initial commit

2025-08-06 00:18:58 +02:00 · 2025-08-06 00:18:58 +02:00 · 95085a0d24
commit 95085a0d24
16 changed files with 294 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,6 @@
+# Homelab
+
+C'est le repo de mon homelab sous nixos.
+
+
+
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1753345091,
+        "narHash": "sha256-CdX2Rtvp5I8HGu9swBmYuq+ILwRxpXdJwlpg8jvN4tU=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "3ff0e34b1383648053bba8ed03f201d3466f90c9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-25.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,31 @@
+{
+  description = "Mon homelab";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
+  };
+
+  outputs = { self, nixpkgs }@inputs:
+    let
+      system = "x86_64-linux";
+    in
+    {
+
+      nixosConfigurations = {
+        hyponix = nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          specialArgs = inputs;
+          modules = [
+            ./hosts/physique/hyponix
+            ./modules
+          ];
+        };
+      };
+
+
+      devShells.x86_64-linux.default =
+        let pkgs = import nixpkgs { inherit system; };
+        in pkgs.callPackage ./tools/devshell.nix { };
+
+    };
+}
--- a/hosts/physique/hyponix/README.md
+++ b/hosts/physique/hyponix/README.md
@ -0,0 +1,10 @@
+# Hyponix
+
+## Caractéristiques
+
+```
+Host: ASUSTeK COMPUTER INC. CM6731_CM6431_CM6331
+CPU: Intel i5-3350P (4) @3.300GHz
+GPU: NVIDIA GeForce GT 625 OEM
+Memory : 8G, 1600 MT/s AO2L16BC8R2-BR2S
+```
--- a/hosts/physique/hyponix/default.nix
+++ b/hosts/physique/hyponix/default.nix
@ -0,0 +1,16 @@
+{ config, lib, ... }:
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./networking.nix
+    ./services
+
+    ../../../modules
+  ];
+
+  boot.loader.grub.device = "/dev/sda";
+
+  networking.hostName = "hyponix";
+
+  system.stateVersion = "25.05";
+}
--- a/hosts/physique/hyponix/hardware-configuration.nix
+++ b/hosts/physique/hyponix/hardware-configuration.nix
@ -0,0 +1,27 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "ums_realtek" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/4c0afbf4-08c4-468e-b480-4d1ae13a1073";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/physique/hyponix/networking.nix
+++ b/hosts/physique/hyponix/networking.nix
@ -0,0 +1,9 @@
+{ ... }:
+{
+  networking.interfaces.enp5s0 = {
+    ipv6.addresses = [{
+      address = "2a02:8428:c272:6f01:aaaa:bbbb:cccc:3142";
+      prefixLength = 64;
+    }];
+  };
+}
--- a/hosts/physique/hyponix/services/default.nix
+++ b/hosts/physique/hyponix/services/default.nix
@ -0,0 +1,13 @@
+{ ... }:
+{
+  imports = [
+    ./fail2ban.nix
+    ./forgejo.nix
+  ];
+
+  services.caddy = {
+    enable = true;
+  };
+
+  networking.firewall.allowedTCPPorts = [80 443];
+}
--- a/hosts/physique/hyponix/services/fail2ban.nix
+++ b/hosts/physique/hyponix/services/fail2ban.nix
@ -0,0 +1,8 @@
+{ ... }:
+{
+  services.fail2ban = {
+    enable = true;
+  };
+
+  services.openssh.settings.LogLevel = "VERBOSE";
+}
--- a/hosts/physique/hyponix/services/forgejo.nix
+++ b/hosts/physique/hyponix/services/forgejo.nix
@ -0,0 +1,22 @@
+{config, ...}:
+let
+  domain = "git.${config.networking.domain}";
+in
+{
+  services.forgejo = {
+    enable = true;
+
+    settings = {
+      server = {
+        DOMAIN = domain;
+      };
+    };
+  };
+
+
+  services.caddy.virtualHosts."git.${config.networking.domain}" = {
+    extraConfig = ''
+      reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
+    '';
+  };
+}
--- a/modules/common/default.nix
+++ b/modules/common/default.nix
@ -0,0 +1,21 @@
+{ pkgs, ... }:
+{
+  imports = [
+    ./users.nix
+  ];
+
+  services.openssh = {
+    enable = true;
+  };
+
+  programs.htop.enable = true;
+
+  networking.domain = "v2.bytestall.info";
+
+  environment.systemPackages = with pkgs; [
+    vim
+    dig
+    powertop
+  ];
+
+}
--- a/modules/common/users.nix
+++ b/modules/common/users.nix
@ -0,0 +1,16 @@
+{ ... }:
+{
+  users = {
+    mutableUsers = false;
+    users.lzebulon = {
+      isNormalUser = true;
+      hashedPassword = "$y$j9T$l3Sr.4rBoWPTNx9AQNd6n0$rHprSWYdDIv0sjrMz1/47fZSboNL95/v43HZCbsuSM3";
+      extraGroups = [ "wheel" ];
+
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCR6uatrqbCViftPwQ17JNVN8KBC02sPAOu+uRKGhLR lzebulon"
+      ];
+    };
+  };
+
+}
--- a/modules/default.nix
+++ b/modules/default.nix
@ -0,0 +1,8 @@
+{...}:
+{
+  imports = [
+    ./common
+  ];
+
+  nix.settings.experimental-features = [ "flakes" "nix-command" ];
+}
--- a/modules/virtual/default.nix
+++ b/modules/virtual/default.nix
@ -0,0 +1,27 @@
+{ lib
+, config
+, ...
+}:
+with lib;
+let
+  cfg = config.virtualMachines;
+in
+{
+  options.virtualMachines = {
+    enable = mkEnableOption "Enable Module";
+
+    vmHost = mkOption {
+      type = with types; attrsOf (submodule (import ./vm-options.nix { inherit cfg; }));
+      default = { };
+      example = literalExpression ''
+        Todo
+      '';
+      description = ''
+        Declaration d'une vm
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable { };
+
+}
--- a/modules/virtual/vm-options.nix
+++ b/modules/virtual/vm-options.nix
@ -0,0 +1,37 @@
+{ cfg }:
+{ config
+, lib
+, name
+, ...
+}:
+let
+  inherit (lib) literalExpression mkOption types;
+in
+{
+  options = {
+    vmid = mkOption {
+      type = types.int;
+      description = "id de la vm";
+    };
+
+    networking = {
+      macAddress = mkOption {
+        type = with types; listOf str;
+        example = [ "02:00:00:00:00:00" ];
+        description = ''
+          Mac adresse de l'interface reseau de la vm.
+          Les mac adresses safes sont les suivantes :
+
+          x2:xx:xx:xx:xx:xx
+          x6:xx:xx:xx:xx:xx
+          xA:xx:xx:xx:xx:xx
+          xE:xx:xx:xx:xx:xx
+
+          avec x n'importe quel valeur
+          
+        '';
+      };
+    };
+
+  };
+}
--- a/tools/devshell.nix
+++ b/tools/devshell.nix
@ -0,0 +1,16 @@
+{ pkgs
+,
+}:
+
+pkgs.mkShell {
+  name = "homelab";
+
+  packages = with pkgs; [
+    nil
+    nixpkgs-fmt
+  ];
+
+  shellHook = ''
+    exec zsh
+  '';
+}