Add nixos/ directory with corrected modules

- kawa.nix: main module with fixed NATS options - default.nix: default configuration - kawa-base.nix: base module with NATS settings - Hostname fixed (no /sys read) - NATS: settings.http_port instead of httpPort
2026-03-14 22:35:05 +00:00
parent 5ca9b06420
commit e4c41daf6e
3 changed files with 73 additions and 82 deletions
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -1,18 +1,16 @@
 # KAWA OS - Configuration par défaut
-# Usage: import dans configuration.nix
+# Usage: imports = [ ./nixos ];
 { config, lib, pkgs, ... }:
 {
-  imports = [
+  imports = [ ./kawa.nix ];
    ./kawa.nix
  ];
  services.kawa = {
    enable = true;
    hostname = "kawa-node"; # Fixe, pas de lecture /sys
    autoConnect = true;
-    enableNats = true;
+    enableOllama = false;
    enableSyncthing = true;
    enableOllama = false; # Activer si GPU disponible
  };
 }
--- a/nixos/kawa-base.nix
+++ b/nixos/kawa-base.nix
@@ -0,0 +1,17 @@
 # KAWA Base - Module de base pour tous les nœuds
 # Options NATS corrigées pour Nixpkgs récent
 { config, lib, pkgs, ... }:
 {
  imports = [ ./kawa.nix ];
  # Configuration NATS corrigée
  services.nats = {
    enable = true;
    settings = {
      http_port = 8222;
      port = 4222;
    };
  };
 }
--- a/nixos/kawa.nix
+++ b/nixos/kawa.nix
@@ -1,4 +1,4 @@
-# KAWA OS - Module NixOS
+# KAWA OS - Module NixOS principal
 # Configuration automatique pour rejoindre le mesh KAWA
 { config, lib, pkgs, ... }:
@@ -14,8 +14,8 @@ in
    hostname = mkOption {
      type = types.str;
-      default = "";
+      default = "kawa-node";
-      description = "Hostname personnalisé pour le nœud KAWA";
+      description = "Hostname du nœud KAWA (fixe, pas dynamique)";
    };
    headscaleUrl = mkOption {
@@ -24,59 +24,60 @@ in
      description = "URL du serveur Headscale";
    };
    headscaleFallback = mkOption {
      type = types.str;
      default = "http://141.94.23.212";
      description = "URL de fallback du serveur Headscale";
    };
    authKey = mkOption {
      type = types.str;
      default = "f43f36ef159b3df799eb316b81bdac1b415c7cc2add174d0";
      description = "Clé d'authentification Headscale";
    };
-    autoConnect = mkOption {
+    natsServer = mkOption {
-      type = types.bool;
+      type = types.str;
-      default = true;
+      default = "100.64.0.1:4222";
-      description = "Connexion automatique au mesh au démarrage";
+      description = "Serveur NATS";
    };
    # Services KAWA
    enableNats = mkOption {
      type = types.bool;
      default = true;
      description = "Activer le client NATS";
    };
    enableSyncthing = mkOption {
      type = types.bool;
      default = true;
      description = "Activer Syncthing pour la synchronisation";
    };
    enableOllama = mkOption {
      type = types.bool;
      default = false;
-      description = "Activer Ollama pour l'inférence locale";
+      description = "Activer Ollama";
    };
    enableSyncthing = mkOption {
      type = types.bool;
      default = true;
      description = "Activer Syncthing";
    };
  };
  config = mkIf cfg.enable {
-    # Tailscale configuration
+    # Hostname fixe (pas de lecture /sys)
    networking.hostName = cfg.hostname;
    # Tailscale
    services.tailscale = {
      enable = true;
      extraUpFlags = [
        "--login-server=${cfg.headscaleUrl}"
        "--authkey=${cfg.authKey}"
-        "--hostname=${if cfg.hostname != "" then cfg.hostname else "kawa-${config.networking.hostName}"}"
+        "--force-reauth"
      ];
    };
-    # NATS client
+    # NATS (options corrigées pour Nixpkgs récent)
-    services.nats = mkIf cfg.enableNats {
+    services.nats = {
      enable = true;
-      server = "100.64.0.1:4222";
+      settings = {
        port = 4222;
        http_port = 8222;
      };
    };
    # Ollama (optionnel)
    services.ollama = mkIf cfg.enableOllama {
      enable = true;
      acceleration = null; # CPU uniquement
      host = "0.0.0.0";
      port = 11434;
    };
    # Syncthing
@@ -84,65 +85,40 @@ in
      enable = true;
      user = "kawa";
      group = "kawa";
      config = {
        folders = {
          "kawa-memory" = {
            path = "/home/kawa/.local/share/kawa/memory";
            devices = [ "vps-7ed4abb0" ];
          };
          "kawa-workspace" = {
            path = "/home/kawa/.local/share/kawa/workspace";
            devices = [ "vps-7ed4abb0" ];
          };
          "kawa-forge" = {
            path = "/home/kawa/.local/share/kawa/forge";
            devices = [ "vps-7ed4abb0" ];
          };
    };
    # SSH
    services.openssh = {
      enable = true;
      settings = {
        PermitRootLogin = "yes";
        PasswordAuthentication = true;
      };
    };
-    # Ollama (optionnel)
+    # Firewall
-    services.ollama = mkIf cfg.enableOllama {
+    networking.firewall = {
-      enable = true;
+      allowedTCPPorts = [ 22 4222 22000 11434 ];
-      acceleration = false; # À activer si GPU disponible
+      allowedUDPPorts = [ 41641 22000 ];
      trustedInterfaces = [ "tailscale0" ];
    };
    # Utilisateur KAWA
    users.users.kawa = {
      isNormalUser = true;
      description = "KAWA Node User";
      extraGroups = [ "wheel" "networkmanager" "tailscale" ];
      initialPassword = "kawa2026";
    };
-    # Firewall
+    # Packages
    networking.firewall = {
      allowedTCPPorts = [ 22 4222 22000 ];
      allowedUDPPorts = [ 41641 22000 ];
      trustedInterfaces = [ "tailscale0" ];
    };
    # Environment packages
    environment.systemPackages = with pkgs; [
      tailscale
      natscli
      syncthing
      git
      vim
      tailscale
      nats-cli
      curl
      wget
      htop
    ];
    # Systemd service pour la connexion automatique
    systemd.services.kawa-connect = mkIf cfg.autoConnect {
      description = "KAWA Mesh Auto-Connect";
      after = [ "network-online.target" "tailscale.service" ];
      wants = [ "network-online.target" ];
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        Type = "oneshot";
        ExecStart = "${pkgs.tailscale}/bin/tailscale up --login-server=${cfg.headscaleUrl} --authkey=${cfg.authKey} --force-reauth";
        RemainAfterExit = true;
      };
    };
  };
 }