raphael/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

style(nixfmt): formatting using nixfmt cli tools

Browse source
This commit is contained in:
Raphael 2025-10-09 00:09:26 +02:00
parent b804520f4c
commit fbe803b928
No known key found for this signature in database
46 changed files with 2133 additions and 1700 deletions
Download patch file Download diff file Expand all files Collapse all files

98
flake.nix
View file

@ -1,49 +1,57 @@
{ {
description = "NixOS Configuration"; description = "NixOS Configuration";
inputs = { inputs = {
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
minecraft.url = "github:Infinidoge/nix-minecraft"; minecraft.url = "github:Infinidoge/nix-minecraft";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
}; };
outputs = { self, nixpkgs, flake-utils, simple-nixos-mailserver, ... }@inputs: outputs =
let {
pkgs = import nixpkgs { self,
config.allowUnfree = true; nixpkgs,
}; flake-utils,
in { simple-nixos-mailserver,
nixosConfigurations = { ...
"nixos-fix" = nixpkgs.lib.nixosSystem { }@inputs:
system = "x86_64-linux"; let
modules = [ pkgs = import nixpkgs {
./hosts/fix/configuration.nix config.allowUnfree = true;
]; };
specialArgs = { in
inherit inputs; {
}; nixosConfigurations = {
}; "nixos-fix" = nixpkgs.lib.nixosSystem {
"nixos-server" = nixpkgs.lib.nixosSystem { system = "x86_64-linux";
system = "x86_64-linux"; modules = [
modules = [ ./hosts/fix/configuration.nix
./hosts/server/configuration.nix ];
simple-nixos-mailserver.nixosModule specialArgs = {
]; inherit inputs;
specialArgs = { };
inherit inputs; };
}; "nixos-server" = nixpkgs.lib.nixosSystem {
}; system = "x86_64-linux";
"nixos-asahi" = nixpkgs.lib.nixosSystem { modules = [
system = "aarch64-linux"; ./hosts/server/configuration.nix
modules = [ simple-nixos-mailserver.nixosModule
./hosts/asahi/configuration.nix ];
]; specialArgs = {
}; inherit inputs;
}; };
}; };
"nixos-asahi" = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
./hosts/asahi/configuration.nix
];
};
};
};
} }

17
hosts/asahi/apple-silicon-support/modules/boot-m1n1/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
pkgs' = config.hardware.asahi.pkgs; pkgs' = config.hardware.asahi.pkgs;
@ -13,7 +18,7 @@ let
}; };
bootFiles = { bootFiles = {
"m1n1/boot.bin" = pkgs.runCommand "boot.bin" {} '' "m1n1/boot.bin" = pkgs.runCommand "boot.bin" { } ''
cat ${bootM1n1}/build/m1n1.bin > $out cat ${bootM1n1}/build/m1n1.bin > $out
cat ${config.boot.kernelPackages.kernel}/dtbs/apple/*.dtb >> $out cat ${config.boot.kernelPackages.kernel}/dtbs/apple/*.dtb >> $out
cat ${bootUBoot}/u-boot-nodtb.bin.gz >> $out cat ${bootUBoot}/u-boot-nodtb.bin.gz >> $out
@ -22,14 +27,18 @@ let
fi fi
''; '';
}; };
in { in
{
config = lib.mkIf config.hardware.asahi.enable { config = lib.mkIf config.hardware.asahi.enable {
# install m1n1 with the boot loader # install m1n1 with the boot loader
boot.loader.grub.extraFiles = bootFiles; boot.loader.grub.extraFiles = bootFiles;
boot.loader.systemd-boot.extraFiles = bootFiles; boot.loader.systemd-boot.extraFiles = bootFiles;
# ensure the installer has m1n1 in the image # ensure the installer has m1n1 in the image
system.extraDependencies = lib.mkForce [ bootM1n1 bootUBoot ]; system.extraDependencies = lib.mkForce [
bootM1n1
bootUBoot
];
system.build.m1n1 = bootFiles."m1n1/boot.bin"; system.build.m1n1 = bootFiles."m1n1/boot.bin";
}; };

60
hosts/asahi/apple-silicon-support/modules/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{ {
imports = [ imports = [
./kernel ./kernel
@ -8,43 +13,52 @@
./sound ./sound
]; ];
config = let config =
let
cfg = config.hardware.asahi; cfg = config.hardware.asahi;
in lib.mkIf cfg.enable { in
lib.mkIf cfg.enable {
nixpkgs.overlays = lib.mkBefore [ cfg.overlay ]; nixpkgs.overlays = lib.mkBefore [ cfg.overlay ];
# patch systemd-boot to boot in Apple Silicon UEFI environment. # patch systemd-boot to boot in Apple Silicon UEFI environment.
# This regression only appeared in systemd 256.7. # This regression only appeared in systemd 256.7.
# see https://github.com/NixOS/nixpkgs/pull/355290 # see https://github.com/NixOS/nixpkgs/pull/355290
# and https://github.com/systemd/systemd/issues/35026 # and https://github.com/systemd/systemd/issues/35026
systemd.package = let systemd.package =
systemdBroken = (pkgs.systemd.version == "256.7"); let
systemdBroken = (pkgs.systemd.version == "256.7");
systemdPatched = pkgs.systemd.overrideAttrs (old: { systemdPatched = pkgs.systemd.overrideAttrs (old: {
patches = let patches =
oldPatches = (old.patches or []); let
# not sure why there are non-paths in there but oh well oldPatches = (old.patches or [ ]);
patchNames = (builtins.map (p: if ((builtins.typeOf p) == "path") then builtins.baseNameOf p else "") oldPatches); # not sure why there are non-paths in there but oh well
fixName = "0019-Revert-boot-Make-initrd_prepare-semantically-equival.patch"; patchNames = (
alreadyPatched = builtins.elem fixName patchNames; builtins.map (p: if ((builtins.typeOf p) == "path") then builtins.baseNameOf p else "") oldPatches
in oldPatches ++ lib.optionals (!alreadyPatched) [ );
(pkgs.fetchpatch { fixName = "0019-Revert-boot-Make-initrd_prepare-semantically-equival.patch";
url = "https://raw.githubusercontent.com/NixOS/nixpkgs/125e99477b0ac0a54b7cddc6c5a704821a3074c7/pkgs/os-specific/linux/systemd/${fixName}"; alreadyPatched = builtins.elem fixName patchNames;
hash = "sha256-UW3DZiaykQUUNcGA5UFxN+/wgNSW3ufxDDCZ7emD16o="; in
}) oldPatches
]; ++ lib.optionals (!alreadyPatched) [
}); (pkgs.fetchpatch {
in if systemdBroken then systemdPatched else pkgs.systemd; url = "https://raw.githubusercontent.com/NixOS/nixpkgs/125e99477b0ac0a54b7cddc6c5a704821a3074c7/pkgs/os-specific/linux/systemd/${fixName}";
hash = "sha256-UW3DZiaykQUUNcGA5UFxN+/wgNSW3ufxDDCZ7emD16o=";
})
];
});
in
if systemdBroken then systemdPatched else pkgs.systemd;
hardware.asahi.pkgs = hardware.asahi.pkgs =
if cfg.pkgsSystem != "aarch64-linux" if cfg.pkgsSystem != "aarch64-linux" then
then
import (pkgs.path) { import (pkgs.path) {
crossSystem.system = "aarch64-linux"; crossSystem.system = "aarch64-linux";
localSystem.system = cfg.pkgsSystem; localSystem.system = cfg.pkgsSystem;
overlays = [ cfg.overlay ]; overlays = [ cfg.overlay ];
} }
else pkgs; else
pkgs;
}; };
options.hardware.asahi = { options.hardware.asahi = {

21
hosts/asahi/apple-silicon-support/modules/kernel/default.nix
View file

@ -1,11 +1,17 @@
# the Asahi Linux kernel and options that must go along with it # the Asahi Linux kernel and options that must go along with it
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{ {
config = lib.mkIf config.hardware.asahi.enable { config = lib.mkIf config.hardware.asahi.enable {
boot.kernelPackages = let boot.kernelPackages =
pkgs' = config.hardware.asahi.pkgs; let
in pkgs' = config.hardware.asahi.pkgs;
in
pkgs'.linux-asahi.override { pkgs'.linux-asahi.override {
_kernelPatches = config.boot.kernelPatches; _kernelPatches = config.boot.kernelPatches;
withRust = config.hardware.asahi.withRust; withRust = config.hardware.asahi.withRust;
@ -93,8 +99,11 @@
}; };
imports = [ imports = [
(lib.mkRemovedOptionModule [ "hardware" "asahi" "addEdgeKernelConfig" ] (lib.mkRemovedOptionModule [
"All edge kernel config options are now the default.") "hardware"
"asahi"
"addEdgeKernelConfig"
] "All edge kernel config options are now the default.")
]; ];
options.hardware.asahi.withRust = lib.mkOption { options.hardware.asahi.withRust = lib.mkOption {

66
hosts/asahi/apple-silicon-support/modules/mesa/default.nix
View file

@ -1,27 +1,41 @@
{ options, config, pkgs, lib, ... }:
{ {
config = let options,
isMode = mode: (config.hardware.asahi.useExperimentalGPUDriver config,
&& config.hardware.asahi.experimentalGPUInstallMode == mode); pkgs,
in lib.mkIf config.hardware.asahi.enable (lib.mkMerge [ lib,
{ ...
# required for proper DRM setup even without GPU driver }:
services.xserver.config = '' {
Section "OutputClass" config =
Identifier "appledrm" let
MatchDriver "apple" isMode =
Driver "modesetting" mode:
Option "PrimaryGPU" "true" (
EndSection config.hardware.asahi.useExperimentalGPUDriver
''; && config.hardware.asahi.experimentalGPUInstallMode == mode
} );
(lib.mkIf config.hardware.asahi.useExperimentalGPUDriver { in
# install the Asahi Mesa version lib.mkIf config.hardware.asahi.enable (
hardware.graphics.package = config.hardware.asahi.pkgs.mesa-asahi-edge.drivers; lib.mkMerge [
# required for in-kernel GPU driver {
hardware.asahi.withRust = true; # required for proper DRM setup even without GPU driver
}) services.xserver.config = ''
]); Section "OutputClass"
Identifier "appledrm"
MatchDriver "apple"
Driver "modesetting"
Option "PrimaryGPU" "true"
EndSection
'';
}
(lib.mkIf config.hardware.asahi.useExperimentalGPUDriver {
# install the Asahi Mesa version
hardware.graphics.package = config.hardware.asahi.pkgs.mesa-asahi-edge.drivers;
# required for in-kernel GPU driver
hardware.asahi.withRust = true;
})
]
);
options.hardware.asahi.useExperimentalGPUDriver = lib.mkOption { options.hardware.asahi.useExperimentalGPUDriver = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
@ -35,7 +49,11 @@
# hopefully no longer used, should be deprecated eventually # hopefully no longer used, should be deprecated eventually
options.hardware.asahi.experimentalGPUInstallMode = lib.mkOption { options.hardware.asahi.experimentalGPUInstallMode = lib.mkOption {
type = lib.types.enum [ "driver" "replace" "overlay" ]; type = lib.types.enum [
"driver"
"replace"
"overlay"
];
default = "replace"; default = "replace";
description = '' description = ''
Mode to use to install the experimental GPU driver into the system. Mode to use to install the experimental GPU driver into the system.

65
hosts/asahi/apple-silicon-support/modules/peripheral-firmware/default.nix
View file

@ -1,8 +1,14 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{ {
config = lib.mkIf config.hardware.asahi.enable { config = lib.mkIf config.hardware.asahi.enable {
assertions = lib.mkIf config.hardware.asahi.extractPeripheralFirmware [ assertions = lib.mkIf config.hardware.asahi.extractPeripheralFirmware [
{ assertion = config.hardware.asahi.peripheralFirmwareDirectory != null; {
assertion = config.hardware.asahi.peripheralFirmwareDirectory != null;
message = '' message = ''
Asahi peripheral firmware extraction is enabled but the firmware Asahi peripheral firmware extraction is enabled but the firmware
location appears incorrect. location appears incorrect.
@ -10,26 +16,34 @@
} }
]; ];
hardware.firmware = let hardware.firmware =
pkgs' = config.hardware.asahi.pkgs; let
in pkgs' = config.hardware.asahi.pkgs;
lib.mkIf ((config.hardware.asahi.peripheralFirmwareDirectory != null) in
&& config.hardware.asahi.extractPeripheralFirmware) [ lib.mkIf
(pkgs.stdenv.mkDerivation { (
name = "asahi-peripheral-firmware"; (config.hardware.asahi.peripheralFirmwareDirectory != null)
&& config.hardware.asahi.extractPeripheralFirmware
)
[
(pkgs.stdenv.mkDerivation {
name = "asahi-peripheral-firmware";
nativeBuildInputs = [ pkgs'.asahi-fwextract pkgs.cpio ]; nativeBuildInputs = [
pkgs'.asahi-fwextract
pkgs.cpio
];
buildCommand = '' buildCommand = ''
mkdir extracted mkdir extracted
asahi-fwextract ${config.hardware.asahi.peripheralFirmwareDirectory} extracted asahi-fwextract ${config.hardware.asahi.peripheralFirmwareDirectory} extracted
mkdir -p $out/lib/firmware mkdir -p $out/lib/firmware
cat extracted/firmware.cpio | cpio -id --quiet --no-absolute-filenames cat extracted/firmware.cpio | cpio -id --quiet --no-absolute-filenames
mv vendorfw/* $out/lib/firmware mv vendorfw/* $out/lib/firmware
''; '';
}) })
]; ];
}; };
options.hardware.asahi = { options.hardware.asahi = {
@ -45,13 +59,12 @@
peripheralFirmwareDirectory = lib.mkOption { peripheralFirmwareDirectory = lib.mkOption {
type = lib.types.nullOr lib.types.path; type = lib.types.nullOr lib.types.path;
default = lib.findFirst (path: builtins.pathExists (path + "/all_firmware.tar.gz")) null default = lib.findFirst (path: builtins.pathExists (path + "/all_firmware.tar.gz")) null [
[ # path when the system is operating normally
# path when the system is operating normally /boot/asahi
/boot/asahi # path when the system is mounted in the installer
# path when the system is mounted in the installer /mnt/boot/asahi
/mnt/boot/asahi ];
];
description = '' description = ''
Path to the directory containing the non-free non-redistributable Path to the directory containing the non-free non-redistributable

124
hosts/asahi/apple-silicon-support/modules/sound/default.nix
View file

@ -1,4 +1,10 @@
{ config, options, pkgs, lib, ... }: {
config,
options,
pkgs,
lib,
...
}:
{ {
options.hardware.asahi = { options.hardware.asahi = {
@ -12,59 +18,75 @@
}; };
}; };
config = let config =
cfg = config.hardware.asahi; let
cfg = config.hardware.asahi;
asahi-audio = pkgs.asahi-audio; # the asahi-audio we use asahi-audio = pkgs.asahi-audio; # the asahi-audio we use
lsp-plugins = pkgs.lsp-plugins; lsp-plugins = pkgs.lsp-plugins;
lsp-plugins-is-safe = (pkgs.lib.versionAtLeast lsp-plugins.version "1.2.14"); lsp-plugins-is-safe = (pkgs.lib.versionAtLeast lsp-plugins.version "1.2.14");
lv2Path = lib.makeSearchPath "lib/lv2" [ lsp-plugins pkgs.bankstown-lv2 ]; lv2Path = lib.makeSearchPath "lib/lv2" [
in lib.mkIf (cfg.setupAsahiSound && cfg.enable) (lib.mkMerge [ lsp-plugins
{ pkgs.bankstown-lv2
# can't be used by Asahi sound infrastructure
services.pulseaudio.enable = false;
# enable pipewire to run real-time and avoid audible glitches
security.rtkit.enable = true;
# set up pipewire with the supported capabilities (instead of pulseaudio)
# and asahi-audio configs and plugins
services.pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
configPackages = [ asahi-audio ];
extraLv2Packages = [ lsp-plugins pkgs.bankstown-lv2 ];
wireplumber = {
enable = true;
configPackages = [ asahi-audio ];
extraLv2Packages = [ lsp-plugins pkgs.bankstown-lv2 ];
};
};
# set up enivronment so that UCM configs are used as well
environment.variables.ALSA_CONFIG_UCM2 = "${pkgs.alsa-ucm-conf-asahi}/share/alsa/ucm2";
systemd.user.services.pipewire.environment.ALSA_CONFIG_UCM2 = config.environment.variables.ALSA_CONFIG_UCM2;
systemd.user.services.wireplumber.environment.ALSA_CONFIG_UCM2 = config.environment.variables.ALSA_CONFIG_UCM2;
# enable speakersafetyd to protect speakers
systemd.packages = lib.mkAssert lsp-plugins-is-safe
"lsp-plugins is unpatched/outdated and speakers cannot be safely enabled"
[ pkgs.speakersafetyd ];
services.udev.packages = [ pkgs.speakersafetyd ];
# asahi-sound requires wireplumber 0.5.2 or above
# https://github.com/AsahiLinux/asahi-audio/commit/29ec1056c18193ffa09a990b1b61ed273e97fee6
assertions = [
{
assertion = lib.versionAtLeast pkgs.wireplumber.version "0.5.2";
message = "wireplumber >= 0.5.2 is required for sound with nixos-apple-silicon.";
}
]; ];
} in
]); lib.mkIf (cfg.setupAsahiSound && cfg.enable) (
lib.mkMerge [
{
# can't be used by Asahi sound infrastructure
services.pulseaudio.enable = false;
# enable pipewire to run real-time and avoid audible glitches
security.rtkit.enable = true;
# set up pipewire with the supported capabilities (instead of pulseaudio)
# and asahi-audio configs and plugins
services.pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
configPackages = [ asahi-audio ];
extraLv2Packages = [
lsp-plugins
pkgs.bankstown-lv2
];
wireplumber = {
enable = true;
configPackages = [ asahi-audio ];
extraLv2Packages = [
lsp-plugins
pkgs.bankstown-lv2
];
};
};
# set up enivronment so that UCM configs are used as well
environment.variables.ALSA_CONFIG_UCM2 = "${pkgs.alsa-ucm-conf-asahi}/share/alsa/ucm2";
systemd.user.services.pipewire.environment.ALSA_CONFIG_UCM2 =
config.environment.variables.ALSA_CONFIG_UCM2;
systemd.user.services.wireplumber.environment.ALSA_CONFIG_UCM2 =
config.environment.variables.ALSA_CONFIG_UCM2;
# enable speakersafetyd to protect speakers
systemd.packages =
lib.mkAssert lsp-plugins-is-safe
"lsp-plugins is unpatched/outdated and speakers cannot be safely enabled"
[ pkgs.speakersafetyd ];
services.udev.packages = [ pkgs.speakersafetyd ];
# asahi-sound requires wireplumber 0.5.2 or above
# https://github.com/AsahiLinux/asahi-audio/commit/29ec1056c18193ffa09a990b1b61ed273e97fee6
assertions = [
{
assertion = lib.versionAtLeast pkgs.wireplumber.version "0.5.2";
message = "wireplumber >= 0.5.2 is required for sound with nixos-apple-silicon.";
}
];
}
]
);
} }

41
hosts/asahi/apple-silicon-support/packages/alsa-ucm-conf-asahi/default.nix
View file

@ -1,22 +1,27 @@
{ lib {
, fetchFromGitHub lib,
, alsa-ucm-conf fetchFromGitHub,
alsa-ucm-conf,
}: }:
(alsa-ucm-conf.overrideAttrs (oldAttrs: let (alsa-ucm-conf.overrideAttrs (
versionAsahi = "5"; oldAttrs:
let
versionAsahi = "5";
srcAsahi = fetchFromGitHub { srcAsahi = fetchFromGitHub {
# tracking: https://src.fedoraproject.org/rpms/alsa-ucm-asahi # tracking: https://src.fedoraproject.org/rpms/alsa-ucm-asahi
owner = "AsahiLinux"; owner = "AsahiLinux";
repo = "alsa-ucm-conf-asahi"; repo = "alsa-ucm-conf-asahi";
rev = "v${versionAsahi}"; rev = "v${versionAsahi}";
hash = "sha256-daUNz5oUrPfSMO0Tqq/WbtiLHMOtPeQQlI+juGrhTxw="; hash = "sha256-daUNz5oUrPfSMO0Tqq/WbtiLHMOtPeQQlI+juGrhTxw=";
}; };
in { in
name = "${oldAttrs.pname}-${oldAttrs.version}-asahi-${versionAsahi}"; {
name = "${oldAttrs.pname}-${oldAttrs.version}-asahi-${versionAsahi}";
postInstall = oldAttrs.postInstall or "" + '' postInstall = oldAttrs.postInstall or "" + ''
cp -r ${srcAsahi}/ucm2 $out/share/alsa cp -r ${srcAsahi}/ucm2 $out/share/alsa
''; '';
})) }
))

7
hosts/asahi/apple-silicon-support/packages/asahi-audio/default.nix
View file

@ -1,6 +1,7 @@
{ stdenv {
, lib stdenv,
, fetchFromGitHub lib,
fetchFromGitHub,
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {

13
hosts/asahi/apple-silicon-support/packages/asahi-fwextract/default.nix
View file

@ -1,9 +1,10 @@
{ lib {
, python3 lib,
, fetchFromGitHub python3,
, gzip fetchFromGitHub,
, gnutar gzip,
, lzfse gnutar,
lzfse,
}: }:
python3.pkgs.buildPythonApplication rec { python3.pkgs.buildPythonApplication rec {

205
hosts/asahi/apple-silicon-support/packages/linux-asahi/default.nix
View file

@ -1,11 +1,12 @@
{ lib {
, pkgs lib,
, callPackage pkgs,
, writeShellScriptBin callPackage,
, writeText writeShellScriptBin,
, linuxPackagesFor writeText,
, withRust ? false linuxPackagesFor,
, _kernelPatches ? [ ] withRust ? false,
_kernelPatches ? [ ],
}: }:
let let
@ -13,67 +14,107 @@ let
# parse <OPT> [ymn]|foo style configuration as found in a patch's extraConfig # parse <OPT> [ymn]|foo style configuration as found in a patch's extraConfig
# into a list of k, v tuples # into a list of k, v tuples
parseExtraConfig = config: parseExtraConfig =
config:
let let
lines = lines = builtins.filter (s: s != "") (lib.strings.splitString "\n" config);
builtins.filter (s: s != "") (lib.strings.splitString "\n" config); parseLine =
parseLine = line: let line:
t = lib.strings.splitString " " line; let
join = l: builtins.foldl' (a: b: "${a} ${b}") t = lib.strings.splitString " " line;
(builtins.head l) (builtins.tail l); join = l: builtins.foldl' (a: b: "${a} ${b}") (builtins.head l) (builtins.tail l);
v = if (builtins.length t) > 2 then join (builtins.tail t) else (i t 1); v = if (builtins.length t) > 2 then join (builtins.tail t) else (i t 1);
in [ "CONFIG_${i t 0}" v ]; in
in map parseLine lines; [
"CONFIG_${i t 0}"
v
];
in
map parseLine lines;
# parse <OPT>=lib.kernel.(yes|module|no)|lib.kernel.freeform "foo" # parse <OPT>=lib.kernel.(yes|module|no)|lib.kernel.freeform "foo"
# style configuration as found in a patch's extraStructuredConfig into # style configuration as found in a patch's extraStructuredConfig into
# a list of k, v tuples # a list of k, v tuples
parseExtraStructuredConfig = config: lib.attrsets.mapAttrsToList parseExtraStructuredConfig =
(k: v: [ "CONFIG_${k}" (v.tristate or v.freeform) ] ) config; config:
lib.attrsets.mapAttrsToList (k: v: [
"CONFIG_${k}"
(v.tristate or v.freeform)
]) config;
parsePatchConfig = { extraConfig ? "", extraStructuredConfig ? {}, ... }: parsePatchConfig =
(parseExtraConfig extraConfig) ++ {
(parseExtraStructuredConfig extraStructuredConfig); extraConfig ? "",
extraStructuredConfig ? { },
...
}:
(parseExtraConfig extraConfig) ++ (parseExtraStructuredConfig extraStructuredConfig);
# parse CONFIG_<OPT>=[ymn]|"foo" style configuration as found in a config file # parse CONFIG_<OPT>=[ymn]|"foo" style configuration as found in a config file
# into a list of k, v tuples # into a list of k, v tuples
parseConfig = config: parseConfig =
config:
let let
parseLine = builtins.match ''(CONFIG_[[:upper:][:digit:]_]+)=(([ymn])|"([^"]*)")''; parseLine = builtins.match ''(CONFIG_[[:upper:][:digit:]_]+)=(([ymn])|"([^"]*)")'';
# get either the [ymn] option or the "foo" option; whichever matched # get either the [ymn] option or the "foo" option; whichever matched
t = l: let v = (i l 2); in [ (i l 0) (if v != null then v else (i l 3)) ]; t =
l:
let
v = (i l 2);
in
[
(i l 0)
(if v != null then v else (i l 3))
];
lines = lib.strings.splitString "\n" config; lines = lib.strings.splitString "\n" config;
in map t (builtins.filter (l: l != null) (map parseLine lines)); in
map t (builtins.filter (l: l != null) (map parseLine lines));
origConfigfile = ./config; origConfigfile = ./config;
linux-asahi-pkg = { stdenv, lib, fetchFromGitHub, fetchpatch, linuxKernel, linux-asahi-pkg =
rustPlatform, rustc, rustfmt, rust-bindgen, ... } @ args: {
stdenv,
lib,
fetchFromGitHub,
fetchpatch,
linuxKernel,
rustPlatform,
rustc,
rustfmt,
rust-bindgen,
...
}@args:
let let
origConfigText = builtins.readFile origConfigfile; origConfigText = builtins.readFile origConfigfile;
# extraConfig from all patches in order # extraConfig from all patches in order
extraConfig = extraConfig = lib.fold (patch: ex: ex ++ (parsePatchConfig patch)) [ ] _kernelPatches;
lib.fold (patch: ex: ex ++ (parsePatchConfig patch)) [] _kernelPatches;
# config file text for above # config file text for above
extraConfigText = let extraConfigText =
text = k: v: if (v == "y") || (v == "m") || (v == "n") let
then "${k}=${v}" else ''${k}="${v}"''; text = k: v: if (v == "y") || (v == "m") || (v == "n") then "${k}=${v}" else ''${k}="${v}"'';
in (map (t: text (i t 0) (i t 1)) extraConfig); in
(map (t: text (i t 0) (i t 1)) extraConfig);
# final config as a text file path # final config as a text file path
configfile = if extraConfig == [] then origConfigfile else configfile =
writeText "config" '' if extraConfig == [ ] then
${origConfigText} origConfigfile
else
writeText "config" ''
${origConfigText}
# Patches # Patches
${lib.strings.concatStringsSep "\n" extraConfigText} ${lib.strings.concatStringsSep "\n" extraConfigText}
''; '';
# final config as an attrset # final config as an attrset
configAttrs = let configAttrs =
makePair = t: lib.nameValuePair (i t 0) (i t 1); let
configList = (parseConfig origConfigText) ++ extraConfig; makePair = t: lib.nameValuePair (i t 0) (i t 1);
in builtins.listToAttrs (map makePair (lib.lists.reverseList configList)); configList = (parseConfig origConfigText) ++ extraConfig;
in
builtins.listToAttrs (map makePair (lib.lists.reverseList configList));
# used to (ostensibly) keep compatibility for those running stable versions of nixos # used to (ostensibly) keep compatibility for those running stable versions of nixos
rustOlder = version: withRust && (lib.versionOlder rustc.version version); rustOlder = version: withRust && (lib.versionOlder rustc.version version);
@ -83,40 +124,54 @@ let
rustAtLeast = version: withRust && (lib.versionAtLeast rustc.version version); rustAtLeast = version: withRust && (lib.versionAtLeast rustc.version version);
bindgenAtLeast = version: withRust && (lib.versionAtLeast rust-bindgen.unwrapped.version version); bindgenAtLeast = version: withRust && (lib.versionAtLeast rust-bindgen.unwrapped.version version);
in in
(linuxKernel.manualConfig rec { (
inherit stdenv lib; linuxKernel.manualConfig rec {
inherit stdenv lib;
version = "6.12.12-asahi"; version = "6.12.12-asahi";
modDirVersion = version; modDirVersion = version;
extraMeta.branch = "6.12"; extraMeta.branch = "6.12";
src = fetchFromGitHub { src = fetchFromGitHub {
# tracking: https://github.com/AsahiLinux/linux/tree/asahi-wip (w/ fedora verification) # tracking: https://github.com/AsahiLinux/linux/tree/asahi-wip (w/ fedora verification)
owner = "AsahiLinux"; owner = "AsahiLinux";
repo = "linux"; repo = "linux";
rev = "asahi-6.12.12-1"; rev = "asahi-6.12.12-1";
hash = "sha256-910TiROccEleI/qB34DWh3M3bgP3SSCjEP9z7lD9BjM="; hash = "sha256-910TiROccEleI/qB34DWh3M3bgP3SSCjEP9z7lD9BjM=";
}; };
kernelPatches = [ kernelPatches = [
{ name = "coreutils-fix"; {
patch = ./0001-fs-fcntl-accept-more-values-as-F_DUPFD_CLOEXEC-args.patch; name = "coreutils-fix";
} patch = ./0001-fs-fcntl-accept-more-values-as-F_DUPFD_CLOEXEC-args.patch;
] ++ _kernelPatches; }
]
++ _kernelPatches;
inherit configfile; inherit configfile;
# hide Rust support from the nixpkgs infra to avoid it re-adding the rust packages. # hide Rust support from the nixpkgs infra to avoid it re-adding the rust packages.
# we can't use it until it's in stable and until we've evaluated the cross-compilation impact. # we can't use it until it's in stable and until we've evaluated the cross-compilation impact.
config = configAttrs // { "CONFIG_RUST" = "n"; }; config = configAttrs // {
} // (args.argsOverride or {})).overrideAttrs (old: if withRust then { "CONFIG_RUST" = "n";
nativeBuildInputs = (old.nativeBuildInputs or []) ++ [ };
rust-bindgen }
rustfmt // (args.argsOverride or { })
rustc ).overrideAttrs
]; (
RUST_LIB_SRC = rustPlatform.rustLibSrc; old:
} else {}); if withRust then
{
nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [
rust-bindgen
rustfmt
rustc
];
RUST_LIB_SRC = rustPlatform.rustLibSrc;
}
else
{ }
);
linux-asahi = (callPackage linux-asahi-pkg { }); linux-asahi = (callPackage linux-asahi-pkg { });
in lib.recurseIntoAttrs (linuxPackagesFor linux-asahi) in
lib.recurseIntoAttrs (linuxPackagesFor linux-asahi)

104
hosts/asahi/apple-silicon-support/packages/m1n1/default.nix
View file

@ -1,29 +1,36 @@
{ stdenv {
, buildPackages stdenv,
, lib buildPackages,
, fetchFromGitHub lib,
, python3 fetchFromGitHub,
, dtc python3,
, imagemagick dtc,
, isRelease ? false imagemagick,
, withTools ? true isRelease ? false,
, withChainloading ? false withTools ? true,
, rust-bin ? null withChainloading ? false,
, customLogo ? null rust-bin ? null,
customLogo ? null,
}: }:
assert withChainloading -> rust-bin != null; assert withChainloading -> rust-bin != null;
let let
pyenv = python3.withPackages (p: with p; [ pyenv = python3.withPackages (
construct p: with p; [
pyserial construct
]); pyserial
]
);
rustenv = rust-bin.selectLatestNightlyWith (toolchain: toolchain.minimal.override { rustenv = rust-bin.selectLatestNightlyWith (
targets = [ "aarch64-unknown-none-softfloat" ]; toolchain:
}); toolchain.minimal.override {
in stdenv.mkDerivation rec { targets = [ "aarch64-unknown-none-softfloat" ];
}
);
in
stdenv.mkDerivation rec {
pname = "m1n1"; pname = "m1n1";
version = "1.4.21"; version = "1.4.21";
@ -36,15 +43,18 @@ in stdenv.mkDerivation rec {
fetchSubmodules = true; fetchSubmodules = true;
}; };
makeFlags = [ "ARCH=${stdenv.cc.targetPrefix}" ] makeFlags = [
++ lib.optional isRelease "RELEASE=1" "ARCH=${stdenv.cc.targetPrefix}"
++ lib.optional withChainloading "CHAINLOADING=1"; ]
++ lib.optional isRelease "RELEASE=1"
++ lib.optional withChainloading "CHAINLOADING=1";
nativeBuildInputs = [ nativeBuildInputs = [
dtc dtc
buildPackages.gcc buildPackages.gcc
] ++ lib.optional withChainloading rustenv ]
++ lib.optional (customLogo != null) imagemagick; ++ lib.optional withChainloading rustenv
++ lib.optional (customLogo != null) imagemagick;
postPatch = '' postPatch = ''
substituteInPlace proxyclient/m1n1/asm.py \ substituteInPlace proxyclient/m1n1/asm.py \
@ -72,30 +82,32 @@ in stdenv.mkDerivation rec {
mkdir -p $out/build mkdir -p $out/build
cp build/m1n1.bin $out/build cp build/m1n1.bin $out/build
'' + (lib.optionalString withTools '' ''
mkdir -p $out/{bin,script,toolchain-bin} + (lib.optionalString withTools ''
cp -r proxyclient $out/script mkdir -p $out/{bin,script,toolchain-bin}
cp -r tools $out/script cp -r proxyclient $out/script
cp -r tools $out/script
for toolpath in $out/script/proxyclient/tools/*.py; do for toolpath in $out/script/proxyclient/tools/*.py; do
tool=$(basename $toolpath .py) tool=$(basename $toolpath .py)
script=$out/bin/m1n1-$tool script=$out/bin/m1n1-$tool
cat > $script <<EOF cat > $script <<EOF
#!/bin/sh #!/bin/sh
${pyenv}/bin/python $toolpath "\$@" ${pyenv}/bin/python $toolpath "\$@"
EOF EOF
chmod +x $script chmod +x $script
done done
GCC=${buildPackages.gcc} GCC=${buildPackages.gcc}
BINUTILS=${buildPackages.binutils-unwrapped} BINUTILS=${buildPackages.binutils-unwrapped}
ln -s $GCC/bin/${stdenv.cc.targetPrefix}gcc $out/toolchain-bin/ ln -s $GCC/bin/${stdenv.cc.targetPrefix}gcc $out/toolchain-bin/
ln -s $GCC/bin/${stdenv.cc.targetPrefix}ld $out/toolchain-bin/ ln -s $GCC/bin/${stdenv.cc.targetPrefix}ld $out/toolchain-bin/
ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objcopy $out/toolchain-bin/ ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objcopy $out/toolchain-bin/
ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objdump $out/toolchain-bin/ ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objdump $out/toolchain-bin/
ln -s $GCC/bin/${stdenv.cc.targetPrefix}nm $out/toolchain-bin/ ln -s $GCC/bin/${stdenv.cc.targetPrefix}nm $out/toolchain-bin/
'') + '' '')
+ ''
runHook postInstall runHook postInstall
''; '';
} }

90
hosts/asahi/apple-silicon-support/packages/mesa-asahi-edge/default.nix
View file

@ -1,44 +1,56 @@
{ lib {
, fetchFromGitLab lib,
, mesa fetchFromGitLab,
mesa,
}: }:
(mesa.override { (mesa.override {
galliumDrivers = [ "softpipe" "llvmpipe" "asahi" ]; galliumDrivers = [
vulkanDrivers = [ "swrast" "asahi" ]; "softpipe"
}).overrideAttrs (oldAttrs: { "llvmpipe"
version = "25.0.0-asahi"; "asahi"
src = fetchFromGitLab {
# tracking: https://pagure.io/fedora-asahi/mesa/commits/asahi
domain = "gitlab.freedesktop.org";
owner = "asahi";
repo = "mesa";
rev = "asahi-20241211";
hash = "sha256-Ny4M/tkraVLhUK5y6Wt7md1QBtqQqPDUv+aY4MpNA6Y=";
};
mesonFlags = let
badFlags = [
"-Dinstall-mesa-clc"
"-Dopencl-spirv"
"-Dgallium-nine"
];
isBadFlagList = f: builtins.map (b: lib.hasPrefix b f) badFlags;
isGoodFlag = f: !(builtins.foldl' (x: y: x || y) false (isBadFlagList f));
in (builtins.filter isGoodFlag oldAttrs.mesonFlags) ++ [
# we do not build any graphics drivers these features can be enabled for
"-Dgallium-va=disabled"
"-Dgallium-vdpau=disabled"
"-Dgallium-xa=disabled"
];
# replace patches with ones tweaked slightly to apply to this version
patches = [
./opencl.patch
]; ];
vulkanDrivers = [
"swrast"
"asahi"
];
}).overrideAttrs
(oldAttrs: {
version = "25.0.0-asahi";
src = fetchFromGitLab {
# tracking: https://pagure.io/fedora-asahi/mesa/commits/asahi
domain = "gitlab.freedesktop.org";
owner = "asahi";
repo = "mesa";
rev = "asahi-20241211";
hash = "sha256-Ny4M/tkraVLhUK5y6Wt7md1QBtqQqPDUv+aY4MpNA6Y=";
};
postInstall = (oldAttrs.postInstall or "") + '' mesonFlags =
# we don't build anything to go in this output but it needs to exist let
touch $spirv2dxil badFlags = [
''; "-Dinstall-mesa-clc"
}) "-Dopencl-spirv"
"-Dgallium-nine"
];
isBadFlagList = f: builtins.map (b: lib.hasPrefix b f) badFlags;
isGoodFlag = f: !(builtins.foldl' (x: y: x || y) false (isBadFlagList f));
in
(builtins.filter isGoodFlag oldAttrs.mesonFlags)
++ [
# we do not build any graphics drivers these features can be enabled for
"-Dgallium-va=disabled"
"-Dgallium-vdpau=disabled"
"-Dgallium-xa=disabled"
];
# replace patches with ones tweaked slightly to apply to this version
patches = [
./opencl.patch
];
postInstall = (oldAttrs.postInstall or "") + ''
# we don't build anything to go in this output but it needs to exist
touch $spirv2dxil
'';
})

34
hosts/asahi/apple-silicon-support/packages/uboot-asahi/default.nix
View file

@ -1,7 +1,8 @@
{ lib {
, fetchFromGitHub lib,
, buildUBoot fetchFromGitHub,
, m1n1 buildUBoot,
m1n1,
}: }:
(buildUBoot rec { (buildUBoot rec {
@ -28,17 +29,18 @@
CONFIG_VIDEO_FONT_16X32=y CONFIG_VIDEO_FONT_16X32=y
CONFIG_CMD_BOOTMENU=y CONFIG_CMD_BOOTMENU=y
''; '';
}).overrideAttrs (o: { }).overrideAttrs
# nixos's downstream patches are not applicable (o: {
patches = [ # nixos's downstream patches are not applicable
]; patches = [
];
# DTC= flag somehow breaks DTC compilation so we remove it # DTC= flag somehow breaks DTC compilation so we remove it
makeFlags = builtins.filter (s: (!(lib.strings.hasPrefix "DTC=" s))) o.makeFlags; makeFlags = builtins.filter (s: (!(lib.strings.hasPrefix "DTC=" s))) o.makeFlags;
preInstall = '' preInstall = ''
# compress so that m1n1 knows U-Boot's size and can find things after it # compress so that m1n1 knows U-Boot's size and can find things after it
gzip -n u-boot-nodtb.bin gzip -n u-boot-nodtb.bin
cat ${m1n1}/build/m1n1.bin arch/arm/dts/t[68]*.dtb u-boot-nodtb.bin.gz > m1n1-u-boot.bin cat ${m1n1}/build/m1n1.bin arch/arm/dts/t[68]*.dtb u-boot-nodtb.bin.gz > m1n1-u-boot.bin
''; '';
}) })

173
hosts/asahi/configuration.nix
View file

@ -2,108 +2,111 @@
# your system. Help is available in the configuration.nix(5) man page, on # your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
{ {
imports = [ imports = [
../global.nix ../global.nix
./hardware-configuration.nix ./hardware-configuration.nix
<apple-silicon-support/apple-silicon-support> <apple-silicon-support/apple-silicon-support>
]; ];
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot.loader = { boot.loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = false; efi.canTouchEfiVariables = false;
}; };
networking = { networking = {
hostName = "nixos-asahi"; hostName = "nixos-asahi";
firewall.enable = false; firewall.enable = false;
networkmanager.enable = true; networkmanager.enable = true;
}; };
# Set your time zone. # Set your time zone.
time.timeZone = "Europe/Paris"; time.timeZone = "Europe/Paris";
# Configure network proxy if necessary # Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties. # Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8"; # i18n.defaultLocale = "en_US.UTF-8";
# console = { # console = {
# font = "Lat2-Terminus32"; # font = "Lat2-Terminus32";
# keyMap = "us"; # keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty. # useXkbConfig = true; # use xkb.options in tty.
# }; # };
# Enable the X11 windowing system. # Enable the X11 windowing system.
# services.xserver.enable = true; # services.xserver.enable = true;
services = { services = {
pipewire = { pipewire = {
enable = true; enable = true;
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
jack.enable = true; jack.enable = true;
}; };
postgresql = { postgresql = {
enable = true; enable = true;
}; };
greetd = { greetd = {
enable = true; enable = true;
settings = { settings = {
default_session = { default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --remember --remember-user-session --time --cmd Hyprland"; command = "${pkgs.greetd.tuigreet}/bin/tuigreet --remember --remember-user-session --time --cmd Hyprland";
}; };
}; };
}; };
}; };
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Configure keymap in X11 # Enable CUPS to print documents.
# services.xserver.xkb.layout = "us"; # services.printing.enable = true;
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents. # Enable sound.
# services.printing.enable = true; # services.pulseaudio.enable = true;
# OR
# services.pipewire = {
# enable = true;
# pulse.enable = true;
# };
# Enable sound. # Enable touchpad support (enabled default in most desktopManager).
# services.pulseaudio.enable = true; # services.libinput.enable = true;
# OR
# services.pipewire = {
# enable = true;
# pulse.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager). programs.firefox.enable = true;
# services.libinput.enable = true; powerManagement.cpuFreqGovernor = "performance";
programs.firefox.enable = true; # List packages installed in system profile. To search, run:
powerManagement.cpuFreqGovernor = "performance"; # $ nix search wget
environment.systemPackages = with pkgs; [
mesa
git
vim
wget
];
# List packages installed in system profile. To search, run: virtualisation.docker.enable = true;
# $ nix search wget
environment.systemPackages = with pkgs; [
mesa
git
vim
wget
];
virtualisation.docker.enable = true; xdg.portal = {
enable = true;
extraPortals = [
pkgs.xdg-desktop-portal-hyprland
];
config.common.default = "*";
};
xdg.portal = { system.stateVersion = "25.05"; # Did you read the comment?
enable = true;
extraPortals = [
pkgs.xdg-desktop-portal-hyprland
];
config.common.default = "*";
};
system.stateVersion = "25.05"; # Did you read the comment?
} }

40
hosts/asahi/hardware-configuration.nix
View file

@ -1,28 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "usb_storage" "sdhci_pci" ]; boot.initrd.availableKernelModules = [
"usb_storage"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/6b7a615f-ed15-4dbc-9d6b-aac66c679bac"; device = "/dev/disk/by-uuid/6b7a615f-ed15-4dbc-9d6b-aac66c679bac";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/4D74-1AFF"; device = "/dev/disk/by-uuid/4D74-1AFF";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ]; options = [
}; "fmask=0022"
"dmask=0022"
];
};
swapDevices = [ ]; swapDevices = [ ];

260
hosts/fix/configuration.nix
View file

@ -1,141 +1,147 @@
{ inputs, config, pkgs, lib, ... }: {
inputs,
config,
pkgs,
lib,
...
}:
{ {
imports = [ imports = [
../global.nix ../global.nix
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/games/global.nix ../../modules/games/global.nix
../../services/discord.nix ../../services/discord.nix
../../services/games.nix ../../services/games.nix
]; ];
networking = { networking = {
hostName = "nixos-fix"; hostName = "nixos-fix";
firewall.enable = false; firewall.enable = false;
networkmanager.enable = true; networkmanager.enable = true;
wireless.enable = false; wireless.enable = false;
}; };
games = { games = {
lutris = true; lutris = true;
}; };
service = { service = {
minecraft = { minecraft = {
enium-pv = true; enium-pv = true;
}; };
bot_discord = { bot_discord = {
master = true; master = true;
music = true; music = true;
tempvoc = true; tempvoc = true;
ticket = true; ticket = true;
}; };
}; };
security.pam.services = { security.pam.services = {
greetd = { greetd = {
enableGnomeKeyring = true; enableGnomeKeyring = true;
}; };
swaylock = {}; swaylock = { };
}; };
users = { users = {
defaultUserShell = pkgs.zsh; defaultUserShell = pkgs.zsh;
users = { users = {
deb = { deb = {
isNormalUser = true; isNormalUser = true;
initialPassword = "pasadmin1234"; initialPassword = "pasadmin1234";
description = "deb"; description = "deb";
useDefaultShell = true; useDefaultShell = true;
extraGroups = [ extraGroups = [
"networkmanager" "networkmanager"
"dialout" "dialout"
"docker" "docker"
"video" "video"
]; ];
packages = with pkgs; [ packages = with pkgs; [
gnome-session gnome-session
home-manager home-manager
]; ];
}; };
}; };
}; };
# Bootloader. # Bootloader.
boot.loader = { boot.loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
wine-staging wine-staging
lutris lutris
dxvk dxvk
vkd3d vkd3d
]; ];
programs = { programs = {
appimage = { appimage = {
enable = true; enable = true;
binfmt = true; binfmt = true;
package = pkgs.appimage-run.override { extraPkgs = pkgs: [ pkgs.libthai ]; }; package = pkgs.appimage-run.override { extraPkgs = pkgs: [ pkgs.libthai ]; };
}; };
hyprland = { hyprland = {
enable = true; enable = true;
xwayland.enable = true; xwayland.enable = true;
}; };
steam = { steam = {
enable = true; enable = true;
gamescopeSession.enable = true; gamescopeSession.enable = true;
}; };
gamemode.enable = true; gamemode.enable = true;
}; };
services = { services = {
seatd.enable = true; seatd.enable = true;
xserver = { xserver = {
desktopManager.gnome.enable = true; desktopManager.gnome.enable = true;
displayManager.gdm.wayland = true; displayManager.gdm.wayland = true;
}; };
dbus.enable = true; dbus.enable = true;
openssh = { openssh = {
enable = true; enable = true;
ports = [ 42131 ]; ports = [ 42131 ];
}; };
pipewire = { pipewire = {
enable = true; enable = true;
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
jack.enable = true; jack.enable = true;
}; };
udev.extraRules = '' udev.extraRules = ''
SUBSYSTEM=="usb", ATTR{idVendor}=="0483", ATTR{idProduct}=="5740", MODE="0666" SUBSYSTEM=="usb", ATTR{idVendor}=="0483", ATTR{idProduct}=="5740", MODE="0666"
''; '';
redis.servers."" = { redis.servers."" = {
enable = true; enable = true;
}; };
postgresql = { postgresql = {
enable = true; enable = true;
}; };
greetd = { greetd = {
enable = true; enable = true;
settings = { settings = {
default_session = { default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --remember --user-menu --remember-user-session --time"; command = "${pkgs.greetd.tuigreet}/bin/tuigreet --remember --user-menu --remember-user-session --time";
}; };
}; };
}; };
}; };
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
xdg.portal = { xdg.portal = {
enable = true; enable = true;
extraPortals = [ extraPortals = [
pkgs.xdg-desktop-portal-hyprland pkgs.xdg-desktop-portal-hyprland
]; ];
config.common.default = "*"; config.common.default = "*";
}; };
system.stateVersion = "24.05"; system.stateVersion = "24.05";
} }

14
hosts/fix/hardware-configuration.nix
View file

@ -1,7 +1,13 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ imports = [
@ -17,12 +23,12 @@
"usbhid" "usbhid"
"sd_mod" "sd_mod"
]; ];
kernelModules = []; kernelModules = [ ];
}; };
kernelModules = [ kernelModules = [
"kvm-intel" "kvm-intel"
]; ];
extraModulePackages = []; extraModulePackages = [ ];
}; };
fileSystems = { fileSystems = {
@ -54,7 +60,7 @@
# networking.interfaces.docker0.useDHCP = lib.mkDefault true; # networking.interfaces.docker0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
services.xserver.videoDrivers = ["nvidia"]; services.xserver.videoDrivers = [ "nvidia" ];
hardware = { hardware = {
graphics.enable = true; graphics.enable = true;

187
hosts/global.nix
View file

@ -1,101 +1,106 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{ {
documentation = { documentation = {
enable = true; enable = true;
man.enable = true; man.enable = true;
dev.enable = true; dev.enable = true;
}; };
time.timeZone = "Europe/Paris"; time.timeZone = "Europe/Paris";
security.pam.services.swaylock = {}; security.pam.services.swaylock = { };
i18n = { i18n = {
defaultLocale = "en_US.UTF-8"; defaultLocale = "en_US.UTF-8";
extraLocaleSettings = { extraLocaleSettings = {
LC_ADDRESS = "fr_FR.UTF-8"; LC_ADDRESS = "fr_FR.UTF-8";
LC_IDENTIFICATION = "fr_FR.UTF-8"; LC_IDENTIFICATION = "fr_FR.UTF-8";
LC_MEASUREMENT = "fr_FR.UTF-8"; LC_MEASUREMENT = "fr_FR.UTF-8";
LC_MONETARY = "fr_FR.UTF-8"; LC_MONETARY = "fr_FR.UTF-8";
LC_NAME = "fr_FR.UTF-8"; LC_NAME = "fr_FR.UTF-8";
LC_NUMERIC = "fr_FR.UTF-8"; LC_NUMERIC = "fr_FR.UTF-8";
LC_PAPER = "fr_FR.UTF-8"; LC_PAPER = "fr_FR.UTF-8";
LC_TELEPHONE = "fr_FR.UTF-8"; LC_TELEPHONE = "fr_FR.UTF-8";
LC_TIME = "fr_FR.UTF-8"; LC_TIME = "fr_FR.UTF-8";
}; };
}; };
users = { users = {
defaultUserShell = pkgs.zsh; defaultUserShell = pkgs.zsh;
users = { users = {
raphael = { raphael = {
isNormalUser = true; isNormalUser = true;
description = "raphael"; description = "raphael";
useDefaultShell = true; useDefaultShell = true;
extraGroups = [ extraGroups = [
"networkmanager" "networkmanager"
"dialout" "dialout"
"plugdev" "plugdev"
"wheel" "wheel"
"docker" "docker"
"video" "video"
]; ];
packages = with pkgs; [ packages = with pkgs; [
home-manager home-manager
]; ];
}; };
}; };
}; };
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nix.settings = { nix.settings = {
download-buffer-size = 1048576; download-buffer-size = 1048576;
experimental-features = [ experimental-features = [
"nix-command" "nix-command"
"flakes" "flakes"
]; ];
}; };
programs = { programs = {
zsh.enable = true; zsh.enable = true;
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
bat bat
cairo cairo
dconf dconf
fastfetch fastfetch
git git
home-manager home-manager
lego lego
libjpeg libjpeg
libpng libpng
libuuid libuuid
linux-manual linux-manual
man man
man-pages man-pages
man-pages-posix man-pages-posix
networkmanager networkmanager
openssl openssl
pkg-config pkg-config
postgresql postgresql
protonup protonup
python3 python3
python3Packages.pip python3Packages.pip
qflipper qflipper
ripgrep ripgrep
swaylock swaylock
swaylock-fancy swaylock-fancy
tmux tmux
unzip unzip
vim vim
wget wget
wl-clipboard wl-clipboard
xclip xclip
xdg-desktop-portal-hyprland xdg-desktop-portal-hyprland
xsel xsel
yarn yarn
zsh zsh
]; ];
} }

89
hosts/server/configuration.nix
View file

@ -1,18 +1,12 @@
# **************************************************************************** # {
# # inputs,
# ::: :::::::: # config,
# configuration.nix :+: :+: :+: # pkgs,
# +:+ +:+ +:+ # lib,
# By: rparodi <rparodi@student.42.fr> +#+ +:+ +#+ # ...
# +#+#+#+#+#+ +#+ # }:
# Created: 2025/10/02 00:54:38 by rparodi #+# #+# #
# Updated: 2025/10/02 11:44:15 by rparodi ### ########.fr #
# #
# **************************************************************************** #
{ inputs, config, pkgs, lib, ... }: {
{
imports = [ imports = [
../global.nix ../global.nix
./hardware-configuration.nix ./hardware-configuration.nix
@ -57,14 +51,6 @@
}; };
}; };
programs = {
steam = {
enable = true;
gamescopeSession.enable = true;
};
gamemode.enable = true;
};
users = { users = {
defaultUserShell = pkgs.zsh; defaultUserShell = pkgs.zsh;
users = { users = {
@ -85,7 +71,6 @@
}; };
}; };
# Bootloader. # Bootloader.
boot.loader = { boot.loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
@ -94,44 +79,34 @@
services = { services = {
seatd.enable = true; seatd.enable = true;
displayManager = {
defaultSession = "steam";
gdm.enable = true;
autoLogin = {
enable = true;
user = "raphael";
};
};
xserver = { xserver = {
enable = true; enable = true;
videoDrivers = [ videoDrivers = [
"nvidia" "nvidia"
]; ];
}; };
dbus.enable = true; dbus.enable = true;
pipewire = { pipewire = {
enable = true; enable = true;
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
jack.enable = true; jack.enable = true;
};
openssh = {
enable = true;
ports = [ 42131 ];
};
udev.extraRules = ''
SUBSYSTEM=="usb", ATTR{idVendor}=="0483", ATTR{idProduct}=="5740", MODE="0666"
'';
redis.servers."" = {
enable = true;
};
postgresql = {
enable = true;
};
}; };
openssh = {
virtualisation.docker.enable = true; enable = true;
ports = [ 42131 ];
system.stateVersion = "24.05"; };
} udev.extraRules = ''
SUBSYSTEM=="usb", ATTR{idVendor}=="0483", ATTR{idProduct}=="5740", MODE="0666"
'';
redis.servers."" = {
enable = true;
};
postgresql = {
enable = true;
};
};
virtualisation.docker.enable = true;
system.stateVersion = "24.05";
}

126
hosts/server/hardware-configuration.nix
View file

@ -1,73 +1,79 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
# services.dbus.enable = true; # services.dbus.enable = true;
boot = { boot = {
initrd = { initrd = {
availableKernelModules = [ availableKernelModules = [
"xhci_pci" "xhci_pci"
"ahci" "ahci"
"usbhid" "usbhid"
"sd_mod" "sd_mod"
]; ];
kernelModules = []; kernelModules = [ ];
}; };
kernelModules = [ kernelModules = [
"kvm-intel" "kvm-intel"
]; ];
extraModulePackages = []; extraModulePackages = [ ];
}; };
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-uuid/a943d592-57d3-497e-bf43-49b50ac73f0b"; device = "/dev/disk/by-uuid/a943d592-57d3-497e-bf43-49b50ac73f0b";
fsType = "ext4"; fsType = "ext4";
}; };
"/boot" = { "/boot" = {
device = "/dev/disk/by-uuid/5AAB-0026"; device = "/dev/disk/by-uuid/5AAB-0026";
fsType = "vfat"; fsType = "vfat";
options = [ options = [
"fmask=0077" "fmask=0077"
"dmask=0077" "dmask=0077"
]; ];
}; };
"/mnt/data" = { "/mnt/data" = {
device = "/dev/disk/by-uuid/5729d30c-5806-4ccd-8a2a-080a258084dc"; device = "/dev/disk/by-uuid/5729d30c-5806-4ccd-8a2a-080a258084dc";
fsType = "ext4"; fsType = "ext4";
}; };
}; };
swapDevices = [ ]; swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.docker0.useDHCP = lib.mkDefault true; # networking.interfaces.docker0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
services.xserver.videoDrivers = ["nvidia"]; services.xserver.videoDrivers = [ "nvidia" ];
hardware = { hardware = {
graphics.enable = true; graphics.enable = true;
nvidia = { nvidia = {
open = false; open = false;
modesetting.enable = true; modesetting.enable = true;
powerManagement.enable = false; powerManagement.enable = false;
powerManagement.finegrained = false; powerManagement.finegrained = false;
nvidiaSettings = true; nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable; package = config.boot.kernelPackages.nvidiaPackages.stable;
}; };
}; };
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

47
modules/games/global.nix
View file

@ -1,21 +1,38 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
lutris = import ./lutris.nix { lutris = import ./lutris.nix {
inherit config pkgs lib; inherit config pkgs lib;
}; };
cfg = config.games; cfg = config.games;
in in
{ {
imports = [ imports = [
lutris lutris
]; ];
options.games = { options.games = {
lutris = lib.mkOption { steam = {
type = lib.types.bool; enable = lib.mkOption {
default = false; type = lib.types.bool;
description = "Enable lutris"; default = false;
}; description = "Enable steam installation";
}; };
bp = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable the autostart of steam in big picture";
};
};
lutris = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable lutris";
};
};
} }

25
modules/games/lutris.nix
View file

@ -1,15 +1,20 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
cfg = config.games.lutris; cfg = config.games.lutris;
in in
{ {
config = lib.mkIf cfg { config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
wine-staging wine-staging
lutris lutris
dxvk dxvk
vkd3d vkd3d
]; ];
}; };
} }

49
modules/games/steam.nix Normal file
View file

@ -0,0 +1,49 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.games.steam;
in
{
config = lib.mkIf cfg.enable {
programs.steam = {
enable = true;
gamescopeSession.enable = true;
extraCompatPackages = with pkgs; [
proton-ge-bin
];
};
programs.gamemode.enable = true;
systemd.user.services."steam-bp" = lib.mkIf cfg.bp {
description = "Steam Big Picture auto start";
wantedBy = [ "graphical-session.target" ];
serviceConfig = {
ExecStart = "${pkgs.steam}/bin/steam -tenfoot -fulldesktopres";
Restart = "on-failure";
Environment = [
"SDL_VIDEO_X11_DGAMOUSE=0"
"STEAM_USE_OGL=1"
"GAMEMODERUNEXEC=1"
];
};
};
services = {
desktopManager.plasma6.enable = lib.mkIf cfg.bp true;
displayManager = lib.mkIf cfg.bp {
defaultSession = "plasmax11";
sddm.enable = true;
autoLogin = {
enable = true;
user = "raphael";
};
};
};
};
}

71
services/bot_discord/ada.nix
View file

@ -1,39 +1,44 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
cfg = config.service.bot_discord.ada; cfg = config.service.bot_discord.ada;
in in
{ {
config = lib.mkIf cfg { config = lib.mkIf cfg {
users = { users = {
groups.dsc_ada = { groups.dsc_ada = {
name = "dsc_ada"; name = "dsc_ada";
}; };
users.dsc_ada = { users.dsc_ada = {
description = "Utilisateur pour le bot Ada"; description = "Utilisateur pour le bot Ada";
group = "dsc_ada"; group = "dsc_ada";
home = "/opt/Ada"; home = "/opt/Ada";
isSystemUser = true; isSystemUser = true;
}; };
}; };
systemd.services.bot_ada = { systemd.services.bot_ada = {
description = "Ada (chdoe asso) discord bot public"; description = "Ada (chdoe asso) discord bot public";
after = [ after = [
"network.target" "network.target"
]; ];
wantedBy = [ wantedBy = [
"multi-user.target" "multi-user.target"
]; ];
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
User = "dsc_ada"; User = "dsc_ada";
WorkingDirectory = "/opt/Ada"; WorkingDirectory = "/opt/Ada";
ExecStart = "/opt/Ada/bot.py"; ExecStart = "/opt/Ada/bot.py";
EnvironmentFile = "/opt/Ada/.env"; EnvironmentFile = "/opt/Ada/.env";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 5; RestartSec = 5;
}; };
}; };
}; };
} }

71
services/bot_discord/bde.nix
View file

@ -1,39 +1,44 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
cfg = config.service.bot_discord.bde; cfg = config.service.bot_discord.bde;
in in
{ {
config = lib.mkIf cfg { config = lib.mkIf cfg {
users = { users = {
groups.dsc_bde = { groups.dsc_bde = {
name = "dsc_bde"; name = "dsc_bde";
}; };
users.dsc_bde = { users.dsc_bde = {
description = "Utilisateur pour le bot BDE"; description = "Utilisateur pour le bot BDE";
group = "dsc_bde"; group = "dsc_bde";
home = "/opt/bde"; home = "/opt/bde";
isSystemUser = true; isSystemUser = true;
}; };
}; };
systemd.services.bot_bde = { systemd.services.bot_bde = {
description = "BDE discord bot public"; description = "BDE discord bot public";
after = [ after = [
"network.target" "network.target"
]; ];
wantedBy = [ wantedBy = [
"multi-user.target" "multi-user.target"
]; ];
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
User = "dsc_bde"; User = "dsc_bde";
WorkingDirectory = "/opt/Bde"; WorkingDirectory = "/opt/Bde";
ExecStart = "/opt/Bde/.venv/bin/python /opt/Bde/bot.py"; ExecStart = "/opt/Bde/.venv/bin/python /opt/Bde/bot.py";
EnvironmentFile = "/opt/Bde/.env"; EnvironmentFile = "/opt/Bde/.env";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 5; RestartSec = 5;
}; };
}; };
}; };
} }

71
services/bot_discord/bot_loc.nix
View file

@ -1,39 +1,44 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
cfg = config.service.bot_discord.tut; cfg = config.service.bot_discord.tut;
in in
{ {
config = lib.mkIf cfg { config = lib.mkIf cfg {
users = { users = {
groups.dsc_loc = { groups.dsc_loc = {
name = "dsc_loc"; name = "dsc_loc";
}; };
users.dsc_loc = { users.dsc_loc = {
description = "Utilisateur pour le bot tut"; description = "Utilisateur pour le bot tut";
group = "dsc_loc"; group = "dsc_loc";
home = "/opt/alerte_poste-master"; home = "/opt/alerte_poste-master";
isSystemUser = true; isSystemUser = true;
}; };
}; };
systemd.services.bot_loc = { systemd.services.bot_loc = {
description = "loc discord bot public"; description = "loc discord bot public";
after = [ after = [
"network.target" "network.target"
]; ];
wantedBy = [ wantedBy = [
"multi-user.target" "multi-user.target"
]; ];
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
User = "dsc_loc"; User = "dsc_loc";
WorkingDirectory = "/opt/alerte-poste"; WorkingDirectory = "/opt/alerte-poste";
ExecStart = "/opt/alerte-poste/.venv/bin/python /opt/alerte-poste/src/main.py"; ExecStart = "/opt/alerte-poste/.venv/bin/python /opt/alerte-poste/src/main.py";
EnvironmentFile = "/opt/alerte-poste/.env"; EnvironmentFile = "/opt/alerte-poste/.env";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 5; RestartSec = 5;
}; };
}; };
}; };
} }

87
services/bot_discord/marty.nix
View file

@ -1,47 +1,52 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
cfg = config.service.bot_discord.marty; cfg = config.service.bot_discord.marty;
in in
{ {
config = lib.mkIf cfg { config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
nodejs nodejs
]; ];
users = { users = {
groups.dsc_marty = { groups.dsc_marty = {
name = "dsc_marty"; name = "dsc_marty";
}; };
users.dsc_marty = { users.dsc_marty = {
description = "Utilisateur pour le bot BDE"; description = "Utilisateur pour le bot BDE";
group = "dsc_marty"; group = "dsc_marty";
home = "/opt/marty"; home = "/opt/marty";
isSystemUser = true; isSystemUser = true;
}; };
}; };
systemd.services.bot_marty = { systemd.services.bot_marty = {
description = "marty discord bot"; description = "marty discord bot";
after = [ after = [
"network.target" "network.target"
]; ];
wantedBy = [ wantedBy = [
"multi-user.target" "multi-user.target"
]; ];
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
User = "dsc_marty"; User = "dsc_marty";
WorkingDirectory = "/opt/marty"; WorkingDirectory = "/opt/marty";
Environment = "PATH=${pkgs.coreutils}/bin:${pkgs.bash}/bin:${pkgs.nodejs}/bin"; Environment = "PATH=${pkgs.coreutils}/bin:${pkgs.bash}/bin:${pkgs.nodejs}/bin";
ExecStartPre = [ ExecStartPre = [
"${pkgs.nodejs}/bin/npm install" "${pkgs.nodejs}/bin/npm install"
"${pkgs.nodejs}/bin/npm run build" "${pkgs.nodejs}/bin/npm run build"
]; ];
ExecStart = "${pkgs.nodejs}/bin/npm run start-prod"; ExecStart = "${pkgs.nodejs}/bin/npm run start-prod";
EnvironmentFile = "/opt/marty/.env"; EnvironmentFile = "/opt/marty/.env";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 5; RestartSec = 5;
}; };
}; };
}; };
} }

77
services/bot_discord/master.nix
View file

@ -1,41 +1,46 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
cfg = config.service.bot_discord.master; cfg = config.service.bot_discord.master;
in in
{ {
config = lib.mkIf cfg { config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
go go
]; ];
users = { users = {
groups.dsc_master = { groups.dsc_master = {
name = "dsc_master"; name = "dsc_master";
}; };
users.dsc_master = { users.dsc_master = {
description = "Utilisateur pour le bot master"; description = "Utilisateur pour le bot master";
group = "dsc_master"; group = "dsc_master";
home = "/opt/master"; home = "/opt/master";
isSystemUser = true; isSystemUser = true;
}; };
}; };
systemd.services.yagpdb = { systemd.services.yagpdb = {
description = "Enium discord master bot"; description = "Enium discord master bot";
after = [ after = [
"network.target" "network.target"
]; ];
wantedBy = [ wantedBy = [
"multi-user.target" "multi-user.target"
]; ];
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
User = "dsc_master"; User = "dsc_master";
WorkingDirectory = "/opt/yagpdb/cmd/yagpdb"; WorkingDirectory = "/opt/yagpdb/cmd/yagpdb";
ExecStart = "/opt/yagpdb/cmd/yagpdb/yagpdb -all -pa"; ExecStart = "/opt/yagpdb/cmd/yagpdb/yagpdb -all -pa";
EnvironmentFile = "/opt/yagpdb/cmd/yagpdb/sampleenvfile"; EnvironmentFile = "/opt/yagpdb/cmd/yagpdb/sampleenvfile";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 5; RestartSec = 5;
}; };
}; };
}; };
} }

69
services/bot_discord/music.nix
View file

@ -1,37 +1,42 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
cfg = config.service.bot_discord.music; cfg = config.service.bot_discord.music;
in in
{ {
config = lib.mkIf cfg { config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
nodejs nodejs
]; ];
users = { users = {
groups.dsc_music = { groups.dsc_music = {
name = "dsc_music"; name = "dsc_music";
}; };
users.dsc_music = { users.dsc_music = {
description = "Utilisateur pour le bot music"; description = "Utilisateur pour le bot music";
group = "dsc_music"; group = "dsc_music";
home = "/opt/music"; home = "/opt/music";
isSystemUser = true; isSystemUser = true;
}; };
}; };
systemd.services.music = { systemd.services.music = {
description = "Enium discord bot for music"; description = "Enium discord bot for music";
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
User = "dsc_music"; User = "dsc_music";
WorkingDirectory = "/opt/music"; WorkingDirectory = "/opt/music";
ExecStart = "${pkgs.nodejs}/bin/npm start"; ExecStart = "${pkgs.nodejs}/bin/npm start";
Environment = "PATH=${pkgs.coreutils}/bin:${pkgs.bash}/bin:${pkgs.nodejs}/bin"; Environment = "PATH=${pkgs.coreutils}/bin:${pkgs.bash}/bin:${pkgs.nodejs}/bin";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 5; RestartSec = 5;
}; };
}; };
}; };
} }

69
services/bot_discord/tempvoc.nix
View file

@ -1,37 +1,42 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
cfg = config.service.bot_discord.tempvoc; cfg = config.service.bot_discord.tempvoc;
in in
{ {
config = lib.mkIf cfg { config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
nodejs nodejs
]; ];
users = { users = {
groups.dsc_tempvoc = { groups.dsc_tempvoc = {
name = "dsc_tempvoc"; name = "dsc_tempvoc";
}; };
users.dsc_tempvoc = { users.dsc_tempvoc = {
description = "Utilisateur pour le bot tempvoc"; description = "Utilisateur pour le bot tempvoc";
group = "dsc_tempvoc"; group = "dsc_tempvoc";
home = "/opt/tempvoc"; home = "/opt/tempvoc";
isSystemUser = true; isSystemUser = true;
}; };
}; };
systemd.services.tempvoc = { systemd.services.tempvoc = {
description = "Enium discord bot for tempvoc"; description = "Enium discord bot for tempvoc";
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
User = "dsc_tempvoc"; User = "dsc_tempvoc";
WorkingDirectory = "/opt/tempvoc"; WorkingDirectory = "/opt/tempvoc";
ExecStart = "${pkgs.nodejs}/bin/npm start"; ExecStart = "${pkgs.nodejs}/bin/npm start";
Environment = "PATH=${pkgs.coreutils}/bin:${pkgs.bash}/bin:${pkgs.nodejs}/bin"; Environment = "PATH=${pkgs.coreutils}/bin:${pkgs.bash}/bin:${pkgs.nodejs}/bin";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 5; RestartSec = 5;
}; };
}; };
}; };
} }

69
services/bot_discord/ticket.nix
View file

@ -1,37 +1,42 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
cfg = config.service.bot_discord.ticket; cfg = config.service.bot_discord.ticket;
in in
{ {
config = lib.mkIf cfg { config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
nodejs nodejs
]; ];
users = { users = {
groups.dsc_ticket = { groups.dsc_ticket = {
name = "dsc_ticket"; name = "dsc_ticket";
}; };
users.dsc_ticket = { users.dsc_ticket = {
description = "Utilisateur pour le bot ticket"; description = "Utilisateur pour le bot ticket";
group = "dsc_ticket"; group = "dsc_ticket";
home = "/opt/ticket"; home = "/opt/ticket";
isSystemUser = true; isSystemUser = true;
}; };
}; };
systemd.services.ticket = { systemd.services.ticket = {
description = "Service for ticket"; description = "Service for ticket";
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
User = "dsc_ticket"; User = "dsc_ticket";
WorkingDirectory = "/opt/ticket"; WorkingDirectory = "/opt/ticket";
ExecStart = "${pkgs.nodejs}/bin/npm start"; ExecStart = "${pkgs.nodejs}/bin/npm start";
Environment = "PATH=${pkgs.coreutils}/bin:${pkgs.bash}/bin:${pkgs.nodejs}/bin"; Environment = "PATH=${pkgs.coreutils}/bin:${pkgs.bash}/bin:${pkgs.nodejs}/bin";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 5; RestartSec = 5;
}; };
}; };
}; };
} }

161
services/discord.nix
View file

@ -1,84 +1,89 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
master_bot = import ./bot_discord/master.nix { master_bot = import ./bot_discord/master.nix {
inherit config pkgs lib; inherit config pkgs lib;
}; };
music_bot = import ./bot_discord/music.nix { music_bot = import ./bot_discord/music.nix {
inherit config pkgs lib; inherit config pkgs lib;
}; };
tempvoc_bot = import ./bot_discord/tempvoc.nix { tempvoc_bot = import ./bot_discord/tempvoc.nix {
inherit config pkgs lib; inherit config pkgs lib;
}; };
ada_bot = import ./bot_discord/ada.nix { ada_bot = import ./bot_discord/ada.nix {
inherit config pkgs lib; inherit config pkgs lib;
}; };
tut_bot = import ./bot_discord/bot_loc.nix { tut_bot = import ./bot_discord/bot_loc.nix {
inherit config pkgs lib; inherit config pkgs lib;
}; };
bde_bot = import ./bot_discord/bde.nix { bde_bot = import ./bot_discord/bde.nix {
inherit config pkgs lib; inherit config pkgs lib;
}; };
marty_bot = import ./bot_discord/marty.nix { marty_bot = import ./bot_discord/marty.nix {
inherit config pkgs lib; inherit config pkgs lib;
}; };
ticket_bot = import ./bot_discord/ticket.nix { ticket_bot = import ./bot_discord/ticket.nix {
inherit config pkgs lib; inherit config pkgs lib;
}; };
cfg = config.service.bot_discord; cfg = config.service.bot_discord;
in in
{ {
imports = [ imports = [
ada_bot ada_bot
bde_bot bde_bot
tut_bot tut_bot
master_bot master_bot
music_bot music_bot
tempvoc_bot tempvoc_bot
ticket_bot ticket_bot
marty_bot marty_bot
]; ];
options.service.bot_discord = { options.service.bot_discord = {
master = lib.mkOption { master = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "Enable master bot"; description = "Enable master bot";
}; };
ada = lib.mkOption { ada = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "Enable ada bot"; description = "Enable ada bot";
}; };
tut = lib.mkOption { tut = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "enable tut bot"; description = "enable tut bot";
}; };
bde = lib.mkOption { bde = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "enable bde bot"; description = "enable bde bot";
}; };
marty = lib.mkOption { marty = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "Enable marty bot"; description = "Enable marty bot";
}; };
music = lib.mkOption { music = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "Enable music bot"; description = "Enable music bot";
}; };
tempvoc = lib.mkOption { tempvoc = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "Enable tempvoc bot"; description = "Enable tempvoc bot";
}; };
ticket = lib.mkOption { ticket = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "Enable ticket bot"; description = "Enable ticket bot";
}; };
}; };
} }

35
services/forty_two.nix
View file

@ -1,21 +1,26 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
irc = import ./forty_two/irc.nix { irc = import ./forty_two/irc.nix {
inherit config pkgs lib; inherit config pkgs lib;
}; };
cfg = config.service.forty_two; cfg = config.service.forty_two;
in in
{ {
imports = [ imports = [
irc irc
]; ];
options.service.forty_two = { options.service.forty_two = {
irc = lib.mkOption { irc = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "Enable the ft_irc server"; description = "Enable the ft_irc server";
}; };
}; };
} }

83
services/forty_two/irc.nix
View file

@ -1,45 +1,50 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
cfg = config.service.forty_two.irc; cfg = config.service.forty_two.irc;
in in
{ {
config = lib.mkIf cfg { config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
llvmPackages.clang llvmPackages.clang
llvmPackages.clang-tools llvmPackages.clang-tools
gnumake gnumake
]; ];
users = { users = {
groups.ft_irc = { groups.ft_irc = {
name = "ft_irc"; name = "ft_irc";
}; };
users.ft_irc = { users.ft_irc = {
description = "Utilisateur the ft_irc server"; description = "Utilisateur the ft_irc server";
group = "ft_irc"; group = "ft_irc";
home = "/opt/irc/"; home = "/opt/irc/";
isSystemUser = true; isSystemUser = true;
}; };
}; };
systemd.services.ft_irc = { systemd.services.ft_irc = {
description = "Upload our irc on my own server"; description = "Upload our irc on my own server";
after = [ after = [
"network.target" "network.target"
]; ];
wantedBy = [ wantedBy = [
"multi-user.target" "multi-user.target"
]; ];
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
User = "ft_irc"; User = "ft_irc";
WorkingDirectory = "/opt/irc"; WorkingDirectory = "/opt/irc";
ExecStartPre = "${pkgs.git}/bin/git pull"; ExecStartPre = "${pkgs.git}/bin/git pull";
ExecStart = "/opt/irc/ircserv 4243 irc"; ExecStart = "/opt/irc/ircserv 4243 irc";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 30; RestartSec = 30;
RemainAfterExit = false; RemainAfterExit = false;
}; };
}; };
}; };
} }

17
services/games.nix
View file

@ -1,12 +1,23 @@
{ inputs, config, pkgs, lib, ... }: {
inputs,
config,
pkgs,
lib,
...
}:
let let
enium-pv = import ./games/minecraft.nix { enium-pv = import ./games/minecraft.nix {
inherit inputs config pkgs lib; inherit
inputs
config
pkgs
lib
;
}; };
cfg = config.service; cfg = config.service;
in in
{ {
imports = [ imports = [
enium-pv enium-pv
]; ];

64
services/games/minecraft.nix
View file

@ -1,36 +1,42 @@
{ inputs, config, pkgs, lib, ... }: {
inputs,
config,
pkgs,
lib,
...
}:
let let
cfg = config.service.games.enium-pv; cfg = config.service.games.enium-pv;
in in
{ {
imports = [ imports = [
inputs.minecraft.nixosModules.minecraft-servers inputs.minecraft.nixosModules.minecraft-servers
]; ];
config = lib.mkIf cfg { config = lib.mkIf cfg {
nixpkgs.overlays = [ nixpkgs.overlays = [
inputs.minecraft.overlay inputs.minecraft.overlay
]; ];
services.minecraft-servers = { services.minecraft-servers = {
enable = true; enable = true;
eula = true; eula = true;
servers.enium-pv = { servers.enium-pv = {
enable = true; enable = true;
package = pkgs.fabricServers.fabric-1_20_1; package = pkgs.fabricServers.fabric-1_20_1;
jvmOpts = "-Xms4092M -Xmx4092M"; jvmOpts = "-Xms4092M -Xmx4092M";
serverProperties = { serverProperties = {
difficulty = 3; difficulty = 3;
gamemode = 0; gamemode = 0;
max-players = 42; max-players = 42;
motd = "§l §3 Enium Survival§r\n§l §b Whitelisted Server"; motd = "§l §3 Enium Survival§r\n§l §b Whitelisted Server";
server-port = 64421; server-port = 64421;
spawn-protection=16; spawn-protection = 16;
white-list = true; white-list = true;
}; };
restart = "no"; restart = "no";
}; };
}; };
}; };
} }

166
services/self_host.nix
View file

@ -1,71 +1,107 @@
{ inputs, config, pkgs, lib, ... }: {
inputs,
config,
pkgs,
lib,
...
}:
let let
htop = import ./self_host/htop.nix { htop = import ./self_host/htop.nix {
inherit inputs config pkgs lib; inherit
}; inputs
mail = import ./self_host/mail.nix { config
inherit inputs config pkgs lib; pkgs
}; lib
monitor = import ./self_host/monitor.nix { ;
inherit inputs config pkgs lib; };
}; mail = import ./self_host/mail.nix {
teamspeak = import ./self_host/teamspeak.nix { inherit
inherit inputs config pkgs lib; inputs
}; config
ollama = import ./self_host/ollama.nix { pkgs
inherit inputs config pkgs lib; lib
}; ;
nextcloud = import ./self_host/nextcloud.nix { };
inherit inputs config pkgs lib; monitor = import ./self_host/monitor.nix {
}; inherit
cfg = config.service.selfhost; inputs
config
pkgs
lib
;
};
teamspeak = import ./self_host/teamspeak.nix {
inherit
inputs
config
pkgs
lib
;
};
ollama = import ./self_host/ollama.nix {
inherit
inputs
config
pkgs
lib
;
};
nextcloud = import ./self_host/nextcloud.nix {
inherit
inputs
config
pkgs
lib
;
};
cfg = config.service.selfhost;
in in
{ {
imports = [ imports = [
nextcloud nextcloud
mail mail
htop htop
ollama ollama
teamspeak teamspeak
monitor monitor
]; ];
config = { config = {
services.nginx = { services.nginx = {
enable = true; enable = true;
}; };
}; };
options.service.selfhost = { options.service.selfhost = {
htop = lib.mkOption { htop = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "Enable the htop"; description = "Enable the htop";
}; };
teamspeak = lib.mkOption { teamspeak = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "Enable the teamspeak"; description = "Enable the teamspeak";
}; };
ollama = lib.mkOption { ollama = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "Enable the ollama"; description = "Enable the ollama";
}; };
mail = lib.mkOption { mail = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "Enable the mail"; description = "Enable the mail";
}; };
monitor = lib.mkOption { monitor = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "Enable the monitor"; description = "Enable the monitor";
}; };
nextcloud = lib.mkOption { nextcloud = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "Enable the nextcloud"; description = "Enable the nextcloud";
}; };
}; };
} }

35
services/self_host/htop.nix
View file

@ -1,21 +1,26 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
cfg = config.service.selfhost.monitor; cfg = config.service.selfhost.monitor;
in in
{ {
config = lib.mkIf cfg { config = lib.mkIf cfg {
services = { services = {
glances.enable = true; glances.enable = true;
nginx.virtualHosts."htop.enium.eu" = { nginx.virtualHosts."htop.enium.eu" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:61208"; proxyPass = "http://127.0.0.1:61208";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
}; };
}; };
} }

77
services/self_host/mail.nix
View file

@ -1,42 +1,47 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
cfg = config.service.selfhost.mail; cfg = config.service.selfhost.mail;
in in
{ {
config = lib.mkIf cfg { config = lib.mkIf cfg {
services.rspamd.enable = true; services.rspamd.enable = true;
mailserver = { mailserver = {
enable = true; enable = true;
stateVersion = 3; stateVersion = 3;
fqdn = "mail.enium.eu"; fqdn = "mail.enium.eu";
domains = [ domains = [
"enium.eu" "enium.eu"
]; ];
loginAccounts = { loginAccounts = {
"no-reply@enium.eu" = { "no-reply@enium.eu" = {
hashedPasswordFile = "/root/mail-passwd.txt"; hashedPasswordFile = "/root/mail-passwd.txt";
}; };
}; };
certificateScheme = "acme-nginx"; certificateScheme = "acme-nginx";
}; };
services = { services = {
roundcube = { roundcube = {
enable = true; enable = true;
hostName = "mail.enium.eu"; hostName = "mail.enium.eu";
extraConfig = '' extraConfig = ''
$config['smtp_host'] = "tls://mail.enium.eu"; $config['smtp_host'] = "tls://mail.enium.eu";
$config['smtp_user'] = "%u"; $config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p"; $config['smtp_pass'] = "%p";
''; '';
}; };
nginx = { nginx = {
virtualHosts."mail.enium.eu" = { virtualHosts."mail.enium.eu" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
}; };
}; };
}; };
}; };
} }

333
services/self_host/monitor.nix
View file

@ -1,170 +1,189 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
cfg = config.service.selfhost.monitor; cfg = config.service.selfhost.monitor;
monitored = [ "nginx" "grafana" ]; monitored = [
email = "raphael@enium.eu"; "nginx"
"grafana"
];
email = "raphael@enium.eu";
in in
{ {
config = lib.mkIf cfg { config = lib.mkIf cfg {
services.grafana = { services.grafana = {
enable = true; enable = true;
package = pkgs.grafana; package = pkgs.grafana;
dataDir = "/var/lib/grafana"; dataDir = "/var/lib/grafana";
}; };
environment.etc."process-exporter.json".text = builtins.toJSON { environment.etc."process-exporter.json".text = builtins.toJSON {
procMatchers = lib.map (svc: { procMatchers = lib.map (svc: {
name = svc; name = svc;
cmdline = [ cmdline = [
"${svc}:" "${svc}:"
]; ];
}) monitored; }) monitored;
}; };
systemd.services.process_exporter = { systemd.services.process_exporter = {
description = "Prometheus Process Exporter"; description = "Prometheus Process Exporter";
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.prometheus-process-exporter}/bin/process-exporter --config.path /etc/process-exporter.json"; ExecStart = "${pkgs.prometheus-process-exporter}/bin/process-exporter --config.path /etc/process-exporter.json";
Restart = "always"; Restart = "always";
}; };
}; };
services.prometheus = { services.prometheus = {
enable = true; enable = true;
checkConfig = false; checkConfig = false;
exporters = { exporters = {
blackbox = { blackbox = {
enable = true; enable = true;
configFile = pkgs.writeText "blackbox-exporter.yml" '' configFile = pkgs.writeText "blackbox-exporter.yml" ''
modules: modules:
http_2xx: http_2xx:
prober: http prober: http
timeout: 5s timeout: 5s
http: http:
valid_http_versions: ["HTTP/1.1", "HTTP/2.0"] valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
valid_status_codes: [] valid_status_codes: []
method: GET method: GET
no_follow_redirects: false no_follow_redirects: false
fail_if_not_ssl: false fail_if_not_ssl: false
''; '';
}; };
node.enable = true; node.enable = true;
systemd.enable = true; systemd.enable = true;
}; };
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "systemd_exporter"; job_name = "systemd_exporter";
metrics_path = "/metrics"; metrics_path = "/metrics";
static_configs = [{ static_configs = [
targets = [ {
"127.0.0.1:9558" targets = [
]; "127.0.0.1:9558"
}]; ];
} }
{ ];
job_name = "node_exporter"; }
static_configs = [{ {
targets = [ job_name = "node_exporter";
"127.0.0.1:9100" static_configs = [
]; {
}]; targets = [
} "127.0.0.1:9100"
{ ];
job_name = "process_exporter"; }
metrics_path = "/metrics"; ];
scheme = "http"; }
static_configs = [{ {
targets = [ job_name = "process_exporter";
"127.0.0.1:9256" metrics_path = "/metrics";
]; scheme = "http";
}]; static_configs = [
} {
{ targets = [
job_name = "blackbox_http_probe"; "127.0.0.1:9256"
metrics_path = "/probe"; ];
params = { }
module = [ ];
"http_2xx" }
]; {
}; job_name = "blackbox_http_probe";
static_configs = [{ metrics_path = "/probe";
targets = [ params = {
"https://raphael.parodi.pro" module = [
"https://nextcloud.enium.eu" "http_2xx"
"https://htop.enium.eu" ];
"https://monitor.enium.eu" };
"https://ollama.enium.eu" static_configs = [
"http://relance-pas-stp.me:4242" {
]; targets = [
}]; "https://raphael.parodi.pro"
relabel_configs = [ "https://nextcloud.enium.eu"
{ source_labels = [ "__address__" ]; "https://htop.enium.eu"
target_label = "__param_target"; "https://monitor.enium.eu"
} "https://ollama.enium.eu"
{ source_labels = [ "__param_target" ]; "http://relance-pas-stp.me:4242"
target_label = "instance"; ];
} }
{ target_label = "__address__"; ];
replacement = "127.0.0.1:9115"; relabel_configs = [
} {
]; source_labels = [ "__address__" ];
proxy_url = "http://127.0.0.1:9115"; target_label = "__param_target";
} }
]; {
ruleFiles = lib.mkForce [ "/etc/prometheus/services.rules" ]; source_labels = [ "__param_target" ];
}; target_label = "instance";
}
{
target_label = "__address__";
replacement = "127.0.0.1:9115";
}
];
proxy_url = "http://127.0.0.1:9115";
}
];
ruleFiles = lib.mkForce [ "/etc/prometheus/services.rules" ];
};
environment.etc."prometheus/services.rules".text = '' environment.etc."prometheus/services.rules".text = ''
groups: groups:
- name: services - name: services
rules: rules:
- alert: nginxServiceDown - alert: nginxServiceDown
expr: process_up{job="process_exporter",name="nginx"} == 0 expr: process_up{job="process_exporter",name="nginx"} == 0
for: 1m for: 1m
labels: labels:
severity: critical severity: critical
annotations: annotations:
summary: "Processus nginx arrêté" summary: "Processus nginx arrêté"
description: "Le processus nginx ne tourne plus depuis >1m." description: "Le processus nginx ne tourne plus depuis >1m."
- alert: nginxServiceUp - alert: nginxServiceUp
expr: process_up{job="process_exporter",name="nginx"} == 1 expr: process_up{job="process_exporter",name="nginx"} == 1
for: 1m for: 1m
labels: labels:
severity: info severity: info
annotations: annotations:
summary: "Processus nginx rétabli" summary: "Processus nginx rétabli"
description: "Le processus nginx tourne de nouveau." description: "Le processus nginx tourne de nouveau."
- alert: grafanaServiceDown - alert: grafanaServiceDown
expr: process_up{job="process_exporter",name="grafana"} == 0 expr: process_up{job="process_exporter",name="grafana"} == 0
for: 1m for: 1m
labels: labels:
severity: critical severity: critical
annotations: annotations:
summary: "Processus grafana arrêté" summary: "Processus grafana arrêté"
description: "Le processus grafana ne tourne plus depuis >1m." description: "Le processus grafana ne tourne plus depuis >1m."
- alert: grafanaServiceUp - alert: grafanaServiceUp
expr: process_up{job="process_exporter",name="grafana"} == 1 expr: process_up{job="process_exporter",name="grafana"} == 1
for: 1m for: 1m
labels: labels:
severity: info severity: info
annotations: annotations:
summary: "Processus grafana rétabli" summary: "Processus grafana rétabli"
description: "Le processus grafana tourne de nouveau." description: "Le processus grafana tourne de nouveau."
''; '';
services.nginx.virtualHosts."monitor.enium.eu" = { services.nginx.virtualHosts."monitor.enium.eu" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:3000"; proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
}; };
} }

71
services/self_host/nextcloud.nix
View file

@ -1,38 +1,43 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
cfg = config.service.selfhost.nextcloud; cfg = config.service.selfhost.nextcloud;
dataDir = "/mnt/data/nextcloud"; dataDir = "/mnt/data/nextcloud";
in in
{ {
config = lib.mkIf cfg { config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
php php
]; ];
services = { services = {
nextcloud = { nextcloud = {
enable = true; enable = true;
https = true; https = true;
package = pkgs.nextcloud31; package = pkgs.nextcloud31;
hostName = "nextcloud.enium.eu"; hostName = "nextcloud.enium.eu";
datadir = "/mnt/data/nextcloud/"; datadir = "/mnt/data/nextcloud/";
config = { config = {
adminpassFile = "/etc/nextcloud-pass.txt"; adminpassFile = "/etc/nextcloud-pass.txt";
adminuser = "OwnedByTheEniumTeam"; adminuser = "OwnedByTheEniumTeam";
dbtype = "sqlite"; dbtype = "sqlite";
}; };
settings = { settings = {
trusted_domains = [ trusted_domains = [
"192.168.1.254" "192.168.1.254"
]; ];
default_phone_region = "FR"; default_phone_region = "FR";
}; };
}; };
nginx.virtualHosts."nextcloud.enium.eu".enableACME = true; nginx.virtualHosts."nextcloud.enium.eu".enableACME = true;
nginx.virtualHosts."nextcloud.enium.eu".forceSSL = true; nginx.virtualHosts."nextcloud.enium.eu".forceSSL = true;
nginx.virtualHosts."nextcloud.enium.eu".locations."~ \.php$".extraConfig = '' nginx.virtualHosts."nextcloud.enium.eu".locations."~ \.php$".extraConfig = ''
fastcgi_pass unix:/run/phpfpm-nextcloud.sock; fastcgi_pass unix:/run/phpfpm-nextcloud.sock;
''; '';
}; };
}; };
} }

55
services/self_host/ollama.nix
View file

@ -1,31 +1,36 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
cfg = config.service.selfhost.ollama; cfg = config.service.selfhost.ollama;
in in
{ {
config = lib.mkIf cfg { config = lib.mkIf cfg {
services = { services = {
ollama = { ollama = {
enable = true; enable = true;
loadModels = [ loadModels = [
"qwen2.5:3b" "qwen2.5:3b"
]; ];
acceleration = "cuda"; acceleration = "cuda";
}; };
open-webui = { open-webui = {
enable = true; enable = true;
port = 13007; port = 13007;
}; };
nginx.virtualHosts."ollama.enium.eu" = { nginx.virtualHosts."ollama.enium.eu" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:13007"; proxyPass = "http://127.0.0.1:13007";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
}; };
}; };
} }

39
services/self_host/teamspeak.nix
View file

@ -1,23 +1,28 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
cfg = config.service.selfhost.monitor; cfg = config.service.selfhost.monitor;
in in
{ {
config = lib.mkIf cfg { config = lib.mkIf cfg {
services = { services = {
teamspeak3 = { teamspeak3 = {
enable = true; enable = true;
}; };
nginx.virtualHosts."ts.enium.eu" = { nginx.virtualHosts."ts.enium.eu" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:9987"; proxyPass = "http://127.0.0.1:9987";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
}; };
}; };
} }

69
services/web.nix
View file

@ -1,35 +1,46 @@
{ inputs, config, pkgs, lib, ... }: {
inputs,
config,
pkgs,
lib,
...
}:
let let
portefolio = import ./web/portefolio.nix { portefolio = import ./web/portefolio.nix {
inherit inputs config pkgs lib; inherit
}; inputs
cfg = config.service.web; config
pkgs
lib
;
};
cfg = config.service.web;
in in
{ {
imports = [ imports = [
portefolio portefolio
]; ];
config = { config = {
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedProxySettings = true; recommendedProxySettings = true;
}; };
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "raphael@parodi.pro"; defaults.email = "raphael@parodi.pro";
certs = { certs = {
"raphael.parodi.pro" = {}; "raphael.parodi.pro" = { };
}; };
}; };
}; };
options.service.web = { options.service.web = {
portefolio = lib.mkOption { portefolio = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "Enable the portefolio"; description = "Enable the portefolio";
}; };
}; };
} }

79
services/web/portefolio.nix
View file

@ -1,43 +1,48 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
cfg = config.service.web.portefolio; cfg = config.service.web.portefolio;
in in
{ {
config = lib.mkIf cfg { config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
nodejs nodejs
pnpm pnpm
]; ];
users = { users = {
groups.web_portefolio = { groups.web_portefolio = {
name = "web_portefolio"; name = "web_portefolio";
}; };
users.web_portefolio = { users.web_portefolio = {
description = "Utilisateur pour le bot BDE"; description = "Utilisateur pour le bot BDE";
group = "web_portefolio"; group = "web_portefolio";
home = "/opt/portefolio/"; home = "/opt/portefolio/";
isSystemUser = true; isSystemUser = true;
}; };
}; };
services.nginx = { services.nginx = {
virtualHosts."raphael.parodi.pro" = { virtualHosts."raphael.parodi.pro" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
root = "/opt/portefolio/dist"; root = "/opt/portefolio/dist";
index = "index.html"; index = "index.html";
extraConfig = '' extraConfig = ''
try_files $uri /index.html; try_files $uri /index.html;
''; '';
}; };
}; };
}; };
security.acme = { security.acme = {
certs = { certs = {
"raphael.parodi.pro" = {}; "raphael.parodi.pro" = { };
}; };
}; };
}; };
} }