commit 36a0ab9b949f4afd682c91913f3a5ff1abec9155 Author: korenstin Date: Thu Sep 25 23:28:10 2025 +0200 Initial commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..2f79106 --- /dev/null +++ b/README.md @@ -0,0 +1,42 @@ +# NixOS + +Ce repo contient la configuration NixOS des différentes machines présentes dans +l'infrastructure de Aurore et ce décompose en plusieurs partie : + +- [hosts](./hosts) : contient la configuration spécifique à chaque machine, + typiquement la configuration réseau, +- [profiles](./profiles) : contient la configuration des différents modules + utilisé, +- [disks](./disks) : contient la configuration [disko](https://github.com/nix-community/disko) + des machines. + +## Installation d'une machine + +Si la configuration est déjà écrite, il faut alors suivre les étapes +suivantes : + +1. S'assurer que la machine a accès à internet et possède un serveur DNS, +1. Importer les fichiers de configurations, +1. Si nécéssaire, il faut de générer le fichier `hardware-configuration.nix` + à l'aide de la commande `nixos-generate-config --no-filesystems --root .` + puis de l'ajouter dans la configuration, +1. Vérifier que la configuration `disko` utilisée est compatible, la + commande `lsblk` devrait être suffisant pour cela, +1. Partitionner les disques : l'usage de `disko` simplifie cette étape. En + effet, il suffit d'exécuter la commande : + `nix run github:nix-community/disko --extra-experimental-features "nix-command flakes" -- --mode disko --flake #` + `disko` s'occupe automatiquement du montage des partitions créer, +1. Créer le répertoire `/mnt/etc/nixos` et ajouter les fichiers de + configuration dans ce répertoire, +1. Installer NixOS : `nixos-install --flake #`, +1. Si tout s'est bien passé, un mot de passe vous sera demandé pour le mot + de passe root. Entrer celui-ci puis `poweroff` ou `reboot`. +1. Penser à push la configuration ainsi écrite. + +Remarque : + +> S'il n'y a pas suffisamment de place mémoire sur le disque d'installation +> lors du partitionnement des disques avec disko, il est possible d'étendre le +> nix-store en utilisant la RAM à l'aide de la commande : +> `mount -o remount,size=3G,noatime /nix/.rw-store` +> Cependant, cela peut être risquer s'il n'y a pas suffisamment de RAM. diff --git a/disks/layout_vm.nix b/disks/layout_vm.nix new file mode 100644 index 0000000..0ad94f9 --- /dev/null +++ b/disks/layout_vm.nix @@ -0,0 +1,34 @@ +{ ... }: + +{ + disko.devices = { + disk = { + main = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + end = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..a1aa491 --- /dev/null +++ b/flake.lock @@ -0,0 +1,103 @@ +{ + "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758160037, + "narHash": "sha256-fXelTdjdILspZ1IUU9aICB1+PXwSFiF8j+7ujwo1VpQ=", + "owner": "nix-community", + "repo": "disko", + "rev": "4f554162fff88e77655073d352eec0cea71103a2", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1758070117, + "narHash": "sha256-uLwwHFCZnT1c3N3biVe/0hCkag2GSrf9+M56+Okf+WY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "e9b7f2ff62b35f711568b1f0866243c7c302028d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "root": { + "inputs": { + "disko": "disko", + "flake-parts": "flake-parts", + "nixpkgs": "nixpkgs", + "treefmt-nix": "treefmt-nix" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758206697, + "narHash": "sha256-/DbPkh6PZOgfueCbs3uzlk4ASU2nPPsiVWhpMCNkAd0=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "128222dc911b8e2e18939537bed1762b7f3a04aa", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..ea6c044 --- /dev/null +++ b/flake.nix @@ -0,0 +1,54 @@ +{ + description = "La flake de aurore"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + flake-parts.url = "github:hercules-ci/flake-parts"; + + treefmt-nix = { + url = "github:numtide/treefmt-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = + inputs@{ + self, + nixpkgs, + flake-parts, + disko, + ... + }: + flake-parts.lib.mkFlake { inherit inputs; } { + imports = [ inputs.treefmt-nix.flakeModule ]; + + systems = [ "x86_64-linux" ]; + + flake = with nixpkgs.lib; { + nixosConfigurations = + let + defaultConfig = [ + ./profiles/common + + disko.nixosModules.disko + ]; + defaultVM = [ + ./profiles/vm + ./disks/layout_vm.nix + ] ++ defaultConfig; + in { + jitsi = nixosSystem { + specialArgs = inputs; + modules = [ + ./hosts/vm/jitsi + ] ++ defaultVM; + }; + }; + }; + }; +} diff --git a/hosts/vm/jitsi/default.nix b/hosts/vm/jitsi/default.nix new file mode 100644 index 0000000..5da3a55 --- /dev/null +++ b/hosts/vm/jitsi/default.nix @@ -0,0 +1,46 @@ +{ ... }: + +{ + networking = { + hostName = "jitsi"; + domain = "pub.infra.auro.re"; + }; + + boot.loader.systemd-boot.enable = true; + + systemd.network = { + enable = true; + links = { + "10-pub" = { + matchConfig.MACAddress = "ae:ae:ae:74:db:e1"; + linkConfig.Name = "pub"; + }; + }; + networks = { + "10-pub" = { + domains = [ + "pub.infra.auro.re" + "auro.re" + ]; + matchConfig.Name = "pub"; + linkConfig.RequiredForOnline = "routable"; + address = [ + "45.66.111.216/27" + "2a09:6840:215::1:216/64" + ]; + routes = [ + { Gateway = "45.66.111.204"; } + { Gateway = "2a09:6840:215::1"; } + ]; + dns = [ + "10.206.1.1" + "10.206.1.2" + "2a09:6840:206::1:1" + "2a09:6840:206::1:2" + ]; + }; + }; + }; + + system.stateVersion = "25.05"; +} diff --git a/profiles/common/default.nix b/profiles/common/default.nix new file mode 100644 index 0000000..b9a5157 --- /dev/null +++ b/profiles/common/default.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + imports = [ + ./locale.nix + ./networking.nix + ./nix.nix + ./ntp.nix + ./ssh.nix + ./tmp.nix + ]; +} diff --git a/profiles/common/locale.nix b/profiles/common/locale.nix new file mode 100644 index 0000000..ed9aee5 --- /dev/null +++ b/profiles/common/locale.nix @@ -0,0 +1,7 @@ +{ ... }: + +{ + i18n.defaultLocale = "en_US.UTF-8"; + console.keyMap = "fr"; + time.timeZone = "Europe/Paris"; +} diff --git a/profiles/common/networking.nix b/profiles/common/networking.nix new file mode 100644 index 0000000..2349c4f --- /dev/null +++ b/profiles/common/networking.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + networking.useDHCP = false; +} diff --git a/profiles/common/nix.nix b/profiles/common/nix.nix new file mode 100644 index 0000000..6fa35d8 --- /dev/null +++ b/profiles/common/nix.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + nix = { + settings = { + experimental-features = [ + "flakes" + "nix-command" + ]; + auto-optimise-store = true; + }; + }; +} diff --git a/profiles/common/ntp.nix b/profiles/common/ntp.nix new file mode 100644 index 0000000..92a3193 --- /dev/null +++ b/profiles/common/ntp.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + services.timesyncd = { + enable = true; + servers = [ + "ntp-1.int.infra.auro.re" + "ntp-2.int.infra.auro.re" + ]; + }; +} diff --git a/profiles/common/programs.nix b/profiles/common/programs.nix new file mode 100644 index 0000000..5ef058d --- /dev/null +++ b/profiles/common/programs.nix @@ -0,0 +1,19 @@ +{ pkgs, ... }: + +{ + programs = { + git.enable = true; + htop.enable = true; + neovim.enable = true; + screen.enable = true; + tmux.enable = true; + vim.enable = true; + }; + + environment.systemPackages = with pkgs; [ + bat + fd + helix + inetutils + ]; +} diff --git a/profiles/common/ssh.nix b/profiles/common/ssh.nix new file mode 100644 index 0000000..a6701cb --- /dev/null +++ b/profiles/common/ssh.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + services.openssh = { + enable = true; + + settings.PermitRootLogin = "no"; + }; +} diff --git a/profiles/common/tmp.nix b/profiles/common/tmp.nix new file mode 100644 index 0000000..e3e6fd3 --- /dev/null +++ b/profiles/common/tmp.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + boot = { + tmp = { + useTmpfs = true; + cleanOnBoot = true; + }; + }; +} diff --git a/profiles/vm/default.nix b/profiles/vm/default.nix new file mode 100644 index 0000000..833022f --- /dev/null +++ b/profiles/vm/default.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + imports = [ + ./hardware-configuration.nix + ./virtualisation.nix + ]; +} diff --git a/profiles/vm/hardware-configuration.nix b/profiles/vm/hardware-configuration.nix new file mode 100644 index 0000000..2154f70 --- /dev/null +++ b/profiles/vm/hardware-configuration.nix @@ -0,0 +1,14 @@ +{ lib, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/profiles/vm/virtualisation.nix b/profiles/vm/virtualisation.nix new file mode 100644 index 0000000..b80b202 --- /dev/null +++ b/profiles/vm/virtualisation.nix @@ -0,0 +1,7 @@ +{ ... }: + +{ + boot.kernelParams = [ "console=ttyS0,115200" ]; + + services.qemuGuest.enable = true; +}