✨ add a bunch of flake inputs

📝 (neodymium/system) add comments in nix's default.nix
✨ (neodymium/system) setup nameservers
2023-11-29 15:40:36 +01:00 · 2023-11-29 15:39:56 +01:00 · 2023-11-29 15:39:30 +01:00 · 2023-11-29 15:39:12 +01:00 · 2023-11-29 15:38:36 +01:00 · 2023-11-29 15:38:13 +01:00
21 changed files with 386 additions and 248 deletions
--- a/flake.lock
+++ b/flake.lock
@ -144,6 +144,46 @@
        "type": "github"
      }
    },
+    "disko": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1700927249,
+        "narHash": "sha256-iqmIWiEng890/ru7ZBf4nUezFPyRm2fjRTvuwwxqk2o=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "3cb78c93e6a02f494aaf6aeb37481c27a2e2ee22",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
+    "disko_2": {
+      "inputs": {
+        "nixpkgs": [
+          "nixos-anywhere",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1698422527,
+        "narHash": "sha256-SDu3Xg263t3oXIyTaH0buOvFnKIDeZsvKDBtOz+jRbs=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "944d338d24a9d043a3f7461c30ee6cfe4f9cca30",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "master",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
    "flake-compat": {
      "flake": false,
      "locked": {
@ -198,6 +238,27 @@
      }
    },
    "flake-parts_2": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "nixos-anywhere",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1698882062,
+        "narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "8c9fa2545007b49a5db5f650ae91f227672c3877",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-parts_3": {
      "inputs": {
        "nixpkgs-lib": "nixpkgs-lib"
      },
@ -268,6 +329,24 @@
        "type": "github"
      }
    },
+    "flake-utils_4": {
+      "inputs": {
+        "systems": "systems_5"
+      },
+      "locked": {
+        "lastModified": 1694529238,
+        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
    "gitignore": {
      "inputs": {
        "nixpkgs": [
@ -313,7 +392,7 @@
    "hyprland": {
      "inputs": {
        "hyprland-protocols": "hyprland-protocols",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
        "systems": "systems_2",
        "wlroots": "wlroots",
        "xdph": "xdph"
@ -363,7 +442,7 @@
        "flake-compat": "flake-compat_2",
        "flake-parts": "flake-parts",
        "flake-utils": "flake-utils_2",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs_3",
        "pre-commit-hooks-nix": "pre-commit-hooks-nix",
        "rust-overlay": "rust-overlay_2"
      },
@ -381,6 +460,45 @@
        "type": "github"
      }
    },
+    "nixos-2305": {
+      "locked": {
+        "lastModified": 1698911509,
+        "narHash": "sha256-FFwqTbF+1laraWTL/t7LI+gN+DYfoj+iFYLof5wCea8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "ecd985f22e007e6ac3152d68590c06cbbaea8c0e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-23.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixos-anywhere": {
+      "inputs": {
+        "disko": "disko_2",
+        "flake-parts": "flake-parts_2",
+        "nixos-2305": "nixos-2305",
+        "nixos-images": "nixos-images",
+        "nixpkgs": "nixpkgs_4",
+        "treefmt-nix": "treefmt-nix"
+      },
+      "locked": {
+        "lastModified": 1700914752,
+        "narHash": "sha256-d81ed+ZO7i93KTTOOW1cSbh7OsFvGoKHF1JpHEdLw3E=",
+        "owner": "nix-community",
+        "repo": "nixos-anywhere",
+        "rev": "7351eb2f45efc30f2cedd5f62b2e526681a21875",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixos-anywhere",
+        "type": "github"
+      }
+    },
    "nixos-hardware": {
      "locked": {
        "lastModified": 1701020860,
@ -396,18 +514,43 @@
        "type": "github"
      }
    },
+    "nixos-images": {
+      "inputs": {
+        "nixos-2305": [
+          "nixos-anywhere",
+          "nixos-2305"
+        ],
+        "nixos-unstable": [
+          "nixos-anywhere",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1697515196,
+        "narHash": "sha256-EZivLoJHCqJdi23Mn/p+lPNHBBctGSWzEnAhYfC0VD0=",
+        "owner": "nix-community",
+        "repo": "nixos-images",
+        "rev": "87bccdbdfbeb07e0c4fb4c2ec3d71986e8fa24d9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixos-images",
+        "type": "github"
+      }
+    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1700612854,
-        "narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=",
+        "lastModified": 1697915759,
+        "narHash": "sha256-WyMj5jGcecD+KC8gEs+wFth1J1wjisZf8kVZH13f1Zo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "19cbff58383a4ae384dea4d1d0c823d72b49d614",
+        "rev": "51d906d2341c9e866e48c2efcaac0f2d70bfd43e",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-unstable",
+        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -447,6 +590,22 @@
      }
    },
    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1700612854,
+        "narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "19cbff58383a4ae384dea4d1d0c823d72b49d614",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
      "locked": {
        "lastModified": 1699354722,
        "narHash": "sha256-abmqUReg4PsyQSwv4d0zjcWpMHrd3IFJiTb2tZpfF04=",
@ -462,7 +621,23 @@
        "type": "github"
      }
    },
-    "nixpkgs_3": {
+    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1700218750,
+        "narHash": "sha256-ft54Un/pZ/KoI6hx9HLeb/SLg0SB8NvV+z7vzrpWs8c=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "2542afeb0d81db4d1e5bc8df8354cbdcc29c2f53",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable-small",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_5": {
      "locked": {
        "lastModified": 1700794826,
        "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
@ -478,7 +653,23 @@
        "type": "github"
      }
    },
-    "nixpkgs_4": {
+    "nixpkgs_6": {
+      "locked": {
+        "lastModified": 1700794826,
+        "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_7": {
      "locked": {
        "lastModified": 1700612854,
        "narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=",
@ -494,7 +685,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_5": {
+    "nixpkgs_8": {
      "locked": {
        "lastModified": 1698318101,
        "narHash": "sha256-gUihHt3yPD7bVqg+k/UVHgngyaJ3DMEBchbymBMvK1E=",
@ -541,10 +732,29 @@
        "type": "github"
      }
    },
-    "resume": {
+    "projet-intelligence-artificielle-multimedia": {
      "inputs": {
        "flake-utils": "flake-utils_3",
-        "nixpkgs": "nixpkgs_4",
+        "nixpkgs": "nixpkgs_6"
+      },
+      "locked": {
+        "lastModified": 1701038653,
+        "narHash": "sha256-mif1mtvfKUcLeLcHBjDeE8nDvSXqCgU2FlXwb123K7M=",
+        "ref": "refs/heads/master",
+        "rev": "52c1f4c76d9da18c5d674b4db3b413af9193d285",
+        "revCount": 20,
+        "type": "git",
+        "url": "https://git.fainsin.bzh/ENSEEIHT/projet-intelligence-artificielle-multimedia"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.fainsin.bzh/ENSEEIHT/projet-intelligence-artificielle-multimedia"
+      }
+    },
+    "resume": {
+      "inputs": {
+        "flake-utils": "flake-utils_4",
+        "nixpkgs": "nixpkgs_7",
        "typst": "typst"
      },
      "locked": {
@ -564,12 +774,15 @@
    "root": {
      "inputs": {
        "agenix": "agenix",
+        "disko": "disko",
        "flake-utils": "flake-utils",
        "home-manager": "home-manager",
        "hyprland": "hyprland",
        "lanzaboote": "lanzaboote",
+        "nixos-anywhere": "nixos-anywhere",
        "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_3",
+        "nixpkgs": "nixpkgs_5",
+        "projet-intelligence-artificielle-multimedia": "projet-intelligence-artificielle-multimedia",
        "resume": "resume"
      }
    },
@ -698,12 +911,48 @@
        "type": "github"
      }
    },
+    "systems_6": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "treefmt-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixos-anywhere",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1698438538,
+        "narHash": "sha256-AWxaKTDL3MtxaVTVU5lYBvSnlspOS0Fjt8GxBgnU0Do=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "5deb8dc125a9f83b65ca86cf0c8167c46593e0b1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
+    },
    "typst": {
      "inputs": {
        "crane": "crane_3",
-        "flake-parts": "flake-parts_2",
-        "nixpkgs": "nixpkgs_5",
-        "systems": "systems_5"
+        "flake-parts": "flake-parts_3",
+        "nixpkgs": "nixpkgs_8",
+        "systems": "systems_6"
      },
      "locked": {
        "lastModified": 1700840283,
--- a/flake.nix
+++ b/flake.nix
@ -1,17 +1,21 @@
 {
  description = "Laureηt's infrastructure";

+  # TODO: setup flake-parts à la place de flake-utils
+  # TODO: setup le formatter comme sioodmy
+  # TODO: rekey les secrets + changer la key de hydrogen
+  # TODO: luks encrypt hydrogen (dropbear ?)
+  # TODO: dégager btfrs de neodymium, ext4 ftw
+  # TODO: setup disko sur neodymium
+
  inputs = {
    nixpkgs = {
      url = "github:NixOS/nixpkgs/nixos-unstable";
      # url = "git+file:///home/laurent/Documents/nixpkgs?shallow=1";
    };
-
-    flake-utils.url = "github:numtide/flake-utils";
-
-    lanzaboote = {
-      url = "github:nix-community/lanzaboote";
-      # inputs.nixpkgs.follows = "nixpkgs";
+    home-manager = {
+      url = "github:nix-community/home-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
    };

    agenix = {
@ -19,17 +23,16 @@
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.flake-utils.follows = "flake-utils";
    };
-
-    home-manager = {
-      url = "github:nix-community/home-manager";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
+    flake-utils.url = "github:numtide/flake-utils";
+    lanzaboote.url = "github:nix-community/lanzaboote";
    hyprland.url = "github:hyprwm/Hyprland";
-
    nixos-hardware.url = "github:nixos/nixos-hardware";
+    disko.url = "github:nix-community/disko";
+    nixos-anywhere.url = "github:nix-community/nixos-anywhere";

    resume.url = "git+https://git.fainsin.bzh/Laurent/resume";
+    projet-intelligence-artificielle-multimedia.url =
+      "git+https://git.fainsin.bzh/ENSEEIHT/projet-intelligence-artificielle-multimedia";
  };

  nixConfig = {
@ -42,7 +45,7 @@
  };

  outputs = { nixpkgs, flake-utils, lanzaboote, agenix, home-manager
-    , nixos-hardware, ... }@inputs:
+    , nixos-hardware, disko, ... }@inputs:

    (flake-utils.lib.eachDefaultSystem (system:
      let pkgs = nixpkgs.legacyPackages.${system};
@ -84,6 +87,7 @@
          modules = [
            ./hosts/hydrogen
            home-manager.nixosModules.home-manager
+            disko.nixosModules.default
            agenix.nixosModules.default
            lanzaboote.nixosModules.lanzaboote
          ];
--- a/hosts/hydrogen/default.nix
+++ b/hosts/hydrogen/default.nix
@ -1,9 +1 @@
-{ modulesPath, lib, ... }: {
-  imports =
-    lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
-      (modulesPath + "/virtualisation/digital-ocean-config.nix")
-
-      ./services
-      ./system
-    ];
-}
+{ ... }: { imports = [ ./services ./system ]; }
--- a/hosts/hydrogen/services/blocky/default.nix
+++ b/hosts/hydrogen/services/blocky/default.nix
@ -1,103 +0,0 @@
-{ ... }: {
-  networking = {
-    firewall = {
-      # allow dns queries trough wireguard
-      interfaces."wg0".allowedUDPPorts = [
-        53 # dns default port
-      ];
-    };
-  };
-
-  services.blocky = {
-    enable = true;
-    settings = {
-      upstream.default = [ "208.67.222.222" "208.67.220.220" ];
-
-      clientLookup.clients = {
-        hydrogen = [ "10.0.0.1" "127.0.0.1" ];
-        pixel5 = [ "10.0.0.2" ];
-        neodymium = [ "10.0.0.3" ];
-      };
-
-      blocking = {
-        refreshPeriod = "24h";
-        clientGroupsBlock.default =
-          [ "firebog-tick" "firebog-nocross" "regex" ];
-        blackLists = {
-          firebog-tick = [
-            # https://v.firebog.net/hosts/lists.php?type=tick
-            "https://adaway.org/hosts.txt"
-            "https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt"
-            "https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt"
-            "https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt"
-            "https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"
-            "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext"
-            "https://phishing.army/download/phishing_army_blocklist_extended.txt"
-            "https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt"
-            "https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts"
-            "https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts"
-            "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt"
-            "https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt"
-            "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts"
-            "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts"
-            "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts"
-            "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts"
-            "https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt"
-            "https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt"
-            "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
-            "https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt"
-            "https://urlhaus.abuse.ch/downloads/hostfile/"
-            "https://v.firebog.net/hosts/AdguardDNS.txt"
-            "https://v.firebog.net/hosts/Admiral.txt"
-            "https://v.firebog.net/hosts/Easylist.txt"
-            "https://v.firebog.net/hosts/Easyprivacy.txt"
-            "https://v.firebog.net/hosts/Prigent-Ads.txt"
-            "https://v.firebog.net/hosts/Prigent-Crypto.txt"
-            "https://v.firebog.net/hosts/RPiList-Malware.txt"
-            "https://v.firebog.net/hosts/RPiList-Phishing.txt"
-            "https://v.firebog.net/hosts/static/w3kbl.txt"
-            "https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser"
-          ];
-          firebog-nocross = [
-            # https://v.firebog.net/hosts/lists.php?type=nocross
-            "https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt"
-            "https://malware-filter.gitlab.io/malware-filter/phishing-filter-hosts.txt"
-            "https://paulgb.github.io/BarbBlock/blacklists/hosts-file.txt"
-            "https://raw.githubusercontent.com/jdlingyu/ad-wars/master/hosts"
-            "https://raw.githubusercontent.com/matomo-org/referrer-spam-blacklist/master/spammers.txt"
-            "https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/AmazonFireTV.txt"
-            "https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt"
-            "https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt"
-            "https://raw.githubusercontent.com/RooneyMcNibNug/pihole-stuff/master/SNAFU.txt"
-            "https://raw.githubusercontent.com/VeleSila/yhosts/master/hosts"
-            "https://someonewhocares.org/hosts/zero/hosts"
-            "https://v.firebog.net/hosts/neohostsbasic.txt"
-            "https://v.firebog.net/hosts/Prigent-Malware.txt"
-            "https://winhelp2002.mvps.org/hosts.txt"
-            "https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt"
-          ];
-          regex = [
-            # https://github.com/mmotti/pihole-regex/blob/master/regex.list
-            ''
-              /^ad([sxv]?[0-9]*|system)[_.-]([^.[:space:]]+\\.){1,}|[_.-]ad([sxv]?[0-9]*|system)[_.-]/
-              /^(.+[_.-])?adse?rv(er?|ice)?s?[0-9]*[_.-]/
-              /^(.+[_.-])?telemetry[_.-]/
-              /^adim(age|g)s?[0-9]*[_.-]/
-              /^adtrack(er|ing)?[0-9]*[_.-]/
-              /^advert(s|is(ing|ements?))?[0-9]*[_.-]/
-              /^aff(iliat(es?|ion))?[_.-]/
-              /^analytics?[_.-]/
-              /^banners?[_.-]/
-              /^beacons?[0-9]*[_.-]/
-              /^count(ers?)?[0-9]*[_.-]/
-              /^mads\\./
-              /^pixels?[-.]/
-              /^stat(s|istics)?[0-9]*[_.-]/
-              /.*\\.g[0-9]+\\..*/
-            ''
-          ];
-        };
-      };
-    };
-  };
-}
--- a/hosts/hydrogen/services/changedetection/default.nix
+++ b/hosts/hydrogen/services/changedetection/default.nix
@ -1 +1 @@
-{ ... }: { services.changedetection-io = { enable = true; }; }
+{ ... }: { services.changedetection-io.enable = true; }
--- a/hosts/hydrogen/services/default.nix
+++ b/hosts/hydrogen/services/default.nix
@ -1,12 +1 @@
-{ ... }: {
-  imports = [
-    ./acme
-    ./atuin
-    ./blocky
-    ./changedetection
-    ./fail2ban
-    ./gitea
-    ./nginx
-    ./wireguard
-  ];
-}
+{ ... }: { imports = [ ./acme ./atuin ./changedetection ./gitea ./nginx ]; }
--- a/hosts/hydrogen/services/fail2ban/default.nix
+++ b/hosts/hydrogen/services/fail2ban/default.nix
@ -1,7 +0,0 @@
-{ ... }: {
-  services.fail2ban = {
-    enable = true;
-    maxretry = 3;
-    bantime = "1h";
-  };
-}
--- a/hosts/hydrogen/services/nginx/n7/default.nix
+++ b/hosts/hydrogen/services/nginx/n7/default.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{ inputs, system, pkgs, ... }: {
  services.nginx.virtualHosts = {
    "n7.laurent.fainsin.bzh" = {
      enableACME = true;
@ -17,7 +17,9 @@
          import ./projet-systemes-algorithmes-repartis.nix pkgs;

        "/projet-intelligence-artificielle-multimedia/" = # #
-          import ./projet-intelligence-artificielle-multimedia.nix pkgs;
+          import ./projet-intelligence-artificielle-multimedia.nix {
+            inherit inputs system;
+          };

        "/projet-probleme-inverse-3D/" = # #
          import ./projet-probleme-inverse-3D.nix pkgs;
--- a/hosts/hydrogen/services/nginx/n7/projet-intelligence-artificielle-multimedia.nix
+++ b/hosts/hydrogen/services/nginx/n7/projet-intelligence-artificielle-multimedia.nix
@ -1,12 +1,5 @@
-{ pkgs, ... }:
-let
-  pages = pkgs.fetchgit {
-    url =
-      "https://git.fainsin.bzh/ENSEEIHT/projet-intelligence-artificielle-multimedia";
-    rev = "8d7708db070170f6f3b276c5ea6f2f1b38e57ee5"; # pages
-    sha256 = "07cmnxmhb4l2chb8h9y45jnm10fqlmlq9d7zwllgk6l3gc0m3rdp";
-  };
-in {
-  alias = "${pages}/";
-  index = "slides.html";
+{ inputs, system, ... }: {
+  alias =
+    inputs.projet-intelligence-artificielle-multimedia.packages.${system}.slides
+    + "/";
 }
--- a/hosts/hydrogen/services/wireguard/default.nix
+++ b/hosts/hydrogen/services/wireguard/default.nix
@ -1,34 +0,0 @@
-{ ... }: {
-  networking = {
-    firewall = {
-      allowedUDPPorts = [
-        5553 # wireguard
-      ];
-    };
-
-    nat = {
-      enable = true;
-      enableIPv6 = true;
-      externalInterface = "ens3";
-      internalInterfaces = [ "wg0" ];
-    };
-
-    wireguard.interfaces = {
-      wg0 = {
-        ips = [ "10.0.0.1/24" "fd02:002:002::1/64" ];
-        listenPort = 5553;
-        privateKeyFile = "/root/wg-private";
-        peers = [
-          { # pixel
-            publicKey = "HS2q+PpPPwxqT1jCD7D4puqr4ZyaXV5TostavlYWBx0=";
-            allowedIPs = [ "10.0.0.2/32" "fd02:002:002::2/64" ];
-          }
-          { # neodymium
-            publicKey = "IFeRvelEilNRLkhWgFKL9HrJ9XYsm+r4yvv23CigETk=";
-            allowedIPs = [ "10.0.0.3/32" "fd02:002:002::3/64" ];
-          }
-        ];
-      };
-    };
-  };
-}
--- a/hosts/hydrogen/system/default.nix
+++ b/hosts/hydrogen/system/default.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{ modulesPath, ... }: {
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
@ -7,5 +7,13 @@
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "23.05"; # Did you read the comment?

-  imports = [ ./networking ./packages ./ssh ./users ];
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+    ./disko
+    ./networking
+    ./packages
+    ./ssh
+    ./users
+  ];
 }
--- a/hosts/hydrogen/system/disko/default.nix
+++ b/hosts/hydrogen/system/disko/default.nix
@ -0,0 +1,40 @@
+{ ... }: {
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+  disko.devices = {
+    disk.disk1 = {
+      device = "/dev/sda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            end = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/hosts/hydrogen/system/networking/default.nix
+++ b/hosts/hydrogen/system/networking/default.nix
@ -1,10 +1,18 @@
 { ... }: {
  networking = {
+    # the name of the machine
    hostName = "hydrogen";
+
+    # the domain used for the machine
    domain = "fainsin.bzh";
+
+    # domain name servers, use clouflare family
+    networking.nameservers = [ "1.1.1.2" "1.0.0.2" ];
+
+    # TODO: bouger ça à côté des applications
    firewall = {
      allowedTCPPorts = [
-        22 # ssh
+        624 # ssh
        80 # http
        443 # https
      ];
--- a/hosts/hydrogen/system/nix/default.nix
+++ b/hosts/hydrogen/system/nix/default.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{ lib, pkgs, nixpkgs, ... }: {
  # optimizations
  nix.settings.auto-optimise-store = true;

@ -8,4 +8,16 @@
    dates = "weekly";
    options = "--delete-older-than 30d";
  };
+
+  # experimental features
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  # pin nixpkgs registry
+  nix.registry.nixpkgs.flake = nixpkgs;
+
+  # print diff between two generations
+  system.activationScripts.nvd-report-changes = ''
+    PATH=$PATH:${lib.makeBinPath [ pkgs.nvd pkgs.nix ]}
+    nvd diff $(ls -dv /nix/var/nix/profiles/system-*-link | tail -2)
+  '';
 }
--- a/hosts/hydrogen/system/packages/default.nix
+++ b/hosts/hydrogen/system/packages/default.nix
@ -1 +1,3 @@
-{ pkgs, ... }: { environment.systemPackages = with pkgs; [ btop borgbackup ]; }
+{ pkgs, ... }: {
+  environment.systemPackages = with pkgs; [ btop borgbackup gitMinimal sysz ];
+}
--- a/hosts/hydrogen/system/ssh/default.nix
+++ b/hosts/hydrogen/system/ssh/default.nix
@ -1 +1,6 @@
-{ ... }: { services.openssh.ports = [ 624 ]; }
+{ ... }: {
+  services.openssh = {
+    enable = true;
+    ports = [ 642 ];
+  };
+}
--- a/hosts/neodymium/home/chromium/default.nix
+++ b/hosts/neodymium/home/chromium/default.nix
@ -0,0 +1,6 @@
+{ pkgs, ... }: {
+  programs.chromium = {
+    enable = true;
+    package = pkgs.ungoogled-chromium;
+  };
+}
--- a/hosts/neodymium/home/default.nix
+++ b/hosts/neodymium/home/default.nix
@ -6,6 +6,7 @@
    ./packages.nix

    ./alacritty
+    ./chromium
    ./firefox
    ./gtk
    ./shell
--- a/hosts/neodymium/system/networking/default.nix
+++ b/hosts/neodymium/system/networking/default.nix
@ -1,7 +1,10 @@
 { lib, ... }: {
-  # set hostname
+  # the name of the machine
  networking.hostName = "neodymium";

+  # domain name servers, use clouflare family
+  networking.nameservers = [ "1.1.1.2" "1.0.0.2" ];
+
  # use networkManager, see nmcli
  networking.networkmanager.enable = true;

@ -20,6 +23,4 @@
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
-
-  imports = [ ./wireguard.nix ];
 }
--- a/hosts/neodymium/system/networking/wireguard.nix
+++ b/hosts/neodymium/system/networking/wireguard.nix
@ -1,31 +0,0 @@
-{ lib, ... }: {
-  networking.wg-quick.interfaces = {
-    wg0 = {
-      # client
-      privateKeyFile = "/root/wireguard-keys/private";
-      address = [ "10.0.0.3/24" "fd02:002:002::3/64" ];
-      dns = [ "10.0.0.1" ];
-
-      # server
-      peers = [{
-        publicKey = "y36/EpLUerwM6NSGsVDCkb37Wj/Z3CI0mPFGatVa0Ws=";
-        allowedIPs = [ "0.0.0.0/0" "::0/0" ];
-        endpoint = "fainsin.bzh:5553";
-        persistentKeepalive = 30;
-      }];
-    };
-  };
-
-  # modify the systemd service to restart on failure every 10 seconds
-  systemd.services.wg-quick-wg0 = {
-    serviceConfig = {
-      Type = lib.mkForce "simple";
-      Restart = "on-failure";
-      RestartSec = "10s";
-    };
-    unitConfig = {
-      # ensures Restart= is always honoured
-      StartLimitIntervalSec = 0;
-    };
-  };
-}
--- a/hosts/neodymium/system/nix/default.nix
+++ b/hosts/neodymium/system/nix/default.nix
@ -41,6 +41,7 @@
      "vscode-extension-ms-vsliveshare-vsliveshare"
    ];

+  # print diff between two generations
  system.activationScripts.nvd-report-changes = ''
    PATH=$PATH:${lib.makeBinPath [ pkgs.nvd pkgs.nix ]}
    nvd diff $(ls -dv /nix/var/nix/profiles/system-*-link | tail -2)
Author	SHA1	Message	Date
Laureηt	11d5c3dcc0	✨ add a bunch of flake inputs	2023-11-29 15:40:36 +01:00
Laureηt	f112055076	📝 (neodymium/system) add comments in nix's default.nix	2023-11-29 15:39:56 +01:00
Laureηt	0c7e768235	✨ (neodymium/system) setup nameservers	2023-11-29 15:39:30 +01:00
Laureηt	42d74ddd66	🔥 (neodymium/system) remove now obsolete wireguard config	2023-11-29 15:39:12 +01:00
Laureηt	fef75b9b3b	✨ (neodymium/home) add ungoogled-chromium	2023-11-29 15:38:36 +01:00
Laureηt	a8a72ffdb6	♻️ (hydrogen) migrate vps from digitalocean to ovh	2023-11-29 15:38:13 +01:00
Laureηt	46a1f9b975	🎨 (hydrogen/system) format openssh config	2023-11-29 15:37:27 +01:00
Laureηt	e5ebf882d6	🎨 (hydrogen/system) add gitMinimal and sysz to installed packages	2023-11-29 15:36:27 +01:00
Laureηt	cc6d8f0545	🎨 (hydrogen/system) format nix settings file + enable experimental features	2023-11-29 15:35:59 +01:00
Laureηt	146076bad4	🎨 (hydrogen/services) format networking file	2023-11-29 15:35:23 +01:00
Laureηt	7da10c80f6	✨ (hydrogen/nginx) use disko for partitionning	2023-11-29 15:35:07 +01:00
Laureηt	1b88aa463d	✨ (hydrogen/nginx) projet-intelligence-artificielle-multimedia stop using pages, use the flake	2023-11-29 15:34:38 +01:00
Laureηt	f83dda4946	🎨 (hydrogen/services) format changedetection nix file	2023-11-29 15:34:04 +01:00
Laureηt	3e36af50d5	🔥 (hydrogen/services) update service's default.nix to remove ol services	2023-11-29 15:33:31 +01:00
Laureηt	4a3e8eeb0f	🔥 (hydrogen/services) remove fail2ban	2023-11-29 15:33:02 +01:00
Laureηt	e74af8434c	🔥 (hydrogen/services) remove wireguard	2023-11-29 15:32:42 +01:00
Laureηt	b94ba8a7b4	🔥 (hydrogen/services) remove blocky	2023-11-29 15:32:31 +01:00