Compare commits

...

4 Commits

Author SHA1 Message Date
Alexandre LUCAZEAU d9a33394ec FIX clean config 2023-07-15 20:55:50 +02:00
Alexandre LUCAZEAU dfd9be293c ADD network config for d2nix 2023-07-15 20:21:59 +02:00
Alexandre LUCAZEAU 26154dbcae MAJ README 2023-07-15 19:48:15 +02:00
Alexandre LUCAZEAU 9722998bf0 ADD neovim 2023-07-15 19:16:13 +02:00
12 changed files with 206 additions and 659 deletions

View File

@ -1,2 +1,106 @@
* Installation
# Procédure d'installation du poste **d2nix**
Le poste dispose d'un EFI, le disque sera chiffré
## partitionnement
gdisk /dev/sda
* ````o```` creation d'une nouvelle table de partitions
* ```n``` ajouter une partition de 500M de type ef00 pour l'EFI
* ```` n ```` ajouter une partition avec le reste de l'espace disponible, type 8300
* ```` w ```` on valide la table et on sort
### Chiffrement
cryptsetup luksFormat /dev/sda2 # création d'un volume chiffré
cryptsetup luksOpen /dev/sda2 enc-pv # ouverture du volume chiffré sur le point /dev/mapper/enc-vp
### Partitionnement LVM
Création de deux volumes logiques LVM. Le premier de 8Go pour la swap (j'ai 8Go de RAM) et le second pour la racine
pvcreate /dev/mapper/enc-pv
vgcreate vg /dev/mapper/enc-pv
lvcreate -L 8G -n swap vg
lvcreate -l '100%FREE' -n root vg
### formattage
mkfs.fat /dev/sda1
mkfs.ext4 -L root /dev/vg/root
mkswap -L swap /dev/vg/swap
## Pré-installation
mount /dev/vg/root /mnt
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot
swapon /dev/vg/swap
## Installation
nixos-generate-config --root /mnt
A partir de là le système peut-être installé. Perso, je reprends une conf dans mon git que je modifie :
nix-shell -p git
git clone https://git.atlanticaweb.fr/alexandre/nixos-config.git
Dans un premier temps je copie le répertoire `nixos-config/modules` dans `/mnt/etc/nixos` et je récupère un configuration.nix que je vais adapter.
Enfin dans le hardware.nix, il faut ajouter le volume /boot pour qu'il soit dans le **fstab** puis ajouter le chargement dans l'initrd du LVM et du déchiffrement. ça nous donne :
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/0BEC-722D";
fsType = "vfat";
};
boot.initrd.luks.devices = {
"partitions" = {
device = "/dev/sda2";
preLVM = true;
};
};
On peut démarrer l'installation avec :
nixos-install
reboot
En cas d'erreur au reboot, on redémarre sur la clé. POur accéder à la configuration :
cryptsetup luksOpen /dev/sda2 enc-pv
lvchange -a y /dev/vg/swap
lvchange -a y /dev/vg/root
mount /dev/vg/root /mnt
mount /dev/sda1 /mnt/boot
swapon /dev/vg/swap
cp /mnt/etc/wpa_supplicant.conf /etc
Au reboot, je me connecte en root et je change le password de mon user.
# Configuration utilisateur
## home-manager
J'ai opté pour une installation locale à mon utilisateur de home-manager
ajouter le dépot correspondant à la version en cours de nixpkgs :
nix-channel --add https://github.com/nix-community/home-manager/archive/release-22.11.tar.gz home-manager
mise à jour de la base
nix-channel --update
Installation
nix-shell '<home-manager>' -A install
En cas de message d'erreur, il faut rebooter (c'est ce que j'ai fais).
Pour avoir mon dossier home-manager dans le depot git :
ln -s /home/alexandre/git/nixos-config/d2nix/home-manager/ ~/.config/
J'ai également ajouté home-manager dans la liste des paquets à installer pour péréniser.
# Post-installation
Il faut supprimer le dossier `/etc/nixos/` et à la place :
ln -s /home/alexandre/git/nixos-config/d2nix/nixos/ /etc/nixos
Lien : https://gist.github.com/martijnvermaat/76f2e24d0239470dd71050358b4d5134

View File

@ -5,15 +5,14 @@
./git.nix
./variables.nix
./starship.nix
#./mails.nix
./mpd.nix
# ./emacs.nix
./i3status.nix
./himalaya.nix
../../../modules/tmux.nix
../../../modules/emacs.nix
../../../modules/neovim.nix
../../../modules/kdeconnect.nix
];
home.stateVersion = "21.11";
home.stateVersion = "23.05";
home.username = "alexandre";
home.homeDirectory = "/home/alexandre";
home.keyboard = {
@ -24,6 +23,3 @@
"i3/config".source = ./configs/i3config;
};
}
# https://git.0xee.eu/0xee/nix-home/src/commit/b1bffdd8e56e093480c3ba7ed12b0141a4c6f9b1/desktop/polybar-config
#https://raw.githubusercontent.com/Litarvan/nix-litarvan/master/kilin/polybar.nix

View File

@ -30,12 +30,6 @@
format = "{1m}";
}
{ block = "sound"; }
{
block = "backlight";
}
{
block = "battery";
}
{
block = "kdeconnect";
format = " $icon {$bat_icon $bat_charge |}{$notif_icon |}{$network_icon$network_strength $network_type |}";

View File

@ -1,51 +0,0 @@
{ pkgs, ... }:
{
programs.mbsync.enable = true;
programs.msmtp.enable = true;
programs.notmuch = {
enable = true;
hooks = {
preNew = "mbsync --all";
};
};
accounts.email = {
accounts.dri = {
address = "alexandre@dri.fr";
gpg = {
key = "464CAA7A718D4CE84F03DFFE8B2EB421411BF613";
signByDefault = true ;
};
imap = {
host = "imap.dri.fr";
tls = {
enable = false;
};
};
folders = {
inbox = "INBOX";
};
mbsync = {
enable = true;
create = "maildir";
};
msmtp.enable = true;
notmuch.enable = true;
primary = true;
realName = "LUCAZEAU Alexandre";
userName = "1847_alexandre";
signature = {
text = ''
Avant Vente
'';
showsignature = "append";
};
password = "JNdMKb05ndM5:\)";
#passwordCommand = "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.password-store/mails.gpg";
smtp = {
host = "smtp.dri.fr";
port = 587;
};
};
};
}

View File

@ -1,66 +0,0 @@
{ config, pkgs, ... }:
{
services.mpd = {
enable = true;
musicDirectory = "~/Nextcloud/Musique";
network.listenAddress = "any";
extraConfig = ''
zeroconf_enabled "no"
restore_paused "yes"
replaygain "track"
audio_output {
type "pulse"
name "pulse"
}
audio_output {
type "fifo"
name "fifo"
path "${config.services.mpd.dataDir}/fifo"
format "44100:16:2"
}
'';
};
programs.ncmpcpp = {
enable = true;
package = pkgs.ncmpcpp.override { visualizerSupport = true; taglibSupport = false; };
mpdMusicDir = null; # does not work (not of type `null or path')
settings = {
# Visualizer
visualizer_fifo_path = "${config.services.mpd.dataDir}/fifo";
visualizer_in_stereo = "yes";
visualizer_look = "+|";
visualizer_output_name = "fifo";
visualizer_sync_interval = "15";
visualizer_type = "spectrum";
# Song list formatting
song_columns_list_format = builtins.concatStringsSep " " [
"(6f)[green]{NE}"
"(45)[white]{t|f:Title}"
"(20)[]{a}"
"(25)[cyan]{b}"
"(5f)[blue]{P}"
"(7f)[magenta]{l}"
];
# Display lists in column mode by default
browser_display_mode = "columns";
search_engine_display_mode = "columns";
# Faster seeking
seek_time = 5;
# More modern UI
user_interface = "alternative";
};
};
home.packages = with pkgs; [
mpc_cli
];
}

View File

@ -1,5 +1,6 @@
{ pkgs, ... }: {
home.packages = with pkgs; [
home-manager
jq
nextcloud-client
libreoffice

View File

@ -1,341 +0,0 @@
{ pkgs, ... }:
# Created By Aditya Shakya @adi1090x
# Edited and ported to Nix by Litarvan
let
bg = "#272727";
fg = "#CACACA";
ac = "#1E88E5";
mf = "#383838";
in
{
# enable = true;
package = pkgs.polybar.override {
i3GapsSupport = true;
alsaSupport = true;
};
# script = ''
# ${pkgs.xorg.xrandr}/bin/xrandr --listactivemonitors | \
# ${pkgs.gnugrep}/bin/grep -oP '(HDMI\-\d+|eDP\-\d+)' | \
# ${pkgs.findutils}/bin/xargs -P1 -I{} ${pkgs.bash}/bin/bash -c "MONITOR={} polybar -q -r main"
# '';
script = "polybar -q -r main &";
config = {
"global/wm" = {
margin-bottom = 0;
margin-top = 0;
};
"bar/main" = {
# monitor = "$\{env:MONITOR:}";
monitor-strict = false;
override-redirect = false;
bottom = true;
fixed-center = true;
width = "100%";
height = 36;
offset-x = "0%";
offset-y = "0%";
background = bg;
foreground = fg;
radius-top = "0.0";
radius-bottom = "0.0";
overline-size = 6;
underline-size = 6;
overline-color = bg;
underline-color = bg;
border-top-size = 4;
border-color = ac;
padding = 0;
module-margin-left = 0;
module-margin-right = 0;
font-0 = "Termsyn:size=12;2";
font-1 = "Siji:size=12;2";
font-2 = "xos4 Terminus:size = 12;1";
modules-left = "i3 cpu";
modules-center = "memory alsa battery backlight";
modules-right = "network date";
spacing = 0;
dim-value = "1.";
tray-position = "right";
tray-detached = false;
tray-maxsize = 16;
tray-background = bg;
tray-offset-x = 0;
tray-offset-y = 0;
tray-padding = 0;
tray-scale = "1.0";
enable-ipc = true;
};
"settings" = {
throttle-output = 5;
throttle-output-for = 10;
throttle-input-for = 30;
screenchange-reload = false;
compositing-background = "source";
compositing-foreground = "over";
compositing-overline = "over";
comppositing-underline = "over";
compositing-border = "over";
pseudo-transparency = "false";
};
"module/alsa" = {
type = "internal/alsa";
format-volume = "VOL <label-volume>";
format-volume-background = mf;
format-volume-underline = bg;
format-volume-overline = bg;
format-volume-padding = 2;
format-volume-margin = 2;
label-volume = "%percentage%%";
format-muted-background = mf;
format-muted-underline = bg;
format-muted-overline = bg;
format-muted-padding = 2;
format-muted-margin = 2;
label-muted = "MUTED";
label-muted-foreground = ac;
};
"module/backlight" = {
type = "internal/xbacklight";
card = "intel_backlight"; # TODO: Better way to fill this
format = "LGT <label>";
format-background = mf;
format-underline = bg;
format-overline = bg;
format-padding = 2;
label = "%percentage%%";
};
"module/battery" = {
type = "internal/battery";
full-at = 99;
battery = "BAT1"; # TODO: Better way to fill this
adapter = "ACAD";
poll-interval = 2;
time-format = "%H:%M";
format-charging = "CHR <label-charging>";
format-charging-background = mf;
format-charging-underline = bg;
format-charging-overline = bg;
format-charging-padding = 2;
format-discharging = "BAT <label-discharging>";
format-discharging-background = mf;
format-discharging-underline = bg;
format-discharging-overline = bg;
format-discharging-padding = 2;
label-charging = "%percentage%%";
label-discharging = "%percentage%%";
label-full = "FULL CHR";
label-full-background = mf;
label-full-underline = bg;
label-full-overline = bg;
label-full-padding = 2;
label-full-margin = 2;
};
"module/cpu" = {
type = "internal/cpu";
interval = "0.5";
format = "<label>";
format-background = mf;
format-underline = bg;
format-overline = bg;
format-padding = 2;
format-margin = 1;
label = "CPU %percentage%%";
};
"module/date" = {
type = "internal/date";
interval = "1.0";
time = "%I:%M %p";
time-alt = "%Y-%m-%d%";
format = "<label>";
format-padding = 4;
format-foreground = fg;
label = "%time%";
};
"module/filesystem" = {
type = "internal/fs";
mount-0 = "/";
mount-1 = "/home";
mount-2 = "/var";
mount-3 = "/opt";
interval = 10;
fixed-values = true;
format-mounted = "<label-mounted>";
format-mounted-background = mf;
format-mounted-underline = bg;
format-mounted-overline = bg;
format-mounted-padding = 2;
format-mounted-margin = 0;
format-unmounted = "<label-unmounted>";
format-unmounted-background = mf;
format-unmounted-underline = bg;
format-unmounted-overline = bg;
format-unmounted-padding = 2;
format-unmounted-margin = 0;
label-mounted = "FS %free%";
label-unmounted = "%mountpoint%: not mounted";
};
"module/i3" = {
type = "internal/i3";
format = "<label-state> <label-mode>";
label-mode = "%mode%";
label-mode-padding = 2;
label-mode-background = "#e60053";
label-unfocused-padding = 2;
label-focused = "%index%";
label-focused-foreground = "#ffffff";
label-focused-background = "#3f3f3f";
label-focused-underline = ac;
label-focused-padding = 2;
label-visible = "%index%";
label-visible-underline = "#555555";
label-visible-padding = 2;
label-urgent = "%index%";
label-urgent-foreground = "#000000";
label-urgent-background = bg;
label-urgent-padding = 2;
};
"module/memory" = {
type = "internal/memory";
interval = 3;
format = "<label>";
format-background = mf;
format-underline = bg;
format-overline = bg;
format-padding = 2;
format-margin = 0;
label = "MEM %percentage_used%%";
};
"module/network" = {
type = "internal/network";
interface = "enp0s25";
interval = "1.0";
accumulate-stats = true;
unknown-as-up = true;
format-connected = "<label-connected>";
format-connected-background = mf;
format-connected-underline = bg;
format-connected-overline = bg;
format-connected-padding = 2;
format-connected-margin = 0;
format-disconnected = "<label-disconnected>";
format-disconnected-background = mf;
format-disconnected-underline = bg;
format-disconnected-overline = bg;
format-disconnected-padding = 2;
format-disconnected-margin = 0;
label-connected = "D %downspeed:2% | U %upspeed:2%";
label-disconnected = "DISCONNECTED";
};
"module/temperature" = {
type = "internal/temperature";
interval = "0.5";
thermal-zone = 0; # TODO: Find a better way to fill that
warn-temperature = 60;
units = true;
format = "<label>";
format-background = mf;
format-underline = bg;
format-overline = bg;
format-padding = 2;
format-margin = 0;
format-warn = "<label-warn>";
format-warn-background = mf;
format-warn-underline = bg;
format-warn-overline = bg;
format-warn-padding = 2;
format-warn-margin = 0;
label = "TEMP %temperature-c%";
label-warn = "TEMP %temperature-c%";
label-warn-foreground = "#f00";
};
#"module/wireless-network" = {
# type = "internal/network";
# interval = "wlp2s0";
#};
};
}

View File

@ -10,52 +10,44 @@
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
./hardware-configuration.nix
./services.nix
# ./scanner.nix
./network.nix
modules/common.nix
modules/smtp.nix
#./dev.nix
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.plymouth.enable = true;
# Clear /tmp during boot
boot.tmp.cleanOnBoot = true;
boot.kernelParams = [ "i915.enable_fbc=1" ];
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
plymouth.enable = true;
tmp.cleanOnBoot = true;
kernelParams = [ "i915.enable_fbc=1" ];
};
hardware = {
# Enable microcode updates for Intel CPU
hardware.cpu.intel.updateMicrocode = true;
cpu.intel.updateMicrocode = true;
# Enable Kernel same-page merging
hardware.ksm.enable = true;
ksm.enable = true;
# Enable all the firmware
hardware.enableAllFirmware = true;
enableAllFirmware = true;
# Enable all the firmware with a license allowing redistribution. (i.e. free firmware and firmware-linux-nonfree)
hardware.enableRedistributableFirmware = true;
enableRedistributableFirmware = true;
# Enable OpenGL drivers
hardware.opengl.enable = true;
hardware.opengl.extraPackages = with pkgs; [
opengl.enable = true;
opengl.extraPackages = with pkgs; [
vaapiIntel
vaapiVdpau
libvdpau-va-gl
];
networking.hostName = "d2nix"; # Define your hostname.
networking.networkmanager.enable = true;
pulseaudio = {
enable = true;
};
};
# Set your time zone.
time.timeZone = "Europe/Paris";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.enp0s25.useDHCP = true;
networking.interfaces.wlp0s29u1u2.useDHCP = true;
networking.interfaces.wlp2s0.useDHCP = true;
networking.stevenblack.block = [ "fakenews" "gambling" "porn" ];
nixpkgs.config.allowUnfree = true;
i18n.defaultLocale = "fr_FR.UTF-8";
@ -82,40 +74,18 @@ fonts = {
];
};
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable CUPS to print documents.
# services.printing.enable = true;
services.avahi.enable = true;
services.printing.enable = true;
services.avahi.openFirewall = true;
programs = {
fish.enable = true;
ssh = {
setXAuthLocation = true;
forwardX11 = true;
};
};
# Enable sound.
sound.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
services.xserver.libinput.enable = true;
system.stateVersion = "23.05"; # Did you read the comment?
users = {
#users.ntp.group = "ntp";
groups.ntp = {};
defaultUserShell = "/run/current-system/sw/bin/fish";
extraUsers.alexandre = {
@ -129,55 +99,9 @@ fonts = {
environment.systemPackages = with pkgs; [
google-fonts
xorg.xbacklight
];
# Define a user account. Don't forget to set a password with passwd.
# users.users.jane = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# firefox
# ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "no";
# Open ports in the firewall.
networking.firewall = {
enable = true;
allowedTCPPorts = [ 24800 6600 ];
# For kdeconnect
allowedTCPPortRanges = [
{ from = 1714; to = 1764; } # KDE Connect
];
allowedUDPPortRanges = [
{ from = 1714; to = 1764; } # KDE Connect
];
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
services.fstrim.enable = true;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}

View File

@ -0,0 +1,19 @@
{ config, lib, pkgs, ... }:
{
networking = {
hostName = "d2nix";
interfaces.enp0s31f6.useDHCP = true;
networkmanager.enable = true;
stevenblack.block = [ "fakenews" "gambling" "porn" ];
firewall = {
enable = true;
allowedTCPPortRanges = [
{ from = 1714; to = 1764; } # KDE Connect
];
allowedUDPPortRanges = [
{ from = 1714; to = 1764; } # KDE Connect
];
};
};
}

View File

@ -1,70 +1,36 @@
{ config, pkgs, ... }:
{
hardware = {
pulseaudio = {
enable = true;
};
};
# upgrade
programs = {
fish.enable = true;
ssh = {
setXAuthLocation = true;
forwardX11 = true;
};
};
# SERVICES
services = {
avahi = {
enable = true;
openFirewall = true;
};
printing.enable = true;
clamav = {
daemon.enable = true;
updater.enable = true;
};
ntp.enable = true;
tlp.enable = true;
locate = {
enable = true;
locate = pkgs.plocate;
interval = "hourly";
localuser = null;
};
# udev.extraRules = ''
# ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0407", RUN+="/usr/bin/lockscreen-all"
# '';
xserver = {
enable = true;
autorun = true;
#desktopManager.gnome.enable = true;
windowManager.i3.enable = true;
displayManager.defaultSession = "none+i3";
layout = "fr";
xkbOptions = "eurosign:e";
desktopManager = {
xterm.enable = false;
xfce.enable = true;
};
openssh = {
enable = true;
settings.PermitRootLogin = "no";
};
ntp.enable = true;
tlp.enable = true;
fstrim.enable = true;
};
nixpkgs.config = {
packageOverrides = pkgs: {
polybar = pkgs.polybar.override {
i3Support = true;
pulseSupport = true;
};
};
};
}

View File

@ -3,13 +3,13 @@
services.kdeconnect = {
enable = true;
};
networking.firewall = {
enable = true;
allowedTCPPortRanges = [
{ from = 1714; to = 1764; } # KDE Connect
];
allowedUDPPortRanges = [
{ from = 1714; to = 1764; } # KDE Connect
];
};
}
# networking.firewall = {
# enable = true;
# allowedTCPPortRanges = [
# { from = 1714; to = 1764; } # KDE Connect
# ];
# allowedUDPPortRanges = [
# { from = 1714; to = 1764; } # KDE Connect
# ];
# }

View File

@ -11,5 +11,6 @@ programs.neovim = {
gruvbox-material
mini-nvim
];
defaultEditor = true;
};
}