raphael/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

style(nixfmt): formatting using nixfmt cli tools

Browse source
This commit is contained in:
Raphael 2025-10-09 00:09:26 +02:00
parent b804520f4c
commit fbe803b928
No known key found for this signature in database
46 changed files with 2133 additions and 1700 deletions
Download patch file Download diff file Expand all files Collapse all files

98
flake.nix
View file

@ -1,49 +1,57 @@
{
description = "NixOS Configuration";
description = "NixOS Configuration";
inputs = {
flake-utils.url = "github:numtide/flake-utils";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
minecraft.url = "github:Infinidoge/nix-minecraft";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
inputs = {
flake-utils.url = "github:numtide/flake-utils";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
minecraft.url = "github:Infinidoge/nix-minecraft";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { self, nixpkgs, flake-utils, simple-nixos-mailserver, ... }@inputs:
let
pkgs = import nixpkgs {
config.allowUnfree = true;
};
in {
nixosConfigurations = {
"nixos-fix" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./hosts/fix/configuration.nix
];
specialArgs = {
inherit inputs;
};
};
"nixos-server" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./hosts/server/configuration.nix
simple-nixos-mailserver.nixosModule
];
specialArgs = {
inherit inputs;
};
};
"nixos-asahi" = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
./hosts/asahi/configuration.nix
];
};
};
};
outputs =
{
self,
nixpkgs,
flake-utils,
simple-nixos-mailserver,
...
}@inputs:
let
pkgs = import nixpkgs {
config.allowUnfree = true;
};
in
{
nixosConfigurations = {
"nixos-fix" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./hosts/fix/configuration.nix
];
specialArgs = {
inherit inputs;
};
};
"nixos-server" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./hosts/server/configuration.nix
simple-nixos-mailserver.nixosModule
];
specialArgs = {
inherit inputs;
};
};
"nixos-asahi" = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
./hosts/asahi/configuration.nix
];
};
};
};
}

17
hosts/asahi/apple-silicon-support/modules/boot-m1n1/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
pkgs' = config.hardware.asahi.pkgs;
@ -13,7 +18,7 @@ let
};
bootFiles = {
"m1n1/boot.bin" = pkgs.runCommand "boot.bin" {} ''
"m1n1/boot.bin" = pkgs.runCommand "boot.bin" { } ''
cat ${bootM1n1}/build/m1n1.bin > $out
cat ${config.boot.kernelPackages.kernel}/dtbs/apple/*.dtb >> $out
cat ${bootUBoot}/u-boot-nodtb.bin.gz >> $out
@ -22,14 +27,18 @@ let
fi
'';
};
in {
in
{
config = lib.mkIf config.hardware.asahi.enable {
# install m1n1 with the boot loader
boot.loader.grub.extraFiles = bootFiles;
boot.loader.systemd-boot.extraFiles = bootFiles;
# ensure the installer has m1n1 in the image
system.extraDependencies = lib.mkForce [ bootM1n1 bootUBoot ];
system.extraDependencies = lib.mkForce [
bootM1n1
bootUBoot
];
system.build.m1n1 = bootFiles."m1n1/boot.bin";
};

60
hosts/asahi/apple-silicon-support/modules/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
imports = [
./kernel
@ -8,43 +13,52 @@
./sound
];
config = let
config =
let
cfg = config.hardware.asahi;
in lib.mkIf cfg.enable {
in
lib.mkIf cfg.enable {
nixpkgs.overlays = lib.mkBefore [ cfg.overlay ];
# patch systemd-boot to boot in Apple Silicon UEFI environment.
# This regression only appeared in systemd 256.7.
# see https://github.com/NixOS/nixpkgs/pull/355290
# and https://github.com/systemd/systemd/issues/35026
systemd.package = let
systemdBroken = (pkgs.systemd.version == "256.7");
systemd.package =
let
systemdBroken = (pkgs.systemd.version == "256.7");
systemdPatched = pkgs.systemd.overrideAttrs (old: {
patches = let
oldPatches = (old.patches or []);
# not sure why there are non-paths in there but oh well
patchNames = (builtins.map (p: if ((builtins.typeOf p) == "path") then builtins.baseNameOf p else "") oldPatches);
fixName = "0019-Revert-boot-Make-initrd_prepare-semantically-equival.patch";
alreadyPatched = builtins.elem fixName patchNames;
in oldPatches ++ lib.optionals (!alreadyPatched) [
(pkgs.fetchpatch {
url = "https://raw.githubusercontent.com/NixOS/nixpkgs/125e99477b0ac0a54b7cddc6c5a704821a3074c7/pkgs/os-specific/linux/systemd/${fixName}";
hash = "sha256-UW3DZiaykQUUNcGA5UFxN+/wgNSW3ufxDDCZ7emD16o=";
})
];
});
in if systemdBroken then systemdPatched else pkgs.systemd;
systemdPatched = pkgs.systemd.overrideAttrs (old: {
patches =
let
oldPatches = (old.patches or [ ]);
# not sure why there are non-paths in there but oh well
patchNames = (
builtins.map (p: if ((builtins.typeOf p) == "path") then builtins.baseNameOf p else "") oldPatches
);
fixName = "0019-Revert-boot-Make-initrd_prepare-semantically-equival.patch";
alreadyPatched = builtins.elem fixName patchNames;
in
oldPatches
++ lib.optionals (!alreadyPatched) [
(pkgs.fetchpatch {
url = "https://raw.githubusercontent.com/NixOS/nixpkgs/125e99477b0ac0a54b7cddc6c5a704821a3074c7/pkgs/os-specific/linux/systemd/${fixName}";
hash = "sha256-UW3DZiaykQUUNcGA5UFxN+/wgNSW3ufxDDCZ7emD16o=";
})
];
});
in
if systemdBroken then systemdPatched else pkgs.systemd;
hardware.asahi.pkgs =
if cfg.pkgsSystem != "aarch64-linux"
then
if cfg.pkgsSystem != "aarch64-linux" then
import (pkgs.path) {
crossSystem.system = "aarch64-linux";
localSystem.system = cfg.pkgsSystem;
overlays = [ cfg.overlay ];
}
else pkgs;
else
pkgs;
};
options.hardware.asahi = {

21
hosts/asahi/apple-silicon-support/modules/kernel/default.nix
View file

@ -1,11 +1,17 @@
# the Asahi Linux kernel and options that must go along with it
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
config = lib.mkIf config.hardware.asahi.enable {
boot.kernelPackages = let
pkgs' = config.hardware.asahi.pkgs;
in
boot.kernelPackages =
let
pkgs' = config.hardware.asahi.pkgs;
in
pkgs'.linux-asahi.override {
_kernelPatches = config.boot.kernelPatches;
withRust = config.hardware.asahi.withRust;
@ -93,8 +99,11 @@
};
imports = [
(lib.mkRemovedOptionModule [ "hardware" "asahi" "addEdgeKernelConfig" ]
"All edge kernel config options are now the default.")
(lib.mkRemovedOptionModule [
"hardware"
"asahi"
"addEdgeKernelConfig"
] "All edge kernel config options are now the default.")
];
options.hardware.asahi.withRust = lib.mkOption {

66
hosts/asahi/apple-silicon-support/modules/mesa/default.nix
View file

@ -1,27 +1,41 @@
{ options, config, pkgs, lib, ... }:
{
config = let
isMode = mode: (config.hardware.asahi.useExperimentalGPUDriver
&& config.hardware.asahi.experimentalGPUInstallMode == mode);
in lib.mkIf config.hardware.asahi.enable (lib.mkMerge [
{
# required for proper DRM setup even without GPU driver
services.xserver.config = ''
Section "OutputClass"
Identifier "appledrm"
MatchDriver "apple"
Driver "modesetting"
Option "PrimaryGPU" "true"
EndSection
'';
}
(lib.mkIf config.hardware.asahi.useExperimentalGPUDriver {
# install the Asahi Mesa version
hardware.graphics.package = config.hardware.asahi.pkgs.mesa-asahi-edge.drivers;
# required for in-kernel GPU driver
hardware.asahi.withRust = true;
})
]);
options,
config,
pkgs,
lib,
...
}:
{
config =
let
isMode =
mode:
(
config.hardware.asahi.useExperimentalGPUDriver
&& config.hardware.asahi.experimentalGPUInstallMode == mode
);
in
lib.mkIf config.hardware.asahi.enable (
lib.mkMerge [
{
# required for proper DRM setup even without GPU driver
services.xserver.config = ''
Section "OutputClass"
Identifier "appledrm"
MatchDriver "apple"
Driver "modesetting"
Option "PrimaryGPU" "true"
EndSection
'';
}
(lib.mkIf config.hardware.asahi.useExperimentalGPUDriver {
# install the Asahi Mesa version
hardware.graphics.package = config.hardware.asahi.pkgs.mesa-asahi-edge.drivers;
# required for in-kernel GPU driver
hardware.asahi.withRust = true;
})
]
);
options.hardware.asahi.useExperimentalGPUDriver = lib.mkOption {
type = lib.types.bool;
@ -35,7 +49,11 @@
# hopefully no longer used, should be deprecated eventually
options.hardware.asahi.experimentalGPUInstallMode = lib.mkOption {
type = lib.types.enum [ "driver" "replace" "overlay" ];
type = lib.types.enum [
"driver"
"replace"
"overlay"
];
default = "replace";
description = ''
Mode to use to install the experimental GPU driver into the system.

65
hosts/asahi/apple-silicon-support/modules/peripheral-firmware/default.nix
View file

@ -1,8 +1,14 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
config = lib.mkIf config.hardware.asahi.enable {
assertions = lib.mkIf config.hardware.asahi.extractPeripheralFirmware [
{ assertion = config.hardware.asahi.peripheralFirmwareDirectory != null;
{
assertion = config.hardware.asahi.peripheralFirmwareDirectory != null;
message = ''
Asahi peripheral firmware extraction is enabled but the firmware
location appears incorrect.
@ -10,26 +16,34 @@
}
];
hardware.firmware = let
pkgs' = config.hardware.asahi.pkgs;
in
lib.mkIf ((config.hardware.asahi.peripheralFirmwareDirectory != null)
&& config.hardware.asahi.extractPeripheralFirmware) [
(pkgs.stdenv.mkDerivation {
name = "asahi-peripheral-firmware";
hardware.firmware =
let
pkgs' = config.hardware.asahi.pkgs;
in
lib.mkIf
(
(config.hardware.asahi.peripheralFirmwareDirectory != null)
&& config.hardware.asahi.extractPeripheralFirmware
)
[
(pkgs.stdenv.mkDerivation {
name = "asahi-peripheral-firmware";
nativeBuildInputs = [ pkgs'.asahi-fwextract pkgs.cpio ];
nativeBuildInputs = [
pkgs'.asahi-fwextract
pkgs.cpio
];
buildCommand = ''
mkdir extracted
asahi-fwextract ${config.hardware.asahi.peripheralFirmwareDirectory} extracted
buildCommand = ''
mkdir extracted
asahi-fwextract ${config.hardware.asahi.peripheralFirmwareDirectory} extracted
mkdir -p $out/lib/firmware
cat extracted/firmware.cpio | cpio -id --quiet --no-absolute-filenames
mv vendorfw/* $out/lib/firmware
'';
})
];
mkdir -p $out/lib/firmware
cat extracted/firmware.cpio | cpio -id --quiet --no-absolute-filenames
mv vendorfw/* $out/lib/firmware
'';
})
];
};
options.hardware.asahi = {
@ -45,13 +59,12 @@
peripheralFirmwareDirectory = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = lib.findFirst (path: builtins.pathExists (path + "/all_firmware.tar.gz")) null
[
# path when the system is operating normally
/boot/asahi
# path when the system is mounted in the installer
/mnt/boot/asahi
];
default = lib.findFirst (path: builtins.pathExists (path + "/all_firmware.tar.gz")) null [
# path when the system is operating normally
/boot/asahi
# path when the system is mounted in the installer
/mnt/boot/asahi
];
description = ''
Path to the directory containing the non-free non-redistributable

124
hosts/asahi/apple-silicon-support/modules/sound/default.nix
View file

@ -1,4 +1,10 @@
{ config, options, pkgs, lib, ... }:
{
config,
options,
pkgs,
lib,
...
}:
{
options.hardware.asahi = {
@ -12,59 +18,75 @@
};
};
config = let
cfg = config.hardware.asahi;
config =
let
cfg = config.hardware.asahi;
asahi-audio = pkgs.asahi-audio; # the asahi-audio we use
asahi-audio = pkgs.asahi-audio; # the asahi-audio we use
lsp-plugins = pkgs.lsp-plugins;
lsp-plugins = pkgs.lsp-plugins;
lsp-plugins-is-safe = (pkgs.lib.versionAtLeast lsp-plugins.version "1.2.14");
lsp-plugins-is-safe = (pkgs.lib.versionAtLeast lsp-plugins.version "1.2.14");
lv2Path = lib.makeSearchPath "lib/lv2" [ lsp-plugins pkgs.bankstown-lv2 ];
in lib.mkIf (cfg.setupAsahiSound && cfg.enable) (lib.mkMerge [
{
# can't be used by Asahi sound infrastructure
services.pulseaudio.enable = false;
# enable pipewire to run real-time and avoid audible glitches
security.rtkit.enable = true;
# set up pipewire with the supported capabilities (instead of pulseaudio)
# and asahi-audio configs and plugins
services.pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
configPackages = [ asahi-audio ];
extraLv2Packages = [ lsp-plugins pkgs.bankstown-lv2 ];
wireplumber = {
enable = true;
configPackages = [ asahi-audio ];
extraLv2Packages = [ lsp-plugins pkgs.bankstown-lv2 ];
};
};
# set up enivronment so that UCM configs are used as well
environment.variables.ALSA_CONFIG_UCM2 = "${pkgs.alsa-ucm-conf-asahi}/share/alsa/ucm2";
systemd.user.services.pipewire.environment.ALSA_CONFIG_UCM2 = config.environment.variables.ALSA_CONFIG_UCM2;
systemd.user.services.wireplumber.environment.ALSA_CONFIG_UCM2 = config.environment.variables.ALSA_CONFIG_UCM2;
# enable speakersafetyd to protect speakers
systemd.packages = lib.mkAssert lsp-plugins-is-safe
"lsp-plugins is unpatched/outdated and speakers cannot be safely enabled"
[ pkgs.speakersafetyd ];
services.udev.packages = [ pkgs.speakersafetyd ];
# asahi-sound requires wireplumber 0.5.2 or above
# https://github.com/AsahiLinux/asahi-audio/commit/29ec1056c18193ffa09a990b1b61ed273e97fee6
assertions = [
{
assertion = lib.versionAtLeast pkgs.wireplumber.version "0.5.2";
message = "wireplumber >= 0.5.2 is required for sound with nixos-apple-silicon.";
}
lv2Path = lib.makeSearchPath "lib/lv2" [
lsp-plugins
pkgs.bankstown-lv2
];
}
]);
in
lib.mkIf (cfg.setupAsahiSound && cfg.enable) (
lib.mkMerge [
{
# can't be used by Asahi sound infrastructure
services.pulseaudio.enable = false;
# enable pipewire to run real-time and avoid audible glitches
security.rtkit.enable = true;
# set up pipewire with the supported capabilities (instead of pulseaudio)
# and asahi-audio configs and plugins
services.pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
configPackages = [ asahi-audio ];
extraLv2Packages = [
lsp-plugins
pkgs.bankstown-lv2
];
wireplumber = {
enable = true;
configPackages = [ asahi-audio ];
extraLv2Packages = [
lsp-plugins
pkgs.bankstown-lv2
];
};
};
# set up enivronment so that UCM configs are used as well
environment.variables.ALSA_CONFIG_UCM2 = "${pkgs.alsa-ucm-conf-asahi}/share/alsa/ucm2";
systemd.user.services.pipewire.environment.ALSA_CONFIG_UCM2 =
config.environment.variables.ALSA_CONFIG_UCM2;
systemd.user.services.wireplumber.environment.ALSA_CONFIG_UCM2 =
config.environment.variables.ALSA_CONFIG_UCM2;
# enable speakersafetyd to protect speakers
systemd.packages =
lib.mkAssert lsp-plugins-is-safe
"lsp-plugins is unpatched/outdated and speakers cannot be safely enabled"
[ pkgs.speakersafetyd ];
services.udev.packages = [ pkgs.speakersafetyd ];
# asahi-sound requires wireplumber 0.5.2 or above
# https://github.com/AsahiLinux/asahi-audio/commit/29ec1056c18193ffa09a990b1b61ed273e97fee6
assertions = [
{
assertion = lib.versionAtLeast pkgs.wireplumber.version "0.5.2";
message = "wireplumber >= 0.5.2 is required for sound with nixos-apple-silicon.";
}
];
}
]
);
}

41
hosts/asahi/apple-silicon-support/packages/alsa-ucm-conf-asahi/default.nix
View file

@ -1,22 +1,27 @@
{ lib
, fetchFromGitHub
, alsa-ucm-conf
{
lib,
fetchFromGitHub,
alsa-ucm-conf,
}:
(alsa-ucm-conf.overrideAttrs (oldAttrs: let
versionAsahi = "5";
(alsa-ucm-conf.overrideAttrs (
oldAttrs:
let
versionAsahi = "5";
srcAsahi = fetchFromGitHub {
# tracking: https://src.fedoraproject.org/rpms/alsa-ucm-asahi
owner = "AsahiLinux";
repo = "alsa-ucm-conf-asahi";
rev = "v${versionAsahi}";
hash = "sha256-daUNz5oUrPfSMO0Tqq/WbtiLHMOtPeQQlI+juGrhTxw=";
};
in {
name = "${oldAttrs.pname}-${oldAttrs.version}-asahi-${versionAsahi}";
srcAsahi = fetchFromGitHub {
# tracking: https://src.fedoraproject.org/rpms/alsa-ucm-asahi
owner = "AsahiLinux";
repo = "alsa-ucm-conf-asahi";
rev = "v${versionAsahi}";
hash = "sha256-daUNz5oUrPfSMO0Tqq/WbtiLHMOtPeQQlI+juGrhTxw=";
};
in
{
name = "${oldAttrs.pname}-${oldAttrs.version}-asahi-${versionAsahi}";
postInstall = oldAttrs.postInstall or "" + ''
cp -r ${srcAsahi}/ucm2 $out/share/alsa
'';
}))
postInstall = oldAttrs.postInstall or "" + ''
cp -r ${srcAsahi}/ucm2 $out/share/alsa
'';
}
))

7
hosts/asahi/apple-silicon-support/packages/asahi-audio/default.nix
View file

@ -1,6 +1,7 @@
{ stdenv
, lib
, fetchFromGitHub
{
stdenv,
lib,
fetchFromGitHub,
}:
stdenv.mkDerivation rec {

13
hosts/asahi/apple-silicon-support/packages/asahi-fwextract/default.nix
View file

@ -1,9 +1,10 @@
{ lib
, python3
, fetchFromGitHub
, gzip
, gnutar
, lzfse
{
lib,
python3,
fetchFromGitHub,
gzip,
gnutar,
lzfse,
}:
python3.pkgs.buildPythonApplication rec {

205
hosts/asahi/apple-silicon-support/packages/linux-asahi/default.nix
View file

@ -1,11 +1,12 @@
{ lib
, pkgs
, callPackage
, writeShellScriptBin
, writeText
, linuxPackagesFor
, withRust ? false
, _kernelPatches ? [ ]
{
lib,
pkgs,
callPackage,
writeShellScriptBin,
writeText,
linuxPackagesFor,
withRust ? false,
_kernelPatches ? [ ],
}:
let
@ -13,67 +14,107 @@ let
# parse <OPT> [ymn]|foo style configuration as found in a patch's extraConfig
# into a list of k, v tuples
parseExtraConfig = config:
parseExtraConfig =
config:
let
lines =
builtins.filter (s: s != "") (lib.strings.splitString "\n" config);
parseLine = line: let
t = lib.strings.splitString " " line;
join = l: builtins.foldl' (a: b: "${a} ${b}")
(builtins.head l) (builtins.tail l);
v = if (builtins.length t) > 2 then join (builtins.tail t) else (i t 1);
in [ "CONFIG_${i t 0}" v ];
in map parseLine lines;
lines = builtins.filter (s: s != "") (lib.strings.splitString "\n" config);
parseLine =
line:
let
t = lib.strings.splitString " " line;
join = l: builtins.foldl' (a: b: "${a} ${b}") (builtins.head l) (builtins.tail l);
v = if (builtins.length t) > 2 then join (builtins.tail t) else (i t 1);
in
[
"CONFIG_${i t 0}"
v
];
in
map parseLine lines;
# parse <OPT>=lib.kernel.(yes|module|no)|lib.kernel.freeform "foo"
# style configuration as found in a patch's extraStructuredConfig into
# a list of k, v tuples
parseExtraStructuredConfig = config: lib.attrsets.mapAttrsToList
(k: v: [ "CONFIG_${k}" (v.tristate or v.freeform) ] ) config;
parseExtraStructuredConfig =
config:
lib.attrsets.mapAttrsToList (k: v: [
"CONFIG_${k}"
(v.tristate or v.freeform)
]) config;
parsePatchConfig = { extraConfig ? "", extraStructuredConfig ? {}, ... }:
(parseExtraConfig extraConfig) ++
(parseExtraStructuredConfig extraStructuredConfig);
parsePatchConfig =
{
extraConfig ? "",
extraStructuredConfig ? { },
...
}:
(parseExtraConfig extraConfig) ++ (parseExtraStructuredConfig extraStructuredConfig);
# parse CONFIG_<OPT>=[ymn]|"foo" style configuration as found in a config file
# into a list of k, v tuples
parseConfig = config:
parseConfig =
config:
let
parseLine = builtins.match ''(CONFIG_[[:upper:][:digit:]_]+)=(([ymn])|"([^"]*)")'';
# get either the [ymn] option or the "foo" option; whichever matched
t = l: let v = (i l 2); in [ (i l 0) (if v != null then v else (i l 3)) ];
t =
l:
let
v = (i l 2);
in
[
(i l 0)
(if v != null then v else (i l 3))
];
lines = lib.strings.splitString "\n" config;
in map t (builtins.filter (l: l != null) (map parseLine lines));
in
map t (builtins.filter (l: l != null) (map parseLine lines));
origConfigfile = ./config;
linux-asahi-pkg = { stdenv, lib, fetchFromGitHub, fetchpatch, linuxKernel,
rustPlatform, rustc, rustfmt, rust-bindgen, ... } @ args:
linux-asahi-pkg =
{
stdenv,
lib,
fetchFromGitHub,
fetchpatch,
linuxKernel,
rustPlatform,
rustc,
rustfmt,
rust-bindgen,
...
}@args:
let
origConfigText = builtins.readFile origConfigfile;
# extraConfig from all patches in order
extraConfig =
lib.fold (patch: ex: ex ++ (parsePatchConfig patch)) [] _kernelPatches;
extraConfig = lib.fold (patch: ex: ex ++ (parsePatchConfig patch)) [ ] _kernelPatches;
# config file text for above
extraConfigText = let
text = k: v: if (v == "y") || (v == "m") || (v == "n")
then "${k}=${v}" else ''${k}="${v}"'';
in (map (t: text (i t 0) (i t 1)) extraConfig);
extraConfigText =
let
text = k: v: if (v == "y") || (v == "m") || (v == "n") then "${k}=${v}" else ''${k}="${v}"'';
in
(map (t: text (i t 0) (i t 1)) extraConfig);
# final config as a text file path
configfile = if extraConfig == [] then origConfigfile else
writeText "config" ''
${origConfigText}
configfile =
if extraConfig == [ ] then
origConfigfile
else
writeText "config" ''
${origConfigText}
# Patches
${lib.strings.concatStringsSep "\n" extraConfigText}
'';
# Patches
${lib.strings.concatStringsSep "\n" extraConfigText}
'';
# final config as an attrset
configAttrs = let
makePair = t: lib.nameValuePair (i t 0) (i t 1);
configList = (parseConfig origConfigText) ++ extraConfig;
in builtins.listToAttrs (map makePair (lib.lists.reverseList configList));
configAttrs =
let
makePair = t: lib.nameValuePair (i t 0) (i t 1);
configList = (parseConfig origConfigText) ++ extraConfig;
in
builtins.listToAttrs (map makePair (lib.lists.reverseList configList));
# used to (ostensibly) keep compatibility for those running stable versions of nixos
rustOlder = version: withRust && (lib.versionOlder rustc.version version);
@ -83,40 +124,54 @@ let
rustAtLeast = version: withRust && (lib.versionAtLeast rustc.version version);
bindgenAtLeast = version: withRust && (lib.versionAtLeast rust-bindgen.unwrapped.version version);
in
(linuxKernel.manualConfig rec {
inherit stdenv lib;
(
linuxKernel.manualConfig rec {
inherit stdenv lib;
version = "6.12.12-asahi";
modDirVersion = version;
extraMeta.branch = "6.12";
version = "6.12.12-asahi";
modDirVersion = version;
extraMeta.branch = "6.12";
src = fetchFromGitHub {
# tracking: https://github.com/AsahiLinux/linux/tree/asahi-wip (w/ fedora verification)
owner = "AsahiLinux";
repo = "linux";
rev = "asahi-6.12.12-1";
hash = "sha256-910TiROccEleI/qB34DWh3M3bgP3SSCjEP9z7lD9BjM=";
};
src = fetchFromGitHub {
# tracking: https://github.com/AsahiLinux/linux/tree/asahi-wip (w/ fedora verification)
owner = "AsahiLinux";
repo = "linux";
rev = "asahi-6.12.12-1";
hash = "sha256-910TiROccEleI/qB34DWh3M3bgP3SSCjEP9z7lD9BjM=";
};
kernelPatches = [
{ name = "coreutils-fix";
patch = ./0001-fs-fcntl-accept-more-values-as-F_DUPFD_CLOEXEC-args.patch;
}
] ++ _kernelPatches;
kernelPatches = [
{
name = "coreutils-fix";
patch = ./0001-fs-fcntl-accept-more-values-as-F_DUPFD_CLOEXEC-args.patch;
}
]
++ _kernelPatches;
inherit configfile;
# hide Rust support from the nixpkgs infra to avoid it re-adding the rust packages.
# we can't use it until it's in stable and until we've evaluated the cross-compilation impact.
config = configAttrs // { "CONFIG_RUST" = "n"; };
} // (args.argsOverride or {})).overrideAttrs (old: if withRust then {
nativeBuildInputs = (old.nativeBuildInputs or []) ++ [
rust-bindgen
rustfmt
rustc
];
RUST_LIB_SRC = rustPlatform.rustLibSrc;
} else {});
inherit configfile;
# hide Rust support from the nixpkgs infra to avoid it re-adding the rust packages.
# we can't use it until it's in stable and until we've evaluated the cross-compilation impact.
config = configAttrs // {
"CONFIG_RUST" = "n";
};
}
// (args.argsOverride or { })
).overrideAttrs
(
old:
if withRust then
{
nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [
rust-bindgen
rustfmt
rustc
];
RUST_LIB_SRC = rustPlatform.rustLibSrc;
}
else
{ }
);
linux-asahi = (callPackage linux-asahi-pkg { });
in lib.recurseIntoAttrs (linuxPackagesFor linux-asahi)
in
lib.recurseIntoAttrs (linuxPackagesFor linux-asahi)

104
hosts/asahi/apple-silicon-support/packages/m1n1/default.nix
View file

@ -1,29 +1,36 @@
{ stdenv
, buildPackages
, lib
, fetchFromGitHub
, python3
, dtc
, imagemagick
, isRelease ? false
, withTools ? true
, withChainloading ? false
, rust-bin ? null
, customLogo ? null
{
stdenv,
buildPackages,
lib,
fetchFromGitHub,
python3,
dtc,
imagemagick,
isRelease ? false,
withTools ? true,
withChainloading ? false,
rust-bin ? null,
customLogo ? null,
}:
assert withChainloading -> rust-bin != null;
let
pyenv = python3.withPackages (p: with p; [
construct
pyserial
]);
pyenv = python3.withPackages (
p: with p; [
construct
pyserial
]
);
rustenv = rust-bin.selectLatestNightlyWith (toolchain: toolchain.minimal.override {
targets = [ "aarch64-unknown-none-softfloat" ];
});
in stdenv.mkDerivation rec {
rustenv = rust-bin.selectLatestNightlyWith (
toolchain:
toolchain.minimal.override {
targets = [ "aarch64-unknown-none-softfloat" ];
}
);
in
stdenv.mkDerivation rec {
pname = "m1n1";
version = "1.4.21";
@ -36,15 +43,18 @@ in stdenv.mkDerivation rec {
fetchSubmodules = true;
};
makeFlags = [ "ARCH=${stdenv.cc.targetPrefix}" ]
++ lib.optional isRelease "RELEASE=1"
++ lib.optional withChainloading "CHAINLOADING=1";
makeFlags = [
"ARCH=${stdenv.cc.targetPrefix}"
]
++ lib.optional isRelease "RELEASE=1"
++ lib.optional withChainloading "CHAINLOADING=1";
nativeBuildInputs = [
dtc
buildPackages.gcc
] ++ lib.optional withChainloading rustenv
++ lib.optional (customLogo != null) imagemagick;
]
++ lib.optional withChainloading rustenv
++ lib.optional (customLogo != null) imagemagick;
postPatch = ''
substituteInPlace proxyclient/m1n1/asm.py \
@ -72,30 +82,32 @@ in stdenv.mkDerivation rec {
mkdir -p $out/build
cp build/m1n1.bin $out/build
'' + (lib.optionalString withTools ''
mkdir -p $out/{bin,script,toolchain-bin}
cp -r proxyclient $out/script
cp -r tools $out/script
''
+ (lib.optionalString withTools ''
mkdir -p $out/{bin,script,toolchain-bin}
cp -r proxyclient $out/script
cp -r tools $out/script
for toolpath in $out/script/proxyclient/tools/*.py; do
tool=$(basename $toolpath .py)
script=$out/bin/m1n1-$tool
cat > $script <<EOF
#!/bin/sh
${pyenv}/bin/python $toolpath "\$@"
EOF
chmod +x $script
done
for toolpath in $out/script/proxyclient/tools/*.py; do
tool=$(basename $toolpath .py)
script=$out/bin/m1n1-$tool
cat > $script <<EOF
#!/bin/sh
${pyenv}/bin/python $toolpath "\$@"
EOF
chmod +x $script
done
GCC=${buildPackages.gcc}
BINUTILS=${buildPackages.binutils-unwrapped}
GCC=${buildPackages.gcc}
BINUTILS=${buildPackages.binutils-unwrapped}
ln -s $GCC/bin/${stdenv.cc.targetPrefix}gcc $out/toolchain-bin/
ln -s $GCC/bin/${stdenv.cc.targetPrefix}ld $out/toolchain-bin/
ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objcopy $out/toolchain-bin/
ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objdump $out/toolchain-bin/
ln -s $GCC/bin/${stdenv.cc.targetPrefix}nm $out/toolchain-bin/
'') + ''
ln -s $GCC/bin/${stdenv.cc.targetPrefix}gcc $out/toolchain-bin/
ln -s $GCC/bin/${stdenv.cc.targetPrefix}ld $out/toolchain-bin/
ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objcopy $out/toolchain-bin/
ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objdump $out/toolchain-bin/
ln -s $GCC/bin/${stdenv.cc.targetPrefix}nm $out/toolchain-bin/
'')
+ ''
runHook postInstall
'';
}

90
hosts/asahi/apple-silicon-support/packages/mesa-asahi-edge/default.nix
View file

@ -1,44 +1,56 @@
{ lib
, fetchFromGitLab
, mesa
{
lib,
fetchFromGitLab,
mesa,
}:
(mesa.override {
galliumDrivers = [ "softpipe" "llvmpipe" "asahi" ];
vulkanDrivers = [ "swrast" "asahi" ];
}).overrideAttrs (oldAttrs: {
version = "25.0.0-asahi";
src = fetchFromGitLab {
# tracking: https://pagure.io/fedora-asahi/mesa/commits/asahi
domain = "gitlab.freedesktop.org";
owner = "asahi";
repo = "mesa";
rev = "asahi-20241211";
hash = "sha256-Ny4M/tkraVLhUK5y6Wt7md1QBtqQqPDUv+aY4MpNA6Y=";
};
mesonFlags = let
badFlags = [
"-Dinstall-mesa-clc"
"-Dopencl-spirv"
"-Dgallium-nine"
];
isBadFlagList = f: builtins.map (b: lib.hasPrefix b f) badFlags;
isGoodFlag = f: !(builtins.foldl' (x: y: x || y) false (isBadFlagList f));
in (builtins.filter isGoodFlag oldAttrs.mesonFlags) ++ [
# we do not build any graphics drivers these features can be enabled for
"-Dgallium-va=disabled"
"-Dgallium-vdpau=disabled"
"-Dgallium-xa=disabled"
];
# replace patches with ones tweaked slightly to apply to this version
patches = [
./opencl.patch
galliumDrivers = [
"softpipe"
"llvmpipe"
"asahi"
];
vulkanDrivers = [
"swrast"
"asahi"
];
}).overrideAttrs
(oldAttrs: {
version = "25.0.0-asahi";
src = fetchFromGitLab {
# tracking: https://pagure.io/fedora-asahi/mesa/commits/asahi
domain = "gitlab.freedesktop.org";
owner = "asahi";
repo = "mesa";
rev = "asahi-20241211";
hash = "sha256-Ny4M/tkraVLhUK5y6Wt7md1QBtqQqPDUv+aY4MpNA6Y=";
};
postInstall = (oldAttrs.postInstall or "") + ''
# we don't build anything to go in this output but it needs to exist
touch $spirv2dxil
'';
})
mesonFlags =
let
badFlags = [
"-Dinstall-mesa-clc"
"-Dopencl-spirv"
"-Dgallium-nine"
];
isBadFlagList = f: builtins.map (b: lib.hasPrefix b f) badFlags;
isGoodFlag = f: !(builtins.foldl' (x: y: x || y) false (isBadFlagList f));
in
(builtins.filter isGoodFlag oldAttrs.mesonFlags)
++ [
# we do not build any graphics drivers these features can be enabled for
"-Dgallium-va=disabled"
"-Dgallium-vdpau=disabled"
"-Dgallium-xa=disabled"
];
# replace patches with ones tweaked slightly to apply to this version
patches = [
./opencl.patch
];
postInstall = (oldAttrs.postInstall or "") + ''
# we don't build anything to go in this output but it needs to exist
touch $spirv2dxil
'';
})

34
hosts/asahi/apple-silicon-support/packages/uboot-asahi/default.nix
View file

@ -1,7 +1,8 @@
{ lib
, fetchFromGitHub
, buildUBoot
, m1n1
{
lib,
fetchFromGitHub,
buildUBoot,
m1n1,
}:
(buildUBoot rec {
@ -28,17 +29,18 @@
CONFIG_VIDEO_FONT_16X32=y
CONFIG_CMD_BOOTMENU=y
'';
}).overrideAttrs (o: {
# nixos's downstream patches are not applicable
patches = [
];
}).overrideAttrs
(o: {
# nixos's downstream patches are not applicable
patches = [
];
# DTC= flag somehow breaks DTC compilation so we remove it
makeFlags = builtins.filter (s: (!(lib.strings.hasPrefix "DTC=" s))) o.makeFlags;
# DTC= flag somehow breaks DTC compilation so we remove it
makeFlags = builtins.filter (s: (!(lib.strings.hasPrefix "DTC=" s))) o.makeFlags;
preInstall = ''
# compress so that m1n1 knows U-Boot's size and can find things after it
gzip -n u-boot-nodtb.bin
cat ${m1n1}/build/m1n1.bin arch/arm/dts/t[68]*.dtb u-boot-nodtb.bin.gz > m1n1-u-boot.bin
'';
})
preInstall = ''
# compress so that m1n1 knows U-Boot's size and can find things after it
gzip -n u-boot-nodtb.bin
cat ${m1n1}/build/m1n1.bin arch/arm/dts/t[68]*.dtb u-boot-nodtb.bin.gz > m1n1-u-boot.bin
'';
})

173
hosts/asahi/configuration.nix
View file

@ -2,108 +2,111 @@
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
imports = [
../global.nix
./hardware-configuration.nix
<apple-silicon-support/apple-silicon-support>
];
imports = [
../global.nix
./hardware-configuration.nix
<apple-silicon-support/apple-silicon-support>
];
# Use the systemd-boot EFI boot loader.
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = false;
};
# Use the systemd-boot EFI boot loader.
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = false;
};
networking = {
hostName = "nixos-asahi";
firewall.enable = false;
networkmanager.enable = true;
};
networking = {
hostName = "nixos-asahi";
firewall.enable = false;
networkmanager.enable = true;
};
# Set your time zone.
time.timeZone = "Europe/Paris";
# Set your time zone.
time.timeZone = "Europe/Paris";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus32";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus32";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Enable the X11 windowing system.
# services.xserver.enable = true;
services = {
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
postgresql = {
enable = true;
};
greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --remember --remember-user-session --time --cmd Hyprland";
};
};
};
};
services = {
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
postgresql = {
enable = true;
};
greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --remember --remember-user-session --time --cmd Hyprland";
};
};
};
};
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# services.pulseaudio.enable = true;
# OR
# services.pipewire = {
# enable = true;
# pulse.enable = true;
# };
# Enable sound.
# services.pulseaudio.enable = true;
# OR
# services.pipewire = {
# enable = true;
# pulse.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
programs.firefox.enable = true;
powerManagement.cpuFreqGovernor = "performance";
programs.firefox.enable = true;
powerManagement.cpuFreqGovernor = "performance";
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
mesa
git
vim
wget
];
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
mesa
git
vim
wget
];
virtualisation.docker.enable = true;
virtualisation.docker.enable = true;
xdg.portal = {
enable = true;
extraPortals = [
pkgs.xdg-desktop-portal-hyprland
];
config.common.default = "*";
};
xdg.portal = {
enable = true;
extraPortals = [
pkgs.xdg-desktop-portal-hyprland
];
config.common.default = "*";
};
system.stateVersion = "25.05"; # Did you read the comment?
system.stateVersion = "25.05"; # Did you read the comment?
}

40
hosts/asahi/hardware-configuration.nix
View file

@ -1,28 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "usb_storage" "sdhci_pci" ];
boot.initrd.availableKernelModules = [
"usb_storage"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/6b7a615f-ed15-4dbc-9d6b-aac66c679bac";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/6b7a615f-ed15-4dbc-9d6b-aac66c679bac";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/4D74-1AFF";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/4D74-1AFF";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
swapDevices = [ ];

260
hosts/fix/configuration.nix
View file

@ -1,141 +1,147 @@
{ inputs, config, pkgs, lib, ... }:
{
inputs,
config,
pkgs,
lib,
...
}:
{
imports = [
../global.nix
./hardware-configuration.nix
../../modules/games/global.nix
../../services/discord.nix
../../services/games.nix
];
imports = [
../global.nix
./hardware-configuration.nix
../../modules/games/global.nix
../../services/discord.nix
../../services/games.nix
];
networking = {
hostName = "nixos-fix";
firewall.enable = false;
networkmanager.enable = true;
wireless.enable = false;
};
networking = {
hostName = "nixos-fix";
firewall.enable = false;
networkmanager.enable = true;
wireless.enable = false;
};
games = {
lutris = true;
};
service = {
minecraft = {
enium-pv = true;
};
bot_discord = {
master = true;
music = true;
tempvoc = true;
ticket = true;
};
};
games = {
lutris = true;
};
service = {
minecraft = {
enium-pv = true;
};
bot_discord = {
master = true;
music = true;
tempvoc = true;
ticket = true;
};
};
security.pam.services = {
greetd = {
enableGnomeKeyring = true;
};
swaylock = {};
};
security.pam.services = {
greetd = {
enableGnomeKeyring = true;
};
swaylock = { };
};
users = {
defaultUserShell = pkgs.zsh;
users = {
deb = {
isNormalUser = true;
initialPassword = "pasadmin1234";
description = "deb";
useDefaultShell = true;
extraGroups = [
"networkmanager"
"dialout"
"docker"
"video"
];
packages = with pkgs; [
gnome-session
home-manager
];
};
};
};
users = {
defaultUserShell = pkgs.zsh;
users = {
deb = {
isNormalUser = true;
initialPassword = "pasadmin1234";
description = "deb";
useDefaultShell = true;
extraGroups = [
"networkmanager"
"dialout"
"docker"
"video"
];
packages = with pkgs; [
gnome-session
home-manager
];
};
};
};
# Bootloader.
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
# Bootloader.
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
environment.systemPackages = with pkgs; [
wine-staging
lutris
dxvk
vkd3d
];
environment.systemPackages = with pkgs; [
wine-staging
lutris
dxvk
vkd3d
];
programs = {
appimage = {
enable = true;
binfmt = true;
package = pkgs.appimage-run.override { extraPkgs = pkgs: [ pkgs.libthai ]; };
};
hyprland = {
enable = true;
xwayland.enable = true;
};
steam = {
enable = true;
gamescopeSession.enable = true;
};
gamemode.enable = true;
};
programs = {
appimage = {
enable = true;
binfmt = true;
package = pkgs.appimage-run.override { extraPkgs = pkgs: [ pkgs.libthai ]; };
};
hyprland = {
enable = true;
xwayland.enable = true;
};
steam = {
enable = true;
gamescopeSession.enable = true;
};
gamemode.enable = true;
};
services = {
seatd.enable = true;
xserver = {
desktopManager.gnome.enable = true;
displayManager.gdm.wayland = true;
};
dbus.enable = true;
openssh = {
enable = true;
ports = [ 42131 ];
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
udev.extraRules = ''
SUBSYSTEM=="usb", ATTR{idVendor}=="0483", ATTR{idProduct}=="5740", MODE="0666"
'';
redis.servers."" = {
enable = true;
};
postgresql = {
enable = true;
};
greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --remember --user-menu --remember-user-session --time";
};
};
};
};
services = {
seatd.enable = true;
xserver = {
desktopManager.gnome.enable = true;
displayManager.gdm.wayland = true;
};
dbus.enable = true;
openssh = {
enable = true;
ports = [ 42131 ];
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
udev.extraRules = ''
SUBSYSTEM=="usb", ATTR{idVendor}=="0483", ATTR{idProduct}=="5740", MODE="0666"
'';
redis.servers."" = {
enable = true;
};
postgresql = {
enable = true;
};
greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --remember --user-menu --remember-user-session --time";
};
};
};
};
virtualisation.docker.enable = true;
virtualisation.docker.enable = true;
xdg.portal = {
enable = true;
extraPortals = [
pkgs.xdg-desktop-portal-hyprland
];
config.common.default = "*";
};
xdg.portal = {
enable = true;
extraPortals = [
pkgs.xdg-desktop-portal-hyprland
];
config.common.default = "*";
};
system.stateVersion = "24.05";
system.stateVersion = "24.05";
}

14
hosts/fix/hardware-configuration.nix
View file

@ -1,7 +1,13 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
@ -17,12 +23,12 @@
"usbhid"
"sd_mod"
];
kernelModules = [];
kernelModules = [ ];
};
kernelModules = [
"kvm-intel"
];
extraModulePackages = [];
extraModulePackages = [ ];
};
fileSystems = {
@ -54,7 +60,7 @@
# networking.interfaces.docker0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
services.xserver.videoDrivers = ["nvidia"];
services.xserver.videoDrivers = [ "nvidia" ];
hardware = {
graphics.enable = true;

187
hosts/global.nix
View file

@ -1,101 +1,106 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
documentation = {
enable = true;
man.enable = true;
dev.enable = true;
};
documentation = {
enable = true;
man.enable = true;
dev.enable = true;
};
time.timeZone = "Europe/Paris";
time.timeZone = "Europe/Paris";
security.pam.services.swaylock = {};
security.pam.services.swaylock = { };
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "fr_FR.UTF-8";
LC_IDENTIFICATION = "fr_FR.UTF-8";
LC_MEASUREMENT = "fr_FR.UTF-8";
LC_MONETARY = "fr_FR.UTF-8";
LC_NAME = "fr_FR.UTF-8";
LC_NUMERIC = "fr_FR.UTF-8";
LC_PAPER = "fr_FR.UTF-8";
LC_TELEPHONE = "fr_FR.UTF-8";
LC_TIME = "fr_FR.UTF-8";
};
};
users = {
defaultUserShell = pkgs.zsh;
users = {
raphael = {
isNormalUser = true;
description = "raphael";
useDefaultShell = true;
extraGroups = [
"networkmanager"
"dialout"
"plugdev"
"wheel"
"docker"
"video"
];
packages = with pkgs; [
home-manager
];
};
};
};
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "fr_FR.UTF-8";
LC_IDENTIFICATION = "fr_FR.UTF-8";
LC_MEASUREMENT = "fr_FR.UTF-8";
LC_MONETARY = "fr_FR.UTF-8";
LC_NAME = "fr_FR.UTF-8";
LC_NUMERIC = "fr_FR.UTF-8";
LC_PAPER = "fr_FR.UTF-8";
LC_TELEPHONE = "fr_FR.UTF-8";
LC_TIME = "fr_FR.UTF-8";
};
};
users = {
defaultUserShell = pkgs.zsh;
users = {
raphael = {
isNormalUser = true;
description = "raphael";
useDefaultShell = true;
extraGroups = [
"networkmanager"
"dialout"
"plugdev"
"wheel"
"docker"
"video"
];
packages = with pkgs; [
home-manager
];
};
};
};
nixpkgs.config.allowUnfree = true;
nixpkgs.config.allowUnfree = true;
nix.settings = {
download-buffer-size = 1048576;
experimental-features = [
"nix-command"
"flakes"
];
};
nix.settings = {
download-buffer-size = 1048576;
experimental-features = [
"nix-command"
"flakes"
];
};
programs = {
zsh.enable = true;
};
programs = {
zsh.enable = true;
};
environment.systemPackages = with pkgs; [
bat
cairo
dconf
fastfetch
git
home-manager
lego
libjpeg
libpng
libuuid
linux-manual
man
man-pages
man-pages-posix
networkmanager
openssl
pkg-config
postgresql
protonup
python3
python3Packages.pip
qflipper
ripgrep
swaylock
swaylock-fancy
tmux
unzip
vim
wget
wl-clipboard
xclip
xdg-desktop-portal-hyprland
xsel
yarn
zsh
];
environment.systemPackages = with pkgs; [
bat
cairo
dconf
fastfetch
git
home-manager
lego
libjpeg
libpng
libuuid
linux-manual
man
man-pages
man-pages-posix
networkmanager
openssl
pkg-config
postgresql
protonup
python3
python3Packages.pip
qflipper
ripgrep
swaylock
swaylock-fancy
tmux
unzip
vim
wget
wl-clipboard
xclip
xdg-desktop-portal-hyprland
xsel
yarn
zsh
];
}

89
hosts/server/configuration.nix
View file

@ -1,18 +1,12 @@
# **************************************************************************** #
# #
# ::: :::::::: #
# configuration.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: rparodi <rparodi@student.42.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/10/02 00:54:38 by rparodi #+# #+# #
# Updated: 2025/10/02 11:44:15 by rparodi ### ########.fr #
# #
# **************************************************************************** #
{
inputs,
config,
pkgs,
lib,
...
}:
{ inputs, config, pkgs, lib, ... }:
{
{
imports = [
../global.nix
./hardware-configuration.nix
@ -57,14 +51,6 @@
};
};
programs = {
steam = {
enable = true;
gamescopeSession.enable = true;
};
gamemode.enable = true;
};
users = {
defaultUserShell = pkgs.zsh;
users = {
@ -85,7 +71,6 @@
};
};
# Bootloader.
boot.loader = {
systemd-boot.enable = true;
@ -94,44 +79,34 @@
services = {
seatd.enable = true;
displayManager = {
defaultSession = "steam";
gdm.enable = true;
autoLogin = {
enable = true;
user = "raphael";
};
};
xserver = {
enable = true;
videoDrivers = [
"nvidia"
];
};
dbus.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
openssh = {
enable = true;
ports = [ 42131 ];
};
udev.extraRules = ''
SUBSYSTEM=="usb", ATTR{idVendor}=="0483", ATTR{idProduct}=="5740", MODE="0666"
'';
redis.servers."" = {
enable = true;
};
postgresql = {
enable = true;
};
dbus.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
virtualisation.docker.enable = true;
system.stateVersion = "24.05";
}
openssh = {
enable = true;
ports = [ 42131 ];
};
udev.extraRules = ''
SUBSYSTEM=="usb", ATTR{idVendor}=="0483", ATTR{idProduct}=="5740", MODE="0666"
'';
redis.servers."" = {
enable = true;
};
postgresql = {
enable = true;
};
};
virtualisation.docker.enable = true;
system.stateVersion = "24.05";
}

128
hosts/server/hardware-configuration.nix
View file

@ -1,73 +1,79 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
# services.dbus.enable = true;
boot = {
initrd = {
availableKernelModules = [
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
];
kernelModules = [];
};
kernelModules = [
"kvm-intel"
];
extraModulePackages = [];
};
# services.dbus.enable = true;
boot = {
initrd = {
availableKernelModules = [
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
];
kernelModules = [ ];
};
kernelModules = [
"kvm-intel"
];
extraModulePackages = [ ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/a943d592-57d3-497e-bf43-49b50ac73f0b";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/5AAB-0026";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
"/mnt/data" = {
device = "/dev/disk/by-uuid/5729d30c-5806-4ccd-8a2a-080a258084dc";
fsType = "ext4";
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/a943d592-57d3-497e-bf43-49b50ac73f0b";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/5AAB-0026";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
"/mnt/data" = {
device = "/dev/disk/by-uuid/5729d30c-5806-4ccd-8a2a-080a258084dc";
fsType = "ext4";
};
};
swapDevices = [ ];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.docker0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
services.xserver.videoDrivers = ["nvidia"];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.docker0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
hardware = {
graphics.enable = true;
nvidia = {
open = false;
modesetting.enable = true;
powerManagement.enable = false;
powerManagement.finegrained = false;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
};
services.xserver.videoDrivers = [ "nvidia" ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware = {
graphics.enable = true;
nvidia = {
open = false;
modesetting.enable = true;
powerManagement.enable = false;
powerManagement.finegrained = false;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

47
modules/games/global.nix
View file

@ -1,21 +1,38 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
lutris = import ./lutris.nix {
inherit config pkgs lib;
};
cfg = config.games;
lutris = import ./lutris.nix {
inherit config pkgs lib;
};
cfg = config.games;
in
{
imports = [
lutris
];
imports = [
lutris
];
options.games = {
lutris = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable lutris";
};
};
options.games = {
steam = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable steam installation";
};
bp = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable the autostart of steam in big picture";
};
};
lutris = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable lutris";
};
};
}

25
modules/games/lutris.nix
View file

@ -1,15 +1,20 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.games.lutris;
cfg = config.games.lutris;
in
{
config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [
wine-staging
lutris
dxvk
vkd3d
];
};
config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [
wine-staging
lutris
dxvk
vkd3d
];
};
}

49
modules/games/steam.nix Normal file
View file

@ -0,0 +1,49 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.games.steam;
in
{
config = lib.mkIf cfg.enable {
programs.steam = {
enable = true;
gamescopeSession.enable = true;
extraCompatPackages = with pkgs; [
proton-ge-bin
];
};
programs.gamemode.enable = true;
systemd.user.services."steam-bp" = lib.mkIf cfg.bp {
description = "Steam Big Picture auto start";
wantedBy = [ "graphical-session.target" ];
serviceConfig = {
ExecStart = "${pkgs.steam}/bin/steam -tenfoot -fulldesktopres";
Restart = "on-failure";
Environment = [
"SDL_VIDEO_X11_DGAMOUSE=0"
"STEAM_USE_OGL=1"
"GAMEMODERUNEXEC=1"
];
};
};
services = {
desktopManager.plasma6.enable = lib.mkIf cfg.bp true;
displayManager = lib.mkIf cfg.bp {
defaultSession = "plasmax11";
sddm.enable = true;
autoLogin = {
enable = true;
user = "raphael";
};
};
};
};
}

71
services/bot_discord/ada.nix
View file

@ -1,39 +1,44 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.service.bot_discord.ada;
cfg = config.service.bot_discord.ada;
in
{
config = lib.mkIf cfg {
users = {
groups.dsc_ada = {
name = "dsc_ada";
};
users.dsc_ada = {
description = "Utilisateur pour le bot Ada";
group = "dsc_ada";
home = "/opt/Ada";
isSystemUser = true;
};
};
config = lib.mkIf cfg {
users = {
groups.dsc_ada = {
name = "dsc_ada";
};
users.dsc_ada = {
description = "Utilisateur pour le bot Ada";
group = "dsc_ada";
home = "/opt/Ada";
isSystemUser = true;
};
};
systemd.services.bot_ada = {
description = "Ada (chdoe asso) discord bot public";
after = [
"network.target"
];
wantedBy = [
"multi-user.target"
];
serviceConfig = {
Type = "simple";
User = "dsc_ada";
WorkingDirectory = "/opt/Ada";
ExecStart = "/opt/Ada/bot.py";
EnvironmentFile = "/opt/Ada/.env";
Restart = "on-failure";
RestartSec = 5;
};
};
};
systemd.services.bot_ada = {
description = "Ada (chdoe asso) discord bot public";
after = [
"network.target"
];
wantedBy = [
"multi-user.target"
];
serviceConfig = {
Type = "simple";
User = "dsc_ada";
WorkingDirectory = "/opt/Ada";
ExecStart = "/opt/Ada/bot.py";
EnvironmentFile = "/opt/Ada/.env";
Restart = "on-failure";
RestartSec = 5;
};
};
};
}

71
services/bot_discord/bde.nix
View file

@ -1,39 +1,44 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.service.bot_discord.bde;
cfg = config.service.bot_discord.bde;
in
{
config = lib.mkIf cfg {
users = {
groups.dsc_bde = {
name = "dsc_bde";
};
users.dsc_bde = {
description = "Utilisateur pour le bot BDE";
group = "dsc_bde";
home = "/opt/bde";
isSystemUser = true;
};
};
config = lib.mkIf cfg {
users = {
groups.dsc_bde = {
name = "dsc_bde";
};
users.dsc_bde = {
description = "Utilisateur pour le bot BDE";
group = "dsc_bde";
home = "/opt/bde";
isSystemUser = true;
};
};
systemd.services.bot_bde = {
description = "BDE discord bot public";
after = [
"network.target"
];
wantedBy = [
"multi-user.target"
];
serviceConfig = {
Type = "simple";
User = "dsc_bde";
WorkingDirectory = "/opt/Bde";
ExecStart = "/opt/Bde/.venv/bin/python /opt/Bde/bot.py";
EnvironmentFile = "/opt/Bde/.env";
Restart = "on-failure";
RestartSec = 5;
};
};
};
systemd.services.bot_bde = {
description = "BDE discord bot public";
after = [
"network.target"
];
wantedBy = [
"multi-user.target"
];
serviceConfig = {
Type = "simple";
User = "dsc_bde";
WorkingDirectory = "/opt/Bde";
ExecStart = "/opt/Bde/.venv/bin/python /opt/Bde/bot.py";
EnvironmentFile = "/opt/Bde/.env";
Restart = "on-failure";
RestartSec = 5;
};
};
};
}

71
services/bot_discord/bot_loc.nix
View file

@ -1,39 +1,44 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.service.bot_discord.tut;
cfg = config.service.bot_discord.tut;
in
{
config = lib.mkIf cfg {
users = {
groups.dsc_loc = {
name = "dsc_loc";
};
users.dsc_loc = {
description = "Utilisateur pour le bot tut";
group = "dsc_loc";
home = "/opt/alerte_poste-master";
isSystemUser = true;
};
};
config = lib.mkIf cfg {
users = {
groups.dsc_loc = {
name = "dsc_loc";
};
users.dsc_loc = {
description = "Utilisateur pour le bot tut";
group = "dsc_loc";
home = "/opt/alerte_poste-master";
isSystemUser = true;
};
};
systemd.services.bot_loc = {
description = "loc discord bot public";
after = [
"network.target"
];
wantedBy = [
"multi-user.target"
];
serviceConfig = {
Type = "simple";
User = "dsc_loc";
WorkingDirectory = "/opt/alerte-poste";
ExecStart = "/opt/alerte-poste/.venv/bin/python /opt/alerte-poste/src/main.py";
EnvironmentFile = "/opt/alerte-poste/.env";
Restart = "on-failure";
RestartSec = 5;
};
};
};
systemd.services.bot_loc = {
description = "loc discord bot public";
after = [
"network.target"
];
wantedBy = [
"multi-user.target"
];
serviceConfig = {
Type = "simple";
User = "dsc_loc";
WorkingDirectory = "/opt/alerte-poste";
ExecStart = "/opt/alerte-poste/.venv/bin/python /opt/alerte-poste/src/main.py";
EnvironmentFile = "/opt/alerte-poste/.env";
Restart = "on-failure";
RestartSec = 5;
};
};
};
}

87
services/bot_discord/marty.nix
View file

@ -1,47 +1,52 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.service.bot_discord.marty;
cfg = config.service.bot_discord.marty;
in
{
config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [
nodejs
];
users = {
groups.dsc_marty = {
name = "dsc_marty";
};
users.dsc_marty = {
description = "Utilisateur pour le bot BDE";
group = "dsc_marty";
home = "/opt/marty";
isSystemUser = true;
};
};
config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [
nodejs
];
users = {
groups.dsc_marty = {
name = "dsc_marty";
};
users.dsc_marty = {
description = "Utilisateur pour le bot BDE";
group = "dsc_marty";
home = "/opt/marty";
isSystemUser = true;
};
};
systemd.services.bot_marty = {
description = "marty discord bot";
after = [
"network.target"
];
wantedBy = [
"multi-user.target"
];
serviceConfig = {
Type = "simple";
User = "dsc_marty";
WorkingDirectory = "/opt/marty";
Environment = "PATH=${pkgs.coreutils}/bin:${pkgs.bash}/bin:${pkgs.nodejs}/bin";
ExecStartPre = [
"${pkgs.nodejs}/bin/npm install"
"${pkgs.nodejs}/bin/npm run build"
];
ExecStart = "${pkgs.nodejs}/bin/npm run start-prod";
EnvironmentFile = "/opt/marty/.env";
Restart = "on-failure";
RestartSec = 5;
};
};
};
systemd.services.bot_marty = {
description = "marty discord bot";
after = [
"network.target"
];
wantedBy = [
"multi-user.target"
];
serviceConfig = {
Type = "simple";
User = "dsc_marty";
WorkingDirectory = "/opt/marty";
Environment = "PATH=${pkgs.coreutils}/bin:${pkgs.bash}/bin:${pkgs.nodejs}/bin";
ExecStartPre = [
"${pkgs.nodejs}/bin/npm install"
"${pkgs.nodejs}/bin/npm run build"
];
ExecStart = "${pkgs.nodejs}/bin/npm run start-prod";
EnvironmentFile = "/opt/marty/.env";
Restart = "on-failure";
RestartSec = 5;
};
};
};
}

77
services/bot_discord/master.nix
View file

@ -1,41 +1,46 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.service.bot_discord.master;
cfg = config.service.bot_discord.master;
in
{
config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [
go
];
users = {
groups.dsc_master = {
name = "dsc_master";
};
users.dsc_master = {
description = "Utilisateur pour le bot master";
group = "dsc_master";
home = "/opt/master";
isSystemUser = true;
};
};
systemd.services.yagpdb = {
description = "Enium discord master bot";
after = [
"network.target"
];
wantedBy = [
"multi-user.target"
];
serviceConfig = {
Type = "simple";
User = "dsc_master";
WorkingDirectory = "/opt/yagpdb/cmd/yagpdb";
ExecStart = "/opt/yagpdb/cmd/yagpdb/yagpdb -all -pa";
EnvironmentFile = "/opt/yagpdb/cmd/yagpdb/sampleenvfile";
Restart = "on-failure";
RestartSec = 5;
};
};
};
config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [
go
];
users = {
groups.dsc_master = {
name = "dsc_master";
};
users.dsc_master = {
description = "Utilisateur pour le bot master";
group = "dsc_master";
home = "/opt/master";
isSystemUser = true;
};
};
systemd.services.yagpdb = {
description = "Enium discord master bot";
after = [
"network.target"
];
wantedBy = [
"multi-user.target"
];
serviceConfig = {
Type = "simple";
User = "dsc_master";
WorkingDirectory = "/opt/yagpdb/cmd/yagpdb";
ExecStart = "/opt/yagpdb/cmd/yagpdb/yagpdb -all -pa";
EnvironmentFile = "/opt/yagpdb/cmd/yagpdb/sampleenvfile";
Restart = "on-failure";
RestartSec = 5;
};
};
};
}

69
services/bot_discord/music.nix
View file

@ -1,37 +1,42 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.service.bot_discord.music;
cfg = config.service.bot_discord.music;
in
{
config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [
nodejs
];
users = {
groups.dsc_music = {
name = "dsc_music";
};
users.dsc_music = {
description = "Utilisateur pour le bot music";
group = "dsc_music";
home = "/opt/music";
isSystemUser = true;
};
};
systemd.services.music = {
description = "Enium discord bot for music";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = "dsc_music";
WorkingDirectory = "/opt/music";
ExecStart = "${pkgs.nodejs}/bin/npm start";
Environment = "PATH=${pkgs.coreutils}/bin:${pkgs.bash}/bin:${pkgs.nodejs}/bin";
Restart = "on-failure";
RestartSec = 5;
};
};
};
config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [
nodejs
];
users = {
groups.dsc_music = {
name = "dsc_music";
};
users.dsc_music = {
description = "Utilisateur pour le bot music";
group = "dsc_music";
home = "/opt/music";
isSystemUser = true;
};
};
systemd.services.music = {
description = "Enium discord bot for music";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = "dsc_music";
WorkingDirectory = "/opt/music";
ExecStart = "${pkgs.nodejs}/bin/npm start";
Environment = "PATH=${pkgs.coreutils}/bin:${pkgs.bash}/bin:${pkgs.nodejs}/bin";
Restart = "on-failure";
RestartSec = 5;
};
};
};
}

69
services/bot_discord/tempvoc.nix
View file

@ -1,37 +1,42 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.service.bot_discord.tempvoc;
cfg = config.service.bot_discord.tempvoc;
in
{
config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [
nodejs
];
users = {
groups.dsc_tempvoc = {
name = "dsc_tempvoc";
};
users.dsc_tempvoc = {
description = "Utilisateur pour le bot tempvoc";
group = "dsc_tempvoc";
home = "/opt/tempvoc";
isSystemUser = true;
};
};
systemd.services.tempvoc = {
description = "Enium discord bot for tempvoc";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = "dsc_tempvoc";
WorkingDirectory = "/opt/tempvoc";
ExecStart = "${pkgs.nodejs}/bin/npm start";
Environment = "PATH=${pkgs.coreutils}/bin:${pkgs.bash}/bin:${pkgs.nodejs}/bin";
Restart = "on-failure";
RestartSec = 5;
};
};
};
config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [
nodejs
];
users = {
groups.dsc_tempvoc = {
name = "dsc_tempvoc";
};
users.dsc_tempvoc = {
description = "Utilisateur pour le bot tempvoc";
group = "dsc_tempvoc";
home = "/opt/tempvoc";
isSystemUser = true;
};
};
systemd.services.tempvoc = {
description = "Enium discord bot for tempvoc";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = "dsc_tempvoc";
WorkingDirectory = "/opt/tempvoc";
ExecStart = "${pkgs.nodejs}/bin/npm start";
Environment = "PATH=${pkgs.coreutils}/bin:${pkgs.bash}/bin:${pkgs.nodejs}/bin";
Restart = "on-failure";
RestartSec = 5;
};
};
};
}

69
services/bot_discord/ticket.nix
View file

@ -1,37 +1,42 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.service.bot_discord.ticket;
cfg = config.service.bot_discord.ticket;
in
{
config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [
nodejs
];
users = {
groups.dsc_ticket = {
name = "dsc_ticket";
};
users.dsc_ticket = {
description = "Utilisateur pour le bot ticket";
group = "dsc_ticket";
home = "/opt/ticket";
isSystemUser = true;
};
};
systemd.services.ticket = {
description = "Service for ticket";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = "dsc_ticket";
WorkingDirectory = "/opt/ticket";
ExecStart = "${pkgs.nodejs}/bin/npm start";
Environment = "PATH=${pkgs.coreutils}/bin:${pkgs.bash}/bin:${pkgs.nodejs}/bin";
Restart = "on-failure";
RestartSec = 5;
};
};
};
config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [
nodejs
];
users = {
groups.dsc_ticket = {
name = "dsc_ticket";
};
users.dsc_ticket = {
description = "Utilisateur pour le bot ticket";
group = "dsc_ticket";
home = "/opt/ticket";
isSystemUser = true;
};
};
systemd.services.ticket = {
description = "Service for ticket";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = "dsc_ticket";
WorkingDirectory = "/opt/ticket";
ExecStart = "${pkgs.nodejs}/bin/npm start";
Environment = "PATH=${pkgs.coreutils}/bin:${pkgs.bash}/bin:${pkgs.nodejs}/bin";
Restart = "on-failure";
RestartSec = 5;
};
};
};
}

161
services/discord.nix
View file

@ -1,84 +1,89 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
master_bot = import ./bot_discord/master.nix {
inherit config pkgs lib;
};
music_bot = import ./bot_discord/music.nix {
inherit config pkgs lib;
};
tempvoc_bot = import ./bot_discord/tempvoc.nix {
inherit config pkgs lib;
};
ada_bot = import ./bot_discord/ada.nix {
inherit config pkgs lib;
};
tut_bot = import ./bot_discord/bot_loc.nix {
inherit config pkgs lib;
};
bde_bot = import ./bot_discord/bde.nix {
inherit config pkgs lib;
};
marty_bot = import ./bot_discord/marty.nix {
inherit config pkgs lib;
};
ticket_bot = import ./bot_discord/ticket.nix {
inherit config pkgs lib;
};
cfg = config.service.bot_discord;
master_bot = import ./bot_discord/master.nix {
inherit config pkgs lib;
};
music_bot = import ./bot_discord/music.nix {
inherit config pkgs lib;
};
tempvoc_bot = import ./bot_discord/tempvoc.nix {
inherit config pkgs lib;
};
ada_bot = import ./bot_discord/ada.nix {
inherit config pkgs lib;
};
tut_bot = import ./bot_discord/bot_loc.nix {
inherit config pkgs lib;
};
bde_bot = import ./bot_discord/bde.nix {
inherit config pkgs lib;
};
marty_bot = import ./bot_discord/marty.nix {
inherit config pkgs lib;
};
ticket_bot = import ./bot_discord/ticket.nix {
inherit config pkgs lib;
};
cfg = config.service.bot_discord;
in
{
imports = [
ada_bot
bde_bot
tut_bot
master_bot
music_bot
tempvoc_bot
ticket_bot
marty_bot
];
imports = [
ada_bot
bde_bot
tut_bot
master_bot
music_bot
tempvoc_bot
ticket_bot
marty_bot
];
options.service.bot_discord = {
master = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable master bot";
};
ada = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable ada bot";
};
tut = lib.mkOption {
type = lib.types.bool;
default = false;
description = "enable tut bot";
};
bde = lib.mkOption {
type = lib.types.bool;
default = false;
description = "enable bde bot";
};
marty = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable marty bot";
};
music = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable music bot";
};
tempvoc = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable tempvoc bot";
};
ticket = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable ticket bot";
};
};
options.service.bot_discord = {
master = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable master bot";
};
ada = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable ada bot";
};
tut = lib.mkOption {
type = lib.types.bool;
default = false;
description = "enable tut bot";
};
bde = lib.mkOption {
type = lib.types.bool;
default = false;
description = "enable bde bot";
};
marty = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable marty bot";
};
music = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable music bot";
};
tempvoc = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable tempvoc bot";
};
ticket = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable ticket bot";
};
};
}

35
services/forty_two.nix
View file

@ -1,21 +1,26 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
irc = import ./forty_two/irc.nix {
inherit config pkgs lib;
};
cfg = config.service.forty_two;
irc = import ./forty_two/irc.nix {
inherit config pkgs lib;
};
cfg = config.service.forty_two;
in
{
imports = [
irc
];
imports = [
irc
];
options.service.forty_two = {
irc = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable the ft_irc server";
};
};
options.service.forty_two = {
irc = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable the ft_irc server";
};
};
}

83
services/forty_two/irc.nix
View file

@ -1,45 +1,50 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.service.forty_two.irc;
cfg = config.service.forty_two.irc;
in
{
config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [
llvmPackages.clang
llvmPackages.clang-tools
gnumake
];
users = {
groups.ft_irc = {
name = "ft_irc";
};
users.ft_irc = {
description = "Utilisateur the ft_irc server";
group = "ft_irc";
home = "/opt/irc/";
isSystemUser = true;
};
};
config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [
llvmPackages.clang
llvmPackages.clang-tools
gnumake
];
users = {
groups.ft_irc = {
name = "ft_irc";
};
users.ft_irc = {
description = "Utilisateur the ft_irc server";
group = "ft_irc";
home = "/opt/irc/";
isSystemUser = true;
};
};
systemd.services.ft_irc = {
description = "Upload our irc on my own server";
after = [
"network.target"
];
wantedBy = [
"multi-user.target"
];
serviceConfig = {
Type = "simple";
User = "ft_irc";
WorkingDirectory = "/opt/irc";
ExecStartPre = "${pkgs.git}/bin/git pull";
ExecStart = "/opt/irc/ircserv 4243 irc";
Restart = "on-failure";
RestartSec = 30;
RemainAfterExit = false;
};
};
};
systemd.services.ft_irc = {
description = "Upload our irc on my own server";
after = [
"network.target"
];
wantedBy = [
"multi-user.target"
];
serviceConfig = {
Type = "simple";
User = "ft_irc";
WorkingDirectory = "/opt/irc";
ExecStartPre = "${pkgs.git}/bin/git pull";
ExecStart = "/opt/irc/ircserv 4243 irc";
Restart = "on-failure";
RestartSec = 30;
RemainAfterExit = false;
};
};
};
}

17
services/games.nix
View file

@ -1,12 +1,23 @@
{ inputs, config, pkgs, lib, ... }:
{
inputs,
config,
pkgs,
lib,
...
}:
let
enium-pv = import ./games/minecraft.nix {
inherit inputs config pkgs lib;
inherit
inputs
config
pkgs
lib
;
};
cfg = config.service;
in
{
{
imports = [
enium-pv
];

64
services/games/minecraft.nix
View file

@ -1,36 +1,42 @@
{ inputs, config, pkgs, lib, ... }:
{
inputs,
config,
pkgs,
lib,
...
}:
let
cfg = config.service.games.enium-pv;
cfg = config.service.games.enium-pv;
in
{
imports = [
inputs.minecraft.nixosModules.minecraft-servers
];
imports = [
inputs.minecraft.nixosModules.minecraft-servers
];
config = lib.mkIf cfg {
nixpkgs.overlays = [
inputs.minecraft.overlay
];
services.minecraft-servers = {
enable = true;
eula = true;
config = lib.mkIf cfg {
nixpkgs.overlays = [
inputs.minecraft.overlay
];
services.minecraft-servers = {
enable = true;
eula = true;
servers.enium-pv = {
enable = true;
package = pkgs.fabricServers.fabric-1_20_1;
jvmOpts = "-Xms4092M -Xmx4092M";
serverProperties = {
difficulty = 3;
gamemode = 0;
max-players = 42;
motd = "§l §3 Enium Survival§r\n§l §b Whitelisted Server";
server-port = 64421;
spawn-protection=16;
white-list = true;
};
restart = "no";
};
};
};
servers.enium-pv = {
enable = true;
package = pkgs.fabricServers.fabric-1_20_1;
jvmOpts = "-Xms4092M -Xmx4092M";
serverProperties = {
difficulty = 3;
gamemode = 0;
max-players = 42;
motd = "§l §3 Enium Survival§r\n§l §b Whitelisted Server";
server-port = 64421;
spawn-protection = 16;
white-list = true;
};
restart = "no";
};
};
};
}

166
services/self_host.nix
View file

@ -1,71 +1,107 @@
{ inputs, config, pkgs, lib, ... }:
{
inputs,
config,
pkgs,
lib,
...
}:
let
htop = import ./self_host/htop.nix {
inherit inputs config pkgs lib;
};
mail = import ./self_host/mail.nix {
inherit inputs config pkgs lib;
};
monitor = import ./self_host/monitor.nix {
inherit inputs config pkgs lib;
};
teamspeak = import ./self_host/teamspeak.nix {
inherit inputs config pkgs lib;
};
ollama = import ./self_host/ollama.nix {
inherit inputs config pkgs lib;
};
nextcloud = import ./self_host/nextcloud.nix {
inherit inputs config pkgs lib;
};
cfg = config.service.selfhost;
htop = import ./self_host/htop.nix {
inherit
inputs
config
pkgs
lib
;
};
mail = import ./self_host/mail.nix {
inherit
inputs
config
pkgs
lib
;
};
monitor = import ./self_host/monitor.nix {
inherit
inputs
config
pkgs
lib
;
};
teamspeak = import ./self_host/teamspeak.nix {
inherit
inputs
config
pkgs
lib
;
};
ollama = import ./self_host/ollama.nix {
inherit
inputs
config
pkgs
lib
;
};
nextcloud = import ./self_host/nextcloud.nix {
inherit
inputs
config
pkgs
lib
;
};
cfg = config.service.selfhost;
in
{
imports = [
nextcloud
mail
htop
ollama
teamspeak
monitor
];
imports = [
nextcloud
mail
htop
ollama
teamspeak
monitor
];
config = {
services.nginx = {
enable = true;
};
};
options.service.selfhost = {
htop = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable the htop";
};
teamspeak = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable the teamspeak";
};
ollama = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable the ollama";
};
mail = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable the mail";
};
monitor = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable the monitor";
};
nextcloud = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable the nextcloud";
};
};
config = {
services.nginx = {
enable = true;
};
};
options.service.selfhost = {
htop = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable the htop";
};
teamspeak = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable the teamspeak";
};
ollama = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable the ollama";
};
mail = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable the mail";
};
monitor = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable the monitor";
};
nextcloud = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable the nextcloud";
};
};
}

35
services/self_host/htop.nix
View file

@ -1,21 +1,26 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.service.selfhost.monitor;
cfg = config.service.selfhost.monitor;
in
{
config = lib.mkIf cfg {
services = {
glances.enable = true;
config = lib.mkIf cfg {
services = {
glances.enable = true;
nginx.virtualHosts."htop.enium.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:61208";
proxyWebsockets = true;
};
};
};
};
nginx.virtualHosts."htop.enium.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:61208";
proxyWebsockets = true;
};
};
};
};
}

77
services/self_host/mail.nix
View file

@ -1,42 +1,47 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.service.selfhost.mail;
cfg = config.service.selfhost.mail;
in
{
config = lib.mkIf cfg {
services.rspamd.enable = true;
mailserver = {
enable = true;
stateVersion = 3;
fqdn = "mail.enium.eu";
domains = [
"enium.eu"
];
loginAccounts = {
"no-reply@enium.eu" = {
hashedPasswordFile = "/root/mail-passwd.txt";
};
};
certificateScheme = "acme-nginx";
};
config = lib.mkIf cfg {
services.rspamd.enable = true;
mailserver = {
enable = true;
stateVersion = 3;
fqdn = "mail.enium.eu";
domains = [
"enium.eu"
];
loginAccounts = {
"no-reply@enium.eu" = {
hashedPasswordFile = "/root/mail-passwd.txt";
};
};
certificateScheme = "acme-nginx";
};
services = {
roundcube = {
enable = true;
hostName = "mail.enium.eu";
extraConfig = ''
$config['smtp_host'] = "tls://mail.enium.eu";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
nginx = {
virtualHosts."mail.enium.eu" = {
forceSSL = true;
enableACME = true;
};
};
};
};
services = {
roundcube = {
enable = true;
hostName = "mail.enium.eu";
extraConfig = ''
$config['smtp_host'] = "tls://mail.enium.eu";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
nginx = {
virtualHosts."mail.enium.eu" = {
forceSSL = true;
enableACME = true;
};
};
};
};
}

341
services/self_host/monitor.nix
View file

@ -1,170 +1,189 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.service.selfhost.monitor;
monitored = [ "nginx" "grafana" ];
email = "raphael@enium.eu";
cfg = config.service.selfhost.monitor;
monitored = [
"nginx"
"grafana"
];
email = "raphael@enium.eu";
in
{
config = lib.mkIf cfg {
services.grafana = {
enable = true;
package = pkgs.grafana;
dataDir = "/var/lib/grafana";
};
environment.etc."process-exporter.json".text = builtins.toJSON {
procMatchers = lib.map (svc: {
name = svc;
cmdline = [
"${svc}:"
];
}) monitored;
};
systemd.services.process_exporter = {
description = "Prometheus Process Exporter";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.prometheus-process-exporter}/bin/process-exporter --config.path /etc/process-exporter.json";
Restart = "always";
};
};
services.prometheus = {
enable = true;
checkConfig = false;
exporters = {
blackbox = {
enable = true;
configFile = pkgs.writeText "blackbox-exporter.yml" ''
modules:
http_2xx:
prober: http
timeout: 5s
http:
valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
valid_status_codes: []
method: GET
no_follow_redirects: false
fail_if_not_ssl: false
'';
};
node.enable = true;
systemd.enable = true;
};
scrapeConfigs = [
{
job_name = "systemd_exporter";
metrics_path = "/metrics";
static_configs = [{
targets = [
"127.0.0.1:9558"
];
}];
}
{
job_name = "node_exporter";
static_configs = [{
targets = [
"127.0.0.1:9100"
];
}];
}
{
job_name = "process_exporter";
metrics_path = "/metrics";
scheme = "http";
static_configs = [{
targets = [
"127.0.0.1:9256"
];
}];
}
{
job_name = "blackbox_http_probe";
metrics_path = "/probe";
params = {
module = [
"http_2xx"
];
};
static_configs = [{
targets = [
"https://raphael.parodi.pro"
"https://nextcloud.enium.eu"
"https://htop.enium.eu"
"https://monitor.enium.eu"
"https://ollama.enium.eu"
"http://relance-pas-stp.me:4242"
];
}];
relabel_configs = [
{ source_labels = [ "__address__" ];
target_label = "__param_target";
}
{ source_labels = [ "__param_target" ];
target_label = "instance";
}
{ target_label = "__address__";
replacement = "127.0.0.1:9115";
}
];
proxy_url = "http://127.0.0.1:9115";
}
];
ruleFiles = lib.mkForce [ "/etc/prometheus/services.rules" ];
};
environment.etc."prometheus/services.rules".text = ''
groups:
- name: services
rules:
- alert: nginxServiceDown
expr: process_up{job="process_exporter",name="nginx"} == 0
for: 1m
labels:
severity: critical
annotations:
summary: "Processus nginx arrêté"
description: "Le processus nginx ne tourne plus depuis >1m."
config = lib.mkIf cfg {
services.grafana = {
enable = true;
package = pkgs.grafana;
dataDir = "/var/lib/grafana";
};
- alert: nginxServiceUp
expr: process_up{job="process_exporter",name="nginx"} == 1
for: 1m
labels:
severity: info
annotations:
summary: "Processus nginx rétabli"
description: "Le processus nginx tourne de nouveau."
environment.etc."process-exporter.json".text = builtins.toJSON {
procMatchers = lib.map (svc: {
name = svc;
cmdline = [
"${svc}:"
];
}) monitored;
};
- alert: grafanaServiceDown
expr: process_up{job="process_exporter",name="grafana"} == 0
for: 1m
labels:
severity: critical
annotations:
summary: "Processus grafana arrêté"
description: "Le processus grafana ne tourne plus depuis >1m."
systemd.services.process_exporter = {
description = "Prometheus Process Exporter";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.prometheus-process-exporter}/bin/process-exporter --config.path /etc/process-exporter.json";
Restart = "always";
};
};
- alert: grafanaServiceUp
expr: process_up{job="process_exporter",name="grafana"} == 1
for: 1m
labels:
severity: info
annotations:
summary: "Processus grafana rétabli"
description: "Le processus grafana tourne de nouveau."
'';
services.prometheus = {
enable = true;
checkConfig = false;
exporters = {
blackbox = {
enable = true;
configFile = pkgs.writeText "blackbox-exporter.yml" ''
modules:
http_2xx:
prober: http
timeout: 5s
http:
valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
valid_status_codes: []
method: GET
no_follow_redirects: false
fail_if_not_ssl: false
'';
};
node.enable = true;
systemd.enable = true;
};
scrapeConfigs = [
{
job_name = "systemd_exporter";
metrics_path = "/metrics";
static_configs = [
{
targets = [
"127.0.0.1:9558"
];
}
];
}
{
job_name = "node_exporter";
static_configs = [
{
targets = [
"127.0.0.1:9100"
];
}
];
}
{
job_name = "process_exporter";
metrics_path = "/metrics";
scheme = "http";
static_configs = [
{
targets = [
"127.0.0.1:9256"
];
}
];
}
{
job_name = "blackbox_http_probe";
metrics_path = "/probe";
params = {
module = [
"http_2xx"
];
};
static_configs = [
{
targets = [
"https://raphael.parodi.pro"
"https://nextcloud.enium.eu"
"https://htop.enium.eu"
"https://monitor.enium.eu"
"https://ollama.enium.eu"
"http://relance-pas-stp.me:4242"
];
}
];
relabel_configs = [
{
source_labels = [ "__address__" ];
target_label = "__param_target";
}
{
source_labels = [ "__param_target" ];
target_label = "instance";
}
{
target_label = "__address__";
replacement = "127.0.0.1:9115";
}
];
proxy_url = "http://127.0.0.1:9115";
}
];
ruleFiles = lib.mkForce [ "/etc/prometheus/services.rules" ];
};
services.nginx.virtualHosts."monitor.enium.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
};
};
};
environment.etc."prometheus/services.rules".text = ''
groups:
- name: services
rules:
- alert: nginxServiceDown
expr: process_up{job="process_exporter",name="nginx"} == 0
for: 1m
labels:
severity: critical
annotations:
summary: "Processus nginx arrêté"
description: "Le processus nginx ne tourne plus depuis >1m."
- alert: nginxServiceUp
expr: process_up{job="process_exporter",name="nginx"} == 1
for: 1m
labels:
severity: info
annotations:
summary: "Processus nginx rétabli"
description: "Le processus nginx tourne de nouveau."
- alert: grafanaServiceDown
expr: process_up{job="process_exporter",name="grafana"} == 0
for: 1m
labels:
severity: critical
annotations:
summary: "Processus grafana arrêté"
description: "Le processus grafana ne tourne plus depuis >1m."
- alert: grafanaServiceUp
expr: process_up{job="process_exporter",name="grafana"} == 1
for: 1m
labels:
severity: info
annotations:
summary: "Processus grafana rétabli"
description: "Le processus grafana tourne de nouveau."
'';
services.nginx.virtualHosts."monitor.enium.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
};
};
};
}

71
services/self_host/nextcloud.nix
View file

@ -1,38 +1,43 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.service.selfhost.nextcloud;
dataDir = "/mnt/data/nextcloud";
cfg = config.service.selfhost.nextcloud;
dataDir = "/mnt/data/nextcloud";
in
{
config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [
php
];
services = {
nextcloud = {
enable = true;
https = true;
package = pkgs.nextcloud31;
hostName = "nextcloud.enium.eu";
datadir = "/mnt/data/nextcloud/";
config = {
adminpassFile = "/etc/nextcloud-pass.txt";
adminuser = "OwnedByTheEniumTeam";
dbtype = "sqlite";
};
settings = {
trusted_domains = [
"192.168.1.254"
];
default_phone_region = "FR";
};
};
nginx.virtualHosts."nextcloud.enium.eu".enableACME = true;
nginx.virtualHosts."nextcloud.enium.eu".forceSSL = true;
nginx.virtualHosts."nextcloud.enium.eu".locations."~ \.php$".extraConfig = ''
fastcgi_pass unix:/run/phpfpm-nextcloud.sock;
'';
};
};
config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [
php
];
services = {
nextcloud = {
enable = true;
https = true;
package = pkgs.nextcloud31;
hostName = "nextcloud.enium.eu";
datadir = "/mnt/data/nextcloud/";
config = {
adminpassFile = "/etc/nextcloud-pass.txt";
adminuser = "OwnedByTheEniumTeam";
dbtype = "sqlite";
};
settings = {
trusted_domains = [
"192.168.1.254"
];
default_phone_region = "FR";
};
};
nginx.virtualHosts."nextcloud.enium.eu".enableACME = true;
nginx.virtualHosts."nextcloud.enium.eu".forceSSL = true;
nginx.virtualHosts."nextcloud.enium.eu".locations."~ \.php$".extraConfig = ''
fastcgi_pass unix:/run/phpfpm-nextcloud.sock;
'';
};
};
}

55
services/self_host/ollama.nix
View file

@ -1,31 +1,36 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.service.selfhost.ollama;
cfg = config.service.selfhost.ollama;
in
{
config = lib.mkIf cfg {
services = {
ollama = {
enable = true;
loadModels = [
"qwen2.5:3b"
];
acceleration = "cuda";
};
config = lib.mkIf cfg {
services = {
ollama = {
enable = true;
loadModels = [
"qwen2.5:3b"
];
acceleration = "cuda";
};
open-webui = {
enable = true;
port = 13007;
};
nginx.virtualHosts."ollama.enium.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:13007";
proxyWebsockets = true;
};
};
};
};
open-webui = {
enable = true;
port = 13007;
};
nginx.virtualHosts."ollama.enium.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:13007";
proxyWebsockets = true;
};
};
};
};
}

39
services/self_host/teamspeak.nix
View file

@ -1,23 +1,28 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.service.selfhost.monitor;
cfg = config.service.selfhost.monitor;
in
{
config = lib.mkIf cfg {
services = {
teamspeak3 = {
enable = true;
};
config = lib.mkIf cfg {
services = {
teamspeak3 = {
enable = true;
};
nginx.virtualHosts."ts.enium.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:9987";
proxyWebsockets = true;
};
};
};
};
nginx.virtualHosts."ts.enium.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:9987";
proxyWebsockets = true;
};
};
};
};
}

69
services/web.nix
View file

@ -1,35 +1,46 @@
{ inputs, config, pkgs, lib, ... }:
{
inputs,
config,
pkgs,
lib,
...
}:
let
portefolio = import ./web/portefolio.nix {
inherit inputs config pkgs lib;
};
cfg = config.service.web;
portefolio = import ./web/portefolio.nix {
inherit
inputs
config
pkgs
lib
;
};
cfg = config.service.web;
in
{
imports = [
portefolio
];
imports = [
portefolio
];
config = {
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
};
security.acme = {
acceptTerms = true;
defaults.email = "raphael@parodi.pro";
certs = {
"raphael.parodi.pro" = {};
};
};
};
options.service.web = {
portefolio = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable the portefolio";
};
};
config = {
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
};
security.acme = {
acceptTerms = true;
defaults.email = "raphael@parodi.pro";
certs = {
"raphael.parodi.pro" = { };
};
};
};
options.service.web = {
portefolio = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable the portefolio";
};
};
}

79
services/web/portefolio.nix
View file

@ -1,43 +1,48 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.service.web.portefolio;
cfg = config.service.web.portefolio;
in
{
config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [
nodejs
pnpm
];
users = {
groups.web_portefolio = {
name = "web_portefolio";
};
users.web_portefolio = {
description = "Utilisateur pour le bot BDE";
group = "web_portefolio";
home = "/opt/portefolio/";
isSystemUser = true;
};
};
config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [
nodejs
pnpm
];
users = {
groups.web_portefolio = {
name = "web_portefolio";
};
users.web_portefolio = {
description = "Utilisateur pour le bot BDE";
group = "web_portefolio";
home = "/opt/portefolio/";
isSystemUser = true;
};
};
services.nginx = {
virtualHosts."raphael.parodi.pro" = {
forceSSL = true;
enableACME = true;
locations."/" = {
root = "/opt/portefolio/dist";
index = "index.html";
extraConfig = ''
try_files $uri /index.html;
'';
};
};
};
security.acme = {
certs = {
"raphael.parodi.pro" = {};
};
};
};
services.nginx = {
virtualHosts."raphael.parodi.pro" = {
forceSSL = true;
enableACME = true;
locations."/" = {
root = "/opt/portefolio/dist";
index = "index.html";
extraConfig = ''
try_files $uri /index.html;
'';
};
};
};
security.acme = {
certs = {
"raphael.parodi.pro" = { };
};
};
};
}