Compare commits
22 Commits
2016-11-02
...
2016-12-01
| Author | SHA1 | Date | |
|---|---|---|---|
| 5f089977a2 | |||
|
83aa5af2fc | ||
| 79d97ca438 | |||
| 04869f63f7 | |||
| be47e7c285 | |||
| a2ee566f15 | |||
| b51c69d330 | |||
| a75b126b5a | |||
|
|
eabe0db746 | ||
| b2e44a7b75 | |||
| 59982b296b | |||
| 4b35c7c20a | |||
| c0509692b4 | |||
| 772ce45d5e | |||
|
f38a182c4d | ||
| 4bb890da7a | |||
| ec24734b05 | |||
| ac8e92cfce | |||
|
|
5ad9c73c03 | ||
|
|
faa4be782a | ||
|
|
ec4aa5ac32 | ||
| 7806cd3ad6 |
13
Makefile
13
Makefile
@@ -1,3 +1,5 @@
|
||||
GSF=git submodule foreach
|
||||
|
||||
all: rebuild-switch
|
||||
date
|
||||
##--------- Commandes spécifiques pour NixOS
|
||||
@@ -37,15 +39,16 @@ push: submodules-push
|
||||
|
||||
submodules-update:
|
||||
#git submodule update --remote
|
||||
git submodule foreach git co master
|
||||
git submodule foreach git ff
|
||||
$(GSF) git co master
|
||||
$(GSF) git ff
|
||||
$(GSF) git gc --auto
|
||||
|
||||
submodules-push:
|
||||
git submodule foreach git push --all
|
||||
git submodule foreach git push --tags
|
||||
$(GSF) git push --all
|
||||
$(GSF) git push --tags
|
||||
|
||||
submodules-tag:
|
||||
git submodule foreach git tag -f "$$(date +%F)-$$(hostname -s)"
|
||||
$(GSF) git tag -f "$$(date +%F)-$$(hostname -s)"
|
||||
|
||||
template:
|
||||
find . -name "*.nix" -exec meld /etc/nixos/base/module-template.nix {} \;
|
||||
|
||||
@@ -32,9 +32,12 @@ in {
|
||||
isNormalUser = true;
|
||||
description = "Jean-Pierre PRUNARET";
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"docker"
|
||||
"plugdev"
|
||||
"scanner"
|
||||
"vbox"
|
||||
"vboxusers"
|
||||
"wheel"
|
||||
];
|
||||
useDefaultShell = true;
|
||||
@@ -53,6 +56,9 @@ in {
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"docker"
|
||||
"plugdev"
|
||||
"scanner"
|
||||
"vbox"
|
||||
"vboxusers"
|
||||
"wheel"
|
||||
];
|
||||
@@ -71,6 +77,7 @@ in {
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"scanner"
|
||||
];
|
||||
hashedPassword = "$6$vcZSVwQFcGg1xt$xuMiCmlozhgyFFGEw3rRnIrhVcglMlWY1lfJG17QoKE4KzrQfc9YAaJYgf.clc3ouFC/yLtEs18Q0DVGixTEt0";
|
||||
};
|
||||
|
||||
@@ -58,6 +58,7 @@ in
|
||||
print = mkEnableOption "Profil pour activer cups & pouvoir imprimer.";
|
||||
rabbitmq = mkEnableOption "Profil pour activer le service de messagerie AMQP.";
|
||||
radicale = mkEnableOption "Profil pour activer le service d'hébergement de calendrier + tâches & contacts.";
|
||||
scanner = mkEnableOption "Profil pour que les scanners soient utilisable.";
|
||||
swap = mkEnableOption "Profil pour que le swap soit activé.";
|
||||
virtualbox = mkEnableOption "Profil pour l'utilisation de VirtualBox.";
|
||||
xmonad = mkEnableOption "Profil pour activer le gestionnaire de fenêtres xmonad.";
|
||||
@@ -122,6 +123,7 @@ in
|
||||
r6d.config-generator = {
|
||||
awesome = true;
|
||||
nix-serve-client = true;
|
||||
scanner = true;
|
||||
};
|
||||
})
|
||||
(mkIf pfl.isHome {
|
||||
@@ -193,6 +195,10 @@ in
|
||||
r6d.config-generator = {
|
||||
docker = true;
|
||||
radicale = true;
|
||||
tincAddress = "192.168.12.6/24";
|
||||
tincExtraConfig = ''
|
||||
ConnectTo = rollo_dubronetwork_fr
|
||||
'';
|
||||
};
|
||||
})
|
||||
(mkIf comp.isRadx {
|
||||
@@ -208,6 +214,13 @@ in
|
||||
hydra-core = true;
|
||||
kibana = true;
|
||||
print = true;
|
||||
rabbitmq = true;
|
||||
tincAddress = "192.168.12.3/24";
|
||||
tincExtraConfig = ''
|
||||
ConnectTo = monstre_dubronetwork_fr
|
||||
ConnectTo = rollo_dubronetwork_fr
|
||||
ConnectTo = ocean_prunetwork_fr
|
||||
'';
|
||||
virtualbox = true;
|
||||
};
|
||||
})
|
||||
@@ -228,7 +241,11 @@ in
|
||||
r6d.config-generator = {
|
||||
laptop = true;
|
||||
tincAddress = "192.168.12.2/24";
|
||||
tincExtraConfig = "ConnectTo = phenom_dubronetwork_fr";
|
||||
tincExtraConfig = ''
|
||||
ConnectTo = monstre_dubronetwork_fr
|
||||
ConnectTo = rollo_dubronetwork_fr
|
||||
ConnectTo = ocean_prunetwork_fr
|
||||
'';
|
||||
};
|
||||
})
|
||||
(mkIf comp.isMonstre {
|
||||
@@ -241,6 +258,11 @@ in
|
||||
fail2ban = true;
|
||||
nix-serve-client = true;
|
||||
nixStoreProxyCache = true;
|
||||
tincAddress = "192.168.12.4/24";
|
||||
tincExtraConfig = ''
|
||||
ConnectTo = rollo_dubronetwork_fr
|
||||
ConnectTo = ocean_prunetwork_fr
|
||||
'';
|
||||
};
|
||||
})
|
||||
(mkIf comp.isNeoNomade{
|
||||
@@ -251,6 +273,12 @@ in
|
||||
|
||||
r6d.config-generator = {
|
||||
laptop = true;
|
||||
tincAddress = "192.168.12.7/24";
|
||||
tincExtraConfig = ''
|
||||
ConnectTo = monstre_dubronetwork_fr
|
||||
ConnectTo = rollo_dubronetwork_fr
|
||||
ConnectTo = ocean_prunetwork_fr
|
||||
'';
|
||||
};
|
||||
})
|
||||
(mkIf comp.isNomade{
|
||||
@@ -280,9 +308,13 @@ in
|
||||
|
||||
r6d.config-generator = {
|
||||
nix-serve-server = true;
|
||||
laptop = true;
|
||||
edition-photo = true;
|
||||
tincAddress = "192.168.12.1/24";
|
||||
tincExtraConfig = ''
|
||||
ConnectTo = monstre_dubronetwork_fr
|
||||
ConnectTo = rollo_dubronetwork_fr
|
||||
ConnectTo = ocean_prunetwork_fr
|
||||
'';
|
||||
};
|
||||
})
|
||||
(mkIf comp.isRollo {
|
||||
@@ -297,6 +329,10 @@ in
|
||||
mailboxes = true;
|
||||
murmur = true;
|
||||
online-ipv6 = true;
|
||||
tincAddress = "192.168.12.5/24";
|
||||
tincExtraConfig = ''
|
||||
ConnectTo = ocean_prunetwork_fr
|
||||
'';
|
||||
znc = true;
|
||||
};
|
||||
})
|
||||
|
||||
@@ -21,6 +21,7 @@ mkIf profiles.isDesktop {
|
||||
|
||||
## Editeur de texte
|
||||
lyx # surcouche WISIWIM à LaTeX
|
||||
focuswriter # outil pour l'écriture
|
||||
textadept # un éditeur de texte facile pour copier-coller graphique
|
||||
zim # outil de prise de notes, wiki de bureau
|
||||
|
||||
|
||||
@@ -19,6 +19,7 @@ mkIf cfg.developpement {
|
||||
cloc
|
||||
idea.idea-community # IntelliJ IDEA
|
||||
gcc # pour les appels depuis les scripts
|
||||
maven
|
||||
|
||||
# Documentation
|
||||
zeal # consulter la documentation hors ligne
|
||||
|
||||
@@ -37,6 +37,7 @@ in
|
||||
gnupg # GPG
|
||||
gpm # prise en charge de la souris en console
|
||||
htop # monitoring
|
||||
lsb-release # pour les scripts qui utilisent cet outil
|
||||
#libressl # librairie pour faire du TLS et les algorithmes de crypto par OpenBSD
|
||||
ncdu # outil pour voir l'espace utilisé
|
||||
nmap # outil de scan de port réseau
|
||||
|
||||
27
public/hardware-scanner.nix
Normal file
27
public/hardware-scanner.nix
Normal file
@@ -0,0 +1,27 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (lib) mkIf mkMerge mkThenElse;
|
||||
cfg = config.r6d.config-generator;
|
||||
computers = config.r6d.computers;
|
||||
profiles = config.r6d.profiles;
|
||||
in
|
||||
|
||||
mkIf cfg.scanner {
|
||||
|
||||
# Paquets
|
||||
environment.systemPackages = with pkgs; [
|
||||
simple-scan
|
||||
];
|
||||
|
||||
# Services
|
||||
hardware.sane.enable = true;
|
||||
|
||||
# Réseau
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
];
|
||||
};
|
||||
}
|
||||
@@ -22,5 +22,8 @@ mkIf true {
|
||||
"net.ipv6.conf.default.temp_prefered_lft" = 3600; # 1 heure
|
||||
"net.ipv6.conf.default.temp_valid_lft" = 3600; # 1 heure
|
||||
"net.ipv6.conf.default.use_tempaddr" = 2; # activé
|
||||
};
|
||||
|
||||
"net.ipv6.conf.all.forwarding" = true;
|
||||
"net.ipv6.conf.default.forwarding" = true;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -15,4 +15,9 @@ mkIf true {
|
||||
networking.extraHosts = ''
|
||||
127.0.0.1 ${config.networking.hostName}
|
||||
'';
|
||||
|
||||
boot.kernel.sysctl = {
|
||||
"net.ipv4.conf.all.forwarding" = true;
|
||||
"net.ipv4.conf.default.forwarding" = true;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -18,6 +18,7 @@ in
|
||||
./service-haveged.nix
|
||||
./service-monitoring.nix
|
||||
./service-ssh.nix
|
||||
./udev.nix
|
||||
|
||||
# commandées par config-generator
|
||||
## option de configuration spécifique
|
||||
@@ -49,6 +50,7 @@ in
|
||||
./app-multimedia.nix # pour gérer le son, l'image et la vidéo
|
||||
./app-network.nix # de gestion, de diagnostique & surveillance réseau
|
||||
./app-securite.nix # relatives à la sécurité (chiffrement, gpg, mots de passe, ...)
|
||||
./hardware-scanner.nix # utilisation d'un scanner
|
||||
./service-pulseaudio.nix # activation du serveur audio
|
||||
./service-x11.nix # activation du serveur graphique X
|
||||
];
|
||||
|
||||
@@ -11,19 +11,32 @@ mkIf cfg.hydra-builder {
|
||||
|
||||
# Paquets
|
||||
environment.systemPackages = with pkgs; [
|
||||
qemu
|
||||
kvm
|
||||
];
|
||||
|
||||
# Services
|
||||
|
||||
|
||||
## Services de virtualisation utilisé pour les tests hydra
|
||||
virtualisation.docker.enable = true;
|
||||
virtualisation.libvirtd.enable = true;
|
||||
virtualisation.libvirtd.enableKVM = true;
|
||||
#virtualisation.virtualbox.guest.enable = true;
|
||||
virtualisation.virtualbox.host.enable = true;
|
||||
virtualisation.virtualbox.host.headless = true;
|
||||
|
||||
## Ménage automatique tous les jours
|
||||
nix.gc.automatic = true;
|
||||
|
||||
users.users."hydrabld" = {
|
||||
description = "Execution des jobs hydra";
|
||||
group = "nixbld";
|
||||
extraGroups = [ "nixbld" ];
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
"docker"
|
||||
"nixbld"
|
||||
"vboxusers"
|
||||
];
|
||||
isNormalUser = true; # devrait être à false: TODO débugger la conf ssh & users pour que ça marche en user système
|
||||
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYpjcWJCf8dXpv2LmoIaNVbwZXEC50QUU6Az+lqeD89 hydra radx"
|
||||
|
||||
18
public/udev.nix
Normal file
18
public/udev.nix
Normal file
@@ -0,0 +1,18 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (lib) mkIf mkMerge mkThenElse;
|
||||
cfg = config.r6d.config-generator;
|
||||
computers = config.r6d.computers;
|
||||
profiles = config.r6d.profiles;
|
||||
in
|
||||
|
||||
{
|
||||
# Définition du IO Scheduler pour les SSD
|
||||
services.udev.extraRules = ''
|
||||
# set deadline scheduler for non-rotating disks
|
||||
# according to https://wiki.debian.org/SSDOptimization, deadline is preferred over noop
|
||||
ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="deadline"
|
||||
'';
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user