From e1d4d4bbce55072ad493ff8ae5e8278cbfe83058 Mon Sep 17 00:00:00 2001
From: Pierre Martin <pierre@front-commerce.com>
Date: Tue, 17 Feb 2026 16:12:07 +0100
Subject: [PATCH] feat: system config updates (caddy, printing, hosts,
 coredump, packages)

Add Caddy reverse proxy for fc.dev, Epson printer support, extraHosts
entries, coredump limits for Antigravity, and new packages (sshpass,
nssTools, brave, audacity, calibre).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 nixos/configuration.nix | 34 ++++++++++++++++++++++++++++++++--
 packages.nix            |  6 +++++-
 2 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/nixos/configuration.nix b/nixos/configuration.nix
index 93bcb8f..ca682d4 100644
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@@ -29,7 +29,9 @@
 
   # Enable networking
   networking.networkmanager.enable = true;
-  networking.extraHosts = "";
+  networking.extraHosts = ''
+    127.0.0.1 fc.dev
+    109.238.11.111 nuage-v1.une-frouzins.fr'';
 
   # Set your time zone.
   time.timeZone = "Europe/Paris";
@@ -68,7 +70,8 @@
   users.users.pierre = {
     isNormalUser = true;
     description = "Pierre";
-    extraGroups = [ "networkmanager" "wheel" "audio" "docker" "video" ];
+    extraGroups =
+      [ "networkmanager" "wheel" "audio" "docker" "video" "lpadmin" ];
     shell = pkgs.zsh;
     packages = with pkgs; [ ];
   };
@@ -109,6 +112,10 @@
     libraries = with pkgs; [ fnm stdenv.cc.cc.lib ];
   };
 
+  # Printing (Epson Stylus SX230 - St Drézéry)
+  services.printing.enable = true;
+  services.printing.drivers = with pkgs; [ epson-escpr ];
+
   # List services that you want to enable:
   services.nscd.enable = true;
   services.tlp.enable = true;
@@ -123,6 +130,29 @@
   services.gvfs.enable =
     true; # to view MTP devices in file manager - https://www.perplexity.ai/search/how-to-browse-files-from-bus-0-QWBoYG1gRLu3uMRqFSzw9A
 
+  # Prevent coredump issues with Antigravity - https://www.perplexity.ai/search/systemd-coredump-high-cpu-on-n-LUnRQViaRuiDn1LR06hU8w#2
+  systemd.coredump = {
+    enable = true;
+    extraConfig = ''
+      Storage=none
+      ProcessSizeMax=50M
+      MaxUse=100M
+    '';
+  };
+
+  # Caddy
+  # Setup (one time): certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n "mkcert" -i ~/.local/share/mkcert/rootCA.pem
+  # Per domain:
+  #   mkcert -cert-file /tmp/fc.dev.pem -key-file /tmp/fc.dev-key.pem fc.dev
+  #   sudo mkdir -p /etc/caddy/certs && sudo cp /tmp/fc.dev.pem /tmp/fc.dev-key.pem /etc/caddy/certs/ && sudo chown -R caddy:caddy /etc/caddy/certs
+  services.caddy = {
+    enable = true;
+    virtualHosts."fc.dev".extraConfig = ''
+      tls /etc/caddy/certs/fc.dev.pem /etc/caddy/certs/fc.dev-key.pem
+      reverse_proxy http://127.0.0.1:4000
+    '';
+  };
+
   # Enable the OpenSSH daemon.
   # services.openssh.enable = true;
 
diff --git a/packages.nix b/packages.nix
index ec5354c..d6d7d32 100644
--- a/packages.nix
+++ b/packages.nix
@@ -80,6 +80,7 @@ in {
     yubikey-manager
     pam_u2f
     polkit_gnome # fun fact: https://gitlab.gnome.org/GNOME/gdm/-/issues/613
+    sshpass
 
     arandr
     feh
@@ -152,6 +153,7 @@ in {
     # uv
     # conda
     mkcert
+    nssTools # certutil for mkcert CA installation in browsers
     goaccess
     grafana-loki # logcli
 
@@ -168,10 +170,12 @@ in {
     libnotify # notifications
 
     # Perso
+    brave
     nextcloud-client
     rclone
+    audacity
     freeplane
-    # calibre
+    calibre
     gparted
     ticktick
     agate