désactivation de sudo sans mot de passe

Makefile

@@ -15,6 +15,9 @@ clean-log:
 
 full-auto: submodules-update upgrade clean optimise
 
+munin:
+	pushd /var/www/munin/ ; python -m SimpleHTTPServer 8000
+
 optimise:
 	nix-store --optimise
 
@@ -40,6 +43,9 @@ submodules-push:
 submodules-tag:
 	git submodule foreach git tag -f "$$(date +%F)-$$(hostname -s)"
 
+template:
+	find . -name "*.nix" -exec meld /etc/nixos/base/module-template.nix {} \;
+
 tag: submodules-tag
 	git tag -f "$$(date +%F)-$$(hostname -s)"
 

base.nix

@@ -1,4 +1,11 @@
-{ ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  #inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
 
 {
   imports = [

base/activation-manuelle/nix-serve-client.nix

@@ -1,20 +1,21 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf mkMerge;
-  profiles = config.r6d.profiles;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
 in
 
 mkIf cfg.nix-serve-client {
+
   nix = {
     # Cache http pour le store
     requireSignedBinaryCaches = false;
     binaryCaches =  [
-      "https://cache.nixos.org/"
+      (mkIf (profiles.isDubronetwork && (! computers.isPedro) && (! computers.isRollo)) "http://nix-cache.dubronetwork.fr:5001")
 
-      (mkIf (profiles.isDubronetwork && (! computers.isRollo)) "http://nix-cache.dubronetwork.fr:5001")
+      (mkIf profiles.isPrunetwork "https://cache.nixos.org/")
       (mkIf (profiles.isPrunetwork && !profiles.isServer) "http://192.168.1.20:5000")
     ];
     extraOptions = ''

base/activation-manuelle/nix-serve-server.nix

@@ -1,12 +1,27 @@
-{ config, pkgs, ... }:
-
-with pkgs.lib;
+{ config, lib, pkgs, ... }:
 
 let
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
-in {
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf cfg.nix-serve-server {
+
   # Cache http pour le store
 
-  services.nix-serve.enable = cfg.nix-serve-server;
-  networking.firewall.allowedTCPPorts = mkIf cfg.nix-serve-server [ 5000 ];
+  # Services
+  services.nix-serve = {
+    enable = true;
+  };
+
+  # Réseau
+  networking.firewall = {
+    allowedTCPPorts = [
+      5000
+    ];
+    allowedUDPPorts = [
+    ];
+  };
 }

base/activation-manuelle/service-fail2ban.nix

@@ -1,17 +1,20 @@
-{ config, pkgs, ... }:
-
-with pkgs.lib;
+{ config, lib, pkgs, ... }:
 
 let
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
 
   ignoreip = "pedro.dubronetwork.fr cube.dubronetwork.fr voyage.prunetwork.fr xray.prunetwork.fr 192.168.0.0/16 172.16.0.0/16";
   destemail = "admins@dubronetwork.fr";
+in
+
+mkIf cfg.fail2ban {
 
-in {
   # Gestion de fail2ban
-  
-  services = mkIf cfg.fail2ban {
+  # Services
+  services = {
     fail2ban = {
       enable = true;
       jails = {

base/base.nix

@@ -1,4 +1,11 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  #inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
 
 {
   imports = [

base/network-dns.nix

@@ -1,6 +1,14 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf true {
 
-{
   # Définition des domaines utilisés lorsque un identifiant non-FQDN est donné (ping, nslookup)
   networking = {
     search = [

config-generator.nix

@@ -1,6 +1,5 @@
 { config, lib, pkgs, ... }:
 
-# exemple utilisé pour commencer bird.nix
 let
   inherit (lib) mkEnableOption mkIf mkMerge mkOption singleton types;
   cfg = config.r6d.config-generator;
@@ -66,6 +65,7 @@ in
         isNeoNomade     = mkEnableOption "Identification du nom de machine.";
         isNomade        = mkEnableOption "Identification du nom de machine.";
         isOcean         = mkEnableOption "Identification du nom de machine.";
+        isPedro         = mkEnableOption "Identification du nom de machine.";
         isPhenom        = mkEnableOption "Identification du nom de machine.";
         isRadx          = mkEnableOption "Identification du nom de machine.";
         isRollo         = mkEnableOption "Identification du nom de machine.";
@@ -86,6 +86,7 @@ in
         isNeoNomade = host == "neo-nomade.dubronetwork.fr";
         isNomade    = host == "nomade.dubronetwork.fr";
         isOcean     = host == "ocean.prunetwork.fr";
+        isPedro     = host == "pedro.dubronetwork.fr";
         isPhenom    = host == "phenom.dubronetwork.fr";
         isRadx      = host == "radx.prunetwork.fr";
         isRollo     = host == "rollo.dubronetwork.fr";
@@ -143,9 +144,6 @@ in
         print = true;
       };
     })
-    (mkIf (pfl.isDubronetwork && pfl.isServer) {
-      r6d.config-generator.nix-serve-server = true;
-    })
     (mkIf (pfl.isDubronetwork && pfl.isWorkstation) {
       r6d.config-generator = {
         conception-assistee = true;
@@ -233,6 +231,17 @@ in
         laptop = true;
       };
     })
+    (mkIf comp.isPedro {
+      r6d.profiles = {
+        isDubronetwork = true;
+        isServer = true;
+      };
+
+      r6d.config-generator = {
+        fail2ban = true;
+        online-ipv6 = true;
+      };
+    })
     (mkIf comp.isPhenom {
       r6d.profiles = {
         isDubronetwork = true;

desktop/activation-manuelle/xmonad/xmonad.nix

@@ -1,19 +1,21 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
+in
 
-in  mkIf cfg.xmonad {
-  # Paquets spécifiques pour xmonad
+mkIf cfg.xmonad {
 
-  environment.systemPackages = with pkgs;[
+  # Paquets
+  environment.systemPackages = with pkgs; [
     dmenu
     haskellPackages.xmobar
   ];
 
+  # Services
   services.xserver.windowManager.xmonad = {
     enable = true;
     enableContribAndExtras = true;

desktop/desktop.nix

@@ -13,6 +13,7 @@ in
     ./activation-manuelle/xmonad/xmonad.nix      # gestionnaire de fenêtres xmonad
   ];
 
+  # Paquets
   environment.systemPackages = with pkgs; mkIf profiles.isDesktop [
     # Environement de bureau
     arandr          # interface graphique pour xrandr

module-template.nix

@@ -1,11 +1,25 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
 in
 
 mkIf true {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+  ];
+
+  # Services
+
+  # Réseau
+  networking.firewall = {
+    allowedTCPPorts = [
+    ];
+    allowedUDPPorts = [
+    ];
+  };
 }

munin-www.sh

@@ -1,3 +0,0 @@
-#!/usr/bin/env bash
-
-pushd /var/www/munin/ && python -m SimpleHTTPServer 8000

public/app-adminsys.nix

@@ -1,14 +1,15 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
 in
 
-mkIf profiles.isDesktop {
+mkIf true {
 
+  # Paquets
   environment.systemPackages = with pkgs; [
     # Adminsys
     iotop
@@ -22,20 +23,29 @@ mkIf profiles.isDesktop {
     python27Packages.glances
     usbutils
 
-    # DNS
-    unbound
-
     # Compression
     lz4
     lzop
 
     # Système de fichier
-    curlftpfs
-    gparted
-    inotify-tools
+    ## Montage de filesystem
+    curlftpfs     # ftp
+    ntfs3g        # ntfs
+    sshfsFuse     # ssh
+
+    ## Gestion de FS
     nfs-utils
-    ntfs3g
-    sshfsFuse
+
+    ## Exploitation FS
+    inotify-tools # être notifié lorsque le contenu d'un répertoire change
+    rdfind        # recherche de fichiers doublons pour remplacement par hard/soft link
+  ];
+} // mkIf profiles.isDesktop {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+    ## Gestion de FS
+    gparted       # Gestion graphique de partitions
 
     #
     unetbootin    # création de clefs USB bootables

public/app-awesome.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;

public/app-bureautique.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,6 +9,7 @@ in
 
 mkIf profiles.isDesktop {
 
+  # Paquets
   environment.systemPackages = with pkgs; [
     # Bureautique
     aspell aspellDicts.fr

public/app-cao.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,7 +9,8 @@ in
 
 mkIf cfg.conception-assistee {
 
-environment.systemPackages = with pkgs; [
+  # Paquets
+  environment.systemPackages = with pkgs; [
     # CAO
     ## Modélisation 3D
     freecad   # modélisation de pièces en 3D

public/app-cartographie.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,6 +9,7 @@ in
 
 mkIf cfg.cartographie {
 
+  # Paquets
   environment.systemPackages = with pkgs; [
     # Gestion de données géographiques
     expat         

public/app-client-internet.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,6 +9,7 @@ in
 
 mkIf profiles.isDesktop {
 
+# Paquets
 environment.systemPackages = with pkgs; [
     # Clients Internet
 

public/app-developpement.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,6 +9,7 @@ in
 
 mkIf cfg.developpement {
 
+  # Paquets
   environment.systemPackages = with pkgs; [
     # Base de données
     pgadmin

public/app-docker.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,6 +9,7 @@ in
 
 mkIf cfg.docker {
 
+  # Paquets
   environment.systemPackages = with pkgs; [
     # Ecosystème Docker
     docker

public/app-edition-musique.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,7 +9,8 @@ in
 
 mkIf cfg.edition-musique {
 
-environment.systemPackages = with pkgs; [
+  # Paquets
+  environment.systemPackages = with pkgs; [
     #
     audacity      # montage audio
     easytag       # gestion des métadonnées des fichiers musicaux

public/app-edition-photo.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,6 +9,7 @@ in
 
 mkIf cfg.edition-photo {
 
+  # Paquets
 environment.systemPackages = with pkgs; [
     # Méta données
     exif

public/app-edition-video.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,7 +9,8 @@ in
 
 mkIf cfg.edition-video {
 
-environment.systemPackages = with pkgs; [
+  # Paquets
+  environment.systemPackages = with pkgs; [
     # Vidéo
     #cinelerra     # editeur video
     pitivi        # montage vidéo

public/app-jeux.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,6 +9,7 @@ in
 
 mkIf cfg.jeux {
 
+  # Paquets
   environment.systemPackages = with pkgs; [
     # Jeux
     urbanterror

public/app-multimedia.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,6 +9,7 @@ in
 
 mkIf profiles.isDesktop {
 
+  # Paquets
   environment.systemPackages = with pkgs; [
     # Multimedia
 

public/app-network.nix

@@ -9,6 +9,7 @@ in
 
 mkIf profiles.isDesktop {
 
+  # Paquets
   environment.systemPackages = with pkgs; [
     # Outils réseau
     iperf         # outil de mesure de la qualité du réseau
@@ -23,7 +24,11 @@ mkIf profiles.isDesktop {
   ];
 
   networking.firewall = {
-    allowedTCPPorts = [5201]; # iperf
-    allowedUDPPorts = [5201]; # iperf
+    allowedTCPPorts = [
+      5201 # iperf
+    ];
+    allowedUDPPorts = [
+      5201 # iperf
+    ];
   };
 }

public/app-securite.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,6 +9,7 @@ in
 
 mkIf profiles.isDesktop {
 
+  # Paquets
   environment.systemPackages = with pkgs; [
     # Securité
     gnome3.seahorse # gestionnaire graphique de clef GPG

public/app-virtualbox.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,6 +9,7 @@ in
 
 mkIf cfg.virtualbox {
 
+  # Paquets
   environment.systemPackages = with pkgs; [
     linuxPackages.virtualbox
     linuxPackages.virtualboxGuestAdditions

public/auto-upgrade.nix

@@ -1,13 +1,14 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
 in
 
 mkIf cfg.auto-upgrade {
+
   # Automatic update & automatic clean
 
   system.autoUpgrade.enable = true;

public/environment.nix

@@ -1,4 +1,11 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
 
 {
   # Nombre de process d'installation en parrallèle effectués par Nix
@@ -10,8 +17,7 @@
   # On autorise les paquets non-libres
   nixpkgs.config.allowUnfree = true;
 
-  # List packages installed in system profile. To search by name, run:
-  # $ nix-env -qaP | grep wget
+  # Paquets
   environment = {
     systemPackages = with pkgs; [
       bind          # utilisé pour les utilitaires comme dig

public/laptop.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -19,6 +19,7 @@ mkIf cfg.laptop {
 
   hardware.bluetooth.enable = true;
 
+  # Paquets
   environment.systemPackages = with pkgs; [
     networkmanagerapplet
   ];

public/localisation.nix

@@ -1,6 +1,14 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf true {
 
-{
   # Select internationalisation properties.
   i18n = {
     consoleFont = "Lat2-Terminus16";

public/network-ipv6.nix

@@ -1,6 +1,14 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf true {
 
-{
   # Utilisation d'adresse IPv6 temporaire
   
   ## https://blog.linitx.com/control-privacy-addressing-ipv6-linux/

public/print.nix

@@ -1,14 +1,16 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
 in
 
 mkIf cfg.print {
-  # Enable CUPS to print documents.
+
+  # Services
+  ## Enable CUPS to print documents.
   services.printing = {
     enable = true;
     drivers = [

public/public.nix

@@ -1,4 +1,11 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  #inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
 
 {
   imports = [

public/service-haveged.nix

@@ -1,7 +1,16 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
-{
-  # Sécurité & Acces distant
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf true {
+
+  # Sécurité & Accès distant
+  # Services
 
   ## Augmentation de l'entropie du système par un générateur de nombres aléatoires
   ## cat /proc/sys/kernel/random/entropy_avail

public/service-laptop.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -11,6 +11,7 @@ mkIf cfg.laptop {
 
   # Gestion spécifique pour PC portable
 
+  # Services
   services.xserver.synaptics = {
     enable = true;
     twoFingerScroll = true;

public/service-locate.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
@@ -9,6 +9,7 @@ in
 
 mkIf cfg.locate {
 
+  # Services
   services.locate = {
     enable = true;
     interval = "hourly";

public/service-monitoring.nix

@@ -1,14 +1,22 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
-{
-  # Monitoring
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
 
-  # Noeud de supervision munin = pas de stockage des données locales
+mkIf true {
+
+  # Services
+
+  ## Noeud de supervision munin = pas de stockage des données locales
   services.munin-node = {
     enable = true;
   };
 
-  # Munin server -- generate /var/www/munin
+  ## Munin server -- generate /var/www/munin
   services.munin-cron = {
     enable = true;
     hosts = ''
@@ -20,12 +28,12 @@
     '';
   };
 
-  networking.firewall.allowedTCPPorts = [
-    # TODO configurer les bon ports lors de l'ouverture du service
-    8000
-  ];
-
-   ## Documentation
-   # * https://nixos.org/wiki/Create_and_debug_nix_packages
-   # * http://chriswarbo.net/essays/nixos/developing_on_nixos.html
+  # Réseau
+  networking.firewall = {
+    allowedTCPPorts = [
+      8000
+    ];
+    allowedUDPPorts = [
+    ];
+  };
 }

public/service-pulseaudio.nix

@@ -1,15 +1,16 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
 let
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
-  mkIf = pkgs.lib.mkIf;
 in
 
-{
+mkIf profiles.isDesktop {
+
   # Pulse Audio
-  hardware.pulseaudio = mkIf profiles.isDesktop {
+  hardware.pulseaudio = {
     enable = true;
     support32Bit = true;
   };

public/service-ssh.nix

@@ -1,7 +1,16 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
-{
-  # OpenSSH daemon
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf true {
+
+  # Services
+  ## OpenSSH daemon
   services.openssh = {
     enable = true;
     # https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29

public/service-x11.nix

@@ -1,15 +1,17 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
 let
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
-  mkIf = pkgs.lib.mkIf;
 in
 
-{
+mkIf profiles.isDesktop {
+
+  # Services
   # Enable the X11 windowing system.
-  services.xserver = mkIf profiles.isDesktop {
+  services.xserver = {
     enable = true;
     layout = "fr";
     xkbOptions = "eurosign:e";

public/swap.nix

@@ -1,13 +1,14 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkIf mkMerge mkThenElse;
   cfg = config.r6d.config-generator;
   computers = config.r6d.computers;
   profiles = config.r6d.profiles;
 in
 
 mkIf cfg.swap {
+
   # Gestion du swap
   
   # https://en.wikipedia.org/wiki/Swappiness