ajout clef mbp pour root (car radx n'est toujours pas en route)

Makefile

@@ -1,5 +1,6 @@
 all: rebuild-switch
 	date
+##--------- Commandes spécifiques pour NixOS
 
 clean:
 	nix-collect-garbage -d --delete-older-than 15d
@@ -14,20 +15,26 @@ clean-log:
 	journalctl --vacuum-size=1G
 
 full-auto: submodules-update upgrade clean optimise
+	@date
 
 optimise:
 	nix-store --optimise
 
-push: submodules-push
-	git push --all
-	git push --tags
-
 rebuild-switch:
 	nixos-rebuild switch --fallback  --show-trace
 
 store-repair:
 	nix-store --verify --check-contents --repair
 
+upgrade:
+	nixos-rebuild switch --upgrade --fallback --show-trace
+
+##--------- Commandes spécifiques pour GIT
+
+push: submodules-push
+	git push --all
+	git push --tags
+
 submodules-update:
 	#git submodule update --remote
 	git submodule foreach git co master
@@ -40,9 +47,27 @@ submodules-push:
 submodules-tag:
 	git submodule foreach git tag -f "$$(date +%F)-$$(hostname -s)"
 
+template:
+	find . -name "*.nix" -exec meld /etc/nixos/base/module-template.nix {} \;
+
 tag: submodules-tag
 	git tag -f "$$(date +%F)-$$(hostname -s)"
 
-upgrade:
-	nixos-rebuild switch --upgrade --fallback --show-trace
+##--------- Munin
+
+munin:
+	pushd /var/www/munin/ ; python -m SimpleHTTPServer 8000
+##--------- Gestion d'un système de fichier monté en mémoire
+
+tmpfs-create:
+	mkdir -p /mnt/tmpfs
+
+tmpfs-mount: tmpfs-create
+	mount -t tmpfs -o size=10G tmpfs /mnt/tmpfs
+
+tmpfs-umount:
+	umount /mnt/tmpfs
+
+tmpfs-destroy: tmpfs-umount
+	rmdir /mnt/tmpfs
 

base.nix

@@ -1,4 +1,11 @@
-{ ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  #inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
 
 {
   imports = [

base/activation-manuelle/nix-serve-client.nix

@@ -1,20 +1,21 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf mkMerge;
-  profiles = config.r6d.profiles;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
 in
 
 mkIf cfg.nix-serve-client {
+
   nix = {
     # Cache http pour le store
     requireSignedBinaryCaches = false;
     binaryCaches =  [
-      "https://cache.nixos.org/"
+      (mkIf (profiles.isDubronetwork && (! computers.isPedro) && (! computers.isRollo)) "http://nix-cache.dubronetwork.fr:5001")
 
-      (mkIf (profiles.isDubronetwork && (! computers.isRollo)) "http://nix-cache.dubronetwork.fr:5001")
+      (mkIf profiles.isPrunetwork "https://cache.nixos.org/")
       (mkIf (profiles.isPrunetwork && !profiles.isServer) "http://192.168.1.20:5000")
     ];
     extraOptions = ''

base/activation-manuelle/nix-serve-server.nix

@@ -1,12 +1,27 @@
-{ config, pkgs, ... }:
-
-with pkgs.lib;
+{ config, lib, pkgs, ... }:
 
 let
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
-in {
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf cfg.nix-serve-server {
+
   # Cache http pour le store
 
-  services.nix-serve.enable = cfg.nix-serve-server;
-  networking.firewall.allowedTCPPorts = mkIf cfg.nix-serve-server [ 5000 ];
+  # Services
+  services.nix-serve = {
+    enable = true;
+  };
+
+  # Réseau
+  networking.firewall = {
+    allowedTCPPorts = [
+      5000
+    ];
+    allowedUDPPorts = [
+    ];
+  };
 }

base/activation-manuelle/service-fail2ban.nix

@@ -1,17 +1,28 @@
-{ config, pkgs, ... }:
-
-with pkgs.lib;
+{ config, lib, pkgs, ... }:
 
 let
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
 
   ignoreip = "pedro.dubronetwork.fr cube.dubronetwork.fr voyage.prunetwork.fr xray.prunetwork.fr 192.168.0.0/16 172.16.0.0/16";
   destemail = "admins@dubronetwork.fr";
+in
+
+mkIf cfg.fail2ban {
 
-in {
   # Gestion de fail2ban
-  
-  services = mkIf cfg.fail2ban {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    mailutils
+    whois
+  ];
+
+
+  # Services
+  services = {
     fail2ban = {
       enable = true;
       jails = {
@@ -27,13 +38,27 @@ in {
           maxretry = 3
 
           destemail = ${destemail}
+
+          # https://github.com/Baughn/nixpkgs/blob/master/nixos/modules/services/security/fail2ban.nix
+          findtime = 600
+          maxretry = 3
+          backend  = systemd
+          enabled  = true
         '';
         ssh-route = ''
           filter   = sshd
           action   = route[blocktype=blackhole]
-          maxretry = 3
         '';
+        # désactivation car souci de PATH avec les commandes mail ou sendmail. Nécessite un path motifiable
+        # ticket à ouvrir
+        #ssh-mail = ''
+        #  filter   = sshd
+        #  action   = sendmail[sendername=Fail2ban @${config.networking.hostName}]
+        #'';
       };
     };
   };
+
+  # https://github.com/NixOS/nixpkgs/issues/8437
+  services.fail2ban.jails.ssh-iptables = "enabled = true";
 }

base/base.nix

@@ -1,4 +1,11 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  #inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
 
 {
   imports = [

base/network-dns.nix

@@ -1,6 +1,14 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf true {
 
-{
   # Définition des domaines utilisés lorsque un identifiant non-FQDN est donné (ping, nslookup)
   networking = {
     search = [

config-generator.nix

@@ -1,6 +1,5 @@
 { config, lib, pkgs, ... }:
 
-# exemple utilisé pour commencer bird.nix
 let
   inherit (lib) mkEnableOption mkIf mkMerge mkOption singleton types;
   cfg = config.r6d.config-generator;
@@ -107,7 +106,7 @@ in
     (mkIf pfl.isHome {
       r6d.profiles.isDesktop = true;
     })
-    (mkIf pfl.isServer {
+    (mkIf (pfl.isServer && !comp.isMonstre) {
       r6d.config-generator = {
         #database_postgres = true;
         dns_autorite = true;
@@ -119,7 +118,7 @@ in
       };
     })
     # /!\ PAS un serveur
-    (mkIf (!pfl.isServer) {
+    (mkIf (!pfl.isServer || comp.isMonstre) {
       r6d.config-generator = {
         dns_resolveur = true;
       };
@@ -145,9 +144,6 @@ in
         print = true;
       };
     })
-    (mkIf (pfl.isDubronetwork && pfl.isServer) {
-      r6d.config-generator.nix-serve-server = true;
-    })
     (mkIf (pfl.isDubronetwork && pfl.isWorkstation) {
       r6d.config-generator = {
         conception-assistee = true;

desktop/activation-manuelle/xmonad/xmonad.nix

@@ -1,19 +1,21 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
+in
 
-in  mkIf cfg.xmonad {
-  # Paquets spécifiques pour xmonad
+mkIf cfg.xmonad {
 
-  environment.systemPackages = with pkgs;[
+  # Paquets
+  environment.systemPackages = with pkgs; [
     dmenu
     haskellPackages.xmobar
   ];
 
+  # Services
   services.xserver.windowManager.xmonad = {
     enable = true;
     enableContribAndExtras = true;

desktop/desktop.nix

@@ -13,6 +13,7 @@ in
     ./activation-manuelle/xmonad/xmonad.nix      # gestionnaire de fenêtres xmonad
   ];
 
+  # Paquets
   environment.systemPackages = with pkgs; mkIf profiles.isDesktop [
     # Environement de bureau
     arandr          # interface graphique pour xrandr
@@ -54,4 +55,6 @@ in
     clawsMail = pkgs.clawsMail.override { enablePluginFancy = true; };
     mumble = pkgs.mumble.override { pulseSupport = true; };
   };
+
+  security.setuidPrograms = [ "udevil" ];
 }

module-template.nix

@@ -1,11 +1,25 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
 in
 
 mkIf true {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+  ];
+
+  # Services
+
+  # Réseau
+  networking.firewall = {
+    allowedTCPPorts = [
+    ];
+    allowedUDPPorts = [
+    ];
+  };
 }

munin-www.sh

@@ -1,3 +0,0 @@
-#!/usr/bin/env bash
-
-pushd /var/www/munin/ && python -m SimpleHTTPServer 8000

public/app-adminsys.nix

@@ -1,14 +1,15 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
 in
 
-mkIf profiles.isDesktop {
+mkIf true {
 
+  # Paquets
   environment.systemPackages = with pkgs; [
     # Adminsys
     iotop
@@ -22,22 +23,30 @@ mkIf profiles.isDesktop {
     python27Packages.glances
     usbutils
 
-    # DNS
-    unbound
-
     # Compression
     lz4
     lzop
 
     # Système de fichier
-    curlftpfs
-    gparted
-    inotify-tools
-    nfs-utils
-    ntfs3g
-    sshfsFuse
+    ## Montage de filesystem
+    curlftpfs     # ftp
+    ntfs3g        # ntfs
+    sshfsFuse     # ssh
 
-    #
-    unetbootin    # création de clefs USB bootables
+    ## Gestion de FS
+    nfs-utils
+
+    ## Exploitation FS
+    inotify-tools # être notifié lorsque le contenu d'un répertoire change
+    duff           # outil de recherche de fichiers en doublons
+    rdfind        # recherche de fichiers doublons pour remplacement par hard/soft link
+
+    (mkIf profiles.isDesktop
+      ## Gestion de FS
+      gparted       # Gestion graphique de partitions
+    )
+    (mkIf profiles.isDesktop
+      unetbootin    # création de clefs USB bootables
+    )
   ];
 }

public/app-awesome.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;

public/app-bureautique.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,6 +9,7 @@ in
 
 mkIf profiles.isDesktop {
 
+  # Paquets
   environment.systemPackages = with pkgs; [
     # Bureautique
     aspell aspellDicts.fr
@@ -34,6 +35,7 @@ mkIf profiles.isDesktop {
     gnuplot       # générateur de graphes à partir de données numériques
     graphviz      # dot, neato : traçage de graphes (carré, rond)
     jekyll        # générateur statique de site web
+    odpdown       # conversion md -> presentation ODP : https://github.com/thorstenb/odpdown
     pandoc
     texLiveFull   # distribution LaTeX
     #texLive       # distribution LaTeX de base

public/app-cao.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,7 +9,8 @@ in
 
 mkIf cfg.conception-assistee {
 
-environment.systemPackages = with pkgs; [
+  # Paquets
+  environment.systemPackages = with pkgs; [
     # CAO
     ## Modélisation 3D
     freecad   # modélisation de pièces en 3D

public/app-cartographie.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,6 +9,7 @@ in
 
 mkIf cfg.cartographie {
 
+  # Paquets
   environment.systemPackages = with pkgs; [
     # Gestion de données géographiques
     expat         

public/app-client-internet.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,6 +9,7 @@ in
 
 mkIf profiles.isDesktop {
 
+# Paquets
 environment.systemPackages = with pkgs; [
     # Clients Internet
 

public/app-developpement.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,36 +9,40 @@ in
 
 mkIf cfg.developpement {
 
+  # Paquets
   environment.systemPackages = with pkgs; [
     # Base de données
-    pgadmin
-    sqlitebrowser
+    pgadmin             # interface d'administration de postgres
+    sqlitebrowser       # interface d'administration de sqlite
 
     # Développement
     cloc
-    idea.idea-community
-    gcc           # pour les appels depuis les scripts
+    idea.idea-community # IntelliJ IDEA
+    gcc                 # pour les appels depuis les scripts
 
     # Documentation
-    zeal
+    zeal                # consulter la documentation hors ligne
 
     ## Gestion des sources
-    # git       # déjà présent dans "base"
-    git-cola
+    # git               # déjà présent dans "base"
+    # gitg              # interface pour utiliser git (historique, commit)
+    gitstats            # génère un site web statique avec des statistiques
+    gitAndTools.gitFull # pour gitk
+    git-cola            # interface pour utiliser git (historique, commit)
     mercurial
     subversion
 
     ## Haskell
-    ghc
+    ghc                 # pour les appels depuis les scripts
     stack
 
     ## Rust
-    cargo       # récupération des dépendances + compilation projet rust
-    rustPlatform.rustc
+    cargo               # récupération des dépendances + compilation projet rust
+    rustPlatform.rustc  # pour les appels depuis les scripts
 
     ## Visualisation & outils de diff
-    gource
-    meld
-    vbindiff    # diff de fichier hexadecimaux avec vim
+    gource              # visualisation en mouvement de l'historique git
+    meld                # outil de comparaison graphique
+    vbindiff            # diff de fichier hexadecimaux avec vim
   ];
 }

public/app-docker.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,6 +9,7 @@ in
 
 mkIf cfg.docker {
 
+  # Paquets
   environment.systemPackages = with pkgs; [
     # Ecosystème Docker
     docker

public/app-edition-musique.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,7 +9,8 @@ in
 
 mkIf cfg.edition-musique {
 
-environment.systemPackages = with pkgs; [
+  # Paquets
+  environment.systemPackages = with pkgs; [
     #
     audacity      # montage audio
     easytag       # gestion des métadonnées des fichiers musicaux

public/app-edition-photo.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,6 +9,7 @@ in
 
 mkIf cfg.edition-photo {
 
+  # Paquets
 environment.systemPackages = with pkgs; [
     # Méta données
     exif

public/app-edition-video.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,7 +9,8 @@ in
 
 mkIf cfg.edition-video {
 
-environment.systemPackages = with pkgs; [
+  # Paquets
+  environment.systemPackages = with pkgs; [
     # Vidéo
     #cinelerra     # editeur video
     pitivi        # montage vidéo

public/app-jeux.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,6 +9,7 @@ in
 
 mkIf cfg.jeux {
 
+  # Paquets
   environment.systemPackages = with pkgs; [
     # Jeux
     urbanterror

public/app-multimedia.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,6 +9,7 @@ in
 
 mkIf profiles.isDesktop {
 
+  # Paquets
   environment.systemPackages = with pkgs; [
     # Multimedia
 

public/app-network.nix

@@ -9,6 +9,7 @@ in
 
 mkIf profiles.isDesktop {
 
+  # Paquets
   environment.systemPackages = with pkgs; [
     # Outils réseau
     iperf         # outil de mesure de la qualité du réseau
@@ -23,7 +24,11 @@ mkIf profiles.isDesktop {
   ];
 
   networking.firewall = {
-    allowedTCPPorts = [5201]; # iperf
-    allowedUDPPorts = [5201]; # iperf
+    allowedTCPPorts = [
+      5201 # iperf
+    ];
+    allowedUDPPorts = [
+      5201 # iperf
+    ];
   };
 }

public/app-securite.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,6 +9,7 @@ in
 
 mkIf profiles.isDesktop {
 
+  # Paquets
   environment.systemPackages = with pkgs; [
     # Securité
     gnome3.seahorse # gestionnaire graphique de clef GPG
@@ -17,4 +18,5 @@ mkIf profiles.isDesktop {
     slock           # vérouiller l''écran. "cannot disable the out-of-memory killer for this process (make sure to suid or sgid slock)" --> en root
     yubikey-personalization-gui # utilisation de la clef Yubikey
   ];
+  security.setuidPrograms = [ "slock" ];
 }

public/app-virtualbox.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,10 +9,19 @@ in
 
 mkIf cfg.virtualbox {
 
+  # Paquets
   environment.systemPackages = with pkgs; [
     linuxPackages.virtualbox
     linuxPackages.virtualboxGuestAdditions
   ];
 
+  # À décommenter pour activer le pack d'extension
+  #boot.kernelPackages = pkgs.linuxPackages // {
+  #  virtualbox = pkgs.linuxPackages.virtualbox.override {
+  #    enableExtensionPack = true;
+  #    pulseSupport = true;
+  #  };
+  #};
+
   virtualisation.virtualbox.host.enable = true;
 }

public/auto-upgrade.nix

@@ -1,13 +1,14 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
 in
 
 mkIf cfg.auto-upgrade {
+
   # Automatic update & automatic clean
 
   system.autoUpgrade.enable = true;

public/environment.nix

@@ -1,4 +1,11 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
 
 {
   # Nombre de process d'installation en parrallèle effectués par Nix
@@ -10,8 +17,7 @@
   # On autorise les paquets non-libres
   nixpkgs.config.allowUnfree = true;
 
-  # List packages installed in system profile. To search by name, run:
-  # $ nix-env -qaP | grep wget
+  # Paquets
   environment = {
     systemPackages = with pkgs; [
       bind          # utilisé pour les utilitaires comme dig
@@ -43,6 +49,7 @@
     ];
     shellAliases = {
       byobu = "byobu-tmux";
+      jacques-a-dit = "sudo";
       tree = "tree -C";
       tree1 = "tree -d -L 1";
       tree2 = "tree -d -L 2";
@@ -52,6 +59,10 @@
     };
     etc.gitconfig.text = builtins.readFile ./gitconfig;
   };
+  # programmes qui n'ont pas besoin de sudo pour fonctionner
+  security.setuidPrograms = [
+    "mtr"
+  ];
   programs.bash = {
     enableCompletion = true;
     promptInit = builtins.readFile ./bash-prompt.sh;

public/laptop.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -19,6 +19,7 @@ mkIf cfg.laptop {
 
   hardware.bluetooth.enable = true;
 
+  # Paquets
   environment.systemPackages = with pkgs; [
     networkmanagerapplet
   ];

public/localisation.nix

@@ -1,6 +1,14 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf true {
 
-{
   # Select internationalisation properties.
   i18n = {
     consoleFont = "Lat2-Terminus16";

public/network-ipv6.nix

@@ -1,6 +1,14 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf true {
 
-{
   # Utilisation d'adresse IPv6 temporaire
   
   ## https://blog.linitx.com/control-privacy-addressing-ipv6-linux/

public/print.nix

@@ -1,14 +1,16 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
 in
 
 mkIf cfg.print {
-  # Enable CUPS to print documents.
+
+  # Services
+  ## Enable CUPS to print documents.
   services.printing = {
     enable = true;
     drivers = [

public/public.nix

@@ -1,4 +1,11 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  #inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
 
 {
   imports = [
@@ -6,6 +13,7 @@
     ./environment.nix
     ./localisation.nix
     #./network-ipv6.nix
+    ./sudo.nix
     ./service-haveged.nix
     ./service-monitoring.nix
     ./service-ssh.nix

public/service-haveged.nix

@@ -1,7 +1,16 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
-{
-  # Sécurité & Acces distant
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf true {
+
+  # Sécurité & Accès distant
+  # Services
 
   ## Augmentation de l'entropie du système par un générateur de nombres aléatoires
   ## cat /proc/sys/kernel/random/entropy_avail

public/service-laptop.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -11,6 +11,7 @@ mkIf cfg.laptop {
 
   # Gestion spécifique pour PC portable
 
+  # Services
   services.xserver.synaptics = {
     enable = true;
     twoFingerScroll = true;

public/service-locate.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,6 +9,7 @@ in
 
 mkIf cfg.locate {
 
+  # Services
   services.locate = {
     enable = true;
     interval = "hourly";

public/service-monitoring.nix

@@ -1,14 +1,27 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
-{
-  # Monitoring
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
 
-  # Noeud de supervision munin = pas de stockage des données locales
+mkIf true {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    mailutils
+  ];
+
+  # Services
+
+  ## Noeud de supervision munin = pas de stockage des données locales
   services.munin-node = {
     enable = true;
   };
 
-  # Munin server -- generate /var/www/munin
+  ## Munin server -- generate /var/www/munin
   services.munin-cron = {
     enable = true;
     hosts = ''
@@ -20,12 +33,12 @@
     '';
   };
 
-  networking.firewall.allowedTCPPorts = [
-    # TODO configurer les bon ports lors de l'ouverture du service
-    8000
-  ];
-
-   ## Documentation
-   # * https://nixos.org/wiki/Create_and_debug_nix_packages
-   # * http://chriswarbo.net/essays/nixos/developing_on_nixos.html
+  # Réseau
+  networking.firewall = {
+    allowedTCPPorts = [
+      8000
+    ];
+    allowedUDPPorts = [
+    ];
+  };
 }

public/service-pulseaudio.nix

@@ -1,15 +1,16 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
 let
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
-  mkIf = pkgs.lib.mkIf;
 in
 
-{
+mkIf profiles.isDesktop {
+
   # Pulse Audio
-  hardware.pulseaudio = mkIf profiles.isDesktop {
+  hardware.pulseaudio = {
     enable = true;
     support32Bit = true;
   };

public/service-ssh.nix

@@ -1,7 +1,16 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
-{
-  # OpenSSH daemon
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf true {
+
+  # Services
+  ## OpenSSH daemon
   services.openssh = {
     enable = true;
     # https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29

public/service-x11.nix

@@ -1,15 +1,17 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
 let
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
-  mkIf = pkgs.lib.mkIf;
 in
 
-{
+mkIf profiles.isDesktop {
+
+  # Services
   # Enable the X11 windowing system.
-  services.xserver = mkIf profiles.isDesktop {
+  services.xserver = {
     enable = true;
     layout = "fr";
     xkbOptions = "eurosign:e";

public/sudo.nix

@@ -0,0 +1,18 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf true {
+
+  # Authorisation de certaines applications par sudo sans mot de passe
+
+  security.sudo.extraConfig = ''
+  %users ALL = NOPASSWD: ${pkgs.mtr}/bin/mtr
+  %users ALL = NOPASSWD: ${pkgs.slock}/bin/slock
+  '';
+}

public/swap.nix

@@ -1,13 +1,14 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
 in
 
 mkIf cfg.swap {
+
   # Gestion du swap
   
   # https://en.wikipedia.org/wiki/Swappiness