Compare commits
38 Commits
d7844c641c
...
2016-06-28
| Author | SHA1 | Date | |
|---|---|---|---|
| d4417b922a | |||
| c4a3515aa0 | |||
| 8d464837ec | |||
| e486a82be2 | |||
| eeae177744 | |||
| 22bd42f61f | |||
| 092b4a8b44 | |||
| 5c0c2fa2ec | |||
| d71f1b7f57 | |||
| cc1d6f5859 | |||
|
2cd5f1c03e | ||
|
|
48f45f76aa | ||
|
a228a0e52c | ||
|
|
2cf7a7a7ee | ||
|
|
54382e757c | ||
|
|
a91f81a650 | ||
|
|
c5eeaae443 | ||
|
|
71807d038a | ||
|
|
35b2dede57 | ||
| 2c4daa1766 | |||
| 6ae67f8e09 | |||
| d2b4afd9d4 | |||
|
|
c93cd28bb1 | ||
|
|
f5f92fcb07 | ||
|
|
4857ea1b56 | ||
| f7ac4acd54 | |||
| dccec5d306 | |||
| 58342eef57 | |||
|
521d362779 | ||
| e9cf5d5472 | |||
| 691b961d64 | |||
| 76e075cab4 | |||
|
|
51a3a75d74 | ||
|
|
6a53257409 | ||
| 78cb2f7976 | |||
|
|
ddc89e6a6e | ||
|
|
f8890aa003 | ||
| ec72d97c8f |
48
Makefile
Normal file
48
Makefile
Normal file
@@ -0,0 +1,48 @@
|
|||||||
|
all: rebuild-switch
|
||||||
|
date
|
||||||
|
|
||||||
|
clean:
|
||||||
|
nix-collect-garbage -d --delete-older-than 15d
|
||||||
|
|
||||||
|
clean-aggressive:
|
||||||
|
nix-collect-garbage -d --delete-older-than 1d
|
||||||
|
|
||||||
|
clean-total:
|
||||||
|
nix-collect-garbage -d
|
||||||
|
|
||||||
|
clean-log:
|
||||||
|
journalctl --vacuum-size=1G
|
||||||
|
|
||||||
|
full-auto: submodules-update upgrade clean optimise
|
||||||
|
|
||||||
|
optimise:
|
||||||
|
nix-store --optimise
|
||||||
|
|
||||||
|
push: submodules-push
|
||||||
|
git push --all
|
||||||
|
git push --tags
|
||||||
|
|
||||||
|
rebuild-switch:
|
||||||
|
nixos-rebuild switch
|
||||||
|
|
||||||
|
store-repair:
|
||||||
|
nix-store --verify --check-contents --repair
|
||||||
|
|
||||||
|
submodules-update:
|
||||||
|
#git submodule update --remote
|
||||||
|
git submodule foreach git co master
|
||||||
|
git submodule foreach git ff
|
||||||
|
|
||||||
|
submodules-push:
|
||||||
|
git submodule foreach git push --all
|
||||||
|
git submodule foreach git push --tags
|
||||||
|
|
||||||
|
submodules-tag:
|
||||||
|
git submodule foreach git tag -f "$$(date +%F)-$$(hostname -s)"
|
||||||
|
|
||||||
|
tag: submodules-tag
|
||||||
|
git tag -f "$$(date +%F)-$$(hostname -s)"
|
||||||
|
|
||||||
|
upgrade:
|
||||||
|
nixos-rebuild switch --upgrade
|
||||||
|
|
||||||
7
activation-manuelle/auto-upgrade.nix
Normal file
7
activation-manuelle/auto-upgrade.nix
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
# Automatic update & automatic clean
|
||||||
|
system.autoUpgrade.enable = true;
|
||||||
|
nix.gc.automatic = true;
|
||||||
|
}
|
||||||
11
activation-manuelle/swap.nix
Normal file
11
activation-manuelle/swap.nix
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
|
||||||
|
# https://en.wikipedia.org/wiki/Swappiness
|
||||||
|
boot.kernel.sysctl = {
|
||||||
|
# le swap est activé (!= 0)
|
||||||
|
# le swap est utilisé lorsque (100 - x) % de la mémoire est déja allouée
|
||||||
|
"vm.swappiness" = 10;
|
||||||
|
};
|
||||||
|
}
|
||||||
6
base.nix
6
base.nix
@@ -2,8 +2,12 @@
|
|||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./tools.nix
|
#./activation-manuelle/auto-upgrade.nix
|
||||||
|
#./activation-manuelle/locate.nix
|
||||||
|
#./activation-manuelle/swap.nix
|
||||||
|
./environment.nix
|
||||||
./localisation.nix
|
./localisation.nix
|
||||||
./networking.nix
|
./networking.nix
|
||||||
|
./services.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,25 +1,38 @@
|
|||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
# Nombre de process d'installation en parrallèle effectués par Nix
|
||||||
|
nix.buildCores = 0;
|
||||||
|
|
||||||
|
# The NixOS release to be compatible with for stateful data such as databases.
|
||||||
|
system.stateVersion = "16.03";
|
||||||
|
|
||||||
|
# On autorise les paquets non-libres
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
# List packages installed in system profile. To search by name, run:
|
# List packages installed in system profile. To search by name, run:
|
||||||
# $ nix-env -qaP | grep wget
|
# $ nix-env -qaP | grep wget
|
||||||
environment = {
|
environment = {
|
||||||
systemPackages = with pkgs; [
|
systemPackages = with pkgs; [
|
||||||
bind # utilisé pour les utilitaires comme dig
|
bind # utilisé pour les utilitaires comme dig
|
||||||
byobu
|
byobu
|
||||||
git gitAndTools.tig
|
exfat # Pour monter les FAT avec Fuse
|
||||||
|
git gitAndTools.gitSVN gitAndTools.tig
|
||||||
gnumake
|
gnumake
|
||||||
gnupg
|
gnupg
|
||||||
|
gpm # prise en charge de la souris en console
|
||||||
htop
|
htop
|
||||||
ncdu
|
ncdu
|
||||||
nmap
|
nmap
|
||||||
mtr
|
mtr
|
||||||
p7zip
|
p7zip
|
||||||
parted
|
parted
|
||||||
|
pciutils
|
||||||
python34Packages.glances
|
python34Packages.glances
|
||||||
pwgen
|
pwgen
|
||||||
tmux
|
tmux
|
||||||
tree
|
tree
|
||||||
|
usbutils
|
||||||
(import ./vim.nix)
|
(import ./vim.nix)
|
||||||
wget
|
wget
|
||||||
which
|
which
|
||||||
@@ -1,18 +1,29 @@
|
|||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
# Définition des domaines utilisés lorsque un identifiant non-FQDN est donné (ping, nslookup)
|
||||||
|
networking = {
|
||||||
|
search = [
|
||||||
|
"dubronetwork.fr"
|
||||||
|
"prunetwork.fr"
|
||||||
|
"teleragno.fr"
|
||||||
|
"teleragno.net"
|
||||||
|
];
|
||||||
|
dnsExtensionMechanism = true;
|
||||||
|
};
|
||||||
|
|
||||||
# Utilisation d'adresse IPv6 temporaire
|
# Utilisation d'adresse IPv6 temporaire
|
||||||
# https://blog.linitx.com/control-privacy-addressing-ipv6-linux/
|
|
||||||
# http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/x1092.html
|
## https://blog.linitx.com/control-privacy-addressing-ipv6-linux/
|
||||||
|
## http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/x1092.html
|
||||||
|
|
||||||
boot.kernel.sysctl = {
|
boot.kernel.sysctl = {
|
||||||
"net.ipv6.conf.all.temp_prefered_lft" = 3600; # 1 heure
|
"net.ipv6.conf.all.temp_prefered_lft" = 1800; # 30 min
|
||||||
"net.ipv6.conf.all.temp_valid_lft" = 86400; # 1 jour
|
"net.ipv6.conf.all.temp_valid_lft" = 3600; # 1 heure
|
||||||
"net.ipv6.conf.all.use_tempaddr" = 2; # activé
|
"net.ipv6.conf.all.use_tempaddr" = 2; # activé
|
||||||
|
|
||||||
"net.ipv6.conf.default.temp_prefered_lft" = 3600; # 1 heure
|
"net.ipv6.conf.default.temp_prefered_lft" = 3600; # 1 heure
|
||||||
"net.ipv6.conf.default.temp_valid_lft" = 86400; # 1 jour
|
"net.ipv6.conf.default.temp_valid_lft" = 3600; # 1 heure
|
||||||
"net.ipv6.conf.default.use_tempaddr" = 2; # activé
|
"net.ipv6.conf.default.use_tempaddr" = 2; # activé
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
31
services.nix
Normal file
31
services.nix
Normal file
@@ -0,0 +1,31 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
# Sécurité & Acces distant
|
||||||
|
|
||||||
|
## Augmentation de l'entropie du système par un générateur de nombres aléatoires
|
||||||
|
## cat /proc/sys/kernel/random/entropy_avail
|
||||||
|
services.haveged = {
|
||||||
|
enable = true;
|
||||||
|
refill_threshold = 2048;
|
||||||
|
};
|
||||||
|
|
||||||
|
## OpenSSH daemon
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Enable CUPS to print documents.
|
||||||
|
services.printing = {
|
||||||
|
enable = true;
|
||||||
|
drivers = [ pkgs.samsung-unified-linux-driver ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Monitoring
|
||||||
|
|
||||||
|
## Noeud de supervision munin = pas de stockage des données locales
|
||||||
|
|
||||||
|
services.munin-node = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user