Skip to main content

Structure de configuration.nix

389 words 2 min
NixOS Linux Configuration

Anatomie de configuration.nix

Le fichier /etc/nixos/configuration.nix est le cœur de NixOS. Il décrit l’état complet du système.

Structure de base

{ config, pkgs, ... }:

{
  imports = [
    ./hardware-configuration.nix
  ];

  # Configuration du système ici

  system.stateVersion = "24.05";
}
  • { config, pkgs, ... } : arguments passés au module (accès aux paquets, à la config)
  • imports : inclusion d’autres fichiers de configuration
  • system.stateVersion : version de NixOS utilisée (ne pas modifier après installation)

Sections courantes

Informations système

{
  networking.hostName = "mon-serveur";

  time.timeZone = "Europe/Zurich";

  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
    LC_TIME = "fr_CH.UTF-8";
    LC_MONETARY = "fr_CH.UTF-8";
  };
}

Configuration réseau

DHCP simple :

{
  networking.useDHCP = true;
}

IP statique :

{
  networking.useDHCP = false;
  networking.interfaces.eth0 = {
    ipv4.addresses = [{
      address = "192.168.1.100";
      prefixLength = 24;
    }];
  };
  networking.defaultGateway = "192.168.1.1";
  networking.nameservers = [ "1.1.1.1" "8.8.8.8" ];
}

Utilisateurs

{
  users.users.admin = {
    isNormalUser = true;
    extraGroups = [ "wheel" "networkmanager" "docker" ];
    initialPassword = "changeme";
    # Ou avec clé SSH :
    # openssh.authorizedKeys.keys = [
    #   "ssh-ed25519 AAAA... user@host"
    # ];
  };

  # Autoriser sudo sans mot de passe pour wheel (optionnel)
  security.sudo.wheelNeedsPassword = false;
}

Paquets système

{
  environment.systemPackages = with pkgs; [
    git
    vim
    htop
    curl
    wget
    tmux
    tree
  ];
}

Services

{
  # SSH
  services.openssh.enable = true;
  services.openssh.settings.PermitRootLogin = "no";
  services.openssh.settings.PasswordAuthentication = false;

  # Docker
  virtualisation.docker.enable = true;

  # Nginx
  services.nginx.enable = true;
  services.nginx.virtualHosts."example.com" = {
    root = "/var/www/example";
  };
}

Firewall

{
  networking.firewall.enable = true;
  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
  networking.firewall.allowedUDPPorts = [ ];
}

Boot

{
  # GRUB pour BIOS
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/sda";

  # Ou systemd-boot pour UEFI
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
}

Exemple complet

{ config, pkgs, ... }:

{
  imports = [
    ./hardware-configuration.nix
  ];

  networking.hostName = "serveur-web";
  time.timeZone = "Europe/Zurich";
  i18n.defaultLocale = "en_US.UTF-8";

  networking.useDHCP = false;
  networking.interfaces.eth0.ipv4.addresses = [{
    address = "192.168.1.100";
    prefixLength = 24;
  }];
  networking.defaultGateway = "192.168.1.1";
  networking.nameservers = [ "1.1.1.1" ];

  users.users.admin = {
    isNormalUser = true;
    extraGroups = [ "wheel" ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAA..."
    ];
  };

  environment.systemPackages = with pkgs; [
    git vim htop curl
  ];

  services.openssh.enable = true;
  services.openssh.settings.PermitRootLogin = "no";

  networking.firewall.enable = true;
  networking.firewall.allowedTCPPorts = [ 22 80 443 ];

  system.stateVersion = "24.05";
}

Rechercher les options disponibles

Toutes les options sont documentées sur : https://search.nixos.org/options

Ou en ligne de commande :

man configuration.nix