Lots of changes to the directories organisation, more work needed.

2026-05-15 10:02:29 +02:00
parent 73adb395c0
commit 24f62ec057
63 changed files with 1193 additions and 1412 deletions
@@ -1,11 +0,0 @@
-{ config, ... }:
-
-{
-  boot.initrd.systemd.enable = true;
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  boot.kernel.sysctl = {
-    "vm.overcommit_memory" = 1;
-  };
-}
@@ -1,12 +0,0 @@
-{ ... }:
-
-{
-  imports = [
-    # Tested
-    ./boot.nix
-    ./cpu.nix
-    # To test
-    ./pcie-coral.nix
-    ./disks/default.nix
-  ];
-}
@@ -1,111 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-  cfg = config.numbus-server.hardware.pcie-coral;
-
-  gasket-driver = { stdenv, lib, fetchFromGitHub, kernel }: stdenv.mkDerivation rec {
-    pname = "gasket";
-    version = "1.0-18";
-
-    src = fetchFromGitHub {
-      owner = "google";
-      repo = "gasket-driver";
-      rev = "97aeba584efd18983850c36dcf7384b0185284b3";
-      sha256 = "pJwrrI7jVKFts4+bl2xmPIAD01VKFta2SRuElerQnTo=";
-    };
-
-    makeFlags = [
-      "-C"
-      "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
-      "M=$(PWD)"
-    ];
-    buildFlags = [ "modules" ];
-
-    installFlags = [ "INSTALL_MOD_PATH=${placeholder "out"}" ];
-    installTargets = [ "modules_install" ];
-
-    sourceRoot = "source/src";
-    hardeningDisable = [ "pic" "format" ];
-    nativeBuildInputs = kernel.moduleBuildDependencies;
-
-    meta = with lib; {
-      description = "The Coral Gasket Driver allows usage of the Coral EdgeTPU on Linux systems.";
-      homepage = "https://github.com/google/gasket-driver";
-      license = licenses.gpl2;
-      maintainers = [ maintainers.kylehendricks ];
-      platforms = platforms.linux;
-    };
-  };
-
-  libedgetpu-pkg = { stdenv, lib, fetchFromGitHub, libusb1, abseil-cpp, flatbuffers, xxd }:
-    let
-      flatbuffers_1_12 = flatbuffers.overrideAttrs (oldAttrs: rec {
-        version = "1.12.0";
-        NIX_CFLAGS_COMPILE = "-Wno-error=class-memaccess -Wno-error=maybe-uninitialized";
-        cmakeFlags = (oldAttrs.cmakeFlags or []) ++ ["-DFLATBUFFERS_BUILD_SHAREDLIB=ON"];
-        NIX_CXXSTDLIB_COMPILE = "-std=c++17";
-        configureFlags = (oldAttrs.configureFlags or []) ++ ["--enable-shared"];
-        src = fetchFromGitHub {
-          owner = "google";
-          repo = "flatbuffers";
-          rev = "v${version}";
-          sha256 = "sha256-L1B5Y/c897Jg9fGwT2J3+vaXsZ+lfXnskp8Gto1p/Tg=";
-        };
-      });
-
-    in stdenv.mkDerivation rec {
-      pname = "libedgetpu";
-      version = "grouper";
-
-      src = fetchFromGitHub {
-        owner = "google-coral";
-        repo = pname;
-        rev = "release-${version}";
-        sha256 = "sha256-73hwItimf88Iqnb40lk4ul/PzmCNIfdt6Afi+xjNiBE=";
-      };
-
-      makeFlags = ["-f" "makefile_build/Makefile" "libedgetpu" ];
-
-      buildInputs = [
-        libusb1
-        abseil-cpp
-        flatbuffers_1_12
-      ];
-
-      nativeBuildInputs = [
-        xxd
-      ];
-
-      NIX_CXXSTDLIB_COMPILE = "-std=c++17";
-
-      TFROOT = "${fetchFromGitHub {
-        owner = "tensorflow";
-        repo = "tensorflow";
-        rev = "v2.7.4";
-        sha256 = "sha256-liDbUAdaVllB0b74aBeqNxkYNu/zPy7k3CevzRF5dk0=";
-      }}";
-
-      enableParallelBuilding = false;
-
-      installPhase = ''
-        mkdir -p $out/lib
-        cp out/direct/k8/libedgetpu.so.1.0 $out/lib
-        ln -s $out/lib/libedgetpu.so.1.0 $out/lib/libedgetpu.so.1
-        mkdir -p $out/lib/udev/rules.d
-        cp debian/edgetpu-accelerator.rules $out/lib/udev/rules.d/99-edgetpu-accelerator.rules
-      '';
-    };
-
-  gasket = config.boot.kernelPackages.callPackage gasket-driver {};
-  libedgetpu = pkgs.callPackage libedgetpu-pkg {};
-in
-
-{
-  options.numbus-server.hardware.pcie-coral = lib.mkEnableOption "PCIe Coral TPU support";
-
-  config = lib.mkIf cfg.enable {
-    services.udev.packages = [ libedgetpu ];
-    users.groups.plugdev = {};
-    boot.extraModulePackages = [ gasket ];
-  };
-}
@@ -1,89 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.numbus-server.services.clamav;
-  clamav_notifier = pkgs.writeScript "clamav-notify.sh" ''
-    #!${pkgs.bash}/bin/bash
-
-    # Check if triggered by Real-time event (file exists)
-    if [ -f /var/lib/clamav/virus_event.env ]; then
-      source /var/lib/clamav/virus_event.env
-      rm /var/lib/clamav/virus_event.env
-    fi
-
-    ADMIN_EMAIL="${config.numbus-server.mail.adminAddress}"
-    USER_EMAIL="${config.numbus-server.mail.userAddress}"
-    OWNER_NAME="${config.numbus-server.owner}"
-
-    if [ -n "$CLAM_VIRUSEVENT_VIRUSNAME" ]; then
-      # --- Real-time / VirusEvent Mode ---
-      SUBJECT="Numbus Server Alert: Virus Detected (Real-time)"
-      
-      # Retrieve logs from clamav-daemon
-      LOGS=$(journalctl -u clamav-daemon.service -n 50 --no-pager | grep "FOUND")
-
-      TECH_BODY="
-      ClamAV Real-time Alert:
-      Server owner: $OWNER_NAME
-      
-      Virus detected: $CLAM_VIRUSEVENT_VIRUSNAME
-      File: $CLAM_VIRUSEVENT_FILENAME
-      
-      Logs:
-      $LOGS
-      
-      Action taken: Access blocked (OnAccessPrevention).
-      Please investigate manually.
-      "
-      
-      FRIENDLY_BODY="Cher/Chère $OWNER_NAME,
-
-      L'antivirus de votre serveur a détecté et bloqué une menace en temps réel.
-      Fichier : $CLAM_VIRUSEVENT_FILENAME
-      
-      Votre administrateur a été notifié.
-      "
-    else
-      # --- Scheduled Scan Summary Mode ---
-      SUBJECT="Numbus Server Alert: Virus Detected during Scheduled Scan"
-      
-      # Retrieve logs (clamdscan prints FOUND when a virus is detected)
-      LOGS=$(journalctl -u clamav-periodic-scan.service -n 100 --no-pager | grep "FOUND")
-      
-      TECH_BODY="
-      ClamAV Scan Alert:
-      Server owner: $OWNER_NAME
-
-      Viruses detected:
-      $LOGS
-
-      Action taken: Detection only.
-      Please investigate manually.
-      "
-      
-      FRIENDLY_BODY="Cher/Chère $OWNER_NAME,
-
-      L'antivirus de votre serveur a détecté une menace potentielle lors de l'analyse périodique.
-      Votre administrateur a été notifié avec les détails techniques.
-      Nous vous conseillons d'être prudent avec vos fichiers récents.
-      "
-    fi
-
-    printf "Subject: [ADMIN] %s\n\n%s" "$SUBJECT" "$TECH_BODY" | /run/wrappers/bin/sendmail -t "$ADMIN_EMAIL"
-    printf "Subject: [Alerte] Menace détectée sur votre serveur Numbus\n\n%s\n\nMerci de votre confiance,\nL'équipe de support,\nNumbus-Server." "$FRIENDLY_BODY" | /run/wrappers/bin/sendmail -t "$USER_EMAIL"
-  '';
-in
-
-{ 
-  config = mkIf cfg.enable {
-    systemd.services.clamav-virus-notify = {
-      description = "Email notification for ClamAV virus detection";
-      serviceConfig = {
-        Type = "oneshot";
-        ExecStart = "${clamav_notifier}";
-      };
-    };
-  };
-}
@@ -1,12 +0,0 @@
-{ ... }:
-
-{
-  imports = [
-    # To test
-    ./clamav.nix
-    ./smart.nix
-    ./systemd.nix
-    ./smtp.nix
-    ./disk-space.nix
-  ];
-}
@@ -1,55 +0,0 @@
-{ config, pkgs, ... }:
-
-let
-  systemd_notifier = pkgs.writeScript "systemd-email-notify.sh" ''
-    #!${pkgs.bash}/bin/bash
-    
-    # The failing service name is passed as the first argument
-    UNIT=$1
-    
-    # 1. Send Technical Email to Admin
-    ADMIN_EMAIL="${config.numbus-server.mail.adminAddress}"
-    SUBJECT="Numbus Server Alert: Service $UNIT Failed"
-    
-    # Retrieve recent logs for context
-    LOGS=$(journalctl -u "$UNIT" -n 20 --no-pager)
-    
-    TECH_BODY="
-    Systemd Service Failure Alert:
-    Server owner: ${config.numbus-server.owner}
-    Service: $UNIT
-    
-    Recent Logs:
-    $LOGS
-    "
-    printf "Subject: [ADMIN] $SUBJECT\n\n$TECH_BODY" | /run/wrappers/bin/sendmail -t "$ADMIN_EMAIL"
-
-    # 2. Send Friendly Email to Owner
-    USER_EMAIL="${config.numbus-server.mail.userAddress}"
-    OWNER_NAME="${config.numbus-server.owner}"
-    
-    FRIENDLY_BODY="Cher/Chère $OWNER_NAME,
-
-    Votre serveur a détecté une défaillance du service $UNIT.
-    Le système a tenté de gérer l'erreur, mais une intervention peut être nécessaire.
-
-    Votre administrateur a été notifié de cet incident avec les détails techniques nécessaires.
-    Il interviendra si une action manuelle est requise.
-
-    Merci de votre confiance,
-    L'équipe de support,
-    Numbus-Server."
-    
-    printf "Subject: [Alerte] Erreur sur votre serveur Numbus\n\n$FRIENDLY_BODY" | /run/wrappers/bin/sendmail -t "$USER_EMAIL"
-  '';
-in
-{
-  systemd.services."service-failure-notify@" = {
-    description = "Email notification for failed service %i";
-    onFailure = [ ];
-    serviceConfig = {
-      Type = "oneshot";
-      ExecStart = "${systemd_notifier} %i";
-    };
-  };
-}
@@ -44,16 +44,16 @@ in
    # Allow rootless containers to bind to port 53 and up
    boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 53;

-    networking.bridges.br0.interfaces = [ "${cfg.interface}" ];
+    networking.bridges.br0.interfaces = [ cfg.interface ];
    networking.interfaces."${cfg.interface}".useDHCP = false;
    networking.interfaces.br0.useDHCP = false;
    networking.nameservers = cfg.dnsServers;
    networking.interfaces.br0.ipv4.addresses = [{
-      address = "${cfg.ipAddress}";
+      address = cfg.ipAddress;
      prefixLength = 24;
    }];
    networking.defaultGateway = {
-      address = "${cfg.routerIpAddress}";
+      address = cfg.routerIpAddress;
      interface = "br0";
    };
  };
@@ -4,22 +4,29 @@
  nixpkgs.config.allowUnfree = true;

  environment.systemPackages = with pkgs; [
-    git
-    ncdu
-    fastfetch
-    tpm2-tss
-    sops
+    # Secrets
    age
-    powertop
-    pciutils
+    sops
+    # HDD tools
    hdparm
    hd-idle
    hddtemp
    smartmontools
+    ncdu
+    # CPU tools
    cpufrequtils
    intel-gpu-tools
+    # Filesystem tools
    snapraid
    mergerfs
    mergerfs-tools
+    # Powersave tools
+    powertop
+    # PCI devices tools
+    pciutils
+    tpm2-tss
+    # Misc
+    git
+    fastfetch
  ];
 }
@@ -5,7 +5,5 @@
    # To test
    ./packages.nix
    ./podman.nix
-    ./ssh.nix
-    ./terminal.nix
  ];
 }