tom/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 38 Wiki Activity

Compare commits

base: tom:e13360f
Branches Tags
tom:master tom:new-42-homes
tom:fb2b3f8 tom:9a95e51 tom:5e54902 tom:074dff4 tom:fbc2491 tom:4b66e24 tom:e13360f tom:1e46d42 tom:7aef691 tom:84bc2fd tom:ea44897 tom:6c35b8f tom:76702ea tom:b261195 tom:6651ba4 tom:093ac9c tom:d6ca7ba tom:17e3fc6 tom:0da2264 tom:f14bc8c tom:c766b08 tom:116e81d tom:e645798 tom:79ad288 tom:5b3d741 tom:9d132e5 tom:8248d4b tom:18df257 tom:c9ffd8a tom:4ff3ab5 tom:633eea8 tom:3b7c490 tom:3239948 tom:10c46e1 tom:5f64559 tom:a82be1d tom:f5ea128 tom:3207899 tom:e2e9a60 tom:26448d5 tom:4d14020 tom:a6eaa69
..
compare: tom:fbc2491
Branches Tags
tom:master tom:new-42-homes
tom:fb2b3f8 tom:9a95e51 tom:5e54902 tom:074dff4 tom:fbc2491 tom:4b66e24 tom:e13360f tom:1e46d42 tom:7aef691 tom:84bc2fd tom:ea44897 tom:6c35b8f tom:76702ea tom:b261195 tom:6651ba4 tom:093ac9c tom:d6ca7ba tom:17e3fc6 tom:0da2264 tom:f14bc8c tom:c766b08 tom:116e81d tom:e645798 tom:79ad288 tom:5b3d741 tom:9d132e5 tom:8248d4b tom:18df257 tom:c9ffd8a tom:4ff3ab5 tom:633eea8 tom:3b7c490 tom:3239948 tom:10c46e1 tom:5f64559 tom:a82be1d tom:f5ea128 tom:3207899 tom:e2e9a60 tom:26448d5 tom:4d14020 tom:a6eaa69

2 Commits
e13360f ... fbc2491

Author SHA1 Message Date
tomoron
fbc24916b5 refactor os configurations
All checks were successful
Build iso when a new version is pushed / test (push) Successful in 2m10s
Details
2025-09-06 01:27:10 +02:00
tomoron
4b66e2489b add fuse nextcloud and age encrypted passwords
All checks were successful
Build iso when a new version is pushed / test (push) Successful in 2m8s
Details
2025-09-05 20:01:58 +02:00
28 changed files with 628 additions and 287 deletions
Expand all files Collapse all files

7
.sops.yaml Normal file
View File

@ -0,0 +1,7 @@
keys:
- &primary age1sjzkhwr8ycdsmuj8xg8y4v2hcpuq9vethnhytxtwzeury692dsxqf80fwv
creation_rules:
- path_regex: secrets/secrets.yaml$
key_groups:
- age:
- *primary

23
flake.lock generated
View File

@ -114,7 +114,28 @@
"firefox-addons": "firefox-addons", "firefox-addons": "firefox-addons",
"home-manager": "home-manager", "home-manager": "home-manager",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1754988908,
"narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "3223c7a92724b5d804e9988c6b447a0d09017d48",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
} }
} }
}, },

23
flake.nix
View File

@ -6,7 +6,7 @@
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ # # By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ # # +#+#+#+#+#+ +#+ #
# Created: 2024/10/17 18:15:24 by tomoron #+# #+# # # Created: 2024/10/17 18:15:24 by tomoron #+# #+# #
# Updated: 2025/08/30 19:38:12 by tomoron ### ########.fr # # Updated: 2025/09/06 00:58:57 by tomoron ### ########.fr #
# # # #
# **************************************************************************** # # **************************************************************************** #
@ -16,6 +16,12 @@
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
catppuccin.url = "github:catppuccin/nix"; catppuccin.url = "github:catppuccin/nix";
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -40,7 +46,7 @@
osConfig = {flakeName, extraModules ? []}: nixpkgs.lib.nixosSystem { osConfig = {flakeName, extraModules ? []}: nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; flakeName = flakeName; }; specialArgs = { inherit inputs; flakeName = flakeName; };
modules = nixpkgs.lib.concatLists [ modules = nixpkgs.lib.concatLists [
[./osConfigs/global.nix ./osConfigs/hosts/${flakeName}.nix catppuccin.nixosModules.catppuccin] [./osConfigs/os.nix ./osConfigs/hosts/${flakeName}.nix catppuccin.nixosModules.catppuccin]
extraModules extraModules
]; ];
}; };
@ -49,14 +55,20 @@
inherit pkgs; inherit pkgs;
extraSpecialArgs = { inherit inputs; username = username; homeDir = homeDir; isOs = false; }; extraSpecialArgs = { inherit inputs; username = username; homeDir = homeDir; isOs = false; };
modules = nixpkgs.lib.concatLists [ modules = nixpkgs.lib.concatLists [
[ ./homeConfigs/home.nix ./homeConfigs/hosts/${flakeName}.nix catppuccin.homeModules.catppuccin ] [
./homeConfigs/home.nix
./homeConfigs/hosts/${flakeName}.nix
catppuccin.homeModules.catppuccin
inputs.sops-nix.homeManagerModules.sops
]
extraModules extraModules
]; ];
}; };
in { in {
nixosConfigurations = { server = osConfig {flakeName = "server";}; nixosConfigurations = {
server = osConfig {flakeName = "server";};
vbox = osConfig {flakeName = "vbox";}; vbox = osConfig {flakeName = "vbox";};
laptop = osConfig {flakeName = "laptop"; extraModules = [ nixos-hardware.nixosModules.asus-zephyrus-ga401 ];}; laptop = osConfig {flakeName = "laptop"; extraModules = [ nixos-hardware.nixosModules.asus-zephyrus-ga401 ];};
desktop = osConfig {flakeName = "desktop";}; desktop = osConfig {flakeName = "desktop";};
@ -67,8 +79,6 @@
modules = [ modules = [
(nixpkgs + "/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix") (nixpkgs + "/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix")
./osConfigs/hosts/iso.nix ./osConfigs/hosts/iso.nix
inputs.home-manager.nixosModules.default
]; ];
}; };
}; };
@ -81,5 +91,6 @@
desktop = homeConfig { flakeName = "desktop"; }; desktop = homeConfig { flakeName = "desktop"; };
server = homeConfig { flakeName = "server"; }; server = homeConfig { flakeName = "server"; };
}; };
}; };
} }

26
homeConfigs/home.nix
View File

@ -6,11 +6,11 @@
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ # # By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ # # +#+#+#+#+#+ +#+ #
# Created: 2024/10/17 18:15:38 by tomoron #+# #+# # # Created: 2024/10/17 18:15:38 by tomoron #+# #+# #
# Updated: 2025/08/30 20:34:23 by tomoron ### ########.fr # # Updated: 2025/09/05 19:55:21 by tomoron ### ########.fr #
# # # #
# **************************************************************************** # # **************************************************************************** #
{lib, pkgs, username ? "tom" ,homeDir ? "/home/tom", isOs ? false, ... }: {lib, pkgs, config, username ? "tom" ,homeDir ? "/home/tom", isOs ? false, ... }:
{ {
imports = lib.concatLists [ imports = lib.concatLists [
@ -23,6 +23,28 @@
home.stateVersion = "24.05"; home.stateVersion = "24.05";
sops.defaultSopsFile = ../secrets/secrets.yaml;
sops.age.keyFile = "${homeDir}/.config/sops/age/keys.txt";
sops.secrets."nextcloud_fuse/password" = {};
programs.rclone.enable = true;
programs.rclone.remotes.nextcloud = {
config = {
type = "webdav";
url = "https://nc.tmoron.fr/remote.php/dav/files/tom";
vendor = "nextcloud";
user = "tom";
};
secrets.pass = config.sops.secrets."nextcloud_fuse/password".path;
mounts = {
"/" = {
enable = true;
mountPoint = "${homeDir}/nextcloud";
options.vfs-cache-mode = "writes";
};
};
};
# programs.ghostty.enable = true; # programs.ghostty.enable = true;
# programs.ghostty.settings = { # programs.ghostty.settings = {
# theme = "catppuccin-mocha"; # theme = "catppuccin-mocha";

1
homeConfigs/modules/vim.nix
View File

@ -28,7 +28,6 @@
autocmd BufWinLeave *.* mkview autocmd BufWinLeave *.* mkview
autocmd BufWinEnter *.* silent! loadview autocmd BufWinEnter *.* silent! loadview
set tabstop=4 set tabstop=4
set shiftwidth=4
set scrolloff=10 set scrolloff=10
set preserveindent set preserveindent
map <silent> <C-N> :bnext<CR> map <silent> <C-N> :bnext<CR>

3
homeConfigs/packages.nix
View File

@ -6,7 +6,7 @@
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ # # By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ # # +#+#+#+#+#+ +#+ #
# Created: 2025/02/09 22:01:56 by tomoron #+# #+# # # Created: 2025/02/09 22:01:56 by tomoron #+# #+# #
# Updated: 2025/09/02 23:33:04 by tomoron ### ########.fr # # Updated: 2025/09/05 19:28:45 by tomoron ### ########.fr #
# # # #
# **************************************************************************** # # **************************************************************************** #
@ -44,5 +44,6 @@
nerd-fonts.iosevka nerd-fonts.iosevka
compiledb compiledb
yubikey-personalization yubikey-personalization
sops
]; ];
} }

29
osConfigs/global/boot.nix Normal file
View File

@ -0,0 +1,29 @@
# **************************************************************************** #
# #
# ::: :::::::: #
# boot.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/05 23:37:58 by tomoron #+# #+# #
# Updated: 2025/09/06 00:56:38 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{lib, pkgs, ... } :
{
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
boot.loader = {
systemd-boot.enable = true;
systemd-boot.memtest86.enable = true;
efi.canTouchEfiVariables = true;
timeout = 1;
};
services.journald.extraConfig = ''
SystemMaxUse=100M
SystemMaxFileSize=50M
'';
}

18
osConfigs/global/nix.nix Normal file
View File

@ -0,0 +1,18 @@
# **************************************************************************** #
# #
# ::: :::::::: #
# nix.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/05 23:42:17 by tomoron #+# #+# #
# Updated: 2025/09/05 23:42:20 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{ ... }:
{
nix.settings.experimental-features = ["nix-command" "flakes"];
nixpkgs.config.allowUnfree = true;
}

55
osConfigs/global.nix → osConfigs/global/other.nix
View File

@ -1,74 +1,35 @@
# **************************************************************************** # # **************************************************************************** #
# # # #
# ::: :::::::: # # ::: :::::::: #
# global.nix :+: :+: :+: # # other.nix :+: :+: :+: #
# +:+ +:+ +:+ # # +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ # # By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ # # +#+#+#+#+#+ +#+ #
# Created: 2025/02/09 01:43:46 by tomoron #+# #+# # # Created: 2025/02/09 01:43:46 by tomoron #+# #+# #
# Updated: 2025/09/02 17:30:10 by tomoron ### ########.fr # # Updated: 2025/09/06 00:51:46 by tomoron ### ########.fr #
# # # #
# **************************************************************************** # # **************************************************************************** #
{ lib, pkgs, flakeName, ... }: { lib, ... }:
{ {
imports = lib.concatLists [[ networking.hostName = lib.mkDefault "unnamed-nixos";
./hardware-configuration.nix
./packages.nix
]
(lib.fileset.toList ./modules)
];
nix.settings.experimental-features = ["nix-command" "flakes"];
nixpkgs.config.allowUnfree = true;
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
boot.loader = {
systemd-boot.enable = true;
systemd-boot.memtest86.enable = true;
efi.canTouchEfiVariables = true;
timeout = 1;
};
networking.networkmanager.enable = lib.mkDefault true; networking.networkmanager.enable = lib.mkDefault true;
programs.fuse.enable = true;
time.timeZone = "Europe/Paris"; time.timeZone = "Europe/Paris";
services.xserver.enable = lib.mkDefault true; services.xserver.enable = lib.mkDefault true;
services.xserver.displayManager.startx.enable = true; services.xserver.displayManager.startx.enable = true;
programs.hyprland.enable = lib.mkDefault true;
services.pipewire = { services.pipewire = {
enable = true; enable = true;
pulse.enable = true; pulse.enable = true;
}; };
users.users.tom = {
isNormalUser = true;
extraGroups = [
"wheel" # can sudo
"docker" # can use docker
"libvirtd" # can use libvirtd
"dialout" # can use serial devices
"wireshark" # can use wireshask
];
initialPassword = "password";
};
virtualisation.docker.enable = true;
virtualisation.docker.enableOnBoot = lib.mkDefault false;
programs.hyprland.enable = lib.mkDefault true;
system.stateVersion = "24.05";
environment.etc.nixosFlakeName.text = "${flakeName}";
services.journald.extraConfig = ''
SystemMaxUse=100M
SystemMaxFileSize=50M
'';
hardware.logitech.wireless.enable = true; hardware.logitech.wireless.enable = true;
hardware.logitech.wireless.enableGraphical = true; hardware.logitech.wireless.enableGraphical = true;
} }

25
osConfigs/global/packages.nix Normal file
View File

@ -0,0 +1,25 @@
# **************************************************************************** #
# #
# ::: :::::::: #
# packages.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/06 00:57:21 by tomoron #+# #+# #
# Updated: 2025/09/06 00:57:26 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
home-manager
vim
pciutils
usbutils
ntfs3g
cryptsetup
acpi
];
}

28
osConfigs/global/user.nix Normal file
View File

@ -0,0 +1,28 @@
# **************************************************************************** #
# #
# ::: :::::::: #
# user.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/05 23:42:18 by tomoron #+# #+# #
# Updated: 2025/09/06 00:57:32 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{ ... }:
{
users.users.tom = {
isNormalUser = true;
extraGroups = [
"wheel" # can sudo
"docker" # can use docker
"libvirtd" # can use libvirtd
"dialout" # can use serial devices
"wireshark" # can use wireshask
];
initialPassword = "password";
};
}

15
osConfigs/hosts/desktop.nix
View File

@ -1,11 +1,22 @@
# **************************************************************************** #
# #
# ::: :::::::: #
# desktop.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/06 00:57:04 by tomoron #+# #+# #
# Updated: 2025/09/06 00:57:05 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{ config, lib, inputs, pkgs, ... }: { config, lib, inputs, pkgs, ... }:
{ {
boot.kernelParams = [ "nvidia-drm-modset=1" ]; boot.kernelParams = [ "nvidia-drm-modset=1" ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
cudatoolkit lm_sensors # can be user (and global)
lm_sensors
]; ];
networking.hostName = "nixos-fixe"; networking.hostName = "nixos-fixe";

25
osConfigs/hosts/iso.nix
View File

@ -1,8 +1,20 @@
{lib, inputs, pkgs, ... }: # **************************************************************************** #
# #
# ::: :::::::: #
# iso.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/06 00:57:02 by tomoron #+# #+# #
# Updated: 2025/09/06 00:57:03 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{lib, ... }:
{ {
imports = [ imports = [
../packages.nix ../global/packages.nix
]; ];
users.users.tom = { users.users.tom = {
@ -13,13 +25,4 @@
services.getty.autologinUser = lib.mkForce "tom"; services.getty.autologinUser = lib.mkForce "tom";
services.getty.helpLine = lib.mkForce ""; services.getty.helpLine = lib.mkForce "";
# programs.hyprland.enable = true;
# home-manager.extraSpecialArgs = { inherit inputs; inherit pkgs; isOs = true;};
# home-manager.users.tom = {
# imports = [
# ../../homeConfigs/home.nix
# ../../homeConfigs/hosts/iso.nix
# ];
# };
} }

62
osConfigs/hosts/laptop.nix
View File

@ -1,7 +1,20 @@
# **************************************************************************** #
# #
# ::: :::::::: #
# laptop.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/06 00:56:57 by tomoron #+# #+# #
# Updated: 2025/09/06 01:11:42 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
boot.initrd.luks.yubikeySupport = true; boot.initrd.luks.yubikeySupport = true;
services.udev.packages = [ pkgs.yubikey-personalization ];
boot.initrd.kernelModules = [ "vfat" "nls_cp437" "nls_iso8859-1" "usbhid" ]; boot.initrd.kernelModules = [ "vfat" "nls_cp437" "nls_iso8859-1" "usbhid" ];
boot.initrd.luks.devices.cryptroot = { boot.initrd.luks.devices.cryptroot = {
device = "/dev/disk/by-uuid/a4593b01-069d-4a5d-a550-74a762b89b3f"; device = "/dev/disk/by-uuid/a4593b01-069d-4a5d-a550-74a762b89b3f";
@ -18,10 +31,11 @@
}; };
}; };
boot.blacklistedKernelModules = [ "nvidia" "nvidia_drm" "nvidia_uvm" ]; boot.blacklistedKernelModules = [ "nvidia" "nvidia_drm" "nvidia_uvm" ]; #speeds up startup
mods.displayManager.enable = true; mods.displayManager.enable = true;
mods.virtualManager.enable = false; mods.virtualHost.enable = false;
mods.yubikey.pam.enable = true;
networking.firewall.enable = false; networking.firewall.enable = false;
networking.hostName = "patate-douce"; networking.hostName = "patate-douce";
@ -52,40 +66,26 @@
environment.systemPackages = with pkgs; [ looking-glass-client ]; environment.systemPackages = with pkgs; [ looking-glass-client ];
}; };
programs.virt-manager.enable = true;
virtualisation.libvirtd.enable = true;
virtualisation.libvirtd.qemu.runAsRoot = true;
virtualisation.libvirtd.qemu.vhostUserPackages = [ pkgs.virtiofsd ];
networking.dhcpcd.enable = false; networking.dhcpcd.enable = false;
systemd.network.enable = true; systemd.network.enable = true;
networking.useNetworkd = true; networking.useNetworkd = true;
environment.systemPackages = with pkgs; [
acpi
tlp
fprintd
];
hardware.nvidia.prime.offload = {
enable = true;
enableOffloadCmd = true;
};
services.libinput.enable = true;
services.libinput.touchpad.clickMethod = "clickfinger";
services.libinput.touchpad.tapping = false;
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;
#power management environment.systemPackages = with pkgs; [
powerManagement.enable = true; acpi # can be user (global)
powerManagement.cpuFreqGovernor = "powersave"; ];
mods.touchpad.enable = true;
mods.powerSave.enable = true;
services.asusd = { services.asusd = {
enable = true; enable = true;
enableUserService = true; enableUserService = true;
}; };
services.supergfxd.enable = true; services.supergfxd.enable = true;
services.supergfxd.settings = { services.supergfxd.settings = {
mode = "Integrated"; mode = "Integrated";
@ -97,17 +97,15 @@
hotplug_type = "None"; hotplug_type = "None";
}; };
services.upower.enable = true;
services.udev.packages = [ pkgs.yubikey-personalization ];
programs.wireshark.enable = true; programs.wireshark.enable = true;
programs.wireshark.usbmon.enable = true; programs.wireshark.usbmon.enable = true;
programs.alvr.enable = true; mods.docker.enable = true;
programs.alvr.openFirewall = true; mods.gayming.enable = true;
mods.nvidia.enable = true;
mods.nvidia.prime = true;
services.usbmuxd.enable = true; # services.usbmuxd.enable = true; #hangs when shutting down
# boot.plymouth = { # boot.plymouth = {
# enable = true; # enable = true;

112
osConfigs/hosts/server.nix
View File

@ -1,99 +1,75 @@
# **************************************************************************** #
# #
# ::: :::::::: #
# server.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/06 00:57:09 by tomoron #+# #+# #
# Updated: 2025/09/06 01:26:26 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{ config, lib, inputs, pkgs, ... }: { config, pkgs, ... }:
{ let
imports = [ ports = [
../modules/game.nix 22 #git ssh
../modules/vboxHost.nix 80 443 #http server
../modules/nvidia.nix 5000 #frigate
8083 137 138 139 445 548 3702 5357 #prob some samba shit
24454 #minecraft voice chat
25565 # minecraft server
]; ];
portRanges = [
{from = 47950; to = 49000;} #moonlight (wolf)
];
in
{
boot.kernelPackages = pkgs.linuxPackages; boot.kernelPackages = pkgs.linuxPackages;
boot.extraModulePackages = [ config.boot.kernelPackages.gasket ]; boot.extraModulePackages = [
config.boot.kernelPackages.gasket #driver for google coral edge tpu
];
networking.hostName = "server";
services.openssh.enable = true; services.openssh.enable = true;
services.openssh.settings.PasswordAuthentication = false; services.openssh.settings.PasswordAuthentication = false;
services.openssh.ports = [ 1880 ]; services.openssh.ports = [ 1880 ];
services.xserver.videoDrivers = [ "nvidia" ];
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''
options amdgpu virtual_display=1 options amdgpu virtual_display=1
''; ''; #create dummy display to be able to start x11
environment.systemPackages = with pkgs; [
zfs
nvidia-docker
libnvidia-container
screen
];
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];
# services.cron.enable = false; environment.systemPackages = with pkgs; [
# services.cron.systemCronJobs = [ zfs
# # m h dom m dow screen #can be user (and global)
# # https://crontab.guru <3
# ];
networking.firewall.allowedTCPPorts = [
22 #git ssh
80 443 #http server
5000 #frigate
8083 137 138 139 445 548 3702 5357 #prob some samba shit
24454 #minecraft voice chat
25565 # minecraft server
];
networking.firewall.allowedUDPPorts = [
22 #git ssh
80 443 #http server
5000 #frigate
8083 137 138 139 445 548 3702 5357 #prob some samba shit
24454 #minecraft voice chat
25565 # minecraft server
];
networking.firewall.allowedUDPPortRanges = [
{from = 47950; to = 49000;}
];
networking.firewall.allowedTCPPortRanges = [
{from = 47950; to = 49000;}
]; ];
networking = { networking = {
hostName = "server";
interfaces.eth0.ipv4.addresses = [ { interfaces.eth0.ipv4.addresses = [ {
address = "192.168.1.24"; address = "192.168.1.24";
prefixLength = 24; prefixLength = 24;
} ]; }
];
defaultGateway.address = "192.168.1.254"; defaultGateway.address = "192.168.1.254";
defaultGateway.interface = "eth0"; defaultGateway.interface = "eth0";
nameservers = ["8.8.8.8" "8.8.4.4" "1.1.1.1"]; nameservers = ["8.8.8.8" "8.8.4.4" "1.1.1.1"];
hostId = "68290da7"; hostId = "68290da7";
};
virtualisation.docker = {
liveRestore = false;
enableOnBoot = true;
# daemon.settings = {
# runtimes.nvidia.path = "${pkgs.nvidia-docker}/bin/nvidia-container-runtime";
# exec-opts = ["native.cgroupdriver=cgroupfs"];
# };
firewall.allowedTCPPorts = ports;
firewall.allowedUDPPorts = ports;
firewall.allowedUDPPortRanges = portRanges;
firewall.allowedTCPPortRanges = portRanges;
}; };
services.fail2ban.enable = true; services.fail2ban.enable = true;
services.fail2ban.bantime = "2h"; services.fail2ban.bantime = "5h";
hardware.nvidia-container-toolkit.enable = true; mods.docker = {
enable = true;
hardware.nvidia = { boot = true;
package = config.boot.kernelPackages.nvidiaPackages.beta;
open = true;
# prime.nvidiaBusId = "PCI:1:0:0";
# prime.amdgpuBusId = "PCI:13:0:0";
# prime.sync.enable = true;
# modesetting.enable = true;
}; };
} }

15
osConfigs/hosts/vbox.nix
View File

@ -1,9 +1,18 @@
# **************************************************************************** #
# #
# ::: :::::::: #
# vbox.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/06 00:56:42 by tomoron #+# #+# #
# Updated: 2025/09/06 00:56:52 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{ ... }: { ... }:
{ {
virtualisation.virtualbox.guest.enable = true; virtualisation.virtualbox.guest.enable = true;
mods.nvidia-graphics.enable = false;
mods.virtualManager.enable = false;
mods.gayming.enable = false;
} }

14
osConfigs/modules/displayManager.nix
View File

@ -1,10 +1,22 @@
# **************************************************************************** #
# #
# ::: :::::::: #
# displayManager.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/05 23:47:16 by tomoron #+# #+# #
# Updated: 2025/09/06 00:56:38 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{config, lib, ... }: {config, lib, ... }:
{ {
options.mods.displayManager.enable = lib.mkOption { options.mods.displayManager.enable = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "enable the display manager"; description = "enable the ly display manager";
}; };
config = lib.mkIf config.mods.displayManager.enable { config = lib.mkIf config.mods.displayManager.enable {

36
osConfigs/modules/docker.nix Normal file
View File

@ -0,0 +1,36 @@
# **************************************************************************** #
# #
# ::: :::::::: #
# docker.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/06 00:10:58 by tomoron #+# #+# #
# Updated: 2025/09/06 01:06:23 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{ config, lib, ... }:
{
options.mods.docker = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "enable docker";
};
boot = lib.mkOption {
type = lib.types.bool;
default = false;
description = "start docker with the system (if false, trigered by docker.socket)";
};
};
config = lib.mkIf config.mods.docker.enable {
virtualisation.docker = {
enable = true;
liveRestore = false;
enableOnBoot = config.mods.docker.boot;
};
};
}

16
osConfigs/modules/game.nix
View File

@ -1,10 +1,22 @@
# **************************************************************************** #
# #
# ::: :::::::: #
# game.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/05 23:47:09 by tomoron #+# #+# #
# Updated: 2025/09/05 23:54:57 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{config, lib, ... }: {config, lib, ... }:
{ {
options.mods.gayming.enable = lib.mkOption { options.mods.gayming.enable = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = true; default = false;
description = "enable games on the host"; description = "enable steam and other";
}; };
config = lib.mkIf config.mods.gayming.enable { config = lib.mkIf config.mods.gayming.enable {

54
osConfigs/modules/nvidia.nix
View File

@ -1,19 +1,65 @@
# **************************************************************************** #
# #
# ::: :::::::: #
# nvidia.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/05 23:47:19 by tomoron #+# #+# #
# Updated: 2025/09/06 01:12:34 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{ config, lib, inputs, pkgs, ... }:
{ config, lib, ... }:
{ {
options.mods.nvidia-graphics.enable = lib.mkOption { options.mods.nvidia = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "enable nvidia drivers";
};
beta = lib.mkOption {
type = lib.types.bool;
default = false;
description = "use beta version of the drivers";
};
open = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = true; default = true;
description = "enable my nvidia graphics settings"; description = "use beta version of the drivers";
};
containerToolkit = lib.mkOption {
type = lib.types.bool;
default = false;
description = "enable the nvidia container toolkit (gpu in docker)";
};
prime = lib.mkOption {
type = lib.types.bool;
default = false;
description = "enable nvidia prime offload (saves battery)";
};
}; };
config = lib.mkIf config.mods.nvidia-graphics.enable { config = lib.mkIf config.mods.nvidia.enable {
hardware.graphics = { hardware.graphics = {
enable = true; enable = true;
enable32Bit = true; enable32Bit = true;
}; };
hardware.nvidia = {
package = lib.mkIf config.mods.nvidia.beta config.boot.kernelPackages.nvidiaPackages.beta;
open = config.mods.nvidia.open;
prime.offload = lib.mkIf config.mods.nvidia.prime {
enable = true;
enableOffloadCmd = true;
};
};
hardware.nvidia-container-toolkit.enable = config.mods.nvidia.containerToolkit;
services.xserver.videoDrivers = ["nvidia"]; services.xserver.videoDrivers = ["nvidia"];
}; };

31
osConfigs/modules/powerSave.nix Normal file
View File

@ -0,0 +1,31 @@
# **************************************************************************** #
# #
# ::: :::::::: #
# powerSave.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/06 00:45:04 by tomoron #+# #+# #
# Updated: 2025/09/06 01:02:29 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{ config, lib, ... }:
{
options.mods.powerSave = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "enable services and settings to save power";
};
};
config = lib.mkIf config.mods.powerSave.enable {
services.tlp.enable = true;
powerManagement.enable = true;
powerManagement.cpuFreqGovernor = "powersave";
services.upower.enable = true;
mods.nvidia.prime = true;
};
}

29
osConfigs/modules/touchpad.nix Normal file
View File

@ -0,0 +1,29 @@
# **************************************************************************** #
# #
# ::: :::::::: #
# touchpad.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/06 00:39:41 by tomoron #+# #+# #
# Updated: 2025/09/06 01:02:41 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{ config, lib, ... }:
{
options.mods.touchpad = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "enable touchpad support";
};
};
config = lib.mkIf config.mods.touchpad.enable {
services.libinput.enable = true;
services.libinput.touchpad.clickMethod = "clickfinger";
services.libinput.touchpad.tapping = false;
};
}

19
osConfigs/modules/vboxHost.nix
View File

@ -1,19 +0,0 @@
{ config, lib, inputs, pkgs, ... }:
{
options.mods.virtualManager.enable = lib.mkOption {
type = lib.types.bool;
default = true;
description = "enable virtual manager as host";
};
config = lib.mkIf config.mods.virtualManager.enable {
programs.virt-manager.enable = true;
virtualisation.libvirtd.enable = true;
virtualisation.libvirtd.qemu.runAsRoot = true;
virtualisation.libvirtd.qemu.vhostUserPackages = [ pkgs.virtiofsd ];
virtualisation.spiceUSBRedirection.enable = true;
environment.systemPackages = with pkgs; [ spice-gtk ];
};
}

31
osConfigs/modules/virtualHost.nix Normal file
View File

@ -0,0 +1,31 @@
# **************************************************************************** #
# #
# ::: :::::::: #
# virtualHost.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/05 23:47:19 by tomoron #+# #+# #
# Updated: 2025/09/06 01:03:07 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{ config, lib, pkgs, ... }:
{
options.mods.virtualHost.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "enable virtual manager as host";
};
config = lib.mkIf config.mods.virtualHost.enable {
programs.virt-manager.enable = true;
virtualisation.libvirtd.enable = true;
virtualisation.libvirtd.qemu.runAsRoot = true;
virtualisation.libvirtd.qemu.vhostUserPackages = [ pkgs.virtiofsd ];
virtualisation.spiceUSBRedirection.enable = true;
environment.systemPackages = with pkgs; [ spice-gtk ];
};
}

30
osConfigs/modules/yubikey.nix
View File

@ -1,20 +1,32 @@
{ config, lib, inputs, pkgs, ... }: # **************************************************************************** #
# #
# ::: :::::::: #
# yubikey.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/05 23:47:20 by tomoron #+# #+# #
# Updated: 2025/09/06 01:03:54 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{ config, lib, pkgs, ... }:
{ {
options.mods.yubikey = { options.mods.yubikey.pam = {
enable = lib.mkOption { enable = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = true; default = false;
description = "enable yubikey"; description = "enable yubikey pam module\nuse `ykpamcfg` to configure";
}; };
id = lib.mkOption { id = lib.mkOption {
type = lib.str; type = lib.str;
description = "yubikey id"; description = "id of the yubikey written under connector";
}; };
}; };
config = lib.mkIf config.mods.yubikey.enable { config = lib.mkIf config.mods.yubikey.pam.enable {
programs.gnupg.agent = { programs.gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
@ -22,8 +34,12 @@
security.pam.yubico = { security.pam.yubico = {
enable = true; enable = true;
id = config.mods.yubikey.id; id = config.mods.yubikey.pam.id;
mode = "challenge-response"; mode = "challenge-response";
}; };
environment.systemPackages = with pkgs; [
yubico-pam
];
}; };
} }

24
osConfigs/os.nix Normal file
View File

@ -0,0 +1,24 @@
# **************************************************************************** #
# #
# ::: :::::::: #
# os.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/06 00:56:36 by tomoron #+# #+# #
# Updated: 2025/09/06 00:56:37 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{ lib, flakeName, ... }:
{
imports = lib.concatLists [
[ ./hardware-configuration.nix ]
(lib.fileset.toList ./global)
(lib.fileset.toList ./modules)
];
system.stateVersion = "25.05";
environment.etc.nixosFlakeName.text = "${flakeName}";
}

14
osConfigs/packages.nix
View File

@ -1,14 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
home-manager
vim
pciutils
usbutils
ntfs3g
cryptsetup
acpi
yubico-pam
];
}

18
secrets/secrets.yaml Normal file
View File

@ -0,0 +1,18 @@
#ENC[AES256_GCM,data:1NcFm2XqZzmSSlr8wH4aXHDBhf+lOaZ/gUeK2T/U/hIBbqtfKtw=,iv:yS5iogRp6e3We/7wZnGy0XJzqLVfRVKlDhUs+tamcJ0=,tag:+z/qqF9n6/hQfv9aWXkCDQ==,type:comment]
nextcloud_fuse:
password: ENC[AES256_GCM,data:Rlyc9wO3rXJ97AAMzM+vJclEJ+eaSPtHkitqRL0=,iv:yuS2Tyo2HZGVb9tbWmmgOEwkyzLhlvq8iZ2YjGD0u9E=,tag:pf8n4pTvseh1pd12w8w4tw==,type:str]
sops:
age:
- recipient: age1sjzkhwr8ycdsmuj8xg8y4v2hcpuq9vethnhytxtwzeury692dsxqf80fwv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPRXNiNG9vRzJraERMSytl
Qkc4SVluRWQ1bE5Dc2FpaHQ2WGkxeHF2TWdjCml3OXpockc0NFJ6dDJTVzNjLzNU
cWxHTzhBVno1TlVDaXplR2tuN2wzN0kKLS0tIG5pWmcxYlhlb1lCN3RqNG5hRFJS
clZaazZQdW5wYUhUNmM0QW91K0NLOTAKB6z7cKg54QmJo0U03u6RQkSCfJOAdeJa
DiyPYjm02BNe8YPFbBFRpyT7G++j3h0yG+/Nr2zcQFyMMEpMv5QJvg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-09-05T17:58:05Z"
mac: ENC[AES256_GCM,data:96G7VqaG8A46tQ1L7I2asiYtNZF7K3Wf+SzbwPrNV8zQio2jInawtD4WSzHmLs4Nv7M1TBHug/ho8mfYq6auXgpathiSzvj0Tzs/IEKXiTYa86tM3szwAepavMYWOl6OYJ7S39ku6BOMo3qC2BK/gpT5iy4c84ashn2wFd1n41A=,iv:6TShIsqnhCf/3uoAaz/R+Cwr2HrorROOXodXluTKM8M=,tag:BA9rQ73scKgetW3orV0HdQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2