From ea307cc5dc809990ef8e8148fd787c1899e7148e Mon Sep 17 00:00:00 2001 From: Jean-Pierre PRUNARET Date: Fri, 12 Aug 2016 12:46:36 +0200 Subject: [PATCH] application du template --- base.nix | 9 ++++- base/activation-manuelle/nix-serve-client.nix | 5 +-- base/activation-manuelle/nix-serve-server.nix | 27 +++++++++++---- base/activation-manuelle/service-fail2ban.nix | 15 ++++---- base/activation-manuelle/users.nix | 6 ++-- base/base.nix | 9 ++++- base/network-dns.nix | 12 +++++-- config-generator.nix | 1 - desktop/activation-manuelle/xmonad/xmonad.nix | 10 +++--- desktop/desktop.nix | 1 + public/app-adminsys.nix | 3 +- public/app-awesome.nix | 2 +- public/app-bureautique.nix | 3 +- public/app-cao.nix | 5 +-- public/app-cartographie.nix | 3 +- public/app-client-internet.nix | 3 +- public/app-developpement.nix | 3 +- public/app-docker.nix | 3 +- public/app-edition-musique.nix | 5 +-- public/app-edition-photo.nix | 3 +- public/app-edition-video.nix | 5 +-- public/app-jeux.nix | 3 +- public/app-multimedia.nix | 3 +- public/app-network.nix | 9 +++-- public/app-securite.nix | 3 +- public/app-virtualbox.nix | 3 +- public/auto-upgrade.nix | 3 +- public/environment.nix | 12 +++++-- public/laptop.nix | 3 +- public/localisation.nix | 12 +++++-- public/network-ipv6.nix | 12 +++++-- public/print.nix | 6 ++-- public/public.nix | 9 ++++- public/service-haveged.nix | 15 ++++++-- public/service-laptop.nix | 3 +- public/service-locate.nix | 3 +- public/service-monitoring.nix | 34 ++++++++++++------- public/service-pulseaudio.nix | 9 ++--- public/service-ssh.nix | 15 ++++++-- public/service-x11.nix | 10 +++--- public/swap.nix | 3 +- 41 files changed, 215 insertions(+), 88 deletions(-) diff --git a/base.nix b/base.nix index f7cb649..c25215e 100644 --- a/base.nix +++ b/base.nix @@ -1,4 +1,11 @@ -{ ... }: +{ config, lib, pkgs, ... }: + +let + #inherit (lib) mkIf mkMerge mkThenElse; + cfg = config.r6d.config-generator; + computers = config.r6d.computers; + profiles = config.r6d.profiles; +in { imports = [ diff --git a/base/activation-manuelle/nix-serve-client.nix b/base/activation-manuelle/nix-serve-client.nix index 0c2d6ea..694bd5f 100644 --- a/base/activation-manuelle/nix-serve-client.nix +++ b/base/activation-manuelle/nix-serve-client.nix @@ -1,13 +1,14 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf mkMerge; - profiles = config.r6d.profiles; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; + profiles = config.r6d.profiles; in mkIf cfg.nix-serve-client { + nix = { # Cache http pour le store requireSignedBinaryCaches = false; diff --git a/base/activation-manuelle/nix-serve-server.nix b/base/activation-manuelle/nix-serve-server.nix index 86dfea6..f9e633d 100644 --- a/base/activation-manuelle/nix-serve-server.nix +++ b/base/activation-manuelle/nix-serve-server.nix @@ -1,12 +1,27 @@ -{ config, pkgs, ... }: - -with pkgs.lib; +{ config, lib, pkgs, ... }: let + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; -in { + computers = config.r6d.computers; + profiles = config.r6d.profiles; +in + +mkIf cfg.nix-serve-server { + # Cache http pour le store - services.nix-serve.enable = cfg.nix-serve-server; - networking.firewall.allowedTCPPorts = mkIf cfg.nix-serve-server [ 5000 ]; + # Services + services.nix-serve = { + enable = true; + }; + + # Réseau + networking.firewall = { + allowedTCPPorts = [ + 5000 + ]; + allowedUDPPorts = [ + ]; + }; } diff --git a/base/activation-manuelle/service-fail2ban.nix b/base/activation-manuelle/service-fail2ban.nix index 29d8f4d..854210d 100644 --- a/base/activation-manuelle/service-fail2ban.nix +++ b/base/activation-manuelle/service-fail2ban.nix @@ -1,17 +1,20 @@ -{ config, pkgs, ... }: - -with pkgs.lib; +{ config, lib, pkgs, ... }: let + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; + computers = config.r6d.computers; + profiles = config.r6d.profiles; ignoreip = "pedro.dubronetwork.fr cube.dubronetwork.fr voyage.prunetwork.fr xray.prunetwork.fr 192.168.0.0/16 172.16.0.0/16"; destemail = "admins@dubronetwork.fr"; +in + +mkIf cfg.fail2ban { -in { # Gestion de fail2ban - - services = mkIf cfg.fail2ban { + # Services + services = { fail2ban = { enable = true; jails = { diff --git a/base/activation-manuelle/users.nix b/base/activation-manuelle/users.nix index 4024f08..b9de130 100644 --- a/base/activation-manuelle/users.nix +++ b/base/activation-manuelle/users.nix @@ -1,9 +1,9 @@ -{ config, pkgs, ... }: - -with pkgs.lib; +{ config, lib, pkgs, ... }: let + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; + computers = config.r6d.computers; profiles = config.r6d.profiles; # Dubronetwork diff --git a/base/base.nix b/base/base.nix index 1a7f298..1f4135d 100644 --- a/base/base.nix +++ b/base/base.nix @@ -1,4 +1,11 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: + +let + #inherit (lib) mkIf mkMerge mkThenElse; + cfg = config.r6d.config-generator; + computers = config.r6d.computers; + profiles = config.r6d.profiles; +in { imports = [ diff --git a/base/network-dns.nix b/base/network-dns.nix index 008c289..fe5efe4 100644 --- a/base/network-dns.nix +++ b/base/network-dns.nix @@ -1,6 +1,14 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkMerge mkThenElse; + cfg = config.r6d.config-generator; + computers = config.r6d.computers; + profiles = config.r6d.profiles; +in + +mkIf true { -{ # Définition des domaines utilisés lorsque un identifiant non-FQDN est donné (ping, nslookup) networking = { search = [ diff --git a/config-generator.nix b/config-generator.nix index 954dc42..6dd2db9 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -1,6 +1,5 @@ { config, lib, pkgs, ... }: -# exemple utilisé pour commencer bird.nix let inherit (lib) mkEnableOption mkIf mkMerge mkOption singleton types; cfg = config.r6d.config-generator; diff --git a/desktop/activation-manuelle/xmonad/xmonad.nix b/desktop/activation-manuelle/xmonad/xmonad.nix index bb46a15..ab5c91d 100644 --- a/desktop/activation-manuelle/xmonad/xmonad.nix +++ b/desktop/activation-manuelle/xmonad/xmonad.nix @@ -1,19 +1,21 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; +in -in mkIf cfg.xmonad { - # Paquets spécifiques pour xmonad +mkIf cfg.xmonad { - environment.systemPackages = with pkgs;[ + # Paquets + environment.systemPackages = with pkgs; [ dmenu haskellPackages.xmobar ]; + # Services services.xserver.windowManager.xmonad = { enable = true; enableContribAndExtras = true; diff --git a/desktop/desktop.nix b/desktop/desktop.nix index da550ad..704bc35 100644 --- a/desktop/desktop.nix +++ b/desktop/desktop.nix @@ -13,6 +13,7 @@ in ./activation-manuelle/xmonad/xmonad.nix # gestionnaire de fenêtres xmonad ]; + # Paquets environment.systemPackages = with pkgs; mkIf profiles.isDesktop [ # Environement de bureau arandr # interface graphique pour xrandr diff --git a/public/app-adminsys.nix b/public/app-adminsys.nix index 07eae3a..871a8d3 100644 --- a/public/app-adminsys.nix +++ b/public/app-adminsys.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; @@ -9,6 +9,7 @@ in mkIf profiles.isDesktop { + # Paquets environment.systemPackages = with pkgs; [ # Adminsys iotop diff --git a/public/app-awesome.nix b/public/app-awesome.nix index 4f364ae..762e124 100644 --- a/public/app-awesome.nix +++ b/public/app-awesome.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; diff --git a/public/app-bureautique.nix b/public/app-bureautique.nix index 4b78222..719612f 100644 --- a/public/app-bureautique.nix +++ b/public/app-bureautique.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; @@ -9,6 +9,7 @@ in mkIf profiles.isDesktop { + # Paquets environment.systemPackages = with pkgs; [ # Bureautique aspell aspellDicts.fr diff --git a/public/app-cao.nix b/public/app-cao.nix index 995dfc5..6d13c2f 100644 --- a/public/app-cao.nix +++ b/public/app-cao.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; @@ -9,7 +9,8 @@ in mkIf cfg.conception-assistee { -environment.systemPackages = with pkgs; [ + # Paquets + environment.systemPackages = with pkgs; [ # CAO ## Modélisation 3D freecad # modélisation de pièces en 3D diff --git a/public/app-cartographie.nix b/public/app-cartographie.nix index 2a728fb..4037f86 100644 --- a/public/app-cartographie.nix +++ b/public/app-cartographie.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; @@ -9,6 +9,7 @@ in mkIf cfg.cartographie { + # Paquets environment.systemPackages = with pkgs; [ # Gestion de données géographiques expat diff --git a/public/app-client-internet.nix b/public/app-client-internet.nix index 562ab29..90b9211 100644 --- a/public/app-client-internet.nix +++ b/public/app-client-internet.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; @@ -9,6 +9,7 @@ in mkIf profiles.isDesktop { +# Paquets environment.systemPackages = with pkgs; [ # Clients Internet diff --git a/public/app-developpement.nix b/public/app-developpement.nix index bf0f7f2..d7eeeee 100644 --- a/public/app-developpement.nix +++ b/public/app-developpement.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; @@ -9,6 +9,7 @@ in mkIf cfg.developpement { + # Paquets environment.systemPackages = with pkgs; [ # Base de données pgadmin diff --git a/public/app-docker.nix b/public/app-docker.nix index 8fd79f7..b9594ac 100644 --- a/public/app-docker.nix +++ b/public/app-docker.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; @@ -9,6 +9,7 @@ in mkIf cfg.docker { + # Paquets environment.systemPackages = with pkgs; [ # Ecosystème Docker docker diff --git a/public/app-edition-musique.nix b/public/app-edition-musique.nix index 10c8ddc..7e9c67d 100644 --- a/public/app-edition-musique.nix +++ b/public/app-edition-musique.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; @@ -9,7 +9,8 @@ in mkIf cfg.edition-musique { -environment.systemPackages = with pkgs; [ + # Paquets + environment.systemPackages = with pkgs; [ # audacity # montage audio easytag # gestion des métadonnées des fichiers musicaux diff --git a/public/app-edition-photo.nix b/public/app-edition-photo.nix index 7d0b587..dea55fa 100644 --- a/public/app-edition-photo.nix +++ b/public/app-edition-photo.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; @@ -9,6 +9,7 @@ in mkIf cfg.edition-photo { + # Paquets environment.systemPackages = with pkgs; [ # Méta données exif diff --git a/public/app-edition-video.nix b/public/app-edition-video.nix index d481313..176b1c7 100644 --- a/public/app-edition-video.nix +++ b/public/app-edition-video.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; @@ -9,7 +9,8 @@ in mkIf cfg.edition-video { -environment.systemPackages = with pkgs; [ + # Paquets + environment.systemPackages = with pkgs; [ # Vidéo #cinelerra # editeur video pitivi # montage vidéo diff --git a/public/app-jeux.nix b/public/app-jeux.nix index 642eb33..54b96b5 100644 --- a/public/app-jeux.nix +++ b/public/app-jeux.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; @@ -9,6 +9,7 @@ in mkIf cfg.jeux { + # Paquets environment.systemPackages = with pkgs; [ # Jeux urbanterror diff --git a/public/app-multimedia.nix b/public/app-multimedia.nix index 4f92cee..378a6d1 100644 --- a/public/app-multimedia.nix +++ b/public/app-multimedia.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; @@ -9,6 +9,7 @@ in mkIf profiles.isDesktop { + # Paquets environment.systemPackages = with pkgs; [ # Multimedia diff --git a/public/app-network.nix b/public/app-network.nix index 2934e76..2694bcb 100644 --- a/public/app-network.nix +++ b/public/app-network.nix @@ -9,6 +9,7 @@ in mkIf profiles.isDesktop { + # Paquets environment.systemPackages = with pkgs; [ # Outils réseau iperf # outil de mesure de la qualité du réseau @@ -23,7 +24,11 @@ mkIf profiles.isDesktop { ]; networking.firewall = { - allowedTCPPorts = [5201]; # iperf - allowedUDPPorts = [5201]; # iperf + allowedTCPPorts = [ + 5201 # iperf + ]; + allowedUDPPorts = [ + 5201 # iperf + ]; }; } diff --git a/public/app-securite.nix b/public/app-securite.nix index d4bf5aa..e3c1bd6 100644 --- a/public/app-securite.nix +++ b/public/app-securite.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; @@ -9,6 +9,7 @@ in mkIf profiles.isDesktop { + # Paquets environment.systemPackages = with pkgs; [ # Securité gnome3.seahorse # gestionnaire graphique de clef GPG diff --git a/public/app-virtualbox.nix b/public/app-virtualbox.nix index 85076c6..d1899b4 100644 --- a/public/app-virtualbox.nix +++ b/public/app-virtualbox.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; @@ -9,6 +9,7 @@ in mkIf cfg.virtualbox { + # Paquets environment.systemPackages = with pkgs; [ linuxPackages.virtualbox linuxPackages.virtualboxGuestAdditions diff --git a/public/auto-upgrade.nix b/public/auto-upgrade.nix index 0d7eff4..48539a8 100644 --- a/public/auto-upgrade.nix +++ b/public/auto-upgrade.nix @@ -1,13 +1,14 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; in mkIf cfg.auto-upgrade { + # Automatic update & automatic clean system.autoUpgrade.enable = true; diff --git a/public/environment.nix b/public/environment.nix index 8bac7f1..fb4f89a 100644 --- a/public/environment.nix +++ b/public/environment.nix @@ -1,4 +1,11 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkMerge mkThenElse; + cfg = config.r6d.config-generator; + computers = config.r6d.computers; + profiles = config.r6d.profiles; +in { # Nombre de process d'installation en parrallèle effectués par Nix @@ -10,8 +17,7 @@ # On autorise les paquets non-libres nixpkgs.config.allowUnfree = true; - # List packages installed in system profile. To search by name, run: - # $ nix-env -qaP | grep wget + # Paquets environment = { systemPackages = with pkgs; [ bind # utilisé pour les utilitaires comme dig diff --git a/public/laptop.nix b/public/laptop.nix index b9e42f3..b09571c 100644 --- a/public/laptop.nix +++ b/public/laptop.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; @@ -19,6 +19,7 @@ mkIf cfg.laptop { hardware.bluetooth.enable = true; + # Paquets environment.systemPackages = with pkgs; [ networkmanagerapplet ]; diff --git a/public/localisation.nix b/public/localisation.nix index 37bafcf..6b773b7 100644 --- a/public/localisation.nix +++ b/public/localisation.nix @@ -1,6 +1,14 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkMerge mkThenElse; + cfg = config.r6d.config-generator; + computers = config.r6d.computers; + profiles = config.r6d.profiles; +in + +mkIf true { -{ # Select internationalisation properties. i18n = { consoleFont = "Lat2-Terminus16"; diff --git a/public/network-ipv6.nix b/public/network-ipv6.nix index 5b06a58..16337ed 100644 --- a/public/network-ipv6.nix +++ b/public/network-ipv6.nix @@ -1,6 +1,14 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkMerge mkThenElse; + cfg = config.r6d.config-generator; + computers = config.r6d.computers; + profiles = config.r6d.profiles; +in + +mkIf true { -{ # Utilisation d'adresse IPv6 temporaire ## https://blog.linitx.com/control-privacy-addressing-ipv6-linux/ diff --git a/public/print.nix b/public/print.nix index 6e5f98b..de71ef2 100644 --- a/public/print.nix +++ b/public/print.nix @@ -1,14 +1,16 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; in mkIf cfg.print { - # Enable CUPS to print documents. + + # Services + ## Enable CUPS to print documents. services.printing = { enable = true; drivers = [ diff --git a/public/public.nix b/public/public.nix index e4f92ea..c184840 100644 --- a/public/public.nix +++ b/public/public.nix @@ -1,4 +1,11 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: + +let + #inherit (lib) mkIf mkMerge mkThenElse; + cfg = config.r6d.config-generator; + computers = config.r6d.computers; + profiles = config.r6d.profiles; +in { imports = [ diff --git a/public/service-haveged.nix b/public/service-haveged.nix index 0d29e12..851b125 100644 --- a/public/service-haveged.nix +++ b/public/service-haveged.nix @@ -1,7 +1,16 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: -{ - # Sécurité & Acces distant +let + inherit (lib) mkIf mkMerge mkThenElse; + cfg = config.r6d.config-generator; + computers = config.r6d.computers; + profiles = config.r6d.profiles; +in + +mkIf true { + + # Sécurité & Accès distant + # Services ## Augmentation de l'entropie du système par un générateur de nombres aléatoires ## cat /proc/sys/kernel/random/entropy_avail diff --git a/public/service-laptop.nix b/public/service-laptop.nix index 36c3ff3..fe4c8c2 100644 --- a/public/service-laptop.nix +++ b/public/service-laptop.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; @@ -11,6 +11,7 @@ mkIf cfg.laptop { # Gestion spécifique pour PC portable + # Services services.xserver.synaptics = { enable = true; twoFingerScroll = true; diff --git a/public/service-locate.nix b/public/service-locate.nix index 64267a5..73f43f3 100644 --- a/public/service-locate.nix +++ b/public/service-locate.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; @@ -9,6 +9,7 @@ in mkIf cfg.locate { + # Services services.locate = { enable = true; interval = "hourly"; diff --git a/public/service-monitoring.nix b/public/service-monitoring.nix index d754594..d01ab95 100644 --- a/public/service-monitoring.nix +++ b/public/service-monitoring.nix @@ -1,14 +1,22 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: -{ - # Monitoring +let + inherit (lib) mkIf mkMerge mkThenElse; + cfg = config.r6d.config-generator; + computers = config.r6d.computers; + profiles = config.r6d.profiles; +in - # Noeud de supervision munin = pas de stockage des données locales +mkIf true { + + # Services + + ## Noeud de supervision munin = pas de stockage des données locales services.munin-node = { enable = true; }; - # Munin server -- generate /var/www/munin + ## Munin server -- generate /var/www/munin services.munin-cron = { enable = true; hosts = '' @@ -20,12 +28,12 @@ ''; }; - networking.firewall.allowedTCPPorts = [ - # TODO configurer les bon ports lors de l'ouverture du service - 8000 - ]; - - ## Documentation - # * https://nixos.org/wiki/Create_and_debug_nix_packages - # * http://chriswarbo.net/essays/nixos/developing_on_nixos.html + # Réseau + networking.firewall = { + allowedTCPPorts = [ + 8000 + ]; + allowedUDPPorts = [ + ]; + }; } diff --git a/public/service-pulseaudio.nix b/public/service-pulseaudio.nix index a538108..8e53cba 100644 --- a/public/service-pulseaudio.nix +++ b/public/service-pulseaudio.nix @@ -1,15 +1,16 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: let + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; - mkIf = pkgs.lib.mkIf; in -{ +mkIf profiles.isDesktop { + # Pulse Audio - hardware.pulseaudio = mkIf profiles.isDesktop { + hardware.pulseaudio = { enable = true; support32Bit = true; }; diff --git a/public/service-ssh.nix b/public/service-ssh.nix index f6d55cb..33978b2 100644 --- a/public/service-ssh.nix +++ b/public/service-ssh.nix @@ -1,7 +1,16 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: -{ - # OpenSSH daemon +let + inherit (lib) mkIf mkMerge mkThenElse; + cfg = config.r6d.config-generator; + computers = config.r6d.computers; + profiles = config.r6d.profiles; +in + +mkIf true { + + # Services + ## OpenSSH daemon services.openssh = { enable = true; # https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29 diff --git a/public/service-x11.nix b/public/service-x11.nix index 5f586c1..b92b0e4 100644 --- a/public/service-x11.nix +++ b/public/service-x11.nix @@ -1,15 +1,17 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: let + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; - mkIf = pkgs.lib.mkIf; in -{ +mkIf profiles.isDesktop { + + # Services # Enable the X11 windowing system. - services.xserver = mkIf profiles.isDesktop { + services.xserver = { enable = true; layout = "fr"; xkbOptions = "eurosign:e"; diff --git a/public/swap.nix b/public/swap.nix index dc1b84e..44cdfd0 100644 --- a/public/swap.nix +++ b/public/swap.nix @@ -1,13 +1,14 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkMerge mkThenElse; cfg = config.r6d.config-generator; computers = config.r6d.computers; profiles = config.r6d.profiles; in mkIf cfg.swap { + # Gestion du swap # https://en.wikipedia.org/wiki/Swappiness