ADD : nixos conf files

2021-12-16 14:04:27 +01:00 · 2021-12-16 14:04:27 +01:00 · d738205f0d
parent 57e273175b
commit d738205f0d
5 changed files with 290 additions and 0 deletions
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@ -0,0 +1,119 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      <nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
+      ./hardware-configuration.nix
+      ./services.nix
+      ./scanner.nix
+      ./packages.nix
+    ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader = {
+    systemd-boot.enable = true;
+    efi.canTouchEfiVariables = true;
+  }; 
+
+   hardware.logitech.wireless.enable = true;
+   hardware.logitech.wireless.enableGraphical = true;
+
+services.printing.enable = true;
+  services.printing.drivers = [ pkgs.brlaser ];
+
+   # Video acceleration
+#   hardware.opengl.extraPackages;
+   # Enable Bluetooth
+hardware.bluetooth.enable = true;
+services.blueman.enable = true;
+   # Enable sane and brscan4 for DSP-7055
+    hardware = { 
+      sane = {
+	enable = true;
+	brscan4 = {
+	  enable = true;
+	  };
+      };
+    };
+  security = {
+    apparmor.enable = true;
+    pam = {
+      u2f = {
+        enable = true;
+        control = "requisite";
+      };
+      services = {
+        login.u2fAuth = true;
+        lightdm.u2fAuth = true;
+      };
+    };
+  };
+  networking.hostName = "Alexos"; # Define your hostname.
+
+  # Set your time zone.
+  time.timeZone = "Europe/Paris";
+
+  networking = {
+    dhcpcd.enable = true;
+    networkmanager = {
+      enable = true;
+      unmanaged = [ "interface-name:ve-*" ];
+    };
+    firewall.enable = true;
+    extraHosts = 
+     ''
+      10.105.42.181 blog.example.fr php.example.com wordpress.example.com wp.example.com
+      192.168.111.5 millefeuille.sandbox.lan dvs00001.sandbox.lan
+      192.168.111.6 foreman.sandbox.lan dvs00002.sandbox.lan
+      46.18.193.160 clients-admin.bienprevoir.fr
+      46.18.192.72 preprod.ofpra.gouv.fr ofpra.gouv.fr
+      10.105.42.115 produ-host.fr
+     '';
+  };
+
+  i18n.defaultLocale = "fr_FR.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "fr";
+  };
+
+  fonts = {
+    fontDir.enable = true;
+    enableGhostscriptFonts = true;
+    fonts = with pkgs; [
+      corefonts
+      vistafonts
+      inconsolata
+      terminus_font
+      proggyfonts
+      dejavu_fonts
+      font-awesome-ttf
+      font-awesome
+      nerdfonts
+      source-code-pro
+      source-sans-pro
+      source-serif-pro
+    ];
+  };
+
+
+  system.stateVersion = "21.05"; # Did you read the comment?
+  users = {
+    users.ntp.group = "ntp";
+    groups.ntp = {};
+    defaultUserShell = "/run/current-system/sw/bin/fish";
+    extraUsers.alexandre = {
+      isNormalUser = true;
+      home = "/home/alexandre";
+      description = "alexandre";
+      extraGroups = [ "wheel" "networkmanager" "docker" "libvirtd" "vboxusers" "scanner" "lp" ];
+      hashedPassword = "$6$7m77oPQxa$W9YnRLo1X2eqztBHwpoH8diHGkBno5O39AMyL9Qm8y8I6uW63H2Nwx4p239OG5zhOxA8J1lZvHTQ3hKPSP9mT/";
+    };
+  };
+
+}
--- a/nixos/hardware-configuration.nix
+++ b/nixos/hardware-configuration.nix
@ -0,0 +1,45 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" "vfat" "nls_cp437" "nls_iso8859-1" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/bf44b13d-47d1-4f27-8dc5-c11e48052496";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/0839-8A0F";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  boot.initrd.luks.yubikeySupport = true;
+
+# Configuration to use your Luks device
+  boot.initrd.luks.devices = {
+    "partitions" = {
+      device = "/dev/sda2";
+      preLVM = true; # You may want to set this to false if you need to start a network service first
+      yubikey = {
+        slot = 2;
+        twoFactor = true; # Set to false if you did not set up a user password.
+        storage = {
+          device = "/dev/sda1";
+        };
+      };
+    }; 
+  };
+}
--- a/nixos/packages.nix
+++ b/nixos/packages.nix
@ -0,0 +1,26 @@
+
+{ config, pkgs, ... }:
+{
+  
+  environment.systemPackages = with pkgs; [
+
+    wget lshw openssh bc scrot zsh unzip zip file which vim gnumake tmux
+    gitAndTools.gitFull
+    dmenu i3lock polybar
+    mplayer 
+    gnome3.dconf
+    pulseaudioLight pavucontrol paprefs 
+    docker 
+    firefox
+    usbutils ntfs3g 
+    exfat-utils gsmartcontrol
+    powerline-fonts 
+    networkmanagerapplet
+    xorg.xbacklight
+    xfontsel
+    font-manager
+    utf8proc 
+    font-awesome-ttf
+    pam_u2f
+  ];
+}
--- a/nixos/scanner.nix
+++ b/nixos/scanner.nix
@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... } : {
+
+#<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>:w
+  hardware.sane = {
+    enable = true;
+    dsseries.enable = true;
+  };
+
+  # Allow unfree software for libsane-dsseries only
+  nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem (builtins.parseDrvName pkg.pname).name
+  [
+    "libsane-dsseries"
+  ]);
+}
--- a/nixos/services.nix
+++ b/nixos/services.nix
@ -0,0 +1,86 @@
+{ config, pkgs, ... }:
+
+{
+
+  hardware = {
+    pulseaudio = {
+      enable = true;
+    };
+  };
+
+  # upgrade
+
+  programs = {
+    mtr.enable = true ; 
+    zsh.enable = true;
+    fish.enable = true;
+    ssh = {
+      setXAuthLocation = true;   
+      forwardX11 = true;
+    };
+  };
+
+
+  # SERVICES
+  services = {
+    
+    clamav = {
+      daemon.enable = true;
+      updater.enable = true;
+    };
+
+    postgresql = {
+      enable = true;
+      package = pkgs.postgresql_10;
+      enableTCPIP = true;
+      authentication = pkgs.lib.mkOverride 10 ''
+        local all all trust
+        host all all ::1/128 trust
+        host all all 127.0.0.1/32 trust
+      '';
+      initialScript =  pkgs.writeText "backend-initScript" ''
+        CREATE ROLE foreman WITH LOGIN PASSWORD 'word' CREATEDB;
+        CREATE ROLE sylvain CREATEDB;
+        ALTER USER foreman WITH SUPERUSER;
+        CREATE DATABASE foremandb;
+        GRANT ALL PRIVILEGES ON DATABASE foremandb TO foreman;
+      '';
+
+    };
+    
+    ntp.enable = true;
+    tlp.enable = true;
+
+#    udev.extraRules = ''
+#      ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0407", RUN+="/usr/bin/lockscreen-all"
+#    '';
+
+    xserver = {
+      enable = true;
+      autorun = true;
+      #desktopManager.gnome.enable = true; 
+      windowManager.i3.enable = true;
+      displayManager.defaultSession = "none+i3";
+      layout = "fr";
+      xkbOptions = "eurosign:e";
+      desktopManager = {
+        xterm.enable = false;
+        xfce.enable = true;
+      };
+    };
+
+  };
+
+  nixpkgs.config = {
+
+    packageOverrides = pkgs: {
+      polybar = pkgs.polybar.override {
+        i3Support = true;
+        pulseSupport = true;
+      };
+    };
+
+    allowUnfree = true;
+  };
+
+}