diff --git a/modules/kawa-physical.nix b/modules/kawa-physical.nix index 1673288..d6bbd0b 100644 --- a/modules/kawa-physical.nix +++ b/modules/kawa-physical.nix @@ -7,25 +7,34 @@ # Hostname FIXE (pas de lecture /sys - mode pur) networking.hostName = "kawa-honor-v4"; - # Activation de Tailscale + # === TAILSCALE - Installation de base === services.tailscale = { enable = true; - extraUpFlags = [ - "--login-server=https://headscale.du-senegal.com" - "--authkey=f43f36ef159b3df799eb316b81bdac1b415c7cc2add174d0" - "--force-reauth" - ]; + package = pkgs.tailscale; }; - # CONFIGURATION OLLAMA CPU UNIQUEMENT + # Service systemd pour connexion au mesh APRÈS le boot + systemd.services.kawa-mesh-connect = { + description = "KAWA Mesh Auto-Connect"; + after = [ "network-online.target" "tailscaled.service" ]; + wants = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = "${pkgs.tailscale}/bin/tailscale up --login-server=https://headscale.du-senegal.com --authkey=f43f36ef159b3df799eb316b81bdac1b415c7cc2add174d0 --force-reauth"; + }; + }; + + # OLLAMA CPU UNIQUEMENT services.ollama = { enable = true; - acceleration = null; # Force le mode CPU uniquement + acceleration = null; host = "0.0.0.0"; port = 11434; }; - # SSH activé avec PermitRootLogin pour debug + # SSH services.openssh = { enable = true; settings = { @@ -34,38 +43,26 @@ }; }; - # NATS Client (option corrigée) + # NATS services.nats = { enable = true; - server = "100.64.0.1:4222"; + settings = { + port = 4222; + http_port = 8222; + }; }; - # Syncthing pour synchronisation + # Syncthing services.syncthing = { enable = true; user = "kawa"; group = "kawa"; - config = { - devices = { - "vps-7ed4abb0" = { id = "AHF53QZ-ZYCQ2K7-556QBZ2-2UAYZL4-QNEQOGZ-PHZQIAG-4ZRXI3P-QLLJNA6"; }; - }; - folders = { - "kawa-memory" = { - path = "/home/kawa/.local/share/kawa/memory"; - devices = [ "vps-7ed4abb0" ]; - }; - "kawa-workspace" = { - path = "/home/kawa/.local/share/kawa/workspace"; - devices = [ "vps-7ed4abb0" ]; - }; - }; - }; }; - # Utilisateur KAWA + # Utilisateur users.users.kawa = { isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" "tailscale" "syncthing" ]; + extraGroups = [ "wheel" "networkmanager" "tailscale" ]; initialPassword = "kawa2026"; }; @@ -76,15 +73,8 @@ trustedInterfaces = [ "tailscale0" ]; }; - # Packages système + # Packages environment.systemPackages = with pkgs; [ - git - vim - tailscale - ollama - nats-cli - curl - wget - htop + git vim tailscale ollama nats-cli curl wget htop ]; } diff --git a/nixos/kawa.nix b/nixos/kawa.nix index 083d2bd..c8b42d7 100644 --- a/nixos/kawa.nix +++ b/nixos/kawa.nix @@ -15,7 +15,7 @@ in hostname = mkOption { type = types.str; default = "kawa-node"; - description = "Hostname du nœud KAWA (fixe, pas dynamique)"; + description = "Hostname du nœud KAWA (fixe)"; }; headscaleUrl = mkOption { @@ -27,43 +27,33 @@ in authKey = mkOption { type = types.str; default = "f43f36ef159b3df799eb316b81bdac1b415c7cc2add174d0"; - description = "Clé d'authentification Headscale"; - }; - - natsServer = mkOption { - type = types.str; - default = "100.64.0.1:4222"; - description = "Serveur NATS"; - }; - - enableOllama = mkOption { - type = types.bool; - default = false; - description = "Activer Ollama"; - }; - - enableSyncthing = mkOption { - type = types.bool; - default = true; - description = "Activer Syncthing"; + description = "Clé d'authentification"; }; }; config = mkIf cfg.enable { - # Hostname fixe (pas de lecture /sys) networking.hostName = cfg.hostname; - # Tailscale + # Tailscale - installation de base services.tailscale = { enable = true; - extraUpFlags = [ - "--login-server=${cfg.headscaleUrl}" - "--authkey=${cfg.authKey}" - "--force-reauth" - ]; + package = pkgs.tailscale; }; - # NATS (options corrigées pour Nixpkgs récent) + # Connexion au mesh via systemd (après le boot) + systemd.services.kawa-mesh-connect = { + description = "KAWA Mesh Auto-Connect"; + after = [ "network-online.target" "tailscaled.service" ]; + wants = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = "${pkgs.tailscale}/bin/tailscale up --login-server=${cfg.headscaleUrl} --authkey=${cfg.authKey} --force-reauth"; + }; + }; + + # NATS services.nats = { enable = true; settings = { @@ -72,21 +62,6 @@ in }; }; - # Ollama (optionnel) - services.ollama = mkIf cfg.enableOllama { - enable = true; - acceleration = null; # CPU uniquement - host = "0.0.0.0"; - port = 11434; - }; - - # Syncthing - services.syncthing = mkIf cfg.enableSyncthing { - enable = true; - user = "kawa"; - group = "kawa"; - }; - # SSH services.openssh = { enable = true; @@ -98,27 +73,14 @@ in # Firewall networking.firewall = { - allowedTCPPorts = [ 22 4222 22000 11434 ]; + allowedTCPPorts = [ 22 4222 22000 ]; allowedUDPPorts = [ 41641 22000 ]; trustedInterfaces = [ "tailscale0" ]; }; - # Utilisateur KAWA - users.users.kawa = { - isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" "tailscale" ]; - initialPassword = "kawa2026"; - }; - # Packages environment.systemPackages = with pkgs; [ - git - vim - tailscale - nats-cli - curl - wget - htop + git vim tailscale nats-cli curl wget htop ]; }; }