kawa_bot/kawa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e4c41daf6e0698245d5951ea3cd91d3631e995c4
kawa/nixos/kawa.nix
Debian e4c41daf6e Add nixos/ directory with corrected modules 
- kawa.nix: main module with fixed NATS options
- default.nix: default configuration
- kawa-base.nix: base module with NATS settings
- Hostname fixed (no /sys read)
- NATS: settings.http_port instead of httpPort
2026-03-14 22:35:05 +00:00

125 lines
2.6 KiB
Nix
Raw Blame History

# KAWA OS - Module NixOS principal
# Configuration automatique pour rejoindre le mesh KAWA
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.kawa;
in
{
options.services.kawa = {
enable = mkEnableOption "KAWA mesh network";
hostname = mkOption {
type = types.str;
default = "kawa-node";
description = "Hostname du nœud KAWA (fixe, pas dynamique)";
};
headscaleUrl = mkOption {
type = types.str;
default = "https://headscale.du-senegal.com";
description = "URL du serveur Headscale";
};
authKey = mkOption {
type = types.str;
default = "f43f36ef159b3df799eb316b81bdac1b415c7cc2add174d0";
description = "Clé d'authentification Headscale";
};
natsServer = mkOption {
type = types.str;
default = "100.64.0.1:4222";
description = "Serveur NATS";
};
enableOllama = mkOption {
type = types.bool;
default = false;
description = "Activer Ollama";
};
enableSyncthing = mkOption {
type = types.bool;
default = true;
description = "Activer Syncthing";
};
};
config = mkIf cfg.enable {
# Hostname fixe (pas de lecture /sys)
networking.hostName = cfg.hostname;
# Tailscale
services.tailscale = {
enable = true;
extraUpFlags = [
"--login-server=${cfg.headscaleUrl}"
"--authkey=${cfg.authKey}"
"--force-reauth"
];
};
# NATS (options corrigées pour Nixpkgs récent)
services.nats = {
enable = true;
settings = {
port = 4222;
http_port = 8222;
};
};
# Ollama (optionnel)
services.ollama = mkIf cfg.enableOllama {
enable = true;
acceleration = null; # CPU uniquement
host = "0.0.0.0";
port = 11434;
};
# Syncthing
services.syncthing = mkIf cfg.enableSyncthing {
enable = true;
user = "kawa";
group = "kawa";
};
# SSH
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
PasswordAuthentication = true;
};
};
# Firewall
networking.firewall = {
allowedTCPPorts = [ 22 4222 22000 11434 ];
allowedUDPPorts = [ 41641 22000 ];
trustedInterfaces = [ "tailscale0" ];
};
# Utilisateur KAWA
users.users.kawa = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "tailscale" ];
initialPassword = "kawa2026";
};
# Packages
environment.systemPackages = with pkgs; [
git
vim
tailscale
nats-cli
curl
wget
htop
];
};
}
Reference in New Issue View Git Blame Copy Permalink