import historique de "base"

base/activation-manuelle/auto-upgrade.nix

@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.r6d.config-generator;
+in {
+  # Automatic update & automatic clean
+
+  system.autoUpgrade.enable = cfg.auto-upgrade;
+  nix.gc.automatic = cfg.auto-upgrade;
+}

base/activation-manuelle/fail2ban.nix

@@ -0,0 +1,37 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.r6d.config-generator;
+in {
+  # Gestion de fail2ban
+  
+  services = mkIf cfg.fail2ban {
+    fail2ban = {
+      enable = true;
+      jails = {
+        DEFAULT = ''
+          # "ignoreip" can be an IP address, a CIDR mask or a DNS host
+          ignoreip = 127.0.0.1/8 pedro.dubronetwork.fr cube.dubronetwork.fr voyage.prunetwork.fr xray.prunetwork.fr 192.168.0.0/16 172.16.0.0/16
+
+          # 1 jour
+          # bantime  = 86400
+          # 5 jours 
+          bantime  = 432000
+          maxretry = 3
+
+          #
+          # Destination email address used solely for the interpolations in
+          # jail.{conf,local} configuration files.
+          destemail = admins@dubronetwork.fr
+        '';
+        ssh-route = ''
+          filter   = sshd
+          action   = route[blocktype=blackhole]
+          maxretry = 3
+        '';
+      };
+    };
+  };
+}

base/activation-manuelle/laptop.nix

@@ -0,0 +1,10 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.r6d.config-generator;
+in {
+  # Gestion spécifique pour PC portable
+  powerManagement.cpuFreqGovernor = mkIf cfg.laptop "powersave";
+}

base/activation-manuelle/locate.nix

@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.r6d.config-generator;
+in {
+  imports = [
+  ];
+
+  services.locate = {
+    enable = cfg.locate;
+    interval = "hourly";
+  };
+}

base/activation-manuelle/nix-serve-client.nix

@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge;
+  profiles = config.r6d.profiles;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+in {
+  nix = mkIf config.r6d.config-generator.nix-serve-client {
+    # Cache http pour le store
+    requireSignedBinaryCaches = false;
+    binaryCaches =  [
+      ("https://cache.nixos.org/")
+      (mkIf (profiles.isDubronetwork && (! computers.isMonstre)) "http://192.168.10.169:5000")
+      (mkIf profiles.isDubronetwork "http://192.168.10.252:5000")
+
+      (mkIf (profiles.isPrunetwork && !profiles.isServer) "http://192.168.1.20:5000")
+    ];
+    extraOptions = ''
+      connect-timeout = 5
+    '';
+    };
+
+  }

base/activation-manuelle/nix-serve-server.nix

@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.r6d.config-generator;
+in {
+  # Cache http pour le store
+
+  services.nix-serve.enable = cfg.nix-serve-server;
+  networking.firewall.allowedTCPPorts = mkIf cfg.nix-serve-server [ 5000 ];
+}

base/activation-manuelle/print.nix

@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.r6d.config-generator;
+in {
+  # Enable CUPS to print documents.
+  services.printing = mkIf cfg.print {
+    enable = true;
+    drivers = [
+      pkgs.samsung-unified-linux-driver
+    ];
+  };
+}

base/activation-manuelle/swap.nix

@@ -0,0 +1,16 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.r6d.config-generator;
+in {
+  # Gestion du swap
+  
+  # https://en.wikipedia.org/wiki/Swappiness
+  boot.kernel.sysctl = mkIf cfg.swap {
+    # le swap est activé (!= 0)
+    # le swap est utilisé lorsque (100 - x) % de la mémoire est déja allouée
+    "vm.swappiness" = 10;
+  };
+}