81 lines
1.8 KiB
Nix
81 lines
1.8 KiB
Nix
# KAWA Physical - Configuration pour machine physique CPU
|
|
# Usage: imports = [ ./modules/kawa-physical.nix ];
|
|
|
|
{ pkgs, ... }:
|
|
|
|
{
|
|
# Hostname FIXE (pas de lecture /sys - mode pur)
|
|
networking.hostName = "kawa-honor-v4";
|
|
|
|
# === TAILSCALE - Installation de base ===
|
|
services.tailscale = {
|
|
enable = true;
|
|
package = pkgs.tailscale;
|
|
};
|
|
|
|
# Service systemd pour connexion au mesh APRÈS le boot
|
|
systemd.services.kawa-mesh-connect = {
|
|
description = "KAWA Mesh Auto-Connect";
|
|
after = [ "network-online.target" "tailscaled.service" ];
|
|
wants = [ "network-online.target" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
RemainAfterExit = true;
|
|
ExecStart = "${pkgs.tailscale}/bin/tailscale up --login-server=https://headscale.du-senegal.com --authkey=<HEADSCALE_AUTHKEY> --force-reauth";
|
|
};
|
|
};
|
|
|
|
# OLLAMA CPU UNIQUEMENT
|
|
services.ollama = {
|
|
enable = true;
|
|
acceleration = null;
|
|
host = "0.0.0.0";
|
|
port = 11434;
|
|
};
|
|
|
|
# SSH
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = "yes";
|
|
PasswordAuthentication = true;
|
|
};
|
|
};
|
|
|
|
# NATS
|
|
services.nats = {
|
|
enable = true;
|
|
settings = {
|
|
port = 4222;
|
|
http_port = 8222;
|
|
};
|
|
};
|
|
|
|
# Syncthing
|
|
services.syncthing = {
|
|
enable = true;
|
|
user = "kawa";
|
|
group = "kawa";
|
|
};
|
|
|
|
# Utilisateur
|
|
users.users.kawa = {
|
|
isNormalUser = true;
|
|
extraGroups = [ "wheel" "networkmanager" "tailscale" ];
|
|
initialPassword = "kawa2026";
|
|
};
|
|
|
|
# Firewall
|
|
networking.firewall = {
|
|
allowedTCPPorts = [ 22 11434 4222 22000 ];
|
|
allowedUDPPorts = [ 41641 22000 ];
|
|
trustedInterfaces = [ "tailscale0" ];
|
|
};
|
|
|
|
# Packages
|
|
environment.systemPackages = with pkgs; [
|
|
git vim tailscale ollama nats-cli curl wget htop
|
|
];
|
|
}
|