mon, 16 May 2016 15:34:12 +0200 Subject: [PATCH 014/107] activation exfat --- tools.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tools.nix b/tools.nix index 68dbce1..06424a7 100644 --- a/tools.nix +++ b/tools.nix @@ -7,6 +7,7 @@ systemPackages = with pkgs; [ bind # utilisé pour les utilitaires comme dig byobu + exfat # Pour monter les FAT avec Fuse git gitAndTools.tig gnumake gnupg From 76e075cab4242d442e1feba7ebc419260ac5cfa7 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 16 May 2016 21:19:28 +0200 Subject: [PATCH 015/107] ajout de la directive pour activer svn avec git --- tools.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools.nix b/tools.nix index 06424a7..16be199 100644 --- a/tools.nix +++ b/tools.nix @@ -8,7 +8,7 @@ bind # utilisé pour les utilitaires comme dig byobu exfat # Pour monter les FAT avec Fuse - git gitAndTools.tig + git gitAndTools.gitSVN gitAndTools.tig gnumake gnupg htop From 691b961d64d6097270f6331d48ee270407079beb Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 16 May 2016 21:57:47 +0200 Subject: [PATCH 016/107] ajout configurationmanuelle du swap --- activation-manuelle/swap.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 activation-manuelle/swap.nix diff --git a/activation-manuelle/swap.nix b/activation-manuelle/swap.nix new file mode 100644 index 0000000..95d9071 --- /dev/null +++ b/activation-manuelle/swap.nix @@ -0,0 +1,11 @@ +{ config, pkgs, ... }: + +{ + + # https://en.wikipedia.org/wiki/Swappiness + boot.kernel.sysctl = { + # le swap est activé (!= 0) + # le swap est utilisé lorsque (100 - x) % de la mémoire est déja allouée + "vm.swappiness" = 10; + }; +} From e9cf5d547234740012b4142a425d1431d8c2d18d Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Tue, 17 May 2016 20:09:04 +0200 Subject: [PATCH 017/107] =?UTF-8?q?cible=20de=20m=C3=A9nage=20aggressif?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index 5442356..7544a89 100644 --- a/Makefile +++ b/Makefile @@ -4,6 +4,9 @@ all: rebuild-switch clean: nix-collect-garbage -d --delete-older-than 15d +clean-aggressive: + nix-collect-garbage -d --delete-older-than 15d + rebuild-switch: nixos-rebuild switch From 521d3627795e11341a67034f20a35bd9ac17c0a8 Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Mon, 23 May 2016 10:04:30 +0200 Subject: [PATCH 018/107] =?UTF-8?q?cible=20pour=20faire=20du=20m=C3=A9nage?= =?UTF-8?q?=20dans=20les=20logs?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index 7544a89..b4debb7 100644 --- a/Makefile +++ b/Makefile @@ -7,6 +7,9 @@ clean: clean-aggressive: nix-collect-garbage -d --delete-older-than 15d +clean-log: + journalctl --vacuum-size=1G + rebuild-switch: nixos-rebuild switch From 58342eef57410307bfa5780354f69f55cefa3118 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 23 May 2016 16:48:47 +0200 Subject: [PATCH 019/107] =?UTF-8?q?ajustement=20de=20la=20dur=C3=A9e=20de?= =?UTF-8?q?=20r=C3=A9tention=20=C3=A0=200=20pour=20le=20m=C3=A9nage=20aggr?= =?UTF-8?q?essif?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index b4debb7..406be82 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ clean: nix-collect-garbage -d --delete-older-than 15d clean-aggressive: - nix-collect-garbage -d --delete-older-than 15d + nix-collect-garbage -d --delete-older-than 0d clean-log: journalctl --vacuum-size=1G From dccec5d306eea524d78929ab326092304b53d760 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 23 May 2016 16:50:26 +0200 Subject: [PATCH 020/107] =?UTF-8?q?Revert=20"ajustement=20de=20la=20dur?= =?UTF-8?q?=C3=A9e=20de=20r=C3=A9tention=20=C3=A0=200=20pour=20le=20m?= =?UTF-8?q?=C3=A9nage=20aggressif"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 58342eef57410307bfa5780354f69f55cefa3118. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 406be82..b4debb7 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ clean: nix-collect-garbage -d --delete-older-than 15d clean-aggressive: - nix-collect-garbage -d --delete-older-than 0d + nix-collect-garbage -d --delete-older-than 15d clean-log: journalctl --vacuum-size=1G From f7ac4acd54c213fb24cdd8dbe8e64738bccc9f71 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 23 May 2016 16:50:44 +0200 Subject: [PATCH 021/107] =?UTF-8?q?le=20m=C3=A9nage=20aggressif=20efface?= =?UTF-8?q?=20plius=20ancien=20que=201=20jour?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index b4debb7..4e38bc3 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ clean: nix-collect-garbage -d --delete-older-than 15d clean-aggressive: - nix-collect-garbage -d --delete-older-than 15d + nix-collect-garbage -d --delete-older-than 1d clean-log: journalctl --vacuum-size=1G From 4857ea1b566f68c4052895f0ca2a2e7bfd7a7c0a Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Mon, 23 May 2016 08:29:56 +0200 Subject: [PATCH 022/107] =?UTF-8?q?r=C3=A8gle=20pour=20optimiser=20le=20st?= =?UTF-8?q?ore?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index 4e38bc3..1b9ad60 100644 --- a/Makefile +++ b/Makefile @@ -10,6 +10,9 @@ clean-aggressive: clean-log: journalctl --vacuum-size=1G +optimise: + nix-store --optimise + rebuild-switch: nixos-rebuild switch From f5f92fcb070dd4727402fd742f0052e78c40db30 Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Mon, 23 May 2016 19:01:56 +0200 Subject: [PATCH 023/107] make rule that cleans everything --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index 1b9ad60..6fb4d44 100644 --- a/Makefile +++ b/Makefile @@ -7,6 +7,9 @@ clean: clean-aggressive: nix-collect-garbage -d --delete-older-than 1d +clean-total: + nix-collect-garbage -d + clean-log: journalctl --vacuum-size=1G From c93cd28bb13338db5ac6aa3b539f400b9002e3e2 Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Mon, 23 May 2016 19:04:15 +0200 Subject: [PATCH 024/107] update -> upgrade --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 6fb4d44..8631ad5 100644 --- a/Makefile +++ b/Makefile @@ -22,5 +22,5 @@ rebuild-switch: submodules-update: git submodule update --remote -update: +upgrade: nixos-rebuild switch --upgrade From d2b4afd9d4a4ec59ca224880445e3f1a335ffad6 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Tue, 31 May 2016 21:09:06 +0200 Subject: [PATCH 025/107] activation d'un noeud munin local (acessible uniquement par localhost) --- networking.nix | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/networking.nix b/networking.nix index 8e10228..e2934a6 100644 --- a/networking.nix +++ b/networking.nix @@ -1,10 +1,10 @@ { config, pkgs, ... }: { - # Utilisation d'adresse IPv6 temporaire - # https://blog.linitx.com/control-privacy-addressing-ipv6-linux/ - # http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/x1092.html + + ## https://blog.linitx.com/control-privacy-addressing-ipv6-linux/ + ## http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/x1092.html boot.kernel.sysctl = { "net.ipv6.conf.all.temp_prefered_lft" = 3600; # 1 heure @@ -15,4 +15,10 @@ "net.ipv6.conf.default.temp_valid_lft" = 86400; # 1 jour "net.ipv6.conf.default.use_tempaddr" = 2; # activé }; + + # Noeud de supoervision munin = pas de stockage des données locales + + services.munin-node = { + enable = true; + }; } From 6ae67f8e0948679075969fb5ec1b8e14a97a0fb5 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Fri, 3 Jun 2016 14:38:58 +0200 Subject: [PATCH 026/107] =?UTF-8?q?ajout=20de=20la=20mise=20=C3=A0=20jour?= =?UTF-8?q?=20automatique=20du=20syst=C3=A8me=20en=20manuel?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- activation-manuelle/auto-upgrade.nix | 7 +++++++ base.nix | 5 ++++- 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 activation-manuelle/auto-upgrade.nix diff --git a/activation-manuelle/auto-upgrade.nix b/activation-manuelle/auto-upgrade.nix new file mode 100644 index 0000000..0c1c58c --- /dev/null +++ b/activation-manuelle/auto-upgrade.nix @@ -0,0 +1,7 @@ +{ config, pkgs, ... }: + +{ + # Automatic update & automatic clean + system.autoUpgrade.enable = true; + nix.gc.automatic = true; +} diff --git a/base.nix b/base.nix index b151a70..50ce630 100644 --- a/base.nix +++ b/base.nix @@ -2,8 +2,11 @@ { imports = [ - ./tools.nix + #./activation-manuelle/auto-upgrade.nix + #./activation-manuelle/locate.nix + #./activation-manuelle/swap.nix ./localisation.nix ./networking.nix + ./tools.nix ]; } From 2c4daa1766778d6f8f3dfbe3f517f277f0c6a03f Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Fri, 3 Jun 2016 14:50:33 +0200 Subject: [PATCH 027/107] =?UTF-8?q?ajout=20domaines=20recherch=C3=A9s=20pa?= =?UTF-8?q?r=20le=20DNS?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- networking.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/networking.nix b/networking.nix index e2934a6..7a03a67 100644 --- a/networking.nix +++ b/networking.nix @@ -1,6 +1,17 @@ { config, pkgs, ... }: { + # Définition des domaines utilisés lorsque un identifiant non-FQDN est donné. + networking = { + search = [ + "dubronetwork.fr" + "prunetwork.fr" + "teleragno.fr" + "teleragno.net" + ]; + dnsExtensionMechanism = true; + }; + # Utilisation d'adresse IPv6 temporaire ## https://blog.linitx.com/control-privacy-addressing-ipv6-linux/ From 35b2dede57746291548d5044ec082ce70db55a63 Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Thu, 9 Jun 2016 16:05:59 +0200 Subject: [PATCH 028/107] ajout commentaire --- networking.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/networking.nix b/networking.nix index 7a03a67..5315681 100644 --- a/networking.nix +++ b/networking.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { - # Définition des domaines utilisés lorsque un identifiant non-FQDN est donné. + # Définition des domaines utilisés lorsque un identifiant non-FQDN est donné (ping, nslookup) networking = { search = [ "dubronetwork.fr" From 71807d038a63c5b88f602090312bfe535c02601e Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Thu, 9 Jun 2016 16:09:51 +0200 Subject: [PATCH 029/107] ajout d'une expression pour les services --- base.nix | 1 + services.nix | 6 ++++++ 2 files changed, 7 insertions(+) create mode 100644 services.nix diff --git a/base.nix b/base.nix index 50ce630..a5d6c00 100644 --- a/base.nix +++ b/base.nix @@ -8,5 +8,6 @@ ./localisation.nix ./networking.nix ./tools.nix + ./services.nix ]; } diff --git a/services.nix b/services.nix new file mode 100644 index 0000000..1982b25 --- /dev/null +++ b/services.nix @@ -0,0 +1,6 @@ +{ config, pkgs, ... }: + +{ + # Enable the OpenSSH dble the OpenSSH daemon. aemon + services.openssh.enable = true; +} From c5eeaae443dbb7ac3a1abdf5f4d7736c9b28dfcc Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Thu, 9 Jun 2016 16:17:54 +0200 Subject: [PATCH 030/107] =?UTF-8?q?modification=20du=20make=20pour=20garde?= =?UTF-8?q?r=20la=20branche=20master=20=C3=A0=20jour?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 8631ad5..262bd79 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,9 @@ rebuild-switch: nixos-rebuild switch submodules-update: - git submodule update --remote + #git submodule update --remote + git submodule foreach git co master + git submodule foreach git ff upgrade: nixos-rebuild switch --upgrade From a91f81a6503dd7cf2356fccac67336f4891db4ae Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Thu, 9 Jun 2016 16:19:24 +0200 Subject: [PATCH 031/107] activation de CUPS et des pilotes samsung --- services.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/services.nix b/services.nix index 1982b25..7d02830 100644 --- a/services.nix +++ b/services.nix @@ -3,4 +3,11 @@ { # Enable the OpenSSH dble the OpenSSH daemon. aemon services.openssh.enable = true; + + # Enable CUPS to print documents. + services.printing = { + enable = true; + drivers = [ pkgs.samsung-unified-linux-driver ]; + }; + } From 54382e757c324bc0f3320c2abac126cc4876cc46 Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Thu, 9 Jun 2016 16:25:43 +0200 Subject: [PATCH 032/107] tools -> environment --- base.nix | 2 +- tools.nix => environment.nix | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename tools.nix => environment.nix (100%) diff --git a/base.nix b/base.nix index a5d6c00..7f73836 100644 --- a/base.nix +++ b/base.nix @@ -5,9 +5,9 @@ #./activation-manuelle/auto-upgrade.nix #./activation-manuelle/locate.nix #./activation-manuelle/swap.nix + ./environment.nix ./localisation.nix ./networking.nix - ./tools.nix ./services.nix ]; } diff --git a/tools.nix b/environment.nix similarity index 100% rename from tools.nix rename to environment.nix From 2cf7a7a7ee0e12222a707f95a33c4b7ac242d8ee Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Thu, 9 Jun 2016 16:26:01 +0200 Subject: [PATCH 033/107] =?UTF-8?q?ajout=20du=20num=C3=A9ro=20de=20version?= =?UTF-8?q?=20de=20NixOS=20et=20du=20nombre=20de=20jobs=20//?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- environment.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/environment.nix b/environment.nix index 16be199..2eeb32d 100644 --- a/environment.nix +++ b/environment.nix @@ -1,6 +1,12 @@ { config, pkgs, ... }: { + # Nombre de process d'installation en parrallèle effectués par Nix + nix.buildCores = 0; + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "16.03"; + # List packages installed in system profile. To search by name, run: # $ nix-env -qaP | grep wget environment = { From a228a0e52c22fbeca08eeef661921e6a4e73a46d Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Thu, 9 Jun 2016 16:31:18 +0200 Subject: [PATCH 034/107] autorisation des paquets non libres --- environment.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/environment.nix b/environment.nix index 2eeb32d..f1a7785 100644 --- a/environment.nix +++ b/environment.nix @@ -7,6 +7,9 @@ # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "16.03"; + # On autorise les paquets non-libres + nixpkgs.config.allowUnfree = true; + # List packages installed in system profile. To search by name, run: # $ nix-env -qaP | grep wget environment = { From 48f45f76aac37473d51042471a1e088cc9ace385 Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Thu, 9 Jun 2016 16:35:37 +0200 Subject: [PATCH 035/107] ajout de cible full-auto --- Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Makefile b/Makefile index 262bd79..7479ee8 100644 --- a/Makefile +++ b/Makefile @@ -13,6 +13,8 @@ clean-total: clean-log: journalctl --vacuum-size=1G +full-auto: submodules-update upgrade clean optimise + optimise: nix-store --optimise From cc1d6f58598b1814edca99dff711d4e936c6a36b Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 13 Jun 2016 00:56:08 +0200 Subject: [PATCH 036/107] =?UTF-8?q?la=20prise=20en=20charge=20de=20la=20so?= =?UTF-8?q?uris=20en=20console=20est=20migr=C3=A9e=20de=20desktop=20=C3=A0?= =?UTF-8?q?=20base?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- environment.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/environment.nix b/environment.nix index f1a7785..69338b9 100644 --- a/environment.nix +++ b/environment.nix @@ -20,6 +20,7 @@ git gitAndTools.gitSVN gitAndTools.tig gnumake gnupg + gpm # prise en charge de la souris en console htop ncdu nmap From d71f1b7f57f2e76518aef9e37993fa0766d738a1 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 13 Jun 2016 15:12:58 +0200 Subject: [PATCH 037/107] =?UTF-8?q?ajout=20d'un=20g=C3=A9n=C3=A9rateur=20d?= =?UTF-8?q?e=20nombres=20al=C3=A9atoires=20pour=20++=20l'entropie=20du=20s?= =?UTF-8?q?yst=C3=A8me?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- services.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/services.nix b/services.nix index 7d02830..06ae44c 100644 --- a/services.nix +++ b/services.nix @@ -1,8 +1,19 @@ { config, pkgs, ... }: { - # Enable the OpenSSH dble the OpenSSH daemon. aemon - services.openssh.enable = true; + # Sécurité & Acces distant + + ## Augmentation de l'entropie du système par un générateur de nombres aléatoires + ## cat /proc/sys/kernel/random/entropy_avail + services.haveged = { + enable = true; + refill_threshold = 2048; + }; + + ## OpenSSH daemon + services.openssh = { + enable = true; + }; # Enable CUPS to print documents. services.printing = { From 5c0c2fa2ec5c95025ec4566395671a84c767f7d0 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 13 Jun 2016 16:11:36 +0200 Subject: [PATCH 038/107] =?UTF-8?q?ajout=20de=20cible=20pour=20v=C3=A9rifi?= =?UTF-8?q?er=20et=20corriger=20le=20store?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index 7479ee8..7f66cd6 100644 --- a/Makefile +++ b/Makefile @@ -21,6 +21,9 @@ optimise: rebuild-switch: nixos-rebuild switch +store-repair: + nix-store --verify --check-contents --repair + submodules-update: #git submodule update --remote git submodule foreach git co master From 092b4a8b44bb4bda7c9be47cf24291c6ca3b24b1 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 13 Jun 2016 16:13:24 +0200 Subject: [PATCH 039/107] =?UTF-8?q?ajout=20de=20cible=20pour=20pusher=20to?= =?UTF-8?q?us=20les=20sousmodules=20&=20d=C3=A9pot=20courant?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Makefile b/Makefile index 7f66cd6..51c259b 100644 --- a/Makefile +++ b/Makefile @@ -29,5 +29,9 @@ submodules-update: git submodule foreach git co master git submodule foreach git ff +submodules-push: + git submodule foreach git push + git push + upgrade: nixos-rebuild switch --upgrade From 22bd42f61fb8e1474e9ca2043583ffffa9f9442c Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 13 Jun 2016 16:26:01 +0200 Subject: [PATCH 040/107] =?UTF-8?q?d=C3=A9placement=20de=20munin-node=20ve?= =?UTF-8?q?rs=20services?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- networking.nix | 6 ------ services.nix | 5 +++++ 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/networking.nix b/networking.nix index 5315681..310e328 100644 --- a/networking.nix +++ b/networking.nix @@ -26,10 +26,4 @@ "net.ipv6.conf.default.temp_valid_lft" = 86400; # 1 jour "net.ipv6.conf.default.use_tempaddr" = 2; # activé }; - - # Noeud de supoervision munin = pas de stockage des données locales - - services.munin-node = { - enable = true; - }; } diff --git a/services.nix b/services.nix index 06ae44c..280ce2c 100644 --- a/services.nix +++ b/services.nix @@ -21,4 +21,9 @@ drivers = [ pkgs.samsung-unified-linux-driver ]; }; + # Noeud de supervision munin = pas de stockage des données locales + + services.munin-node = { + enable = true; + }; } From eeae1777446a0d5139a4d1eebc9b6ca77c1e7e64 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 13 Jun 2016 16:27:53 +0200 Subject: [PATCH 041/107] =?UTF-8?q?s=C3=A9paration=20de=20push=20&=20submo?= =?UTF-8?q?dules-push?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 51c259b..da24367 100644 --- a/Makefile +++ b/Makefile @@ -18,6 +18,9 @@ full-auto: submodules-update upgrade clean optimise optimise: nix-store --optimise +push: submodules-push + git push + rebuild-switch: nixos-rebuild switch @@ -31,7 +34,6 @@ submodules-update: submodules-push: git submodule foreach git push - git push upgrade: nixos-rebuild switch --upgrade From e486a82be28ef61a28c9b11dfd459101ed132496 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 13 Jun 2016 18:28:30 +0200 Subject: [PATCH 042/107] commentaire --- services.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/services.nix b/services.nix index 280ce2c..f7ca0c3 100644 --- a/services.nix +++ b/services.nix @@ -21,7 +21,9 @@ drivers = [ pkgs.samsung-unified-linux-driver ]; }; - # Noeud de supervision munin = pas de stockage des données locales + # Monitoring + + ## Noeud de supervision munin = pas de stockage des données locales services.munin-node = { enable = true; From 8d464837ecf540353451ed40581503be162d394d Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Tue, 14 Jun 2016 17:56:48 +0200 Subject: [PATCH 043/107] =?UTF-8?q?diminution=20de=20la=20dur=C3=A9e=20de?= =?UTF-8?q?=20validit=C3=A9=20des=20IPv6=20temporaires?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- networking.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/networking.nix b/networking.nix index 310e328..a6f8360 100644 --- a/networking.nix +++ b/networking.nix @@ -18,12 +18,12 @@ ## http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/x1092.html boot.kernel.sysctl = { - "net.ipv6.conf.all.temp_prefered_lft" = 3600; # 1 heure - "net.ipv6.conf.all.temp_valid_lft" = 86400; # 1 jour + "net.ipv6.conf.all.temp_prefered_lft" = 1800; # 30 min + "net.ipv6.conf.all.temp_valid_lft" = 3600; # 1 heure "net.ipv6.conf.all.use_tempaddr" = 2; # activé "net.ipv6.conf.default.temp_prefered_lft" = 3600; # 1 heure - "net.ipv6.conf.default.temp_valid_lft" = 86400; # 1 jour + "net.ipv6.conf.default.temp_valid_lft" = 3600; # 1 heure "net.ipv6.conf.default.use_tempaddr" = 2; # activé }; } From c4a3515aa012f6bf1343fdf43e62f4ee7717981c Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Tue, 28 Jun 2016 20:52:05 +0200 Subject: [PATCH 044/107] ajout de commande pour produire facilement des tags --- Makefile | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Makefile b/Makefile index da24367..c7fd05b 100644 --- a/Makefile +++ b/Makefile @@ -35,5 +35,12 @@ submodules-update: submodules-push: git submodule foreach git push +submodules-tag: + git submodule foreach git tag -f "$$(date +%F)-$$(hostname -s)" + +tag: submodules-tag + git tag -f "$$(date +%F)-$$(hostname -s)" + upgrade: nixos-rebuild switch --upgrade + From d4417b922a05e24235d2b497d87c9e126648e183 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Tue, 28 Jun 2016 20:55:28 +0200 Subject: [PATCH 045/107] =?UTF-8?q?les=20commandes=20de=20push=20envoient?= =?UTF-8?q?=20=C3=A9galement=20les=20tags?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index c7fd05b..bc21835 100644 --- a/Makefile +++ b/Makefile @@ -19,7 +19,8 @@ optimise: nix-store --optimise push: submodules-push - git push + git push --all + git push --tags rebuild-switch: nixos-rebuild switch @@ -33,7 +34,8 @@ submodules-update: git submodule foreach git ff submodules-push: - git submodule foreach git push + git submodule foreach git push --all + git submodule foreach git push --tags submodules-tag: git submodule foreach git tag -f "$$(date +%F)-$$(hostname -s)" From aae5d9a4cc5b310371668538dc05affeca6d9cfd Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Mon, 4 Jul 2016 10:56:33 +0200 Subject: [PATCH 046/107] serveur de cache nix --- activation-manuelle/nix-serve.nix | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 activation-manuelle/nix-serve.nix diff --git a/activation-manuelle/nix-serve.nix b/activation-manuelle/nix-serve.nix new file mode 100644 index 0000000..4dfc384 --- /dev/null +++ b/activation-manuelle/nix-serve.nix @@ -0,0 +1,7 @@ +{ config, pkgs, ... }: + +{ + # Cache http pour le store + services.nix-serve.enable = true; + networking.firewall.allowedTCPPorts = [5000]; +} From 87a0a9d3de57060b17dac7e84937d86f16cbf9f5 Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Wed, 6 Jul 2016 16:08:32 +0200 Subject: [PATCH 047/107] options pour utiliser le cache nix de phenom --- activation-manuelle/nix-serve-client.nix | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 activation-manuelle/nix-serve-client.nix diff --git a/activation-manuelle/nix-serve-client.nix b/activation-manuelle/nix-serve-client.nix new file mode 100644 index 0000000..ca4d7d6 --- /dev/null +++ b/activation-manuelle/nix-serve-client.nix @@ -0,0 +1,7 @@ +{ config, pkgs, ... }: + +{ + # Cache http pour le store + nix.requireSignedBinaryCaches = false; + nix.binaryCaches = [ "http://192.168.10.169:5000" ]; +} From b277551d6a387d0372b8ea9d81bf5af3e2fb5844 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Sat, 9 Jul 2016 21:12:20 +0200 Subject: [PATCH 048/107] =?UTF-8?q?moulinette=20de=20configuration=20par?= =?UTF-8?q?=20flags=20de=20fonctionalit=C3=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config-generator.nix | 129 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 129 insertions(+) create mode 100644 config-generator.nix diff --git a/config-generator.nix b/config-generator.nix new file mode 100644 index 0000000..61c24e4 --- /dev/null +++ b/config-generator.nix @@ -0,0 +1,129 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkEnableOption mkIf mkMerge mkOption singleton types; + #inherit (pkgs) bird; + cfg = config.r6d.config-generator; + + # configFile = pkgs.writeText "bird.conf" '' + # ${cfg.config} + #''; +in + +{ + imports = [ + ]; + + ###### interface + + options = { + + r6d.config-generator = { + + enable = mkEnableOption "Generation de la configuration d'une machine"; + + auto-upgrade = mkOption { + type = types.bool; + default = true; + description = '' + Profil pour activer les mises à jour automatiques. + ''; + }; + + docker = mkOption { + type = types.bool; + default = false; + description = '' + Profil pour l'utilisation de Docker. + ''; + }; + + jeux = mkOption { + type = types.bool; + default = false; + description = '' + Profil pour les jeux vidéos. + ''; + }; + + laptop = mkOption { + type = types.bool; + default = false; + description = '' + Profil pour les outils spécifiques aux ordinateurs portables.. + ''; + }; + + locate = mkOption { + type = types.bool; + default = true; + description = '' + Profil pour activer la fonction locate. + ''; + }; + + nix-serve-server = mkOption { + type = types.bool; + default = false; + description = '' + Profil pour que la machine soit un serveur de cache nix. + ''; + }; + + swap = mkOption { + type = types.bool; + default = false; + description = '' + Profil pour que le swap soit activé. + ''; + }; + + virtualbox = mkOption { + type = types.bool; + default = false; + description = '' + Profil pour l'utilisation de VirtualBox. + ''; + }; + }; + }; + + + ###### implementation + # https://nixos.org/releases/nixos/14.12-small/nixos-14.12.374.61adf9e/manual/sec-writing-modules.html + # https://nixos.org/wiki/NixOS:extend_NixOS + config = mkMerge + [ # Unconditional stuff. + { + #environment.systemPackages = [ ... ]; + r6d.config-generator.enable = true; + } + + # Conditional stuff. + ## Affectation des profils aux machines + (mkIf (config.networking.hostName == "radx.prunetwork.fr") { + r6d.config-generator = { + docker = true; + jeux = true; + laptop = true; + nix-serve-server = true; + swap = true; + virtualbox = true; + }; + }) + + (mkIf (config.networking.hostName == "phenom.dubronetwork.fr") { + r6d.config-generator = { + docker = true; + jeux = true; + laptop = true; + nix-serve-server = true; + swap = true; + virtualbox = true; + }; + }) + + ## Contenu des Profils + # -> voir les sources des dépots base & desktop + ]; +} From d03f8cbfc26fe79efaff409ba055eeffabb3220a Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Sat, 9 Jul 2016 21:14:25 +0200 Subject: [PATCH 049/107] ajustement de la configuration --- config-generator.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/config-generator.nix b/config-generator.nix index 61c24e4..3189f14 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -105,10 +105,8 @@ in r6d.config-generator = { docker = true; jeux = true; - laptop = true; nix-serve-server = true; swap = true; - virtualbox = true; }; }) @@ -116,9 +114,7 @@ in r6d.config-generator = { docker = true; jeux = true; - laptop = true; nix-serve-server = true; - swap = true; virtualbox = true; }; }) From 3d1feebee0b97b129812b2d00939dee47db68357 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Sat, 9 Jul 2016 21:25:59 +0200 Subject: [PATCH 050/107] ajout de machines (latitude, neo-nomade) --- config-generator.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/config-generator.nix b/config-generator.nix index 3189f14..c2dc81a 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -110,6 +110,18 @@ in }; }) + (mkIf (config.networking.hostName == "latitude.dubronetwork.fr") { + r6d.config-generator = { + docker = true; + jeux = true; + laptop = true; + }; + }) + (mkIf (config.networking.hostName == "nro-nomade.dubronetwork.fr") { + r6d.config-generator = { + laptop = true; + }; + }) (mkIf (config.networking.hostName == "phenom.dubronetwork.fr") { r6d.config-generator = { docker = true; From 0a8c50303241c0d11b54a3e366d7b1aa34cb5af4 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Sat, 9 Jul 2016 21:26:20 +0200 Subject: [PATCH 051/107] =?UTF-8?q?les=20services=20"activation=20manuelle?= =?UTF-8?q?"=20sont=20g=C3=A9r=C3=A9s=20par=20config-generator?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- activation-manuelle/auto-upgrade.nix | 5 +++-- activation-manuelle/locate.nix | 4 ++-- activation-manuelle/nix-serve.nix | 5 +++-- activation-manuelle/swap.nix | 5 +++-- base.nix | 10 +++++++--- 5 files changed, 18 insertions(+), 11 deletions(-) diff --git a/activation-manuelle/auto-upgrade.nix b/activation-manuelle/auto-upgrade.nix index 0c1c58c..fa61df3 100644 --- a/activation-manuelle/auto-upgrade.nix +++ b/activation-manuelle/auto-upgrade.nix @@ -2,6 +2,7 @@ { # Automatic update & automatic clean - system.autoUpgrade.enable = true; - nix.gc.automatic = true; + + system.autoUpgrade.enable = config.r6d.config-generator.auto-upgrade; + nix.gc.automatic = config.r6d.config-generator.auto-upgrade; } diff --git a/activation-manuelle/locate.nix b/activation-manuelle/locate.nix index bd5c602..072d930 100644 --- a/activation-manuelle/locate.nix +++ b/activation-manuelle/locate.nix @@ -4,8 +4,8 @@ imports = [ ]; - services.locate= { - enable = true; + services.locate = { + enable = config.r6d.config-generator.locate; interval = "hourly"; }; } diff --git a/activation-manuelle/nix-serve.nix b/activation-manuelle/nix-serve.nix index 4dfc384..f5ff4a1 100644 --- a/activation-manuelle/nix-serve.nix +++ b/activation-manuelle/nix-serve.nix @@ -2,6 +2,7 @@ { # Cache http pour le store - services.nix-serve.enable = true; - networking.firewall.allowedTCPPorts = [5000]; + + services.nix-serve.enable = config.r6d.config-generator.nix-serve-server; + networking.firewall.allowedTCPPorts = pkgs.lib.mkIf config.r6d.config-generator.nix-serve-server [5000]; } diff --git a/activation-manuelle/swap.nix b/activation-manuelle/swap.nix index 95d9071..ea92882 100644 --- a/activation-manuelle/swap.nix +++ b/activation-manuelle/swap.nix @@ -1,9 +1,10 @@ { config, pkgs, ... }: { - + # Gestion du swap + # https://en.wikipedia.org/wiki/Swappiness - boot.kernel.sysctl = { + boot.kernel.sysctl = pkgs.lib.mkIf config.r6d.config-generator.swap { # le swap est activé (!= 0) # le swap est utilisé lorsque (100 - x) % de la mémoire est déja allouée "vm.swappiness" = 10; diff --git a/base.nix b/base.nix index 7f73836..b357590 100644 --- a/base.nix +++ b/base.nix @@ -2,12 +2,16 @@ { imports = [ - #./activation-manuelle/auto-upgrade.nix - #./activation-manuelle/locate.nix - #./activation-manuelle/swap.nix ./environment.nix ./localisation.nix ./networking.nix ./services.nix + + # inclusion conditionnelle + ./config-generator.nix + ./activation-manuelle/auto-upgrade.nix + ./activation-manuelle/locate.nix + ./activation-manuelle/nix-serve.nix + ./activation-manuelle/swap.nix ]; } From 0bbddfbfa0bc853fd87f18f6c0ccb0002aa966a3 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Sat, 9 Jul 2016 21:42:02 +0200 Subject: [PATCH 052/107] ajout du flag pour le client nix-serve --- activation-manuelle/nix-serve-client.nix | 8 +++++--- base.nix | 1 + config-generator.nix | 8 ++++++++ 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/activation-manuelle/nix-serve-client.nix b/activation-manuelle/nix-serve-client.nix index ca4d7d6..16d525f 100644 --- a/activation-manuelle/nix-serve-client.nix +++ b/activation-manuelle/nix-serve-client.nix @@ -1,7 +1,9 @@ { config, pkgs, ... }: { - # Cache http pour le store - nix.requireSignedBinaryCaches = false; - nix.binaryCaches = [ "http://192.168.10.169:5000" ]; + config = mkIf config.r6d.config-generator.nix-serve-client { + # Cache http pour le store + nix.requireSignedBinaryCaches = false; + nix.binaryCaches = [ "http://192.168.10.169:5000" ]; + } } diff --git a/base.nix b/base.nix index b357590..248152e 100644 --- a/base.nix +++ b/base.nix @@ -12,6 +12,7 @@ ./activation-manuelle/auto-upgrade.nix ./activation-manuelle/locate.nix ./activation-manuelle/nix-serve.nix + ./activation-manuelle/nix-serve-client.nix ./activation-manuelle/swap.nix ]; } diff --git a/config-generator.nix b/config-generator.nix index c2dc81a..47a5ba5 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -62,6 +62,14 @@ in ''; }; + nix-serve-client = mkOption { + type = types.bool; + default = false; + description = '' + Profil pour que la machine soit un serveur de cache nix. + ''; + }; + nix-serve-server = mkOption { type = types.bool; default = false; From 2fa21f7f4da514f53b6d568dc3fdd37395265c01 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Sat, 9 Jul 2016 21:42:44 +0200 Subject: [PATCH 053/107] activation du client sur les machines + ajout monstre --- activation-manuelle/nix-serve-client.nix | 8 ++++---- config-generator.nix | 12 ++++++++++-- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/activation-manuelle/nix-serve-client.nix b/activation-manuelle/nix-serve-client.nix index 16d525f..51de09e 100644 --- a/activation-manuelle/nix-serve-client.nix +++ b/activation-manuelle/nix-serve-client.nix @@ -1,9 +1,9 @@ { config, pkgs, ... }: { - config = mkIf config.r6d.config-generator.nix-serve-client { + nix = pkgs.lib.mkIf config.r6d.config-generator.nix-serve-client { # Cache http pour le store - nix.requireSignedBinaryCaches = false; - nix.binaryCaches = [ "http://192.168.10.169:5000" ]; - } + requireSignedBinaryCaches = false; + binaryCaches = [ "http://192.168.10.169:5000" ]; + }; } diff --git a/config-generator.nix b/config-generator.nix index 47a5ba5..02cb5ee 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -123,17 +123,25 @@ in docker = true; jeux = true; laptop = true; + nix-serve-client = true; }; }) - (mkIf (config.networking.hostName == "nro-nomade.dubronetwork.fr") { + (mkIf (config.networking.hostName == "monstre.dubronetwork.fr") { + r6d.config-generator = { + nix-serve-server = true; + }; + }) + (mkIf (config.networking.hostName == "neo-nomade.dubronetwork.fr") { r6d.config-generator = { laptop = true; + nix-serve-client = true; }; }) - (mkIf (config.networking.hostName == "phenom.dubronetwork.fr") { + (mkIf (config.networking.hostName == "phenom.dubronetwork.fr") { r6d.config-generator = { docker = true; jeux = true; + nix-serve-client = true; nix-serve-server = true; virtualbox = true; }; From 253403de891aca902f099067ddcae991253d9462 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Sun, 10 Jul 2016 15:55:43 +0200 Subject: [PATCH 054/107] =?UTF-8?q?d=C3=A9placement=20des=20inclusions=20m?= =?UTF-8?q?anuelles?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- base.nix | 5 ----- config-generator.nix | 5 +++++ 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/base.nix b/base.nix index 248152e..984f0a6 100644 --- a/base.nix +++ b/base.nix @@ -9,10 +9,5 @@ # inclusion conditionnelle ./config-generator.nix - ./activation-manuelle/auto-upgrade.nix - ./activation-manuelle/locate.nix - ./activation-manuelle/nix-serve.nix - ./activation-manuelle/nix-serve-client.nix - ./activation-manuelle/swap.nix ]; } diff --git a/config-generator.nix b/config-generator.nix index 02cb5ee..24d2391 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -12,6 +12,11 @@ in { imports = [ + ./activation-manuelle/auto-upgrade.nix + ./activation-manuelle/locate.nix + ./activation-manuelle/nix-serve.nix + ./activation-manuelle/nix-serve-client.nix + ./activation-manuelle/swap.nix ]; ###### interface From b4a72c5510ff39258a6a8bcc7844f0f9e6b94735 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Sun, 10 Jul 2016 16:08:35 +0200 Subject: [PATCH 055/107] indentation --- activation-manuelle/nix-serve.nix | 2 +- config-generator.nix | 5 ----- services.nix | 4 +++- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/activation-manuelle/nix-serve.nix b/activation-manuelle/nix-serve.nix index f5ff4a1..686f8c0 100644 --- a/activation-manuelle/nix-serve.nix +++ b/activation-manuelle/nix-serve.nix @@ -4,5 +4,5 @@ # Cache http pour le store services.nix-serve.enable = config.r6d.config-generator.nix-serve-server; - networking.firewall.allowedTCPPorts = pkgs.lib.mkIf config.r6d.config-generator.nix-serve-server [5000]; + networking.firewall.allowedTCPPorts = pkgs.lib.mkIf config.r6d.config-generator.nix-serve-server [ 5000 ]; } diff --git a/config-generator.nix b/config-generator.nix index 24d2391..44d9a85 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -2,12 +2,7 @@ let inherit (lib) mkEnableOption mkIf mkMerge mkOption singleton types; - #inherit (pkgs) bird; cfg = config.r6d.config-generator; - - # configFile = pkgs.writeText "bird.conf" '' - # ${cfg.config} - #''; in { diff --git a/services.nix b/services.nix index f7ca0c3..af0593f 100644 --- a/services.nix +++ b/services.nix @@ -18,7 +18,9 @@ # Enable CUPS to print documents. services.printing = { enable = true; - drivers = [ pkgs.samsung-unified-linux-driver ]; + drivers = [ + pkgs.samsung-unified-linux-driver + ]; }; # Monitoring From 2bb9511c1f0893d637e5bbf257024f89332d921e Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Sun, 10 Jul 2016 16:08:44 +0200 Subject: [PATCH 056/107] =?UTF-8?q?ajout=20de=20commentaires=20=C3=A0=20la?= =?UTF-8?q?=20liste=20d'applications?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- environment.nix | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/environment.nix b/environment.nix index 69338b9..1196018 100644 --- a/environment.nix +++ b/environment.nix @@ -14,28 +14,28 @@ # $ nix-env -qaP | grep wget environment = { systemPackages = with pkgs; [ - bind # utilisé pour les utilitaires comme dig - byobu - exfat # Pour monter les FAT avec Fuse - git gitAndTools.gitSVN gitAndTools.tig - gnumake - gnupg + bind # utilisé pour les utilitaires comme dig + byobu # permet de se déconnecter d'un terminal sans l'aréter + exfat # Pour monter les FAT avec Fuse + git gitAndTools.gitSVN gitAndTools.tig # outil de gestion de version + gnumake # pour décrire les recettes de compilation + gnupg # GPG gpm # prise en charge de la souris en console - htop - ncdu - nmap - mtr - p7zip - parted + htop # monitoring + ncdu # outil pour voir l'espace utilisé + nmap # outil de scan de port réseau + mtr # outil de diagnostic réseau + p7zip # compression de fichier + parted # partitionnement de disque pciutils - python34Packages.glances - pwgen - tmux - tree + python34Packages.glances # monitoring + pwgen # générateur de mot de passe + tmux # nécessaire pour byobu + tree # affiche une arborescence de fichiers et dossiers usbutils (import ./vim.nix) - wget - which + wget # client HTTP console + which # pour connaitre le chemin d'un exécutable ]; shellAliases = { byobu = "byobu-tmux"; From c9d1f4e67ce3104c2927d4df0becd6ab3c089525 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Sun, 10 Jul 2016 16:09:05 +0200 Subject: [PATCH 057/107] =?UTF-8?q?augmentation=20de=20la=20dur=C3=A9e=20d?= =?UTF-8?q?e=20validit=C3=A9=20des=20@IP?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * cela signifie que les connexions TCP longues seront coupées après plus longtemps --- networking.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/networking.nix b/networking.nix index a6f8360..5763240 100644 --- a/networking.nix +++ b/networking.nix @@ -19,7 +19,7 @@ boot.kernel.sysctl = { "net.ipv6.conf.all.temp_prefered_lft" = 1800; # 30 min - "net.ipv6.conf.all.temp_valid_lft" = 3600; # 1 heure + "net.ipv6.conf.all.temp_valid_lft" = 43200; # 12 heures "net.ipv6.conf.all.use_tempaddr" = 2; # activé "net.ipv6.conf.default.temp_prefered_lft" = 3600; # 1 heure From 1416a12d227408da5a94f9d037371dc0c4de66e0 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Sun, 10 Jul 2016 17:02:31 +0200 Subject: [PATCH 058/107] activation de virtualbox sur radx --- config-generator.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/config-generator.nix b/config-generator.nix index 44d9a85..922d177 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -115,6 +115,7 @@ in jeux = true; nix-serve-server = true; swap = true; + virtualbox = true; }; }) From 021f6499f9cc6b65a3a46e8154a69bc2ac312151 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Sun, 10 Jul 2016 20:19:27 +0200 Subject: [PATCH 059/107] =?UTF-8?q?ajout=20de=20profils=20+=20utilisation?= =?UTF-8?q?=20sur=20les=20machines=20g=C3=A9r=C3=A9es?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config-generator.nix | 176 +++++++++++++++++++------------------------ 1 file changed, 76 insertions(+), 100 deletions(-) diff --git a/config-generator.nix b/config-generator.nix index 922d177..415d0aa 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -3,6 +3,8 @@ let inherit (lib) mkEnableOption mkIf mkMerge mkOption singleton types; cfg = config.r6d.config-generator; + pfl = config.r6d.profiles; + host = config.networking.hostName; in { @@ -18,85 +20,33 @@ in options = { - r6d.config-generator = { - - enable = mkEnableOption "Generation de la configuration d'une machine"; - - auto-upgrade = mkOption { - type = types.bool; - default = true; - description = '' - Profil pour activer les mises à jour automatiques. - ''; - }; - - docker = mkOption { - type = types.bool; - default = false; - description = '' - Profil pour l'utilisation de Docker. - ''; - }; - - jeux = mkOption { - type = types.bool; - default = false; - description = '' - Profil pour les jeux vidéos. - ''; - }; - - laptop = mkOption { - type = types.bool; - default = false; - description = '' - Profil pour les outils spécifiques aux ordinateurs portables.. - ''; - }; - - locate = mkOption { - type = types.bool; - default = true; - description = '' - Profil pour activer la fonction locate. - ''; - }; - - nix-serve-client = mkOption { - type = types.bool; - default = false; - description = '' - Profil pour que la machine soit un serveur de cache nix. - ''; - }; - - nix-serve-server = mkOption { - type = types.bool; - default = false; - description = '' - Profil pour que la machine soit un serveur de cache nix. - ''; - }; - - swap = mkOption { - type = types.bool; - default = false; - description = '' - Profil pour que le swap soit activé. - ''; - }; + #* Utilisé pour afecter des capacités aux machines + r6d.profiles = { + # Domaine + isDubronetwork = mkEnableOption "Pour distinguer les machines dubronetwork"; + isPrunetwork = mkEnableOption "Pour distinguer les machines prunetwork"; + # Utilisation machine + isServer = mkEnableOption "Pour indiquer qu'il s'agit d'un serveur"; + isDesktop = mkEnableOption "Pour indiquer une machine avec interface graphique."; + isWorkstation = mkEnableOption "Pour indiquer que la machine sert à travailler"; + isHome = mkEnableOption "Pour indiquer que la machine sert à la maison (divertissement & autre)"; + }; - virtualbox = mkOption { - type = types.bool; - default = false; - description = '' - Profil pour l'utilisation de VirtualBox. - ''; - }; + #* Utilisé dans les fichiers .nix + r6d.config-generator = { + enable = mkEnableOption "Generation de la configuration d'une machine"; + auto-upgrade = mkEnableOption "Profil pour activer les mises à jour automatiques."; + docker = mkEnableOption "Profil pour l'utilisation de Docker"; + jeux = mkEnableOption "Profil pour les jeux vidéos."; + laptop = mkEnableOption "Profil pour les outils spécifiques aux ordinateurs portables.."; + locate = mkEnableOption "Profil pour activer la fonction locate."; + nix-serve-client= mkEnableOption "Profil pour que la machine soit un serveur de cache nix."; + nix-serve-server= mkEnableOption "Profil pour que la machine soit un serveur de cache nix."; + swap = mkEnableOption "Profil pour que le swap soit activé."; + virtualbox = mkEnableOption "Profil pour l'utilisation de VirtualBox."; }; }; - ###### implementation # https://nixos.org/releases/nixos/14.12-small/nixos-14.12.374.61adf9e/manual/sec-writing-modules.html # https://nixos.org/wiki/NixOS:extend_NixOS @@ -109,46 +59,72 @@ in # Conditional stuff. ## Affectation des profils aux machines - (mkIf (config.networking.hostName == "radx.prunetwork.fr") { + (mkIf (host == "radx.prunetwork.fr") { + r6d.profiles.isHome = true; + r6d.profiles.isPrunetwork = true; + r6d.profiles.isServer = true; + r6d.profiles.isWorkstation = true; + r6d.config-generator = { - docker = true; - jeux = true; - nix-serve-server = true; - swap = true; virtualbox = true; }; }) - (mkIf (config.networking.hostName == "latitude.dubronetwork.fr") { + (mkIf (host == "latitude.dubronetwork.fr") { + r6d.profiles.isDubronetwork = true; + r6d.profiles.isHome = true; + r6d.profiles.isWorkstation = true; + r6d.config-generator = { - docker = true; - jeux = true; laptop = true; - nix-serve-client = true; }; }) - (mkIf (config.networking.hostName == "monstre.dubronetwork.fr") { - r6d.config-generator = { - nix-serve-server = true; - }; + (mkIf (host == "monstre.dubronetwork.fr") { + r6d.profiles.isDubronetwork = true; + r6d.profiles.isServer = true; }) - (mkIf (config.networking.hostName == "neo-nomade.dubronetwork.fr") { + (mkIf (host == "neo-nomade.dubronetwork.fr") { + r6d.profiles.isDubronetwork = true; + r6d.profiles.isHome = true; + r6d.config-generator = { laptop = true; - nix-serve-client = true; }; }) - (mkIf (config.networking.hostName == "phenom.dubronetwork.fr") { - r6d.config-generator = { - docker = true; - jeux = true; - nix-serve-client = true; - nix-serve-server = true; - virtualbox = true; - }; + (mkIf (host == "phenom.dubronetwork.fr") { + r6d.profiles.isDubronetwork = true; + r6d.profiles.isHome = true; + r6d.profiles.isWorkstation = true; }) - + ## Contenu des Profils - # -> voir les sources des dépots base & desktop + (mkIf pfl.isHome { + r6d.profiles.isDesktop = true; + + #r6d.config-generator.jeux = true; + }) + (mkIf pfl.isServer { + r6d.config-generator.nix-serve-server = true; + }) + (mkIf pfl.isWorkstation { + r6d.profiles.isDesktop = true; + + r6d.config-generator.docker = true; + }) + (mkIf pfl.isPrunetwork { + r6d.config-generator.auto-upgrade = true; + r6d.config-generator.swap = true; + }) + (mkIf pfl.isDubronetwork { + r6d.config-generator.auto-upgrade = true; + r6d.config-generator.nix-serve-client = true; + }) + (mkIf (pfl.isDubronetwork && pfl.isServer) { + r6d.config-generator.nix-serve-server = true; + }) + (mkIf (pfl.isDubronetwork && pfl.isWorkstation) { + r6d.config-generator.nix-serve-server = true; + r6d.config-generator.virtualbox = true; + }) ]; } From e3d982a1fdf6ed0d0f9cba17cdaee2dbe6a7c281 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Sun, 10 Jul 2016 20:33:30 +0200 Subject: [PATCH 060/107] =?UTF-8?q?r=C3=A9organisation=20du=20fichier?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config-generator.nix | 82 ++++++++++++++++++++++++-------------------- 1 file changed, 44 insertions(+), 38 deletions(-) diff --git a/config-generator.nix b/config-generator.nix index 415d0aa..32ce14d 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -1,5 +1,6 @@ { config, lib, pkgs, ... }: +# exemple utilisé pour commencer bird.nix let inherit (lib) mkEnableOption mkIf mkMerge mkOption singleton types; cfg = config.r6d.config-generator; @@ -23,20 +24,20 @@ in #* Utilisé pour afecter des capacités aux machines r6d.profiles = { # Domaine - isDubronetwork = mkEnableOption "Pour distinguer les machines dubronetwork"; - isPrunetwork = mkEnableOption "Pour distinguer les machines prunetwork"; + isDubronetwork = mkEnableOption "Pour distinguer les machines dubronetwork."; + isPrunetwork = mkEnableOption "Pour distinguer les machines prunetwork."; # Utilisation machine - isServer = mkEnableOption "Pour indiquer qu'il s'agit d'un serveur"; isDesktop = mkEnableOption "Pour indiquer une machine avec interface graphique."; - isWorkstation = mkEnableOption "Pour indiquer que la machine sert à travailler"; - isHome = mkEnableOption "Pour indiquer que la machine sert à la maison (divertissement & autre)"; + isHome = mkEnableOption "Pour indiquer que la machine sert à la maison (divertissement & autre)."; + isServer = mkEnableOption "Pour indiquer qu'il s'agit d'un serveur."; + isWorkstation = mkEnableOption "Pour indiquer que la machine sert à travailler."; }; #* Utilisé dans les fichiers .nix r6d.config-generator = { - enable = mkEnableOption "Generation de la configuration d'une machine"; + enable = mkEnableOption "Génération de la configuration d'une machine."; auto-upgrade = mkEnableOption "Profil pour activer les mises à jour automatiques."; - docker = mkEnableOption "Profil pour l'utilisation de Docker"; + docker = mkEnableOption "Profil pour l'utilisation de Docker."; jeux = mkEnableOption "Profil pour les jeux vidéos."; laptop = mkEnableOption "Profil pour les outils spécifiques aux ordinateurs portables.."; locate = mkEnableOption "Profil pour activer la fonction locate."; @@ -57,7 +58,42 @@ in r6d.config-generator.enable = true; } - # Conditional stuff. + # Conditional stuff + + ## Définition des profils génériques + (mkIf pfl.isDesktop { + }) + (mkIf pfl.isHome { + r6d.profiles.isDesktop = true; + }) + (mkIf pfl.isServer { + r6d.config-generator.nix-serve-server = true; + }) + (mkIf pfl.isWorkstation { + r6d.profiles.isDesktop = true; + + r6d.config-generator.docker = true; + }) + (mkIf pfl.isDubronetwork { + r6d.config-generator.auto-upgrade = true; + r6d.config-generator.nix-serve-client = true; + }) + (mkIf (pfl.isDubronetwork && pfl.isHome) { + r6d.config-generator.jeux = true; + }) + (mkIf (pfl.isDubronetwork && pfl.isServer) { + r6d.config-generator.nix-serve-server = true; + }) + (mkIf (pfl.isDubronetwork && pfl.isWorkstation) { + r6d.config-generator.nix-serve-server = true; + r6d.config-generator.virtualbox = true; + }) + (mkIf pfl.isPrunetwork { + r6d.config-generator.auto-upgrade = true; + r6d.config-generator.swap = true; + }) + + ## Affectation des profils aux machines (mkIf (host == "radx.prunetwork.fr") { r6d.profiles.isHome = true; @@ -96,35 +132,5 @@ in r6d.profiles.isHome = true; r6d.profiles.isWorkstation = true; }) - - ## Contenu des Profils - (mkIf pfl.isHome { - r6d.profiles.isDesktop = true; - - #r6d.config-generator.jeux = true; - }) - (mkIf pfl.isServer { - r6d.config-generator.nix-serve-server = true; - }) - (mkIf pfl.isWorkstation { - r6d.profiles.isDesktop = true; - - r6d.config-generator.docker = true; - }) - (mkIf pfl.isPrunetwork { - r6d.config-generator.auto-upgrade = true; - r6d.config-generator.swap = true; - }) - (mkIf pfl.isDubronetwork { - r6d.config-generator.auto-upgrade = true; - r6d.config-generator.nix-serve-client = true; - }) - (mkIf (pfl.isDubronetwork && pfl.isServer) { - r6d.config-generator.nix-serve-server = true; - }) - (mkIf (pfl.isDubronetwork && pfl.isWorkstation) { - r6d.config-generator.nix-serve-server = true; - r6d.config-generator.virtualbox = true; - }) ]; } From b95c4509aa1cc51d94924bc4c1353813a24f88ba Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Sun, 10 Jul 2016 20:34:56 +0200 Subject: [PATCH 061/107] renommage fichier --- activation-manuelle/{nix-serve.nix => nix-serve-server.nix} | 0 config-generator.nix | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename activation-manuelle/{nix-serve.nix => nix-serve-server.nix} (100%) diff --git a/activation-manuelle/nix-serve.nix b/activation-manuelle/nix-serve-server.nix similarity index 100% rename from activation-manuelle/nix-serve.nix rename to activation-manuelle/nix-serve-server.nix diff --git a/config-generator.nix b/config-generator.nix index 32ce14d..80ab493 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -12,8 +12,8 @@ in imports = [ ./activation-manuelle/auto-upgrade.nix ./activation-manuelle/locate.nix - ./activation-manuelle/nix-serve.nix ./activation-manuelle/nix-serve-client.nix + ./activation-manuelle/nix-serve-server.nix ./activation-manuelle/swap.nix ]; From 30c9bd1b71a8d1a6ab0bf9915e3bfd6ca92098ec Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Sun, 10 Jul 2016 21:23:30 +0200 Subject: [PATCH 062/107] le client nix-serve change de serveur selon le domaine de la machine --- activation-manuelle/nix-serve-client.nix | 15 ++++++++++----- config-generator.nix | 1 + 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/activation-manuelle/nix-serve-client.nix b/activation-manuelle/nix-serve-client.nix index 51de09e..fb90bf3 100644 --- a/activation-manuelle/nix-serve-client.nix +++ b/activation-manuelle/nix-serve-client.nix @@ -1,9 +1,14 @@ -{ config, pkgs, ... }: - -{ - nix = pkgs.lib.mkIf config.r6d.config-generator.nix-serve-client { +{ config, lib, pkgs, ... }: +let + inherit (lib) mkIf mkMerge; + profiles = config.r6d.profiles; +in { + nix = mkIf config.r6d.config-generator.nix-serve-client { # Cache http pour le store requireSignedBinaryCaches = false; - binaryCaches = [ "http://192.168.10.169:5000" ]; + binaryCaches = [ + (mkIf profiles.isDubronetwork "http://192.168.10.169:5000") + (mkIf profiles.isPrunetwork "http://192.168.1.20:5000") + ]; }; } diff --git a/config-generator.nix b/config-generator.nix index 80ab493..44c2e52 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -90,6 +90,7 @@ in }) (mkIf pfl.isPrunetwork { r6d.config-generator.auto-upgrade = true; + r6d.config-generator.nix-serve-client = true; r6d.config-generator.swap = true; }) From a475a88ac4ad826b1ab942269e9fbb1c2cac971a Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 11 Jul 2016 11:50:06 +0200 Subject: [PATCH 063/107] ajout de fail2ban --- activation-manuelle/fail2ban.nix | 33 ++++++++++++++++++++++++++++++++ config-generator.nix | 2 ++ 2 files changed, 35 insertions(+) create mode 100644 activation-manuelle/fail2ban.nix diff --git a/activation-manuelle/fail2ban.nix b/activation-manuelle/fail2ban.nix new file mode 100644 index 0000000..2340d60 --- /dev/null +++ b/activation-manuelle/fail2ban.nix @@ -0,0 +1,33 @@ +{ config, pkgs, ... }: + +{ + # Gestion de fail2ban + + services = pkgs.lib.mkIf config.r6d.config-generator.fail2ban { + fail2ban = { + enable = true; + jails = { + DEFAULT = '' + # "ignoreip" can be an IP address, a CIDR mask or a DNS host + ignoreip = 127.0.0.1/8 pedro.dubronetwork.fr cube.dubronetwork.fr voyage.prunetwork.fr xray.prunetwork.fr 192.168.0.0/16 172.16.0.0/16 + + # 1 jour + # bantime = 86400 + # 5 jours + bantime = 432000 + maxretry = 3 + + # + # Destination email address used solely for the interpolations in + # jail.{conf,local} configuration files. + destemail = admins@dubronetwork.fr + ''; + ssh-route = '' + filter = sshd + action = route[blocktype=blackhole] + maxretry = 3 + ''; + }; + }; + }; +} diff --git a/config-generator.nix b/config-generator.nix index 44c2e52..1898e31 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -12,6 +12,7 @@ in imports = [ ./activation-manuelle/auto-upgrade.nix ./activation-manuelle/locate.nix + ./activation-manuelle/fail2ban.nix ./activation-manuelle/nix-serve-client.nix ./activation-manuelle/nix-serve-server.nix ./activation-manuelle/swap.nix @@ -38,6 +39,7 @@ in enable = mkEnableOption "Génération de la configuration d'une machine."; auto-upgrade = mkEnableOption "Profil pour activer les mises à jour automatiques."; docker = mkEnableOption "Profil pour l'utilisation de Docker."; + fail2ban = mkEnableOption "Profil pour activer Fail2ban."; jeux = mkEnableOption "Profil pour les jeux vidéos."; laptop = mkEnableOption "Profil pour les outils spécifiques aux ordinateurs portables.."; locate = mkEnableOption "Profil pour activer la fonction locate."; From 81ad043adba6c760fcd35743696d9c22f3eba86e Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 11 Jul 2016 11:50:20 +0200 Subject: [PATCH 064/107] activation de fail2ban sur les serveur dubronetwork & prunetwork --- config-generator.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config-generator.nix b/config-generator.nix index 1898e31..ca526cf 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -85,6 +85,7 @@ in }) (mkIf (pfl.isDubronetwork && pfl.isServer) { r6d.config-generator.nix-serve-server = true; + r6d.config-generator.fail2ban = true; }) (mkIf (pfl.isDubronetwork && pfl.isWorkstation) { r6d.config-generator.nix-serve-server = true; @@ -92,6 +93,7 @@ in }) (mkIf pfl.isPrunetwork { r6d.config-generator.auto-upgrade = true; + r6d.config-generator.fail2ban = true; r6d.config-generator.nix-serve-client = true; r6d.config-generator.swap = true; }) From cfc55fa479ccc0e0709292b5de87a396dd1b37ff Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 11 Jul 2016 11:54:29 +0200 Subject: [PATCH 065/107] nsp --- config-generator.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config-generator.nix b/config-generator.nix index ca526cf..c5dc3eb 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -85,7 +85,6 @@ in }) (mkIf (pfl.isDubronetwork && pfl.isServer) { r6d.config-generator.nix-serve-server = true; - r6d.config-generator.fail2ban = true; }) (mkIf (pfl.isDubronetwork && pfl.isWorkstation) { r6d.config-generator.nix-serve-server = true; @@ -123,6 +122,8 @@ in (mkIf (host == "monstre.dubronetwork.fr") { r6d.profiles.isDubronetwork = true; r6d.profiles.isServer = true; + + r6d.config-generator.fail2ban = true; }) (mkIf (host == "neo-nomade.dubronetwork.fr") { r6d.profiles.isDubronetwork = true; From 522131a517cee1d910960fd8637fc1d8de840bcd Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 11 Jul 2016 12:05:22 +0200 Subject: [PATCH 066/107] ajout de monstre comme serveur de cache --- activation-manuelle/nix-serve-client.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/activation-manuelle/nix-serve-client.nix b/activation-manuelle/nix-serve-client.nix index fb90bf3..eb477ea 100644 --- a/activation-manuelle/nix-serve-client.nix +++ b/activation-manuelle/nix-serve-client.nix @@ -8,6 +8,8 @@ in { requireSignedBinaryCaches = false; binaryCaches = [ (mkIf profiles.isDubronetwork "http://192.168.10.169:5000") + (mkIf profiles.isDubronetwork "http://192.168.10.252:5000") + (mkIf profiles.isPrunetwork "http://192.168.1.20:5000") ]; }; From cd18fb279283fd23ad550865d4fb1fc919e91599 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 11 Jul 2016 12:29:30 +0200 Subject: [PATCH 067/107] =?UTF-8?q?cr=C3=A9ation=20de=20variable=20nix=20p?= =?UTF-8?q?our=20identifier=20les=20machines?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config-generator.nix | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/config-generator.nix b/config-generator.nix index c5dc3eb..889a4bf 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -5,6 +5,7 @@ let inherit (lib) mkEnableOption mkIf mkMerge mkOption singleton types; cfg = config.r6d.config-generator; pfl = config.r6d.profiles; + comp = config.r6d.computers; host = config.networking.hostName; in @@ -48,6 +49,14 @@ in swap = mkEnableOption "Profil pour que le swap soit activé."; virtualbox = mkEnableOption "Profil pour l'utilisation de VirtualBox."; }; + #* Utilisé pour avoir des raccourcis de machine + r6d.computers = { + isLatitude = mkEnableOption "Identification du nom de machine."; + isMonstre = mkEnableOption "Identification du nom de machine."; + isNeoNomade = mkEnableOption "Identification du nom de machine."; + isPhenom = mkEnableOption "Identification du nom de machine."; + isRadx = mkEnableOption "Identification du nom de machine."; + }; }; ###### implementation @@ -56,8 +65,14 @@ in config = mkMerge [ # Unconditional stuff. { - #environment.systemPackages = [ ... ]; r6d.config-generator.enable = true; + r6d.computers = { + isLatitude = host == "latitude.dubronetwork.fr"; + isMonstre = host == "monstre.dubronetwork.fr"; + isNeoNomade = host == "neo-nomade.dubronetwork.fr"; + isPhenom = host == "phenom.dubronetwork.fr"; + isRadx = host == "radx.prunetwork.fr"; + }; } # Conditional stuff @@ -99,7 +114,7 @@ in ## Affectation des profils aux machines - (mkIf (host == "radx.prunetwork.fr") { + (mkIf comp.isRadx { r6d.profiles.isHome = true; r6d.profiles.isPrunetwork = true; r6d.profiles.isServer = true; @@ -110,7 +125,7 @@ in }; }) - (mkIf (host == "latitude.dubronetwork.fr") { + (mkIf comp.isLatitude { r6d.profiles.isDubronetwork = true; r6d.profiles.isHome = true; r6d.profiles.isWorkstation = true; @@ -119,13 +134,13 @@ in laptop = true; }; }) - (mkIf (host == "monstre.dubronetwork.fr") { + (mkIf comp.isMonstre { r6d.profiles.isDubronetwork = true; r6d.profiles.isServer = true; r6d.config-generator.fail2ban = true; }) - (mkIf (host == "neo-nomade.dubronetwork.fr") { + (mkIf comp.isNeoNomade{ r6d.profiles.isDubronetwork = true; r6d.profiles.isHome = true; @@ -133,7 +148,7 @@ in laptop = true; }; }) - (mkIf (host == "phenom.dubronetwork.fr") { + (mkIf comp.isPhenom { r6d.profiles.isDubronetwork = true; r6d.profiles.isHome = true; r6d.profiles.isWorkstation = true; From 2c715f9e14b0c27f736b2b5f9d560466569f19a1 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 11 Jul 2016 12:29:53 +0200 Subject: [PATCH 068/107] monstre n'utilise plus phenom comme cache --- activation-manuelle/nix-serve-client.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/activation-manuelle/nix-serve-client.nix b/activation-manuelle/nix-serve-client.nix index eb477ea..438dedc 100644 --- a/activation-manuelle/nix-serve-client.nix +++ b/activation-manuelle/nix-serve-client.nix @@ -2,12 +2,13 @@ let inherit (lib) mkIf mkMerge; profiles = config.r6d.profiles; + computers = config.r6d.computers; in { nix = mkIf config.r6d.config-generator.nix-serve-client { # Cache http pour le store requireSignedBinaryCaches = false; binaryCaches = [ - (mkIf profiles.isDubronetwork "http://192.168.10.169:5000") + (mkIf (profiles.isDubronetwork && (! computers.isMonstre)) "http://192.168.10.169:5000") (mkIf profiles.isDubronetwork "http://192.168.10.252:5000") (mkIf profiles.isPrunetwork "http://192.168.1.20:5000") From 9499034120522d7543c6c8e3b7ec4fbab298acf9 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 11 Jul 2016 12:44:27 +0200 Subject: [PATCH 069/107] ajout du cache nixos normal. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * la définition d'un server de cache supprimait cache.nixos.org de la liste Pour le voir nixos-option nix.binaryCaches --- activation-manuelle/nix-serve-client.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/activation-manuelle/nix-serve-client.nix b/activation-manuelle/nix-serve-client.nix index 438dedc..813d16a 100644 --- a/activation-manuelle/nix-serve-client.nix +++ b/activation-manuelle/nix-serve-client.nix @@ -8,7 +8,8 @@ in { # Cache http pour le store requireSignedBinaryCaches = false; binaryCaches = [ - (mkIf (profiles.isDubronetwork && (! computers.isMonstre)) "http://192.168.10.169:5000") + ("https://cache.nixos.org/") + (mkIf (profiles.isDubronetwork && (! computers.isMonstre)) "http://192.168.10.169:5000") (mkIf profiles.isDubronetwork "http://192.168.10.252:5000") (mkIf profiles.isPrunetwork "http://192.168.1.20:5000") From 9cce1410a0fee4954ea6cf4d99e01376b41ce12e Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 11 Jul 2016 15:44:13 +0200 Subject: [PATCH 070/107] ajout d'un lien vers des raccourcis utiles pour git --- gitconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gitconfig b/gitconfig index 6752a6f..1a83ecb 100644 --- a/gitconfig +++ b/gitconfig @@ -1,3 +1,4 @@ +# http://www.git-attitude.fr/2014/09/15/30-options-git-qui-gagnent-a-etre-connues/ [color] diff = auto branch = auto @@ -10,6 +11,7 @@ ci = commit co = checkout ff = pull --ff-only + oops = commit --amend --no-edit # Show files ignored by git ignored = ls-files -o -i --exclude-standard ls = ls-files From a9202009042166e9cf6bb4b0869f14a855327de0 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Wed, 13 Jul 2016 23:19:04 +0200 Subject: [PATCH 071/107] ajout machine xray --- config-generator.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/config-generator.nix b/config-generator.nix index 889a4bf..5be99ff 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -56,6 +56,7 @@ in isNeoNomade = mkEnableOption "Identification du nom de machine."; isPhenom = mkEnableOption "Identification du nom de machine."; isRadx = mkEnableOption "Identification du nom de machine."; + isXray = mkEnableOption "Identification du nom de machine."; }; }; @@ -72,6 +73,7 @@ in isNeoNomade = host == "neo-nomade.dubronetwork.fr"; isPhenom = host == "phenom.dubronetwork.fr"; isRadx = host == "radx.prunetwork.fr"; + isXray = host == "xray.prunetwork.fr"; }; } @@ -124,6 +126,10 @@ in virtualbox = true; }; }) + (mkIf comp.isXray { + r6d.profiles.isPrunetwork = true; + r6d.profiles.isServer = true; + }) (mkIf comp.isLatitude { r6d.profiles.isDubronetwork = true; From aa48575f58a868f084953ea381920074b177b124 Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Fri, 15 Jul 2016 11:37:52 +0200 Subject: [PATCH 072/107] =?UTF-8?q?d=C3=A9placement=20de=20l'activation=20?= =?UTF-8?q?de=20nixos=20server=20vers=20phenom?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config-generator.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config-generator.nix b/config-generator.nix index 5be99ff..f8dfc84 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -104,7 +104,6 @@ in r6d.config-generator.nix-serve-server = true; }) (mkIf (pfl.isDubronetwork && pfl.isWorkstation) { - r6d.config-generator.nix-serve-server = true; r6d.config-generator.virtualbox = true; }) (mkIf pfl.isPrunetwork { @@ -158,6 +157,8 @@ in r6d.profiles.isDubronetwork = true; r6d.profiles.isHome = true; r6d.profiles.isWorkstation = true; + + r6d.config-generator.nix-serve-server = true; }) ]; } From f6b939ffa96596f009d42a1f0ee5df3ad6e9db77 Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Fri, 15 Jul 2016 11:59:39 +0200 Subject: [PATCH 073/107] =?UTF-8?q?ajout=20de=20politique=20d'=C3=A9nergie?= =?UTF-8?q?=20pour=20laptop?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- activation-manuelle/laptop.nix | 6 ++++++ config-generator.nix | 1 + 2 files changed, 7 insertions(+) create mode 100644 activation-manuelle/laptop.nix diff --git a/activation-manuelle/laptop.nix b/activation-manuelle/laptop.nix new file mode 100644 index 0000000..6a08edc --- /dev/null +++ b/activation-manuelle/laptop.nix @@ -0,0 +1,6 @@ +{ config, pkgs, ... }: + +{ + # Gestion spécifique pour PC portable + powerManagement.cpuFreqGovernor = pkgs.lib.mkIf config.r6d.config-generator.laptop "powersave"; +} diff --git a/config-generator.nix b/config-generator.nix index f8dfc84..4fb65ed 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -12,6 +12,7 @@ in { imports = [ ./activation-manuelle/auto-upgrade.nix + ./activation-manuelle/laptop.nix ./activation-manuelle/locate.nix ./activation-manuelle/fail2ban.nix ./activation-manuelle/nix-serve-client.nix From 350b62aef29e16d2298720a8a866940bf39dd216 Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Sat, 16 Jul 2016 20:41:00 +0200 Subject: [PATCH 074/107] formattage --- config-generator.nix | 114 +++++++++++++++++++++---------------------- 1 file changed, 57 insertions(+), 57 deletions(-) diff --git a/config-generator.nix b/config-generator.nix index 4fb65ed..c91ea73 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -9,63 +9,63 @@ let host = config.networking.hostName; in -{ - imports = [ - ./activation-manuelle/auto-upgrade.nix - ./activation-manuelle/laptop.nix - ./activation-manuelle/locate.nix - ./activation-manuelle/fail2ban.nix - ./activation-manuelle/nix-serve-client.nix - ./activation-manuelle/nix-serve-server.nix - ./activation-manuelle/swap.nix - ]; + { + imports = [ + ./activation-manuelle/auto-upgrade.nix + ./activation-manuelle/laptop.nix + ./activation-manuelle/locate.nix + ./activation-manuelle/fail2ban.nix + ./activation-manuelle/nix-serve-client.nix + ./activation-manuelle/nix-serve-server.nix + ./activation-manuelle/swap.nix + ]; - ###### interface + ###### interface - options = { + options = { - #* Utilisé pour afecter des capacités aux machines - r6d.profiles = { - # Domaine - isDubronetwork = mkEnableOption "Pour distinguer les machines dubronetwork."; - isPrunetwork = mkEnableOption "Pour distinguer les machines prunetwork."; - # Utilisation machine - isDesktop = mkEnableOption "Pour indiquer une machine avec interface graphique."; - isHome = mkEnableOption "Pour indiquer que la machine sert à la maison (divertissement & autre)."; - isServer = mkEnableOption "Pour indiquer qu'il s'agit d'un serveur."; - isWorkstation = mkEnableOption "Pour indiquer que la machine sert à travailler."; - }; + #* Utilisé pour afecter des capacités aux machines + r6d.profiles = { + # Domaine + isDubronetwork = mkEnableOption "Pour distinguer les machines dubronetwork."; + isPrunetwork = mkEnableOption "Pour distinguer les machines prunetwork."; + # Utilisation machine + isDesktop = mkEnableOption "Pour indiquer une machine avec interface graphique."; + isHome = mkEnableOption "Pour indiquer que la machine sert à la maison (divertissement & autre)."; + isServer = mkEnableOption "Pour indiquer qu'il s'agit d'un serveur."; + isWorkstation = mkEnableOption "Pour indiquer que la machine sert à travailler."; + }; - #* Utilisé dans les fichiers .nix - r6d.config-generator = { - enable = mkEnableOption "Génération de la configuration d'une machine."; - auto-upgrade = mkEnableOption "Profil pour activer les mises à jour automatiques."; - docker = mkEnableOption "Profil pour l'utilisation de Docker."; - fail2ban = mkEnableOption "Profil pour activer Fail2ban."; - jeux = mkEnableOption "Profil pour les jeux vidéos."; - laptop = mkEnableOption "Profil pour les outils spécifiques aux ordinateurs portables.."; - locate = mkEnableOption "Profil pour activer la fonction locate."; - nix-serve-client= mkEnableOption "Profil pour que la machine soit un serveur de cache nix."; - nix-serve-server= mkEnableOption "Profil pour que la machine soit un serveur de cache nix."; - swap = mkEnableOption "Profil pour que le swap soit activé."; - virtualbox = mkEnableOption "Profil pour l'utilisation de VirtualBox."; - }; - #* Utilisé pour avoir des raccourcis de machine - r6d.computers = { - isLatitude = mkEnableOption "Identification du nom de machine."; - isMonstre = mkEnableOption "Identification du nom de machine."; - isNeoNomade = mkEnableOption "Identification du nom de machine."; - isPhenom = mkEnableOption "Identification du nom de machine."; - isRadx = mkEnableOption "Identification du nom de machine."; - isXray = mkEnableOption "Identification du nom de machine."; + #* Utilisé dans les fichiers .nix + r6d.config-generator = { + enable = mkEnableOption "Génération de la configuration d'une machine."; + auto-upgrade = mkEnableOption "Profil pour activer les mises à jour automatiques."; + docker = mkEnableOption "Profil pour l'utilisation de Docker."; + fail2ban = mkEnableOption "Profil pour activer Fail2ban."; + jeux = mkEnableOption "Profil pour les jeux vidéos."; + laptop = mkEnableOption "Profil pour les outils spécifiques aux ordinateurs portables.."; + locate = mkEnableOption "Profil pour activer la fonction locate."; + nix-serve-client= mkEnableOption "Profil pour que la machine soit un serveur de cache nix."; + nix-serve-server= mkEnableOption "Profil pour que la machine soit un serveur de cache nix."; + swap = mkEnableOption "Profil pour que le swap soit activé."; + virtualbox = mkEnableOption "Profil pour l'utilisation de VirtualBox."; + }; + #* Utilisé pour avoir des raccourcis de machine + r6d.computers = { + isLatitude = mkEnableOption "Identification du nom de machine."; + isMonstre = mkEnableOption "Identification du nom de machine."; + isNeoNomade = mkEnableOption "Identification du nom de machine."; + isPhenom = mkEnableOption "Identification du nom de machine."; + isRadx = mkEnableOption "Identification du nom de machine."; + isXray = mkEnableOption "Identification du nom de machine."; + }; }; - }; - ###### implementation - # https://nixos.org/releases/nixos/14.12-small/nixos-14.12.374.61adf9e/manual/sec-writing-modules.html - # https://nixos.org/wiki/NixOS:extend_NixOS - config = mkMerge - [ # Unconditional stuff. + ###### implementation + # https://nixos.org/releases/nixos/14.12-small/nixos-14.12.374.61adf9e/manual/sec-writing-modules.html + # https://nixos.org/wiki/NixOS:extend_NixOS + config = mkMerge + [ # Unconditional stuff. { r6d.config-generator.enable = true; r6d.computers = { @@ -91,10 +91,10 @@ in }) (mkIf pfl.isWorkstation { r6d.profiles.isDesktop = true; - + r6d.config-generator.docker = true; }) - (mkIf pfl.isDubronetwork { + (mkIf pfl.isDubronetwork { r6d.config-generator.auto-upgrade = true; r6d.config-generator.nix-serve-client = true; }) @@ -113,8 +113,8 @@ in r6d.config-generator.nix-serve-client = true; r6d.config-generator.swap = true; }) - - + + ## Affectation des profils aux machines (mkIf comp.isRadx { r6d.profiles.isHome = true; @@ -140,7 +140,7 @@ in laptop = true; }; }) - (mkIf comp.isMonstre { + (mkIf comp.isMonstre { r6d.profiles.isDubronetwork = true; r6d.profiles.isServer = true; @@ -154,7 +154,7 @@ in laptop = true; }; }) - (mkIf comp.isPhenom { + (mkIf comp.isPhenom { r6d.profiles.isDubronetwork = true; r6d.profiles.isHome = true; r6d.profiles.isWorkstation = true; From b7f05e47ac9c67168a51f9e9814cb80081c2ac56 Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Sat, 16 Jul 2016 20:42:30 +0200 Subject: [PATCH 075/107] =?UTF-8?q?prise=20en=20compte=20de=20nomade=20par?= =?UTF-8?q?=20le=20g=C3=A9n=C3=A9rateur?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config-generator.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/config-generator.nix b/config-generator.nix index c91ea73..b5204f4 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -55,6 +55,7 @@ in isLatitude = mkEnableOption "Identification du nom de machine."; isMonstre = mkEnableOption "Identification du nom de machine."; isNeoNomade = mkEnableOption "Identification du nom de machine."; + isNomade = mkEnableOption "Identification du nom de machine."; isPhenom = mkEnableOption "Identification du nom de machine."; isRadx = mkEnableOption "Identification du nom de machine."; isXray = mkEnableOption "Identification du nom de machine."; @@ -72,6 +73,7 @@ in isLatitude = host == "latitude.dubronetwork.fr"; isMonstre = host == "monstre.dubronetwork.fr"; isNeoNomade = host == "neo-nomade.dubronetwork.fr"; + isNomade = host == "nomade.dubronetwork.fr"; isPhenom = host == "phenom.dubronetwork.fr"; isRadx = host == "radx.prunetwork.fr"; isXray = host == "xray.prunetwork.fr"; @@ -154,6 +156,13 @@ in laptop = true; }; }) + (mkIf comp.isNomade{ + r6d.profiles.isDubronetwork = true; + + r6d.config-generator = { + laptop = true; + }; + }) (mkIf comp.isPhenom { r6d.profiles.isDubronetwork = true; r6d.profiles.isHome = true; From 28f65522ae90653b581e0eef3492db50de02020a Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 18 Jul 2016 12:14:00 +0200 Subject: [PATCH 076/107] ajout variable pour ajouter variable d'environnement awesome --- config-generator.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config-generator.nix b/config-generator.nix index b5204f4..07fc1eb 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -39,6 +39,7 @@ in #* Utilisé dans les fichiers .nix r6d.config-generator = { enable = mkEnableOption "Génération de la configuration d'une machine."; + awesome = mkEnableOption "Profil pour activer le gestionnaire de fenêtre awesome."; auto-upgrade = mkEnableOption "Profil pour activer les mises à jour automatiques."; docker = mkEnableOption "Profil pour l'utilisation de Docker."; fail2ban = mkEnableOption "Profil pour activer Fail2ban."; @@ -84,6 +85,7 @@ in ## Définition des profils génériques (mkIf pfl.isDesktop { + r6d.config-generator.awesome = true; }) (mkIf pfl.isHome { r6d.profiles.isDesktop = true; From 111f33ff3d4a27c9d5be33c9e96fd9288fced6f3 Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Thu, 21 Jul 2016 00:02:11 +0200 Subject: [PATCH 077/107] profil pour xmonad, et activation pour latitude --- config-generator.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config-generator.nix b/config-generator.nix index 07fc1eb..6d747ea 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -50,6 +50,7 @@ in nix-serve-server= mkEnableOption "Profil pour que la machine soit un serveur de cache nix."; swap = mkEnableOption "Profil pour que le swap soit activé."; virtualbox = mkEnableOption "Profil pour l'utilisation de VirtualBox."; + xmonad = mkEnableOption "Profil pour activer le gestionnaire de fenêtres xmonad."; }; #* Utilisé pour avoir des raccourcis de machine r6d.computers = { @@ -142,6 +143,7 @@ in r6d.config-generator = { laptop = true; + xmonad = true; }; }) (mkIf comp.isMonstre { @@ -171,6 +173,7 @@ in r6d.profiles.isWorkstation = true; r6d.config-generator.nix-serve-server = true; + r6d.config-generator.xmonad = true; }) ]; } From 3d1a7d2161106783c4aaa61b2507730eb3240136 Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Thu, 21 Jul 2016 00:43:15 +0200 Subject: [PATCH 078/107] =?UTF-8?q?timeout=20=C3=A0=205=20secondes=20pour?= =?UTF-8?q?=20la=20connexion=20=C3=A0=20un=20cache?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- activation-manuelle/nix-serve-client.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/activation-manuelle/nix-serve-client.nix b/activation-manuelle/nix-serve-client.nix index 813d16a..c1bf139 100644 --- a/activation-manuelle/nix-serve-client.nix +++ b/activation-manuelle/nix-serve-client.nix @@ -14,5 +14,9 @@ in { (mkIf profiles.isPrunetwork "http://192.168.1.20:5000") ]; - }; -} + extraOptions = '' + connect-timeout = 5 + ''; + }; + + } From 5350372774301a514fb24331378f9fc8a1fc4297 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Thu, 21 Jul 2016 12:54:11 +0200 Subject: [PATCH 079/107] ajout de profil minimaliste pour ocean --- config-generator.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/config-generator.nix b/config-generator.nix index 6d747ea..d794172 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -58,6 +58,7 @@ in isMonstre = mkEnableOption "Identification du nom de machine."; isNeoNomade = mkEnableOption "Identification du nom de machine."; isNomade = mkEnableOption "Identification du nom de machine."; + isOcean = mkEnableOption "Identification du nom de machine."; isPhenom = mkEnableOption "Identification du nom de machine."; isRadx = mkEnableOption "Identification du nom de machine."; isXray = mkEnableOption "Identification du nom de machine."; @@ -76,6 +77,7 @@ in isMonstre = host == "monstre.dubronetwork.fr"; isNeoNomade = host == "neo-nomade.dubronetwork.fr"; isNomade = host == "nomade.dubronetwork.fr"; + isOcean = host == "ocean.prunetwork.fr"; isPhenom = host == "phenom.dubronetwork.fr"; isRadx = host == "radx.prunetwork.fr"; isXray = host == "xray.prunetwork.fr"; @@ -121,6 +123,10 @@ in ## Affectation des profils aux machines + (mkIf comp.isOcean { + r6d.profiles.isPrunetwork = true; + r6d.profiles.isServer = true; + }) (mkIf comp.isRadx { r6d.profiles.isHome = true; r6d.profiles.isPrunetwork = true; From b2619291a778285c4b8d7487cc9662d88834a1fc Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Thu, 21 Jul 2016 15:33:36 +0200 Subject: [PATCH 080/107] ajout readme avec 2 liens --- README | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 README diff --git a/README b/README new file mode 100644 index 0000000..34ee0a2 --- /dev/null +++ b/README @@ -0,0 +1,5 @@ + +# Lien pour install sur machine distante + +* https://nixos.org/wiki/How_to_install_NixOS_from_Linux#Installing_through_a_chroot +* https://github.com/NixOS/nixpkgs/issues/13305 From 86c46a97debf71013ff6d71ad71f6c3553a100b4 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Thu, 21 Jul 2016 21:47:51 +0200 Subject: [PATCH 081/107] =?UTF-8?q?d=C3=A9sactivation=20du=20client=20nix-?= =?UTF-8?q?serve=20sur=20les=20serveurs=20prunetwork?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- activation-manuelle/nix-serve-client.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/activation-manuelle/nix-serve-client.nix b/activation-manuelle/nix-serve-client.nix index c1bf139..910bbc5 100644 --- a/activation-manuelle/nix-serve-client.nix +++ b/activation-manuelle/nix-serve-client.nix @@ -12,7 +12,7 @@ in { (mkIf (profiles.isDubronetwork && (! computers.isMonstre)) "http://192.168.10.169:5000") (mkIf profiles.isDubronetwork "http://192.168.10.252:5000") - (mkIf profiles.isPrunetwork "http://192.168.1.20:5000") + (mkIf (profiles.isPrunetwork && !profiles.isServer) "http://192.168.1.20:5000") ]; extraOptions = '' connect-timeout = 5 From cd458f24a783ec052cbf041d785e3aabfcf72bcd Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Thu, 21 Jul 2016 21:58:17 +0200 Subject: [PATCH 082/107] =?UTF-8?q?cr=C3=A9ation=20automatique=20de=20l'ut?= =?UTF-8?q?ilisateur=20selon=20la=20machine?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- activation-manuelle/users.nix | 18 ++++++++++++++++++ config-generator.nix | 1 + 2 files changed, 19 insertions(+) create mode 100644 activation-manuelle/users.nix diff --git a/activation-manuelle/users.nix b/activation-manuelle/users.nix new file mode 100644 index 0000000..2d4d707 --- /dev/null +++ b/activation-manuelle/users.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + + security.sudo.wheelNeedsPassword = false; + + users.extraUsers.jpierre03 = pkgs.lib.mkIf config.r6d.profiles.isPrunetwork + { createHome = true; + home = "/home/jpierre03"; + description = "jpierre03"; + extraGroups = [ "wheel" ]; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD3Ds2/GqTcw3oROmKMT13jI8y3B3ZzhlOK0zdyvmiHGHVzY/NEqZftSQGb3macIxWvMu2xIE298r8cqWFO1kwoL4U+pb/m2bb9r8KsDGmK0C/cf5FytsxzaVmwk+QrInTJS9t/Bt1tTjpQ3SuM7RPmaiJ+ODrh/my0efsobGQPxIi90HI/qsAI67HDU5swA8xXJIRpYJuqZuafI0772n6vDD+fh9+lMfUxAxH++6gpNfKWbpawHUAmwIB+FqHTKj015iQ0oi5nmKh4SSei5MU5mfGX6UsDRjquU0/gxfNpLh7tt5C8l5YF9xzmO3qjlN0OJbUZrA4XvhmLsYcN6gifgaO+gk07XOJtBNxGI/JAAoh6eQ5Duc8wSFNR9OCqqydeX57npcu8pyPomfBLpAV01h7m5DH1ZpqB6pzk7ndBulgLUhiv3tTEbXDeoDKNNc/2/CxQUCpyOrURbYjSd0wsQklB53vIjKz2st9vG5hH4dqvnNQt9qjW0JkvFGzfa/sBOVIDt6ApzPbiF9x8sABqfm6PKzwDBKpUyGbBgdLo7E/wkqeEXsinWGidOfCok+HRSoo+U3Iq3RynpBe92E6/JsdCIGHiwLqrZNcYLjpJXzciH+brSIVkUeQeljHlu5zfkxYptqCLVHlO4A+kvRcgh0jyzxKw7Dq7IOWxlks/WQ== +jpierre03@radx.prunetwork.fr" + ]; + }; +} diff --git a/config-generator.nix b/config-generator.nix index d794172..d127e96 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -18,6 +18,7 @@ in ./activation-manuelle/nix-serve-client.nix ./activation-manuelle/nix-serve-server.nix ./activation-manuelle/swap.nix + ./activation-manuelle/users.nix ]; ###### interface From f55ae85a66b696919f871dcac8cd0efe74b271bf Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Thu, 21 Jul 2016 22:12:00 +0200 Subject: [PATCH 083/107] ajout de groupes --- activation-manuelle/users.nix | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/activation-manuelle/users.nix b/activation-manuelle/users.nix index 2d4d707..5035835 100644 --- a/activation-manuelle/users.nix +++ b/activation-manuelle/users.nix @@ -1,14 +1,22 @@ { config, pkgs, ... }: -{ +let + profiles = config.r6d.profiles; +in { - security.sudo.wheelNeedsPassword = false; + security.sudo.wheelNeedsPassword = profiles.isPrunetwork && profiles.isServer; users.extraUsers.jpierre03 = pkgs.lib.mkIf config.r6d.profiles.isPrunetwork - { createHome = true; - home = "/home/jpierre03"; - description = "jpierre03"; - extraGroups = [ "wheel" ]; + { isNormalUser = true; + createHome = true; + home = "/home/jpierre03"; + description = "jpierre03"; + extraGroups = [ + "docker" + "plugdev" + "vbox" + "wheel" + ]; useDefaultShell = true; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD3Ds2/GqTcw3oROmKMT13jI8y3B3ZzhlOK0zdyvmiHGHVzY/NEqZftSQGb3macIxWvMu2xIE298r8cqWFO1kwoL4U+pb/m2bb9r8KsDGmK0C/cf5FytsxzaVmwk+QrInTJS9t/Bt1tTjpQ3SuM7RPmaiJ+ODrh/my0efsobGQPxIi90HI/qsAI67HDU5swA8xXJIRpYJuqZuafI0772n6vDD+fh9+lMfUxAxH++6gpNfKWbpawHUAmwIB+FqHTKj015iQ0oi5nmKh4SSei5MU5mfGX6UsDRjquU0/gxfNpLh7tt5C8l5YF9xzmO3qjlN0OJbUZrA4XvhmLsYcN6gifgaO+gk07XOJtBNxGI/JAAoh6eQ5Duc8wSFNR9OCqqydeX57npcu8pyPomfBLpAV01h7m5DH1ZpqB6pzk7ndBulgLUhiv3tTEbXDeoDKNNc/2/CxQUCpyOrURbYjSd0wsQklB53vIjKz2st9vG5hH4dqvnNQt9qjW0JkvFGzfa/sBOVIDt6ApzPbiF9x8sABqfm6PKzwDBKpUyGbBgdLo7E/wkqeEXsinWGidOfCok+HRSoo+U3Iq3RynpBe92E6/JsdCIGHiwLqrZNcYLjpJXzciH+brSIVkUeQeljHlu5zfkxYptqCLVHlO4A+kvRcgh0jyzxKw7Dq7IOWxlks/WQ== From becd37ba28b89ec086d74286ff0ab9cb2761ba70 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Thu, 21 Jul 2016 22:21:52 +0200 Subject: [PATCH 084/107] ajustment config nix serve client --- config-generator.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config-generator.nix b/config-generator.nix index d127e96..1f65674 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -47,7 +47,7 @@ in jeux = mkEnableOption "Profil pour les jeux vidéos."; laptop = mkEnableOption "Profil pour les outils spécifiques aux ordinateurs portables.."; locate = mkEnableOption "Profil pour activer la fonction locate."; - nix-serve-client= mkEnableOption "Profil pour que la machine soit un serveur de cache nix."; + nix-serve-client= mkEnableOption "Profil pour que la machine soit un client de cache nix."; nix-serve-server= mkEnableOption "Profil pour que la machine soit un serveur de cache nix."; swap = mkEnableOption "Profil pour que le swap soit activé."; virtualbox = mkEnableOption "Profil pour l'utilisation de VirtualBox."; @@ -90,6 +90,7 @@ in ## Définition des profils génériques (mkIf pfl.isDesktop { r6d.config-generator.awesome = true; + r6d.config-generator.nix-serve-client = true; }) (mkIf pfl.isHome { r6d.profiles.isDesktop = true; @@ -118,7 +119,6 @@ in (mkIf pfl.isPrunetwork { r6d.config-generator.auto-upgrade = true; r6d.config-generator.fail2ban = true; - r6d.config-generator.nix-serve-client = true; r6d.config-generator.swap = true; }) From 2195033ee5cda46d02737330eeaa09f14efdbbcc Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Thu, 21 Jul 2016 22:25:21 +0200 Subject: [PATCH 085/107] ajout de variable pour l'impression --- activation-manuelle/print.nix | 11 +++++++++++ config-generator.nix | 3 +++ services.nix | 8 -------- 3 files changed, 14 insertions(+), 8 deletions(-) create mode 100644 activation-manuelle/print.nix diff --git a/activation-manuelle/print.nix b/activation-manuelle/print.nix new file mode 100644 index 0000000..f176b6e --- /dev/null +++ b/activation-manuelle/print.nix @@ -0,0 +1,11 @@ +{ config, pkgs, ... }: + +{ + # Enable CUPS to print documents. + services.printing = pkgs.lib.mkIf config.r6d.config-generator.print { + enable = true; + drivers = [ + pkgs.samsung-unified-linux-driver + ]; + }; +} diff --git a/config-generator.nix b/config-generator.nix index 1f65674..1cc0002 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -17,6 +17,7 @@ in ./activation-manuelle/fail2ban.nix ./activation-manuelle/nix-serve-client.nix ./activation-manuelle/nix-serve-server.nix + ./activation-manuelle/print.nix ./activation-manuelle/swap.nix ./activation-manuelle/users.nix ]; @@ -49,6 +50,7 @@ in locate = mkEnableOption "Profil pour activer la fonction locate."; nix-serve-client= mkEnableOption "Profil pour que la machine soit un client de cache nix."; nix-serve-server= mkEnableOption "Profil pour que la machine soit un serveur de cache nix."; + print = mkEnableOption "Profil pour activer cups & pouvoir imprimer."; swap = mkEnableOption "Profil pour que le swap soit activé."; virtualbox = mkEnableOption "Profil pour l'utilisation de VirtualBox."; xmonad = mkEnableOption "Profil pour activer le gestionnaire de fenêtres xmonad."; @@ -106,6 +108,7 @@ in (mkIf pfl.isDubronetwork { r6d.config-generator.auto-upgrade = true; r6d.config-generator.nix-serve-client = true; + r6d.config-generator.print = true; }) (mkIf (pfl.isDubronetwork && pfl.isHome) { r6d.config-generator.jeux = true; diff --git a/services.nix b/services.nix index af0593f..94fdbef 100644 --- a/services.nix +++ b/services.nix @@ -15,14 +15,6 @@ enable = true; }; - # Enable CUPS to print documents. - services.printing = { - enable = true; - drivers = [ - pkgs.samsung-unified-linux-driver - ]; - }; - # Monitoring ## Noeud de supervision munin = pas de stockage des données locales From 906ae9b7d14d73e57bf3df3b3b6c2ed634072ed1 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Thu, 21 Jul 2016 23:00:57 +0200 Subject: [PATCH 086/107] ajout de python --- environment.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/environment.nix b/environment.nix index 1196018..099f271 100644 --- a/environment.nix +++ b/environment.nix @@ -28,6 +28,7 @@ p7zip # compression de fichier parted # partitionnement de disque pciutils + python # python -- python -m SimpleHTTPServer 8000 python34Packages.glances # monitoring pwgen # générateur de mot de passe tmux # nécessaire pour byobu From 66252cb498e09aa0e00c30802910bb602fdf5d41 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Thu, 21 Jul 2016 23:16:27 +0200 Subject: [PATCH 087/107] =?UTF-8?q?renforcement=20de=20la=20s=C3=A9curit?= =?UTF-8?q?=C3=A9=20pour=20les=20clients=20SSH?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- environment.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/environment.nix b/environment.nix index 099f271..37c8992 100644 --- a/environment.nix +++ b/environment.nix @@ -54,4 +54,16 @@ promptInit = builtins.readFile ./bash-prompt.sh; interactiveShellInit = builtins.readFile ./bash-interactive-init.sh; }; + + # https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern + programs.ssh.extraConfig = '' + # Ensure KnownHosts are unreadable if leaked - it is otherwise easier to know which hosts your keys have access to. + HashKnownHosts yes + # Host keys the client accepts - order here is honored by OpenSSH + HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 + + KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp256,ecdh-sha2-nistp384,diffie-hellman-group-exchange-sha256 + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com + Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr + ''; } From 20e8e8beaa3858007d9145439aab2ec1cc16ace4 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Thu, 21 Jul 2016 23:38:59 +0200 Subject: [PATCH 088/107] =?UTF-8?q?renforcement=20serveur=20SSH=20en=20for?= =?UTF-8?q?cant=20les=20algos=20r=C3=A9cents=20(selon=20mozilla)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- environment.nix | 1 + services.nix | 13 +++++++++++++ 2 files changed, 14 insertions(+) diff --git a/environment.nix b/environment.nix index 37c8992..a0c051c 100644 --- a/environment.nix +++ b/environment.nix @@ -22,6 +22,7 @@ gnupg # GPG gpm # prise en charge de la souris en console htop # monitoring + #libressl # librairie pour faire du TLS et les algorithmes de crypto par OpenBSD ncdu # outil pour voir l'espace utilisé nmap # outil de scan de port réseau mtr # outil de diagnostic réseau diff --git a/services.nix b/services.nix index 94fdbef..667c707 100644 --- a/services.nix +++ b/services.nix @@ -13,6 +13,19 @@ ## OpenSSH daemon services.openssh = { enable = true; + # https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29 + extraConfig = '' + KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 + Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com + + # LogLevel VERBOSE logs user's key fingerprint on login. Needed to have a clear audit track of which key was using to log in. + LogLevel VERBOSE + + # Use kernel sandbox mechanisms where possible in unprivilegied processes + # Systrace on OpenBSD, Seccomp on Linux, seatbelt on MacOSX/Darwin, rlimit elsewhere. + UsePrivilegeSeparation sandbox + ''; }; # Monitoring From 592e5664bee5ae0d915010c6c39ea1f89716ff37 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Fri, 22 Jul 2016 03:13:45 +0200 Subject: [PATCH 089/107] ajout clef mbp --- activation-manuelle/users.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/activation-manuelle/users.nix b/activation-manuelle/users.nix index 5035835..333a145 100644 --- a/activation-manuelle/users.nix +++ b/activation-manuelle/users.nix @@ -19,8 +19,8 @@ in { ]; useDefaultShell = true; openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD3Ds2/GqTcw3oROmKMT13jI8y3B3ZzhlOK0zdyvmiHGHVzY/NEqZftSQGb3macIxWvMu2xIE298r8cqWFO1kwoL4U+pb/m2bb9r8KsDGmK0C/cf5FytsxzaVmwk+QrInTJS9t/Bt1tTjpQ3SuM7RPmaiJ+ODrh/my0efsobGQPxIi90HI/qsAI67HDU5swA8xXJIRpYJuqZuafI0772n6vDD+fh9+lMfUxAxH++6gpNfKWbpawHUAmwIB+FqHTKj015iQ0oi5nmKh4SSei5MU5mfGX6UsDRjquU0/gxfNpLh7tt5C8l5YF9xzmO3qjlN0OJbUZrA4XvhmLsYcN6gifgaO+gk07XOJtBNxGI/JAAoh6eQ5Duc8wSFNR9OCqqydeX57npcu8pyPomfBLpAV01h7m5DH1ZpqB6pzk7ndBulgLUhiv3tTEbXDeoDKNNc/2/CxQUCpyOrURbYjSd0wsQklB53vIjKz2st9vG5hH4dqvnNQt9qjW0JkvFGzfa/sBOVIDt6ApzPbiF9x8sABqfm6PKzwDBKpUyGbBgdLo7E/wkqeEXsinWGidOfCok+HRSoo+U3Iq3RynpBe92E6/JsdCIGHiwLqrZNcYLjpJXzciH+brSIVkUeQeljHlu5zfkxYptqCLVHlO4A+kvRcgh0jyzxKw7Dq7IOWxlks/WQ== -jpierre03@radx.prunetwork.fr" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD3Ds2/GqTcw3oROmKMT13jI8y3B3ZzhlOK0zdyvmiHGHVzY/NEqZftSQGb3macIxWvMu2xIE298r8cqWFO1kwoL4U+pb/m2bb9r8KsDGmK0C/cf5FytsxzaVmwk+QrInTJS9t/Bt1tTjpQ3SuM7RPmaiJ+ODrh/my0efsobGQPxIi90HI/qsAI67HDU5swA8xXJIRpYJuqZuafI0772n6vDD+fh9+lMfUxAxH++6gpNfKWbpawHUAmwIB+FqHTKj015iQ0oi5nmKh4SSei5MU5mfGX6UsDRjquU0/gxfNpLh7tt5C8l5YF9xzmO3qjlN0OJbUZrA4XvhmLsYcN6gifgaO+gk07XOJtBNxGI/JAAoh6eQ5Duc8wSFNR9OCqqydeX57npcu8pyPomfBLpAV01h7m5DH1ZpqB6pzk7ndBulgLUhiv3tTEbXDeoDKNNc/2/CxQUCpyOrURbYjSd0wsQklB53vIjKz2st9vG5hH4dqvnNQt9qjW0JkvFGzfa/sBOVIDt6ApzPbiF9x8sABqfm6PKzwDBKpUyGbBgdLo7E/wkqeEXsinWGidOfCok+HRSoo+U3Iq3RynpBe92E6/JsdCIGHiwLqrZNcYLjpJXzciH+brSIVkUeQeljHlu5zfkxYptqCLVHlO4A+kvRcgh0jyzxKw7Dq7IOWxlks/WQ== jpierre03@radx.prunetwork.fr" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDS9RFWbeHgLIZNBA1gMZygftVElQwyph7t4NiKtoH9Yejj0okoxMfwxveUZMyqRN8bIMm3OTuZ6TXsyGvjcAV1fSaIUEX57/e+QeFRxJ7i08Yv+9rXkS7Xb4bc+gF7ev0/QnhCu/rqqSX2mJWe19IA7anuSfXKvcrDaMd+jYP7w+kdlNQej4TQtiTGV2Dq/exaMGqttCZU4yHoqVB5EHiMGAHN5SS+JgSWHdZctpG7r6ONyhaXeU4HNm1WOKwV2G/lu8N4kNLnLwA74iduqJmEQYySEhG0EmM6MAAsrD1pcvIphTrD2e6BsVTsA3aT7Zu62F7mcJVm7+aVQy0mn589 jpierre03@mbp.home" ]; }; } From 7bd6eb37e3cb944202047b1c09f4eb51349ea4b6 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Fri, 22 Jul 2016 13:40:13 +0200 Subject: [PATCH 090/107] fix: erreur sur la logique. oubli d'un ! --- activation-manuelle/users.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/activation-manuelle/users.nix b/activation-manuelle/users.nix index 333a145..0a2e9e0 100644 --- a/activation-manuelle/users.nix +++ b/activation-manuelle/users.nix @@ -4,9 +4,9 @@ let profiles = config.r6d.profiles; in { - security.sudo.wheelNeedsPassword = profiles.isPrunetwork && profiles.isServer; + security.sudo.wheelNeedsPassword = !(profiles.isPrunetwork && profiles.isServer); - users.extraUsers.jpierre03 = pkgs.lib.mkIf config.r6d.profiles.isPrunetwork + users.extraUsers.jpierre03 = pkgs.lib.mkIf profiles.isPrunetwork { isNormalUser = true; createHome = true; home = "/home/jpierre03"; From d503b8f0f4fd2afe7a8614d3eb106649e58f908f Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Fri, 22 Jul 2016 13:40:39 +0200 Subject: [PATCH 091/107] ajout de commentaires --- config-generator.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config-generator.nix b/config-generator.nix index 1cc0002..49da805 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -105,6 +105,8 @@ in r6d.config-generator.docker = true; }) + + ## Profils liés à Dubronetwork (mkIf pfl.isDubronetwork { r6d.config-generator.auto-upgrade = true; r6d.config-generator.nix-serve-client = true; @@ -119,6 +121,8 @@ in (mkIf (pfl.isDubronetwork && pfl.isWorkstation) { r6d.config-generator.virtualbox = true; }) + + ## Profils liés à Prunetwork (mkIf pfl.isPrunetwork { r6d.config-generator.auto-upgrade = true; r6d.config-generator.fail2ban = true; From af15068c2958eb77186a870d92b5bdf410006c90 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Fri, 22 Jul 2016 13:46:46 +0200 Subject: [PATCH 092/107] =?UTF-8?q?utilisation=20de=20blocs=20pour=20?= =?UTF-8?q?=C3=A9viter=20de=20r=C3=A9peter=20le=20pr=C3=A9fixe?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config-generator.nix | 78 ++++++++++++++++++++++++++++---------------- 1 file changed, 50 insertions(+), 28 deletions(-) diff --git a/config-generator.nix b/config-generator.nix index 49da805..13eb3fd 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -91,8 +91,10 @@ in ## Définition des profils génériques (mkIf pfl.isDesktop { - r6d.config-generator.awesome = true; - r6d.config-generator.nix-serve-client = true; + r6d.config-generator = { + awesome = true; + nix-serve-client = true; + }; }) (mkIf pfl.isHome { r6d.profiles.isDesktop = true; @@ -108,9 +110,11 @@ in ## Profils liés à Dubronetwork (mkIf pfl.isDubronetwork { - r6d.config-generator.auto-upgrade = true; - r6d.config-generator.nix-serve-client = true; - r6d.config-generator.print = true; + r6d.config-generator = { + auto-upgrade = true; + nix-serve-client = true; + print = true; + }; }) (mkIf (pfl.isDubronetwork && pfl.isHome) { r6d.config-generator.jeux = true; @@ -124,36 +128,46 @@ in ## Profils liés à Prunetwork (mkIf pfl.isPrunetwork { - r6d.config-generator.auto-upgrade = true; - r6d.config-generator.fail2ban = true; - r6d.config-generator.swap = true; + r6d.config-generator = { + auto-upgrade = true; + fail2ban = true; + swap = true; + }; }) ## Affectation des profils aux machines (mkIf comp.isOcean { - r6d.profiles.isPrunetwork = true; - r6d.profiles.isServer = true; + r6d.profiles = { + isPrunetwork = true; + isServer = true; + }; }) (mkIf comp.isRadx { - r6d.profiles.isHome = true; - r6d.profiles.isPrunetwork = true; - r6d.profiles.isServer = true; - r6d.profiles.isWorkstation = true; + r6d.profiles = { + isHome = true; + isPrunetwork = true; + isServer = true; + isWorkstation = true; + }; r6d.config-generator = { virtualbox = true; }; }) (mkIf comp.isXray { - r6d.profiles.isPrunetwork = true; - r6d.profiles.isServer = true; + r6d.profiles = { + isPrunetwork = true; + isServer = true; + }; }) (mkIf comp.isLatitude { - r6d.profiles.isDubronetwork = true; - r6d.profiles.isHome = true; - r6d.profiles.isWorkstation = true; + r6d.profiles = { + isDubronetwork = true; + isHome = true; + isWorkstation = true; + }; r6d.config-generator = { laptop = true; @@ -161,14 +175,18 @@ in }; }) (mkIf comp.isMonstre { - r6d.profiles.isDubronetwork = true; - r6d.profiles.isServer = true; + r6d.profiles = { + isDubronetwork = true; + isServer = true; + }; r6d.config-generator.fail2ban = true; }) (mkIf comp.isNeoNomade{ - r6d.profiles.isDubronetwork = true; - r6d.profiles.isHome = true; + r6d.profiles = { + isDubronetwork = true; + isHome = true; + }; r6d.config-generator = { laptop = true; @@ -182,12 +200,16 @@ in }; }) (mkIf comp.isPhenom { - r6d.profiles.isDubronetwork = true; - r6d.profiles.isHome = true; - r6d.profiles.isWorkstation = true; + r6d.profiles = { + isDubronetwork = true; + isHome = true; + isWorkstation = true; + }; - r6d.config-generator.nix-serve-server = true; - r6d.config-generator.xmonad = true; + r6d.config-generator = { + nix-serve-server = true; + xmonad = true; + }; }) ]; } From c5b7c16946348db1fe2716c34145210a795da55f Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Fri, 22 Jul 2016 13:48:22 +0200 Subject: [PATCH 093/107] =?UTF-8?q?xmonad=20est=20activ=C3=A9=20pour=20tou?= =?UTF-8?q?tes=20les=20stations=20de=20travail=20dubronetwork?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config-generator.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/config-generator.nix b/config-generator.nix index 13eb3fd..e513c66 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -123,7 +123,10 @@ in r6d.config-generator.nix-serve-server = true; }) (mkIf (pfl.isDubronetwork && pfl.isWorkstation) { - r6d.config-generator.virtualbox = true; + r6d.config-generator = { + virtualbox = true; + xmonad = true; + }; }) ## Profils liés à Prunetwork @@ -171,7 +174,6 @@ in r6d.config-generator = { laptop = true; - xmonad = true; }; }) (mkIf comp.isMonstre { @@ -208,7 +210,6 @@ in r6d.config-generator = { nix-serve-server = true; - xmonad = true; }; }) ]; From 326da0f7e83c7172457d0c30101e68da90f480f1 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Fri, 22 Jul 2016 14:16:20 +0200 Subject: [PATCH 094/107] ajout header + utilisation --- activation-manuelle/auto-upgrade.nix | 10 +++++++--- activation-manuelle/fail2ban.nix | 8 ++++++-- activation-manuelle/laptop.nix | 8 ++++++-- activation-manuelle/locate.nix | 8 ++++++-- activation-manuelle/nix-serve-client.nix | 2 ++ activation-manuelle/nix-serve-server.nix | 10 +++++++--- activation-manuelle/print.nix | 8 ++++++-- activation-manuelle/swap.nix | 8 ++++++-- activation-manuelle/users.nix | 5 ++++- 9 files changed, 50 insertions(+), 17 deletions(-) diff --git a/activation-manuelle/auto-upgrade.nix b/activation-manuelle/auto-upgrade.nix index fa61df3..4c2637a 100644 --- a/activation-manuelle/auto-upgrade.nix +++ b/activation-manuelle/auto-upgrade.nix @@ -1,8 +1,12 @@ { config, pkgs, ... }: -{ +with pkgs.lib; + +let + cfg = config.r6d.config-generator; +in { # Automatic update & automatic clean - system.autoUpgrade.enable = config.r6d.config-generator.auto-upgrade; - nix.gc.automatic = config.r6d.config-generator.auto-upgrade; + system.autoUpgrade.enable = cfg.auto-upgrade; + nix.gc.automatic = cfg.auto-upgrade; } diff --git a/activation-manuelle/fail2ban.nix b/activation-manuelle/fail2ban.nix index 2340d60..9f28547 100644 --- a/activation-manuelle/fail2ban.nix +++ b/activation-manuelle/fail2ban.nix @@ -1,9 +1,13 @@ { config, pkgs, ... }: -{ +with pkgs.lib; + +let + cfg = config.r6d.config-generator; +in { # Gestion de fail2ban - services = pkgs.lib.mkIf config.r6d.config-generator.fail2ban { + services = mkIf cfg.fail2ban { fail2ban = { enable = true; jails = { diff --git a/activation-manuelle/laptop.nix b/activation-manuelle/laptop.nix index 6a08edc..fdbd5db 100644 --- a/activation-manuelle/laptop.nix +++ b/activation-manuelle/laptop.nix @@ -1,6 +1,10 @@ { config, pkgs, ... }: -{ +with pkgs.lib; + +let + cfg = config.r6d.config-generator; +in { # Gestion spécifique pour PC portable - powerManagement.cpuFreqGovernor = pkgs.lib.mkIf config.r6d.config-generator.laptop "powersave"; + powerManagement.cpuFreqGovernor = mkIf cfg.laptop "powersave"; } diff --git a/activation-manuelle/locate.nix b/activation-manuelle/locate.nix index 072d930..a27e977 100644 --- a/activation-manuelle/locate.nix +++ b/activation-manuelle/locate.nix @@ -1,11 +1,15 @@ { config, pkgs, ... }: -{ +with pkgs.lib; + +let + cfg = config.r6d.config-generator; +in { imports = [ ]; services.locate = { - enable = config.r6d.config-generator.locate; + enable = cfg.locate; interval = "hourly"; }; } diff --git a/activation-manuelle/nix-serve-client.nix b/activation-manuelle/nix-serve-client.nix index 910bbc5..fa83547 100644 --- a/activation-manuelle/nix-serve-client.nix +++ b/activation-manuelle/nix-serve-client.nix @@ -1,7 +1,9 @@ { config, lib, pkgs, ... }: + let inherit (lib) mkIf mkMerge; profiles = config.r6d.profiles; + cfg = config.r6d.config-generator; computers = config.r6d.computers; in { nix = mkIf config.r6d.config-generator.nix-serve-client { diff --git a/activation-manuelle/nix-serve-server.nix b/activation-manuelle/nix-serve-server.nix index 686f8c0..86dfea6 100644 --- a/activation-manuelle/nix-serve-server.nix +++ b/activation-manuelle/nix-serve-server.nix @@ -1,8 +1,12 @@ { config, pkgs, ... }: -{ +with pkgs.lib; + +let + cfg = config.r6d.config-generator; +in { # Cache http pour le store - services.nix-serve.enable = config.r6d.config-generator.nix-serve-server; - networking.firewall.allowedTCPPorts = pkgs.lib.mkIf config.r6d.config-generator.nix-serve-server [ 5000 ]; + services.nix-serve.enable = cfg.nix-serve-server; + networking.firewall.allowedTCPPorts = mkIf cfg.nix-serve-server [ 5000 ]; } diff --git a/activation-manuelle/print.nix b/activation-manuelle/print.nix index f176b6e..5c0735b 100644 --- a/activation-manuelle/print.nix +++ b/activation-manuelle/print.nix @@ -1,8 +1,12 @@ { config, pkgs, ... }: -{ +with pkgs.lib; + +let + cfg = config.r6d.config-generator; +in { # Enable CUPS to print documents. - services.printing = pkgs.lib.mkIf config.r6d.config-generator.print { + services.printing = mkIf cfg.print { enable = true; drivers = [ pkgs.samsung-unified-linux-driver diff --git a/activation-manuelle/swap.nix b/activation-manuelle/swap.nix index ea92882..1318e2d 100644 --- a/activation-manuelle/swap.nix +++ b/activation-manuelle/swap.nix @@ -1,10 +1,14 @@ { config, pkgs, ... }: -{ +with pkgs.lib; + +let + cfg = config.r6d.config-generator; +in { # Gestion du swap # https://en.wikipedia.org/wiki/Swappiness - boot.kernel.sysctl = pkgs.lib.mkIf config.r6d.config-generator.swap { + boot.kernel.sysctl = mkIf cfg.swap { # le swap est activé (!= 0) # le swap est utilisé lorsque (100 - x) % de la mémoire est déja allouée "vm.swappiness" = 10; diff --git a/activation-manuelle/users.nix b/activation-manuelle/users.nix index 0a2e9e0..33a215c 100644 --- a/activation-manuelle/users.nix +++ b/activation-manuelle/users.nix @@ -1,12 +1,15 @@ { config, pkgs, ... }: +with pkgs.lib; + let + cfg = config.r6d.config-generator; profiles = config.r6d.profiles; in { security.sudo.wheelNeedsPassword = !(profiles.isPrunetwork && profiles.isServer); - users.extraUsers.jpierre03 = pkgs.lib.mkIf profiles.isPrunetwork + users.extraUsers.jpierre03 = mkIf profiles.isPrunetwork { isNormalUser = true; createHome = true; home = "/home/jpierre03"; From b50aa1ad0eea57a8b3695b5425f6b6a13f0b8486 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Fri, 22 Jul 2016 16:02:31 +0200 Subject: [PATCH 095/107] ajout option pour lancer un serveur postgres --- config-generator.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/config-generator.nix b/config-generator.nix index e513c66..f1fa754 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -43,6 +43,7 @@ in enable = mkEnableOption "Génération de la configuration d'une machine."; awesome = mkEnableOption "Profil pour activer le gestionnaire de fenêtre awesome."; auto-upgrade = mkEnableOption "Profil pour activer les mises à jour automatiques."; + database_postgres=mkEnableOption "Profil pour activer le SGBD PostgreSQL."; docker = mkEnableOption "Profil pour l'utilisation de Docker."; fail2ban = mkEnableOption "Profil pour activer Fail2ban."; jeux = mkEnableOption "Profil pour les jeux vidéos."; @@ -100,7 +101,10 @@ in r6d.profiles.isDesktop = true; }) (mkIf pfl.isServer { - r6d.config-generator.nix-serve-server = true; + r6d.config-generator = { + #database_postgres = true; + nix-serve-server = true; + }; }) (mkIf pfl.isWorkstation { r6d.profiles.isDesktop = true; From ef3778dd5477aba327bb275a068cf38320fc0b71 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Fri, 22 Jul 2016 16:10:25 +0200 Subject: [PATCH 096/107] ajout de variable pour rabbitmq --- config-generator.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config-generator.nix b/config-generator.nix index f1fa754..8930031 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -52,6 +52,7 @@ in nix-serve-client= mkEnableOption "Profil pour que la machine soit un client de cache nix."; nix-serve-server= mkEnableOption "Profil pour que la machine soit un serveur de cache nix."; print = mkEnableOption "Profil pour activer cups & pouvoir imprimer."; + rabbitmq = mkEnableOption "Profil pour activer le service de messagerie AMQP."; swap = mkEnableOption "Profil pour que le swap soit activé."; virtualbox = mkEnableOption "Profil pour l'utilisation de VirtualBox."; xmonad = mkEnableOption "Profil pour activer le gestionnaire de fenêtres xmonad."; @@ -104,6 +105,7 @@ in r6d.config-generator = { #database_postgres = true; nix-serve-server = true; + #rabbitmq = true; }; }) (mkIf pfl.isWorkstation { From 5380bb76b003709810c81252fb7bffaf0dcbdd60 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Fri, 22 Jul 2016 16:16:25 +0200 Subject: [PATCH 097/107] =?UTF-8?q?ajout=20du=20monitoring=20local=20(d?= =?UTF-8?q?=C3=A9placement=20depuis=20server)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- base.nix | 1 + monitoring.nix | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 monitoring.nix diff --git a/base.nix b/base.nix index 984f0a6..f0397a7 100644 --- a/base.nix +++ b/base.nix @@ -4,6 +4,7 @@ imports = [ ./environment.nix ./localisation.nix + ./monitoring.nix ./networking.nix ./services.nix diff --git a/monitoring.nix b/monitoring.nix new file mode 100644 index 0000000..1198826 --- /dev/null +++ b/monitoring.nix @@ -0,0 +1,27 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + ## Munin server -- generate /var/www/munin + services.munin-cron = { + enable = true; + hosts = '' + [${config.networking.hostName}] + address localhost + ''; + extraGlobalConfig = '' + contact.email.command mail -s "Munin notification for ''${var:host}" hostmaster@prunetwork.fr + ''; + }; + + networking.firewall.allowedTCPPorts = [ + # TODO configurer les bon ports lors de l'ouverture du service + ]; + + ## Documentation + # * https://nixos.org/wiki/Create_and_debug_nix_packages + # * http://chriswarbo.net/essays/nixos/developing_on_nixos.html +} From 363b2f56e4e213b7f66ebda1c2a36da581dbd3f5 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Fri, 22 Jul 2016 16:34:02 +0200 Subject: [PATCH 098/107] ajout de variables pour le DNS --- config-generator.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/config-generator.nix b/config-generator.nix index 8930031..d667398 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -45,6 +45,8 @@ in auto-upgrade = mkEnableOption "Profil pour activer les mises à jour automatiques."; database_postgres=mkEnableOption "Profil pour activer le SGBD PostgreSQL."; docker = mkEnableOption "Profil pour l'utilisation de Docker."; + dns_autorite = mkEnableOption "Profil pour servir les fichiers de zone DNS."; + dns_resolveur = mkEnableOption "Profil pour activer un résolveur DNS local."; fail2ban = mkEnableOption "Profil pour activer Fail2ban."; jeux = mkEnableOption "Profil pour les jeux vidéos."; laptop = mkEnableOption "Profil pour les outils spécifiques aux ordinateurs portables.."; @@ -104,6 +106,8 @@ in (mkIf pfl.isServer { r6d.config-generator = { #database_postgres = true; + dns_autorite = true; + #dns_resolveur = true; nix-serve-server = true; #rabbitmq = true; }; @@ -111,7 +115,10 @@ in (mkIf pfl.isWorkstation { r6d.profiles.isDesktop = true; - r6d.config-generator.docker = true; + r6d.config-generator = { + docker = true; + dns_resolveur = true; + }; }) ## Profils liés à Dubronetwork From 5fa77bda2e9a0485c76d477cf4deb9d64875cb7e Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Fri, 22 Jul 2016 16:43:56 +0200 Subject: [PATCH 099/107] =?UTF-8?q?le=20r=C3=A9solveur=20DNS=20local=20est?= =?UTF-8?q?=20activ=C3=A9=20si=20la=20machine=20n'est=20pas=20un=20serveur?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config-generator.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/config-generator.nix b/config-generator.nix index d667398..ed55e1b 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -112,12 +112,16 @@ in #rabbitmq = true; }; }) + (mkIf (!pfl.isServer) { + r6d.config-generator = { + dns_resolveur = true; + }; + }) (mkIf pfl.isWorkstation { r6d.profiles.isDesktop = true; r6d.config-generator = { docker = true; - dns_resolveur = true; }; }) From dbd58cabc045bb88a94acd104dccc6767615822d Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Sat, 23 Jul 2016 13:55:11 +0200 Subject: [PATCH 100/107] =?UTF-8?q?d=C3=A9sactivation=20de=20nix=20serve?= =?UTF-8?q?=20pour=20ocean?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * nix serve permet de récupérer toute la config de la machine ce qui ne me plait pas pour un serveur. --- config-generator.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/config-generator.nix b/config-generator.nix index ed55e1b..ae3ec3f 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -108,10 +108,13 @@ in #database_postgres = true; dns_autorite = true; #dns_resolveur = true; - nix-serve-server = true; + # inutile d'exposer la conf complète du serveur par le store tant qu'il n'y a pas de protection complémentaire - utilisation SSH ? + #nix-serve-server = true; + #rabbitmq = true; }; }) + # /!\ PAS un serveur (mkIf (!pfl.isServer) { r6d.config-generator = { dns_resolveur = true; @@ -172,6 +175,7 @@ in }; r6d.config-generator = { + nix-serve-server = true; virtualbox = true; }; }) From 12fe6f2b94a7ef35712ea53e9ecbaf32fab8a21a Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Sat, 23 Jul 2016 17:36:22 +0200 Subject: [PATCH 101/107] =?UTF-8?q?impl=C3=A9mentation=20de=20la=20typo=20?= =?UTF-8?q?"gti"=20:)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- environment.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environment.nix b/environment.nix index a0c051c..e1c1a5d 100644 --- a/environment.nix +++ b/environment.nix @@ -17,7 +17,7 @@ bind # utilisé pour les utilitaires comme dig byobu # permet de se déconnecter d'un terminal sans l'aréter exfat # Pour monter les FAT avec Fuse - git gitAndTools.gitSVN gitAndTools.tig # outil de gestion de version + git gitAndTools.gitSVN gitAndTools.tig gti # outil de gestion de version gnumake # pour décrire les recettes de compilation gnupg # GPG gpm # prise en charge de la souris en console From 908be0c5e89946d1a52a9846da63064b0e233911 Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Sat, 23 Jul 2016 17:37:32 +0200 Subject: [PATCH 102/107] option pour que les rebuild cherchent une solution au lieu de planter --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index bc21835..9c5642b 100644 --- a/Makefile +++ b/Makefile @@ -23,7 +23,7 @@ push: submodules-push git push --tags rebuild-switch: - nixos-rebuild switch + nixos-rebuild switch --fallback store-repair: nix-store --verify --check-contents --repair @@ -44,5 +44,5 @@ tag: submodules-tag git tag -f "$$(date +%F)-$$(hostname -s)" upgrade: - nixos-rebuild switch --upgrade + nixos-rebuild switch --upgrade --fallback From 95c7fc7a14d647d0e039db8b2e5dcd1b1aa16e15 Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Mon, 25 Jul 2016 14:25:49 +0200 Subject: [PATCH 103/107] =?UTF-8?q?ajout=20de=20paquets=20utilis=C3=A9=20s?= =?UTF-8?q?ur=20les=20desktop=20&=20serveur=20->=20base?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- environment.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/environment.nix b/environment.nix index a0c051c..ce85393 100644 --- a/environment.nix +++ b/environment.nix @@ -26,12 +26,14 @@ ncdu # outil pour voir l'espace utilisé nmap # outil de scan de port réseau mtr # outil de diagnostic réseau + par2cmdline # outil de récupération de fichiers corrompus - .par2 p7zip # compression de fichier parted # partitionnement de disque pciutils python # python -- python -m SimpleHTTPServer 8000 python34Packages.glances # monitoring pwgen # générateur de mot de passe + rtorrent # outil de téléchargement de torrent & magnet tmux # nécessaire pour byobu tree # affiche une arborescence de fichiers et dossiers usbutils From 206430165a0813a1a42fe82ae21762b07e948e4b Mon Sep 17 00:00:00 2001 From: System administrator Date: Wed, 27 Jul 2016 09:28:28 +0200 Subject: [PATCH 104/107] ajout de rollo.dubronetwokr.fr --- config-generator.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/config-generator.nix b/config-generator.nix index ae3ec3f..f8bc70b 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -68,6 +68,7 @@ in isOcean = mkEnableOption "Identification du nom de machine."; isPhenom = mkEnableOption "Identification du nom de machine."; isRadx = mkEnableOption "Identification du nom de machine."; + isRollo = mkEnableOption "Identification du nom de machine."; isXray = mkEnableOption "Identification du nom de machine."; }; }; @@ -87,6 +88,7 @@ in isOcean = host == "ocean.prunetwork.fr"; isPhenom = host == "phenom.dubronetwork.fr"; isRadx = host == "radx.prunetwork.fr"; + isRollo = host == "rollo.dubronetwork.fr"; isXray = host == "xray.prunetwork.fr"; }; } @@ -233,5 +235,13 @@ in nix-serve-server = true; }; }) + (mkIf comp.isRollo { + r6d.profiles = { + isDubronetwork = true; + isServer = true; + }; + + r6d.config-generator.fail2ban = true; + }) ]; } From 8881df0d4a0aff57d8d5cd51b743c07bcc7052bd Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Wed, 27 Jul 2016 11:44:10 +0200 Subject: [PATCH 105/107] option de configuration pour murmur + activation pour rollo --- config-generator.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/config-generator.nix b/config-generator.nix index f8bc70b..048a4c9 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -51,6 +51,7 @@ in jeux = mkEnableOption "Profil pour les jeux vidéos."; laptop = mkEnableOption "Profil pour les outils spécifiques aux ordinateurs portables.."; locate = mkEnableOption "Profil pour activer la fonction locate."; + murmur = mkEnableOption "Profil pour activer un serveur Mumble (murmur)"; nix-serve-client= mkEnableOption "Profil pour que la machine soit un client de cache nix."; nix-serve-server= mkEnableOption "Profil pour que la machine soit un serveur de cache nix."; print = mkEnableOption "Profil pour activer cups & pouvoir imprimer."; @@ -241,7 +242,10 @@ in isServer = true; }; - r6d.config-generator.fail2ban = true; + r6d.config-generator = { + fail2ban = true; + murmur = true; + }; }) ]; } From e88711df13864f8716020d2f164cb7906ac84b8e Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Wed, 27 Jul 2016 11:44:53 +0200 Subject: [PATCH 106/107] =?UTF-8?q?d=C3=A9sactivation=20de=20nix-serve-cli?= =?UTF-8?q?ent=20pour=20dubronetwork=20(d=C3=A9j=C3=A0=20dans=20desktop)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config-generator.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/config-generator.nix b/config-generator.nix index 048a4c9..2b18b2f 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -135,7 +135,6 @@ in (mkIf pfl.isDubronetwork { r6d.config-generator = { auto-upgrade = true; - nix-serve-client = true; print = true; }; }) From 11c624da5923c29ad694267973ac733b22ef286b Mon Sep 17 00:00:00 2001 From: Yves Dubromelle Date: Wed, 27 Jul 2016 11:50:27 +0200 Subject: [PATCH 107/107] =?UTF-8?q?option=20pour=20afficher=20le=20d=C3=A9?= =?UTF-8?q?tail=20des=20erreurs?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 9c5642b..ea084b8 100644 --- a/Makefile +++ b/Makefile @@ -23,7 +23,7 @@ push: submodules-push git push --tags rebuild-switch: - nixos-rebuild switch --fallback + nixos-rebuild switch --fallback --show-trace store-repair: nix-store --verify --check-contents --repair @@ -44,5 +44,5 @@ tag: submodules-tag git tag -f "$$(date +%F)-$$(hostname -s)" upgrade: - nixos-rebuild switch --upgrade --fallback + nixos-rebuild switch --upgrade --fallback --show-trace