127 changed files with 1870 additions and 3474 deletions
--- a/34
+++ b/34
@ -1,10 +1,6 @@
 GSF=git submodule foreach
 TIME=time
 CHRONY_STATUS=chronyc tracking
 CHRONY_STATS=chronyc sources -v
 CHRONY_STATS_SOURCES=chronyc sourcestats
 all: rebuild-switch
 	date
 ##--------- Commandes spécifiques pour NixOS
@ -19,46 +15,24 @@ clean-total:
 	$(TIME) nix-collect-garbage -d
 clean-log:
 	journalctl --flush --rotate
 	journalctl --vacuum-size=1G
 full-auto: submodules-update upgrade clean optimise
 	@date
 list-installed-packages:
 	@# source : https://functor.tokyo/blog/2018-02-20-show-packages-installed-on-nixos
 	@# https://www.domenkozar.com/2014/01/02/getting-started-with-nix-package-manager/
 	@#nixos-option environment.systemPackages
 	nixos-option environment.systemPackages | head -2 | tail -1 | sed -e 's/ /\n/g' | cut -d- -f2- | sort | uniq| sed -e 's/"$$//'
 optimise:
-	$(TIME) nix store optimise
+	$(TIME) nix-store --optimise
 rebuild-build:
 	nix-channel --add https://nixos.org/channels/nixos-unstable nixos
 	$(TIME) time nixos-rebuild build --fallback  --show-trace
 rebuild-switch:
 	$(TIME) time nixos-rebuild switch --fallback  --show-trace
 show-blackholed:
 	-@ip route |grep blackhole |wc -l| awk '{print "Il y a "$$1" route(s) en blackhole sur";system("hostname ")}' |cowsay
 show-diff-with-current:
 	-diff /run/current-system/configuration.nix /etc/nixos/configuration.nix
 show-roots:
 	nix-store --gc --print-roots
 show-time:
 	-@$(CHRONY_STATUS) && $(CHRONY_STATS)
 	-@watch -d -n 2 "$(CHRONY_STATUS) && echo "-- Statistiques générales :" && $(CHRONY_STATS) && echo "-- Statistiques sur les sources :" && $(CHRONY_STATS_SOURCES) && echo "-- Statistiques sur les clients :" && chronyc clients"
 store-repair:
 	$(TIME) nix-store --verify --check-contents --repair
 upgrade:
 	nix-channel --add https://nixos.org/channels/nixos-unstable nixos
 	$(TIME) nixos-rebuild switch --upgrade --fallback --show-trace
 ##--------- Commandes spécifiques pour NixOS -- Opérations non courantes
@ -67,9 +41,6 @@ download-sources:
 	# https://nixos.org/wiki/Download_all_sources
 	nix-store -r $$(grep -l outputHash $$(nix-store -qR $$(nix-instantiate '<nixpkgs>' -A geeqie) | grep '.drv$$'))
 build-iso:
 	nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=/etc/nixos/base/iso-image/livecd-minimal.nix
 ##--------- Commandes spécifiques pour GIT
 push: submodules-push
@ -113,6 +84,3 @@ tmpfs-umount:
 tmpfs-destroy: tmpfs-umount
 	rmdir /mnt/tmpfs
 ##- Test awesome
 test-awesome:
 	Xephyr :5 & sleep 1; DISPLAY=:5 awesome
--- a/README.md
+++ b/README.md
@ -1,65 +1,18 @@
 # nixos-template-base
-Versions de NixOS supportées :
+Version de nixos supportée : NixOs 16.09
 * NixOS unstable
 Ce dépôt stocke une configuration générique des machines.
 Une recette dite "config-generator" adapte la configuration selon le nom de la machine (FQDN).
-~~Une recette dite "config-generator" adapte la configuration selon le nom de la machine (FQDN).~~
+Actuellement, les scripts contiennent un peu de configuration spécifique pour les machines des mainteneurs.
-~~Actuellement, les scripts contiennent un peu de configuration spécifique pour les machines des mainteneurs.~~
+# Lien pour install sur machine distante
-# Liens
+* https://nixos.org/wiki/How_to_install_NixOS_from_Linux#Installing_through_a_chroot
-* https://status.nixos.org/ pour savoir de quand datent les différentes releases de NixOS
+* https://github.com/NixOS/nixpkgs/issues/13305
 * https://repology.org/repository/nix_unstable/problems pour lister les paquets avec problèmes
-# Notes de mise-à-jour
+# Notes pour l'upgrade de 16.03 vers 16.09
 ## pour l'utilisation de l'annuaire (à partir de 2017-04-28)
 * faire les mises à jour de l'OS
 * commiter & pusher l'état des dépôts (au cas où). Pour les différents dépôts `git a`, `git commit` puis `make tag push`
 * mettre à jour les dépôts avec les dernières versions, `make submodules-update`
 * vérifier que `configuration.nix` contient `services.xserver.enable = true;` pour les machines avec interface graphique
 * vérifier que `configuration.nix` contient le nom de la machine `networking.hostName = "<X>";`
 * vérifier que `configuration.nix` contient le nom de domaine `networking.domain = "<X>";`
 * tester la configuration : `nixos-rebuild build`
 * corriger et ajouter les éléments manquant (notamment dans `private/annuaire.nix` )
 * lorsque tout semble bon, vérifier :
  * qu'il y a toujours des utilisateurs dans la configuration
  * que le moyen d'accéder à la machine n'a pas été supprimé (surtout les machines distantes)
 * lancer la commande de build de l'os : `make` :)
 ## pour le passage de 16.09 à unstable
 * mettre à jour tous les dépôts
 * changer la branche de base vers `nixos-unstable`
 * changer la declaration de la machine dans `configuration.nix`
 ~~~
 networking.hostName = "<bidule>";
 ~~~
 devient
 ~~~
 r6d.computers.is<bidule> = true;
 ~~~
 * mettre à jour le channel
 ~~~
 nix-channel --add  https://nixos.org/channels/nixos-unstable nixos
 nix-channel --update
 ~~~
 * faire la mise à jour
 ~~~
 make
 ~~~
 ## pour le passage de 16.03 à 16.09
 * mettre le dépôt base sur la branche upgrade-16.09
 * changer le channel nixos : ```nix-channel --add https://nixos.org/channels/nixos-16.09 nixos```
@ -88,153 +41,3 @@ Pour résoudre les soucis d'upgrade, il est conseillé :
 * d'ajouter `vim` aux paquets
 * de réactiver petit à petit les lignes désactivées
 # Installation sur machine chez online.net
 * https://nixos.org/wiki/Install_NixOS_on_Online.Net
 * https://nixos.org/wiki/Install_NixOS_on_Linode
 ## Installation selon config online
 * commander serveur
 * lancer la procédure d'installation avec ubuntu LTS 64bits
 * partitionner le disque avec l'interface web
 * lancer l'installation de l'os.
 * attendre que la procédure standard d'installation d'online ait terminée
 * lorsque l'install est finie, dans l'onglet "Etat" se trouve l'option "Secours"
 ## Transformation en NixOS
 * relancer la machine en mode "Secours"
 * choisir un linux 64bits (préférence pour ubuntu LTS)
 * le système de boot donne des identifiants SSH pour le connecter à la machine
 * se connecter à la machine
 * passer en root
 ~~~bash
 sudo su -
 ~~~
 * formater les partitions
 ~~~bash
 mkfs.ext4 -L nixos /dev/sda1
 swapoff -a
 mkswap /dev/sda2
 swapon -a
 ~~~
 * monter les partitions dans /mnt
 ~~~bash
 mount /dev/sda1 /mnt/
 mkdir /mnt/etc/
 mkdir /mnt/etc/nixos
 mkdir /etc/nixos
 mkdir /mnt/nix
 mkdir /nix
 mount --bind /mnt/nix/ /nix
 mkdir /mnt/tmp
 mount --bind /mnt/tmp /tmp
 ~~~
 * installer les paquets nécessaires
 ~~~bash
 apt-get install bzip2 git byobu htop glances
 ~~~
 * création d'utilisateur (n'importe quil mot de passe)
 ~~~bash
 adduser nix
 groupadd -r nixbld
 for n in $(seq 1 10); do useradd -c "Nix build user $n" -d /var/empty -g nixbld -G nixbld -M -N -r -s "$(which nologin)" nixbld$n; done
 ~~~
 * mise-à-jour des certificats
 ~~~bash
 update-ca-certificates
 ~~~
 * installer nix
 ~~~bash
 chown -R nix /nix /tmp
 su - nix
 bash <(curl https://nixos.org/nix/install)
 exit
 ~~~
 * créer un profil nix pour root & un channel
 ~~~bash
 . ~nix/.nix-profile/etc/profile.d/nix.sh
 nix-channel --remove nixpkgs
 nix-channel --add https://nixos.org/channels/nixos-unstable nixos
 nix-channel --update
 ~~~
 * installer un editeur de texte
 ~~~bash
 nix-env -i vim_configurable
 ~~~
 * installation de nixos-install
 ~~~bash
 cat <<EOF > /root/configuration.nix
 { fileSystems."/" = {};
  boot.loader.grub.enable = false;
 }
 EOF
 export NIX_PATH=nixpkgs=/root/.nix-defexpr/channels/nixos:nixos=/root/.nix-defexpr/channels/nixos/nixos
 export NIXOS_CONFIG=/root/configuration.nix
 nix-env -i -A config.system.build.nixos-install \
       -A config.system.build.nixos-option \
       -A config.system.build.nixos-generate-config \
       -f "<nixos>"
 ~~~
 * configuration de NixOS
 si la machine existe déjà, cloner le dépôt dans /mnt/etc/nixos
 pour cela, créer clef ssh et l'ajouter sur la forge
 ~~~bash
 ssh-keygen -t ed25519
 cp ~/.ssh/id_ed25519* /mnt/etc/nixos/
 git clone <>
 git submodule init
 git submodule update
 ~~~
 * monter /etc/nixos vers /mnt/etc/nixos pour que la config clonée fonctionne
 ~~~bash
 mount --bind /mnt/etc/nixos/ /etc/nixos/
 ~~~
 * mettre à jour la configuration matérielle
 ~~~bash
 export NIX_PATH=nixpkgs=/root/.nix-defexpr/channels/nixos:nixos=/root/.nix-defexpr/channels/nixos/nixos
 nixos-generate-config --root /mnt
 ~~~
 * vérifier le /mnt/etc/nixos/configuration.nix
 notamment le périphérique utilisé par grub
 * installer le système sur le disque
 ~~~bash
 unset NIXOS_CONFIG
 nixos-install
 ~~~
--- a/applications/graphical/adminsys.nix
+++ b/applications/graphical/adminsys.nix
@ -1,21 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf flags.graphical {
  # Paquets
  environment.systemPackages = with pkgs; [
     # Gestion de FS
     gparted       # Gestion graphique de partitions
     unetbootin    # création de clefs USB bootables
     # visualisation de log
     #logstalgia
  ];
 }
--- a/applications/graphical/bureautique.nix
+++ b/applications/graphical/bureautique.nix
@ -1,37 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf (flags.officeSuite && flags.graphical) {
  # Paquets
  environment.systemPackages = with pkgs; [
    # Bureautique
    gnumeric      # tableur
    #kde4.ksnapshot# réalisation de capture d'écran
    ## Cartes mentales
    freemind
    ## Diagrammes & Schémas
    dia           # dessin & schéma technique
    ## Editeur de texte
    #lyx          # surcouche WISIWIM à LaTeX
    #focuswriter  # outil pour l'écriture
    #textadept     # un éditeur de texte facile pour copier-coller graphique
    #zim          # outil de prise de notes, wiki de bureau
    ## Visionneuse
    #kde5.okular   # pdf
    #mcomix        # livres (cbr, liste d'images), gestion d'une bibliothèque # Supprimé dans NixOS 20.03
    pdfpc         # pdf
    qpdfview      # pdf
    gqview        # visionneuse image & gestion basique de collection
  ];
 }
--- a/applications/graphical/client-internet.nix
+++ b/applications/graphical/client-internet.nix
@ -1,33 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf (flags.internetSuite && flags.graphical) {
 # Paquets
 environment.systemPackages = with pkgs; [
    # Clients Internet
    ## Navigateur
    chromium
    firefox
    ## Mail & Discussion (texte, audio)
    claws-mail
    hexchat
    quasselClient
    mumble
    pidgin
    thunderbird
    # Transfert de fichier
    filezilla
    transmission-gtk
    transmission-remote-gtk
  ];
 }
--- a/applications/graphical/default-applications.nix
+++ b/applications/graphical/default-applications.nix
@ -1,15 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf (true && flags.graphical) {
  # Paquets
  environment.systemPackages = with pkgs; [
  ];
 }
--- a/applications/graphical/default.nix
+++ b/applications/graphical/default.nix
@ -1,40 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  #inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 {
  imports = [
    # installées systématiquement
    ./default-applications.nix
    # commandées par config-generator
    ## option de configuration spécifique
    ./cao.nix                   # de conception assisté par ordinateur & modélisation
    ./cartographie.nix          # manipuler les données géographiques & cartes
    ./developpement.nix         # développer des programmes/scripts
    ./developpement-elm.nix     # développer en elm
    ./developpement-haskell.nix # développer en haskell
    ./developpement-java.nix    # développer en java
    ./developpement-jetbrains.nix # outils jetbrains
    ./developpement-rust.nix    # développer en rust
    ./edition-musique.nix       # modifier les fichiers musicaux
    ./edition-photo.nix         # modifier les photos & assimilé
    ./edition-video.nix         # modifier les vidéos
    ./jeux.nix                  # jouer, tout simplement ;)
    ./radio.nix                 # outils pour faire de la radio SDR
    ## if isDesktop
    ./adminsys.nix              # pour gérer le système dans son ensemble et les services
    ./bureau.nix                # éléments pour avoir un environement graphique minimal utilisable
    ./bureautique.nix           # dédiée à la bureautique (traitement de texte, dessin, ...)
    ./client-internet.nix       # pour accéder & utiliser des ressources par le réseau
    ./multimedia.nix            # pour gérer le son, l'image et la vidéo
    ./network.nix               # de gestion, de diagnostique & surveillance réseau
    ./securite.nix              # relatives à la sécurité (chiffrement, gpg, mots de passe, ...)
  ];
 }
--- a/applications/graphical/developpement-haskell.nix
+++ b/applications/graphical/developpement-haskell.nix
@ -1,18 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf (flags.developpement-haskell && flags.graphical) {
  # Paquets
  environment.systemPackages = with pkgs; [
  ] ++ (with pkgs.haskellPackages; [
    # Haskell lib
    #threadscope     # visualisation des threads (<bidule>.eventlog)
  ]);
 }
--- a/applications/graphical/developpement-java.nix
+++ b/applications/graphical/developpement-java.nix
@ -1,17 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf (flags.developpement-java && flags.graphical) {
  # Paquets
  environment.systemPackages = with pkgs; [
    # IDE
    jetbrains.idea-community # IntelliJ IDEA
  ];
 }
--- a/applications/graphical/developpement-jetbrains.nix
+++ b/applications/graphical/developpement-jetbrains.nix
@ -1,19 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf (flags.jetbrains-licensed && flags.graphical) {
  # Paquets
  environment.systemPackages = with pkgs; [
    jetbrains.idea-ultimate
    jetbrains.clion
    jetbrains.datagrip
    jetbrains.pycharm-professional
  ];
 }
--- a/applications/graphical/developpement-rust.nix
+++ b/applications/graphical/developpement-rust.nix
@ -1,15 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf (flags.developpement-rust && flags.graphical) {
  # Paquets
  environment.systemPackages = with pkgs; [
  ];
 }
--- a/applications/graphical/developpement.nix
+++ b/applications/graphical/developpement.nix
@ -1,33 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf (flags.developpement && flags.graphical) {
  # Paquets
  environment.systemPackages = with pkgs; [
    # Base de données
    #pgadmin             # interface d'administration de postgres ***plus à jour, version openssl dépréciée***
    #sqlitebrowser       # interface d'administration de sqlite
    # Documentation
    #zeal                # consulter la documentation hors ligne
    # Gestion des sources
    #gitg               # interface pour utiliser git (historique, commit)
    gitstats            # génère un site web statique avec des statistiques
    git-cola            # interface pour utiliser git (historique, commit)
    ## Visualisation & outils de diff
    #gource              # visualisation en mouvement de l'historique git
    meld                # outil de comparaison graphique
    # Editeur texte
    atom
  ];
 }
--- a/applications/graphical/edition-video.nix
+++ b/applications/graphical/edition-video.nix
@ -1,18 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf (flags.edition-video && flags.graphical) {
  # Paquets
  environment.systemPackages = with pkgs; [
    # Vidéo
    #cinelerra     # editeur video
    pitivi        # montage vidéo
  ];
 }
--- a/applications/graphical/jeux.nix
+++ b/applications/graphical/jeux.nix
@ -1,17 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf (flags.jeux && flags.graphical) {
  # Paquets
  environment.systemPackages = with pkgs; [
    # Jeux
    urbanterror
  ];
 }
--- a/applications/graphical/multimedia.nix
+++ b/applications/graphical/multimedia.nix
@ -1,18 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf (flags.multimediaSuite && flags.graphical) {
  # Paquets
  environment.systemPackages = with pkgs; [
    ## Video
    smplayer      # lecteur vidéo
    vlc           # lecteur vidéo
  ];
 }
--- a/applications/graphical/network.nix
+++ b/applications/graphical/network.nix
@ -1,21 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf (true && flags.graphical) {
  # Diagnostic réseau Wireshark (droits fins par le groupe wireshark)
  programs.wireshark = {
    enable = true;
    package = pkgs.wireshark;
  };
  # Paquets
  environment.systemPackages = with pkgs; [
  ];
 }
--- a/applications/graphical/radio.nix
+++ b/applications/graphical/radio.nix
@ -1,27 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf (flags.radio && flags.graphical) {
  # Paquets
  environment.systemPackages = with pkgs; [
    ## GUI
    chirp                   # Configuration de radios portatives
    gqrx                    # GUI
    cubicsdr                # Another GUI
    gnuradio-with-packages  # Software Defined Radio (SDR) software
    ## A Trier
    #inspectrum    # Tool for analysing captured signals from sdr receivers
  ];
  nixpkgs.config.permittedInsecurePackages = [
    "python2.7-Pillow-6.2.2"
  ];
 }
--- a/applications/graphical/securite.nix
+++ b/applications/graphical/securite.nix
@ -1,17 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf (flags.securitySuite && flags.graphical) {
  # Paquets
  environment.systemPackages = with pkgs; [
    gnome3.seahorse # gestionnaire graphique de clef GPG
    #yubikey-personalization-gui # utilisation de la clef Yubikey
  ];
 }
--- a/applications/overrides.nix
+++ b/applications/overrides.nix
@ -1,48 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf true {
  nixpkgs.config.packageOverrides = pkgs: {
    claws-mail = pkgs.claws-mail.override {
      enablePgp = true;
      enablePluginArchive = true;
      #enablePluginFancy = false; # nécessite wekitgtk qui est troué # Option supprimée dans NixOS 20.03
      enablePluginPdf = true;
      enablePluginRavatar = true;
      enablePluginSmime = true;
      enablePluginVcalendar = true;
      enableSpellcheck = true;
    };
    ffmpeg-full = pkgs.ffmpeg-full.override {
      nonfreeLicensing = true;
      nvenc  = true;
    };
    # bug connu : https://nixos.org/nix-dev/2014-December/015225.html
    # find /nix/store/  -maxdepth 1 -type d -name "*gnuradio-*"
    # Commande pour générer le path : find /nix/store/  -maxdepth 1 -type d -name "*gnuradio-*"|paste -d: -s -
    gnuradio-with-packages = pkgs.gnuradio-with-packages.override {
      extraPackages = with pkgs; [
        gnuradio-ais
        gnuradio-gsm
        gnuradio-nacl
        gnuradio-osmosdr    # support des dongle Realtek
        gnuradio-rds        # support du décodage de RDS sur les radio FM
      ];
    };
    mumble = pkgs.mumble.override { pulseSupport = true; };
  };
  #nixpkgs.config.permittedInsecurePackages = [
  #  "webkitgtk-2.4.11"       # pour que le plugin fancy de claws-mail fonctionne
  #];
 }
--- a/applications/terminal/bureau.nix
+++ b/applications/terminal/bureau.nix
@ -1,17 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf true {
  # Paquets
  environment.systemPackages = with pkgs; [
    ## Manipulation de fichier
    vifm            # gestionnaire de fichiers basé sur VIM (console)
  ];
 }
--- a/applications/terminal/bureautique.nix
+++ b/applications/terminal/bureautique.nix
@ -1,33 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf flags.officeSuite {
  # Paquets
  environment.systemPackages = with pkgs; [
    # Bureautique
    aspell aspellDicts.fr         # correction d'ortographe
    python39Packages.grammalecte  # correction gramatical
    # Gestion de tâche
    taskwarrior     # gestionnaire de tâches en console
    ## Convertisseurs (texte -> <autre format>)
    gnuplot       # générateur de graphes à partir de données numériques
    graphviz      # dot, neato : traçage de graphes (carré, rond)
    #jekyll       # générateur statique de site web
    #odpdown      # conversion md -> presentation ODP : https://github.com/thorstenb/odpdown
    pandoc
    #haskellPackages.pandoc-citeproc # ***BROKEN***
    texlive.combined.scheme-full # distribution LaTeX
    #texLive       # distribution LaTeX de base
    #texLiveBeamer # paquets et extensions pour Beamer
    #texLiveModerncv # paquets pour la classe Modern CV
  ];
 }
--- a/applications/terminal/cao.nix
+++ b/applications/terminal/cao.nix
@ -1,15 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf flags.conception-assistee {
  # Paquets
  environment.systemPackages = with pkgs; [
  ];
 }
--- a/applications/terminal/cartographie.nix
+++ b/applications/terminal/cartographie.nix
@ -1,18 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf flags.cartographie {
  # Paquets
  environment.systemPackages = with pkgs; [
    # Gestion de données géographiques
    expat
    gpsbabel      # pour convertir les données des GPS
  ];
 }
--- a/applications/terminal/client-internet.nix
+++ b/applications/terminal/client-internet.nix
@ -1,30 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf flags.internetSuite {
 # Paquets
 environment.systemPackages = with pkgs; [
    # Clients Internet
    ## Réseaux sociaux
    #turses                            # client twitter en ncurse
    #python39Packages.rainbowstream    # client twitter en console
    #rtv                               # client reddit en console
    ## Mail & Discussion (texte, audio)
    mutt
    ## Sauvegarde nuagique (cloud storage)
    #rclone
    ## P2P
    rtorrent      # outil de téléchargement de torrent & magnet
  ];
 }
--- a/applications/terminal/default-applications.nix
+++ b/applications/terminal/default-applications.nix
@ -1,73 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf true {
  # Paquets
  environment.systemPackages = with pkgs; [
      byobu         # permet de se déconnecter d'un terminal sans l'arréter
      tig gti lazygit # outil de gestion de version
      gnumake       # pour décrire les recettes de compilation
      gnupg         # GPG
      htop          # monitoring
      lsb-release   # pour les scripts qui utilisent cet outil (dont byobu)
      #libressl      # librairie pour faire du TLS et les algorithmes de crypto par OpenBSD
      ncdu          # outil pour voir l'espace utilisé
      p7zip         # compression de fichier
      parted        # partitionnement de disque
      pciutils
      pinentry      # pour taper les mots de passe gpg
      psmisc        # fournis les utilitaires comme killall, fuser, pstree
      #python        # python -- python -m SimpleHTTPServer 8000
      shared-mime-info  # MIME info
      tmux          # nécessaire pour byobu
      tree          # affiche une arborescence de fichiers et dossiers
      usbutils
      wget          # client HTTP console
      which         # pour connaitre le chemin d'un exécutable
  ];
  programs = {
    fish.enable = true;
    gnupg.agent.enable = true;
    git = {
      enable = true;
      package = pkgs.gitFull;
      config = {
        # http://www.git-attitude.fr/2014/09/15/30-options-git-qui-gagnent-a-etre-connues/
        color = {
          diff = "auto";
          branch = "auto";
          interactive = "auto";
          pager = true;
          showbranch = "auto";
          status = "auto";
        };
        alias = {
          a  = "add -p";
          br = "for-each-ref --sort=committerdate refs/heads/ --format='%(committerdate:short)\t%(authorname)\t%(refname:short)'";
          ci = "commit";
          co = "checkout";
          ff = "pull --ff-only";
          oops = "commit --amend --no-edit";
          # Show files ignored by git
          ignored = "ls-files -o -i --exclude-standard";
          ls = "ls-files";
          st = "status";
          # Logs
          lol = "log --graph --decorate --pretty=oneline --abbrev-commit";
          lola = "log --graph --decorate --pretty=oneline --abbrev-commit --all";
          not-pushed = "log --branches --not --remotes";
        };
        push.default = "simple";
        code.editor = "${pkgs.vim_configurable}/bin/vim";
      };
      lfs.enable = true;
    };
  };
 }
--- a/applications/terminal/default.nix
+++ b/applications/terminal/default.nix
@ -1,41 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  #inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 {
  imports = [
    # installées systématiquement
    ./default-applications.nix
    # commandées par config-generator
    ## option de configuration spécifique
    ./cao.nix                   # de conception assisté par ordinateur & modélisation
    ./cartographie.nix          # manipuler les données géographiques & cartes
    ./developpement.nix         # développer des programmes/scripts
    ./developpement-elm.nix     # développer en elm
    ./developpement-haskell.nix # développer en haskell
    ./developpement-java.nix    # développer en java
    ./developpement-jetbrains.nix # outils jetbrains
    ./developpement-rust.nix    # développer en rust
    ./edition-musique.nix       # modifier les fichiers musicaux
    ./edition-photo.nix         # modifier les photos & assimilé
    ./edition-video.nix         # modifier les vidéos
    ./jeux.nix                  # jouer, tout simplement ;)
    ./radio.nix                 # outils pour faire de la radio SDR
    ./vim.nix                   # vim avec plugins
    ## if isDesktop
    ./adminsys.nix              # pour gérer le système dans son ensemble et les services
    ./bureau.nix                # éléments pour avoir un environement graphique minimal utilisable
    ./bureautique.nix           # dédiée à la bureautique (traitement de texte, dessin, ...)
    ./client-internet.nix       # pour accéder & utiliser des ressources par le réseau
    ./multimedia.nix            # pour gérer le son, l'image et la vidéo
    ./network.nix               # de gestion, de diagnostique & surveillance réseau
    ./securite.nix              # relatives à la sécurité (chiffrement, gpg, mots de passe, ...)
  ];
 }
--- a/applications/terminal/developpement-haskell.nix
+++ b/applications/terminal/developpement-haskell.nix
@ -1,36 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf flags.developpement-haskell {
  # Paquets
  environment.systemPackages = with pkgs; [
    # Haskell platform
    cabal-install         # fournis cabal
    cabal2nix             # convertir les .cabal en .nix
    ghc                   # pour les appels depuis les scripts
    stack                 # pour les paquets en LTS de stackage
  ] ++ (with pkgs.haskellPackages; [
    # Haskell lib
    autoproc              # ? procmail
    #brittany              # formatteur de code
    #darcs                 # gestionnaire de version éponyme
    #ghc-mod               # outil d'analyse de code haskell utilisé par IDE
    #hindent               # indentation code ***BROKEN***
    hlint                 # qualite de code, analyse statique de code + astuces & bonnes pratiques
    #postgrest            # mapper HTTP <-> PostgreSQL
    servant               # génération d'API REST
    stylish-haskell       # qualité de code
    turtle                # genre shell-scripting
    # Application perso
    #hahp
    #pandoc-filter-graphviz # filtre pour utiliser graphviz à partir de pandoc ***BROKEN***
  ]);
 }
--- a/applications/terminal/developpement-java.nix
+++ b/applications/terminal/developpement-java.nix
@ -1,24 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf flags.developpement-java {
  # Installe le paquet + JAVA_HOME
  programs.java = {
    enable = true;
  };
  # Paquets
  environment.systemPackages = with pkgs; [
    # Systèmes de build autour de java
    ant
    maven
    gradle
  ];
 }
--- a/applications/terminal/developpement-jetbrains.nix
+++ b/applications/terminal/developpement-jetbrains.nix
@ -1,15 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf flags.jetbrains-licensed {
  # Paquets
  environment.systemPackages = with pkgs; [
  ];
 }
--- a/applications/terminal/developpement-rust.nix
+++ b/applications/terminal/developpement-rust.nix
@ -1,20 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf flags.developpement-rust {
  # Paquets
  environment.systemPackages = with pkgs; [
    # Rust
    cargo               # récupération des dépendances + compilation projet rust
    rustc               # pour les appels depuis les scripts
    rustup              # outil de configuration de toolchain rust
    crate2nix           # génère les fichiers de build Nix dans un projet Rust
  ];
 }
--- a/applications/terminal/developpement.nix
+++ b/applications/terminal/developpement.nix
@ -1,40 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf flags.developpement {
  # Paquets
  environment.systemPackages = with pkgs; [
    # Build / outil de construction
    autobuild
    autoconf
    automake
    # Base de données
    pg_top                 # monitoring de PostgreSQL
    sqlite                 # le moteur de base de données
    # C / C++
    gcc                    # pour les appels depuis les scripts
    # Gestion des sources
    cloc                   # outil pour compter les lignes de code source
    mercurial
    subversion
    # spécification
    plantuml               # diagrammes UML et plus si affinité
    # Mono
    #mono46                # interpréteur .NET
    ## Visualisation & outils de diff
    #vbindiff              # diff de fichier hexadecimaux avec vim
  ];
 }
--- a/applications/terminal/edition-musique.nix
+++ b/applications/terminal/edition-musique.nix
@ -1,15 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf flags.edition-musique {
  # Paquets
  environment.systemPackages = with pkgs; [
  ];
 }
--- a/applications/terminal/edition-photo.nix
+++ b/applications/terminal/edition-photo.nix
@ -1,21 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf flags.edition-photo {
  # Paquets
 environment.systemPackages = with pkgs; [
    # Méta données
    exif
    exiftags
    # Retouche, modification & dessin vectoriel
    imagemagick   # modification image en CLI
  ];
 }
--- a/applications/terminal/edition-video.nix
+++ b/applications/terminal/edition-video.nix
@ -1,16 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf flags.edition-video {
  # Paquets
  environment.systemPackages = with pkgs; [
    ffmpeg-full   # assemblage de flux audio & video en ligne de commande
  ];
 }
--- a/applications/terminal/jeux.nix
+++ b/applications/terminal/jeux.nix
@ -1,15 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf flags.jeux {
  # Paquets
  environment.systemPackages = with pkgs; [
  ];
 }
--- a/applications/terminal/multimedia.nix
+++ b/applications/terminal/multimedia.nix
@ -1,20 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf flags.multimediaSuite {
  # Paquets
  environment.systemPackages = with pkgs; [
    ## Audio
    beep
    cmus          # lecteur audio console
    espeak        # synthèse vocale
    vorbis-tools  # codec
  ];
 }
--- a/applications/terminal/radio.nix
+++ b/applications/terminal/radio.nix
@ -1,29 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf flags.radio {
 # pour que ça marche
 # sudo rmmod dvb_usb_rtl28xxu
 # lecture radio FM
 # rtl_fm -f 96.9e6 -M wbfm -s 440000 -r 44100 - | aplay -r 44100 -f S16_LE
 # rtl_fm -f 96.95e6 -M wbfm -s 441000 -r 44100 - | aplay -r 44100 -f S16_LE -t raw -c 1
 # rtl_fm -f 96.95e6 -M wbfm -s 441000 -r 44100 -E deemp - |pv| aplay -r 44100 -f S16_LE -t raw -c 1
  # Paquets
  environment.systemPackages = with pkgs; [
    gnss-sdr    # Global Navigation Satellite Systems software-defined receiver
    liquid-dsp  # Digital signal processing library for software-defined radios
    rtl-sdr     # Turns your Realtek RTL2832 based DVB dongle into a SDR receiver
    dump1090    # Listen to planes ADS-B and view them on a map
  ];
  hardware.rtl-sdr.enable = true;
 }
--- a/applications/terminal/securite.nix
+++ b/applications/terminal/securite.nix
@ -1,17 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf flags.securitySuite {
  # Paquets
  environment.systemPackages = with pkgs; [
    pass            # gestionnaire de mots de passe
    pwgen           # générateur de mots de passe
  ];
 }
--- a/applications/terminal/vim.nix
+++ b/applications/terminal/vim.nix
@ -1,28 +0,0 @@
 {pkgs, ... }:
 let
  myVim = pkgs.vim_configurable.customize {
    # Specifies the vim binary name.
    # E.g. set this to "my-vim" and you need to type "my-vim" to open this vim
    # This allows to have multiple vim packages installed (e.g. with a different set of plugins)
    name = "vim";
    vimrcConfig.customRC = builtins.readFile ./vimrc;
    vimrcConfig.packages.myVimPackage = with pkgs.vimPlugins; {
      start = [
        wombat256-vim
      ];
      opt = [
        elm-vim
        vim-fish
        vim-nix
        vimwiki
      ];
    };
  };
 in {
  programs.vim = {
    defaultEditor = true;
    package = myVim;
  };
 }
--- a/base.nix
+++ b/base.nix
@ -1,18 +1,18 @@
 { config, lib, pkgs, ... }:
 let
  #inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in
 {
  imports = [
-    # moulinette de configuration
+    # recettes
-    /*./config-generator.nix*/
+    ./public/public.nix
    ./options.nix
-    # Redéfinition d'applications et de modules
+    # moulinette de configuration
-    ./applications/overrides.nix
+    ./config-generator.nix
    # subfolders
    ./applications/graphical/default.nix
    ./applications/terminal/default.nix
    ./configuration/default.nix
    ./services/default.nix
  ];
 }
--- a/2
+++ b/2
@ -2,7 +2,7 @@
 SESSION_NAME="Adminsys"
 PROJECT_DIR="/etc/nixos"
-PROJECT_MODULES=$(cd $PROJECT_DIR && git submodule --quiet foreach 'echo $path')
+PROJECT_MODULES="base private server"
 HEAD_ADDITIONNAL_TABS="git config"
 TAIL_ADDITIONNAL_TABS="glances htop"
--- a/config-generator.nix
+++ b/config-generator.nix
@ -5,22 +5,97 @@ let
  cfg = config.r6d.config-generator;
  pfl = config.r6d.profiles;
  comp = config.r6d.computers;
-  host = config.networking.fqdn;
+  host = config.networking.hostName;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 {
 # TODO camel case partout
 # TODO everything in english
 # TODO sortir ce qui est privé
  ###### interface
  options = {
    #* Utilisé pour afecter des capacités aux machines
    r6d.profiles  = {
      # Domaine
      isDubronetwork        = mkEnableOption "Pour distinguer les machines dubronetwork.";
      isPrunetwork          = mkEnableOption "Pour distinguer les machines prunetwork.";
      # Utilisation machine
      isDesktop             = mkEnableOption "Pour indiquer une machine avec interface graphique.";
      isHome                = mkEnableOption "Pour indiquer que la machine sert à la maison (divertissement & autre).";
      isServer              = mkEnableOption "Pour indiquer qu'il s'agit d'un serveur.";
      isWorkstation         = mkEnableOption "Pour indiquer que la machine sert à travailler.";
    };
    #* Utilisé dans les fichiers .nix
    r6d.config-generator = {
      #enable                = mkEnableOption "Génération de la configuration d'une machine.";
      awesome               = mkEnableOption "Profil pour activer le gestionnaire de fenêtre awesome.";
      auto-upgrade          = mkEnableOption "Profil pour activer les mises à jour automatiques.";
      cartographie          = mkEnableOption "Profil pour activer les outils de gestion de données géographiques.";
      conception-assistee   = mkEnableOption "Profil pour activer les outils de conception électronique & modélisation 3D";
      database_postgres     = mkEnableOption "Profil pour activer le SGBD PostgreSQL.";
      developpement         = mkEnableOption "Profil pour activer les outils de développement";
      developpement-elm     = mkEnableOption "Profil pour activer les outils de développement Elm";
      developpement-haskell = mkEnableOption "Profil pour activer les outils de développement Haskell";
      developpement-java    = mkEnableOption "Profil pour activer les outils de développement Java";
      developpement-rust    = mkEnableOption "Profil pour activer les outils de développement Rust";
      docker                = mkEnableOption "Profil pour l'utilisation de Docker.";
      dovecot               = mkEnableOption "Profil pour activer le serveur Dovecot.";
      dns_autorite          = mkEnableOption "Profil pour servir les fichiers de zone DNS.";
      dns_resolveur         = mkEnableOption "Profil pour activer un résolveur DNS local.";
      edition-musique       = mkEnableOption "Profil pour la création/édition de musique.";
      edition-photo         = mkEnableOption "Profil pour la création/édition de photos.";
      edition-video         = mkEnableOption "Profil pour la création/édition de video.";
      elasticsearch         = mkEnableOption "Profil pour activer le service elasticsearch.";
      fail2ban              = mkEnableOption "Profil pour activer Fail2ban.";
      hydra-builder         = mkEnableOption "Profil pour une machine qui compile pour hydra.";
      hydra-core            = mkEnableOption "Profil pour un serveur hydra.";
      kibana                = mkEnableOption "Profil pour activer le service kibana.";
      jetbrains-licensed    = mkEnableOption "Profil pour la suite de développement Jetbrains payante (sous-ensemble).";
      jeux                  = mkEnableOption "Profil pour les jeux vidéos.";
      laptop                = mkEnableOption "Profil pour les outils spécifiques aux ordinateurs portables.";
      locate                = mkEnableOption "Profil pour activer la fonction locate.";
      mailboxes             = mkEnableOption "Profil pour stocker les mails dans des boîtes aux lettres.";
      murmur                = mkEnableOption "Profil pour activer un serveur Mumble (murmur)";
      nix-serve-client      = mkEnableOption "Profil pour que la machine soit un client de cache nix.";
      nix-serve-server      = mkEnableOption "Profil pour que la machine soit un serveur de cache nix.";
      nixStoreProxyCache    = mkEnableOption "Profil pour activer le proxy cahce nginx pour le nix store";
      print                 = mkEnableOption "Profil pour activer cups & pouvoir imprimer.";
      rabbitmq              = mkEnableOption "Profil pour activer le service de messagerie AMQP.";
      radicale              = mkEnableOption "Profil pour activer le service d'hébergement de calendrier + tâches & contacts.";
      scanner               = mkEnableOption "Profil pour que les scanners soient utilisable.";
      swap                  = mkEnableOption "Profil pour que le swap soit activé.";
      virtualbox            = mkEnableOption "Profil pour l'utilisation de VirtualBox.";
      xmonad                = mkEnableOption "Profil pour activer le gestionnaire de fenêtres xmonad.";
      znc                   = mkEnableOption "Profil pour activer le relais IRC ZNC.";
      tincAddress     = mkOption {
        default = "";
        example = "192.168.1.1";
        description = "Adresse du noeud tinc local";
        type = lib.types.string;
      };
      tincExtraConfig = mkOption {
        default = "";
        example = ''
            Mode = router
            ConnecTo = bar
        '';
        description = "Configuration supplémentaire pour tinc";
        type = lib.types.string;
      };
    };
    #* Utilisé pour avoir des raccourcis de machine
    r6d.computers = {
      isHydra     = mkEnableOption "Identification du nom de machine.";
      isLatitude  = mkEnableOption "Identification du nom de machine.";
      isMonstre   = mkEnableOption "Identification du nom de machine.";
      isNeoNomade = mkEnableOption "Identification du nom de machine.";
      isNomade    = mkEnableOption "Identification du nom de machine.";
      isOcean     = mkEnableOption "Identification du nom de machine.";
      isPedro     = mkEnableOption "Identification du nom de machine.";
      isPhenom    = mkEnableOption "Identification du nom de machine.";
      isRadx      = mkEnableOption "Identification du nom de machine.";
      isRollo     = mkEnableOption "Identification du nom de machine.";
    };
  };
@ -30,26 +105,270 @@ in
  config = mkMerge
  [
    ## Définition des profils génériques
    (mkIf pfl.isDesktop {
      r6d.config-generator = {
        awesome = true;
        #nix-serve-client = true;
        scanner = true;
      };
    })
    (mkIf pfl.isHome {
      r6d.profiles.isDesktop = true;
    })
    (mkIf (pfl.isServer && !comp.isMonstre) {
      r6d.config-generator = {
        #database_postgres = true;
        dns_autorite = true;
        #dns_resolveur = true;
        # inutile d'exposer la conf complète du serveur par le store tant qu'il n'y a pas de protection complémentaire - utilisation SSH ?
        #nix-serve-server = true;
        #rabbitmq =  true;
      };
    })
    # /!\ PAS un serveur
    (mkIf (!pfl.isServer || comp.isMonstre) {
      r6d.config-generator = {
        dns_resolveur = true;
      };
    })
    (mkIf pfl.isWorkstation {
      r6d.profiles.isDesktop = true;
      r6d.config-generator = {
        docker = true;
      };
    })
    ## Profils liés à Dubronetwork
    (mkIf pfl.isDubronetwork {
      r6d.config-generator = {
        auto-upgrade = true;
        locate = true;
        print = true;
      };
    })
    (mkIf (pfl.isDubronetwork && pfl.isWorkstation) {
      r6d.config-generator = {
        cartographie = true;
        conception-assistee = true;
        docker = true;
        developpement = true;
        developpement-elm = true;
        developpement-haskell = true;
        developpement-java = true;
        developpement-rust = true;
        edition-musique = true;
        edition-photo = true;
        edition-video = true;
        virtualbox = true;
        xmonad = true;
      };
    })
    ## Profils liés à Prunetwork
    (mkIf pfl.isPrunetwork {
      r6d.config-generator = {
        auto-upgrade = true;
        docker = true;
        locate = true;
        fail2ban = true;
        swap = true;
      };
    })
    (mkIf (pfl.isPrunetwork && pfl.isWorkstation) {
      r6d.config-generator = {
        cartographie = true;
        conception-assistee = true;
        docker = true;
        developpement = true;
        #developpement-elm = true;
        developpement-haskell = true;
        developpement-java = true;
        developpement-rust = true;
        edition-musique = true;
        edition-photo = true;
        edition-video = true;
        hydra-core = false; # DO NOT ENABLE ON WORKSTATION, YOU CAN CRASH YOUR SYSTEM
        print = true;
        #virtualbox = true;
        #xmonad = true;
      };
    })
    ## Affectation des profils aux machines
    (mkIf comp.isHydra {
      networking.hostName = "hydra.prunetwork.fr"; # Define your hostname.
      r6d.profiles = {
        isPrunetwork = true;
        isServer = true;
      };
      r6d.config-generator = {
        docker = true;
        hydra-builder = true;
        hydra-core = true;
        #tincAddress = "192.168.12.6/24";
        #tincExtraConfig = ''
        #  ConnectTo = rollo_dubronetwork_fr
        #  '';
      };
    })
    (mkIf comp.isOcean {
      networking.hostName = "ocean.prunetwork.fr"; # Define your hostname.
      r6d.profiles = {
        isPrunetwork = true;
        isServer = true;
      };
      r6d.config-generator = {
        docker = true;
        radicale = true;
        tincAddress = "192.168.12.6/24";
        tincExtraConfig = ''
          ConnectTo = rollo_dubronetwork_fr
        '';
      };
    })
    (mkIf comp.isRadx {
      networking.hostName = "radx.prunetwork.fr"; # Define your hostname.
      r6d.profiles = {
        isHome = true;
        isPrunetwork = true;
        isWorkstation = true;
      };
      r6d.config-generator = {
        database_postgres = true;
        elasticsearch = true;
        hydra-builder = true;
        #hydra-core = false; # DO NOT ENABLE ON WORKSTATION
        kibana = true;
        nix-serve-client = true;
        nix-serve-server = true;
        rabbitmq = true;
        tincAddress = "192.168.12.3/24";
        tincExtraConfig = ''
          ConnectTo = monstre_dubronetwork_fr
          ConnectTo = rollo_dubronetwork_fr
          ConnectTo = ocean_prunetwork_fr
        '';
      };
    })
    (mkIf comp.isLatitude {
      r6d.profiles = {
        isDubronetwork = true;
        isHome = true;
        isWorkstation = true;
      };
      r6d.config-generator = {
        jetbrains-licensed = true;
        laptop = true;
        tincAddress = "192.168.12.2/24";
        tincExtraConfig = ''
          ConnectTo = monstre_dubronetwork_fr
          ConnectTo = rollo_dubronetwork_fr
          ConnectTo = ocean_prunetwork_fr
        '';
        nix-serve-server = true;
      };
    })
    (mkIf comp.isMonstre {
      r6d.profiles = {
        isDubronetwork = true;
        isServer = true;
      };
      r6d.config-generator = {
        fail2ban = true;
        murmur = true;
        nix-serve-client = true;
        nix-serve-server = true;
        nixStoreProxyCache = true;
        tincAddress = "192.168.12.4/24";
        tincExtraConfig = ''
          ConnectTo = rollo_dubronetwork_fr
          ConnectTo = ocean_prunetwork_fr
        '';
      };
    })
    (mkIf comp.isNeoNomade{
      r6d.profiles = {
        isDubronetwork = true;
        isHome = true;
      };
      r6d.config-generator = {
        laptop = true;
        tincAddress = "192.168.12.7/24";
        tincExtraConfig = ''
          ConnectTo = monstre_dubronetwork_fr
          ConnectTo = rollo_dubronetwork_fr
          ConnectTo = ocean_prunetwork_fr
        '';
      };
    })
    # Dubro Vivo - St Malo
    #tincAddress = "192.168.12.8/24";
    (mkIf comp.isNomade{
      networking.hostName = "nomade"; # Define your hostname.
      networking.domain = "dubronetwork.fr";
      r6d.profiles.isDubronetwork = true;
      r6d.config-generator = {
        laptop = true;
      };
    })
    (mkIf comp.isPedro {
      r6d.profiles = {
        isDubronetwork = true;
        isServer = true;
      };
      r6d.config-generator = {
        fail2ban = true;
      };
    })
    (mkIf comp.isPhenom {
      networking.hostName = "phenom.dubronetwork.fr"; # Define your hostname.
      r6d.profiles = {
        isDubronetwork = true;
        isHome = true;
        isWorkstation = true;
      };
      r6d.config-generator = {
        jetbrains-licensed = true;
        #hydra-core = true;
        nix-serve-client = true;
        nix-serve-server = true;
        edition-photo = true;
        tincAddress = "192.168.12.1/24";
        tincExtraConfig = ''
          ConnectTo = monstre_dubronetwork_fr
          ConnectTo = rollo_dubronetwork_fr
          ConnectTo = ocean_prunetwork_fr
        '';
      };
    })
    (mkIf comp.isRollo {
      r6d.profiles = {
        isDubronetwork = true;
        isServer = true;
      };
      r6d.config-generator = {
        dovecot = true;
        fail2ban = true;
        mailboxes = true;
        murmur = true;
        tincAddress = "192.168.12.5/24";
        tincExtraConfig = ''
          ConnectTo = ocean_prunetwork_fr
        '';
        znc = true;
      };
    })
  ];
 }
--- a/configuration/default.nix
+++ b/configuration/default.nix
@ -1,28 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  #inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 {
  imports = [
    # installées systématiquement
    ./environment.nix
    ./localisation.nix
    ./network.nix
    #./network-ipv6.nix
    ./u2f.nix
    ./udev.nix
    # commandées par config-generator
    ## option de configuration spécifique
    ./awesome.nix               # pour le gestionaire de fenêtres awesome
    ./laptop.nix                    # appli & configuration adaptée pour un PC portable
    ./nix-options.nix              # options de Nix (update, gc, optimisation)
    ./swap.nix                      # définition de l'utilisation du swap
  ];
 }
--- a/configuration/environment.nix
+++ b/configuration/environment.nix
@ -1,64 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 {
  # The NixOS release to be compatible with for stateful data such as databases.
  system.stateVersion = "19.09";
  # copies the NixOS configuration file (usually /etc/nixos/configuration.nix) and links it from the resulting system (getting to /run/current-system/configuration.nix)
  system.copySystemConfiguration = true;
  # On autorise les paquets non-libres
  nixpkgs.config.allowUnfree = true;
  # NixOS Hardening
  #security.grsecurity.enable = true;
  # Ménage de /tmp au boot
  boot.cleanTmpDir = true;
  # Activation des pages de manuel
  documentation.man.enable = true;
  # Paquets
  environment = {
    shellAliases = {
      byobu = "byobu-tmux";
      gpg = "gpg2";
      jacques-a-dit = "sudo";
      tree = "tree -C";
      tree1 = "tree -d -L 1";
      tree2 = "tree -d -L 2";
      tree3 = "tree -d -L 3";
      # https://gist.github.com/amitchhajer/4461043 : Count number of code lines in git repository per user
      #git-loc = "git ls-files | while read f; do git blame --line-porcelain "${f}" | grep '^author '; done | sort -f | uniq -ic | sort -n";
      grep = "grep --color=auto";
      vi = "vim";
      byobu-adminsys = "/etc/nixos/base/byobu-adminsys";
    };
  };
  programs.bash = {
    enableCompletion = true;
    promptInit = builtins.readFile ./bash-prompt.sh;
    interactiveShellInit = builtins.readFile ./bash-interactive-init.sh;
  };
  # https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern
  programs.ssh.extraConfig = ''
    # Ensure KnownHosts are unreadable if leaked - it is otherwise easier to know which hosts your keys have access to.
    HashKnownHosts yes
    # Host keys the client accepts - order here is honored by OpenSSH
    HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
    KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
    MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
    Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
  '';
 }
--- a/configuration/laptop.nix
+++ b/configuration/laptop.nix
@ -1,40 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf flags.laptop {
  # Gestion spécifique pour PC portable
  ## Gestion de l'énergie
  services.tlp.enable = true;
  ## Activation d'un gestionnaire de réseau
  networking.networkmanager.enable = true;
  hardware.bluetooth = {
    enable = true;
    powerOnBoot = false;
  };
  # Gestion graphique du réseau dans la barre système
  programs.nm-applet.enable = true;
  # Paquets
  environment.systemPackages = with pkgs; [
    wirelesstools           # fournis iwconfig
    blueman                 # outils bluetooth (manager, system tray)
    cbatticon               # status de la batterie dans le system tray
  ];
  # Services
  services.blueman.enable = true;
  services.xserver.libinput = {
    enable = true;
  };
 }
--- a/configuration/network.nix
+++ b/configuration/network.nix
@ -1,24 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf true {
  # fix: Hostname -s renvoie "Unknown host" alors que hostname renvoie la bonne valeur
  #      Il s'avère que hostname vérifie la validité du FQDN et du reverse.
  #      Fixer ces paramètres dans les hosts permet de faire tomber en marche
  networking.extraHosts = ''
    127.0.0.1   ${config.networking.fqdn} ${config.networking.hostName}
  '';
  # Activation du routage
  boot.kernel.sysctl = {
    "net.ipv4.conf.all.forwarding" = true;
    "net.ipv4.conf.default.forwarding" = true;
  };
 }
--- a/configuration/nix-options.nix
+++ b/configuration/nix-options.nix
@ -1,30 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 {
  # Automatic update & automatic clean
  system.autoUpgrade.enable = flags.auto-upgrade;
  nix = {
    extraOptions = ''
      experimental-features = nix-command flakes
    '';
    settings = {
      auto-optimise-store = true;
      # Nombre de process d'installation en parrallèle effectués par Nix
      cores = 0;
    };
    gc = {
      automatic = true;
      dates = "daily";
      options = "--delete-older-than 7d";
    };
  };
 }
--- a/configuration/u2f.nix
+++ b/configuration/u2f.nix
@ -1,41 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 mkIf true {
  # Ajout du support des yobikey & hyperfido
  ## source des valeurs udev : https://github.com/Yubico/libu2f-host/blob/master/70-u2f.rules
  ## source car udev sur nixos semble ancien : https://raw.githubusercontent.com/Yubico/libu2f-host/master/70-old-u2f.rules
  services.udev.extraRules = ''
  # this udev file should be used with udev older than 188
  ACTION!="add|change", GOTO="u2f_end"
  # Yubico YubiKey
  KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", GROUP="plugdev", MODE="0660"
  # Happlink (formerly Plug-Up) Security KEY
  KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", GROUP="plugdev", MODE="0660"
  #  Neowave Keydo and Keydo AES
  KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d", ATTRS{idProduct}=="f1d0|f1ae", GROUP="plugdev", MODE="0660"
  # HyperSecu HyperFIDO
  KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0880", GROUP="plugdev", MODE="0660"
  LABEL="u2f_end"
  SUBSYSTEM=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", GROUP="audio", MODE="0666", SYMLINK+="rtl_sdr"
  '';
  security.pam.u2f.enable = true;
  environment.systemPackages = with pkgs; [
    libu2f-host
  ];
 }
--- a/iso-image/Makefile.installation
+++ b/iso-image/Makefile.installation
@ -1,7 +0,0 @@
 all:
 	nixos-generate-config --root /mnt
 	git config --global user.email "nixos-live@example.org"
 	git config --global user.name "NixOS Live"
 	cd /mnt/etc/nixos && git init . && git add . && git commit -m "initial commit"
 	cd /mnt/etc/nixos && git submodule add http://gogs.prunetwork.fr:80/nixos-config/nixos-template-base.git base
 	cd /mnt/etc/nixos && git submodule add https://gogs.prunetwork.fr/Capgemini-CDS-Arkea/template-nixos.git capgemini-cmb
--- a/iso-image/configuration.nix
+++ b/iso-image/configuration.nix
@ -1,24 +0,0 @@
 { config, lib, pkgs, ... }:
 {
  imports = [
    capgemini-cmb/default.nix
    /nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix
    nixos-template-base/base.nix
  ];
  # Custom name
  isoImage.isoName = pkgs.lib.mkForce "${config.isoImage.isoBaseName}-capgemini-${config.system.nixosLabel}-${pkgs.stdenv.system}.iso";
  # Avoid having the terminal flooded by kernel audit messages
  boot.kernelParams = [ "audit=0" ];
  # Files to copy to the liveCD
  isoImage.contents = [
    {
      source = ./Makefile.installation;
      target = "/custom/Makefile";
    }
  ];
  environment.shellAliases = { nixos-generate-custom-config = "cd /iso/custom/ && make";};
  networking.hostName = "nixos-livecd";
  networking.domain = "grudu.net";
 }
--- a/lib.nix
+++ b/lib.nix
@ -1,50 +0,0 @@
 let
  lib = with import <nixpkgs> {}; pkgs.lib;
  profiles = {
    isDesktopEnvironment = {
      awesome = true;
      internetSuite = true;
      graphical = true;
      multimediaSuite = true;
      officeSuite = true;
      pulseaudio = true;
      securitySuite = true;
    };
    isWorkstation = {
      docker = true;
      developpement = true;
      developpement-elm = true;
      developpement-haskell = true;
      developpement-java = true;
      developpement-rust = true;
    };
    #isServer = {
      #};
  };
 in
 with lib; rec{
  # Apply the profiles (pre-defined + custom) to the whole directory
  applyProfilesToDirectory = customProfiles: directory:
    lib.mapAttrs (applyProfilesToMachine customProfiles) directory;
  # Apply the profiles (pre-defined + custom) to a machine
  applyProfilesToMachine = customProfiles: machineName: machineOptions:
  { configurationFlags = lib.recursiveUpdate (generateFlagsSet customProfiles machineOptions.profiles) machineOptions.configurationFlags;
    configurationOptions = machineOptions.configurationOptions;
    profiles = machineOptions.profiles;
  };
  # Generate a set of configuration flags based on profiles
  generateFlagsSet = customProfiles: machineProfiles:
  let
    allProfiles = recursiveUpdate profiles customProfiles;
    conditionalFlags = name: value:
      if machineProfiles.${name}
      then value
      else {};
  in
  foldr (a: b: a // b) {} (mapAttrsToList conditionalFlags allProfiles);
 }
--- a/logiciel-custom/osm2pgsql.nix
+++ b/logiciel-custom/osm2pgsql.nix
@ -0,0 +1,40 @@
 { stdenv, fetchurl
 , boost
 , bzip2
 , cmake
 , expat
 , geos
 , lua
 , postgresql
 , proj
 , zlib
 }
 stdenv.mkDerivation rec {
  #version = "0.87.1";
  version = "0.90.1";
  name = "osm2pgsql-${version}-0";
  src = fetchurl {
    url = "https://github.com/openstreetmap/osm2pgsql/archive/${version}.tar.gz";
    sha256 = "0i0zg8di8nbh96qnyyr156ikwcsq1w9b2291bazm5whb351flmqx";
    };
    #nativeBuildInputs = [ ];
    buildInputs = [ ];
    #preConfigure = ''
    '';
    #buildPhase = ''jam "-j$NIX_BUILD_CORES" '';
    #installPhase = ''
    #'';
    meta = with stdenv.lib; {
      homepage = http://wiki.openstreetmap.org/wiki/Osm2pgsql;
      description = "osm2pgsql is a tool for loading OpenStreetMap data into a PostgreSQL / PostGIS database suitable for applications like rendering into a map, geocoding with Nominatim, or general analysis.";
      license = licenses.gpl2;
      #maintainers = [ maintainers.phunehehe ];
      maintainers = [ maintainers.jpierre03 ];
    };
  }
--- a/module-template.nix
+++ b/module-template.nix
@ -2,9 +2,9 @@
 let
  inherit (lib) mkIf mkMerge mkThenElse;
-  annuaire = config.r6d.machines;
+  cfg = config.r6d.config-generator;
-  currentMachine = annuaire."${config.networking.fqdn}";
+  computers = config.r6d.computers;
-  flags = currentMachine.configurationFlags;
+  profiles = config.r6d.profiles;
 in
 mkIf true {
@ -22,11 +22,4 @@ mkIf true {
    allowedUDPPorts = [
    ];
  };
 } // {
  assertions = [
    {
      assertion = true;
      message = "Assetion toujours valide.";
    }
  ];
 }
--- a/8
+++ b/8
@ -1,8 +0,0 @@
 #!/usr/bin/env bash
 EXCLUSION="~$|swp$|swo$"
 while inotifywait --exclude $EXCLUSION -r -e modify .
 do
 	$@
 done
--- a/options.nix
+++ b/options.nix
@ -1,216 +0,0 @@
 { config, lib, pkgs, r6d, ... }:
 let
  inherit (lib) mkEnableOption mkTextOption mkIf mkMerge mkOption singleton types;
  # TODO: Anglish :)
  machineOptions = types.submodule {
    options = {
      configurationFlags = {
        #enable                = mkEnableOption "Génération de la configuration d'une machine.";
        awesome               = mkEnableOption "Profil pour activer le gestionnaire de fenêtre awesome.";
        auto-upgrade          = mkEnableOption "Profil pour activer les mises à jour automatiques.";
        cartographie          = mkEnableOption "Profil pour activer les outils de gestion de données géographiques.";
        conception-assistee   = mkEnableOption "Profil pour activer les outils de conception électronique & modélisation 3D";
        database_postgres     = mkEnableOption "Profil pour activer le SGBD PostgreSQL.";
        developpement         = mkEnableOption "Profil pour activer les outils de développement";
        developpement-elm     = mkEnableOption "Profil pour activer les outils de développement Elm";
        developpement-haskell = mkEnableOption "Profil pour activer les outils de développement Haskell";
        developpement-java    = mkEnableOption "Profil pour activer les outils de développement Java";
        developpement-rust    = mkEnableOption "Profil pour activer les outils de développement Rust";
        docker                = mkEnableOption "Profil pour l'utilisation de Docker.";
        dovecot               = mkEnableOption "Profil pour activer le serveur Dovecot.";
        dns_autorite          = mkEnableOption "Profil pour servir les fichiers de zone DNS.";
        dns_resolveur         = mkEnableOption "Profil pour activer un résolveur DNS local.";
        edition-musique       = mkEnableOption "Profil pour la création/édition de musique.";
        edition-photo         = mkEnableOption "Profil pour la création/édition de photos.";
        edition-video         = mkEnableOption "Profil pour la création/édition de video.";
        elasticsearch         = mkEnableOption "Profil pour activer le service elasticsearch.";
        fail2ban              = mkEnableOption "Profil pour activer Fail2ban.";
        graphical             = mkEnableOption "Profil pour activer les applications graphgiques.";
        hydra-builder         = mkEnableOption "Profil pour une machine qui compile pour hydra.";
        hydra-core            = mkEnableOption "Profil pour un serveur hydra.";
        kibana                = mkEnableOption "Profil pour activer le service kibana.";
        internetSuite         = mkEnableOption "Profil pour la suite de logiciels pour Internet.";
        jetbrains-licensed    = mkEnableOption "Profil pour la suite de développement Jetbrains payante (sous-ensemble).";
        jeux                  = mkEnableOption "Profil pour les jeux vidéos.";
        laptop                = mkEnableOption "Profil pour les outils spécifiques aux ordinateurs portables.";
        locate                = mkEnableOption "Profil pour activer la fonction locate.";
        mailboxes             = mkEnableOption "Profil pour stocker les mails dans des boîtes aux lettres.";
        multimediaSuite       = mkEnableOption "Profil pour la suite multimédia.";
        munin                 = mkEnableOption "Profil pour activer la supervision par Munin";
        murmur                = mkEnableOption "Profil pour activer un serveur Mumble (murmur)";
        nixos-manual          = mkEnableOption "Profil pour activer la documentation nixos en local sur un TTY";
        nix-serve-server      = mkEnableOption "Profil pour que la machine soit un serveur de cache nix.";
        nixStoreProxyCache    = mkEnableOption "Profil pour activer le proxy cahce nginx pour le nix store";
        officeSuite           = mkEnableOption "Profil pour la suite bureautique";
        pipewire              = mkEnableOption "Profil pour activer pipewire.";
        print                 = mkEnableOption "Profil pour activer cups & pouvoir imprimer.";
        pulseaudio            = mkEnableOption "Profil pour activer pulseaudio.";
        rabbitmq              = mkEnableOption "Profil pour activer le service de messagerie AMQP.";
        radio                 = mkEnableOption "Profil pour activer les outils pour faire de radio numérique - SDR.";
        radicale              = mkEnableOption "Profil pour activer le service d'hébergement de calendrier + tâches & contacts.";
        rmilter               = mkEnableOption "Profil pour activer le filtrage de mails par postfix.";
        scanner               = mkEnableOption "Profil pour que les scanners soient utilisable.";
        securitySuite         = mkEnableOption "Profil pour la suite de logiciels de sécurité.";
        smokeping             = mkEnableOption "Profil pour activer le monitoring réseau par smokeping.";
        swap                  = mkEnableOption "Profil pour que le swap soit activé.";
        virtualbox            = mkEnableOption "Profil pour l'utilisation de VirtualBox.";
        xmonad                = mkEnableOption "Profil pour activer le gestionnaire de fenêtres xmonad.";
        znc                   = mkEnableOption "Profil pour activer le relais IRC ZNC.";
      };
      configurationOptions = {
      ipAddress = mkOption {
        description = "Adresse IP.";
        type = lib.types.str;
      };
      nix-serve-server = mkEnableOption "nix-serve server.";
      nix-serve-client = {
        enable =  mkEnableOption "nix-serve client";
        servers = mkOption {
          default = [ https://cache.nixos.org/ ];
          description = "List of nix-serve servers providing binary caches.";
          type = types.listOf types.str;
        };
      };
      tinc = {
        enable = mkEnableOption "Enable tinc service.";
        dnsFQDN = mkOption {
          example = "device.example.net.";
          description = "DNS name of host pointing to tunnel IP.";
          type = lib.types.str;
        };
        connectToAddress = mkOption {
          default = "";
          example = "192.168.1.1";
          description = "External address to connect from another node.";
          type = lib.types.str;
        };
        vpnAddress = mkOption {
          example = "192.168.69.69/24";
          description = "VPN local node IP address.";
          type = lib.types.str;
        };
        vpnCidrLength = mkOption {
          default = 24;
          example = 24;
          description = "VPN netmask length.";
          type = lib.types.int;
        };
        extraConfig = mkOption {
          default = "";
          example = ''
              Mode = router
              ConnecTo = bar
          '';
          description = "Configuration supplémentaire pour tinc.";
          type = lib.types.str;
        };
      };
      quagga = {
        enable = mkEnableOption "Enable Quagga + BGP service";
        bgpConfig = mkOption {
          type = types.lines;
          default = "";
          example =''
              router bgp 65001
                neighbor 10.0.0.1 remote-as 65001
            '';
          description = ''
            BGP configuration statements.
          '';
        };
      };
      windowsBoot = {
        enable = mkEnableOption "Activation du démarrage de Windows par Grub";
        drive = mkOption {
          description = "Lecteur sur lequel est présent le système Windows (au format GRUB)";
          type = lib.types.str;
          default = "hd0,1";
        };
      };
      windowsMount ={
        enable = mkEnableOption "Montage de la partition data Windows";
        device = mkOption {
          description = "Lecteur sur lequel est présent le disque de data Windows";
          type = lib.types.str;
          default = "/dev/sda2";
        };
      };
    };
      profiles = {
        # Domaine
        isDubronetwork        = mkEnableOption "Pour distinguer les machines dubronetwork.";
        isDubronetworkServer  = mkEnableOption "Pour distinguer les machines dubronetwork avec Server.";
        isDubronetworkWorkstation = mkEnableOption "Pour distinguer les machines dubronetwork avec Workstation.";
        isPrunetwork          = mkEnableOption "Pour distinguer les machines prunetwork.";
        isPrunetworkServer    = mkEnableOption "Pour distinguer les machines prunetwork avec Server.";
        isPrunetworkWorkstation = mkEnableOption "Pour distinguer les machines prunetwork avec Workstation.";
        # Utilisation machine
        isDesktopEnvironment  = mkEnableOption "Pour indiquer une machine avec interface graphique.";
        isServer              = mkEnableOption "Pour indiquer qu'il s'agit d'un serveur.";
        isWorkstation         = mkEnableOption "Pour indiquer que la machine sert à travailler.";
      };
    };
  };
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
 in
 {
  options = {
    r6d.machines = mkOption {
      type = types.attrsOf machineOptions;
      description = ''
          Machines directory.
      '';
    };
  };
  config = {
    /**
     prototype : (expression A ) && tests || !(expression A) ->   réalise le test si A est satisfait, et continue sinon = pas de politique
    */
    assertions = [
     {
       assertion = (currentMachine.profiles.isWorkstation && (currentMachine.configurationFlags.graphical == true))
       || (!currentMachine.profiles.isWorkstation);
       message = "A workstation requires a graphical environement.";
     }
     {
       assertion = (currentMachine.profiles.isDesktopEnvironment && (currentMachine.configurationFlags.graphical == true))
       || (!currentMachine.profiles.isDesktopEnvironment);
       message = "A desktop station requires a graphical environement.";
     }
     {
       assertion = (currentMachine.profiles.isDesktopEnvironment && (config.services.xserver.enable == true))
                 || (!currentMachine.profiles.isDesktopEnvironment);
       message = "You need to enable xserver manually.";
     }
     {
       assertion = (currentMachine.profiles.isServer  && (currentMachine.profiles.isDesktopEnvironment == false))
                 || (!currentMachine.profiles.isServer);
       message = "A graphical environment is not required for a server.";
     }
     {
       /*  At least one (authorité or resolveur) */
       assertion = flags.dns_autorite || flags.dns_resolveur;
       message = "DNS service is disabled. You must enable a dns recursor or autoritative.";
     }
     {
       /*  authorité xor resolveur */
       assertion = (flags.dns_autorite && ! flags.dns_resolveur)
                 || (!flags.dns_autorite && flags.dns_resolveur);
       message = "Both authoritative and recursor DNS services can't be live simultaneously. Choose only one!";
     }
    ];
  };
 }
--- a/applications/terminal/adminsys.nix
+++ b/applications/terminal/adminsys.nix
@ -2,9 +2,9 @@
 let
  inherit (lib) mkIf mkMerge mkThenElse;
-  annuaire = config.r6d.machines;
+  cfg = config.r6d.config-generator;
-  currentMachine = annuaire."${config.networking.fqdn}";
+  computers = config.r6d.computers;
-  flags = currentMachine.configurationFlags;
+  profiles = config.r6d.profiles;
 in
 mkIf true {
@ -12,9 +12,7 @@ mkIf true {
  # Paquets
  environment.systemPackages = with pkgs; [
    # Adminsys
    bind          # utilisé pour les utilitaires comme dig
    cowsay        # pour ansible & 4lulz
    dhcp          # client dhcp
    iotop
    lm_sensors
    lshw
@ -22,15 +20,12 @@ mkIf true {
    ntp
    powerline-fonts
    powertop
-    #ansible
+    python27Packages.ansible2
-    glances
+    python27Packages.glances
    pv            # afficher le débit d'un flux     dd if=/dev/zero | pv | dd of=/dev/null
    sysstat       # pour la commande "iostat -x -1" de monitoring d'activité disque
    usbutils
    # Backup
    duplicity     # création de sauvegarde chiffrées (GPG)
    par2cmdline   # outil de récupération de fichiers corrompus - .par2
    # Compression
    lz4
@ -44,15 +39,23 @@ mkIf true {
    ntfs3g        # ntfs
    samba         # partages windows
    squashfsTools # squashfs
-    sshfs-fuse    # ssh
+    sshfsFuse     # ssh
    ## Gestion de FS
    nfs-utils
    ## Exploitation FS
    inotify-tools # être notifié lorsque le contenu d'un répertoire change
-    detox			    # The detox utility renames files to make them easier to work with.
+    detox			# The detox utility renames files to make them easier to work with.
    duff          # outil de recherche de fichiers en doublons
-    #rdfind        # recherche de fichiers doublons pour remplacement par hard/soft link
+    rdfind        # recherche de fichiers doublons pour remplacement par hard/soft link
    (mkIf profiles.isDesktop
      ## Gestion de FS
      gparted       # Gestion graphique de partitions
    )
    (mkIf profiles.isDesktop
      unetbootin    # création de clefs USB bootables
    )
  ];
 }
--- a/configuration/awesome.nix
+++ b/configuration/awesome.nix
@ -2,13 +2,13 @@
 let
  inherit (lib) mkIf mkMerge mkThenElse;
-  annuaire = config.r6d.machines;
+  cfg = config.r6d.config-generator;
-  currentMachine = annuaire."${config.networking.fqdn}";
+  computers = config.r6d.computers;
-  flags = currentMachine.configurationFlags;
+  profiles = config.r6d.profiles;
 in
 # TODO: rc.lua par défaut (système)
-mkIf flags.awesome {
+mkIf cfg.awesome {
  environment.variables = {
    # Export the current path for the awesome derivation, useful for users rc.lua
@ -19,7 +19,5 @@ mkIf flags.awesome {
    #   beautiful.init(config.dir .. "/share/awesome//themes/zenburn/theme.lua")
    #
    AWESOME_CONFIG_DIR = "${pkgs.awesome}";
-  };
+   };
  environment.etc."xdg/awesome/rc.lua".text = builtins.readFile ./../public/config-awesome-4-rc.lua;
 }
--- a/applications/graphical/bureau.nix
+++ b/applications/graphical/bureau.nix
@ -2,12 +2,12 @@
 let
  inherit (lib) mkIf mkMerge mkThenElse;
-  annuaire = config.r6d.machines;
+  cfg = config.r6d.config-generator;
-  currentMachine = annuaire."${config.networking.fqdn}";
+  computers = config.r6d.computers;
-  flags = currentMachine.configurationFlags;
+  profiles = config.r6d.profiles;
 in
-mkIf currentMachine.profiles.isDesktopEnvironment {
+mkIf profiles.isDesktop {
  # Paquets
  environment.systemPackages = with pkgs; [
@ -24,33 +24,27 @@ mkIf currentMachine.profiles.isDesktopEnvironment {
    gnome3.adwaita-icon-theme  # thème d'icone - semble fonctionner avec spaceFM
    ## Manipulation de fichier
-    #kde5.dolphin          # gestionnaire de fichiers graphique
+    pcmanfm         # gestionnaire de fichiers graphique
-    #kde5.dolphin-plugins  # gestionnaire de fichiers graphique
+    spaceFM         # gestionnaire de fichiers graphique
-    pcmanfm               # gestionnaire de fichiers graphique
+    #vifm            # gestionnaire de fichiers basé sur VIM (console)
    #vifm                  # gestionnaire de fichiers basé sur VIM (console)
    ## Terminal
-    kitty                  # terminal avec rendu par GPU
+    sakura          # terminal
    sakura                # terminal
  ];
  # Polices supplémentaires
-  fonts.fonts = with pkgs; [
+  fonts.fonts = with pkgs; mkIf profiles.isDesktop [
    fira            # police créée pour Firefox
    fira-code       # idem fira-mono + ligatures pour la programmation
    fira-mono       # dérivée de fira en monospace
    font-awesome_5  # Jeux de police, utilisé avec Latex
    hack-font       # police monospace créée explicitement pour coder
    hasklig         # police dérivée de source-code-pro mais avec des ligatures
    jetbrains-mono  # police spécial développeurs par Jetbrains
  ];
  fonts.fontconfig.defaultFonts = {
    monospace = [ "JetBrains Mono" ];
  };
-  programs = {
+  # Paquets avec setuid root
-    slock.enable = true;
+  security.wrappers = {
-    spacefm.enable = true;
+    # pour le montage des media amovibles
-    udevil.enable = true;
+    devmon.source = "${pkgs.udevil}/bin/devmon";
    udevil.source = "${pkgs.udevil}/bin/udevil"; # utilisé par spacefm
  };
 }
--- a/public/app-bureautique.nix
+++ b/public/app-bureautique.nix
@ -0,0 +1,53 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in
 mkIf profiles.isDesktop {
  # Paquets
  environment.systemPackages = with pkgs; [
    # Bureautique
    aspell aspellDicts.fr # correction d'ortographe
    gnumeric      # tableur
    #kde4.ksnapshot# réalisation de capture d'écran
    # Gestion de tâche
    taskwarrior     # gestionnaire de tâches en console
    ## Cartes mentales
    freemind
    ## Diagrammes & Schémas
    dia           # dessin & schéma technique
    ## Editeur de texte
    #lyx          # surcouche WISIWIM à LaTeX
    #focuswriter  # outil pour l'écriture
    textadept     # un éditeur de texte facile pour copier-coller graphique
    #zim          # outil de prise de notes, wiki de bureau
    ## Visionneuse
    #kde5.okular   # pdf
    mcomix        # livres (cbr, liste d'images), gestion d'une bibliothèque
    pdfpc         # pdf
    qpdfview      # pdf
    gqview        # visionneuse image & gestion basique de collection
    ## Convertisseurs (texte -> <autre format>)
    gnuplot       # générateur de graphes à partir de données numériques
    graphviz      # dot, neato : traçage de graphes (carré, rond)
    #jekyll       # générateur statique de site web
    #odpdown      # conversion md -> presentation ODP : https://github.com/thorstenb/odpdown
    pandoc
    haskellPackages.pandoc-citeproc
    texlive.combined.scheme-full # distribution LaTeX
    #texLive       # distribution LaTeX de base
    #texLiveBeamer # paquets et extensions pour Beamer
    #texLiveModerncv # paquets pour la classe Modern CV
  ];
 }
--- a/applications/graphical/cao.nix
+++ b/applications/graphical/cao.nix
@ -2,12 +2,12 @@
 let
  inherit (lib) mkIf mkMerge mkThenElse;
-  annuaire = config.r6d.machines;
+  cfg = config.r6d.config-generator;
-  currentMachine = annuaire."${config.networking.fqdn}";
+  computers = config.r6d.computers;
-  flags = currentMachine.configurationFlags;
+  profiles = config.r6d.profiles;
 in
-mkIf (flags.conception-assistee && flags.graphical) {
+mkIf cfg.conception-assistee {
  # Paquets
  environment.systemPackages = with pkgs; [
--- a/applications/graphical/cartographie.nix
+++ b/applications/graphical/cartographie.nix
@ -2,16 +2,18 @@
 let
  inherit (lib) mkIf mkMerge mkThenElse;
-  annuaire = config.r6d.machines;
+  cfg = config.r6d.config-generator;
-  currentMachine = annuaire."${config.networking.fqdn}";
+  computers = config.r6d.computers;
-  flags = currentMachine.configurationFlags;
+  profiles = config.r6d.profiles;
 in
-mkIf (flags.cartographie && flags.graphical) {
+mkIf cfg.cartographie {
  # Paquets
  environment.systemPackages = with pkgs; [
    # Gestion de données géographiques
    expat         
    gpsbabel      # pour convettir les données des GPS
    josm          # outil de contribution à OpenStreetMap
    #qgis         # client lourd de manipulation de données géographiques
    viking        # analyse de topo, gestion de données GPS
--- a/public/app-client-internet.nix
+++ b/public/app-client-internet.nix
@ -0,0 +1,52 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in
 # TODO: ménage
 mkIf profiles.isDesktop {
 # Paquets
 environment.systemPackages = with pkgs; [
    # Clients Internet
    ## Navigateur
    chromium
    firefox
    ## Réseaux sociaux
    #python27Packages.turses           # client twitter en ncurse
    python27Packages.rainbowstream    # client twitter en console
    rtv                               # client reddit en console
    ## Mail & Discussion (texte, audio)
    clawsMail
    hexchat
    quassel
    quasselClient
    mumble
    mutt
    pidgin
    thunderbird
    # Transfert de fichier
    filezilla
    transmission_gtk
    transmission_remote_gtk
  ];
  nixpkgs.config.packageOverrides = pkgs: {
    clawsMail = pkgs.clawsMail.override {
      enablePluginFancy = true;
      enablePluginPdf = true;
      enablePluginRavatar = true;
      enablePluginSmime = true;
      enablePluginVcalendar = true;
      enableSpellcheck = true;
    };
    mumble = pkgs.mumble.override { pulseSupport = true; };
  };
 }
--- a/applications/terminal/developpement-elm.nix
+++ b/applications/terminal/developpement-elm.nix
@ -2,12 +2,12 @@
 let
  inherit (lib) mkIf mkMerge mkThenElse;
-  annuaire = config.r6d.machines;
+  cfg = config.r6d.config-generator;
-  currentMachine = annuaire."${config.networking.fqdn}";
+  computers = config.r6d.computers;
-  flags = currentMachine.configurationFlags;
+  profiles = config.r6d.profiles;
 in
-mkIf flags.developpement-elm {
+mkIf cfg.developpement-elm {
  # Paquets
  environment.systemPackages = with pkgs; [
--- a/public/app-developpement-haskell.nix
+++ b/public/app-developpement-haskell.nix
@ -0,0 +1,33 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in
 mkIf cfg.developpement-haskell {
  # Paquets
  environment.systemPackages = with pkgs; [
    # Haskell
    cabal-install         # fournis cabal
    cabal2nix             # convertir les .cabal en .nix
    ghc                   # pour les appels depuis les scripts
    stack                 # pour les paquets en LTS de stackage
    haskellPackages.stylish-haskell # qualité de code
    haskellPackages.hindent
    haskellPackages.hlint
    haskellPackages.threadscope
    # Application perso
    haskellPackages.hahp
    # Application
    haskellPackages.autoproc	# ? procmail
    haskellPackages.darcs	# Gestionnaire de version éponyme
    haskellPackages.turtle	# genre shell-scripting
  ];
 }
--- a/public/app-developpement-java.nix
+++ b/public/app-developpement-java.nix
@ -0,0 +1,21 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in
 mkIf cfg.developpement-java {
  # Paquets
  environment.systemPackages = with pkgs; [
    # IDE
    idea.idea-community # IntelliJ IDEA
    # Java
    maven
    zulu
  ];
 }
--- a/public/app-developpement-jetbrains.nix
+++ b/public/app-developpement-jetbrains.nix
@ -0,0 +1,19 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in
 mkIf cfg.jetbrains-licensed {
  # Paquets
  environment.systemPackages = with pkgs; [
    idea.idea-ultimate
    idea.clion
    idea.datagrip
    idea.pycharm-professional
  ];
 }
--- a/public/app-developpement-rust.nix
+++ b/public/app-developpement-rust.nix
@ -0,0 +1,18 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in
 mkIf cfg.developpement-rust {
  # Paquets
  environment.systemPackages = with pkgs; [
    # Rust
    cargo               # récupération des dépendances + compilation projet rust
    rustc               # pour les appels depuis les scripts
  ];
 }
--- a/public/app-developpement.nix
+++ b/public/app-developpement.nix
@ -0,0 +1,42 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in
 mkIf cfg.developpement {
  # Paquets
  environment.systemPackages = with pkgs; [
    # Base de données
    pgadmin             # interface d'administration de postgres
    sqlitebrowser       # interface d'administration de sqlite
    # C / C++
    gcc                 # pour les appels depuis les scripts
    # Documentation
    #zeal                # consulter la documentation hors ligne
    # Gestion des sources
    cloc                # outil pour compter les lignes de code source
    git                 # déjà présent dans "base"
    gitg                # interface pour utiliser git (historique, commit)
    gitstats            # génère un site web statique avec des statistiques
    gitAndTools.gitFull # pour gitk
    git-cola            # interface pour utiliser git (historique, commit)
    mercurial
    subversion
    # Mono
    #mono46              # interpréteur .NET
    ## Visualisation & outils de diff
    #gource              # visualisation en mouvement de l'historique git
    meld                # outil de comparaison graphique
    #vbindiff           # diff de fichier hexadecimaux avec vim
  ];
 }
--- a/public/app-docker.nix
+++ b/public/app-docker.nix
@ -2,19 +2,18 @@
 let
  inherit (lib) mkIf mkMerge mkThenElse;
-  annuaire = config.r6d.machines;
+  cfg = config.r6d.config-generator;
-  currentMachine = annuaire."${config.networking.fqdn}";
+  computers = config.r6d.computers;
-  flags = currentMachine.configurationFlags;
+  profiles = config.r6d.profiles;
 in
-mkIf flags.docker {
+mkIf cfg.docker {
  # Paquets
  environment.systemPackages = with pkgs; [
    # Ecosystème Docker
    docker
-    docker-compose
+    python27Packages.docker_compose
    lazydocker
  ];
  virtualisation.docker.enable = true;
--- a/applications/graphical/edition-musique.nix
+++ b/applications/graphical/edition-musique.nix
@ -2,12 +2,12 @@
 let
  inherit (lib) mkIf mkMerge mkThenElse;
-  annuaire = config.r6d.machines;
+  cfg = config.r6d.config-generator;
-  currentMachine = annuaire."${config.networking.fqdn}";
+  computers = config.r6d.computers;
-  flags = currentMachine.configurationFlags;
+  profiles = config.r6d.profiles;
 in
-mkIf (flags.edition-musique && flags.graphical) {
+mkIf cfg.edition-musique {
  # Paquets
  environment.systemPackages = with pkgs; [
--- a/applications/graphical/edition-photo.nix
+++ b/applications/graphical/edition-photo.nix
@ -2,18 +2,23 @@
 let
  inherit (lib) mkIf mkMerge mkThenElse;
-  annuaire = config.r6d.machines;
+  cfg = config.r6d.config-generator;
-  currentMachine = annuaire."${config.networking.fqdn}";
+  computers = config.r6d.computers;
-  flags = currentMachine.configurationFlags;
+  profiles = config.r6d.profiles;
 in
-mkIf (flags.edition-photo && flags.graphical) {
+mkIf cfg.edition-photo {
  # Paquets
-  environment.systemPackages = with pkgs; [
+environment.systemPackages = with pkgs; [
    # Méta données
    exif
    exiftags
    # Retouche, modification & dessin vectoriel
    gimp          # logiciel d'édition/montage/retouche photo
    inkscape      # édition d'image vectorielle (svg & autre)
    imagemagick   # modification image en CLI
    #rawtherapee  # développemen de photos en RAW
    # TEST d'outil de gestion de catalogue de photos
--- a/public/app-edition-video.nix
+++ b/public/app-edition-video.nix
@ -0,0 +1,26 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in
 mkIf cfg.edition-video {
  # Paquets
  environment.systemPackages = with pkgs; [
    # Vidéo
    #cinelerra     # editeur video
    pitivi        # montage vidéo
    ffmpeg-full   # assemblage de flux audio & video en ligne de commande
  ];
  nixpkgs.config.packageOverrides = pkgs: {
    ffmpeg-full = pkgs.ffmpeg-full.override {
      nonfreeLicensing = true;
      nvenc  = true;
    };
  };
 }
--- a/public/app-jeux.nix
+++ b/public/app-jeux.nix
@ -0,0 +1,17 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in
 mkIf cfg.jeux {
  # Paquets
  environment.systemPackages = with pkgs; [
    # Jeux
    urbanterror
  ];
 }
--- a/public/app-multimedia.nix
+++ b/public/app-multimedia.nix
@ -0,0 +1,28 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in
 mkIf profiles.isDesktop {
  # Paquets
  environment.systemPackages = with pkgs; [
    # Multimedia
    ## Audio
    beep
    cmus          # lecteur audio console
    espeak        # synthèse vocale
    paprefs       # préferences pulseaudio
    pavucontrol   # mixer pulseaudio
    vorbis-tools  # codec
    ## Video
    smplayer      # lecteur vidéo
    vlc           # lecteur vidéo
  ];
 }
--- a/applications/terminal/network.nix
+++ b/applications/terminal/network.nix
@ -2,12 +2,13 @@
 let
  inherit (lib) mkIf;
-  annuaire = config.r6d.machines;
+  cfg = config.r6d.config-generator;
-  currentMachine = annuaire."${config.networking.fqdn}";
+  computers = config.r6d.computers;
-  flags = currentMachine.configurationFlags;
+  profiles = config.r6d.profiles;
 in
 mkIf true {
 #mkIf profiles.isDesktop {
  # Paquets
  environment.systemPackages = with pkgs; [
@ -15,18 +16,20 @@ mkIf true {
    iperf         # outil de mesure de la qualité du réseau
    iptraf-ng     # outil de mesure de la qualité du réseau
    nload         # affichage de statisques d'utilisation instantannées du réseau
-    inetutils
+    telnet
    ## Diagnostic
    arp-scan
    #mtr  -> installé plus bas
    nmap          # outil de scan de port réseau
    #wireshark
    whois
  ];
-  # https://github.com/NixOS/nixpkgs/issues/30335
+  # Paquets avec setuid root
-  # Some programs need SUID wrappers, can be configured further or are started in user sessions.
+  security.wrappers = {
-  programs.mtr.enable = true;
+    # outil de diagnostic réseau
    mtr.source = "${pkgs.mtr}/bin/mtr";
  };
  networking.firewall = {
    allowedTCPPorts = [
--- a/public/app-securite.nix
+++ b/public/app-securite.nix
@ -0,0 +1,26 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in
 mkIf profiles.isDesktop {
  # Paquets
  environment.systemPackages = with pkgs; [
    # Securité
    gnome3.seahorse # gestionnaire graphique de clef GPG
    pass            # gestionnaire de mots de passe
    pwgen           # générateur de mots de passe
    #yubikey-personalization-gui # utilisation de la clef Yubikey
  ];
  # Paquets avec setui root
  security.wrappers = {
    # vérouiller l''écran. "cannot disable the out-of-memory killer for this process (make sure to suid or sgid slock)" --> en root
    slock.source = "${pkgs.slock}/bin/slock";
  };
 }
--- a/public/app-virtualbox.nix
+++ b/public/app-virtualbox.nix
@ -2,12 +2,12 @@
 let
  inherit (lib) mkIf mkMerge mkThenElse;
-  annuaire = config.r6d.machines;
+  cfg = config.r6d.config-generator;
-  currentMachine = annuaire."${config.networking.fqdn}";
+  computers = config.r6d.computers;
-  flags = currentMachine.configurationFlags;
+  profiles = config.r6d.profiles;
 in
-mkIf flags.virtualbox {
+mkIf cfg.virtualbox {
  # Paquets
  environment.systemPackages = with pkgs; [
--- a/public/auto-upgrade.nix
+++ b/public/auto-upgrade.nix
@ -0,0 +1,16 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in
 mkIf cfg.auto-upgrade {
  # Automatic update & automatic clean
  system.autoUpgrade.enable = true;
  nix.gc.automatic = true;
 }
--- a/configuration/bash-interactive-init.sh
+++ b/configuration/bash-interactive-init.sh
--- a/configuration/bash-prompt.sh
+++ b/configuration/bash-prompt.sh
@ -1,7 +1,4 @@
-# Git information in prompt
+# Définition des couleurs du prompt
 . /run/current-system/sw/share/bash-completion/completions/git-prompt.sh
 # Prompt colors
 if [[ $(tput colors) -ge 256 ]] 2>/dev/null; then
    PS1_USER='\[$(tput setaf 27)\]'
    PS1_HOST='\[$(tput setaf 37)\]'
@ -21,12 +18,10 @@ fi
 BOLD='\[$(tput bold)\]'
 RESET='\[$(tput sgr0)\]'
-# Username or red color if root
+# Définition du prompt
 if [ $UID = 0 ]; then
    PS1_ID=$PS1_ROOT
 else
    PS1_ID=$PS1_USER'\u'$PS1_MISC@$PS1_HOST
 fi
 # Prompt definition
 PS1=$RESET$BOLD$PS1_ID'\h '$PS1_PATH'\w'$PS1_GIT'$(__git_ps1)'"\n"$PS1_MISC'\$ '$RESET
--- a/public/config-awesome-4-rc.lua
+++ b/public/config-awesome-4-rc.lua
@ -18,11 +18,9 @@ local hotkeys_popup = require("awful.hotkeys_popup").widget
 -- Check if awesome encountered an error during startup and fell back to
 -- another config (This code will only ever execute for the fallback config)
 if awesome.startup_errors then
-    naughty.notify({
+    naughty.notify({ preset = naughty.config.presets.critical,
-      preset = naughty.config.presets.critical,
+                     title = "Oops, there were errors during startup!",
-      title = "Oops, there were errors during startup!",
+                     text = awesome.startup_errors })
      text = awesome.startup_errors
  })
 end
 -- Handle runtime errors after startup
@ -33,11 +31,9 @@ do
        if in_error then return end
        in_error = true
-        naughty.notify({
+        naughty.notify({ preset = naughty.config.presets.critical,
-            preset = naughty.config.presets.critical,
+                         title = "Oops, an error happened!",
-            title = "Oops, an error happened!",
+                         text = tostring(err) })
            text = tostring(err)
          })
        in_error = false
    end)
 end
@ -99,24 +95,20 @@ end
 -- {{{ Menu
 -- Create a launcher widget and a main menu
 myawesomemenu = {
-    { "hotkeys", function() return false, hotkeys_popup.show_help end},
+   { "hotkeys", function() return false, hotkeys_popup.show_help end},
-    { "manual", terminal .. " -e man awesome" },
+   { "manual", terminal .. " -e man awesome" },
-    { "edit config", editor_cmd .. " " .. awesome.conffile },
+   { "edit config", editor_cmd .. " " .. awesome.conffile },
-    { "restart", awesome.restart },
+   { "restart", awesome.restart },
-    { "quit", function() awesome.quit() end}
+   { "quit", function() awesome.quit() end}
 }
-mymainmenu = awful.menu({
+mymainmenu = awful.menu({ items = { { "awesome", myawesomemenu, beautiful.awesome_icon },
-    items = {
+                                    { "open terminal", terminal }
-        { "awesome", myawesomemenu, beautiful.awesome_icon },
+                                  }
-        { "open terminal", terminal }
+                        })
    }
 })
-mylauncher = awful.widget.launcher({
+mylauncher = awful.widget.launcher({ image = beautiful.awesome_icon,
-    image = beautiful.awesome_icon,
+                                     menu = mymainmenu })
    menu = mymainmenu
 })
 -- Menubar configuration
 menubar.utils.terminal = terminal -- Set the terminal for applications that require it
@ -131,87 +123,46 @@ mytextclock = wibox.widget.textclock()
 -- Create a wibox for each screen and add it
 local taglist_buttons = awful.util.table.join(
-    awful.button(
+                    awful.button({ }, 1, function(t) t:view_only() end),
-        { },
+                    awful.button({ modkey }, 1, function(t)
-        1,
+                                              if client.focus then
-        function(t) t:view_only() end
+                                                  client.focus:move_to_tag(t)
-    ),
+                                              end
-    awful.button(
+                                          end),
-        { modkey },
+                    awful.button({ }, 3, awful.tag.viewtoggle),
-        1,
+                    awful.button({ modkey }, 3, function(t)
-        function(t)
+                                              if client.focus then
-            if client.focus then
+                                                  client.focus:toggle_tag(t)
-                client.focus:move_to_tag(t)
+                                              end
-            end
+                                          end),
-        end
+                    awful.button({ }, 4, function(t) awful.tag.viewnext(t.screen) end),
-    ),
+                    awful.button({ }, 5, function(t) awful.tag.viewprev(t.screen) end)
-    awful.button(
+                )
        { },
        3,
        awful.tag.viewtoggle
    ),
    awful.button(
        { modkey },
        3,
        function(t)
            if client.focus then
                client.focus:toggle_tag(t)
            end
        end
    ),
    awful.button(
        { },
        4,
        function(t) awful.tag.viewnext(t.screen) end
    ),
    awful.button(
        { },
        5,
        function(t) awful.tag.viewprev(t.screen) end
    )
 )
 local tasklist_buttons = awful.util.table.join(
-    awful.button(
+                     awful.button({ }, 1, function (c)
-        { },
+                                              if c == client.focus then
-        1,
+                                                  c.minimized = true
-        function (c)
+                                              else
-            if c == client.focus then
+                                                  -- Without this, the following
-                c.minimized = true
+                                                  -- :isvisible() makes no sense
-            else
+                                                  c.minimized = false
-                -- Without this, the following
+                                                  if not c:isvisible() and c.first_tag then
-                -- :isvisible() makes no sense
+                                                      c.first_tag:view_only()
-                c.minimized = false
+                                                  end
-                if not c:isvisible() and c.first_tag then
+                                                  -- This will also un-minimize
-                    c.first_tag:view_only()
+                                                  -- the client, if needed
-                end
+                                                  client.focus = c
-                -- This will also un-minimize
+                                                  c:raise()
-                -- the client, if needed
+                                              end
-                client.focus = c
+                                          end),
-                c:raise()
+                     awful.button({ }, 3, client_menu_toggle_fn()),
-            end
+                     awful.button({ }, 4, function ()
-        end
+                                              awful.client.focus.byidx(1)
-    ),
+                                          end),
-    awful.button(
+                     awful.button({ }, 5, function ()
-        { },
+                                              awful.client.focus.byidx(-1)
-        3,
+                                          end))
        client_menu_toggle_fn()
    ),
    awful.button(
        { },
        4,
        function ()
            awful.client.focus.byidx(1)
        end
    ),
    awful.button(
        { },
        5,
        function ()
            awful.client.focus.byidx(-1)
        end
    )
 )
 local function set_wallpaper(s)
    -- Wallpaper
@ -225,119 +176,54 @@ local function set_wallpaper(s)
    end
 end
 local iostat_tooltiptext = ""
 -- Widget de monitoring de l'activité des disques https://awesomewm.org/recipes/watch/
 -- disk I/O using iostat from sysstat utilities
 local iotable = {}
 local iostat = awful.widget.watch("iostat -dm -y 1 1", 2, -- in Kb, use -dm for Mb
    function(widget, stdout)
        for line in stdout:match("(sd.*)\n"):gmatch("(.-)\n") do
            local device, tps, read_s, wrtn_s, read, wrtn =
            line:match("(%w+)%s*(%d+,?%d*)%s*(%d+,?%d*)%s*(%d+,?%d*)%s*(%d+,?%d*)%s*(%d+,?%d*)")
            --                  [1]  [2]     [3]     [4]   [5]
            iotable[device] = { tps, read_s, wrtn_s, read, wrtn }
        end
        local label = ""
        for device,values in spairs(iotable) do
          label = label..(device..": "..iotable[device][2].." MB_read/s  |"..iotable[device][3].." MB_wrtn/s").."\n"
        end
        iostat_tooltiptext = label
        -- customize here
        --widget:set_text("sda: "..iotable["sda"][2].."/"..iotable["sda"][3]) -- read_s/wrtn_s
        widget:set_text("iostat")
    end
 )
 iostat_t = awful.tooltip({
 --objects = {  },
 timer_function = function()
         return iostat_tooltiptext
     end,
 })
 iostat_t:add_to_object(iostat)
 -- tris d'un tableau par la clef https://stackoverflow.com/questions/15706270/sort-a-table-in-lua
 function spairs(t, order)
    -- collect the keys
    local keys = {}
    for k in pairs(t) do keys[#keys+1] = k end
    -- if order function given, sort by it by passing the table and keys a, b,
    -- otherwise just sort the keys
    if order then
        table.sort(keys, function(a,b) return order(t, a, b) end)
    else
        table.sort(keys)
    end
    -- return the iterator function
    local i = 0
    return function()
        i = i + 1
        if keys[i] then
            return keys[i], t[keys[i]]
        end
    end
 end
 -- Re-set wallpaper when a screen's geometry changes (e.g. different resolution)
 screen.connect_signal("property::geometry", set_wallpaper)
-awful.screen.connect_for_each_screen(
+awful.screen.connect_for_each_screen(function(s)
-    function(s)
+    -- Wallpaper
-        -- Wallpaper
+    set_wallpaper(s)
-        set_wallpaper(s)
+
-
+    -- Each screen has its own tag table.
-        -- Each screen has its own tag table.
+    awful.tag({ "1", "2", "3", "4", "5", "6", "7", "8", "9" }, s, awful.layout.layouts[1])
-        awful.tag({ "1", "2", "3", "4", "5", "6", "7", "8", "9" }, s, awful.layout.layouts[1])
+
-
+    -- Create a promptbox for each screen
-        -- Create a promptbox for each screen
+    s.mypromptbox = awful.widget.prompt()
-        s.mypromptbox = awful.widget.prompt()
+    -- Create an imagebox widget which will contains an icon indicating which layout we're using.
-        -- Create an imagebox widget which will contains an icon indicating which layout we're using.
+    -- We need one layoutbox per screen.
-        -- We need one layoutbox per screen.
+    s.mylayoutbox = awful.widget.layoutbox(s)
-        s.mylayoutbox = awful.widget.layoutbox(s)
+    s.mylayoutbox:buttons(awful.util.table.join(
-        s.mylayoutbox:buttons(awful.util.table.join(
+                           awful.button({ }, 1, function () awful.layout.inc( 1) end),
-            awful.button({ }, 1, function () awful.layout.inc( 1) end),
+                           awful.button({ }, 3, function () awful.layout.inc(-1) end),
-            awful.button({ }, 3, function () awful.layout.inc(-1) end),
+                           awful.button({ }, 4, function () awful.layout.inc( 1) end),
-            awful.button({ }, 4, function () awful.layout.inc( 1) end),
+                           awful.button({ }, 5, function () awful.layout.inc(-1) end)))
-            awful.button({ }, 5, function () awful.layout.inc(-1) end)
+    -- Create a taglist widget
-        ))
+    s.mytaglist = awful.widget.taglist(s, awful.widget.taglist.filter.all, taglist_buttons)
-        -- Create a taglist widget
+
-        s.mytaglist = awful.widget.taglist(s, awful.widget.taglist.filter.all, taglist_buttons)
+    -- Create a tasklist widget
-
+    s.mytasklist = awful.widget.tasklist(s, awful.widget.tasklist.filter.currenttags, tasklist_buttons)
-        -- Create a tasklist widget
+
-        s.mytasklist = awful.widget.tasklist(s, awful.widget.tasklist.filter.currenttags, tasklist_buttons)
+    -- Create the wibox
-
+    s.mywibox = awful.wibar({ position = "top", screen = s })
-        -- Create the wibox
+
-        s.mywibox = awful.wibar({ position = "top", screen = s })
+    -- Add widgets to the wibox
-
+    s.mywibox:setup {
-        -- Add widgets to the wibox
+        layout = wibox.layout.align.horizontal,
-        s.mywibox:setup {
+        { -- Left widgets
-            layout = wibox.layout.align.horizontal,
+            layout = wibox.layout.fixed.horizontal,
-            { -- Left widgets
+            mylauncher,
-                layout = wibox.layout.fixed.horizontal,
+            s.mytaglist,
-                mylauncher,
+            s.mypromptbox,
-                s.mytaglist,
+        },
-                s.mypromptbox
+        s.mytasklist, -- Middle widget
-            },
+        { -- Right widgets
-            s.mytasklist, -- Middle widget
+            layout = wibox.layout.fixed.horizontal,
-            { -- Right widgets
+            mykeyboardlayout,
-              layout = wibox.layout.fixed.horizontal,
+            wibox.widget.systray(),
-              wibox.widget.textbox(' | '),
+            mytextclock,
-              iostat,
+            s.mylayoutbox,
-              wibox.widget.textbox(' | '),
+        },
-              mykeyboardlayout,
+    }
-              wibox.widget.systray(),
+end)
              mytextclock,
              s.mylayoutbox
            }
        }
    end
 )
 -- }}}
 -- {{{ Mouse bindings
@ -350,154 +236,206 @@ root.buttons(awful.util.table.join(
 -- {{{ Key bindings
 globalkeys = awful.util.table.join(
-    awful.key({ modkey,           }, "s",      hotkeys_popup.show_help,                               {description="show help", group="awesome"}),
+    awful.key({ modkey,           }, "s",      hotkeys_popup.show_help,
-    awful.key({ modkey,           }, "Left",   awful.tag.viewprev,                                    {description = "view previous", group = "tag"}),
+              {description="show help", group="awesome"}),
-    awful.key({ modkey,           }, "Right",  awful.tag.viewnext,                                    {description = "view next", group = "tag"}),
+    awful.key({ modkey,           }, "Left",   awful.tag.viewprev,
-    awful.key({ modkey,           }, "Escape", awful.tag.history.restore,                             {description = "go back", group = "tag"}),
+              {description = "view previous", group = "tag"}),
-
+    awful.key({ modkey,           }, "Right",  awful.tag.viewnext,
-    awful.key({ modkey,           }, "j", function () awful.client.focus.byidx( 1) end,               {description = "focus next by index", group = "client"}),
+              {description = "view next", group = "tag"}),
-    awful.key({ modkey,           }, "k", function () awful.client.focus.byidx(-1) end,               {description = "focus previous by index", group = "client"}),
+    awful.key({ modkey,           }, "Escape", awful.tag.history.restore,
-    awful.key({ modkey,           }, "w", function () mymainmenu:show() end,                          {description = "show main menu", group = "awesome"}),
+              {description = "go back", group = "tag"}),
    awful.key({ modkey,           }, "j",
        function ()
            awful.client.focus.byidx( 1)
        end,
        {description = "focus next by index", group = "client"}
    ),
    awful.key({ modkey,           }, "k",
        function ()
            awful.client.focus.byidx(-1)
        end,
        {description = "focus previous by index", group = "client"}
    ),
    awful.key({ modkey,           }, "w", function () mymainmenu:show() end,
              {description = "show main menu", group = "awesome"}),
    -- Layout manipulation
-    awful.key({ modkey, "Shift"   }, "j", function () awful.client.swap.byidx(  1)    end,            {description = "swap with next client by index", group = "client"}),
+    awful.key({ modkey, "Shift"   }, "j", function () awful.client.swap.byidx(  1)    end,
-    awful.key({ modkey, "Shift"   }, "k", function () awful.client.swap.byidx( -1)    end,            {description = "swap with previous client by index", group = "client"}),
+              {description = "swap with next client by index", group = "client"}),
-    awful.key({ modkey, "Control" }, "j", function () awful.screen.focus_relative( 1) end,            {description = "focus the next screen", group = "screen"}),
+    awful.key({ modkey, "Shift"   }, "k", function () awful.client.swap.byidx( -1)    end,
-    awful.key({ modkey, "Control" }, "k", function () awful.screen.focus_relative(-1) end,            {description = "focus the previous screen", group = "screen"}),
+              {description = "swap with previous client by index", group = "client"}),
-    awful.key({ modkey,           }, "u", awful.client.urgent.jumpto,                                 {description = "jump to urgent client", group = "client"}),
+    awful.key({ modkey, "Control" }, "j", function () awful.screen.focus_relative( 1) end,
-    awful.key({ modkey,           }, "Tab", function () awful.client.focus.history.previous() if client.focus then client.focus:raise() end end,
+              {description = "focus the next screen", group = "screen"}),
-                                                                                                      {description = "go back", group = "client"}),
+    awful.key({ modkey, "Control" }, "k", function () awful.screen.focus_relative(-1) end,
              {description = "focus the previous screen", group = "screen"}),
    awful.key({ modkey,           }, "u", awful.client.urgent.jumpto,
              {description = "jump to urgent client", group = "client"}),
    awful.key({ modkey,           }, "Tab",
        function ()
            awful.client.focus.history.previous()
            if client.focus then
                client.focus:raise()
            end
        end,
        {description = "go back", group = "client"}),
    -- Standard program
-    awful.key({ modkey,           }, "Return", function () awful.spawn(terminal) end,                 {description = "open a terminal", group = "launcher"}),
+    awful.key({ modkey,           }, "Return", function () awful.spawn(terminal) end,
-    awful.key({ modkey, "Control" }, "r", awesome.restart,                                            {description = "reload awesome", group = "awesome"}),
+              {description = "open a terminal", group = "launcher"}),
-    awful.key({ modkey, "Shift"   }, "q", awesome.quit,                                               {description = "quit awesome", group = "awesome"}),
+    awful.key({ modkey, "Control" }, "r", awesome.restart,
-    awful.key({ modkey,           }, "l",     function () awful.tag.incmwfact( 0.05)          end,    {description = "increase master width factor", group = "layout"}),
+              {description = "reload awesome", group = "awesome"}),
-    awful.key({ modkey,           }, "h",     function () awful.tag.incmwfact(-0.05)          end,    {description = "decrease master width factor", group = "layout"}),
+    awful.key({ modkey, "Shift"   }, "q", awesome.quit,
-    awful.key({ modkey, "Shift"   }, "h",     function () awful.tag.incnmaster( 1, nil, true) end,    {description = "increase the number of master clients", group = "layout"}),
+              {description = "quit awesome", group = "awesome"}),
-    awful.key({ modkey, "Shift"   }, "l",     function () awful.tag.incnmaster(-1, nil, true) end,    {description = "decrease the number of master clients", group = "layout"}),
+
-    awful.key({ modkey, "Control" }, "h",     function () awful.tag.incncol( 1, nil, true)    end,    {description = "increase the number of columns", group = "layout"}),
+    awful.key({ modkey,           }, "l",     function () awful.tag.incmwfact( 0.05)          end,
-    awful.key({ modkey, "Control" }, "l",     function () awful.tag.incncol(-1, nil, true)    end,    {description = "decrease the number of columns", group = "layout"}),
+              {description = "increase master width factor", group = "layout"}),
-    awful.key({ modkey,           }, "space", function () awful.layout.inc( 1)                end,    {description = "select next", group = "layout"}),
+    awful.key({ modkey,           }, "h",     function () awful.tag.incmwfact(-0.05)          end,
-    awful.key({ modkey, "Shift"   }, "space", function () awful.layout.inc(-1)                end,    {description = "select previous", group = "layout"}),
+              {description = "decrease master width factor", group = "layout"}),
-
+    awful.key({ modkey, "Shift"   }, "h",     function () awful.tag.incnmaster( 1, nil, true) end,
-    awful.key({ modkey, "Control" }, "n", function () local c = awful.client.restore() --[[ Focus restored client ]] if c then client.focus = c c:raise() end end,
+              {description = "increase the number of master clients", group = "layout"}),
-                                                                                                      {description = "restore minimized", group = "client"}),
+    awful.key({ modkey, "Shift"   }, "l",     function () awful.tag.incnmaster(-1, nil, true) end,
              {description = "decrease the number of master clients", group = "layout"}),
    awful.key({ modkey, "Control" }, "h",     function () awful.tag.incncol( 1, nil, true)    end,
              {description = "increase the number of columns", group = "layout"}),
    awful.key({ modkey, "Control" }, "l",     function () awful.tag.incncol(-1, nil, true)    end,
              {description = "decrease the number of columns", group = "layout"}),
    awful.key({ modkey,           }, "space", function () awful.layout.inc( 1)                end,
              {description = "select next", group = "layout"}),
    awful.key({ modkey, "Shift"   }, "space", function () awful.layout.inc(-1)                end,
              {description = "select previous", group = "layout"}),
    awful.key({ modkey, "Control" }, "n",
              function ()
                  local c = awful.client.restore()
                  -- Focus restored client
                  if c then
                      client.focus = c
                      c:raise()
                  end
              end,
              {description = "restore minimized", group = "client"}),
    -- Prompt
-    awful.key({ modkey },            "r", function () awful.screen.focused().mypromptbox:run() end,   {description = "run prompt", group = "launcher"}),
+    awful.key({ modkey },            "r",     function () awful.screen.focused().mypromptbox:run() end,
              {description = "run prompt", group = "launcher"}),
    awful.key({ modkey }, "x",
-    function ()
+              function ()
-        awful.prompt.run {
+                  awful.prompt.run {
-            prompt       = "Run Lua code: ",
+                    prompt       = "Run Lua code: ",
-            textbox      = awful.screen.focused().mypromptbox.widget,
+                    textbox      = awful.screen.focused().mypromptbox.widget,
-            exe_callback = awful.util.eval,
+                    exe_callback = awful.util.eval,
-            history_path = awful.util.get_cache_dir() .. "/history_eval"
+                    history_path = awful.util.get_cache_dir() .. "/history_eval"
-        }
+                  }
-    end,
+              end,
-                                                                                                      {description = "lua execute prompt", group = "awesome"}),
+              {description = "lua execute prompt", group = "awesome"}),
    -- Menubar
-    awful.key({ modkey }, "p", function() menubar.show() end,                                         {description = "show the menubar", group = "launcher"}),
+    awful.key({ modkey }, "p", function() menubar.show() end,
-
+              {description = "show the menubar", group = "launcher"}),
    -- Lanceurs perso
-    awful.key({ modkey            }, "F1",  function () awful.util.spawn("firefox") end,              {description = "Lance Firefox", group = "Lanceurs personnels"}),
+    awful.key({ modkey            }, "F1", function () awful.util.spawn("firefox") end),
-    awful.key({ modkey            }, "F2",  function () awful.util.spawn("firefox") end,              {description = "Lance Firefox", group = "Lanceurs personnels"}),
+    awful.key({ modkey            }, "F2", function () awful.util.spawn("firefox") end),
-    awful.key({ modkey            }, "F3",  function () awful.util.spawn("gqrx") end,                 {description = "Lance gqrx", group = "Lanceurs personnels"}),
+--  awful.key({ modkey            }, "F3", function () awful.util.spawn("") end),
-    awful.key({ modkey            }, "F4",  function () awful.util.spawn("chromium") end,             {description = "Lance Chromium", group = "Lanceurs personnels"}),
+    awful.key({ modkey            }, "F4", function () awful.util.spawn("chromium") end),
-    awful.key({ modkey            }, "F5",  function () awful.util.spawn("spacefm") end,              {description = "Lance spacefm", group = "Lanceurs personnels"}),
+    awful.key({ modkey            }, "F5", function () awful.util.spawn("spacefm") end),
-    awful.key({ modkey            }, "F6",  function () awful.util.spawn("vlc") end,                  {description = "Lance vlc", group = "Lanceurs personnels"}),
+    awful.key({ modkey            }, "F6", function () awful.util.spawn("vlc") end),
-    awful.key({ modkey            }, "F7",  function () awful.util.spawn("claws-mail") end,           {description = "Lance claws", group = "Lanceurs personnels"}),
+    awful.key({ modkey            }, "F7", function () awful.util.spawn("claws-mail") end),
-    awful.key({ modkey            }, "F11", function () awful.util.spawn("xrandr-auto") end,          {description = "Lance le script xrandr-auto", group = "Lanceurs personnels"}),
+    awful.key({ modkey            }, "F12", function () awful.util.spawn("slock") end),
-    awful.key({ modkey            }, "F12", function () awful.util.spawn("slock") end,                {description = "Verouille la session avec slock", group = "Lanceurs personnels"}),
+    awful.key({ modkey, "Shift"   }, "F1", function () awful.util.spawn("claws-mail") end),
-    awful.key({ modkey, "Shift"   }, "F1",  function () awful.util.spawn("claws-mail") end,           {description = "Lance claws", group = "Lanceurs personnels"}),
+    awful.key({ modkey, "Shift"   }, "F3", function () awful.util.spawn("pcmanfm") end),
-    awful.key({ modkey, "Shift"   }, "F3",  function () awful.util.spawn("pcmanfm") end,              {description = "Lance pcmanfm", group = "Lanceurs personnels"}),
+    awful.key({ modkey            }, "F11", function () awful.util.spawn("xrandr-auto") end)
-    awful.key({ modkey, "Shift"   }, "F6",  function () awful.util.spawn("clementine") end,           {description = "Lance clementine", group = "Lanceurs personnels"}),
+--  awful.key({ modkey, "Shift"   }, "F11", function () awful.util.spawn("/home/taeradan/bin/xrandr-left") end),
-    awful.key({ modkey, "Shift"   }, "F11", function () awful.util.spawn("xrandr-auto-2") end,        {description = "Lance le script xrandr-auto-2", group = "Lanceurs personnels"}),
+--  awful.key({ modkey, "Control" }, "F11", function () awful.util.spawn("/home/taeradan/bin/xrandr-right") end),
-    awful.key({ modkey  }, "l", function () awful.util.spawn("slock systemctl suspend -i") end, {description = "Verouille la session avec slock", group = "Lanceurs personnels"})
+
    --  awful.key({ modkey, "Shift"   }, "F11", function () awful.util.spawn("/home/taeradan/bin/xrandr-left") end),
    --  awful.key({ modkey, "Control" }, "F11", function () awful.util.spawn("/home/taeradan/bin/xrandr-right") end),
 )
 clientkeys = awful.util.table.join(
-    awful.key({ modkey,           }, "f", function (c) c.fullscreen = not c.fullscreen c:raise() end, {description = "toggle fullscreen", group = "client"}),
+    awful.key({ modkey,           }, "f",
-    awful.key({ modkey, "Shift"   }, "c",      function (c) c:kill()                         end,     {description = "close", group = "client"}),
+        function (c)
-    awful.key({ modkey, "Control" }, "space",  awful.client.floating.toggle                     ,     {description = "toggle floating", group = "client"}),
+            c.fullscreen = not c.fullscreen
-    awful.key({ modkey, "Control" }, "Return", function (c) c:swap(awful.client.getmaster()) end,     {description = "move to master", group = "client"}),
+            c:raise()
-    awful.key({ modkey,           }, "o",      function (c) c:move_to_screen()               end,     {description = "move to screen", group = "client"}),
+        end,
-    awful.key({ modkey,           }, "t",      function (c) c.ontop = not c.ontop            end,     {description = "toggle keep on top", group = "client"}),
+        {description = "toggle fullscreen", group = "client"}),
-    awful.key({ modkey,           }, "n",      function (c) --[[ The client currently has the input focus, so it cannot be minimized, since minimized clients can't have the focus. ]]  c.minimized = true end ,
+    awful.key({ modkey, "Shift"   }, "c",      function (c) c:kill()                         end,
-                                                                                                      {description = "minimize", group = "client"}),
+              {description = "close", group = "client"}),
-    awful.key({ modkey,           }, "m", function (c) c.maximized = not c.maximized c:raise() end ,  {description = "maximize", group = "client"})
+    awful.key({ modkey, "Control" }, "space",  awful.client.floating.toggle                     ,
              {description = "toggle floating", group = "client"}),
    awful.key({ modkey, "Control" }, "Return", function (c) c:swap(awful.client.getmaster()) end,
              {description = "move to master", group = "client"}),
    awful.key({ modkey,           }, "o",      function (c) c:move_to_screen()               end,
              {description = "move to screen", group = "client"}),
    awful.key({ modkey,           }, "t",      function (c) c.ontop = not c.ontop            end,
              {description = "toggle keep on top", group = "client"}),
    awful.key({ modkey,           }, "n",
        function (c)
            -- The client currently has the input focus, so it cannot be
            -- minimized, since minimized clients can't have the focus.
            c.minimized = true
        end ,
        {description = "minimize", group = "client"}),
    awful.key({ modkey,           }, "m",
        function (c)
            c.maximized = not c.maximized
            c:raise()
        end ,
        {description = "maximize", group = "client"})
 )
 -- Bind all key numbers to tags.
 -- Be careful: we use keycodes to make it works on any keyboard layout.
 -- This should map on the top row of your keyboard, usually 1 to 9.
 for i = 1, 9 do
-    globalkeys = awful.util.table.join(
+    globalkeys = awful.util.table.join(globalkeys,
        globalkeys,
        -- View tag only.
-        awful.key(
+        awful.key({ modkey }, "#" .. i + 9,
-            { modkey },
+                  function ()
-            "#" .. i + 9,
+                        local screen = awful.screen.focused()
-            function ()
+                        local tag = screen.tags[i]
-                local screen = awful.screen.focused()
+                        if tag then
-                local tag = screen.tags[i]
+                           tag:view_only()
-                if tag then
+                        end
-                    tag:view_only()
+                  end,
-                end
+                  {description = "view tag #"..i, group = "tag"}),
            end,
            {description = "view tag #"..i, group = "tag"}
        ),
        -- Toggle tag display.
-        awful.key(
+        awful.key({ modkey, "Control" }, "#" .. i + 9,
-            { modkey, "Control" },
+                  function ()
-            "#" .. i + 9,
+                      local screen = awful.screen.focused()
-            function ()
+                      local tag = screen.tags[i]
-                local screen = awful.screen.focused()
+                      if tag then
-                local tag = screen.tags[i]
+                         awful.tag.viewtoggle(tag)
-                if tag then
+                      end
-                    awful.tag.viewtoggle(tag)
+                  end,
-                end
+                  {description = "toggle tag #" .. i, group = "tag"}),
            end,
            {description = "toggle tag #" .. i, group = "tag"}
        ),
        -- Move client to tag.
-        awful.key(
+        awful.key({ modkey, "Shift" }, "#" .. i + 9,
-            { modkey, "Shift" },
+                  function ()
-            "#" .. i + 9,
+                      if client.focus then
-            function ()
+                          local tag = client.focus.screen.tags[i]
-                if client.focus then
+                          if tag then
-                    local tag = client.focus.screen.tags[i]
+                              client.focus:move_to_tag(tag)
-                    if tag then
+                          end
-                        client.focus:move_to_tag(tag)
+                     end
-                    end
+                  end,
-                end
+                  {description = "move focused client to tag #"..i, group = "tag"}),
            end,
            {description = "move focused client to tag #"..i, group = "tag"}
        ),
        -- Toggle tag on focused client.
-        awful.key(
+        awful.key({ modkey, "Control", "Shift" }, "#" .. i + 9,
-            { modkey, "Control", "Shift" },
+                  function ()
-            "#" .. i + 9,
+                      if client.focus then
-            function ()
+                          local tag = client.focus.screen.tags[i]
-                if client.focus then
+                          if tag then
-                    local tag = client.focus.screen.tags[i]
+                              client.focus:toggle_tag(tag)
-                    if tag then
+                          end
-                        client.focus:toggle_tag(tag)
+                      end
-                    end
+                  end,
-                end
+                  {description = "toggle focused client on tag #" .. i, group = "tag"})
            end,
            {description = "toggle focused client on tag #" .. i, group = "tag"}
        )
    )
 end
 clientbuttons = awful.util.table.join(
-awful.button({ }, 1, function (c) client.focus = c; c:raise() end),
+    awful.button({ }, 1, function (c) client.focus = c; c:raise() end),
-awful.button({ modkey }, 1, awful.mouse.client.move),
+    awful.button({ modkey }, 1, awful.mouse.client.move),
-awful.button({ modkey }, 3, awful.mouse.client.resize))
+    awful.button({ modkey }, 3, awful.mouse.client.resize))
 -- Set keys
 root.keys(globalkeys)
@ -507,142 +445,119 @@ root.keys(globalkeys)
 -- Rules to apply to new clients (through the "manage" signal).
 awful.rules.rules = {
    -- All clients will match this rule.
-    {
+    { rule = { },
-        rule = { },
+      properties = { border_width = beautiful.border_width,
-        properties = {
+                     border_color = beautiful.border_normal,
-            border_width = beautiful.border_width,
+                     focus = awful.client.focus.filter,
-            border_color = beautiful.border_normal,
+                     raise = true,
-            focus = awful.client.focus.filter,
+                     keys = clientkeys,
-            raise = true,
+                     buttons = clientbuttons,
-            keys = clientkeys,
+                     screen = awful.screen.preferred,
-            buttons = clientbuttons,
+                     placement = awful.placement.no_overlap+awful.placement.no_offscreen
-            screen = awful.screen.preferred,
+     }
-            placement = awful.placement.no_overlap+awful.placement.no_offscreen
+    },
-          }
+
-      },
+    -- Floating clients.
-      -- Floating clients.
+    { rule_any = {
-      {
+        instance = {
-          rule_any = {
+          "DTA",  -- Firefox addon DownThemAll.
-              instance = {
+          "copyq",  -- Includes session name in class.
-                  "DTA",  -- Firefox addon DownThemAll.
+        },
-                  "copyq",  -- Includes session name in class.
+        class = {
-              },
+          "Arandr",
-              class = {
+          "Gpick",
-                  "Arandr",
+          "Kruler",
-                  "Gpick",
+          "MessageWin",  -- kalarm.
-                  "Kruler",
+          "Sxiv",
-                  "MessageWin",  -- kalarm.
+          "Wpa_gui",
-                  "Sxiv",
+          "pinentry",
-                  "Wpa_gui",
+          "veromix",
-                  "pinentry",
+          "xtightvncviewer"},
-                  "veromix",
+
-                  "xtightvncviewer"
+        name = {
-              },
+          "Event Tester",  -- xev.
-              name = {
+        },
-                  "Event Tester",  -- xev.
+        role = {
-              },
+          "AlarmWindow",  -- Thunderbird's calendar.
-              role = {
+          "pop-up",       -- e.g. Google Chrome's (detached) Developer Tools.
-                  "AlarmWindow",  -- Thunderbird's calendar.
+        }
-                  "pop-up",       -- e.g. Google Chrome's (detached) Developer Tools.
+      }, properties = { floating = true }},
-              }
+
-          },
+    -- Add titlebars to normal clients and dialogs
-          properties = { floating = true }
+    { rule_any = {type = { "normal", "dialog" }
-      },
+      }, properties = { titlebars_enabled = false }
-
+    },
-      -- Add titlebars to normal clients and dialogs
+
-      {
+    -- Set Firefox to always map on the tag named "2" on screen 1.
-          rule_any = {
+    -- { rule = { class = "Firefox" },
-              type = { "normal", "dialog" }
+    --   properties = { screen = 1, tag = "2" } },
          },
          properties = { titlebars_enabled = false }
      },
      -- Set Firefox to always map on the tag named "2" on screen 1.
      -- { rule = { class = "Firefox" },
      --   properties = { screen = 1, tag = "2" } },
 }
 -- }}}
 -- {{{ Signals
 -- Signal function to execute when a new client appears.
-client.connect_signal(
+client.connect_signal("manage", function (c)
-    "manage",
+    -- Set the windows at the slave,
-    function (c)
+    -- i.e. put it at the end of others instead of setting it master.
-        --[[ Set the windows at the slave, i.e. put it at the end of others instead of setting it master.]]
+    -- if not awesome.startup then awful.client.setslave(c) end
-        -- if not awesome.startup then awful.client.setslave(c) end
+
-
+    if awesome.startup and
-        if awesome.startup and
+      not c.size_hints.user_position
-            not c.size_hints.user_position
+      and not c.size_hints.program_position then
-            and not c.size_hints.program_position then
+        -- Prevent clients from being unreachable after screen count changes.
-            --[[ Prevent clients from being unreachable after screen count changes.]]
+        awful.placement.no_offscreen(c)
            awful.placement.no_offscreen(c)
        end
    end
-)
+end)
 -- Add a titlebar if titlebars_enabled is set to true in the rules.
-client.connect_signal(
+client.connect_signal("request::titlebars", function(c)
-    "request::titlebars",
+    -- buttons for the titlebar
-    function(c)
+    local buttons = awful.util.table.join(
-        -- buttons for the titlebar
+        awful.button({ }, 1, function()
-        local buttons = awful.util.table.join(
+            client.focus = c
-            awful.button(
+            c:raise()
-                { },
+            awful.mouse.client.move(c)
-                1,
+        end),
-                function()
+        awful.button({ }, 3, function()
-                    client.focus = c
+            client.focus = c
-                    c:raise()
+            c:raise()
-                    awful.mouse.client.move(c)
+            awful.mouse.client.resize(c)
-                end
+        end)
-            ),
+    )
-            awful.button(
+
-                { },
+    awful.titlebar(c) : setup {
-                3,
+        { -- Left
-                function()
+            awful.titlebar.widget.iconwidget(c),
-                    client.focus = c
+            buttons = buttons,
-                    c:raise()
+            layout  = wibox.layout.fixed.horizontal
-                    awful.mouse.client.resize(c)
+        },
-                end
+        { -- Middle
-            )
+            { -- Title
-        )
+                align  = "center",
-
+                widget = awful.titlebar.widget.titlewidget(c)
        awful.titlebar(c) : setup {
            { -- Left
                awful.titlebar.widget.iconwidget(c),
                buttons = buttons,
                layout  = wibox.layout.fixed.horizontal
            },
            { -- Middle
                { -- Title
                    align  = "center",
                    widget = awful.titlebar.widget.titlewidget(c)
                },
                buttons = buttons,
                layout  = wibox.layout.flex.horizontal
            },
            { -- Right
                awful.titlebar.widget.floatingbutton (c),
                awful.titlebar.widget.maximizedbutton(c),
                awful.titlebar.widget.stickybutton   (c),
                awful.titlebar.widget.ontopbutton    (c),
                awful.titlebar.widget.closebutton    (c),
                layout = wibox.layout.fixed.horizontal()
            },
-            layout = wibox.layout.align.horizontal
+            buttons = buttons,
-        }
+            layout  = wibox.layout.flex.horizontal
-    end
+        },
-)
+        { -- Right
            awful.titlebar.widget.floatingbutton (c),
            awful.titlebar.widget.maximizedbutton(c),
            awful.titlebar.widget.stickybutton   (c),
            awful.titlebar.widget.ontopbutton    (c),
            awful.titlebar.widget.closebutton    (c),
            layout = wibox.layout.fixed.horizontal()
        },
        layout = wibox.layout.align.horizontal
    }
 end)
 -- Enable sloppy focus, so that focus follows mouse.
-client.connect_signal(
+client.connect_signal("mouse::enter", function(c)
-    "mouse::enter",
+    if awful.layout.get(c.screen) ~= awful.layout.suit.magnifier
    function(c)
        if awful.layout.get(c.screen) ~= awful.layout.suit.magnifier
        and awful.client.focus.filter(c) then
-            client.focus = c
+        client.focus = c
        end
    end
-)
+end)
 client.connect_signal("focus", function(c) c.border_color = beautiful.border_focus end)
 client.connect_signal("unfocus", function(c) c.border_color = beautiful.border_normal end)
--- a/public/environment.nix
+++ b/public/environment.nix
@ -0,0 +1,94 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in
 # TODO: ménage
 {
  # Nombre de process d'installation en parrallèle effectués par Nix
  nix.buildCores = 0;
  # The NixOS release to be compatible with for stateful data such as databases.
  system.stateVersion = "16.09";
  #  copies the NixOS configuration file (usually /etc/nixos/configuration.nix) and links it from the resulting system (getting to /run/current-system/configuration.nix)
  system.copySystemConfiguration = true;
  # On autorise les paquets non-libres
  nixpkgs.config.allowUnfree = true;
  # Lancement de dbus pour les utilisateurs
  services.dbus.socketActivated = true;
  # NixOS Hardening
  #security.grsecurity.enable = true;
  # Paquets
  environment = {
    systemPackages = with pkgs; [
      bind          # utilisé pour les utilitaires comme dig
      byobu         # permet de se déconnecter d'un terminal sans l'aréter
      dhcp          # client dhcp
      git gitAndTools.gitSVN gitAndTools.tig gti # outil de gestion de version
      gnumake       # pour décrire les recettes de compilation
      gnupg         # GPG
      gpm           # prise en charge de la souris en console
      htop          # monitoring
      lsb-release   # pour les scripts qui utilisent cet outil
      #libressl      # librairie pour faire du TLS et les algorithmes de crypto par OpenBSD
      ncdu          # outil pour voir l'espace utilisé
      par2cmdline   # outil de récupération de fichiers corrompus - .par2
      p7zip         # compression de fichier
      parted        # partitionnement de disque
      pciutils
      pinentry      # pour taper les mots de passe gpg
      psmisc        # fournis les utilitaires comme killall, fuser, pstree
      python        # python -- python -m SimpleHTTPServer 8000
      python34Packages.glances # monitoring
      pwgen         # générateur de mot de passe
      rtorrent      # TODO outil de téléchargement de torrent & magnet
      tmux          # nécessaire pour byobu
      tree          # affiche une arborescence de fichiers et dossiers
      usbutils
      (import ./vim.nix)
      wget          # client HTTP console
      which         # pour connaitre le chemin d'un exécutable
    ];
    shellAliases = {
      byobu = "byobu-tmux";
      gpg = "gpg2";
      jacques-a-dit = "sudo";
      tree = "tree -C";
      tree1 = "tree -d -L 1";
      tree2 = "tree -d -L 2";
      tree3 = "tree -d -L 3";
      # https://gist.github.com/amitchhajer/4461043 : Count number of code lines in git repository per user
      #git-loc = "git ls-files | while read f; do git blame --line-porcelain "${f}" | grep '^author '; done | sort -f | uniq -ic | sort -n";
      grep = "grep --color=auto";
      vi = "vim";
      byobu-adminsys = "/etc/nixos/base/byobu-adminsys";
    };
    etc.gitconfig.text = builtins.readFile ./gitconfig;
  };
  programs.bash = {
    enableCompletion = true;
    promptInit = builtins.readFile ./bash-prompt.sh;
    interactiveShellInit = builtins.readFile ./bash-interactive-init.sh;
  };
  # https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern
  programs.ssh.extraConfig = ''
    # Ensure KnownHosts are unreadable if leaked - it is otherwise easier to know which hosts your keys have access to.
    HashKnownHosts yes
    # Host keys the client accepts - order here is honored by OpenSSH
    HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
    KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp256,ecdh-sha2-nistp384,diffie-hellman-group-exchange-sha256
    MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
    Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
  '';
 }
--- a/public/gitconfig
+++ b/public/gitconfig
@ -0,0 +1,26 @@
 # http://www.git-attitude.fr/2014/09/15/30-options-git-qui-gagnent-a-etre-connues/
 [color]
    diff = auto
    branch = auto
    interactive = auto
    pager = true
    showbranch = auto
    status = auto
 [alias]
    a  = add -p
    br = for-each-ref --sort=committerdate refs/heads/ --format='%(committerdate:short)\t%(authorname)\t%(refname:short)'
    ci = commit
    co = checkout
    ff = pull --ff-only
    oops = commit --amend --no-edit
    # Show files ignored by git
    ignored = ls-files -o -i --exclude-standard
    ls = ls-files
    st = status
    # Logs
    lol = log --graph --decorate --pretty=oneline --abbrev-commit
    lola = log --graph --decorate --pretty=oneline --abbrev-commit --all
 [push]
    default = simple
 [core]
    editor = /usr/bin/env vim
--- a/applications/graphical/developpement-elm.nix
+++ b/applications/graphical/developpement-elm.nix
@ -2,18 +2,20 @@
 let
  inherit (lib) mkIf mkMerge mkThenElse;
-  annuaire = config.r6d.machines;
+  cfg = config.r6d.config-generator;
-  currentMachine = annuaire."${config.networking.fqdn}";
+  computers = config.r6d.computers;
-  flags = currentMachine.configurationFlags;
+  profiles = config.r6d.profiles;
 in
-mkIf (flags.developpement-elm && flags.graphical) {
+mkIf cfg.scanner {
  # Paquets
  environment.systemPackages = with pkgs; [
    simple-scan
  ];
  # Services
  hardware.sane.enable = true;
  # Réseau
  networking.firewall = {
--- a/public/laptop.nix
+++ b/public/laptop.nix
@ -0,0 +1,27 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in
 mkIf cfg.laptop {
  # Gestion spécifique pour PC portable
  ## Gestion de l'énergie
  powerManagement.cpuFreqGovernor = "powersave";
  ## Activation d'un gestionnaire de réseau
  networking.networkmanager.enable = true;
  hardware.bluetooth.enable = true;
  # Paquets
  environment.systemPackages = with pkgs; [
    networkmanagerapplet    # gestionnaire réseau graphique + console (nm-applet + nmtui)
    wirelesstools           # fournis iwconfig
  ];
 }
--- a/configuration/localisation.nix
+++ b/configuration/localisation.nix
@ -2,19 +2,17 @@
 let
  inherit (lib) mkIf mkMerge mkThenElse;
-  annuaire = config.r6d.machines;
+  cfg = config.r6d.config-generator;
-  currentMachine = annuaire."${config.networking.fqdn}";
+  computers = config.r6d.computers;
-  flags = currentMachine.configurationFlags;
+  profiles = config.r6d.profiles;
 in
 mkIf true {
  # Select internationalisation properties.
  console = {
    font = "Lat2-Terminus16";
    keyMap = "fr";
  };
  i18n = {
    consoleFont = "Lat2-Terminus16";
    consoleKeyMap = "fr";
    defaultLocale = "fr_FR.UTF-8";
  };
--- a/services/munin-muttrc
+++ b/services/munin-muttrc
--- a/configuration/network-ipv6.nix
+++ b/configuration/network-ipv6.nix
@ -2,15 +2,15 @@
 let
  inherit (lib) mkIf mkMerge mkThenElse;
-  annuaire = config.r6d.machines;
+  cfg = config.r6d.config-generator;
-  currentMachine = annuaire."${config.networking.fqdn}";
+  computers = config.r6d.computers;
-  flags = currentMachine.configurationFlags;
+  profiles = config.r6d.profiles;
 in
 mkIf true {
  # Utilisation d'adresse IPv6 temporaire
-
+  
  ## https://blog.linitx.com/control-privacy-addressing-ipv6-linux/
  ## http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/x1092.html
@ -23,7 +23,6 @@ mkIf true {
    "net.ipv6.conf.default.temp_valid_lft" = 3600; # 1 heure
    "net.ipv6.conf.default.use_tempaddr" = 2; # activé
    # Activation du routage
    "net.ipv6.conf.all.forwarding" = true;
    "net.ipv6.conf.default.forwarding" = true;
  };
--- a/public/network.nix
+++ b/public/network.nix
@ -0,0 +1,23 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in
 mkIf true {
  # fix: Hostname -s renvoie "Unknown host" alors que hostname renvoie la bonne valeur
  #      Il s'avère que hostname vérifie la validité du FQDN et du reverse.
  #      Fixer ces paramètres dans les hosts permet de faire tomber en marche
  networking.extraHosts = ''                                                                                                                                                                                                                                                 
    127.0.0.1   ${config.networking.hostName}                                                                                                                                                                                                                             
  '';
  boot.kernel.sysctl = {
    "net.ipv4.conf.all.forwarding" = true;
    "net.ipv4.conf.default.forwarding" = true;
  };
 }
--- a/services/print.nix
+++ b/services/print.nix
@ -2,26 +2,19 @@
 let
  inherit (lib) mkIf mkMerge mkThenElse;
-  annuaire = config.r6d.machines;
+  cfg = config.r6d.config-generator;
-  currentMachine = annuaire."${config.networking.fqdn}";
+  computers = config.r6d.computers;
-  flags = currentMachine.configurationFlags;
+  profiles = config.r6d.profiles;
 in
-mkIf flags.print {
+mkIf cfg.print {
  environment.systemPackages = with pkgs; [
    samba
    python310Packages.pysmbc
  ];
  services.samba.enable = true;
  # Services
  ## Enable CUPS to print documents.
  services.printing = {
    enable = true;
    drivers = [
      pkgs.samsung-unified-linux-driver
      pkgs.fxlinuxprint
      pkgs.gutenprint
    ];
    # Suppression automatique des fichiers temporaires.
    # Par défaut, cups conserve une copie de ce qui a été imprimé
@ -31,6 +24,4 @@ mkIf flags.print {
      PreserveJobFiles No
    '';
  };
  services.avahi.enable = true;
  services.avahi.nssmdns = true;
 }
--- a/public/public.nix
+++ b/public/public.nix
@ -0,0 +1,64 @@
 { config, lib, pkgs, ... }:
 let
  #inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in
 {
  imports = [
    # installées systématiquement
    ./environment.nix
    ./localisation.nix
    ./network.nix
    #./network-ipv6.nix
    ./service-haveged.nix
    ./service-monitoring-munin.nix
    ./service-monitoring-smokeping.nix
    ./service-ssh.nix
    ./udev.nix
    # commandées par config-generator
    ## option de configuration spécifique
    ./app-awesome.nix               # pour le gestionaire de fenêtres awesome
    ./app-cao.nix                   # de conception assisté par ordinateur & modélisation
    ./app-cartographie.nix          # manipuler les données géographiques & cartes
    ./app-developpement.nix         # développer des programmes/scripts
    ./app-developpement-elm.nix     # développer en elm
    ./app-developpement-haskell.nix # développer en haskell
    ./app-developpement-java.nix    # développer en java
    ./app-developpement-jetbrains.nix # outils jetbrains
    ./app-developpement-rust.nix    # développer en rust
    ./app-docker.nix                # activer docker
    ./app-edition-musique.nix       # modifier les fichiers musicaux
    ./app-edition-photo.nix         # modifier les photos & assimilé
    ./app-edition-video.nix         # modifier les vidéos
    ./app-jeux.nix                  # jouer, tout simplement ;)
    ./app-virtualbox.nix            # activer virtualbox
    ./auto-upgrade.nix              # mise à jour automatique du système
    ./laptop.nix                    # appli & configuration adaptée pour un PC portable
    ./print.nix                     # configuration de base de cups
    ./service-elasticsearch.nix     # service de stockage et recher de données
    ./service-hydra-build.nix       # service de construction de paquet. -> la machine compile des paquets
    ./service-hydra-core.nix        # service pour l'instance d'hydra
    ./service-kibana.nix            # service de visualisation de données stockées dans elasticsearch
    ./service-laptop.nix            # services spécifiques aux pc portables
    ./service-locate.nix            # service locate
    ./swap.nix                      # définition de l'utilisation du swap
    ./xmonad/xmonad.nix             # pour le gestionaire de fenêtre xmonad
    ## if isDesktop
    ./app-adminsys.nix              # pour gérer le système dans son ensemble et les services
    ./app-bureau.nix                # éléments pour avoir un environement graphique minimal utilisable
    ./app-bureautique.nix           # dédiée à la bureautique (traitement de texte, dessin, ...)
    ./app-client-internet.nix       # pour accéder & utiliser des ressources par le réseau
    ./app-multimedia.nix            # pour gérer le son, l'image et la vidéo
    ./app-network.nix               # de gestion, de diagnostique & surveillance réseau
    ./app-securite.nix              # relatives à la sécurité (chiffrement, gpg, mots de passe, ...)
    ./hardware-scanner.nix          # utilisation d'un scanner
    ./service-pulseaudio.nix        # activation du serveur audio
    ./service-x11.nix               # activation du serveur graphique X
  ];
 }
--- a/public/service-elasticsearch.nix
+++ b/public/service-elasticsearch.nix
@ -2,12 +2,12 @@
 let
  inherit (lib) mkIf mkMerge mkThenElse;
-  annuaire = config.r6d.machines;
+  cfg = config.r6d.config-generator;
-  currentMachine = annuaire."${config.networking.fqdn}";
+  computers = config.r6d.computers;
-  flags = currentMachine.configurationFlags;
+  profiles = config.r6d.profiles;
 in
-mkIf flags.elasticsearch {
+mkIf cfg.elasticsearch {
  # Paquets
  environment.systemPackages = with pkgs; [
--- a/public/service-haveged.nix
+++ b/public/service-haveged.nix
@ -2,9 +2,9 @@
 let
  inherit (lib) mkIf mkMerge mkThenElse;
-  annuaire = config.r6d.machines;
+  cfg = config.r6d.config-generator;
-  currentMachine = annuaire."${config.networking.fqdn}";
+  computers = config.r6d.computers;
-  flags = currentMachine.configurationFlags;
+  profiles = config.r6d.profiles;
 in
 mkIf true {
--- a/public/service-hydra-build.nix
+++ b/public/service-hydra-build.nix
@ -0,0 +1,45 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in
 # TODO: ménage
 mkIf cfg.hydra-builder {
  # Paquets
  environment.systemPackages = with pkgs; [
    qemu
    kvm
  ];
  # Services
  ## Services de virtualisation utilisé pour les tests hydra
  virtualisation.docker.enable = true;
  virtualisation.libvirtd.enable = true;
  virtualisation.libvirtd.enableKVM = true;
  #virtualisation.virtualbox.guest.enable = true;
  virtualisation.virtualbox.host.enable = true;
  virtualisation.virtualbox.host.headless = true;
  ## Ménage automatique tous les jours
  nix.gc.automatic = true;
  users.users."hydrabld" = {
    description = "Execution des jobs hydra";
    group = "nixbld";
    extraGroups = [
      "docker"
      "nixbld"
      "vboxusers"
    ];
    isNormalUser = true;  # devrait être à false: TODO débugger la conf ssh & users pour que ça marche en user système
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYpjcWJCf8dXpv2LmoIaNVbwZXEC50QUU6Az+lqeD89 hydra radx"
    ];
  };
 }
--- a/public/service-hydra-core.nix
+++ b/public/service-hydra-core.nix
@ -2,9 +2,9 @@
 let
  inherit (lib) mkIf mkMerge mkThenElse;
-  annuaire = config.r6d.machines;
+  cfg = config.r6d.config-generator;
-  currentMachine = annuaire."${config.networking.fqdn}";
+  computers = config.r6d.computers;
-  flags = currentMachine.configurationFlags;
+  profiles = config.r6d.profiles;
  #### https://github.com/NixOS/hydra/issues/413
@ -23,7 +23,7 @@ let
  # hydra-queue-runner --status | json_pp
 in
 # TODO: passe de ménage
-mkIf flags.hydra-core {
+mkIf cfg.hydra-core {
  # Paquets
  environment.systemPackages = with pkgs; [
@ -54,16 +54,14 @@ mkIf flags.hydra-core {
  services.hydra = {
    enable = true;
-    hydraURL = "http://hydra.${config.networking.fqdn}";
+    hydraURL = "http://hydra.${config.networking.hostName}";
-    notificationSender = "hydra@${config.networking.fqdn}";
+    notificationSender = "hydra@${config.networking.hostName}";
    listenHost = "localhost";
    minimumDiskFree = 50; # Go
    smtpHost = "localhost";
    #package = hydra-src-pkg ;
  };
  systemd.services.hydra-evaluator.serviceConfig.Nice = -19;
  #systemd.services.hydra-evaluator = {
  #  path = [ pkgs.nettools config.services.hydra.package ];
  #};
@ -76,7 +74,7 @@ mkIf flags.hydra-core {
  ### Machines connues
  programs.ssh.knownHosts = {
-    "hydra.prunetwork.fr".publicKey     = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDYrZu31+/ybhel7LNPNgsALEoMHwTc1OiTcmJnXZ3He";
+    "hydra.prunetwork.fr".publicKey     = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMhXFlj2oyArVyEwEwDxNXthB/JljHkq+UhTLxbekkMB";
    "monstre.dubronetwork.fr".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTTrLhq1Cwm0rpnwEIxSLqVrJWZnt+/9dt+SKd8NiIc";
    "pedro.dubronetwork.fr".publicKey   = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM7fjo2ysLqlfSo6BKnc6I6m1ayoPrbwEEyTKZmUzsOD";
    "ocean.prunetwork.fr".publicKey     = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINCaRuTl8iCTUE4XInOpkSlwQj5Re4w4Iq+gNIlJe8pA";
--- a/public/service-kibana.nix
+++ b/public/service-kibana.nix
@ -2,12 +2,12 @@
 let
  inherit (lib) mkIf mkMerge mkThenElse;
-  annuaire = config.r6d.machines;
+  cfg = config.r6d.config-generator;
-  currentMachine = annuaire."${config.networking.fqdn}";
+  computers = config.r6d.computers;
-  flags = currentMachine.configurationFlags;
+  profiles = config.r6d.profiles;
 in
-mkIf flags.kibana {
+mkIf cfg.kibana {
  # Paquets
  environment.systemPackages = with pkgs; [
--- a/public/service-laptop.nix
+++ b/public/service-laptop.nix
@ -0,0 +1,19 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in
 mkIf cfg.laptop {
  # Gestion spécifique pour PC portable
  # Services
  services.xserver.synaptics = {
    enable = true;
    twoFingerScroll = true;
  };
 }
--- a/public/service-locate.nix
+++ b/public/service-locate.nix
@ -2,12 +2,12 @@
 let
  inherit (lib) mkIf mkMerge mkThenElse;
-  annuaire = config.r6d.machines;
+  cfg = config.r6d.config-generator;
-  currentMachine = annuaire."${config.networking.fqdn}";
+  computers = config.r6d.computers;
-  flags = currentMachine.configurationFlags;
+  profiles = config.r6d.profiles;
 in
-mkIf flags.locate {
+mkIf cfg.locate {
  # Services
  services.locate = {
--- a/public/service-monitoring-munin.nix
+++ b/public/service-monitoring-munin.nix
@ -0,0 +1,51 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in
 # TODO: ajouter option
 # TODO: changer adresse mail
 mkIf true {
  # Paquets
  environment.systemPackages = with pkgs; [
    bc
    mailutils
  ];
  # Services
  ## Noeud de supervision munin = pas de stockage des données locales
  services.munin-node = {
    enable = true;
  };
  systemd.services.munin-node = {
    path = with pkgs; [ munin lm_sensors ];
    serviceConfig.TimeoutStartSec = "3min";
  };
  ## Munin server -- generate /var/www/munin
  services.munin-cron = {
    enable = true;
    hosts = ''
      [${config.networking.hostName}]
        address 127.0.0.1
    '';
    extraGlobalConfig = ''
      contact.email.command ${pkgs.mutt}/bin/mutt -F /etc/nixos/base/public/munin-muttrc -s "Munin notification for ''${var:host}" jean-pierre@ocean.prunetwork.fr
    '';
  };
  # Réseau
  networking.firewall = {
    allowedTCPPorts = [
      #8000
    ];
    allowedUDPPorts = [
    ];
  };
 }
--- a/public/service-monitoring-smokeping.nix
+++ b/public/service-monitoring-smokeping.nix
@ -0,0 +1,199 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
  profiles = config.r6d.profiles;
 in
 # TODO: ajouter option
 mkIf true {
  # Paquets
  environment.systemPackages = with pkgs; [
    bind
  ];
  # Paquets avec setuid root
  security.wrappers = {
    # outil de diagnostic réseau
    fping.source = "${pkgs.fping}/bin/fping";
  };
  # Services
  services.smokeping = {
    enable = true;
    probeConfig = ''
      + FPing
      #binary = ${pkgs.fping}/bin/fping
      binary = ${config.security.wrapperDir}/fping
      +DNS
      #binary = ${pkgs.bind}/bin/dig
      binary = /run/current-system/sw/bin/dig
      forks = 5
      offset = 50%
      step = 300
      timeout = 15
    '';
    targetConfig = ''
      probe = FPing
      menu = Top
      title = Suivi de la latence reseau
      remark = Monitoring de la latence reseau. \
          Here you will learn all about the latency of our network.
      + Local
      probe = FPing
      menu = Local
      title = Local Network
        ++ LocalMachine
        menu = Local Machine
        title = This host
        host = localhost
      + Grudu_Tinc
      probe = FPing
      title = Grudu_Tinc
      menu = Grudu.net - Tinc
        ++ Hydra
        menu = hydra.grudu.net
        title = hydra.grudu.net
        host = hydra.grudu.net
        ++ Monstre
        menu = monstre.grudu.net
        title = monstre.grudu.net
        host = monstre.grudu.net
        ++ Rollo
        menu = rollo.grudu.net
        title = rollo.grudu.net
        host = rollo.grudu.net
        ++ Ocean
        menu = ocean.grudu.net
        title = ocean.grudu.net
        host = ocean.grudu.net
        ++ MultiHost
        menu = Multihost
        title = Ensemble de mesures de latence
        host = /Grudu_Tinc/Monstre /Grudu_Tinc/Rollo /Grudu_Tinc/Ocean /Grudu_Tinc/Hydra
      + Grudu_DNS
      title = Grudu_DNS
      menu = Grudu.net - DNS
      probe = DNS
      pings = 5
        ++ Ocean
        title = ocean
        menu = serveur ocean
        server = ocean.prunetwork.fr
          +++ ocean
          host = ocean.grudu.net
          lookup = ocean.grudu.net
          +++ rollo
          host = rollo.grudu.net
          lookup = rollo.grudu.net
        ++ Rollo
        title = rollo
        menu = serveur rollo
        server = rollo.dubronetwork.fr
          +++ ocean
          host = ocean.grudu.net
          lookup = ocean.grudu.net
          +++ rollo
          host = rollo.grudu.net
          lookup = rollo.grudu.net
        ++ MultiHost
          menu = Multihost
          title = Ensemble de mesures DNS
          host = /Grudu_DNS/Ocean/ocean /Grudu_DNS/Ocean/rollo /Grudu_DNS/Rollo/ocean /Grudu_DNS/Rollo/rollo 
      + France
      probe = FPing
      title = France
      menu = Operateur francais
        ++ Atos
        menu = Atos
        title = www.atos.fr
        host = www.atos.fr
        ++ Axialys
        menu = Axialys
        title = www.axialys.fr
        host = www.axialys.fr
        ++ Azurtel
        menu = azurtel
        title = www.azurtel.fr
        host = www.azurtel.fr
        ++ Bouygues-Telecom
        menu = Bouygues-Telecom
        title = www.bouygues-telecom.fr
        host = www.bouygues-telecom.fr
        ++ Colt
        menu = Colt
        title = www.colt.fr
        host = www.colt.fr
        ++ Completel
        menu = completel
        title = www.completel.fr
        host = www.completel.fr
        ++ Free
        menu = Free
        title = www.free.fr
        host = www.free.fr
        ++ Kosmos
        menu = Kosmos
        title = www.kosmos.fr
        host = www.kosmos.fr
        ++ Orange
        menu = Orange
        title = www.orange.fr
        host = www.orange.fr
        ++ Renater
        menu = Renater
        title = www.renater.fr
        host = www.renater.fr
        ++ SFR
        menu = SFR
        title = www.sfr.fr
        host = www.sfr.fr
        ++ MultiHost
        menu = Multihost
        title = Ensemble de mesures DNS
        host =  /France/Atos /France/Axialys /France/Azurtel \
                /France/Bouygues-Telecom \
                /France/Completel \
                /France/Free \
                /France/Kosmos \
                /France/Orange \
                /France/Renater \
                /France/SFR
      #         /France/Colt
      '';
 };
  # Réseau
  networking.firewall = {
    allowedTCPPorts = [
      #8081   # accès depuis localhost uniquement ou à travers un proxy nginx
    ];
    allowedUDPPorts = [
    ];
  };
 }
--- a/Show More
+++ b/Show More