crans
/
nixos
mirror of https://gitlab.crans.org/nounous/nixos
19
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Factorisation en un module crans

merge-requests/14/head
RatCornu 2025-06-08 15:53:33 +02:00
parent ab20269f92
commit cedff82836
No known key found for this signature in database
GPG Key ID: B3BE02E379E6E8E2
27 changed files with 566 additions and 574 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
flake.nix
View File

@ -34,7 +34,10 @@
flake = with nixpkgs.lib; { flake = with nixpkgs.lib; {
nixosConfigurations = nixosConfigurations =
let let
baseModules = [ agenix.nixosModules.default ]; baseModules = [
./modules
agenix.nixosModules.default
];
in in
{ {
apprentix = nixosSystem { apprentix = nixosSystem {

7
hosts/physiques/thot/default.nix
View File

@ -39,5 +39,12 @@
restic restic
]; ];
crans = {
enable = true;
networking.adm.enable = false;
resticClient.enable = false;
};
system.stateVersion = "24.05"; system.stateVersion = "24.05";
} }

28
hosts/vm/apprentix/default.nix
View File

@ -1,17 +1,27 @@
{ config, lib, ... }: { ... }:
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./networking.nix
../../../modules
]; ];
boot.loader.grub.devices = [ "/dev/sda" ]; boot.loader.grub.devices = [ "/dev/sda" ];
networking.hostName = "apprentix"; networking.hostName = "apprentix";
crans = {
enable = true;
networking = {
id = 50;
srvNat.enable = true;
};
homeNounou.enable = false;
users.root.passwordFile = ../../../secrets/apprentix/root.age;
};
security.sudo.extraRules = [ security.sudo.extraRules = [
{ {
groups = [ "_user" ]; groups = [ "_user" ];
@ -19,15 +29,5 @@
} }
]; ];
age.secrets = {
root-passwd-hash.file = ../../../secrets/apprentix/root.age;
};
users.users.root = {
hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
};
crans.home_nounou.enable = false;
system.stateVersion = "24.11"; system.stateVersion = "24.11";
} }

65
hosts/vm/apprentix/networking.nix
View File

@ -1,65 +0,0 @@
{ ... }:
{
networking = {
interfaces = {
ens18 = {
ipv4 = {
addresses = [
{
address = "172.16.10.150";
prefixLength = 24;
}
];
};
ipv6 = {
addresses = [
{
address = "fd00::10:0:ff:fe01:5010";
prefixLength = 64;
}
];
};
};
ens19 = {
ipv4 = {
addresses = [
{
address = "172.16.3.150";
prefixLength = 24;
}
];
routes = [
{
address = "0.0.0.0";
via = "172.16.3.99";
prefixLength = 0;
}
];
};
ipv6 = {
addresses = [
{
address = "2a0c:700:3::ff:fe01:5003";
prefixLength = 64;
}
];
routes = [
{
address = "::";
via = "2a0c:700:3::ff:fe00:9903";
prefixLength = 0;
}
];
};
};
};
};
}

14
hosts/vm/jitsi/default.nix
View File

@ -3,9 +3,7 @@
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./networking.nix
../../../modules
../../../modules/services/jitsi.nix ../../../modules/services/jitsi.nix
../../../modules/services/acme.nix ../../../modules/services/acme.nix
]; ];
@ -13,5 +11,17 @@
networking.hostName = "jitsi"; networking.hostName = "jitsi";
boot.loader.grub.devices = [ "/dev/vda" ]; boot.loader.grub.devices = [ "/dev/vda" ];
crans = {
enable = true;
networking = {
id = 63;
srv = {
enable = true;
ipv4 = "185.230.79.15";
};
};
};
system.stateVersion = "24.11"; system.stateVersion = "24.11";
} }

53
hosts/vm/jitsi/networking.nix
View File

@ -1,53 +0,0 @@
{ ... }:
{
networking = {
interfaces = {
ens18 = {
ipv4 = {
addresses = [{
address = "172.16.10.163";
prefixLength = 24;
}];
};
ipv6 = {
addresses = [{
address = "fd00::10:0:ff:fe01:6310";
prefixLength = 64;
}];
};
};
ens19 = {
ipv4 = {
addresses = [{
address = "185.230.79.15";
prefixLength = 26;
}];
routes = [{
address = "0.0.0.0";
via = "185.230.79.62";
prefixLength = 0;
}];
};
ipv6 = {
addresses = [{
address = "2a0c:700:2::ff:fe01:6302";
prefixLength = 64;
}];
routes = [{
address = "::";
via = "2a0c:700:2::ff:fe00:9902";
prefixLength = 0;
}];
};
};
};
};
}

11
hosts/vm/livre/default.nix
View File

@ -3,9 +3,7 @@
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./networking.nix
../../../modules
../../../modules/services/nginx.nix ../../../modules/services/nginx.nix
../../../modules/services/stirling.nix ../../../modules/services/stirling.nix
]; ];
@ -13,6 +11,15 @@
networking.hostName = "livre"; networking.hostName = "livre";
boot.loader.grub.devices = [ "/dev/sda" ]; boot.loader.grub.devices = [ "/dev/sda" ];
crans = {
enable = true;
networking = {
id = 40;
srvNat.enable = true;
};
};
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"pdf.crans.org" = { "pdf.crans.org" = {
locations."/" = { locations."/" = {

53
hosts/vm/livre/networking.nix
View File

@ -1,53 +0,0 @@
{ ... }:
{
networking = {
interfaces = {
ens18 = {
ipv4 = {
addresses = [{
address = "172.16.10.140";
prefixLength = 24;
}];
};
ipv6 = {
addresses = [{
address = "fd00::10:0:ff:fe01:4010";
prefixLength = 64;
}];
};
};
ens19 = {
ipv4 = {
addresses = [{
address = "172.16.3.140";
prefixLength = 24;
}];
routes = [{
address = "0.0.0.0";
via = "172.16.3.99";
prefixLength = 0;
}];
};
ipv6 = {
addresses = [{
address = "2a0c:700:3::ff:fe01:4003";
prefixLength = 64;
}];
routes = [{
address = "::";
via = "2a0c:700:3::ff:fe00:9903";
prefixLength = 0;
}];
};
};
};
};
}

14
hosts/vm/neo/default.nix
View File

@ -3,9 +3,7 @@
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./networking.nix
../../../modules
../../../modules/services/matrix.nix ../../../modules/services/matrix.nix
../../../modules/services/synapse-admin.nix ../../../modules/services/synapse-admin.nix
]; ];
@ -14,5 +12,17 @@
networking.hostName = "neo"; networking.hostName = "neo";
crans = {
enable = true;
networking = {
id = 41;
srv = {
enable = true;
ipv4 = "185.230.79.5";
};
};
};
system.stateVersion = "24.11"; system.stateVersion = "24.11";
} }

62
hosts/vm/neo/networking.nix
View File

@ -1,62 +0,0 @@
{ ... }:
{
networking = {
interfaces = {
ens18 = {
ipv4 = {
addresses = [
{
address = "172.16.10.141";
prefixLength = 24;
}
];
};
ipv6 = {
addresses = [
{
address = "fd00::10:0:ff:fe01:4110";
prefixLength = 64;
}
];
};
};
ens19 = {
ipv4 = {
addresses = [
{
address = "185.230.79.5";
prefixLength = 26;
}
];
routes = [
{
address = "0.0.0.0";
via = "185.230.79.62";
prefixLength = 0;
}
];
};
ipv6 = {
addresses = [
{
address = "2a0c:700:2::ff:fe01:4102";
prefixLength = 64;
}
];
routes = [{
address = "::";
via = "2a0c:700:2::ff:fe00:9902";
prefixLength = 0;
}];
};
};
};
firewall = {
enable = true;
};
};
}

11
hosts/vm/redite/default.nix
View File

@ -3,14 +3,21 @@
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./networking.nix
../../../modules
../../../modules/services/libreddit.nix ../../../modules/services/libreddit.nix
]; ];
networking.hostName = "redite"; networking.hostName = "redite";
boot.loader.grub.devices = [ "/dev/sda" ]; boot.loader.grub.devices = [ "/dev/sda" ];
crans = {
enable = true;
networking = {
id = 39;
srvNat.enable = true;
};
};
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }

65
hosts/vm/redite/networking.nix
View File

@ -1,65 +0,0 @@
{ ... }:
{
networking = {
interfaces = {
ens18 = {
ipv4 = {
addresses = [
{
address = "172.16.10.139";
prefixLength = 24;
}
];
};
ipv6 = {
addresses = [
{
address = "fd00::10:0:ff:fe01:3910";
prefixLength = 64;
}
];
};
};
ens19 = {
ipv4 = {
addresses = [
{
address = "172.16.3.139";
prefixLength = 24;
}
];
routes = [
{
address = "0.0.0.0";
via = "172.16.3.99";
prefixLength = 0;
}
];
};
ipv6 = {
addresses = [
{
address = "2a0c:700:3::ff:fe01:3903";
prefixLength = 64;
}
];
routes = [
{
address = "::";
via = "2a0c:700:3::ff:fe00:9903";
prefixLength = 0;
}
];
};
};
};
};
}

15
hosts/vm/two/default.nix
View File

@ -3,13 +3,22 @@
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./networking.nix
../../../modules
]; ];
networking.hostName = "two"; networking.hostName = "two";
boot.loader.grub.devices = [ "/dev/sda" ]; boot.loader.grub.devices = [ "/dev/sda" ];
crans = {
enable = true;
networking = {
id = 35;
srvNat = {
enable = true;
interface = "ens19";
};
};
};
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }

65
hosts/vm/two/networking.nix
View File

@ -1,65 +0,0 @@
{ ... }:
{
networking = {
interfaces = {
ens18 = {
ipv4 = {
addresses = [
{
address = "172.16.10.135";
prefixLength = 24;
}
];
};
ipv6 = {
addresses = [
{
address = "fd00::10:0:ff:fe01:3510";
prefixLength = 64;
}
];
};
};
ens19 = {
ipv4 = {
addresses = [
{
address = "172.16.3.135";
prefixLength = 24;
}
];
routes = [
{
address = "0.0.0.0";
via = "172.16.3.99";
prefixLength = 0;
}
];
};
ipv6 = {
addresses = [
{
address = "2a0c:700:3::ff:fe01:3503";
prefixLength = 64;
}
];
routes = [
{
address = "::";
via = "2a0c:700:3::ff:fe00:9903";
prefixLength = 0;
}
];
};
};
};
};
}

11
hosts/vm/vaultwarden/default.nix
View File

@ -3,14 +3,21 @@
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./networking.nix
../../../modules
../../../modules/services/vaultwarden.nix ../../../modules/services/vaultwarden.nix
]; ];
networking.hostName = "vaultwarden"; networking.hostName = "vaultwarden";
boot.loader.grub.devices = [ "/dev/sda" ]; boot.loader.grub.devices = [ "/dev/sda" ];
crans = {
enable = true;
networking = {
id = 59;
srvNat.enable = true;
};
};
system.stateVersion = "24.05"; system.stateVersion = "24.05";
} }

53
hosts/vm/vaultwarden/networking.nix
View File

@ -1,53 +0,0 @@
{ ... }:
{
networking = {
interfaces = {
ens18 = {
ipv4 = {
addresses = [{
address = "172.16.10.159";
prefixLength = 24;
}];
};
ipv6 = {
addresses = [{
address = "fd00::10:0:ff:fe01:5910";
prefixLength = 64;
}];
};
};
ens19 = {
ipv4 = {
addresses = [{
address = "172.16.3.159";
prefixLength = 24;
}];
routes = [{
address = "0.0.0.0";
via = "172.16.3.99";
prefixLength = 0;
}];
};
ipv6 = {
addresses = [{
address = "2a0c:700:3::ff:fe01:5903";
prefixLength = 64;
}];
routes = [{
address = "::";
via = "2a0c:700:3::ff:fe00:9903";
prefixLength = 0;
}];
};
};
};
};
}

49
modules/crans/default.nix
View File

@ -1,5 +1,10 @@
{ pkgs, ... }: { lib, config, ... }:
let
cfg = config.crans;
inherit (lib) mkEnableOption mkIf;
in
{ {
imports = [ imports = [
./age.nix ./age.nix
@ -10,32 +15,28 @@
./restic_client.nix ./restic_client.nix
./monitoring.nix ./monitoring.nix
./nullmailer.nix ./nullmailer.nix
./packages.nix
./ssh.nix
./users.nix ./users.nix
./virtualisation.nix
]; ];
services.qemuGuest.enable = true; options.crans = {
boot.kernelParams = [ "console=ttyS0,115200" ]; enable = mkEnableOption "Configuration commune à toutes les machines du Crans";
services.openssh = {
enable = true;
}; };
nixpkgs.config.allowUnfree = true; config = mkIf cfg.enable {
crans = {
# Enable some utility programs. homeNounou.enable = lib.mkDefault true;
programs.git.enable = true; monitoring.enable = true;
programs.htop.enable = true; networking = {
programs.neovim.enable = true; enable = true;
programs.screen.enable = true; adm.enable = lib.mkDefault true;
programs.tmux.enable = true; };
programs.vim.enable = true; resticClient.enable = lib.mkDefault true;
users = {
environment.systemPackages = with pkgs; [ ldap.enable = true;
bat };
fd };
helix };
nfs-utils
ripgrep
shelldap
];
} }

21
modules/crans/home.nix
View File

@ -1,24 +1,17 @@
{ { lib, config, ... }:
pkgs,
lib,
config,
...
}:
let let
cfg = config.crans.home_nounou; cfg = config.crans.homeNounou;
inherit (lib) mkEnableOption mkIf;
in in
{ {
options.crans.home_nounou = { options.crans.homeNounou = {
enable = lib.mkOption { enable = mkEnableOption "Monter /home_nounou.";
type = lib.types.bool;
default = true;
description = "Monter les home nounous";
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
fileSystems.home_nounou = { fileSystems.home_nounou = {
mountPoint = "/home_nounou"; mountPoint = "/home_nounou";
device = "172.16.10.1:/pool/home"; device = "172.16.10.1:/pool/home";

31
modules/crans/monitoring.nix
View File

@ -1,5 +1,31 @@
{ config, ... }: { config, lib, ... }:
let
cfg = config.crans.monitoring;
inherit (lib)
mkEnableOption
mkIf
mkOption
types
;
in
{ {
options.crans.monitoring = {
enable = mkEnableOption "Monitoring prometheus de la machine.";
nginx = {
enable = mkOption {
type = types.bool;
default = config.services.nginx.enable;
example = true;
description = "Monitoring de Nginx par prometheus.";
};
};
};
config = mkIf cfg.enable {
services.prometheus.exporters = { services.prometheus.exporters = {
node = { node = {
enable = true; enable = true;
@ -9,9 +35,10 @@
}; };
nginx = { nginx = {
enable = config.services.nginx.enable; enable = cfg.nginx.enable;
port = 9117; port = 9117;
scrapeUri = "http://[::1]:6424/stub_status"; scrapeUri = "http://[::1]:6424/stub_status";
}; };
}; };
};
} }

212
modules/crans/networking.nix
View File

@ -1,10 +1,216 @@
{ lib, ... }: { lib, config, ... }:
let
cfg = config.crans.networking;
inherit (lib)
mkEnableOption
mkIf
mkOption
types
;
in
{ {
# Les interfaces ne sont pas déclarées ici : elles sont propres à chaque VM. options.crans.networking = {
networking = { enable = mkEnableOption "Configuration réseaux commune à toutes les machines du Crans.";
id = mkOption {
type = types.int;
example = "35";
description = "Le numéro de la VM dans Proxmox (sans le `1` devant).";
};
adm = {
enable = mkEnableOption "Configuration du VLAN adm.";
interface = mkOption {
type = types.str;
default = "ens18";
example = "ens20";
description = "Nom de l'interface réseau sur laquelle est située le VLAN adm.";
};
};
srv = {
enable = mkEnableOption "Configuration du VLAN srv.";
interface = mkOption {
type = types.str;
default = "ens18";
example = "ens19";
description = "Nom de l'interface réseau sur laquelle est située le VLAN srv.";
};
ipv4 = mkOption {
type = types.str;
example = "185.230.79.1";
description = "Adresse IPv4 de la machine.";
};
};
srvNat = {
enable = mkEnableOption "Configuration du VLAN srv-nat.";
interface = mkOption {
type = types.str;
default = "ens19";
example = "ens20";
description = "Nom de l'interface réseau sur laquelle est située le VLAN srv-nat.";
};
};
san = {
enable = mkEnableOption "Configuration du VLAN san.";
interface = mkOption {
type = types.str;
example = "ens19";
description = "Nom de l'interface réseau sur laquelle est située le VLAN san.";
};
};
};
config = mkIf cfg.enable {
networking =
{
useDHCP = false; useDHCP = false;
firewall.enable = lib.mkDefault false; firewall.enable = lib.mkDefault false;
nameservers = [ "172.16.10.128" ]; nameservers = [ "172.16.10.128" ];
}
//
# Configuration du VLAN adm
(
if cfg.adm.enable then
{
interfaces."${cfg.adm.interface}" = {
ipv4.addresses = [
{
address = "172.16.10.1${toString cfg.id}";
prefixLength = 24;
}
];
ipv6.addresses = [
{
address = "fd00::10:0:ff:fe01:${toString cfg.id}10";
prefixLength = 64;
}
];
};
}
else
{ }
)
//
# Configuration du VLAN srv
(
if cfg.srv.enable then
{
firewall.enable = true;
interfaces."${cfg.srv.interface}" = {
ipv4 = {
addresses = [
{
address = cfg.srv.ipv4;
prefixLength = 26;
}
];
routes = [
{
address = "0.0.0.0";
via = "185.230.79.62";
prefixLength = 0;
}
];
};
ipv6 = {
addresses = [
{
address = "2a0c:700:2::ff::fe01:${toString cfg.id}02";
prefixLength = 64;
}
];
routes = [
{
address = "::";
via = "2a0c:700:2::ff:fe00:9902";
prefixLength = 0;
}
];
};
};
}
else
{ }
)
//
# Configuration du VLAN srv-nat
(
if cfg.srvNat.enable then
{
interfaces."${cfg.srvNat.interface}" = {
ipv4 = {
addresses = [
{
address = "172.16.3.1${toString cfg.id}";
prefixLength = 24;
}
];
routes = [
{
address = "0.0.0.0";
via = "172.16.3.99";
prefixLength = 0;
}
];
};
ipv6 = {
addresses = [
{
address = "2a0c:700:3::ff:fe01:${toString cfg.id}03";
prefixLength = 64;
}
];
routes = [
{
address = "::";
via = "2a0c:700:3::ff:fe00:9903";
prefixLength = 0;
}
];
};
};
}
else
{ }
)
//
# Configuration du VLAN san
(
if cfg.san.enable then
{
interfaces."${cfg.san.interface}" = {
ipv4.addresses = [
{
address = "172.16.4.1${toString cfg.id}";
prefixLength = 24;
}
];
ipv6.addresses = [
{
address = "fd00::4:0:ff:fe01:${toString cfg.id}10";
prefixLength = 64;
}
];
};
}
else
{ }
);
}; };
} }

21
modules/crans/packages.nix 100644
View File

@ -0,0 +1,21 @@
{ pkgs, ... }:
{
programs.git.enable = true;
programs.htop.enable = true;
programs.neovim.enable = true;
programs.screen.enable = true;
programs.tmux.enable = true;
programs.vim.enable = true;
environment.systemPackages = with pkgs; [
bat
coreutils-full
fd
helix
inetutils
nfs-utils
ripgrep
shelldap
];
}

52
modules/crans/restic_client.nix
View File

@ -1,6 +1,43 @@
{ config, ... }: { config, lib, ... }:
let
cfg = config.crans.resticClient;
inherit (lib)
mkEnableOption
mkIf
mkOption
types
;
in
{ {
options.crans.resticClient = {
enable = mkEnableOption "Configuration générale pour le client restic.";
additionalPaths = mkOption {
type = types.listOf types.path;
default = [ ];
example = [ "/backup" ];
description = "Chemins à backuper en plus de ceux par défaut.";
};
additionalExcludes = mkOption {
type = types.listOf types.path;
default = [ ];
example = [ "/var/lib/<service>/cache" ];
description = "Chemins à exclure des backups en plus de ceux par défaut.";
};
when = mkOption {
type = types.str;
default = "00:00";
example = "05:42";
description = "À quelle heure faire les backups.";
};
};
config = mkIf cfg.enable {
age.secrets = { age.secrets = {
restic-base-env.file = ../../secrets/restic/client_env.age; restic-base-env.file = ../../secrets/restic/client_env.age;
restic-base-repo.file = ../../secrets/restic/${config.networking.hostName}/base-repo.age; restic-base-repo.file = ../../secrets/restic/${config.networking.hostName}/base-repo.age;
@ -9,10 +46,6 @@
services.restic.backups = { services.restic.backups = {
base = { base = {
exclude = [
"/var/cache"
"/var/lib/lxcfs"
];
initialize = true; initialize = true;
passwordFile = config.age.secrets.restic-base-password.path; passwordFile = config.age.secrets.restic-base-password.path;
repositoryFile = config.age.secrets.restic-base-repo.path; repositoryFile = config.age.secrets.restic-base-repo.path;
@ -20,9 +53,13 @@
paths = [ paths = [
"/etc" "/etc"
"/var" "/var"
]; ] ++ cfg.additionalPaths;
exclude = [
"/var/cache"
"/var/lib/lxcfs"
] ++ cfg.additionalExcludes;
timerConfig = { timerConfig = {
OnCalendar = "00:00"; OnCalendar = cfg.when;
RandomizedDelaySec = "6h"; RandomizedDelaySec = "6h";
}; };
pruneOpts = [ pruneOpts = [
@ -33,4 +70,5 @@
]; ];
}; };
}; };
};
} }

11
modules/crans/ssh.nix 100644
View File

@ -0,0 +1,11 @@
{ ... }:
{
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
};
};
}

45
modules/crans/users.nix
View File

@ -1,11 +1,45 @@
{ config, lib, ... }: { config, lib, ... }:
let
cfg = config.crans.users;
inherit (lib)
mkEnableOption
mkOption
types
;
in
{ {
options.crans.users = {
ldap = {
enable = mkEnableOption "Authentification par le LDAP adm.";
};
root = {
passwordFile = mkOption {
type = types.path;
default = ../../secrets/common/root.age;
example = ../../secrets/apprentix/root.age;
description = "Fichier chiffré par age contenant le mot de passe root.";
};
};
};
config = {
age.secrets.root-passwd-hash = {
file = cfg.root.passwordFile;
};
users = { users = {
mutableUsers = false; mutableUsers = false;
users.root = {
hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
};
ldap = { ldap = {
enable = true; enable = cfg.ldap.enable;
base = "dc=crans,dc=org"; base = "dc=crans,dc=org";
server = "ldaps://ldap-adm.adm.crans.org/"; server = "ldaps://ldap-adm.adm.crans.org/";
daemon = { daemon = {
@ -37,14 +71,5 @@
} }
]; ];
}; };
age.secrets.root-passwd-hash = {
file = lib.mkDefault ../../secrets/common/root.age;
}; };
users.users.root = {
hashedPasswordFile = lib.mkDefault config.age.secrets.root-passwd-hash.path;
};
services.openssh.settings.PermitRootLogin = "yes";
} }

6
modules/crans/virtualisation.nix 100644
View File

@ -0,0 +1,6 @@
{ ... }:
{
services.qemuGuest.enable = true;
boot.kernelParams = [ "console=ttyS0,115200" ];
}

17
modules/default.nix
View File

@ -3,10 +3,25 @@
{ {
imports = [ imports = [
./crans ./crans
./services
]; ];
nix.settings.experimental-features = [ nix = {
settings = {
experimental-features = [
"flakes" "flakes"
"nix-command" "nix-command"
]; ];
auto-optimise-store = true;
};
};
nixpkgs.config = {
allowUnfree = true;
};
boot.tmp = {
useTmpfs = true;
cleanOnBoot = true;
};
} }

5
modules/services/default.nix 100644
View File

@ -0,0 +1,5 @@
{ ... }:
{
}