application du template

9 years ago · ea307cc5dc
parent 1cce1ec034
commit ea307cc5dc
41 changed files with 215 additions and 88 deletions
--- a/base.nix
+++ b/base.nix
@ -1,4 +1,11 @@
-{ ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  #inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in

 {
  imports = [
--- a/base/activation-manuelle/nix-serve-client.nix
+++ b/base/activation-manuelle/nix-serve-client.nix
@ -1,13 +1,14 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf mkMerge;
-  profiles = config.r6d.profiles;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
 in

 mkIf cfg.nix-serve-client {
+
  nix = {
    # Cache http pour le store
    requireSignedBinaryCaches = false;
--- a/base/activation-manuelle/nix-serve-server.nix
+++ b/base/activation-manuelle/nix-serve-server.nix
@ -1,12 +1,27 @@
-{ config, pkgs, ... }:
-
-with pkgs.lib;
+{ config, lib, pkgs, ... }:

 let
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
-in {
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf cfg.nix-serve-server {
+
  # Cache http pour le store

-  services.nix-serve.enable = cfg.nix-serve-server;
-  networking.firewall.allowedTCPPorts = mkIf cfg.nix-serve-server [ 5000 ];
+  # Services
+  services.nix-serve = {
+    enable = true;
+  };
+
+  # Réseau
+  networking.firewall = {
+    allowedTCPPorts = [
+      5000
+    ];
+    allowedUDPPorts = [
+    ];
+  };
 }
--- a/base/activation-manuelle/service-fail2ban.nix
+++ b/base/activation-manuelle/service-fail2ban.nix
@ -1,17 +1,20 @@
-{ config, pkgs, ... }:
-
-with pkgs.lib;
+{ config, lib, pkgs, ... }:

 let
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;

  ignoreip = "pedro.dubronetwork.fr cube.dubronetwork.fr voyage.prunetwork.fr xray.prunetwork.fr 192.168.0.0/16 172.16.0.0/16";
  destemail = "admins@dubronetwork.fr";
+in
+
+mkIf cfg.fail2ban {

-in {
  # Gestion de fail2ban
-  
-  services = mkIf cfg.fail2ban {
+  # Services
+  services = {
    fail2ban = {
      enable = true;
      jails = {
--- a/base/activation-manuelle/users.nix
+++ b/base/activation-manuelle/users.nix
@ -1,9 +1,9 @@
-{ config, pkgs, ... }:
-
-with pkgs.lib;
+{ config, lib, pkgs, ... }:

 let
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
  profiles = config.r6d.profiles;

  # Dubronetwork
--- a/base/base.nix
+++ b/base/base.nix
@ -1,4 +1,11 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  #inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in

 {
  imports = [
--- a/base/network-dns.nix
+++ b/base/network-dns.nix
@ -1,6 +1,14 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf true {

-{
  # Définition des domaines utilisés lorsque un identifiant non-FQDN est donné (ping, nslookup)
  networking = {
    search = [
--- a/config-generator.nix
+++ b/config-generator.nix
@ -1,6 +1,5 @@
 { config, lib, pkgs, ... }:

-# exemple utilisé pour commencer bird.nix
 let
  inherit (lib) mkEnableOption mkIf mkMerge mkOption singleton types;
  cfg = config.r6d.config-generator;
--- a/desktop/activation-manuelle/xmonad/xmonad.nix
+++ b/desktop/activation-manuelle/xmonad/xmonad.nix
@ -1,19 +1,21 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
+in

-in  mkIf cfg.xmonad {
-  # Paquets spécifiques pour xmonad
+mkIf cfg.xmonad {

-  environment.systemPackages = with pkgs;[
+  # Paquets
+  environment.systemPackages = with pkgs; [
    dmenu
    haskellPackages.xmobar
  ];

+  # Services
  services.xserver.windowManager.xmonad = {
    enable = true;
    enableContribAndExtras = true;
--- a/desktop/desktop.nix
+++ b/desktop/desktop.nix
@ -13,6 +13,7 @@ in
    ./activation-manuelle/xmonad/xmonad.nix      # gestionnaire de fenêtres xmonad
  ];

+  # Paquets
  environment.systemPackages = with pkgs; mkIf profiles.isDesktop [
    # Environement de bureau
    arandr          # interface graphique pour xrandr
--- a/public/app-adminsys.nix
+++ b/public/app-adminsys.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
@ -9,6 +9,7 @@ in

 mkIf profiles.isDesktop {

+  # Paquets
  environment.systemPackages = with pkgs; [
    # Adminsys
    iotop
--- a/public/app-awesome.nix
+++ b/public/app-awesome.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
--- a/public/app-bureautique.nix
+++ b/public/app-bureautique.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
@ -9,6 +9,7 @@ in

 mkIf profiles.isDesktop {

+  # Paquets
  environment.systemPackages = with pkgs; [
    # Bureautique
    aspell aspellDicts.fr
--- a/public/app-cao.nix
+++ b/public/app-cao.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
@ -9,7 +9,8 @@ in

 mkIf cfg.conception-assistee {

-environment.systemPackages = with pkgs; [
+  # Paquets
+  environment.systemPackages = with pkgs; [
    # CAO
    ## Modélisation 3D
    freecad   # modélisation de pièces en 3D
--- a/public/app-cartographie.nix
+++ b/public/app-cartographie.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
@ -9,6 +9,7 @@ in

 mkIf cfg.cartographie {

+  # Paquets
  environment.systemPackages = with pkgs; [
    # Gestion de données géographiques
    expat         
--- a/public/app-client-internet.nix
+++ b/public/app-client-internet.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
@ -9,6 +9,7 @@ in

 mkIf profiles.isDesktop {

+# Paquets
 environment.systemPackages = with pkgs; [
    # Clients Internet

--- a/public/app-developpement.nix
+++ b/public/app-developpement.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
@ -9,6 +9,7 @@ in

 mkIf cfg.developpement {

+  # Paquets
  environment.systemPackages = with pkgs; [
    # Base de données
    pgadmin
--- a/public/app-docker.nix
+++ b/public/app-docker.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
@ -9,6 +9,7 @@ in

 mkIf cfg.docker {

+  # Paquets
  environment.systemPackages = with pkgs; [
    # Ecosystème Docker
    docker
--- a/public/app-edition-musique.nix
+++ b/public/app-edition-musique.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
@ -9,7 +9,8 @@ in

 mkIf cfg.edition-musique {

-environment.systemPackages = with pkgs; [
+  # Paquets
+  environment.systemPackages = with pkgs; [
    #
    audacity      # montage audio
    easytag       # gestion des métadonnées des fichiers musicaux
--- a/public/app-edition-photo.nix
+++ b/public/app-edition-photo.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
@ -9,6 +9,7 @@ in

 mkIf cfg.edition-photo {

+  # Paquets
 environment.systemPackages = with pkgs; [
    # Méta données
    exif
--- a/public/app-edition-video.nix
+++ b/public/app-edition-video.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
@ -9,7 +9,8 @@ in

 mkIf cfg.edition-video {

-environment.systemPackages = with pkgs; [
+  # Paquets
+  environment.systemPackages = with pkgs; [
    # Vidéo
    #cinelerra     # editeur video
    pitivi        # montage vidéo
--- a/public/app-jeux.nix
+++ b/public/app-jeux.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
@ -9,6 +9,7 @@ in

 mkIf cfg.jeux {

+  # Paquets
  environment.systemPackages = with pkgs; [
    # Jeux
    urbanterror
--- a/public/app-multimedia.nix
+++ b/public/app-multimedia.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
@ -9,6 +9,7 @@ in

 mkIf profiles.isDesktop {

+  # Paquets
  environment.systemPackages = with pkgs; [
    # Multimedia

--- a/public/app-network.nix
+++ b/public/app-network.nix
@ -9,6 +9,7 @@ in

 mkIf profiles.isDesktop {

+  # Paquets
  environment.systemPackages = with pkgs; [
    # Outils réseau
    iperf         # outil de mesure de la qualité du réseau
@ -23,7 +24,11 @@ mkIf profiles.isDesktop {
  ];

  networking.firewall = {
-    allowedTCPPorts = [5201]; # iperf
-    allowedUDPPorts = [5201]; # iperf
+    allowedTCPPorts = [
+      5201 # iperf
+    ];
+    allowedUDPPorts = [
+      5201 # iperf
+    ];
  };
 }
--- a/public/app-securite.nix
+++ b/public/app-securite.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
@ -9,6 +9,7 @@ in

 mkIf profiles.isDesktop {

+  # Paquets
  environment.systemPackages = with pkgs; [
    # Securité
    gnome3.seahorse # gestionnaire graphique de clef GPG
--- a/public/app-virtualbox.nix
+++ b/public/app-virtualbox.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
@ -9,6 +9,7 @@ in

 mkIf cfg.virtualbox {

+  # Paquets
  environment.systemPackages = with pkgs; [
    linuxPackages.virtualbox
    linuxPackages.virtualboxGuestAdditions
--- a/public/auto-upgrade.nix
+++ b/public/auto-upgrade.nix
@ -1,13 +1,14 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in

 mkIf cfg.auto-upgrade {
+
  # Automatic update & automatic clean

  system.autoUpgrade.enable = true;
--- a/public/environment.nix
+++ b/public/environment.nix
@ -1,4 +1,11 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in

 {
  # Nombre de process d'installation en parrallèle effectués par Nix
@ -10,8 +17,7 @@
  # On autorise les paquets non-libres
  nixpkgs.config.allowUnfree = true;

-  # List packages installed in system profile. To search by name, run:
-  # $ nix-env -qaP | grep wget
+  # Paquets
  environment = {
    systemPackages = with pkgs; [
      bind          # utilisé pour les utilitaires comme dig
--- a/public/laptop.nix
+++ b/public/laptop.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
@ -19,6 +19,7 @@ mkIf cfg.laptop {

  hardware.bluetooth.enable = true;

+  # Paquets
  environment.systemPackages = with pkgs; [
    networkmanagerapplet
  ];
--- a/public/localisation.nix
+++ b/public/localisation.nix
@ -1,6 +1,14 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf true {

-{
  # Select internationalisation properties.
  i18n = {
    consoleFont = "Lat2-Terminus16";
--- a/public/network-ipv6.nix
+++ b/public/network-ipv6.nix
@ -1,6 +1,14 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf true {

-{
  # Utilisation d'adresse IPv6 temporaire
  
  ## https://blog.linitx.com/control-privacy-addressing-ipv6-linux/
--- a/public/print.nix
+++ b/public/print.nix
@ -1,14 +1,16 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in

 mkIf cfg.print {
-  # Enable CUPS to print documents.
+
+  # Services
+  ## Enable CUPS to print documents.
  services.printing = {
    enable = true;
    drivers = [
--- a/public/public.nix
+++ b/public/public.nix
@ -1,4 +1,11 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  #inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in

 {
  imports = [
--- a/public/service-haveged.nix
+++ b/public/service-haveged.nix
@ -1,7 +1,16 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:

-{
-  # Sécurité & Acces distant
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf true {
+
+  # Sécurité & Accès distant
+  # Services

  ## Augmentation de l'entropie du système par un générateur de nombres aléatoires
  ## cat /proc/sys/kernel/random/entropy_avail
--- a/public/service-laptop.nix
+++ b/public/service-laptop.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
@ -11,6 +11,7 @@ mkIf cfg.laptop {

  # Gestion spécifique pour PC portable

+  # Services
  services.xserver.synaptics = {
    enable = true;
    twoFingerScroll = true;
--- a/public/service-locate.nix
+++ b/public/service-locate.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
@ -9,6 +9,7 @@ in

 mkIf cfg.locate {

+  # Services
  services.locate = {
    enable = true;
    interval = "hourly";
--- a/public/service-monitoring.nix
+++ b/public/service-monitoring.nix
@ -1,14 +1,22 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:

-{
-  # Monitoring
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in

-  # Noeud de supervision munin = pas de stockage des données locales
+mkIf true {
+
+  # Services
+
+  ## Noeud de supervision munin = pas de stockage des données locales
  services.munin-node = {
    enable = true;
  };

-  # Munin server -- generate /var/www/munin
+  ## Munin server -- generate /var/www/munin
  services.munin-cron = {
    enable = true;
    hosts = ''
@ -20,12 +28,12 @@
    '';
  };

-  networking.firewall.allowedTCPPorts = [
-    # TODO configurer les bon ports lors de l'ouverture du service
-    8000
-  ];
-
-   ## Documentation
-   # * https://nixos.org/wiki/Create_and_debug_nix_packages
-   # * http://chriswarbo.net/essays/nixos/developing_on_nixos.html
+  # Réseau
+  networking.firewall = {
+    allowedTCPPorts = [
+      8000
+    ];
+    allowedUDPPorts = [
+    ];
+  };
 }
--- a/public/service-pulseaudio.nix
+++ b/public/service-pulseaudio.nix
@ -1,15 +1,16 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:

 let
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
-  mkIf = pkgs.lib.mkIf;
 in

-{
+mkIf profiles.isDesktop {
+
  # Pulse Audio
-  hardware.pulseaudio = mkIf profiles.isDesktop {
+  hardware.pulseaudio = {
    enable = true;
    support32Bit = true;
  };
--- a/public/service-ssh.nix
+++ b/public/service-ssh.nix
@ -1,7 +1,16 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:

-{
-  # OpenSSH daemon
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf true {
+
+  # Services
+  ## OpenSSH daemon
  services.openssh = {
    enable = true;
    # https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29
--- a/public/service-x11.nix
+++ b/public/service-x11.nix
@ -1,15 +1,17 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:

 let
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
-  mkIf = pkgs.lib.mkIf;
 in

-{
+mkIf profiles.isDesktop {
+
+  # Services
  # Enable the X11 windowing system.
-  services.xserver = mkIf profiles.isDesktop {
+  services.xserver = {
    enable = true;
    layout = "fr";
    xkbOptions = "eurosign:e";
--- a/public/swap.nix
+++ b/public/swap.nix
@ -1,13 +1,14 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in

 mkIf cfg.swap {
+
  # Gestion du swap
  
  # https://en.wikipedia.org/wiki/Swappiness