Merge nixos-21.05-preparation fixes #9

Les nouvelles règles dans NixOS obligent à avoir dans networking.hostName
un label DNS strict, il faut donc préciser le domaine à part dans
networking.domain.
networking.fqdn est une facilité pour concaténer les deux, en lecture
seule.

Makefile

@@ -1,48 +1,118 @@
+GSF=git submodule foreach
+TIME=time
+
+CHRONY_STATUS=chronyc tracking
+CHRONY_STATS=chronyc sources -v
+CHRONY_STATS_SOURCES=chronyc sourcestats
+
 all: rebuild-switch
 	date
+##--------- Commandes spécifiques pour NixOS
 
 clean:
-	nix-collect-garbage -d --delete-older-than 15d
+	$(TIME) nix-collect-garbage -d --delete-older-than 15d
 
 clean-aggressive:
-	nix-collect-garbage -d --delete-older-than 1d
+	$(TIME) nix-collect-garbage -d --delete-older-than 1d
 
 clean-total:
-	nix-collect-garbage -d
+	$(TIME) nix-collect-garbage -d
 
 clean-log:
+	journalctl --flush --rotate
 	journalctl --vacuum-size=1G
 
 full-auto: submodules-update upgrade clean optimise
+	@date
+
+list-installed-packages:
+	@# source : https://functor.tokyo/blog/2018-02-20-show-packages-installed-on-nixos
+	@# https://www.domenkozar.com/2014/01/02/getting-started-with-nix-package-manager/
+	@#nixos-option environment.systemPackages
+	nixos-option environment.systemPackages | head -2 | tail -1 | sed -e 's/ /\n/g' | cut -d- -f2- | sort | uniq| sed -e 's/"$$//'
 
 optimise:
-	nix-store --optimise
+	$(TIME) nix store optimise
 
-push: submodules-push
-	git push --all
-	git push --tags
+rebuild-build:
+	nix-channel --add https://nixos.org/channels/nixos-unstable nixos
+	$(TIME) time nixos-rebuild build --fallback  --show-trace
 
 rebuild-switch:
-	nixos-rebuild switch
+	$(TIME) time nixos-rebuild switch --fallback  --show-trace
+
+show-blackholed:
+	-@ip route |grep blackhole |wc -l| awk '{print "Il y a "$$1" route(s) en blackhole sur";system("hostname ")}' |cowsay
+
+show-diff-with-current:
+	-diff /run/current-system/configuration.nix /etc/nixos/configuration.nix
+
+show-roots:
+	nix-store --gc --print-roots
+
+show-time:
+	-@$(CHRONY_STATUS) && $(CHRONY_STATS)
+	-@watch -d -n 2 "$(CHRONY_STATUS) && echo "-- Statistiques générales :" && $(CHRONY_STATS) && echo "-- Statistiques sur les sources :" && $(CHRONY_STATS_SOURCES) && echo "-- Statistiques sur les clients :" && chronyc clients"
 
 store-repair:
-	nix-store --verify --check-contents --repair
+	$(TIME) nix-store --verify --check-contents --repair
+
+upgrade:
+	nix-channel --add https://nixos.org/channels/nixos-unstable nixos
+	$(TIME) nixos-rebuild switch --upgrade --fallback --show-trace
+
+##--------- Commandes spécifiques pour NixOS -- Opérations non courantes
+
+download-sources:
+	# https://nixos.org/wiki/Download_all_sources
+	nix-store -r $$(grep -l outputHash $$(nix-store -qR $$(nix-instantiate '<nixpkgs>' -A geeqie) | grep '.drv$$'))
+
+build-iso:
+	nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=/etc/nixos/base/iso-image/livecd-minimal.nix
+
+##--------- Commandes spécifiques pour GIT
+
+push: submodules-push
+	git push --all
+	git push --tags
 
 submodules-update:
 	#git submodule update --remote
-	git submodule foreach git co master
-	git submodule foreach git ff
+	#$(GSF) git co master
+	$(GSF) git ff
+	$(GSF) git gc --auto
 
 submodules-push:
-	git submodule foreach git push --all
-	git submodule foreach git push --tags
+	$(GSF) git push --all
+	$(GSF) git push --tags
 
 submodules-tag:
-	git submodule foreach git tag -f "$$(date +%F)-$$(hostname -s)"
+	$(GSF) git tag -f "$$(date +%F)-$$(hostname -s)"
+
+template:
+	find . -name "*.nix" -exec meld /etc/nixos/base/module-template.nix {} \;
 
 tag: submodules-tag
 	git tag -f "$$(date +%F)-$$(hostname -s)"
 
-upgrade:
-	nixos-rebuild switch --upgrade
+##--------- Munin
+
+munin:
+	pushd /var/www/munin/ ; python -m SimpleHTTPServer 8000
+##--------- Gestion d'un système de fichier monté en mémoire
+
+tmpfs-create:
+	mkdir -p /mnt/tmpfs
+
+tmpfs-mount: tmpfs-create
+	mount -t tmpfs -o size=10G tmpfs /mnt/tmpfs
+
+tmpfs-umount:
+	umount /mnt/tmpfs
+
+tmpfs-destroy: tmpfs-umount
+	rmdir /mnt/tmpfs
 
+##- Test awesome
+test-awesome:
+	Xephyr :5 & sleep 1; DISPLAY=:5 awesome

README.md

@@ -0,0 +1,240 @@
+# nixos-template-base
+
+Versions de NixOS supportées :
+* NixOS unstable
+
+Ce dépôt stocke une configuration générique des machines.
+
+~~Une recette dite "config-generator" adapte la configuration selon le nom de la machine (FQDN).~~
+
+~~Actuellement, les scripts contiennent un peu de configuration spécifique pour les machines des mainteneurs.~~
+
+# Liens
+* https://status.nixos.org/ pour savoir de quand datent les différentes releases de NixOS
+* https://repology.org/repository/nix_unstable/problems pour lister les paquets avec problèmes
+
+# Notes de mise-à-jour
+
+## pour l'utilisation de l'annuaire (à partir de 2017-04-28)
+
+* faire les mises à jour de l'OS
+* commiter & pusher l'état des dépôts (au cas où). Pour les différents dépôts `git a`, `git commit` puis `make tag push`
+* mettre à jour les dépôts avec les dernières versions, `make submodules-update`
+* vérifier que `configuration.nix` contient `services.xserver.enable = true;` pour les machines avec interface graphique
+* vérifier que `configuration.nix` contient le nom de la machine `networking.hostName = "<X>";`
+* vérifier que `configuration.nix` contient le nom de domaine `networking.domain = "<X>";`
+* tester la configuration : `nixos-rebuild build`
+* corriger et ajouter les éléments manquant (notamment dans `private/annuaire.nix` )
+* lorsque tout semble bon, vérifier :
+  * qu'il y a toujours des utilisateurs dans la configuration
+  * que le moyen d'accéder à la machine n'a pas été supprimé (surtout les machines distantes)
+* lancer la commande de build de l'os : `make` :)
+
+## pour le passage de 16.09 à unstable
+
+* mettre à jour tous les dépôts
+* changer la branche de base vers `nixos-unstable`
+* changer la declaration de la machine dans `configuration.nix`
+
+~~~
+networking.hostName = "<bidule>";
+~~~
+
+devient
+
+~~~
+r6d.computers.is<bidule> = true;
+~~~
+
+* mettre à jour le channel
+
+~~~
+nix-channel --add  https://nixos.org/channels/nixos-unstable nixos
+nix-channel --update
+~~~
+
+* faire la mise à jour
+
+~~~
+make
+~~~
+
+## pour le passage de 16.03 à 16.09
+
+* mettre le dépôt base sur la branche upgrade-16.09
+* changer le channel nixos : ```nix-channel --add https://nixos.org/channels/nixos-16.09 nixos```
+* activer x11 dans le configuration.nix
+
+~~~
+services.xserver.enable = true;
+~~~
+
+* remplacer le bootloader si gummiboot était utilisé
+
+~~~
+boot.loader.gummiboot.enable = true;
+~~~
+
+devient
+
+~~~
+boot.loader.systemd-boot.enable = true;
+~~~
+
+Pour résoudre les soucis d'upgrade, il est conseillé :
+* de désactiver tous les imports (sauf `hardware.nix`)
+* d'ajouter `.../localisation.nix` dans les imports sous peine d'être en clavier US
+* d'ajouter ```nixpkgs.config.allowUnfree = true;```
+* d'ajouter `vim` aux paquets
+* de réactiver petit à petit les lignes désactivées
+
+
+# Installation sur machine chez online.net
+
+* https://nixos.org/wiki/Install_NixOS_on_Online.Net
+* https://nixos.org/wiki/Install_NixOS_on_Linode
+
+
+## Installation selon config online
+
+* commander serveur
+* lancer la procédure d'installation avec ubuntu LTS 64bits
+* partitionner le disque avec l'interface web
+* lancer l'installation de l'os.
+* attendre que la procédure standard d'installation d'online ait terminée
+* lorsque l'install est finie, dans l'onglet "Etat" se trouve l'option "Secours"
+
+## Transformation en NixOS
+
+* relancer la machine en mode "Secours"
+* choisir un linux 64bits (préférence pour ubuntu LTS)
+* le système de boot donne des identifiants SSH pour le connecter à la machine
+
+* se connecter à la machine
+* passer en root
+
+~~~bash
+sudo su -
+~~~
+
+* formater les partitions
+
+~~~bash
+mkfs.ext4 -L nixos /dev/sda1
+swapoff -a
+mkswap /dev/sda2
+swapon -a
+~~~
+
+* monter les partitions dans /mnt
+
+~~~bash
+mount /dev/sda1 /mnt/
+mkdir /mnt/etc/
+mkdir /mnt/etc/nixos
+mkdir /etc/nixos
+mkdir /mnt/nix
+mkdir /nix
+mount --bind /mnt/nix/ /nix
+mkdir /mnt/tmp
+mount --bind /mnt/tmp /tmp
+~~~
+
+
+* installer les paquets nécessaires
+
+~~~bash
+apt-get install bzip2 git byobu htop glances
+~~~
+
+* création d'utilisateur (n'importe quil mot de passe)
+
+~~~bash
+adduser nix
+groupadd -r nixbld
+for n in $(seq 1 10); do useradd -c "Nix build user $n" -d /var/empty -g nixbld -G nixbld -M -N -r -s "$(which nologin)" nixbld$n; done
+~~~
+
+* mise-à-jour des certificats
+
+~~~bash
+update-ca-certificates
+~~~
+
+* installer nix
+
+~~~bash
+chown -R nix /nix /tmp
+su - nix
+bash <(curl https://nixos.org/nix/install)
+exit
+~~~
+
+* créer un profil nix pour root & un channel
+
+~~~bash
+. ~nix/.nix-profile/etc/profile.d/nix.sh
+nix-channel --remove nixpkgs
+nix-channel --add https://nixos.org/channels/nixos-unstable nixos
+nix-channel --update
+~~~
+
+* installer un editeur de texte
+
+~~~bash
+nix-env -i vim_configurable
+~~~
+
+* installation de nixos-install
+
+~~~bash
+cat <<EOF > /root/configuration.nix
+{ fileSystems."/" = {};
+  boot.loader.grub.enable = false;
+}
+EOF
+export NIX_PATH=nixpkgs=/root/.nix-defexpr/channels/nixos:nixos=/root/.nix-defexpr/channels/nixos/nixos
+export NIXOS_CONFIG=/root/configuration.nix
+nix-env -i -A config.system.build.nixos-install \
+       -A config.system.build.nixos-option \
+       -A config.system.build.nixos-generate-config \
+       -f "<nixos>"
+~~~
+
+* configuration de NixOS
+
+si la machine existe déjà, cloner le dépôt dans /mnt/etc/nixos
+pour cela, créer clef ssh et l'ajouter sur la forge
+
+~~~bash
+ssh-keygen -t ed25519
+cp ~/.ssh/id_ed25519* /mnt/etc/nixos/
+
+git clone <>
+git submodule init
+git submodule update
+~~~
+
+* monter /etc/nixos vers /mnt/etc/nixos pour que la config clonée fonctionne
+
+~~~bash
+mount --bind /mnt/etc/nixos/ /etc/nixos/
+~~~
+
+* mettre à jour la configuration matérielle
+
+~~~bash
+export NIX_PATH=nixpkgs=/root/.nix-defexpr/channels/nixos:nixos=/root/.nix-defexpr/channels/nixos/nixos
+nixos-generate-config --root /mnt
+~~~
+
+* vérifier le /mnt/etc/nixos/configuration.nix
+
+notamment le périphérique utilisé par grub
+
+* installer le système sur le disque
+
+~~~bash
+unset NIXOS_CONFIG
+nixos-install
+~~~

activation-manuelle/auto-upgrade.nix

@@ -1,7 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  # Automatic update & automatic clean
-  system.autoUpgrade.enable = true;
-  nix.gc.automatic = true;
-}

activation-manuelle/locate.nix

@@ -1,11 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  imports = [
-  ];
-
-  services.locate= {
-    enable = true;
-    interval = "hourly";
-  };
-}

activation-manuelle/nix-serve-client.nix

@@ -1,7 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  # Cache http pour le store
-  nix.requireSignedBinaryCaches = false;
-  nix.binaryCaches = [ "http://192.168.10.169:5000" ];
-}

activation-manuelle/nix-serve.nix

@@ -1,7 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  # Cache http pour le store
-  services.nix-serve.enable = true;
-  networking.firewall.allowedTCPPorts = [5000];
-}

activation-manuelle/swap.nix

@@ -1,11 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-
-  # https://en.wikipedia.org/wiki/Swappiness
-  boot.kernel.sysctl = {
-    # le swap est activé (!= 0)
-    # le swap est utilisé lorsque (100 - x) % de la mémoire est déja allouée
-    "vm.swappiness" = 10;
-  };
-}

applications/graphical/adminsys.nix

@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.graphical {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+     # Gestion de FS
+     gparted       # Gestion graphique de partitions
+     unetbootin    # création de clefs USB bootables
+
+     # visualisation de log
+     #logstalgia
+  ];
+}

applications/graphical/bureau.nix

@@ -0,0 +1,56 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf currentMachine.profiles.isDesktopEnvironment {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    # Environement de bureau
+    arandr          # interface graphique pour xrandr
+    wmname          # pour définir le nom du gestionnaire de fenêtre (utile pour java)
+    #kde4.ksnapshot # capture d'écran
+    xclip           # manipulation du clipboard X depuis la console
+    xorg.xbacklight # pour gérer la luminosité de l'écran
+    xorg.xev        # pour repérer les codes + noms standard des actions clavier/souris
+    xorg.xkill      # pour 'tuer une application'
+
+    ## Gestionnaire de fenêtre & Thème
+    gnome3.adwaita-icon-theme  # thème d'icone - semble fonctionner avec spaceFM
+
+    ## Manipulation de fichier
+    #kde5.dolphin          # gestionnaire de fichiers graphique
+    #kde5.dolphin-plugins  # gestionnaire de fichiers graphique
+    pcmanfm               # gestionnaire de fichiers graphique
+    #vifm                  # gestionnaire de fichiers basé sur VIM (console)
+
+    ## Terminal
+    kitty                  # terminal avec rendu par GPU
+    sakura                # terminal
+  ];
+
+  # Polices supplémentaires
+  fonts.fonts = with pkgs; [
+    fira            # police créée pour Firefox
+    fira-code       # idem fira-mono + ligatures pour la programmation
+    fira-mono       # dérivée de fira en monospace
+    font-awesome_5  # Jeux de police, utilisé avec Latex
+    hack-font       # police monospace créée explicitement pour coder
+    hasklig         # police dérivée de source-code-pro mais avec des ligatures
+    jetbrains-mono  # police spécial développeurs par Jetbrains
+  ];
+  fonts.fontconfig.defaultFonts = {
+    monospace = [ "JetBrains Mono" ];
+  };
+
+  programs = {
+    slock.enable = true;
+    spacefm.enable = true;
+    udevil.enable = true;
+  };
+}

applications/graphical/bureautique.nix

@@ -0,0 +1,37 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf (flags.officeSuite && flags.graphical) {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    # Bureautique
+    gnumeric      # tableur
+    #kde4.ksnapshot# réalisation de capture d'écran
+
+    ## Cartes mentales
+    freemind
+
+    ## Diagrammes & Schémas
+    dia           # dessin & schéma technique
+
+    ## Editeur de texte
+    #lyx          # surcouche WISIWIM à LaTeX
+    #focuswriter  # outil pour l'écriture
+    #textadept     # un éditeur de texte facile pour copier-coller graphique
+    #zim          # outil de prise de notes, wiki de bureau
+
+    ## Visionneuse
+    #kde5.okular   # pdf
+    #mcomix        # livres (cbr, liste d'images), gestion d'une bibliothèque # Supprimé dans NixOS 20.03
+    pdfpc         # pdf
+    qpdfview      # pdf
+    gqview        # visionneuse image & gestion basique de collection
+  ];
+}

applications/graphical/cao.nix

@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf (flags.conception-assistee && flags.graphical) {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    # CAO
+    ## Modélisation 3D
+    freecad   # modélisation de pièces en 3D
+    povray    # Rendu tracé de rayon, utilisé dans freecad
+
+    ## Électricité & Électronique
+    fritzing  # schéma de câblages "jolis"
+    kicad     # ensemble d'outils de conception électronique
+    qucs      # simulateur de circuits électroniques
+  ];
+}

applications/graphical/cartographie.nix

@@ -0,0 +1,19 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf (flags.cartographie && flags.graphical) {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    # Gestion de données géographiques
+    josm          # outil de contribution à OpenStreetMap
+    #qgis         # client lourd de manipulation de données géographiques
+    viking        # analyse de topo, gestion de données GPS
+  ];
+}

applications/graphical/client-internet.nix

@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf (flags.internetSuite && flags.graphical) {
+
+# Paquets
+environment.systemPackages = with pkgs; [
+    # Clients Internet
+
+    ## Navigateur
+    chromium
+    firefox
+
+    ## Mail & Discussion (texte, audio)
+    claws-mail
+    hexchat
+    quasselClient
+    mumble
+    pidgin
+    thunderbird
+
+    # Transfert de fichier
+    filezilla
+    transmission-gtk
+    transmission-remote-gtk
+  ];
+}

applications/graphical/default-applications.nix

@@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf (true && flags.graphical) {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+  ];
+}

applications/graphical/default.nix

@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+let
+  #inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+{
+  imports = [
+    # installées systématiquement
+    ./default-applications.nix
+
+    # commandées par config-generator
+    ## option de configuration spécifique
+    ./cao.nix                   # de conception assisté par ordinateur & modélisation
+    ./cartographie.nix          # manipuler les données géographiques & cartes
+    ./developpement.nix         # développer des programmes/scripts
+    ./developpement-elm.nix     # développer en elm
+    ./developpement-haskell.nix # développer en haskell
+    ./developpement-java.nix    # développer en java
+    ./developpement-jetbrains.nix # outils jetbrains
+    ./developpement-rust.nix    # développer en rust
+    ./edition-musique.nix       # modifier les fichiers musicaux
+    ./edition-photo.nix         # modifier les photos & assimilé
+    ./edition-video.nix         # modifier les vidéos
+    ./jeux.nix                  # jouer, tout simplement ;)
+    ./radio.nix                 # outils pour faire de la radio SDR
+
+    ## if isDesktop
+    ./adminsys.nix              # pour gérer le système dans son ensemble et les services
+    ./bureau.nix                # éléments pour avoir un environement graphique minimal utilisable
+    ./bureautique.nix           # dédiée à la bureautique (traitement de texte, dessin, ...)
+    ./client-internet.nix       # pour accéder & utiliser des ressources par le réseau
+    ./multimedia.nix            # pour gérer le son, l'image et la vidéo
+    ./network.nix               # de gestion, de diagnostique & surveillance réseau
+    ./securite.nix              # relatives à la sécurité (chiffrement, gpg, mots de passe, ...)
+  ];
+}

applications/graphical/developpement-elm.nix

@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf (flags.developpement-elm && flags.graphical) {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+  ];
+
+  # Services
+
+  # Réseau
+  networking.firewall = {
+    allowedTCPPorts = [
+    ];
+    allowedUDPPorts = [
+    ];
+  };
+}

applications/graphical/developpement-haskell.nix

@@ -0,0 +1,18 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf (flags.developpement-haskell && flags.graphical) {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+  ] ++ (with pkgs.haskellPackages; [
+    # Haskell lib
+    #threadscope     # visualisation des threads (<bidule>.eventlog)
+  ]);
+}

applications/graphical/developpement-java.nix

@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf (flags.developpement-java && flags.graphical) {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    # IDE
+    jetbrains.idea-community # IntelliJ IDEA
+  ];
+}

applications/graphical/developpement-jetbrains.nix

@@ -0,0 +1,19 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf (flags.jetbrains-licensed && flags.graphical) {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    jetbrains.idea-ultimate
+    jetbrains.clion
+    jetbrains.datagrip
+    jetbrains.pycharm-professional
+  ];
+}

applications/graphical/developpement-rust.nix

@@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf (flags.developpement-rust && flags.graphical) {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+  ];
+}

applications/graphical/developpement.nix

@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf (flags.developpement && flags.graphical) {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    # Base de données
+    #pgadmin             # interface d'administration de postgres ***plus à jour, version openssl dépréciée***
+    #sqlitebrowser       # interface d'administration de sqlite
+
+    # Documentation
+    #zeal                # consulter la documentation hors ligne
+
+    # Gestion des sources
+    #gitg               # interface pour utiliser git (historique, commit)
+    gitstats            # génère un site web statique avec des statistiques
+    git-cola            # interface pour utiliser git (historique, commit)
+
+    ## Visualisation & outils de diff
+    #gource              # visualisation en mouvement de l'historique git
+    meld                # outil de comparaison graphique
+
+    # Editeur texte
+    atom
+  ];
+}

applications/graphical/edition-musique.nix

@@ -0,0 +1,19 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf (flags.edition-musique && flags.graphical) {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    #
+    audacity      # montage audio
+    easytag       # gestion des métadonnées des fichiers musicaux
+    picard        # gestion des métadonnées des fichiers musicaux
+  ];
+}

applications/graphical/edition-photo.nix

@@ -0,0 +1,22 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf (flags.edition-photo && flags.graphical) {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    # Retouche, modification & dessin vectoriel
+    gimp          # logiciel d'édition/montage/retouche photo
+    inkscape      # édition d'image vectorielle (svg & autre)
+    #rawtherapee  # développemen de photos en RAW
+
+    # TEST d'outil de gestion de catalogue de photos
+    #kde4.digikam  # gestionnaire de bibliothèque de photo
+  ];
+}

applications/graphical/edition-video.nix

@@ -0,0 +1,18 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf (flags.edition-video && flags.graphical) {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    # Vidéo
+    #cinelerra     # editeur video
+    pitivi        # montage vidéo
+  ];
+}

applications/graphical/jeux.nix

@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf (flags.jeux && flags.graphical) {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    # Jeux
+    urbanterror
+  ];
+}

applications/graphical/multimedia.nix

@@ -0,0 +1,18 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf (flags.multimediaSuite && flags.graphical) {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    ## Video
+    smplayer      # lecteur vidéo
+    vlc           # lecteur vidéo
+  ];
+}

applications/graphical/network.nix

@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf (true && flags.graphical) {
+
+  # Diagnostic réseau Wireshark (droits fins par le groupe wireshark)
+  programs.wireshark = {
+    enable = true;
+    package = pkgs.wireshark;
+  };
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+  ];
+}

applications/graphical/radio.nix

@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf (flags.radio && flags.graphical) {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    ## GUI
+    chirp                   # Configuration de radios portatives
+    gqrx                    # GUI
+    cubicsdr                # Another GUI
+    gnuradio-with-packages  # Software Defined Radio (SDR) software
+
+    ## A Trier
+    #inspectrum    # Tool for analysing captured signals from sdr receivers
+  ];
+
+  nixpkgs.config.permittedInsecurePackages = [
+    "python2.7-Pillow-6.2.2"
+  ];
+}

applications/graphical/securite.nix

@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf (flags.securitySuite && flags.graphical) {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    gnome3.seahorse # gestionnaire graphique de clef GPG
+    #yubikey-personalization-gui # utilisation de la clef Yubikey
+  ];
+}

applications/overrides.nix

@@ -0,0 +1,48 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf true {
+
+  nixpkgs.config.packageOverrides = pkgs: {
+    claws-mail = pkgs.claws-mail.override {
+      enablePgp = true;
+      enablePluginArchive = true;
+      #enablePluginFancy = false; # nécessite wekitgtk qui est troué # Option supprimée dans NixOS 20.03
+      enablePluginPdf = true;
+      enablePluginRavatar = true;
+      enablePluginSmime = true;
+      enablePluginVcalendar = true;
+      enableSpellcheck = true;
+    };
+
+    ffmpeg-full = pkgs.ffmpeg-full.override {
+      nonfreeLicensing = true;
+      nvenc  = true;
+    };
+
+    # bug connu : https://nixos.org/nix-dev/2014-December/015225.html
+    # find /nix/store/  -maxdepth 1 -type d -name "*gnuradio-*"
+    # Commande pour générer le path : find /nix/store/  -maxdepth 1 -type d -name "*gnuradio-*"|paste -d: -s -
+    gnuradio-with-packages = pkgs.gnuradio-with-packages.override {
+      extraPackages = with pkgs; [
+        gnuradio-ais
+        gnuradio-gsm
+        gnuradio-nacl
+        gnuradio-osmosdr    # support des dongle Realtek
+        gnuradio-rds        # support du décodage de RDS sur les radio FM
+      ];
+    };
+
+    mumble = pkgs.mumble.override { pulseSupport = true; };
+  };
+
+  #nixpkgs.config.permittedInsecurePackages = [
+  #  "webkitgtk-2.4.11"       # pour que le plugin fancy de claws-mail fonctionne
+  #];
+}

applications/terminal/adminsys.nix

@@ -0,0 +1,58 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf true {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    # Adminsys
+    bind          # utilisé pour les utilitaires comme dig
+    cowsay        # pour ansible & 4lulz
+    dhcp          # client dhcp
+    iotop
+    lm_sensors
+    lshw
+    lsof
+    ntp
+    powerline-fonts
+    powertop
+    #ansible
+    glances
+    pv            # afficher le débit d'un flux     dd if=/dev/zero | pv | dd of=/dev/null
+    sysstat       # pour la commande "iostat -x -1" de monitoring d'activité disque
+    usbutils
+
+    # Backup
+    duplicity     # création de sauvegarde chiffrées (GPG)
+    par2cmdline   # outil de récupération de fichiers corrompus - .par2
+
+    # Compression
+    lz4
+    lzop
+
+    # Système de fichier
+    ## Montage de filesystem
+    curlftpfs     # ftp
+    exfat         # Pour monter les FAT avec Fuse
+    hubicfuse     # montage hubic
+    ntfs3g        # ntfs
+    samba         # partages windows
+    squashfsTools # squashfs
+    sshfs-fuse    # ssh
+
+    ## Gestion de FS
+    nfs-utils
+
+    ## Exploitation FS
+    inotify-tools # être notifié lorsque le contenu d'un répertoire change
+    detox			    # The detox utility renames files to make them easier to work with.
+    duff          # outil de recherche de fichiers en doublons
+    #rdfind        # recherche de fichiers doublons pour remplacement par hard/soft link
+  ];
+}

applications/terminal/bureau.nix

@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf true {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    ## Manipulation de fichier
+    vifm            # gestionnaire de fichiers basé sur VIM (console)
+  ];
+}

applications/terminal/bureautique.nix

@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.officeSuite {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    # Bureautique
+    aspell aspellDicts.fr         # correction d'ortographe
+    python39Packages.grammalecte  # correction gramatical
+
+    # Gestion de tâche
+    taskwarrior     # gestionnaire de tâches en console
+
+    ## Convertisseurs (texte -> <autre format>)
+    gnuplot       # générateur de graphes à partir de données numériques
+    graphviz      # dot, neato : traçage de graphes (carré, rond)
+    #jekyll       # générateur statique de site web
+    #odpdown      # conversion md -> presentation ODP : https://github.com/thorstenb/odpdown
+    pandoc
+    #haskellPackages.pandoc-citeproc # ***BROKEN***
+    texlive.combined.scheme-full # distribution LaTeX
+    #texLive       # distribution LaTeX de base
+    #texLiveBeamer # paquets et extensions pour Beamer
+    #texLiveModerncv # paquets pour la classe Modern CV
+  ];
+}

applications/terminal/cao.nix

@@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.conception-assistee {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+  ];
+}

applications/terminal/cartographie.nix

@@ -0,0 +1,18 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.cartographie {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    # Gestion de données géographiques
+    expat
+    gpsbabel      # pour convertir les données des GPS
+  ];
+}

applications/terminal/client-internet.nix

@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.internetSuite {
+
+# Paquets
+environment.systemPackages = with pkgs; [
+    # Clients Internet
+
+    ## Réseaux sociaux
+    #turses                            # client twitter en ncurse
+    #python39Packages.rainbowstream    # client twitter en console
+    #rtv                               # client reddit en console
+
+    ## Mail & Discussion (texte, audio)
+    mutt
+
+    ## Sauvegarde nuagique (cloud storage)
+    #rclone
+
+    ## P2P
+    rtorrent      # outil de téléchargement de torrent & magnet
+  ];
+}

applications/terminal/default-applications.nix

@@ -0,0 +1,73 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf true {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+      byobu         # permet de se déconnecter d'un terminal sans l'arréter
+      tig gti lazygit # outil de gestion de version
+      gnumake       # pour décrire les recettes de compilation
+      gnupg         # GPG
+      htop          # monitoring
+      lsb-release   # pour les scripts qui utilisent cet outil (dont byobu)
+      #libressl      # librairie pour faire du TLS et les algorithmes de crypto par OpenBSD
+      ncdu          # outil pour voir l'espace utilisé
+      p7zip         # compression de fichier
+      parted        # partitionnement de disque
+      pciutils
+      pinentry      # pour taper les mots de passe gpg
+      psmisc        # fournis les utilitaires comme killall, fuser, pstree
+      #python        # python -- python -m SimpleHTTPServer 8000
+      shared-mime-info  # MIME info
+      tmux          # nécessaire pour byobu
+      tree          # affiche une arborescence de fichiers et dossiers
+      usbutils
+      wget          # client HTTP console
+      which         # pour connaitre le chemin d'un exécutable
+  ];
+  programs = {
+    fish.enable = true;
+    gnupg.agent.enable = true;
+    git = {
+      enable = true;
+      package = pkgs.gitFull;
+      config = {
+        # http://www.git-attitude.fr/2014/09/15/30-options-git-qui-gagnent-a-etre-connues/
+        color = {
+          diff = "auto";
+          branch = "auto";
+          interactive = "auto";
+          pager = true;
+          showbranch = "auto";
+          status = "auto";
+        };
+        alias = {
+          a  = "add -p";
+          br = "for-each-ref --sort=committerdate refs/heads/ --format='%(committerdate:short)\t%(authorname)\t%(refname:short)'";
+          ci = "commit";
+          co = "checkout";
+          ff = "pull --ff-only";
+          oops = "commit --amend --no-edit";
+          # Show files ignored by git
+          ignored = "ls-files -o -i --exclude-standard";
+          ls = "ls-files";
+          st = "status";
+          # Logs
+          lol = "log --graph --decorate --pretty=oneline --abbrev-commit";
+          lola = "log --graph --decorate --pretty=oneline --abbrev-commit --all";
+          not-pushed = "log --branches --not --remotes";
+        };
+        push.default = "simple";
+        code.editor = "${pkgs.vim_configurable}/bin/vim";
+      };
+      lfs.enable = true;
+    };
+  };
+}

applications/terminal/default.nix

@@ -0,0 +1,41 @@
+{ config, lib, pkgs, ... }:
+
+let
+  #inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+{
+  imports = [
+    # installées systématiquement
+    ./default-applications.nix
+
+    # commandées par config-generator
+    ## option de configuration spécifique
+    ./cao.nix                   # de conception assisté par ordinateur & modélisation
+    ./cartographie.nix          # manipuler les données géographiques & cartes
+    ./developpement.nix         # développer des programmes/scripts
+    ./developpement-elm.nix     # développer en elm
+    ./developpement-haskell.nix # développer en haskell
+    ./developpement-java.nix    # développer en java
+    ./developpement-jetbrains.nix # outils jetbrains
+    ./developpement-rust.nix    # développer en rust
+    ./edition-musique.nix       # modifier les fichiers musicaux
+    ./edition-photo.nix         # modifier les photos & assimilé
+    ./edition-video.nix         # modifier les vidéos
+    ./jeux.nix                  # jouer, tout simplement ;)
+    ./radio.nix                 # outils pour faire de la radio SDR
+    ./vim.nix                   # vim avec plugins
+
+    ## if isDesktop
+    ./adminsys.nix              # pour gérer le système dans son ensemble et les services
+    ./bureau.nix                # éléments pour avoir un environement graphique minimal utilisable
+    ./bureautique.nix           # dédiée à la bureautique (traitement de texte, dessin, ...)
+    ./client-internet.nix       # pour accéder & utiliser des ressources par le réseau
+    ./multimedia.nix            # pour gérer le son, l'image et la vidéo
+    ./network.nix               # de gestion, de diagnostique & surveillance réseau
+    ./securite.nix              # relatives à la sécurité (chiffrement, gpg, mots de passe, ...)
+  ];
+}

applications/terminal/developpement-elm.nix

@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.developpement-elm {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    elmPackages.elm
+  ];
+
+  # Services
+
+  # Réseau
+  networking.firewall = {
+    allowedTCPPorts = [
+    ];
+    allowedUDPPorts = [
+    ];
+  };
+}

applications/terminal/developpement-haskell.nix

@@ -0,0 +1,36 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.developpement-haskell {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    # Haskell platform
+    cabal-install         # fournis cabal
+    cabal2nix             # convertir les .cabal en .nix
+    ghc                   # pour les appels depuis les scripts
+    stack                 # pour les paquets en LTS de stackage
+  ] ++ (with pkgs.haskellPackages; [
+    # Haskell lib
+    autoproc              # ? procmail
+    #brittany              # formatteur de code
+    #darcs                 # gestionnaire de version éponyme
+    #ghc-mod               # outil d'analyse de code haskell utilisé par IDE
+    #hindent               # indentation code ***BROKEN***
+    hlint                 # qualite de code, analyse statique de code + astuces & bonnes pratiques
+    #postgrest            # mapper HTTP <-> PostgreSQL
+    servant               # génération d'API REST
+    stylish-haskell       # qualité de code
+    turtle                # genre shell-scripting
+
+    # Application perso
+    #hahp
+    #pandoc-filter-graphviz # filtre pour utiliser graphviz à partir de pandoc ***BROKEN***
+  ]);
+}

applications/terminal/developpement-java.nix

@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.developpement-java {
+
+  # Installe le paquet + JAVA_HOME
+  programs.java = {
+    enable = true;
+  };
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    # Systèmes de build autour de java
+    ant
+    maven
+    gradle
+  ];
+}

applications/terminal/developpement-jetbrains.nix

@@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.jetbrains-licensed {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+  ];
+}

applications/terminal/developpement-rust.nix

@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.developpement-rust {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    # Rust
+    cargo               # récupération des dépendances + compilation projet rust
+    rustc               # pour les appels depuis les scripts
+    rustup              # outil de configuration de toolchain rust
+    crate2nix           # génère les fichiers de build Nix dans un projet Rust
+  ];
+}

applications/terminal/developpement.nix

@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.developpement {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    # Build / outil de construction
+    autobuild
+    autoconf
+    automake
+
+    # Base de données
+    pg_top                 # monitoring de PostgreSQL
+    sqlite                 # le moteur de base de données
+
+    # C / C++
+    gcc                    # pour les appels depuis les scripts
+
+    # Gestion des sources
+    cloc                   # outil pour compter les lignes de code source
+    mercurial
+    subversion
+
+    # spécification
+    plantuml               # diagrammes UML et plus si affinité
+
+    # Mono
+    #mono46                # interpréteur .NET
+
+    ## Visualisation & outils de diff
+    #vbindiff              # diff de fichier hexadecimaux avec vim
+  ];
+}

applications/terminal/edition-musique.nix

@@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.edition-musique {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+  ];
+}

applications/terminal/edition-photo.nix

@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.edition-photo {
+
+  # Paquets
+environment.systemPackages = with pkgs; [
+    # Méta données
+    exif
+    exiftags
+
+    # Retouche, modification & dessin vectoriel
+    imagemagick   # modification image en CLI
+  ];
+}

applications/terminal/edition-video.nix

@@ -0,0 +1,16 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.edition-video {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    ffmpeg-full   # assemblage de flux audio & video en ligne de commande
+  ];
+}

applications/terminal/jeux.nix

@@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.jeux {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+  ];
+}

applications/terminal/multimedia.nix

@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.multimediaSuite {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    ## Audio
+    beep
+    cmus          # lecteur audio console
+    espeak        # synthèse vocale
+    vorbis-tools  # codec
+  ];
+}

applications/terminal/network.nix

@@ -0,0 +1,39 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf true {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    # Outils réseau
+    iperf         # outil de mesure de la qualité du réseau
+    iptraf-ng     # outil de mesure de la qualité du réseau
+    nload         # affichage de statisques d'utilisation instantannées du réseau
+    inetutils
+
+    ## Diagnostic
+    arp-scan
+    #mtr  -> installé plus bas
+    nmap          # outil de scan de port réseau
+    whois
+  ];
+
+  # https://github.com/NixOS/nixpkgs/issues/30335
+  # Some programs need SUID wrappers, can be configured further or are started in user sessions.
+  programs.mtr.enable = true;
+
+  networking.firewall = {
+    allowedTCPPorts = [
+      5201 # iperf
+    ];
+    allowedUDPPorts = [
+      5201 # iperf
+    ];
+  };
+}

applications/terminal/radio.nix

@@ -0,0 +1,29 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.radio {
+
+# pour que ça marche
+# sudo rmmod dvb_usb_rtl28xxu
+
+# lecture radio FM
+# rtl_fm -f 96.9e6 -M wbfm -s 440000 -r 44100 - | aplay -r 44100 -f S16_LE
+# rtl_fm -f 96.95e6 -M wbfm -s 441000 -r 44100 - | aplay -r 44100 -f S16_LE -t raw -c 1
+# rtl_fm -f 96.95e6 -M wbfm -s 441000 -r 44100 -E deemp - |pv| aplay -r 44100 -f S16_LE -t raw -c 1
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    gnss-sdr    # Global Navigation Satellite Systems software-defined receiver
+    liquid-dsp  # Digital signal processing library for software-defined radios
+    rtl-sdr     # Turns your Realtek RTL2832 based DVB dongle into a SDR receiver
+    dump1090    # Listen to planes ADS-B and view them on a map
+  ];
+
+  hardware.rtl-sdr.enable = true;
+}

applications/terminal/securite.nix

@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.securitySuite {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    pass            # gestionnaire de mots de passe
+    pwgen           # générateur de mots de passe
+  ];
+}

applications/terminal/vim.nix

@@ -0,0 +1,28 @@
+{pkgs, ... }:
+
+let
+  myVim = pkgs.vim_configurable.customize {
+    # Specifies the vim binary name.
+    # E.g. set this to "my-vim" and you need to type "my-vim" to open this vim
+    # This allows to have multiple vim packages installed (e.g. with a different set of plugins)
+    name = "vim";
+    vimrcConfig.customRC = builtins.readFile ./vimrc;
+    vimrcConfig.packages.myVimPackage = with pkgs.vimPlugins; {
+      start = [
+        wombat256-vim
+      ];
+      opt = [
+        elm-vim
+        vim-fish
+        vim-nix
+        vimwiki
+      ];
+    };
+  };
+
+in {
+  programs.vim = {
+    defaultEditor = true;
+    package = myVim;
+  };
+}

applications/terminal/vimrc

@@ -2,6 +2,9 @@
 " This must be first, because it changes other options as a side effect.
 set nocompatible
 
+filetype plugin on
+syntax on
+
 " allow backspacing over everything in insert mode
 set backspace=indent,eol,start
 
@@ -32,3 +35,10 @@ if &t_Co > 8
     let &colorcolumn="80,".join(range(120,999),",")
     highlight ColorColumn ctermbg=235 guibg=#2c2d27
 endif
+
+" vim hardcodes background color erase even if the terminfo file does
+" not contain bce (not to mention that libvte based terminals
+" incorrectly contain bce in their terminfo files). This causes
+" incorrect background rendering when using a color theme with a
+" background color.
+let &t_ut=''

base.nix

@@ -1,13 +1,18 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
 {
   imports = [
-    #./activation-manuelle/auto-upgrade.nix
-    #./activation-manuelle/locate.nix
-    #./activation-manuelle/swap.nix
-    ./environment.nix
-    ./localisation.nix
-    ./networking.nix
-    ./services.nix
+    # moulinette de configuration
+    /*./config-generator.nix*/
+    ./options.nix
+
+    # Redéfinition d'applications et de modules
+    ./applications/overrides.nix
+
+    # subfolders
+    ./applications/graphical/default.nix
+    ./applications/terminal/default.nix
+    ./configuration/default.nix
+    ./services/default.nix
   ];
 }

byobu-adminsys

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+SESSION_NAME="Adminsys"
+PROJECT_DIR="/etc/nixos"
+PROJECT_MODULES=$(cd $PROJECT_DIR && git submodule --quiet foreach 'echo $path')
+HEAD_ADDITIONNAL_TABS="git config"
+TAIL_ADDITIONNAL_TABS="glances htop"
+
+# création de la session
+byobu new-session -d -s ${SESSION_NAME} -n 'run' -c ${PROJECT_DIR};
+
+# définition des onglets
+
+## onglets courants au début. Positionnés dans dossier projet
+for i in ${HEAD_ADDITIONNAL_TABS}
+do
+    byobu new-window -n ${i} -c ${PROJECT_DIR};
+done
+
+## onglets spécifiques au projet. Positionnés dans les dossiers enfants
+for i in ${PROJECT_MODULES}
+do
+    byobu new-window -n ${i} -c ${PROJECT_DIR}/${i};
+done
+
+## onglets courants à la fin. Positionnés dans dossier projet. Lance la commande du même nom que l'onglet
+for i in ${TAIL_ADDITIONNAL_TABS}
+do
+    byobu new-window -n ${i} -c ${PROJECT_DIR} ${i};
+done
+
+# affiche la session
+byobu -2 attach-session -t ${SESSION_NAME};
+

config-generator.nix

@@ -0,0 +1,55 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkEnableOption mkIf mkMerge mkOption singleton types;
+  cfg = config.r6d.config-generator;
+  pfl = config.r6d.profiles;
+  comp = config.r6d.computers;
+  host = config.networking.fqdn;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+{
+# TODO camel case partout
+# TODO everything in english
+# TODO sortir ce qui est privé
+  ###### interface
+
+  options = {
+    #* Utilisé pour avoir des raccourcis de machine
+    r6d.computers = {
+      isNomade    = mkEnableOption "Identification du nom de machine.";
+    };
+  };
+
+  ###### implementation
+  # https://nixos.org/releases/nixos/14.12-small/nixos-14.12.374.61adf9e/manual/sec-writing-modules.html
+  # https://nixos.org/wiki/NixOS:extend_NixOS
+  config = mkMerge
+  [
+    ## Définition des profils génériques
+    # /!\ PAS un serveur
+    (mkIf (!pfl.isServer || comp.isMonstre) {
+      r6d.config-generator = {
+        dns_resolveur = true;
+      };
+    })
+
+    ## Affectation des profils aux machines
+
+    # Dubro Vivo - St Malo
+    #tincAddress = "192.168.12.8/24";
+
+    (mkIf comp.isNomade{
+      networking.hostName = "nomade"; # Define your hostname.
+      networking.domain = "dubronetwork.fr";
+      r6d.profiles.isDubronetwork = true;
+
+      r6d.config-generator = {
+        laptop = true;
+      };
+    })
+  ];
+}

configuration/awesome.nix

@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+# TODO: rc.lua par défaut (système)
+mkIf flags.awesome {
+
+  environment.variables = {
+    # Export the current path for the awesome derivation, useful for users rc.lua
+    # Example usage in rc.lua :
+    #
+    #   config = {}
+    #   config.dir = os.getenv("AWESOME_CONFIG_DIR")
+    #   beautiful.init(config.dir .. "/share/awesome//themes/zenburn/theme.lua")
+    #
+    AWESOME_CONFIG_DIR = "${pkgs.awesome}";
+  };
+
+  environment.etc."xdg/awesome/rc.lua".text = builtins.readFile ./../public/config-awesome-4-rc.lua;
+}

configuration/bash-prompt.sh

@@ -1,4 +1,7 @@
-# Définition des couleurs du prompt
+# Git information in prompt
+. /run/current-system/sw/share/bash-completion/completions/git-prompt.sh
+
+# Prompt colors
 if [[ $(tput colors) -ge 256 ]] 2>/dev/null; then
     PS1_USER='\[$(tput setaf 27)\]'
     PS1_HOST='\[$(tput setaf 37)\]'
@@ -18,10 +21,12 @@ fi
 BOLD='\[$(tput bold)\]'
 RESET='\[$(tput sgr0)\]'
 
-# Définition du prompt
+# Username or red color if root
 if [ $UID = 0 ]; then
     PS1_ID=$PS1_ROOT
 else
     PS1_ID=$PS1_USER'\u'$PS1_MISC@$PS1_HOST
 fi
+
+# Prompt definition
 PS1=$RESET$BOLD$PS1_ID'\h '$PS1_PATH'\w'$PS1_GIT'$(__git_ps1)'"\n"$PS1_MISC'\$ '$RESET

configuration/default.nix

@@ -0,0 +1,28 @@
+{ config, lib, pkgs, ... }:
+
+let
+  #inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+{
+  imports = [
+
+    # installées systématiquement
+    ./environment.nix
+    ./localisation.nix
+    ./network.nix
+    #./network-ipv6.nix
+    ./u2f.nix
+    ./udev.nix
+
+    # commandées par config-generator
+    ## option de configuration spécifique
+    ./awesome.nix               # pour le gestionaire de fenêtres awesome
+    ./laptop.nix                    # appli & configuration adaptée pour un PC portable
+    ./nix-options.nix              # options de Nix (update, gc, optimisation)
+    ./swap.nix                      # définition de l'utilisation du swap
+  ];
+}

configuration/environment.nix

@@ -0,0 +1,64 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+{
+  # The NixOS release to be compatible with for stateful data such as databases.
+  system.stateVersion = "19.09";
+
+  # copies the NixOS configuration file (usually /etc/nixos/configuration.nix) and links it from the resulting system (getting to /run/current-system/configuration.nix)
+  system.copySystemConfiguration = true;
+
+  # On autorise les paquets non-libres
+  nixpkgs.config.allowUnfree = true;
+
+  # NixOS Hardening
+  #security.grsecurity.enable = true;
+
+  # Ménage de /tmp au boot
+  boot.cleanTmpDir = true;
+
+  # Activation des pages de manuel
+  documentation.man.enable = true;
+
+
+  # Paquets
+  environment = {
+    shellAliases = {
+      byobu = "byobu-tmux";
+      gpg = "gpg2";
+      jacques-a-dit = "sudo";
+      tree = "tree -C";
+      tree1 = "tree -d -L 1";
+      tree2 = "tree -d -L 2";
+      tree3 = "tree -d -L 3";
+      # https://gist.github.com/amitchhajer/4461043 : Count number of code lines in git repository per user
+      #git-loc = "git ls-files | while read f; do git blame --line-porcelain "${f}" | grep '^author '; done | sort -f | uniq -ic | sort -n";
+      grep = "grep --color=auto";
+      vi = "vim";
+      byobu-adminsys = "/etc/nixos/base/byobu-adminsys";
+    };
+  };
+  programs.bash = {
+    enableCompletion = true;
+    promptInit = builtins.readFile ./bash-prompt.sh;
+    interactiveShellInit = builtins.readFile ./bash-interactive-init.sh;
+  };
+
+  # https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern
+  programs.ssh.extraConfig = ''
+    # Ensure KnownHosts are unreadable if leaked - it is otherwise easier to know which hosts your keys have access to.
+    HashKnownHosts yes
+    # Host keys the client accepts - order here is honored by OpenSSH
+    HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
+
+    KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
+    MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
+    Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+  '';
+}

configuration/laptop.nix

@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.laptop {
+
+  # Gestion spécifique pour PC portable
+
+  ## Gestion de l'énergie
+  services.tlp.enable = true;
+
+  ## Activation d'un gestionnaire de réseau
+  networking.networkmanager.enable = true;
+
+  hardware.bluetooth = {
+    enable = true;
+    powerOnBoot = false;
+  };
+
+  # Gestion graphique du réseau dans la barre système
+  programs.nm-applet.enable = true;
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    wirelesstools           # fournis iwconfig
+    blueman                 # outils bluetooth (manager, system tray)
+    cbatticon               # status de la batterie dans le system tray
+  ];
+
+  # Services
+  services.blueman.enable = true;
+  services.xserver.libinput = {
+    enable = true;
+  };
+}

configuration/localisation.nix

@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf true {
+
+  # Select internationalisation properties.
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "fr";
+  };
+  i18n = {
+    defaultLocale = "fr_FR.UTF-8";
+  };
+
+  # Set your time zone.
+  time.timeZone = "Europe/Paris";
+}

configuration/network-ipv6.nix

@@ -1,29 +1,30 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
-{
-  # Définition des domaines utilisés lorsque un identifiant non-FQDN est donné (ping, nslookup)
-  networking = {
-    search = [
-      "dubronetwork.fr"
-      "prunetwork.fr"
-      "teleragno.fr"
-      "teleragno.net"
-    ];
-    dnsExtensionMechanism = true;
-  };
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf true {
 
   # Utilisation d'adresse IPv6 temporaire
-  
+
   ## https://blog.linitx.com/control-privacy-addressing-ipv6-linux/
   ## http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/x1092.html
 
   boot.kernel.sysctl = {
     "net.ipv6.conf.all.temp_prefered_lft" = 1800; # 30 min
-    "net.ipv6.conf.all.temp_valid_lft" = 3600; # 1 heure
+    "net.ipv6.conf.all.temp_valid_lft" = 43200; # 12 heures
     "net.ipv6.conf.all.use_tempaddr" = 2; # activé
 
     "net.ipv6.conf.default.temp_prefered_lft" = 3600; # 1 heure
     "net.ipv6.conf.default.temp_valid_lft" = 3600; # 1 heure
     "net.ipv6.conf.default.use_tempaddr" = 2; # activé
-    };
+
+    # Activation du routage
+    "net.ipv6.conf.all.forwarding" = true;
+    "net.ipv6.conf.default.forwarding" = true;
+  };
 }

configuration/network.nix

@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf true {
+
+  # fix: Hostname -s renvoie "Unknown host" alors que hostname renvoie la bonne valeur
+  #      Il s'avère que hostname vérifie la validité du FQDN et du reverse.
+  #      Fixer ces paramètres dans les hosts permet de faire tomber en marche
+  networking.extraHosts = ''
+    127.0.0.1   ${config.networking.fqdn} ${config.networking.hostName}
+  '';
+
+  # Activation du routage
+  boot.kernel.sysctl = {
+    "net.ipv4.conf.all.forwarding" = true;
+    "net.ipv4.conf.default.forwarding" = true;
+  };
+}

configuration/nix-options.nix

@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+{
+
+  # Automatic update & automatic clean
+
+  system.autoUpgrade.enable = flags.auto-upgrade;
+  nix = {
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+    settings = {
+      auto-optimise-store = true;
+      # Nombre de process d'installation en parrallèle effectués par Nix
+      cores = 0;
+    };
+    gc = {
+      automatic = true;
+      dates = "daily";
+      options = "--delete-older-than 7d";
+    };
+  };
+}

configuration/swap.nix

@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.swap {
+
+  # Gestion du swap
+
+  # https://en.wikipedia.org/wiki/Swappiness
+  boot.kernel.sysctl = {
+    # le swap est activé (!= 0)
+    # le swap est utilisé lorsque (100 - x) % de la mémoire est déja allouée
+    "vm.swappiness" = 10;
+  };
+}

configuration/u2f.nix

@@ -0,0 +1,41 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf true {
+  # Ajout du support des yobikey & hyperfido
+  ## source des valeurs udev : https://github.com/Yubico/libu2f-host/blob/master/70-u2f.rules
+
+  ## source car udev sur nixos semble ancien : https://raw.githubusercontent.com/Yubico/libu2f-host/master/70-old-u2f.rules
+  services.udev.extraRules = ''
+  # this udev file should be used with udev older than 188
+  ACTION!="add|change", GOTO="u2f_end"
+
+  # Yubico YubiKey
+  KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", GROUP="plugdev", MODE="0660"
+
+  # Happlink (formerly Plug-Up) Security KEY
+  KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", GROUP="plugdev", MODE="0660"
+
+  #  Neowave Keydo and Keydo AES
+  KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d", ATTRS{idProduct}=="f1d0|f1ae", GROUP="plugdev", MODE="0660"
+
+  # HyperSecu HyperFIDO
+  KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0880", GROUP="plugdev", MODE="0660"
+
+  LABEL="u2f_end"
+
+  SUBSYSTEM=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", GROUP="audio", MODE="0666", SYMLINK+="rtl_sdr"
+  '';
+
+  security.pam.u2f.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    libu2f-host
+  ];
+}

configuration/udev.nix

@@ -0,0 +1,18 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf false {
+  # Définition du IO Scheduler pour les SSD
+  services.udev.extraRules = ''
+  # set deadline scheduler for non-rotating disks
+  # according to https://wiki.debian.org/SSDOptimization, deadline is preferred over noop
+  ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="deadline"
+  '';
+
+}

environment.nix

@@ -1,56 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  # Nombre de process d'installation en parrallèle effectués par Nix
-  nix.buildCores = 0;
-
-  # The NixOS release to be compatible with for stateful data such as databases.
-  system.stateVersion = "16.03";
-
-  # On autorise les paquets non-libres
-  nixpkgs.config.allowUnfree = true;
-
-  # List packages installed in system profile. To search by name, run:
-  # $ nix-env -qaP | grep wget
-  environment = {
-    systemPackages = with pkgs; [
-      bind # utilisé pour les utilitaires comme dig
-      byobu
-      exfat # Pour monter les FAT avec Fuse
-      git gitAndTools.gitSVN gitAndTools.tig
-      gnumake
-      gnupg
-      gpm           # prise en charge de la souris en console
-      htop
-      ncdu
-      nmap
-      mtr
-      p7zip
-      parted
-      pciutils
-      python34Packages.glances
-      pwgen
-      tmux
-      tree
-      usbutils
-      (import ./vim.nix)
-      wget
-      which
-    ];
-    shellAliases = {
-      byobu = "byobu-tmux";
-      tree = "tree -C";
-      tree1 = "tree -d -L 1";
-      tree2 = "tree -d -L 2";
-      tree3 = "tree -d -L 3";
-      grep = "grep --color=auto";
-      vi = "vim";
-    };
-    etc.gitconfig.text = builtins.readFile ./gitconfig;
-  };
-  programs.bash = {
-    enableCompletion = true;
-    promptInit = builtins.readFile ./bash-prompt.sh;
-    interactiveShellInit = builtins.readFile ./bash-interactive-init.sh;
-  };
-}

gitconfig

@@ -1,23 +0,0 @@
-[color]
-    diff = auto
-    branch = auto
-    interactive = auto
-    pager = true
-    showbranch = auto
-    status = auto
-[alias]
-    a  = add -p
-    ci = commit
-    co = checkout
-    ff = pull --ff-only
-    # Show files ignored by git
-    ignored = ls-files -o -i --exclude-standard
-    ls = ls-files
-    st = status
-    # Logs
-    lol = log --graph --decorate --pretty=oneline --abbrev-commit
-    lola = log --graph --decorate --pretty=oneline --abbrev-commit --all
-[push]
-    default = simple
-[core]
-    editor = /usr/bin/env vim

iso-image/Makefile.installation

@@ -0,0 +1,7 @@
+all:
+	nixos-generate-config --root /mnt
+	git config --global user.email "nixos-live@example.org"
+	git config --global user.name "NixOS Live"
+	cd /mnt/etc/nixos && git init . && git add . && git commit -m "initial commit"
+	cd /mnt/etc/nixos && git submodule add http://gogs.prunetwork.fr:80/nixos-config/nixos-template-base.git base
+	cd /mnt/etc/nixos && git submodule add https://gogs.prunetwork.fr/Capgemini-CDS-Arkea/template-nixos.git capgemini-cmb

iso-image/configuration.nix

@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    capgemini-cmb/default.nix
+    /nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix
+    nixos-template-base/base.nix
+  ];
+  # Custom name
+  isoImage.isoName = pkgs.lib.mkForce "${config.isoImage.isoBaseName}-capgemini-${config.system.nixosLabel}-${pkgs.stdenv.system}.iso";
+  # Avoid having the terminal flooded by kernel audit messages
+  boot.kernelParams = [ "audit=0" ];
+
+  # Files to copy to the liveCD
+  isoImage.contents = [
+    {
+      source = ./Makefile.installation;
+      target = "/custom/Makefile";
+    }
+  ];
+  environment.shellAliases = { nixos-generate-custom-config = "cd /iso/custom/ && make";};
+  networking.hostName = "nixos-livecd";
+  networking.domain = "grudu.net";
+}

lib.nix

@@ -0,0 +1,50 @@
+let
+  lib = with import <nixpkgs> {}; pkgs.lib;
+
+  profiles = {
+    isDesktopEnvironment = {
+      awesome = true;
+      internetSuite = true;
+      graphical = true;
+      multimediaSuite = true;
+      officeSuite = true;
+      pulseaudio = true;
+      securitySuite = true;
+    };
+    isWorkstation = {
+      docker = true;
+      developpement = true;
+      developpement-elm = true;
+      developpement-haskell = true;
+      developpement-java = true;
+      developpement-rust = true;
+    };
+    #isServer = {
+      #};
+  };
+
+in
+
+with lib; rec{
+  # Apply the profiles (pre-defined + custom) to the whole directory
+  applyProfilesToDirectory = customProfiles: directory:
+    lib.mapAttrs (applyProfilesToMachine customProfiles) directory;
+
+  # Apply the profiles (pre-defined + custom) to a machine
+  applyProfilesToMachine = customProfiles: machineName: machineOptions:
+  { configurationFlags = lib.recursiveUpdate (generateFlagsSet customProfiles machineOptions.profiles) machineOptions.configurationFlags;
+    configurationOptions = machineOptions.configurationOptions;
+    profiles = machineOptions.profiles;
+  };
+
+  # Generate a set of configuration flags based on profiles
+  generateFlagsSet = customProfiles: machineProfiles:
+  let
+    allProfiles = recursiveUpdate profiles customProfiles;
+    conditionalFlags = name: value:
+      if machineProfiles.${name}
+      then value
+      else {};
+  in
+  foldr (a: b: a // b) {} (mapAttrsToList conditionalFlags allProfiles);
+}

localisation.nix

@@ -1,13 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  # Select internationalisation properties.
-  i18n = {
-    consoleFont = "Lat2-Terminus16";
-    consoleKeyMap = "fr";
-    defaultLocale = "fr_FR.UTF-8";
-  };
-
-  # Set your time zone.
-  time.timeZone = "Europe/Paris";
-}

module-template.nix

@@ -0,0 +1,32 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf true {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+  ];
+
+  # Services
+
+  # Réseau
+  networking.firewall = {
+    allowedTCPPorts = [
+    ];
+    allowedUDPPorts = [
+    ];
+  };
+} // {
+  assertions = [
+    {
+      assertion = true;
+      message = "Assetion toujours valide.";
+    }
+  ];
+}

onchange

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+EXCLUSION="~$|swp$|swo$"
+
+while inotifywait --exclude $EXCLUSION -r -e modify .
+do
+	$@
+done

options.nix

@@ -0,0 +1,216 @@
+{ config, lib, pkgs, r6d, ... }:
+let
+  inherit (lib) mkEnableOption mkTextOption mkIf mkMerge mkOption singleton types;
+
+  # TODO: Anglish :)
+  machineOptions = types.submodule {
+    options = {
+
+      configurationFlags = {
+        #enable                = mkEnableOption "Génération de la configuration d'une machine.";
+        awesome               = mkEnableOption "Profil pour activer le gestionnaire de fenêtre awesome.";
+        auto-upgrade          = mkEnableOption "Profil pour activer les mises à jour automatiques.";
+        cartographie          = mkEnableOption "Profil pour activer les outils de gestion de données géographiques.";
+        conception-assistee   = mkEnableOption "Profil pour activer les outils de conception électronique & modélisation 3D";
+        database_postgres     = mkEnableOption "Profil pour activer le SGBD PostgreSQL.";
+        developpement         = mkEnableOption "Profil pour activer les outils de développement";
+        developpement-elm     = mkEnableOption "Profil pour activer les outils de développement Elm";
+        developpement-haskell = mkEnableOption "Profil pour activer les outils de développement Haskell";
+        developpement-java    = mkEnableOption "Profil pour activer les outils de développement Java";
+        developpement-rust    = mkEnableOption "Profil pour activer les outils de développement Rust";
+        docker                = mkEnableOption "Profil pour l'utilisation de Docker.";
+        dovecot               = mkEnableOption "Profil pour activer le serveur Dovecot.";
+        dns_autorite          = mkEnableOption "Profil pour servir les fichiers de zone DNS.";
+        dns_resolveur         = mkEnableOption "Profil pour activer un résolveur DNS local.";
+        edition-musique       = mkEnableOption "Profil pour la création/édition de musique.";
+        edition-photo         = mkEnableOption "Profil pour la création/édition de photos.";
+        edition-video         = mkEnableOption "Profil pour la création/édition de video.";
+        elasticsearch         = mkEnableOption "Profil pour activer le service elasticsearch.";
+        fail2ban              = mkEnableOption "Profil pour activer Fail2ban.";
+        graphical             = mkEnableOption "Profil pour activer les applications graphgiques.";
+        hydra-builder         = mkEnableOption "Profil pour une machine qui compile pour hydra.";
+        hydra-core            = mkEnableOption "Profil pour un serveur hydra.";
+        kibana                = mkEnableOption "Profil pour activer le service kibana.";
+        internetSuite         = mkEnableOption "Profil pour la suite de logiciels pour Internet.";
+        jetbrains-licensed    = mkEnableOption "Profil pour la suite de développement Jetbrains payante (sous-ensemble).";
+        jeux                  = mkEnableOption "Profil pour les jeux vidéos.";
+        laptop                = mkEnableOption "Profil pour les outils spécifiques aux ordinateurs portables.";
+        locate                = mkEnableOption "Profil pour activer la fonction locate.";
+        mailboxes             = mkEnableOption "Profil pour stocker les mails dans des boîtes aux lettres.";
+        multimediaSuite       = mkEnableOption "Profil pour la suite multimédia.";
+        munin                 = mkEnableOption "Profil pour activer la supervision par Munin";
+        murmur                = mkEnableOption "Profil pour activer un serveur Mumble (murmur)";
+        nixos-manual          = mkEnableOption "Profil pour activer la documentation nixos en local sur un TTY";
+        nix-serve-server      = mkEnableOption "Profil pour que la machine soit un serveur de cache nix.";
+        nixStoreProxyCache    = mkEnableOption "Profil pour activer le proxy cahce nginx pour le nix store";
+        officeSuite           = mkEnableOption "Profil pour la suite bureautique";
+        pipewire              = mkEnableOption "Profil pour activer pipewire.";
+        print                 = mkEnableOption "Profil pour activer cups & pouvoir imprimer.";
+        pulseaudio            = mkEnableOption "Profil pour activer pulseaudio.";
+        rabbitmq              = mkEnableOption "Profil pour activer le service de messagerie AMQP.";
+        radio                 = mkEnableOption "Profil pour activer les outils pour faire de radio numérique - SDR.";
+        radicale              = mkEnableOption "Profil pour activer le service d'hébergement de calendrier + tâches & contacts.";
+        rmilter               = mkEnableOption "Profil pour activer le filtrage de mails par postfix.";
+        scanner               = mkEnableOption "Profil pour que les scanners soient utilisable.";
+        securitySuite         = mkEnableOption "Profil pour la suite de logiciels de sécurité.";
+        smokeping             = mkEnableOption "Profil pour activer le monitoring réseau par smokeping.";
+        swap                  = mkEnableOption "Profil pour que le swap soit activé.";
+        virtualbox            = mkEnableOption "Profil pour l'utilisation de VirtualBox.";
+        xmonad                = mkEnableOption "Profil pour activer le gestionnaire de fenêtres xmonad.";
+        znc                   = mkEnableOption "Profil pour activer le relais IRC ZNC.";
+      };
+
+      configurationOptions = {
+
+      ipAddress = mkOption {
+        description = "Adresse IP.";
+        type = lib.types.str;
+      };
+      nix-serve-server = mkEnableOption "nix-serve server.";
+      nix-serve-client = {
+        enable =  mkEnableOption "nix-serve client";
+        servers = mkOption {
+          default = [ https://cache.nixos.org/ ];
+          description = "List of nix-serve servers providing binary caches.";
+          type = types.listOf types.str;
+        };
+      };
+
+      tinc = {
+        enable = mkEnableOption "Enable tinc service.";
+        dnsFQDN = mkOption {
+          example = "device.example.net.";
+          description = "DNS name of host pointing to tunnel IP.";
+          type = lib.types.str;
+        };
+        connectToAddress = mkOption {
+          default = "";
+          example = "192.168.1.1";
+          description = "External address to connect from another node.";
+          type = lib.types.str;
+        };
+        vpnAddress = mkOption {
+          example = "192.168.69.69/24";
+          description = "VPN local node IP address.";
+          type = lib.types.str;
+        };
+        vpnCidrLength = mkOption {
+          default = 24;
+          example = 24;
+          description = "VPN netmask length.";
+          type = lib.types.int;
+        };
+        extraConfig = mkOption {
+          default = "";
+          example = ''
+              Mode = router
+              ConnecTo = bar
+          '';
+          description = "Configuration supplémentaire pour tinc.";
+          type = lib.types.str;
+        };
+      };
+
+      quagga = {
+        enable = mkEnableOption "Enable Quagga + BGP service";
+        bgpConfig = mkOption {
+          type = types.lines;
+          default = "";
+          example =''
+              router bgp 65001
+                neighbor 10.0.0.1 remote-as 65001
+            '';
+          description = ''
+            BGP configuration statements.
+          '';
+        };
+      };
+
+      windowsBoot = {
+        enable = mkEnableOption "Activation du démarrage de Windows par Grub";
+        drive = mkOption {
+          description = "Lecteur sur lequel est présent le système Windows (au format GRUB)";
+          type = lib.types.str;
+          default = "hd0,1";
+        };
+      };
+      windowsMount ={
+        enable = mkEnableOption "Montage de la partition data Windows";
+        device = mkOption {
+          description = "Lecteur sur lequel est présent le disque de data Windows";
+          type = lib.types.str;
+          default = "/dev/sda2";
+        };
+      };
+    };
+
+      profiles = {
+        # Domaine
+        isDubronetwork        = mkEnableOption "Pour distinguer les machines dubronetwork.";
+        isDubronetworkServer  = mkEnableOption "Pour distinguer les machines dubronetwork avec Server.";
+        isDubronetworkWorkstation = mkEnableOption "Pour distinguer les machines dubronetwork avec Workstation.";
+        isPrunetwork          = mkEnableOption "Pour distinguer les machines prunetwork.";
+        isPrunetworkServer    = mkEnableOption "Pour distinguer les machines prunetwork avec Server.";
+        isPrunetworkWorkstation = mkEnableOption "Pour distinguer les machines prunetwork avec Workstation.";
+        # Utilisation machine
+        isDesktopEnvironment  = mkEnableOption "Pour indiquer une machine avec interface graphique.";
+        isServer              = mkEnableOption "Pour indiquer qu'il s'agit d'un serveur.";
+        isWorkstation         = mkEnableOption "Pour indiquer que la machine sert à travailler.";
+      };
+    };
+  };
+
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+{
+  options = {
+    r6d.machines = mkOption {
+      type = types.attrsOf machineOptions;
+      description = ''
+          Machines directory.
+      '';
+    };
+  };
+
+  config = {
+    /**
+     prototype : (expression A ) && tests || !(expression A) ->   réalise le test si A est satisfait, et continue sinon = pas de politique
+    */
+    assertions = [
+     {
+       assertion = (currentMachine.profiles.isWorkstation && (currentMachine.configurationFlags.graphical == true))
+       || (!currentMachine.profiles.isWorkstation);
+       message = "A workstation requires a graphical environement.";
+     }
+     {
+       assertion = (currentMachine.profiles.isDesktopEnvironment && (currentMachine.configurationFlags.graphical == true))
+       || (!currentMachine.profiles.isDesktopEnvironment);
+       message = "A desktop station requires a graphical environement.";
+     }
+     {
+       assertion = (currentMachine.profiles.isDesktopEnvironment && (config.services.xserver.enable == true))
+                 || (!currentMachine.profiles.isDesktopEnvironment);
+       message = "You need to enable xserver manually.";
+     }
+     {
+       assertion = (currentMachine.profiles.isServer  && (currentMachine.profiles.isDesktopEnvironment == false))
+                 || (!currentMachine.profiles.isServer);
+       message = "A graphical environment is not required for a server.";
+     }
+     {
+       /*  At least one (authorité or resolveur) */
+       assertion = flags.dns_autorite || flags.dns_resolveur;
+       message = "DNS service is disabled. You must enable a dns recursor or autoritative.";
+     }
+     {
+       /*  authorité xor resolveur */
+       assertion = (flags.dns_autorite && ! flags.dns_resolveur)
+                 || (!flags.dns_autorite && flags.dns_resolveur);
+       message = "Both authoritative and recursor DNS services can't be live simultaneously. Choose only one!";
+     }
+    ];
+  };
+}

public/config-awesome-3-rc.lua

@@ -0,0 +1,470 @@
+-- ~home : .config/awesome/rc.lua
+
+-- Standard awesome library
+local gears = require("gears")
+local awful = require("awful")
+awful.rules = require("awful.rules")
+require("awful.autofocus")
+-- Widget and layout library
+local wibox = require("wibox")
+-- Theme handling library
+local beautiful = require("beautiful")
+-- Notification library
+local naughty = require("naughty")
+local menubar = require("menubar")
+
+-- {{{ Error handling
+-- Check if awesome encountered an error during startup and fell back to
+-- another config (This code will only ever execute for the fallback config)
+if awesome.startup_errors then
+    naughty.notify({ preset = naughty.config.presets.critical,
+                     title = "Oops, there were errors during startup!",
+                     text = awesome.startup_errors })
+end
+
+-- Handle runtime errors after startup
+do
+    local in_error = false
+    awesome.connect_signal("debug::error", function (err)
+        -- Make sure we don't go into an endless error loop
+        if in_error then return end
+        in_error = true
+
+        naughty.notify({ preset = naughty.config.presets.critical,
+                         title = "Oops, an error happened!",
+                         text = err })
+        in_error = false
+    end)
+end
+-- }}}
+
+-- {{{ Variable definitions
+-- Themes define colours, icons, font and wallpapers.
+
+local config_dir = os.getenv("AWESOME_CONFIG_DIR")
+beautiful.init(config_dir .. "/share/awesome/themes/zenburn/theme.lua")
+-- beautiful.init("/nix/store/vpj4i2vmqbinqfcigy44xzh81k9h0mv8-awesome-3.5.8/share/awesome/themes/zenburn/theme.lua")
+
+-- This is used later as the default terminal and editor to run.
+terminal = "sakura"
+editor = os.getenv("EDITOR") or "vim"
+editor_cmd = terminal .. " -e " .. editor
+
+-- Default modkey.
+-- Usually, Mod4 is the key with a logo between Control and Alt.
+-- If you do not like this or do not have such a key,
+-- I suggest you to remap Mod4 to another key using xmodmap or other tools.
+-- However, you can use another modifier like Mod1, but it may interact with others.
+modkey = "Mod4"
+
+-- Table of layouts to cover with awful.layout.inc, order matters.
+local layouts =
+{
+	awful.layout.suit.fair,
+	awful.layout.suit.fair.horizontal,
+	awful.layout.suit.max.fullscreen,
+	awful.layout.suit.spiral,
+	awful.layout.suit.spiral.dwindle,
+	awful.layout.suit.max,
+	awful.layout.suit.floating,
+	awful.layout.suit.tile,
+	awful.layout.suit.tile.left,
+	awful.layout.suit.tile.bottom,
+	awful.layout.suit.tile.top,
+	awful.layout.suit.magnifier
+}
+-- }}}
+
+-- {{{ Wallpaper
+if beautiful.wallpaper then
+    for s = 1, screen.count() do
+        gears.wallpaper.maximized(beautiful.wallpaper, s, true)
+    end
+end
+-- }}}
+
+-- {{{ Tags
+-- Define a tag table which hold all screen tags.
+tags = {}
+for s = 1, screen.count() do
+    -- Each screen has its own tag table.
+    tags[s] = awful.tag({ 1, 2, 3, 4, 5, 6, 7, 8, 9 }, s, layouts[1])
+end
+-- }}}
+
+-- {{{ Menu
+-- Create a laucher widget and a main menu
+myawesomemenu = {
+   { "manual", terminal .. " -e man awesome" },
+   { "edit config", editor_cmd .. " " .. awesome.conffile },
+   { "restart", awesome.restart },
+   { "quit", awesome.quit }
+}
+
+mymainmenu = awful.menu({ items = { { "awesome", myawesomemenu, beautiful.awesome_icon },
+                                    { "open terminal", terminal }
+                                  }
+                        })
+
+mylauncher = awful.widget.launcher({ image = beautiful.awesome_icon,
+                                     menu = mymainmenu })
+
+-- Menubar configuration
+menubar.utils.terminal = terminal -- Set the terminal for applications that require it
+-- }}}
+
+-- {{{ Wibox
+-- Create a textclock widget
+mytextclock = awful.widget.textclock()
+
+-- Create a wibox for each screen and add it
+mywibox = {}
+mypromptbox = {}
+mylayoutbox = {}
+mytaglist = {}
+mytaglist.buttons = awful.util.table.join(
+                    awful.button({ }, 1, awful.tag.viewonly),
+                    awful.button({ modkey }, 1, awful.client.movetotag),
+                    awful.button({ }, 3, awful.tag.viewtoggle),
+                    awful.button({ modkey }, 3, awful.client.toggletag),
+                    awful.button({ }, 4, function(t) awful.tag.viewnext(awful.tag.getscreen(t)) end),
+                    awful.button({ }, 5, function(t) awful.tag.viewprev(awful.tag.getscreen(t)) end)
+                    )
+mytasklist = {}
+mytasklist.buttons = awful.util.table.join(
+                     awful.button({ }, 1, function (c)
+                                              if c == client.focus then
+                                                  c.minimized = true
+                                              else
+                                                  -- Without this, the following
+                                                  -- :isvisible() makes no sense
+                                                  c.minimized = false
+                                                  if not c:isvisible() then
+                                                      awful.tag.viewonly(c:tags()[1])
+                                                  end
+                                                  -- This will also un-minimize
+                                                  -- the client, if needed
+                                                  client.focus = c
+                                                  c:raise()
+                                              end
+                                          end),
+                     awful.button({ }, 3, function ()
+                                              if instance then
+                                                  instance:hide()
+                                                  instance = nil
+                                              else
+                                                  instance = awful.menu.clients({
+                                                      theme = { width = 250 }
+                                                  })
+                                              end
+                                          end),
+                     awful.button({ }, 4, function ()
+                                              awful.client.focus.byidx(1)
+                                              if client.focus then client.focus:raise() end
+                                          end),
+                     awful.button({ }, 5, function ()
+                                              awful.client.focus.byidx(-1)
+                                              if client.focus then client.focus:raise() end
+                                          end))
+
+for s = 1, screen.count() do
+    -- Create a promptbox for each screen
+    mypromptbox[s] = awful.widget.prompt()
+    -- Create an imagebox widget which will contains an icon indicating which layout we're using.
+    -- We need one layoutbox per screen.
+    mylayoutbox[s] = awful.widget.layoutbox(s)
+    mylayoutbox[s]:buttons(awful.util.table.join(
+                           awful.button({ }, 1, function () awful.layout.inc(layouts, 1) end),
+                           awful.button({ }, 3, function () awful.layout.inc(layouts, -1) end),
+                           awful.button({ }, 4, function () awful.layout.inc(layouts, 1) end),
+                           awful.button({ }, 5, function () awful.layout.inc(layouts, -1) end)))
+    -- Create a taglist widget
+    mytaglist[s] = awful.widget.taglist(s, awful.widget.taglist.filter.all, mytaglist.buttons)
+
+    -- Create a tasklist widget
+    mytasklist[s] = awful.widget.tasklist(s, awful.widget.tasklist.filter.currenttags, mytasklist.buttons)
+
+    -- Create the wibox
+    mywibox[s] = awful.wibox({ position = "top", screen = s })
+
+    -- Widgets that are aligned to the left
+    local left_layout = wibox.layout.fixed.horizontal()
+    left_layout:add(mylauncher)
+    left_layout:add(mytaglist[s])
+    left_layout:add(mypromptbox[s])
+
+    -- Widgets that are aligned to the right
+    local right_layout = wibox.layout.fixed.horizontal()
+    if s == 1 then right_layout:add(wibox.widget.systray()) end
+    right_layout:add(mytextclock)
+    right_layout:add(mylayoutbox[s])
+
+    -- Now bring it all together (with the tasklist in the middle)
+    local layout = wibox.layout.align.horizontal()
+    layout:set_left(left_layout)
+    layout:set_middle(mytasklist[s])
+    layout:set_right(right_layout)
+
+    mywibox[s]:set_widget(layout)
+end
+-- }}}
+
+-- {{{ Mouse bindings
+root.buttons(awful.util.table.join(
+    awful.button({ }, 3, function () mymainmenu:toggle() end),
+    awful.button({ }, 4, awful.tag.viewnext),
+    awful.button({ }, 5, awful.tag.viewprev)
+))
+-- }}}
+
+-- {{{ Key bindings
+globalkeys = awful.util.table.join(
+    awful.key({ modkey,           }, "Left",   awful.tag.viewprev       ),
+    awful.key({ modkey,           }, "Right",  awful.tag.viewnext       ),
+    awful.key({ modkey,           }, "Escape", awful.tag.history.restore),
+
+    awful.key({ modkey,           }, "j",
+        function ()
+            awful.client.focus.byidx( 1)
+            if client.focus then client.focus:raise() end
+        end),
+    awful.key({ modkey,           }, "k",
+        function ()
+            awful.client.focus.byidx(-1)
+            if client.focus then client.focus:raise() end
+        end),
+    awful.key({ modkey,           }, "w", function () mymainmenu:show() end),
+
+    -- Layout manipulation
+    awful.key({ modkey, "Shift"   }, "j", function () awful.client.swap.byidx(  1)    end),
+    awful.key({ modkey, "Shift"   }, "k", function () awful.client.swap.byidx( -1)    end),
+    awful.key({ modkey, "Control" }, "j", function () awful.screen.focus_relative( 1) end),
+    awful.key({ modkey, "Control" }, "k", function () awful.screen.focus_relative(-1) end),
+    awful.key({ modkey,           }, "u", awful.client.urgent.jumpto),
+    awful.key({ modkey,           }, "Tab",
+        function ()
+            awful.client.focus.history.previous()
+            if client.focus then
+                client.focus:raise()
+            end
+        end),
+
+    -- Standard program
+    awful.key({ modkey,           }, "Return", function () awful.util.spawn(terminal) end),
+    awful.key({ modkey, "Control" }, "r", awesome.restart),
+    awful.key({ modkey, "Shift"   }, "q", awesome.quit),
+
+    awful.key({ modkey,           }, "l",     function () awful.tag.incmwfact( 0.05)    end),
+    awful.key({ modkey,           }, "h",     function () awful.tag.incmwfact(-0.05)    end),
+    awful.key({ modkey, "Shift"   }, "h",     function () awful.tag.incnmaster( 1)      end),
+    awful.key({ modkey, "Shift"   }, "l",     function () awful.tag.incnmaster(-1)      end),
+    awful.key({ modkey, "Control" }, "h",     function () awful.tag.incncol( 1)         end),
+    awful.key({ modkey, "Control" }, "l",     function () awful.tag.incncol(-1)         end),
+    awful.key({ modkey,           }, "space", function () awful.layout.inc(layouts,  1) end),
+    awful.key({ modkey, "Shift"   }, "space", function () awful.layout.inc(layouts, -1) end),
+
+    awful.key({ modkey, "Control" }, "n", awful.client.restore),
+
+    -- Prompt
+    awful.key({ modkey            }, "r",     function () mypromptbox[mouse.screen]:run() end),
+    awful.key({ modkey            }, "x",
+              function ()
+                  awful.prompt.run({ prompt = "Run Lua code: " },
+                  mypromptbox[mouse.screen].widget,
+                  awful.util.eval, nil,
+                  awful.util.getdir("cache") .. "/history_eval")
+              end),
+    -- Menubar
+    awful.key({ modkey            }, "p",  function() menubar.show() end),
+    -- Lanceurs perso
+    awful.key({ modkey            }, "F1", function () awful.util.spawn("kontact") end),
+    awful.key({ modkey, "Shift"   }, "F1", function () awful.util.spawn("claws-mail") end),
+    awful.key({ modkey            }, "F2", function () awful.util.spawn("firefox") end),
+    awful.key({ modkey, "Shift"   }, "F2", function () awful.util.spawn("uzbl-tabbed") end),
+    awful.key({ modkey            }, "F3", function () awful.util.spawn("spacefm") end),
+    awful.key({ modkey, "Shift"   }, "F3", function () awful.util.spawn("pcmanfm") end),
+--  awful.key({ modkey            }, "F11", function () awful.util.spawn("/home/taeradan/bin/xrandr-auto") end),
+--  awful.key({ modkey, "Shift"   }, "F11", function () awful.util.spawn("/home/taeradan/bin/xrandr-left") end),
+--  awful.key({ modkey, "Control" }, "F11", function () awful.util.spawn("/home/taeradan/bin/xrandr-right") end),
+    awful.key({ modkey            }, "F12", function () awful.util.spawn("slock") end)
+)
+
+clientkeys = awful.util.table.join(
+    awful.key({ modkey,           }, "f",      function (c) c.fullscreen = not c.fullscreen  end),
+    awful.key({ modkey, "Shift"   }, "c",      function (c) c:kill()                         end),
+    awful.key({ modkey, "Control" }, "space",  awful.client.floating.toggle                     ),
+    awful.key({ modkey, "Control" }, "Return", function (c) c:swap(awful.client.getmaster()) end),
+    awful.key({ modkey,           }, "o",      awful.client.movetoscreen                        ),
+    awful.key({ modkey,           }, "t",      function (c) c.ontop = not c.ontop            end),
+    awful.key({ modkey,           }, "n",
+        function (c)
+            -- The client currently has the input focus, so it cannot be
+            -- minimized, since minimized clients can't have the focus.
+            c.minimized = true
+        end),
+    awful.key({ modkey,           }, "m",
+        function (c)
+            c.maximized_horizontal = not c.maximized_horizontal
+            c.maximized_vertical   = not c.maximized_vertical
+        end)
+)
+
+-- Bind all key numbers to tags.
+-- Be careful: we use keycodes to make it works on any keyboard layout.
+-- This should map on the top row of your keyboard, usually 1 to 9.
+for i = 1, 9 do
+    globalkeys = awful.util.table.join(globalkeys,
+        -- View tag only.
+        awful.key({ modkey }, "#" .. i + 9,
+                  function ()
+                        local screen = mouse.screen
+                        local tag = awful.tag.gettags(screen)[i]
+                        if tag then
+                           awful.tag.viewonly(tag)
+                        end
+                  end),
+        -- Toggle tag.
+        awful.key({ modkey, "Control" }, "#" .. i + 9,
+                  function ()
+                      local screen = mouse.screen
+                      local tag = awful.tag.gettags(screen)[i]
+                      if tag then
+                         awful.tag.viewtoggle(tag)
+                      end
+                  end),
+        -- Move client to tag.
+        awful.key({ modkey, "Shift" }, "#" .. i + 9,
+                  function ()
+                      if client.focus then
+                          local tag = awful.tag.gettags(client.focus.screen)[i]
+                          if tag then
+                              awful.client.movetotag(tag)
+                          end
+                     end
+                  end),
+        -- Toggle tag.
+        awful.key({ modkey, "Control", "Shift" }, "#" .. i + 9,
+                  function ()
+                      if client.focus then
+                          local tag = awful.tag.gettags(client.focus.screen)[i]
+                          if tag then
+                              awful.client.toggletag(tag)
+                          end
+                      end
+                  end))
+end
+
+clientbuttons = awful.util.table.join(
+    awful.button({ }, 1, function (c) client.focus = c; c:raise() end),
+    awful.button({ modkey }, 1, awful.mouse.client.move),
+    awful.button({ modkey }, 3, awful.mouse.client.resize)
+)
+
+-- Set keys
+root.keys(globalkeys)
+-- }}}
+
+-- {{{ Rules
+-- Rules to apply to new clients (through the "manage" signal).
+awful.rules.rules = {
+    -- All clients will match this rule.
+    { rule = { },
+      properties = { border_width = beautiful.border_width,
+                     border_color = beautiful.border_normal,
+                     focus = awful.client.focus.filter,
+                     raise = true,
+                     keys = clientkeys,
+                     buttons = clientbuttons }
+    },
+    {   rule = { class = "MPlayer" },
+        properties = { floating = true }
+    },
+    {   rule = { class = "pinentry" },
+        properties = { floating = true }
+    },
+    {   rule = { class = "gimp" },
+        properties = { floating = true }
+    }
+    -- Set Firefox to always map on tags number 2 of screen 1.
+    -- { rule = { class = "Firefox" },
+    --   properties = { tag = tags[1][2] } },
+}
+-- }}}
+
+-- {{{ Signals
+-- Signal function to execute when a new client appears.
+client.connect_signal("manage", function (c, startup)
+    -- Enable sloppy focus
+    c:connect_signal("mouse::enter", function(c)
+        if awful.layout.get(c.screen) ~= awful.layout.suit.magnifier
+            and awful.client.focus.filter(c) then
+            client.focus = c
+        end
+    end)
+
+    if not startup then
+        -- Set the windows at the slave,
+        -- i.e. put it at the end of others instead of setting it master.
+        -- awful.client.setslave(c)
+
+        -- Put windows in a smart way, only if they does not set an initial position.
+        if not c.size_hints.user_position and not c.size_hints.program_position then
+            awful.placement.no_overlap(c)
+            awful.placement.no_offscreen(c)
+        end
+    end
+
+    local titlebars_enabled = false
+    if titlebars_enabled and (c.type == "normal" or c.type == "dialog") then
+        -- buttons for the titlebar
+        local buttons = awful.util.table.join(
+                awful.button({ }, 1, function()
+                    client.focus = c
+                    c:raise()
+                    awful.mouse.client.move(c)
+                end),
+                awful.button({ }, 3, function()
+                    client.focus = c
+                    c:raise()
+                    awful.mouse.client.resize(c)
+                end)
+                )
+
+        -- Widgets that are aligned to the left
+        local left_layout = wibox.layout.fixed.horizontal()
+        left_layout:add(awful.titlebar.widget.iconwidget(c))
+        left_layout:buttons(buttons)
+
+        -- Widgets that are aligned to the right
+        local right_layout = wibox.layout.fixed.horizontal()
+        right_layout:add(awful.titlebar.widget.floatingbutton(c))
+        right_layout:add(awful.titlebar.widget.maximizedbutton(c))
+        right_layout:add(awful.titlebar.widget.stickybutton(c))
+        right_layout:add(awful.titlebar.widget.ontopbutton(c))
+        right_layout:add(awful.titlebar.widget.closebutton(c))
+
+        -- The title goes in the middle
+        local middle_layout = wibox.layout.flex.horizontal()
+        local title = awful.titlebar.widget.titlewidget(c)
+        title:set_align("center")
+        middle_layout:add(title)
+        middle_layout:buttons(buttons)
+
+        -- Now bring it all together
+        local layout = wibox.layout.align.horizontal()
+        layout:set_left(left_layout)
+        layout:set_right(right_layout)
+        layout:set_middle(middle_layout)
+
+        awful.titlebar(c):set_widget(layout)
+    end
+end)
+
+client.connect_signal("focus", function(c) c.border_color = beautiful.border_focus end)
+client.connect_signal("unfocus", function(c) c.border_color = beautiful.border_normal end)
+-- }}}
+
+-- Au démarrage
+-- awful.util.spawn_with_shell("/home/taeradan/bin/xrandr-auto")
+-- awful.util.spawn_with_shell("gnome-sound-applet")
+-- awful.util.spawn_with_shell("nm-applet")

public/config-awesome-4-rc.lua

@@ -0,0 +1,654 @@
+-- $HOME : .config/awesome/rc.lua
+
+-- Standard awesome library
+local gears = require("gears")
+local awful = require("awful")
+awful.rules = require("awful.rules")
+require("awful.autofocus")
+-- Widget and layout library
+local wibox = require("wibox")
+-- Theme handling library
+local beautiful = require("beautiful")
+-- Notification library
+local naughty = require("naughty")
+local menubar = require("menubar")
+local hotkeys_popup = require("awful.hotkeys_popup").widget
+
+-- {{{ Error handling
+-- Check if awesome encountered an error during startup and fell back to
+-- another config (This code will only ever execute for the fallback config)
+if awesome.startup_errors then
+    naughty.notify({
+      preset = naughty.config.presets.critical,
+      title = "Oops, there were errors during startup!",
+      text = awesome.startup_errors
+  })
+end
+
+-- Handle runtime errors after startup
+do
+    local in_error = false
+    awesome.connect_signal("debug::error", function (err)
+        -- Make sure we don't go into an endless error loop
+        if in_error then return end
+        in_error = true
+
+        naughty.notify({
+            preset = naughty.config.presets.critical,
+            title = "Oops, an error happened!",
+            text = tostring(err)
+          })
+        in_error = false
+    end)
+end
+-- }}}
+
+-- {{{ Variable definitions
+-- Themes define colours, icons, font and wallpapers.
+local config_dir = os.getenv("AWESOME_CONFIG_DIR")
+beautiful.init(config_dir .. "/share/awesome/themes/zenburn/theme.lua")
+
+-- This is used later as the default terminal and editor to run.
+terminal = "sakura"
+editor = os.getenv("EDITOR") or "vim"
+editor_cmd = terminal .. " -e " .. editor
+
+-- Default modkey.
+-- Usually, Mod4 is the key with a logo between Control and Alt.
+-- If you do not like this or do not have such a key,
+-- I suggest you to remap Mod4 to another key using xmodmap or other tools.
+-- However, you can use another modifier like Mod1, but it may interact with others.
+modkey = "Mod4"
+
+-- Table of layouts to cover with awful.layout.inc, order matters.
+awful.layout.layouts = {
+    awful.layout.suit.corner.nw,
+    awful.layout.suit.tile,
+    awful.layout.suit.tile.left,
+    awful.layout.suit.tile.bottom,
+    awful.layout.suit.tile.top,
+    awful.layout.suit.fair,
+    awful.layout.suit.fair.horizontal,
+    awful.layout.suit.spiral,
+    awful.layout.suit.spiral.dwindle,
+    awful.layout.suit.max,
+    awful.layout.suit.max.fullscreen,
+    awful.layout.suit.magnifier,
+    awful.layout.suit.floating,
+    -- awful.layout.suit.corner.ne,
+    -- awful.layout.suit.corner.sw,
+    -- awful.layout.suit.corner.se,
+}
+-- }}}
+
+-- {{{ Helper functions
+local function client_menu_toggle_fn()
+    local instance = nil
+
+    return function ()
+        if instance and instance.wibox.visible then
+            instance:hide()
+            instance = nil
+        else
+            instance = awful.menu.clients({ theme = { width = 250 } })
+        end
+    end
+end
+-- }}}
+
+-- {{{ Menu
+-- Create a launcher widget and a main menu
+myawesomemenu = {
+    { "hotkeys", function() return false, hotkeys_popup.show_help end},
+    { "manual", terminal .. " -e man awesome" },
+    { "edit config", editor_cmd .. " " .. awesome.conffile },
+    { "restart", awesome.restart },
+    { "quit", function() awesome.quit() end}
+}
+
+mymainmenu = awful.menu({
+    items = {
+        { "awesome", myawesomemenu, beautiful.awesome_icon },
+        { "open terminal", terminal }
+    }
+})
+
+mylauncher = awful.widget.launcher({
+    image = beautiful.awesome_icon,
+    menu = mymainmenu
+})
+
+-- Menubar configuration
+menubar.utils.terminal = terminal -- Set the terminal for applications that require it
+-- }}}
+
+-- Keyboard map indicator and switcher
+mykeyboardlayout = awful.widget.keyboardlayout()
+
+-- {{{ Wibar
+-- Create a textclock widget
+mytextclock = wibox.widget.textclock()
+
+-- Create a wibox for each screen and add it
+local taglist_buttons = awful.util.table.join(
+    awful.button(
+        { },
+        1,
+        function(t) t:view_only() end
+    ),
+    awful.button(
+        { modkey },
+        1,
+        function(t)
+            if client.focus then
+                client.focus:move_to_tag(t)
+            end
+        end
+    ),
+    awful.button(
+        { },
+        3,
+        awful.tag.viewtoggle
+    ),
+    awful.button(
+        { modkey },
+        3,
+        function(t)
+            if client.focus then
+                client.focus:toggle_tag(t)
+            end
+        end
+    ),
+    awful.button(
+        { },
+        4,
+        function(t) awful.tag.viewnext(t.screen) end
+    ),
+    awful.button(
+        { },
+        5,
+        function(t) awful.tag.viewprev(t.screen) end
+    )
+)
+
+local tasklist_buttons = awful.util.table.join(
+    awful.button(
+        { },
+        1,
+        function (c)
+            if c == client.focus then
+                c.minimized = true
+            else
+                -- Without this, the following
+                -- :isvisible() makes no sense
+                c.minimized = false
+                if not c:isvisible() and c.first_tag then
+                    c.first_tag:view_only()
+                end
+                -- This will also un-minimize
+                -- the client, if needed
+                client.focus = c
+                c:raise()
+            end
+        end
+    ),
+    awful.button(
+        { },
+        3,
+        client_menu_toggle_fn()
+    ),
+    awful.button(
+        { },
+        4,
+        function ()
+            awful.client.focus.byidx(1)
+        end
+    ),
+    awful.button(
+        { },
+        5,
+        function ()
+            awful.client.focus.byidx(-1)
+        end
+    )
+)
+
+local function set_wallpaper(s)
+    -- Wallpaper
+    if beautiful.wallpaper then
+        local wallpaper = beautiful.wallpaper
+        -- If wallpaper is a function, call it with the screen
+        if type(wallpaper) == "function" then
+            wallpaper = wallpaper(s)
+        end
+        gears.wallpaper.maximized(wallpaper, s, true)
+    end
+end
+
+
+local iostat_tooltiptext = ""
+-- Widget de monitoring de l'activité des disques https://awesomewm.org/recipes/watch/
+-- disk I/O using iostat from sysstat utilities
+local iotable = {}
+local iostat = awful.widget.watch("iostat -dm -y 1 1", 2, -- in Kb, use -dm for Mb
+    function(widget, stdout)
+        for line in stdout:match("(sd.*)\n"):gmatch("(.-)\n") do
+            local device, tps, read_s, wrtn_s, read, wrtn =
+            line:match("(%w+)%s*(%d+,?%d*)%s*(%d+,?%d*)%s*(%d+,?%d*)%s*(%d+,?%d*)%s*(%d+,?%d*)")
+            --                  [1]  [2]     [3]     [4]   [5]
+            iotable[device] = { tps, read_s, wrtn_s, read, wrtn }
+        end
+
+        local label = ""
+        for device,values in spairs(iotable) do
+          label = label..(device..": "..iotable[device][2].." MB_read/s  |"..iotable[device][3].." MB_wrtn/s").."\n"
+        end
+        iostat_tooltiptext = label
+
+        -- customize here
+        --widget:set_text("sda: "..iotable["sda"][2].."/"..iotable["sda"][3]) -- read_s/wrtn_s
+        widget:set_text("iostat")
+    end
+)
+
+iostat_t = awful.tooltip({
+ --objects = {  },
+ timer_function = function()
+         return iostat_tooltiptext
+     end,
+ })
+
+iostat_t:add_to_object(iostat)
+
+-- tris d'un tableau par la clef https://stackoverflow.com/questions/15706270/sort-a-table-in-lua
+function spairs(t, order)
+    -- collect the keys
+    local keys = {}
+    for k in pairs(t) do keys[#keys+1] = k end
+
+    -- if order function given, sort by it by passing the table and keys a, b,
+    -- otherwise just sort the keys
+    if order then
+        table.sort(keys, function(a,b) return order(t, a, b) end)
+    else
+        table.sort(keys)
+    end
+
+    -- return the iterator function
+    local i = 0
+    return function()
+        i = i + 1
+        if keys[i] then
+            return keys[i], t[keys[i]]
+        end
+    end
+end
+
+-- Re-set wallpaper when a screen's geometry changes (e.g. different resolution)
+screen.connect_signal("property::geometry", set_wallpaper)
+
+awful.screen.connect_for_each_screen(
+    function(s)
+        -- Wallpaper
+        set_wallpaper(s)
+
+        -- Each screen has its own tag table.
+        awful.tag({ "1", "2", "3", "4", "5", "6", "7", "8", "9" }, s, awful.layout.layouts[1])
+
+        -- Create a promptbox for each screen
+        s.mypromptbox = awful.widget.prompt()
+        -- Create an imagebox widget which will contains an icon indicating which layout we're using.
+        -- We need one layoutbox per screen.
+        s.mylayoutbox = awful.widget.layoutbox(s)
+        s.mylayoutbox:buttons(awful.util.table.join(
+            awful.button({ }, 1, function () awful.layout.inc( 1) end),
+            awful.button({ }, 3, function () awful.layout.inc(-1) end),
+            awful.button({ }, 4, function () awful.layout.inc( 1) end),
+            awful.button({ }, 5, function () awful.layout.inc(-1) end)
+        ))
+        -- Create a taglist widget
+        s.mytaglist = awful.widget.taglist(s, awful.widget.taglist.filter.all, taglist_buttons)
+
+        -- Create a tasklist widget
+        s.mytasklist = awful.widget.tasklist(s, awful.widget.tasklist.filter.currenttags, tasklist_buttons)
+
+        -- Create the wibox
+        s.mywibox = awful.wibar({ position = "top", screen = s })
+
+        -- Add widgets to the wibox
+        s.mywibox:setup {
+            layout = wibox.layout.align.horizontal,
+            { -- Left widgets
+                layout = wibox.layout.fixed.horizontal,
+                mylauncher,
+                s.mytaglist,
+                s.mypromptbox
+            },
+            s.mytasklist, -- Middle widget
+            { -- Right widgets
+              layout = wibox.layout.fixed.horizontal,
+              wibox.widget.textbox(' | '),
+              iostat,
+              wibox.widget.textbox(' | '),
+              mykeyboardlayout,
+              wibox.widget.systray(),
+              mytextclock,
+              s.mylayoutbox
+            }
+        }
+    end
+)
+-- }}}
+
+-- {{{ Mouse bindings
+root.buttons(awful.util.table.join(
+    awful.button({ }, 3, function () mymainmenu:toggle() end),
+    awful.button({ }, 4, awful.tag.viewnext),
+    awful.button({ }, 5, awful.tag.viewprev)
+))
+-- }}}
+
+-- {{{ Key bindings
+globalkeys = awful.util.table.join(
+    awful.key({ modkey,           }, "s",      hotkeys_popup.show_help,                               {description="show help", group="awesome"}),
+    awful.key({ modkey,           }, "Left",   awful.tag.viewprev,                                    {description = "view previous", group = "tag"}),
+    awful.key({ modkey,           }, "Right",  awful.tag.viewnext,                                    {description = "view next", group = "tag"}),
+    awful.key({ modkey,           }, "Escape", awful.tag.history.restore,                             {description = "go back", group = "tag"}),
+
+    awful.key({ modkey,           }, "j", function () awful.client.focus.byidx( 1) end,               {description = "focus next by index", group = "client"}),
+    awful.key({ modkey,           }, "k", function () awful.client.focus.byidx(-1) end,               {description = "focus previous by index", group = "client"}),
+    awful.key({ modkey,           }, "w", function () mymainmenu:show() end,                          {description = "show main menu", group = "awesome"}),
+
+    -- Layout manipulation
+    awful.key({ modkey, "Shift"   }, "j", function () awful.client.swap.byidx(  1)    end,            {description = "swap with next client by index", group = "client"}),
+    awful.key({ modkey, "Shift"   }, "k", function () awful.client.swap.byidx( -1)    end,            {description = "swap with previous client by index", group = "client"}),
+    awful.key({ modkey, "Control" }, "j", function () awful.screen.focus_relative( 1) end,            {description = "focus the next screen", group = "screen"}),
+    awful.key({ modkey, "Control" }, "k", function () awful.screen.focus_relative(-1) end,            {description = "focus the previous screen", group = "screen"}),
+    awful.key({ modkey,           }, "u", awful.client.urgent.jumpto,                                 {description = "jump to urgent client", group = "client"}),
+    awful.key({ modkey,           }, "Tab", function () awful.client.focus.history.previous() if client.focus then client.focus:raise() end end,
+                                                                                                      {description = "go back", group = "client"}),
+
+    -- Standard program
+    awful.key({ modkey,           }, "Return", function () awful.spawn(terminal) end,                 {description = "open a terminal", group = "launcher"}),
+    awful.key({ modkey, "Control" }, "r", awesome.restart,                                            {description = "reload awesome", group = "awesome"}),
+    awful.key({ modkey, "Shift"   }, "q", awesome.quit,                                               {description = "quit awesome", group = "awesome"}),
+    awful.key({ modkey,           }, "l",     function () awful.tag.incmwfact( 0.05)          end,    {description = "increase master width factor", group = "layout"}),
+    awful.key({ modkey,           }, "h",     function () awful.tag.incmwfact(-0.05)          end,    {description = "decrease master width factor", group = "layout"}),
+    awful.key({ modkey, "Shift"   }, "h",     function () awful.tag.incnmaster( 1, nil, true) end,    {description = "increase the number of master clients", group = "layout"}),
+    awful.key({ modkey, "Shift"   }, "l",     function () awful.tag.incnmaster(-1, nil, true) end,    {description = "decrease the number of master clients", group = "layout"}),
+    awful.key({ modkey, "Control" }, "h",     function () awful.tag.incncol( 1, nil, true)    end,    {description = "increase the number of columns", group = "layout"}),
+    awful.key({ modkey, "Control" }, "l",     function () awful.tag.incncol(-1, nil, true)    end,    {description = "decrease the number of columns", group = "layout"}),
+    awful.key({ modkey,           }, "space", function () awful.layout.inc( 1)                end,    {description = "select next", group = "layout"}),
+    awful.key({ modkey, "Shift"   }, "space", function () awful.layout.inc(-1)                end,    {description = "select previous", group = "layout"}),
+
+    awful.key({ modkey, "Control" }, "n", function () local c = awful.client.restore() --[[ Focus restored client ]] if c then client.focus = c c:raise() end end,
+                                                                                                      {description = "restore minimized", group = "client"}),
+
+    -- Prompt
+    awful.key({ modkey },            "r", function () awful.screen.focused().mypromptbox:run() end,   {description = "run prompt", group = "launcher"}),
+
+    awful.key({ modkey }, "x",
+    function ()
+        awful.prompt.run {
+            prompt       = "Run Lua code: ",
+            textbox      = awful.screen.focused().mypromptbox.widget,
+            exe_callback = awful.util.eval,
+            history_path = awful.util.get_cache_dir() .. "/history_eval"
+        }
+    end,
+                                                                                                      {description = "lua execute prompt", group = "awesome"}),
+    -- Menubar
+    awful.key({ modkey }, "p", function() menubar.show() end,                                         {description = "show the menubar", group = "launcher"}),
+
+    -- Lanceurs perso
+    awful.key({ modkey            }, "F1",  function () awful.util.spawn("firefox") end,              {description = "Lance Firefox", group = "Lanceurs personnels"}),
+    awful.key({ modkey            }, "F2",  function () awful.util.spawn("firefox") end,              {description = "Lance Firefox", group = "Lanceurs personnels"}),
+    awful.key({ modkey            }, "F3",  function () awful.util.spawn("gqrx") end,                 {description = "Lance gqrx", group = "Lanceurs personnels"}),
+    awful.key({ modkey            }, "F4",  function () awful.util.spawn("chromium") end,             {description = "Lance Chromium", group = "Lanceurs personnels"}),
+    awful.key({ modkey            }, "F5",  function () awful.util.spawn("spacefm") end,              {description = "Lance spacefm", group = "Lanceurs personnels"}),
+    awful.key({ modkey            }, "F6",  function () awful.util.spawn("vlc") end,                  {description = "Lance vlc", group = "Lanceurs personnels"}),
+    awful.key({ modkey            }, "F7",  function () awful.util.spawn("claws-mail") end,           {description = "Lance claws", group = "Lanceurs personnels"}),
+    awful.key({ modkey            }, "F11", function () awful.util.spawn("xrandr-auto") end,          {description = "Lance le script xrandr-auto", group = "Lanceurs personnels"}),
+    awful.key({ modkey            }, "F12", function () awful.util.spawn("slock") end,                {description = "Verouille la session avec slock", group = "Lanceurs personnels"}),
+    awful.key({ modkey, "Shift"   }, "F1",  function () awful.util.spawn("claws-mail") end,           {description = "Lance claws", group = "Lanceurs personnels"}),
+    awful.key({ modkey, "Shift"   }, "F3",  function () awful.util.spawn("pcmanfm") end,              {description = "Lance pcmanfm", group = "Lanceurs personnels"}),
+    awful.key({ modkey, "Shift"   }, "F6",  function () awful.util.spawn("clementine") end,           {description = "Lance clementine", group = "Lanceurs personnels"}),
+    awful.key({ modkey, "Shift"   }, "F11", function () awful.util.spawn("xrandr-auto-2") end,        {description = "Lance le script xrandr-auto-2", group = "Lanceurs personnels"}),
+    awful.key({ modkey  }, "l", function () awful.util.spawn("slock systemctl suspend -i") end, {description = "Verouille la session avec slock", group = "Lanceurs personnels"})
+    --  awful.key({ modkey, "Shift"   }, "F11", function () awful.util.spawn("/home/taeradan/bin/xrandr-left") end),
+    --  awful.key({ modkey, "Control" }, "F11", function () awful.util.spawn("/home/taeradan/bin/xrandr-right") end),
+)
+
+clientkeys = awful.util.table.join(
+    awful.key({ modkey,           }, "f", function (c) c.fullscreen = not c.fullscreen c:raise() end, {description = "toggle fullscreen", group = "client"}),
+    awful.key({ modkey, "Shift"   }, "c",      function (c) c:kill()                         end,     {description = "close", group = "client"}),
+    awful.key({ modkey, "Control" }, "space",  awful.client.floating.toggle                     ,     {description = "toggle floating", group = "client"}),
+    awful.key({ modkey, "Control" }, "Return", function (c) c:swap(awful.client.getmaster()) end,     {description = "move to master", group = "client"}),
+    awful.key({ modkey,           }, "o",      function (c) c:move_to_screen()               end,     {description = "move to screen", group = "client"}),
+    awful.key({ modkey,           }, "t",      function (c) c.ontop = not c.ontop            end,     {description = "toggle keep on top", group = "client"}),
+    awful.key({ modkey,           }, "n",      function (c) --[[ The client currently has the input focus, so it cannot be minimized, since minimized clients can't have the focus. ]]  c.minimized = true end ,
+                                                                                                      {description = "minimize", group = "client"}),
+    awful.key({ modkey,           }, "m", function (c) c.maximized = not c.maximized c:raise() end ,  {description = "maximize", group = "client"})
+)
+
+-- Bind all key numbers to tags.
+-- Be careful: we use keycodes to make it works on any keyboard layout.
+-- This should map on the top row of your keyboard, usually 1 to 9.
+for i = 1, 9 do
+    globalkeys = awful.util.table.join(
+        globalkeys,
+        -- View tag only.
+        awful.key(
+            { modkey },
+            "#" .. i + 9,
+            function ()
+                local screen = awful.screen.focused()
+                local tag = screen.tags[i]
+                if tag then
+                    tag:view_only()
+                end
+            end,
+            {description = "view tag #"..i, group = "tag"}
+        ),
+        -- Toggle tag display.
+        awful.key(
+            { modkey, "Control" },
+            "#" .. i + 9,
+            function ()
+                local screen = awful.screen.focused()
+                local tag = screen.tags[i]
+                if tag then
+                    awful.tag.viewtoggle(tag)
+                end
+            end,
+            {description = "toggle tag #" .. i, group = "tag"}
+        ),
+        -- Move client to tag.
+        awful.key(
+            { modkey, "Shift" },
+            "#" .. i + 9,
+            function ()
+                if client.focus then
+                    local tag = client.focus.screen.tags[i]
+                    if tag then
+                        client.focus:move_to_tag(tag)
+                    end
+                end
+            end,
+            {description = "move focused client to tag #"..i, group = "tag"}
+        ),
+        -- Toggle tag on focused client.
+        awful.key(
+            { modkey, "Control", "Shift" },
+            "#" .. i + 9,
+            function ()
+                if client.focus then
+                    local tag = client.focus.screen.tags[i]
+                    if tag then
+                        client.focus:toggle_tag(tag)
+                    end
+                end
+            end,
+            {description = "toggle focused client on tag #" .. i, group = "tag"}
+        )
+    )
+end
+
+clientbuttons = awful.util.table.join(
+awful.button({ }, 1, function (c) client.focus = c; c:raise() end),
+awful.button({ modkey }, 1, awful.mouse.client.move),
+awful.button({ modkey }, 3, awful.mouse.client.resize))
+
+-- Set keys
+root.keys(globalkeys)
+-- }}}
+
+-- {{{ Rules
+-- Rules to apply to new clients (through the "manage" signal).
+awful.rules.rules = {
+    -- All clients will match this rule.
+    {
+        rule = { },
+        properties = {
+            border_width = beautiful.border_width,
+            border_color = beautiful.border_normal,
+            focus = awful.client.focus.filter,
+            raise = true,
+            keys = clientkeys,
+            buttons = clientbuttons,
+            screen = awful.screen.preferred,
+            placement = awful.placement.no_overlap+awful.placement.no_offscreen
+          }
+      },
+      -- Floating clients.
+      {
+          rule_any = {
+              instance = {
+                  "DTA",  -- Firefox addon DownThemAll.
+                  "copyq",  -- Includes session name in class.
+              },
+              class = {
+                  "Arandr",
+                  "Gpick",
+                  "Kruler",
+                  "MessageWin",  -- kalarm.
+                  "Sxiv",
+                  "Wpa_gui",
+                  "pinentry",
+                  "veromix",
+                  "xtightvncviewer"
+              },
+              name = {
+                  "Event Tester",  -- xev.
+              },
+              role = {
+                  "AlarmWindow",  -- Thunderbird's calendar.
+                  "pop-up",       -- e.g. Google Chrome's (detached) Developer Tools.
+              }
+          },
+          properties = { floating = true }
+      },
+
+      -- Add titlebars to normal clients and dialogs
+      {
+          rule_any = {
+              type = { "normal", "dialog" }
+          },
+          properties = { titlebars_enabled = false }
+      },
+
+      -- Set Firefox to always map on the tag named "2" on screen 1.
+      -- { rule = { class = "Firefox" },
+      --   properties = { screen = 1, tag = "2" } },
+}
+-- }}}
+
+-- {{{ Signals
+-- Signal function to execute when a new client appears.
+client.connect_signal(
+    "manage",
+    function (c)
+        --[[ Set the windows at the slave, i.e. put it at the end of others instead of setting it master.]]
+        -- if not awesome.startup then awful.client.setslave(c) end
+
+        if awesome.startup and
+            not c.size_hints.user_position
+            and not c.size_hints.program_position then
+            --[[ Prevent clients from being unreachable after screen count changes.]]
+            awful.placement.no_offscreen(c)
+        end
+    end
+)
+
+-- Add a titlebar if titlebars_enabled is set to true in the rules.
+client.connect_signal(
+    "request::titlebars",
+    function(c)
+        -- buttons for the titlebar
+        local buttons = awful.util.table.join(
+            awful.button(
+                { },
+                1,
+                function()
+                    client.focus = c
+                    c:raise()
+                    awful.mouse.client.move(c)
+                end
+            ),
+            awful.button(
+                { },
+                3,
+                function()
+                    client.focus = c
+                    c:raise()
+                    awful.mouse.client.resize(c)
+                end
+            )
+        )
+
+        awful.titlebar(c) : setup {
+            { -- Left
+                awful.titlebar.widget.iconwidget(c),
+                buttons = buttons,
+                layout  = wibox.layout.fixed.horizontal
+            },
+            { -- Middle
+                { -- Title
+                    align  = "center",
+                    widget = awful.titlebar.widget.titlewidget(c)
+                },
+                buttons = buttons,
+                layout  = wibox.layout.flex.horizontal
+            },
+            { -- Right
+                awful.titlebar.widget.floatingbutton (c),
+                awful.titlebar.widget.maximizedbutton(c),
+                awful.titlebar.widget.stickybutton   (c),
+                awful.titlebar.widget.ontopbutton    (c),
+                awful.titlebar.widget.closebutton    (c),
+                layout = wibox.layout.fixed.horizontal()
+            },
+            layout = wibox.layout.align.horizontal
+        }
+    end
+)
+
+-- Enable sloppy focus, so that focus follows mouse.
+client.connect_signal(
+    "mouse::enter",
+    function(c)
+        if awful.layout.get(c.screen) ~= awful.layout.suit.magnifier
+        and awful.client.focus.filter(c) then
+            client.focus = c
+        end
+    end
+)
+
+client.connect_signal("focus", function(c) c.border_color = beautiful.border_focus end)
+client.connect_signal("unfocus", function(c) c.border_color = beautiful.border_normal end)
+-- }}}
+
+-- Au démarrage
+awful.util.spawn_with_shell("xrandr-auto || true")
+-- awful.util.spawn_with_shell("gnome-sound-applet")
+-- awful.util.spawn_with_shell("nm-applet")

services.nix

@@ -1,31 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  # Sécurité & Acces distant
-
-  ## Augmentation de l'entropie du système par un générateur de nombres aléatoires
-  ## cat /proc/sys/kernel/random/entropy_avail
-  services.haveged = {
-    enable = true;
-    refill_threshold = 2048;
-  };
-
-  ## OpenSSH daemon
-  services.openssh = {
-    enable = true;
-  };
-
-  # Enable CUPS to print documents.
-  services.printing = {
-    enable = true;
-    drivers = [ pkgs.samsung-unified-linux-driver ];
-  };
-
-  # Monitoring
-
-  ## Noeud de supervision munin = pas de stockage des données locales
-
-  services.munin-node = {
-    enable = true;
-  };
-}

services/default.nix

@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+let
+  #inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+{
+  imports = [
+    # installées systématiquement
+    ./gpm.nix
+    ./haveged.nix
+    ./monitoring-munin.nix
+    ./ssh.nix
+    ./yubikey.nix
+
+    # commandées par config-generator
+    ## option de configuration spécifique
+    ./print.nix             # configuration de base de cups
+    ./docker.nix            # activer docker
+    ./elasticsearch.nix     # service de stockage et recher de données
+    ./hoogle.nix            # service hoogle pour haskell
+    ./hydra-build.nix       # service de construction de paquet. -> la machine compile des paquets
+    ./hydra-core.nix        # service pour l'instance d'hydra
+    ./kibana.nix            # service de visualisation de données stockées dans elasticsearch
+    # TODO: réactiver locate
+    #./locate.nix            # service locate
+    ./nixos-manual.nix      # documentation nixos sur TTY
+    ./virtualbox.nix        # activer virtualbox
+    ./xmonad/xmonad.nix     # pour le gestionaire de fenêtre xmonad
+
+    ## if isDesktop
+    ./pulseaudio.nix        # activation du serveur audio
+    ./pipewire.nix        # activation du serveur audio
+    ./scanner.nix           # utilisation d'un scanner
+    ./x11.nix               # activation du serveur graphique X
+  ];
+}

services/docker.nix

@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.docker {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    # Ecosystème Docker
+    docker
+    docker-compose
+    lazydocker
+  ];
+
+  virtualisation.docker.enable = true;
+}

services/elasticsearch.nix

@@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.elasticsearch {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+  ];
+
+  # Services
+
+  ## E : http://localhost:9200/_cat/indices?v
+  services.elasticsearch = {
+    enable = true;
+    port = 9200;
+    listenAddress = "127.0.0.1";
+    #listenAddress = "_site_";
+  };
+
+  # Réseau
+  # -> Aucun port n'est ouvert caril est recommandé de mettre un proxy HTTP devant
+  networking.firewall = {
+    allowedTCPPorts = [
+    ];
+    allowedUDPPorts = [
+    ];
+  };
+}

services/gpm.nix

@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf true {
+
+  # prise en charge de la souris en console
+  services.gpm.enable = true;
+}

services/haveged.nix

@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf true {
+
+  # Sécurité & Accès distant
+  # Services
+
+  ## Augmentation de l'entropie du système par un générateur de nombres aléatoires
+  ## cat /proc/sys/kernel/random/entropy_avail
+  services.haveged = {
+    enable = true;
+    refill_threshold = 2048;
+  };
+}

services/hoogle.nix

@@ -0,0 +1,16 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.developpement-haskell {
+
+  services.hoogle = {
+    enable = true;
+    port = 10080;
+  };
+}

services/hydra-build.nix

@@ -0,0 +1,54 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+# TODO: ménage
+mkIf flags.hydra-builder {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    kvm
+    qemu
+    virtualbox
+  ];
+
+  # Services
+
+  ## Services de virtualisation utilisé pour les tests hydra
+  virtualisation = {
+    docker.enable = true;
+    libvirtd = {
+      enable = true;
+    };
+    virtualbox = {
+      #guest.enable = true;
+      host.enable = true;
+      host.headless = true;
+    };
+  };
+
+  ## Ménage automatique tous les jours - Frequent garbage collection is a good idea for build machines.
+  nix.gc = {
+    automatic = true;
+    dates = "*:0/30";
+  };
+
+  # users.users."hydrabld" = {
+  #   description = "Execution des jobs hydra";
+  #   group = "nixbld";
+  #   extraGroups = [
+  #     "docker"
+  #     "nixbld"
+  #     "vboxusers"
+  #   ];
+  #   isNormalUser = true;  # devrait être à false: TODO débugger la conf ssh & users pour que ça marche en user système
+
+  #   openssh.authorizedKeys.keys = [
+  #     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYpjcWJCf8dXpv2LmoIaNVbwZXEC50QUU6Az+lqeD89 hydra radx"
+  #   ];
+  # };
+}

services/hydra-core.nix

@@ -0,0 +1,95 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+
+
+  #### https://github.com/NixOS/hydra/issues/413
+  # Note that we use 'import <nixpkgs> {}' instead of 'pkgs'.
+  # If we use the latter we get an infinite recursion
+  # because we include hydra-src in the module imports below which in turn defines the 'pkgs' value.
+  #hydra-src = (import <nixpkgs> {}).fetchgit {
+  #  url = "https://github.com/NixOS/hydra.git";
+  #  rev = "de55303197d997c4fc5503b52b1321ae9528583d";
+  #  sha256 = "0nimqsbpjxfwha6d5gp6a7jh50i83z1llmx30da4bscsic8z1xly";
+  #};
+
+  #hydra-src-pkg = lib.mkDefault ((import (hydra-src + /release.nix) {}).build.x86_64-linux);
+
+  # information pour l'état de hydra :
+  # hydra-queue-runner --status | json_pp
+in
+# TODO: passe de ménage
+mkIf flags.hydra-core {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+  ];
+
+  # Documentation HYDRA
+
+  ## Installation
+
+  # 1. créer clef SSH :
+  #	ssh-keygen -C "hydra@pedro.dubronetwork.fr" -N "" -f /etc/nixos/id_buildfarm
+  # 2. récupérer la clef publique du serveur ssh + l'ajouter dans les `knownHosts` :
+  #	ssh-keyscan localhost
+  # 3. créer un utilisateur pour gérer hydra
+  #	su - hydra
+  #	hydra-create-user jpierre03 --password xxx --role 'admin'
+  # 4. relancer hydra
+  # 5. ajouter un vhost à nginx
+  # 6. relancer nginx
+  # 7. le service accessible à hydra.<nom de machine>
+
+  ## Tutoriel
+  # * https://github.com/peti/hydra-tutorial
+
+  # Services
+
+  ## Hydra
+
+  services.hydra = {
+    enable = true;
+    hydraURL = "http://hydra.${config.networking.fqdn}";
+    notificationSender = "hydra@${config.networking.fqdn}";
+    listenHost = "localhost";
+    minimumDiskFree = 50; # Go
+    smtpHost = "localhost";
+    #package = hydra-src-pkg ;
+  };
+
+  systemd.services.hydra-evaluator.serviceConfig.Nice = -19;
+
+  #systemd.services.hydra-evaluator = {
+  #  path = [ pkgs.nettools config.services.hydra.package ];
+  #};
+
+  ## Ménage
+  #nix.gc.automatic = true;
+
+  ## Délégation des actions de compilation à la ferme de compilation
+
+  ### Machines connues
+
+  programs.ssh.knownHosts = {
+    "hydra.prunetwork.fr".publicKey     = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDYrZu31+/ybhel7LNPNgsALEoMHwTc1OiTcmJnXZ3He";
+    "monstre.dubronetwork.fr".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTTrLhq1Cwm0rpnwEIxSLqVrJWZnt+/9dt+SKd8NiIc";
+    "pedro.dubronetwork.fr".publicKey   = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM7fjo2ysLqlfSo6BKnc6I6m1ayoPrbwEEyTKZmUzsOD";
+    "ocean.prunetwork.fr".publicKey     = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINCaRuTl8iCTUE4XInOpkSlwQj5Re4w4Iq+gNIlJe8pA";
+    "radx.prunetwork.fr".publicKey      = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyoXdTEnxSgZTMfRfVH+bpOGZJtJpydAijcRGsZik7U";
+    "rollo.dubronetwork.fr".publicKey   = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID4lWgS/sVdcZvnAAN+lBSOcCL9ISdAUsjp1kh9lalNu";
+  };
+
+  ### La liste des machines utilisées
+  nix = {
+    distributedBuilds = false;
+    buildMachines = [
+    #      { hostName = "pedro.dubronetwork.fr"; maxJobs = 5; speedFactor = 10; sshKey = "/etc/nixos/id_buildfarm"; sshUser = "root"; system = "x86_64-linux"; }
+    ];
+    extraOptions = "auto-optimise-store = true";
+  };
+}

services/kibana.nix

@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.kibana {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+  ];
+
+  # Services
+
+  # K : http://localhost:8000
+  services.kibana = {
+    enable = true;
+    elasticsearch.url = "http://127.0.0.1:9200";
+    port = 8000;
+  };
+
+  # Réseau
+  # -> Aucun port n'est ouvert caril est recommandé de mettre un proxy HTTP devant
+  networking.firewall = {
+    allowedTCPPorts = [
+    ];
+    allowedUDPPorts = [
+    ];
+  };
+}

services/locate.nix

@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf flags.locate {
+
+  # Services
+  services.locate = {
+    enable = true;
+    interval = "hourly";
+  };
+}

services/monitoring-munin.nix

@@ -0,0 +1,86 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.fqdn}";
+  flags = currentMachine.configurationFlags;
+in
+
+# TODO: changer adresse mail
+mkIf flags.munin {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    bc
+    mailutils
+  ];
+
+  # Services
+
+  ## Noeud de supervision munin = pas de stockage des données locales
+  services.munin-node = {
+    enable = true;
+    extraConfig = ''
+      # Ignore the apc_nis plugin, as it throws errors as I don't have an UPS.
+      # It's there because munin-node-configure is called with the contrib group,
+      # and the plugin has no method to check whether there's a compatible UPS available.
+      ignore_file ^apc_nis$
+
+      ignore_file ^sensors_-wrapped$
+      ignore_file ^.sensors_-wrapped$
+    '';
+    extraPlugins = {
+      chrony = /etc/nixos/base/services/munin-chrony;
+      chrony_tracking_stratum = /etc/nixos/base/services/munin-chrony-tracking-stratum;
+      chrony_tracking_ppm = /etc/nixos/base/services/munin-chrony-tracking-ppm;
+      chrony_tracking_time_ = /etc/nixos/base/services/munin-chrony-tracking-time;
+      chrony_tracking_time_root = /etc/nixos/base/services/munin-chrony-tracking-time-root;
+      chrony_tracking_update_time = /etc/nixos/base/services/munin-chrony-tracking-update-time;
+    };
+  };
+  systemd.services.munin-node = {
+    path = with pkgs; [ munin lm_sensors ];
+    serviceConfig.TimeoutStartSec = "3min";
+  };
+  users.extraUsers.munin = {
+    #extraGroups = [ "postfix" "root" ];
+    extraGroups = [ "postfix" ];
+  };
+
+  # chmod a+rX -Rv /var/lib/postfix/queue/
+
+  ## Munin server -- generate /var/www/munin
+  services.munin-cron = {
+    enable = true;
+    hosts = ''
+      [${config.networking.fqdn}]
+        address 127.0.0.1
+        df._dev_sda2.warning 35
+        use_node_name yes
+        #contacts syslog
+        contacts email
+    '';
+    # http://sametmax.com/monitorez-vos-serveurs-avec-munin-et-notifications-par-email/
+    # http://guide.munin-monitoring.org/en/latest/tutorial/alert.html#syntax-of-warning-and-critical
+    extraGlobalConfig = ''
+      #---
+      #contact.email.command ${pkgs.mutt}/bin/mutt -F /etc/nixos/base/services/munin-muttrc  -s "Munin notification for ${config.networking.fqdn}" root@ocean.prunetwork.fr
+      contact.email.command  /run/current-system/sw/bin/mutt -F /etc/nixos/base/services/munin-muttrc  -s "Munin notification for ${config.networking.fqdn}" root@ocean.prunetwork.fr
+      contact.syslog.command /run/current-system/sw/bin/logger -p user.crit                 -t "Munin notification for ${config.networking.fqdn}"
+
+      #---
+      contact.email.always_send ok,warning,critical,unknown
+      contact.syslog.always_send ok,warning,critical,unknown
+    '';
+  };
+
+  # Réseau
+  networking.firewall = {
+    allowedTCPPorts = [
+      #8000
+    ];
+    allowedUDPPorts = [
+    ];
+  };
+}

services/munin-chrony

@@ -0,0 +1,123 @@
+#!/bin/sh
+
+: <<=cut
+
+=head1 NAME
+
+parse Chrony Tracking output for timeserver status information
+
+=head1 APPLICABLE SYSTEMS
+
+Any system with a local chronyd service.
+
+=head1 CONFIGURATION
+
+No configuration.
+
+=head1 MAGIC MARKERS
+
+  #%# family=auto
+  #%# capabilities=autoconf
+
+=head1 VERSION
+
+Revision 0.1 2008/08/23 13:06:00 joti
+
+  First version only chronyc tracking, autodetection included.
+
+Revision 0.2 2008/10/11 16:09:00 joti
+
+  Added scaling of other values to match with frequency, added more description to fields
+
+Revision 0.3 2014/02/16 zjttoefs
+
+  reduce forking by using awk
+  do not limit output precision
+  add stratum monitoring
+  detect slow/fast time or freqency and adjust sign of value accordingly
+  remove commented out code
+
+Revision 0.4 2016/11/10 Lars Kruse
+
+  rewrite field handling
+  use "which" for "chronyc" location
+  switch from "bash" to "sh"
+  fix exit code of failing "autoconf"
+
+=head1 AUTHOR
+
+  joti
+  zjttoefs
+  Lars Kruse <devel@sumpfralle.de>
+
+=cut
+
+CHRONYC="$(which chronyc | head -1)"
+
+# Frequency has extremely higher values than other. Therefore they are fitted by scaling via suitable factors.
+# field definitions:
+#   - munin fieldname
+#   - factor for graph visualization (all values are supposed to reach a similar dimension)
+#   - regular expression of the chrony output line (may not contain whitespace, case insensitive)
+#   - label (may include "%d" for including the factor; may contain whitespace)
+fields="stratum		1	^Stratum		Stratum
+	systime		1000000	^System.time		System Time (us)
+	offsetlast	1000000	^Last.offset		Last Offset (us)
+	offsetrms	1000000	^RMS.offset		RMS Offset (us)
+	frequency	1	^Frequency		Frequency (ppm)
+	residualfreq	1	^Residual.freq		Residual Freq (ppm)
+	skew		1	^Skew			Skew (ppm)
+	rootdelay	1000000	^Root.delay		Root Delay (us)
+	rootdispersion	1000000	^Root.dispersion	Root Dispersion (us)
+	updateinterval	1	^Update.interval	Update Interval (s)"
+
+# chrony example output (v2.4.1):
+#   Reference ID    : 131.188.3.221 (ntp1.rrze.uni-erlangen.de)
+#   Stratum         : 2
+#   Ref time (UTC)  : Thu Nov 10 22:39:50 2016
+#   System time     : 0.000503798 seconds slow of NTP time
+#   Last offset     : +0.000254355 seconds
+#   RMS offset      : 0.002186779 seconds
+#   Frequency       : 17.716 ppm slow
+#   Residual freq   : +0.066 ppm
+#   Skew            : 4.035 ppm
+#   Root delay      : 0.042980 seconds
+#   Root dispersion : 0.005391 seconds
+#   Update interval : 258.4 seconds
+#   Leap status     : Normal
+
+
+if [ "$1" = "autoconf" ]; then
+	if [ -n "$CHRONYC" ] && [ -x "$CHRONYC" ]; then
+		echo yes
+	else
+		echo "no (missing 'chronyc' executable)"
+	fi
+	exit 0
+fi
+
+if [ "$1" = "config" ]; then
+	echo 'graph_title Chrony Tracking Stats'
+	echo 'graph_args --base 1000 -l 0'
+	echo 'graph_vlabel (time,ppm)'
+	echo 'graph_category time'
+	echo 'graph_scale no'
+	echo "$fields" | while read fieldname factor regex label; do
+		# insert the factor, if "%d" is part of the label
+		printf "${fieldname}.label $label\n" "$factor"
+		echo "${fieldname}.type GAUGE"
+	done
+	exit 0
+fi
+
+chrony_status="$("$CHRONYC" tracking)"
+echo "$fields" | while read fieldname factor regex label; do
+	status_line="$(echo "$chrony_status" | grep -i -- "$regex " | cut -d ":" -f 2-)"
+	if [ -z "$status_line" ]; then
+		value="U"
+	else
+		# the keyword "slow" indicates negative values
+		value="$(echo "$status_line" | awk '{ /slow/ ? SIGN=-1 : SIGN=1; print $1 * SIGN * '"$factor"' }')"
+	fi
+	echo "${fieldname}.value $value"
+done

services/munin-chrony-tracking-ppm

@@ -0,0 +1,116 @@
+#!/bin/sh
+
+: <<=cut
+
+=head1 NAME
+
+parse Chrony Tracking output for timeserver status information
+
+=head1 APPLICABLE SYSTEMS
+
+Any system with a local chronyd service.
+
+=head1 CONFIGURATION
+
+No configuration.
+
+=head1 MAGIC MARKERS
+
+  #%# family=auto
+  #%# capabilities=autoconf
+
+=head1 VERSION
+
+Revision 0.1 2008/08/23 13:06:00 joti
+
+  First version only chronyc tracking, autodetection included.
+
+Revision 0.2 2008/10/11 16:09:00 joti
+
+  Added scaling of other values to match with frequency, added more description to fields
+
+Revision 0.3 2014/02/16 zjttoefs
+
+  reduce forking by using awk
+  do not limit output precision
+  add stratum monitoring
+  detect slow/fast time or freqency and adjust sign of value accordingly
+  remove commented out code
+
+Revision 0.4 2016/11/10 Lars Kruse
+
+  rewrite field handling
+  use "which" for "chronyc" location
+  switch from "bash" to "sh"
+  fix exit code of failing "autoconf"
+
+=head1 AUTHOR
+
+  joti
+  zjttoefs
+  Lars Kruse <devel@sumpfralle.de>
+
+=cut
+
+CHRONYC="$(which chronyc | head -1)"
+
+# Frequency has extremely higher values than other. Therefore they are fitted by scaling via suitable factors.
+# field definitions:
+#   - munin fieldname
+#   - factor for graph visualization (all values are supposed to reach a similar dimension)
+#   - regular expression of the chrony output line (may not contain whitespace, case insensitive)
+#   - label (may include "%d" for including the factor; may contain whitespace)
+fields="frequency	1	^Frequency		Local Clock Frequency Drift (ppm)
+	residualfreq	1	^Residual.freq		Residual Freq (ppm)
+	skew		1	^Skew			Skew (ppm)"
+
+# chrony example output (v2.4.1):
+#   Reference ID    : 131.188.3.221 (ntp1.rrze.uni-erlangen.de)
+#   Stratum         : 2
+#   Ref time (UTC)  : Thu Nov 10 22:39:50 2016
+#   System time     : 0.000503798 seconds slow of NTP time
+#   Last offset     : +0.000254355 seconds
+#   RMS offset      : 0.002186779 seconds
+#   Frequency       : 17.716 ppm slow
+#   Residual freq   : +0.066 ppm
+#   Skew            : 4.035 ppm
+#   Root delay      : 0.042980 seconds
+#   Root dispersion : 0.005391 seconds
+#   Update interval : 258.4 seconds
+#   Leap status     : Normal
+
+
+if [ "$1" = "autoconf" ]; then
+	if [ -n "$CHRONYC" ] && [ -x "$CHRONYC" ]; then
+		echo yes
+	else
+		echo "no (missing 'chronyc' executable)"
+	fi
+	exit 0
+fi
+
+if [ "$1" = "config" ]; then
+	echo 'graph_title Chrony Tracking Stats - Frequencies stability'
+	echo 'graph_args --base 1000 -l 0'
+	echo 'graph_vlabel (ppm)'
+	echo 'graph_category time'
+	echo 'graph_scale no'
+	echo "$fields" | while read fieldname factor regex label; do
+		# insert the factor, if "%d" is part of the label
+		printf "${fieldname}.label $label\n" "$factor"
+		echo "${fieldname}.type GAUGE"
+	done
+	exit 0
+fi
+
+chrony_status="$("$CHRONYC" tracking)"
+echo "$fields" | while read fieldname factor regex label; do
+	status_line="$(echo "$chrony_status" | grep -i -- "$regex " | cut -d ":" -f 2-)"
+	if [ -z "$status_line" ]; then
+		value="U"
+	else
+		# the keyword "slow" indicates negative values
+		value="$(echo "$status_line" | awk '{ /slow/ ? SIGN=-1 : SIGN=1; print $1 * SIGN * '"$factor"' }')"
+	fi
+	echo "${fieldname}.value $value"
+done

services/munin-chrony-tracking-stratum

@@ -0,0 +1,116 @@
+#!/bin/sh
+
+: <<=cut
+
+=head1 NAME
+
+parse Chrony Tracking output for timeserver status information
+
+=head1 APPLICABLE SYSTEMS
+
+Any system with a local chronyd service.
+
+=head1 CONFIGURATION
+
+No configuration.
+
+=head1 MAGIC MARKERS
+
+  #%# family=auto
+  #%# capabilities=autoconf
+
+=head1 VERSION
+
+Revision 0.1 2008/08/23 13:06:00 joti
+
+  First version only chronyc tracking, autodetection included.
+
+Revision 0.2 2008/10/11 16:09:00 joti
+
+  Added scaling of other values to match with frequency, added more description to fields
+
+Revision 0.3 2014/02/16 zjttoefs
+
+  reduce forking by using awk
+  do not limit output precision
+  add stratum monitoring
+  detect slow/fast time or freqency and adjust sign of value accordingly
+  remove commented out code
+
+Revision 0.4 2016/11/10 Lars Kruse
+
+  rewrite field handling
+  use "which" for "chronyc" location
+  switch from "bash" to "sh"
+  fix exit code of failing "autoconf"
+
+=head1 AUTHOR
+
+  joti
+  zjttoefs
+  Lars Kruse <devel@sumpfralle.de>
+
+=cut
+
+CHRONYC="$(which chronyc | head -1)"
+
+# Frequency has extremely higher values than other. Therefore they are fitted by scaling via suitable factors.
+# field definitions:
+#   - munin fieldname
+#   - factor for graph visualization (all values are supposed to reach a similar dimension)
+#   - regular expression of the chrony output line (may not contain whitespace, case insensitive)
+#   - label (may include "%d" for including the factor; may contain whitespace)
+fields="stratum		1	^Stratum		Stratum"
+
+# chrony example output (v2.4.1):
+#   Reference ID    : 131.188.3.221 (ntp1.rrze.uni-erlangen.de)
+#   Stratum         : 2
+#   Ref time (UTC)  : Thu Nov 10 22:39:50 2016
+#   System time     : 0.000503798 seconds slow of NTP time
+#   Last offset     : +0.000254355 seconds
+#   RMS offset      : 0.002186779 seconds
+#   Frequency       : 17.716 ppm slow
+#   Residual freq   : +0.066 ppm
+#   Skew            : 4.035 ppm
+#   Root delay      : 0.042980 seconds
+#   Root dispersion : 0.005391 seconds
+#   Update interval : 258.4 seconds
+#   Leap status     : Normal
+
+
+if [ "$1" = "autoconf" ]; then
+	if [ -n "$CHRONYC" ] && [ -x "$CHRONYC" ]; then
+		echo yes
+	else
+		echo "no (missing 'chronyc' executable)"
+	fi
+	exit 0
+fi
+
+if [ "$1" = "config" ]; then
+	echo 'graph_title Chrony Tracking Stats - Stratum'
+	echo 'graph_args --base 1000 -l 0'
+	echo 'graph_vlabel (stratum)'
+	echo 'graph_category time'
+	echo 'graph_scale no'
+	echo 'stratum.warning 8'
+	echo 'stratum.critical 11'
+	echo "$fields" | while read fieldname factor regex label; do
+		# insert the factor, if "%d" is part of the label
+		printf "${fieldname}.label $label\n" "$factor"
+		echo "${fieldname}.type GAUGE"
+	done
+	exit 0
+fi
+
+chrony_status="$("$CHRONYC" tracking)"
+echo "$fields" | while read fieldname factor regex label; do
+	status_line="$(echo "$chrony_status" | grep -i -- "$regex " | cut -d ":" -f 2-)"
+	if [ -z "$status_line" ]; then
+		value="U"
+	else
+		# the keyword "slow" indicates negative values
+		value="$(echo "$status_line" | awk '{ /slow/ ? SIGN=-1 : SIGN=1; print $1 * SIGN * '"$factor"' }')"
+	fi
+	echo "${fieldname}.value $value"
+done

services/munin-chrony-tracking-time

@@ -0,0 +1,118 @@
+#!/bin/sh
+
+: <<=cut
+
+=head1 NAME
+
+parse Chrony Tracking output for timeserver status information
+
+=head1 APPLICABLE SYSTEMS
+
+Any system with a local chronyd service.
+
+=head1 CONFIGURATION
+
+No configuration.
+
+=head1 MAGIC MARKERS
+
+  #%# family=auto
+  #%# capabilities=autoconf
+
+=head1 VERSION
+
+Revision 0.1 2008/08/23 13:06:00 joti
+
+  First version only chronyc tracking, autodetection included.
+
+Revision 0.2 2008/10/11 16:09:00 joti
+
+  Added scaling of other values to match with frequency, added more description to fields
+
+Revision 0.3 2014/02/16 zjttoefs
+
+  reduce forking by using awk
+  do not limit output precision
+  add stratum monitoring
+  detect slow/fast time or freqency and adjust sign of value accordingly
+  remove commented out code
+
+Revision 0.4 2016/11/10 Lars Kruse
+
+  rewrite field handling
+  use "which" for "chronyc" location
+  switch from "bash" to "sh"
+  fix exit code of failing "autoconf"
+
+=head1 AUTHOR
+
+  joti
+  zjttoefs
+  Lars Kruse <devel@sumpfralle.de>
+
+=cut
+
+CHRONYC="$(which chronyc | head -1)"
+
+# Frequency has extremely higher values than other. Therefore they are fitted by scaling via suitable factors.
+# field definitions:
+#   - munin fieldname
+#   - factor for graph visualization (all values are supposed to reach a similar dimension)
+#   - regular expression of the chrony output line (may not contain whitespace, case insensitive)
+#   - label (may include "%d" for including the factor; may contain whitespace)
+fields="systime		1000000	^System.time		System Time (us)
+	offsetlast	1000000	^Last.offset		Last Offset (us)
+	offsetrms	1000000	^RMS.offset		RMS Offset (us)
+	rootdelay	1000000	^Root.delay		Root Delay (us)
+	rootdispersion	1000000	^Root.dispersion	Root Dispersion (us)"
+
+# chrony example output (v2.4.1):
+#   Reference ID    : 131.188.3.221 (ntp1.rrze.uni-erlangen.de)
+#   Stratum         : 2
+#   Ref time (UTC)  : Thu Nov 10 22:39:50 2016
+#   System time     : 0.000503798 seconds slow of NTP time
+#   Last offset     : +0.000254355 seconds
+#   RMS offset      : 0.002186779 seconds
+#   Frequency       : 17.716 ppm slow
+#   Residual freq   : +0.066 ppm
+#   Skew            : 4.035 ppm
+#   Root delay      : 0.042980 seconds
+#   Root dispersion : 0.005391 seconds
+#   Update interval : 258.4 seconds
+#   Leap status     : Normal
+
+
+if [ "$1" = "autoconf" ]; then
+	if [ -n "$CHRONYC" ] && [ -x "$CHRONYC" ]; then
+		echo yes
+	else
+		echo "no (missing 'chronyc' executable)"
+	fi
+	exit 0
+fi
+
+if [ "$1" = "config" ]; then
+	echo 'graph_title Chrony Tracking Stats - Time'
+	echo 'graph_args --base 1000 -l 0'
+	echo 'graph_vlabel (time)'
+	echo 'graph_category time'
+	echo 'graph_scale no'
+	echo "$fields" | while read fieldname factor regex label; do
+		# insert the factor, if "%d" is part of the label
+		printf "${fieldname}.label $label\n" "$factor"
+		echo "${fieldname}.type GAUGE"
+	done
+	exit 0
+fi
+
+chrony_status="$("$CHRONYC" tracking)"
+echo "$fields" | while read fieldname factor regex label; do
+	status_line="$(echo "$chrony_status" | grep -i -- "$regex " | cut -d ":" -f 2-)"
+	if [ -z "$status_line" ]; then
+		value="U"
+	else
+		# the keyword "slow" indicates negative values
+		value="$(echo "$status_line" | awk '{ /slow/ ? SIGN=-1 : SIGN=1; print $1 * SIGN * '"$factor"' }')"
+	fi
+	echo "${fieldname}.value $value"
+done

services/munin-chrony-tracking-time-root

@@ -0,0 +1,115 @@
+#!/bin/sh
+
+: <<=cut
+
+=head1 NAME
+
+parse Chrony Tracking output for timeserver status information
+
+=head1 APPLICABLE SYSTEMS
+
+Any system with a local chronyd service.
+
+=head1 CONFIGURATION
+
+No configuration.
+
+=head1 MAGIC MARKERS
+
+  #%# family=auto
+  #%# capabilities=autoconf
+
+=head1 VERSION
+
+Revision 0.1 2008/08/23 13:06:00 joti
+
+  First version only chronyc tracking, autodetection included.
+
+Revision 0.2 2008/10/11 16:09:00 joti
+
+  Added scaling of other values to match with frequency, added more description to fields
+
+Revision 0.3 2014/02/16 zjttoefs
+
+  reduce forking by using awk
+  do not limit output precision
+  add stratum monitoring
+  detect slow/fast time or freqency and adjust sign of value accordingly
+  remove commented out code
+
+Revision 0.4 2016/11/10 Lars Kruse
+
+  rewrite field handling
+  use "which" for "chronyc" location
+  switch from "bash" to "sh"
+  fix exit code of failing "autoconf"
+
+=head1 AUTHOR
+
+  joti
+  zjttoefs
+  Lars Kruse <devel@sumpfralle.de>
+
+=cut
+
+CHRONYC="$(which chronyc | head -1)"
+
+# Frequency has extremely higher values than other. Therefore they are fitted by scaling via suitable factors.
+# field definitions:
+#   - munin fieldname
+#   - factor for graph visualization (all values are supposed to reach a similar dimension)
+#   - regular expression of the chrony output line (may not contain whitespace, case insensitive)
+#   - label (may include "%d" for including the factor; may contain whitespace)
+fields="rootdelay	1000000	^Root.delay		Root Delay (us)
+	rootdispersion	1000000	^Root.dispersion	Root Dispersion (us)"
+
+# chrony example output (v2.4.1):
+#   Reference ID    : 131.188.3.221 (ntp1.rrze.uni-erlangen.de)
+#   Stratum         : 2
+#   Ref time (UTC)  : Thu Nov 10 22:39:50 2016
+#   System time     : 0.000503798 seconds slow of NTP time
+#   Last offset     : +0.000254355 seconds
+#   RMS offset      : 0.002186779 seconds
+#   Frequency       : 17.716 ppm slow
+#   Residual freq   : +0.066 ppm
+#   Skew            : 4.035 ppm
+#   Root delay      : 0.042980 seconds
+#   Root dispersion : 0.005391 seconds
+#   Update interval : 258.4 seconds
+#   Leap status     : Normal
+
+
+if [ "$1" = "autoconf" ]; then
+	if [ -n "$CHRONYC" ] && [ -x "$CHRONYC" ]; then
+		echo yes
+	else
+		echo "no (missing 'chronyc' executable)"
+	fi
+	exit 0
+fi
+
+if [ "$1" = "config" ]; then
+	echo 'graph_title Chrony Tracking Stats - Root Time'
+	echo 'graph_args --base 1000 -l 0'
+	echo 'graph_vlabel (time)'
+	echo 'graph_category time'
+	echo 'graph_scale no'
+	echo "$fields" | while read fieldname factor regex label; do
+		# insert the factor, if "%d" is part of the label
+		printf "${fieldname}.label $label\n" "$factor"
+		echo "${fieldname}.type GAUGE"
+	done
+	exit 0
+fi
+
+chrony_status="$("$CHRONYC" tracking)"
+echo "$fields" | while read fieldname factor regex label; do
+	status_line="$(echo "$chrony_status" | grep -i -- "$regex " | cut -d ":" -f 2-)"
+	if [ -z "$status_line" ]; then
+		value="U"
+	else
+		# the keyword "slow" indicates negative values
+		value="$(echo "$status_line" | awk '{ /slow/ ? SIGN=-1 : SIGN=1; print $1 * SIGN * '"$factor"' }')"
+	fi
+	echo "${fieldname}.value $value"
+done

services/munin-chrony-tracking-update-time

@@ -0,0 +1,114 @@
+#!/bin/sh
+
+: <<=cut
+
+=head1 NAME
+
+parse Chrony Tracking output for timeserver status information
+
+=head1 APPLICABLE SYSTEMS
+
+Any system with a local chronyd service.
+
+=head1 CONFIGURATION
+
+No configuration.
+
+=head1 MAGIC MARKERS
+
+  #%# family=auto
+  #%# capabilities=autoconf
+
+=head1 VERSION
+
+Revision 0.1 2008/08/23 13:06:00 joti
+
+  First version only chronyc tracking, autodetection included.
+
+Revision 0.2 2008/10/11 16:09:00 joti
+
+  Added scaling of other values to match with frequency, added more description to fields
+
+Revision 0.3 2014/02/16 zjttoefs
+
+  reduce forking by using awk
+  do not limit output precision
+  add stratum monitoring
+  detect slow/fast time or freqency and adjust sign of value accordingly
+  remove commented out code
+
+Revision 0.4 2016/11/10 Lars Kruse
+
+  rewrite field handling
+  use "which" for "chronyc" location
+  switch from "bash" to "sh"
+  fix exit code of failing "autoconf"
+
+=head1 AUTHOR
+
+  joti
+  zjttoefs
+  Lars Kruse <devel@sumpfralle.de>
+
+=cut
+
+CHRONYC="$(which chronyc | head -1)"
+
+# Frequency has extremely higher values than other. Therefore they are fitted by scaling via suitable factors.
+# field definitions:
+#   - munin fieldname
+#   - factor for graph visualization (all values are supposed to reach a similar dimension)
+#   - regular expression of the chrony output line (may not contain whitespace, case insensitive)
+#   - label (may include "%d" for including the factor; may contain whitespace)
+fields="updateinterval	1	^Update.interval	Update Interval (s)"
+
+# chrony example output (v2.4.1):
+#   Reference ID    : 131.188.3.221 (ntp1.rrze.uni-erlangen.de)
+#   Stratum         : 2
+#   Ref time (UTC)  : Thu Nov 10 22:39:50 2016
+#   System time     : 0.000503798 seconds slow of NTP time
+#   Last offset     : +0.000254355 seconds
+#   RMS offset      : 0.002186779 seconds
+#   Frequency       : 17.716 ppm slow
+#   Residual freq   : +0.066 ppm
+#   Skew            : 4.035 ppm
+#   Root delay      : 0.042980 seconds
+#   Root dispersion : 0.005391 seconds
+#   Update interval : 258.4 seconds
+#   Leap status     : Normal
+
+
+if [ "$1" = "autoconf" ]; then
+	if [ -n "$CHRONYC" ] && [ -x "$CHRONYC" ]; then
+		echo yes
+	else
+		echo "no (missing 'chronyc' executable)"
+	fi
+	exit 0
+fi
+
+if [ "$1" = "config" ]; then
+	echo 'graph_title Chrony Tracking Stats - Update interval'
+	echo 'graph_args --base 1000 -l 0'
+	echo 'graph_vlabel (time)'
+	echo 'graph_category time'
+	echo 'graph_scale no'
+	echo "$fields" | while read fieldname factor regex label; do
+		# insert the factor, if "%d" is part of the label
+		printf "${fieldname}.label $label\n" "$factor"
+		echo "${fieldname}.type GAUGE"
+	done
+	exit 0
+fi
+
+chrony_status="$("$CHRONYC" tracking)"
+echo "$fields" | while read fieldname factor regex label; do
+	status_line="$(echo "$chrony_status" | grep -i -- "$regex " | cut -d ":" -f 2-)"
+	if [ -z "$status_line" ]; then
+		value="U"
+	else
+		# the keyword "slow" indicates negative values
+		value="$(echo "$status_line" | awk '{ /slow/ ? SIGN=-1 : SIGN=1; print $1 * SIGN * '"$factor"' }')"
+	fi
+	echo "${fieldname}.value $value"
+done

services/munin-muttrc

@@ -0,0 +1,3 @@
+set copy=no
+set realname = "Munin daemon"
+