From 95085a0d24a8f77e8dd4c76debeca45cdeaecd2f Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Wed, 6 Aug 2025 00:18:58 +0200 Subject: [PATCH] initial commit --- README.md | 6 +++ flake.lock | 27 ++++++++++++++ flake.nix | 31 ++++++++++++++++ hosts/physique/hyponix/README.md | 10 +++++ hosts/physique/hyponix/default.nix | 16 ++++++++ .../hyponix/hardware-configuration.nix | 27 ++++++++++++++ hosts/physique/hyponix/networking.nix | 9 +++++ hosts/physique/hyponix/services/default.nix | 13 +++++++ hosts/physique/hyponix/services/fail2ban.nix | 8 ++++ hosts/physique/hyponix/services/forgejo.nix | 22 +++++++++++ modules/common/default.nix | 21 +++++++++++ modules/common/users.nix | 16 ++++++++ modules/default.nix | 8 ++++ modules/virtual/default.nix | 27 ++++++++++++++ modules/virtual/vm-options.nix | 37 +++++++++++++++++++ tools/devshell.nix | 16 ++++++++ 16 files changed, 294 insertions(+) create mode 100644 README.md create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 hosts/physique/hyponix/README.md create mode 100644 hosts/physique/hyponix/default.nix create mode 100644 hosts/physique/hyponix/hardware-configuration.nix create mode 100644 hosts/physique/hyponix/networking.nix create mode 100644 hosts/physique/hyponix/services/default.nix create mode 100644 hosts/physique/hyponix/services/fail2ban.nix create mode 100644 hosts/physique/hyponix/services/forgejo.nix create mode 100644 modules/common/default.nix create mode 100644 modules/common/users.nix create mode 100644 modules/default.nix create mode 100644 modules/virtual/default.nix create mode 100644 modules/virtual/vm-options.nix create mode 100644 tools/devshell.nix diff --git a/README.md b/README.md new file mode 100644 index 0000000..6a8e2ea --- /dev/null +++ b/README.md @@ -0,0 +1,6 @@ +# Homelab + +C'est le repo de mon homelab sous nixos. + + + diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..06c0920 --- /dev/null +++ b/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1753345091, + "narHash": "sha256-CdX2Rtvp5I8HGu9swBmYuq+ILwRxpXdJwlpg8jvN4tU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "3ff0e34b1383648053bba8ed03f201d3466f90c9", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..c969e8e --- /dev/null +++ b/flake.nix @@ -0,0 +1,31 @@ +{ + description = "Mon homelab"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + }; + + outputs = { self, nixpkgs }@inputs: + let + system = "x86_64-linux"; + in + { + + nixosConfigurations = { + hyponix = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = inputs; + modules = [ + ./hosts/physique/hyponix + ./modules + ]; + }; + }; + + + devShells.x86_64-linux.default = + let pkgs = import nixpkgs { inherit system; }; + in pkgs.callPackage ./tools/devshell.nix { }; + + }; +} diff --git a/hosts/physique/hyponix/README.md b/hosts/physique/hyponix/README.md new file mode 100644 index 0000000..f106a2a --- /dev/null +++ b/hosts/physique/hyponix/README.md @@ -0,0 +1,10 @@ +# Hyponix + +## Caractéristiques + +``` +Host: ASUSTeK COMPUTER INC. CM6731_CM6431_CM6331 +CPU: Intel i5-3350P (4) @3.300GHz +GPU: NVIDIA GeForce GT 625 OEM +Memory : 8G, 1600 MT/s AO2L16BC8R2-BR2S +``` diff --git a/hosts/physique/hyponix/default.nix b/hosts/physique/hyponix/default.nix new file mode 100644 index 0000000..750c5a5 --- /dev/null +++ b/hosts/physique/hyponix/default.nix @@ -0,0 +1,16 @@ +{ config, lib, ... }: +{ + imports = [ + ./hardware-configuration.nix + ./networking.nix + ./services + + ../../../modules + ]; + + boot.loader.grub.device = "/dev/sda"; + + networking.hostName = "hyponix"; + + system.stateVersion = "25.05"; +} diff --git a/hosts/physique/hyponix/hardware-configuration.nix b/hosts/physique/hyponix/hardware-configuration.nix new file mode 100644 index 0000000..01727a2 --- /dev/null +++ b/hosts/physique/hyponix/hardware-configuration.nix @@ -0,0 +1,27 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "ums_realtek" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/4c0afbf4-08c4-468e-b480-4d1ae13a1073"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/physique/hyponix/networking.nix b/hosts/physique/hyponix/networking.nix new file mode 100644 index 0000000..a3184a7 --- /dev/null +++ b/hosts/physique/hyponix/networking.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + networking.interfaces.enp5s0 = { + ipv6.addresses = [{ + address = "2a02:8428:c272:6f01:aaaa:bbbb:cccc:3142"; + prefixLength = 64; + }]; + }; +} diff --git a/hosts/physique/hyponix/services/default.nix b/hosts/physique/hyponix/services/default.nix new file mode 100644 index 0000000..9cc87df --- /dev/null +++ b/hosts/physique/hyponix/services/default.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + imports = [ + ./fail2ban.nix + ./forgejo.nix + ]; + + services.caddy = { + enable = true; + }; + + networking.firewall.allowedTCPPorts = [80 443]; +} diff --git a/hosts/physique/hyponix/services/fail2ban.nix b/hosts/physique/hyponix/services/fail2ban.nix new file mode 100644 index 0000000..edc9a34 --- /dev/null +++ b/hosts/physique/hyponix/services/fail2ban.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + services.fail2ban = { + enable = true; + }; + + services.openssh.settings.LogLevel = "VERBOSE"; +} diff --git a/hosts/physique/hyponix/services/forgejo.nix b/hosts/physique/hyponix/services/forgejo.nix new file mode 100644 index 0000000..137740a --- /dev/null +++ b/hosts/physique/hyponix/services/forgejo.nix @@ -0,0 +1,22 @@ +{config, ...}: +let + domain = "git.${config.networking.domain}"; +in +{ + services.forgejo = { + enable = true; + + settings = { + server = { + DOMAIN = domain; + }; + }; + }; + + + services.caddy.virtualHosts."git.${config.networking.domain}" = { + extraConfig = '' + reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT} + ''; + }; +} diff --git a/modules/common/default.nix b/modules/common/default.nix new file mode 100644 index 0000000..7b1b387 --- /dev/null +++ b/modules/common/default.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: +{ + imports = [ + ./users.nix + ]; + + services.openssh = { + enable = true; + }; + + programs.htop.enable = true; + + networking.domain = "v2.bytestall.info"; + + environment.systemPackages = with pkgs; [ + vim + dig + powertop + ]; + +} diff --git a/modules/common/users.nix b/modules/common/users.nix new file mode 100644 index 0000000..6a0c9f7 --- /dev/null +++ b/modules/common/users.nix @@ -0,0 +1,16 @@ +{ ... }: +{ + users = { + mutableUsers = false; + users.lzebulon = { + isNormalUser = true; + hashedPassword = "$y$j9T$l3Sr.4rBoWPTNx9AQNd6n0$rHprSWYdDIv0sjrMz1/47fZSboNL95/v43HZCbsuSM3"; + extraGroups = [ "wheel" ]; + + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCR6uatrqbCViftPwQ17JNVN8KBC02sPAOu+uRKGhLR lzebulon" + ]; + }; + }; + +} diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..4bbe311 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,8 @@ +{...}: +{ + imports = [ + ./common + ]; + + nix.settings.experimental-features = [ "flakes" "nix-command" ]; +} diff --git a/modules/virtual/default.nix b/modules/virtual/default.nix new file mode 100644 index 0000000..67ffd70 --- /dev/null +++ b/modules/virtual/default.nix @@ -0,0 +1,27 @@ +{ lib +, config +, ... +}: +with lib; +let + cfg = config.virtualMachines; +in +{ + options.virtualMachines = { + enable = mkEnableOption "Enable Module"; + + vmHost = mkOption { + type = with types; attrsOf (submodule (import ./vm-options.nix { inherit cfg; })); + default = { }; + example = literalExpression '' + Todo + ''; + description = '' + Declaration d'une vm + ''; + }; + }; + + config = mkIf cfg.enable { }; + +} diff --git a/modules/virtual/vm-options.nix b/modules/virtual/vm-options.nix new file mode 100644 index 0000000..f7520c7 --- /dev/null +++ b/modules/virtual/vm-options.nix @@ -0,0 +1,37 @@ +{ cfg }: +{ config +, lib +, name +, ... +}: +let + inherit (lib) literalExpression mkOption types; +in +{ + options = { + vmid = mkOption { + type = types.int; + description = "id de la vm"; + }; + + networking = { + macAddress = mkOption { + type = with types; listOf str; + example = [ "02:00:00:00:00:00" ]; + description = '' + Mac adresse de l'interface reseau de la vm. + Les mac adresses safes sont les suivantes : + + x2:xx:xx:xx:xx:xx + x6:xx:xx:xx:xx:xx + xA:xx:xx:xx:xx:xx + xE:xx:xx:xx:xx:xx + + avec x n'importe quel valeur + + ''; + }; + }; + + }; +} diff --git a/tools/devshell.nix b/tools/devshell.nix new file mode 100644 index 0000000..a9a3f9e --- /dev/null +++ b/tools/devshell.nix @@ -0,0 +1,16 @@ +{ pkgs +, +}: + +pkgs.mkShell { + name = "homelab"; + + packages = with pkgs; [ + nil + nixpkgs-fmt + ]; + + shellHook = '' + exec zsh + ''; +}